Chapter 2: Understanding and Avoiding Security Risks
Identifying the Sources of Risk
Minimizing User-Input Risks
Not Revealing Sensitive Information
Summary
Chapter 3: PHP Best Practices
Best Practices for Naming Variables and Functions
Best Practices for Function/Method
Best Practices for Database
Best Practices for User Interface
Best Practices for Documentation
Best Practices for Web Security
Best Practices for Source Configuration Management
Summary
Part II
Chapter 4: Architecture of an Intranet Application
Understanding Intranet Requirements
Building an Intranet Application Framework
Creating a Database Abstraction Class
Creating an Error Handler Class
Creating a Built-In Debugger Class
Creating an Abstract Application Class
Creating a Sample Application
Summary
Chapter 5: Central Authentication System
How the System Works
Creating an Authentication Class
Creating the Central Login Application
Creating the Central Logout Application
Creating the Central Authentication Database
Testing Central Login and Logout
Making Persistent Logins in Web Server Farms
Summary
Chapter 6: Central User Management System
Identifying the Functionality Requirements
Creating a User Class
User Interface Templates
Creating a User Administration Application
Creating a User Password Application
Creating a Forgotten-Password Recovery Application
Summary
Chapter 7: Intranet System
Identifying Functionality Requirements
Designing the Database
Designing and Implementing the Intranet Classes
Setting Up Application Configuration Files
Setting Up the Application Templates
Intranet Home Application
Installing Intranet Applications from the CD- ROM
Testing the Intranet Home Application
Summary
Chapter 8: Intranet Simple Document Publisher
Identifying the Functionality Requirements
The Prerequisites
Designing the Database
The Intranet Document Application Classes
Setting up Application Configuration Files
Setting Up the Application Templates
The Document Publisher Application
Installing Intranet Document Application
Testing Intranet Document Application
Summary
Chapter 9: Intranet Contact Manager
Functionality Requirements
Understanding Prerequisites
The Database
The Intranet Contact Manager Application Classes
The Application Configuration Files
The Application Templates
The Contact Category Manager Application
The Contact Manager Application
Installing Intranet Contract Manager
Testing Contract Manager
Summary
Chapter 10: Intranet Calendar Manager
Identifying Functionality Requirements
Understanding Prerequisites
Designing the Database
The Intranet Calendar Application Event Class
The Application Configuration Files
The Application Templates
The Calendar Manager Application
The Calendar Event Manager Application
Installing the Event Calendar on Your Intranet
Testing the Event Calendar
Summary
Chapter 11: Internet Resource Manager
Functionality Requirements
Understanding the Prerequisites
Designing the Database
Designing and Implementing the Internet Resource Manager Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating a Category Manager Application
Creating a Resource Manager Application
Creating a Resource Tracking Application
Creating a Search Manager Application
Installing an IRM on Your Intranet
Testing IRM
Security Concerns
Summary
Chapter 12: Online Help System
Functionality Requirements
Understanding the Prerequisites
Designing and Implementing the Help Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating the Help Indexing Application
Creating the Help Application
Installing Help Applications
Testing the Help System
Security Considerations
Summary
Part III
Chapter 13: Tell-a-Friend System
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Tell- a- Friend Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating the Tell-a-Friend Main Menu Manager Application
Creating a Tell-a-Friend Form Manager Application
Creating a Tell-a-Friend Message Manager Application
Creating a Tell-a-Friend Form Processor Application
Creating a Tell-a-Friend Subscriber Application
Creating a Tell-a-Friend Reporter Application
Installing a Tell-a-Friend System
Testing the Tell-a-Friend System
Security Considerations
Summary
Chapter 14: E-mail Survey System
Functionality Requirements
Architecture of the Survey System
Designing the Database
Designing and Implementing the Survey Classes
Designing and Implementing the Survey Applications
Developing Survey Execution Manager
Setting Up the Central Survey Configuration File
Setting Up the Interface Template Files
Testing the Survey System
Security Considerations
Summary
Chapter 15: E-campaign System
Features of an E-campaign System
Architecting an E-campaign System
Designing an E-campaign Database
Understanding Customer Database Requirements
Designing E-campaign Classes
Creating Common Configuration and Resource Files
Creating Interface Template Files
Creating an E-campaign User Interface Application
Creating a List Manager Application
Creating a URL Manager Application
Creating a Message Manager Application
Creating a Campaign Manager Application
Creating a Campaign Execution Application
Creating a URL Tracking and Redirection Application
Creating an Unsubscription Tracking Application
Creating a Campaign Reporting Application
Testing the E-Campaign System
Security Considerations
Summary
Part IV
Chapter 16: Command-Line PHP Utilities
Working with the Command-Line Interpreter
Building a Simple Reminder Tool
Building a Geo Location Finder Tool for IP
Building a Hard Disk Usage Monitoring Utility
Building a CPU Load Monitoring Utility
Summary
Chapter 17: Apache Virtual Host Maker
Understanding an Apache Virtual Host
Defining Configuration Tasks
Creating a Configuration Script
Developing makesite
Installing makesite on Your System
Testing makesite
Summary
Chapter 18: BIND Domain Manager
Features of makezone
Creating the Configuration File
Understanding makezone
Installing makezone
Testing makezone
Summary
Part V
Chapter 19: Web Forms Manager
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Web Forms Manager Application Classes
Creating the Application Configuration Files
Creating Application Templates
Creating the Web Forms Submission Manager Application
Creating the Web Forms Reporter Application
Creating the CSV Data Exporter Application
Installing the Web Forms Manager
Testing the Web Forms Manager
Security Considerations
Summary
Chapter 20: Web Site Tools
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Voting Tool Application Class
Creating the Application Configuration Files
Creating the Application Templates
Creating the Vote Application
Installing the Voting Tool
Testing the Voting Tool
Summary
Part VI
Chapter 21: Speeding Up PHP Applications
Benchmarking Your PHP Application
Buffering Your PHP Application Output
Compressing Your PHP Application Output
Caching Your PHP Applications
Summary
Chapter 22: Securing PHP Applications
Controlling Access to Your PHP Applications
Securely Uploading Files
Using Safe Database Access
Recommended php.ini Settings for a Production Environment
Limiting File System Access for PHP Scripts
Running PHP Applications in Safe Mode
Summary
Part VII
Appendix A: What's on the CD-ROM
System Requirements
What's on the CD
Troubleshooting
Appendix B: PHP Primer
Object-Oriented PHP
Appendix C: MySQL Primer
Using MySQL from the Command- Line
Using phpMyAdmin to Manage MySQL Database
Appendix D: Linux Primer
Installing and Configuring Apache 2.0
Installing and Configuring MySQL Server
Installing and Configuring PHP for Apache 2.0
Common File/Directory Commands
Index
Wiley Publishing, Inc. End-User License Agreement
Nội dung
Creating the Tell-a-Friend Main Menu Manager Application This application, taf_mngr.php, is responsible for managing the main menu of the system. This application is included on the CD-ROM in the ch13/apps directory. It implements the following functionality: ◆ Allows every user to create messages and forms. ◆ Allows users from authenticated IP addresses to delete or modify forms or messages. ◆ Allows users from authenticated IP addresses to view the form report. This application has the following methods. run() When the application is run, this method is called. It simply calls the displyTAFMenu() method to render the main menu for the system. displayTAFMenu() This method is responsible for showing the main menu according to the privileges based on the IP address of the client. It works in the following manner: ◆ A menu template (TAF_MENU_TEMPLATE) is loaded in a template object called $template. ◆ All the form names and form IDs of the database are loaded in the array $frms. ◆ For each of those forms the AccessControl object is used to check whether the request IP is allowed to access the form. If the check result is yes, then the form name is showed in the list to the user for him to mod- ify, delete, or view a report. ◆ Similarly, all the messages are loaded in an array and the AccessControl object is again used to verify the request IP’s eligibility to access the mes- sage and the message list is prepared thereby. ◆ After preparing the message list and the form list and setting all the links for deletion, modification, and report for the messages or forms, the tem- plate is parsed and printed to the user. Chapter 13: Tell-a-Friend System 451 17 549669 ch13.qxd 4/4/03 9:26 AM Page 451 Creating a Tell-a-Friend Form Manager Application This application, taf_form_mngr.php, is responsible for managing forms. This application is included on the CD-ROM in the ch13/apps directory. It implements the following functionality: ◆ Allows any user to add a new form. ◆ Allows users from authenticated IP addresses to delete or modify selected forms. This application has the following methods. run() When the application is run, this method is called. It does the following: ◆ First it retrieves the $cmd value from the user request. ◆ Depending on the $cmd value, different methods are called. ◆ When the $cmd is add or modify, it calls the addModifyDriver() method with the appropriate mode (add or modify). ◆ And when the $cmd is delete, it calls the deleteForm() method to delete the form. authorize() This method checks whether the IP address from where the user is accessing the application is an authorized one. This is how it works: ◆ This application allows everyone to add forms. So when the request $cmd is add, it directly returns true. ◆ In case of modify and delete, the AccessControl object is used to verify whether the request IP is allowed to access the given form. It returns TRUE or FALSE depending on the verification result. addModifyDriver() This method is responsible for driving the add/modify procedure. Depending on the hidden form value $step, it decides whether to call the add/modify menu rendering method, displayAddModifyMenu(), or the add/modify method, addModifyForm(). Both the methods are called with the proper mode (add or modify). 452 Part III: Developing E-mail Solutions 17 549669 ch13.qxd 4/4/03 9:26 AM Page 452 displayAddModifyMenu() This method is used to show the menu for adding or modifying forms. It works as follows: ◆ If the method is called with mode modify, it first checks whether the form ID has been supplied or not. In case of no form ID, the method shows an alert message and returns null. ◆ Otherwise, all the previous information of the given form is retrieved and loaded in variables for later usage, to preload the modification Web form while showing to the user. In this case, the AccessControl object is used to retrieve the authorized and banned IPs for the form. ◆ Then a form setup template (TAF_FRM_SETUP_TEMPLATE) is loaded in a template object called $template. ◆ For loading different message lists in the Web form, the Message object’s getAllMessages() is used and then filtered using the AccessControl object’s isAccessAllowed() method. ◆ At the end, the template is parsed and printed to the user to give her a Web form to add or modify forms. addModifyForm() This method is used to add or modify forms. It works as follows: ◆ First, it checks whether the date range given for the form (the activation and termination date) is a valid one or not. If not, the method shows an alert message and returns null. ◆ Then it prepares the $params array with all the form field values from the user request. ◆ Then it creates an object of AccessControl to add or modify the access to the form. ◆ When the mode for the method is add the params array is fed into the addForm() method of the Form class to add the new form. If the addition fails, the method shows a failure message and returns. ◆ If the addition operation is successful, the authorized and denied IPs are added to the database using the addAccessIPs() and addDeniedIPs() methods of the AccessControl class. Then a successful addition message is shown to the user. ◆ When the mode for the method is modify, the $params array is fed into the modifyForm() method of the Form class to update the given form. If the update fails, the method shows a failure message. Chapter 13: Tell-a-Friend System 453 17 549669 ch13.qxd 4/4/03 9:26 AM Page 453 ◆ If the update operation is successful, the authorized and denied IPs are added to the database using the addAccessIPs() and addDeniedIPs() methods of the AccessControl class after deleting the previous IPs. And then a successful update message is shown to the user. deleteForm() This method is used for deleting forms. This works as follows: ◆ First, it checks whether the form ID has been supplied or not. If not, it shows an alert message and returns null. ◆ Then a new Form object, $frmObj, is created and the deleteForm() method of $frmObj is used to delete the form. ◆ If the deletion succeeds, the AccessControl class is used to delete the related IPs from the authorized and banned tables for the form. ◆ At the end, a status message is shown depending on the outcome of the deletion operation. Creating a Tell-a-Friend Message Manager Application This application, taf_msg_mngr.php, is responsible for managing all messages for the system. This application is included on the CD-ROM in the ch13/apps directory. It implements the following functionality: ◆ Allows any user to add a new message. ◆ Allows users from authenticated IP addresses to delete or modify the selected message. This application has the following methods. run() When the application is run, this method is called. It does the following: ◆ First, it retrieves the $cmd value from the user request. ◆ Depending on the $cmd value, different methods are called. 454 Part III: Developing E-mail Solutions 17 549669 ch13.qxd 4/4/03 9:26 AM Page 454 ◆ When the $cmd is add or modify, it calls the addModifyDriver() method with the appropriate mode (add or modify). ◆ And when the $cmd is delete, it calls the deleteForm() method to delete the form. authorize() This method checks whether the IP address (where the user is accessing the applica- tion from) is an authorized one. This is how it works: ◆ This application allows everyone to add messages. So when the request $cmd is add, it directly returns true. ◆ In case of modify and delete, the AccessControl object is used to verify whether the request IP is allowed to access the given message. It returns TRUE or FALSE depending on the verification result. addModifyDriver() This method is responsible for driving the add/modify procedure. Depending on the hidden form value $step, it decides whether to call the add/modify menu rendering method, displayAddModifyMenu(), or the add/modify method, addModifyMessage(). Both the methods are called with proper mode (add or modify). displayAddModifyMenu() This method is used to show the Web form for adding or modifying forms. It works as follows: ◆ If the method is called with mode modify, it first checks whether the mes- sage ID has been supplied or not. In case of no message ID, the method shows an alert message and returns null. ◆ Otherwise, all the previous information of the given message is retrieved and loaded in variables for later usage, to preload the modification Web form while showing to the user. In this case, the AccessControl object is used to retrieve the authorized IPs for the message. ◆ Then a message setup template (TAF_MSG_SETUP_TEMPLATE) is loaded in a template object called $template. ◆ The different form fields required for adding or modifying a message are prepared. ◆ At the end, the template is parsed and printed to the user to give her a Web form to add or modify messages. Chapter 13: Tell-a-Friend System 455 17 549669 ch13.qxd 4/4/03 9:26 AM Page 455 . Creating the Tell-a-Friend Main Menu Manager Application This application, taf_mngr .php, is responsible for managing the main menu of the system. This application is included on the. 9:26 AM Page 451 Creating a Tell-a-Friend Form Manager Application This application, taf_form_mngr .php, is responsible for managing forms. This application is included on the CD-ROM in the ch13/apps. operation. Creating a Tell-a-Friend Message Manager Application This application, taf_msg_mngr .php, is responsible for managing all messages for the system. This application is included on the