1. Trang chủ
  2. » Công Nghệ Thông Tin

Secure PHP Development- P97 pot

5 64 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 81,46 KB

Nội dung

Creating the Tell-a-Friend Main Menu Manager Application This application, taf_mngr.php, is responsible for managing the main menu of the system. This application is included on the CD-ROM in the ch13/apps directory. It implements the following functionality: ◆ Allows every user to create messages and forms. ◆ Allows users from authenticated IP addresses to delete or modify forms or messages. ◆ Allows users from authenticated IP addresses to view the form report. This application has the following methods. run() When the application is run, this method is called. It simply calls the displyTAFMenu() method to render the main menu for the system. displayTAFMenu() This method is responsible for showing the main menu according to the privileges based on the IP address of the client. It works in the following manner: ◆ A menu template (TAF_MENU_TEMPLATE) is loaded in a template object called $template. ◆ All the form names and form IDs of the database are loaded in the array $frms. ◆ For each of those forms the AccessControl object is used to check whether the request IP is allowed to access the form. If the check result is yes, then the form name is showed in the list to the user for him to mod- ify, delete, or view a report. ◆ Similarly, all the messages are loaded in an array and the AccessControl object is again used to verify the request IP’s eligibility to access the mes- sage and the message list is prepared thereby. ◆ After preparing the message list and the form list and setting all the links for deletion, modification, and report for the messages or forms, the tem- plate is parsed and printed to the user. Chapter 13: Tell-a-Friend System 451 17 549669 ch13.qxd 4/4/03 9:26 AM Page 451 Creating a Tell-a-Friend Form Manager Application This application, taf_form_mngr.php, is responsible for managing forms. This application is included on the CD-ROM in the ch13/apps directory. It implements the following functionality: ◆ Allows any user to add a new form. ◆ Allows users from authenticated IP addresses to delete or modify selected forms. This application has the following methods. run() When the application is run, this method is called. It does the following: ◆ First it retrieves the $cmd value from the user request. ◆ Depending on the $cmd value, different methods are called. ◆ When the $cmd is add or modify, it calls the addModifyDriver() method with the appropriate mode (add or modify). ◆ And when the $cmd is delete, it calls the deleteForm() method to delete the form. authorize() This method checks whether the IP address from where the user is accessing the application is an authorized one. This is how it works: ◆ This application allows everyone to add forms. So when the request $cmd is add, it directly returns true. ◆ In case of modify and delete, the AccessControl object is used to verify whether the request IP is allowed to access the given form. It returns TRUE or FALSE depending on the verification result. addModifyDriver() This method is responsible for driving the add/modify procedure. Depending on the hidden form value $step, it decides whether to call the add/modify menu rendering method, displayAddModifyMenu(), or the add/modify method, addModifyForm(). Both the methods are called with the proper mode (add or modify). 452 Part III: Developing E-mail Solutions 17 549669 ch13.qxd 4/4/03 9:26 AM Page 452 displayAddModifyMenu() This method is used to show the menu for adding or modifying forms. It works as follows: ◆ If the method is called with mode modify, it first checks whether the form ID has been supplied or not. In case of no form ID, the method shows an alert message and returns null. ◆ Otherwise, all the previous information of the given form is retrieved and loaded in variables for later usage, to preload the modification Web form while showing to the user. In this case, the AccessControl object is used to retrieve the authorized and banned IPs for the form. ◆ Then a form setup template (TAF_FRM_SETUP_TEMPLATE) is loaded in a template object called $template. ◆ For loading different message lists in the Web form, the Message object’s getAllMessages() is used and then filtered using the AccessControl object’s isAccessAllowed() method. ◆ At the end, the template is parsed and printed to the user to give her a Web form to add or modify forms. addModifyForm() This method is used to add or modify forms. It works as follows: ◆ First, it checks whether the date range given for the form (the activation and termination date) is a valid one or not. If not, the method shows an alert message and returns null. ◆ Then it prepares the $params array with all the form field values from the user request. ◆ Then it creates an object of AccessControl to add or modify the access to the form. ◆ When the mode for the method is add the params array is fed into the addForm() method of the Form class to add the new form. If the addition fails, the method shows a failure message and returns. ◆ If the addition operation is successful, the authorized and denied IPs are added to the database using the addAccessIPs() and addDeniedIPs() methods of the AccessControl class. Then a successful addition message is shown to the user. ◆ When the mode for the method is modify, the $params array is fed into the modifyForm() method of the Form class to update the given form. If the update fails, the method shows a failure message. Chapter 13: Tell-a-Friend System 453 17 549669 ch13.qxd 4/4/03 9:26 AM Page 453 ◆ If the update operation is successful, the authorized and denied IPs are added to the database using the addAccessIPs() and addDeniedIPs() methods of the AccessControl class after deleting the previous IPs. And then a successful update message is shown to the user. deleteForm() This method is used for deleting forms. This works as follows: ◆ First, it checks whether the form ID has been supplied or not. If not, it shows an alert message and returns null. ◆ Then a new Form object, $frmObj, is created and the deleteForm() method of $frmObj is used to delete the form. ◆ If the deletion succeeds, the AccessControl class is used to delete the related IPs from the authorized and banned tables for the form. ◆ At the end, a status message is shown depending on the outcome of the deletion operation. Creating a Tell-a-Friend Message Manager Application This application, taf_msg_mngr.php, is responsible for managing all messages for the system. This application is included on the CD-ROM in the ch13/apps directory. It implements the following functionality: ◆ Allows any user to add a new message. ◆ Allows users from authenticated IP addresses to delete or modify the selected message. This application has the following methods. run() When the application is run, this method is called. It does the following: ◆ First, it retrieves the $cmd value from the user request. ◆ Depending on the $cmd value, different methods are called. 454 Part III: Developing E-mail Solutions 17 549669 ch13.qxd 4/4/03 9:26 AM Page 454 ◆ When the $cmd is add or modify, it calls the addModifyDriver() method with the appropriate mode (add or modify). ◆ And when the $cmd is delete, it calls the deleteForm() method to delete the form. authorize() This method checks whether the IP address (where the user is accessing the applica- tion from) is an authorized one. This is how it works: ◆ This application allows everyone to add messages. So when the request $cmd is add, it directly returns true. ◆ In case of modify and delete, the AccessControl object is used to verify whether the request IP is allowed to access the given message. It returns TRUE or FALSE depending on the verification result. addModifyDriver() This method is responsible for driving the add/modify procedure. Depending on the hidden form value $step, it decides whether to call the add/modify menu rendering method, displayAddModifyMenu(), or the add/modify method, addModifyMessage(). Both the methods are called with proper mode (add or modify). displayAddModifyMenu() This method is used to show the Web form for adding or modifying forms. It works as follows: ◆ If the method is called with mode modify, it first checks whether the mes- sage ID has been supplied or not. In case of no message ID, the method shows an alert message and returns null. ◆ Otherwise, all the previous information of the given message is retrieved and loaded in variables for later usage, to preload the modification Web form while showing to the user. In this case, the AccessControl object is used to retrieve the authorized IPs for the message. ◆ Then a message setup template (TAF_MSG_SETUP_TEMPLATE) is loaded in a template object called $template. ◆ The different form fields required for adding or modifying a message are prepared. ◆ At the end, the template is parsed and printed to the user to give her a Web form to add or modify messages. Chapter 13: Tell-a-Friend System 455 17 549669 ch13.qxd 4/4/03 9:26 AM Page 455 . Creating the Tell-a-Friend Main Menu Manager Application This application, taf_mngr .php, is responsible for managing the main menu of the system. This application is included on the. 9:26 AM Page 451 Creating a Tell-a-Friend Form Manager Application This application, taf_form_mngr .php, is responsible for managing forms. This application is included on the CD-ROM in the ch13/apps. operation. Creating a Tell-a-Friend Message Manager Application This application, taf_msg_mngr .php, is responsible for managing all messages for the system. This application is included on the

Ngày đăng: 07/07/2014, 07:20