Chapter 2: Understanding and Avoiding Security Risks
Identifying the Sources of Risk
Minimizing User-Input Risks
Not Revealing Sensitive Information
Summary
Chapter 3: PHP Best Practices
Best Practices for Naming Variables and Functions
Best Practices for Function/Method
Best Practices for Database
Best Practices for User Interface
Best Practices for Documentation
Best Practices for Web Security
Best Practices for Source Configuration Management
Summary
Part II
Chapter 4: Architecture of an Intranet Application
Understanding Intranet Requirements
Building an Intranet Application Framework
Creating a Database Abstraction Class
Creating an Error Handler Class
Creating a Built-In Debugger Class
Creating an Abstract Application Class
Creating a Sample Application
Summary
Chapter 5: Central Authentication System
How the System Works
Creating an Authentication Class
Creating the Central Login Application
Creating the Central Logout Application
Creating the Central Authentication Database
Testing Central Login and Logout
Making Persistent Logins in Web Server Farms
Summary
Chapter 6: Central User Management System
Identifying the Functionality Requirements
Creating a User Class
User Interface Templates
Creating a User Administration Application
Creating a User Password Application
Creating a Forgotten-Password Recovery Application
Summary
Chapter 7: Intranet System
Identifying Functionality Requirements
Designing the Database
Designing and Implementing the Intranet Classes
Setting Up Application Configuration Files
Setting Up the Application Templates
Intranet Home Application
Installing Intranet Applications from the CD- ROM
Testing the Intranet Home Application
Summary
Chapter 8: Intranet Simple Document Publisher
Identifying the Functionality Requirements
The Prerequisites
Designing the Database
The Intranet Document Application Classes
Setting up Application Configuration Files
Setting Up the Application Templates
The Document Publisher Application
Installing Intranet Document Application
Testing Intranet Document Application
Summary
Chapter 9: Intranet Contact Manager
Functionality Requirements
Understanding Prerequisites
The Database
The Intranet Contact Manager Application Classes
The Application Configuration Files
The Application Templates
The Contact Category Manager Application
The Contact Manager Application
Installing Intranet Contract Manager
Testing Contract Manager
Summary
Chapter 10: Intranet Calendar Manager
Identifying Functionality Requirements
Understanding Prerequisites
Designing the Database
The Intranet Calendar Application Event Class
The Application Configuration Files
The Application Templates
The Calendar Manager Application
The Calendar Event Manager Application
Installing the Event Calendar on Your Intranet
Testing the Event Calendar
Summary
Chapter 11: Internet Resource Manager
Functionality Requirements
Understanding the Prerequisites
Designing the Database
Designing and Implementing the Internet Resource Manager Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating a Category Manager Application
Creating a Resource Manager Application
Creating a Resource Tracking Application
Creating a Search Manager Application
Installing an IRM on Your Intranet
Testing IRM
Security Concerns
Summary
Chapter 12: Online Help System
Functionality Requirements
Understanding the Prerequisites
Designing and Implementing the Help Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating the Help Indexing Application
Creating the Help Application
Installing Help Applications
Testing the Help System
Security Considerations
Summary
Part III
Chapter 13: Tell-a-Friend System
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Tell- a- Friend Application Classes
Creating Application Configuration Files
Creating Application Templates
Creating the Tell-a-Friend Main Menu Manager Application
Creating a Tell-a-Friend Form Manager Application
Creating a Tell-a-Friend Message Manager Application
Creating a Tell-a-Friend Form Processor Application
Creating a Tell-a-Friend Subscriber Application
Creating a Tell-a-Friend Reporter Application
Installing a Tell-a-Friend System
Testing the Tell-a-Friend System
Security Considerations
Summary
Chapter 14: E-mail Survey System
Functionality Requirements
Architecture of the Survey System
Designing the Database
Designing and Implementing the Survey Classes
Designing and Implementing the Survey Applications
Developing Survey Execution Manager
Setting Up the Central Survey Configuration File
Setting Up the Interface Template Files
Testing the Survey System
Security Considerations
Summary
Chapter 15: E-campaign System
Features of an E-campaign System
Architecting an E-campaign System
Designing an E-campaign Database
Understanding Customer Database Requirements
Designing E-campaign Classes
Creating Common Configuration and Resource Files
Creating Interface Template Files
Creating an E-campaign User Interface Application
Creating a List Manager Application
Creating a URL Manager Application
Creating a Message Manager Application
Creating a Campaign Manager Application
Creating a Campaign Execution Application
Creating a URL Tracking and Redirection Application
Creating an Unsubscription Tracking Application
Creating a Campaign Reporting Application
Testing the E-Campaign System
Security Considerations
Summary
Part IV
Chapter 16: Command-Line PHP Utilities
Working with the Command-Line Interpreter
Building a Simple Reminder Tool
Building a Geo Location Finder Tool for IP
Building a Hard Disk Usage Monitoring Utility
Building a CPU Load Monitoring Utility
Summary
Chapter 17: Apache Virtual Host Maker
Understanding an Apache Virtual Host
Defining Configuration Tasks
Creating a Configuration Script
Developing makesite
Installing makesite on Your System
Testing makesite
Summary
Chapter 18: BIND Domain Manager
Features of makezone
Creating the Configuration File
Understanding makezone
Installing makezone
Testing makezone
Summary
Part V
Chapter 19: Web Forms Manager
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Web Forms Manager Application Classes
Creating the Application Configuration Files
Creating Application Templates
Creating the Web Forms Submission Manager Application
Creating the Web Forms Reporter Application
Creating the CSV Data Exporter Application
Installing the Web Forms Manager
Testing the Web Forms Manager
Security Considerations
Summary
Chapter 20: Web Site Tools
Functionality Requirements
Understanding Prerequisites
Designing the Database
Designing and Implementing the Voting Tool Application Class
Creating the Application Configuration Files
Creating the Application Templates
Creating the Vote Application
Installing the Voting Tool
Testing the Voting Tool
Summary
Part VI
Chapter 21: Speeding Up PHP Applications
Benchmarking Your PHP Application
Buffering Your PHP Application Output
Compressing Your PHP Application Output
Caching Your PHP Applications
Summary
Chapter 22: Securing PHP Applications
Controlling Access to Your PHP Applications
Securely Uploading Files
Using Safe Database Access
Recommended php.ini Settings for a Production Environment
Limiting File System Access for PHP Scripts
Running PHP Applications in Safe Mode
Summary
Part VII
Appendix A: What's on the CD-ROM
System Requirements
What's on the CD
Troubleshooting
Appendix B: PHP Primer
Object-Oriented PHP
Appendix C: MySQL Primer
Using MySQL from the Command- Line
Using phpMyAdmin to Manage MySQL Database
Appendix D: Linux Primer
Installing and Configuring Apache 2.0
Installing and Configuring MySQL Server
Installing and Configuring PHP for Apache 2.0
Common File/Directory Commands
Index
Wiley Publishing, Inc. End-User License Agreement
Nội dung
For example, the following are equivalent: upload_max_filesize = 2M upload_max_filesize = 2097152 upload_tmp_dir The load_tmp_dir directive defines the temporary directory location for files uploaded via PHP. It is customary to set this to /tmp on UNIX systems; on Windows systems, this is typically set to /temp or left alone, in which case, PHP uses the sys- tem default. Syntax: load_tmp_dir directory Common File/Directory Commands This section describes a few commonly used Linux file and directory commands. chmod Syntax: chmod [-R] permission-mode file or directory Use this command to change the permission mode of a file or directory. The per- mission mode is specified as a three- or four-digit octal number. For example: chmod 755 myscript.pl The preceding command changes the permission of myscript.pl script to 755 (rwxr-xr-x), which allows the file owner to read, write, and execute, and allows only read and execute privileges for everyone else. Here is another example: chmod -R 744 public_html The preceding command changes the permissions of the public_html directory and all its contents (files and subdirectories) to 744 (rwxr-r-), which is a typical permission setting for the personal Web directories you access using http://server/~username URLs under Apache Server. The -R option tells chmod to recursively change permissions for all files and directories under the named directory. Appendix D: Linux Primer 821 34 549669 AppD.qxd 4/4/03 9:28 AM Page 821 chown Syntax: chown [ -fhR ] Owner [ :Group ] { File . . . | Directory. . . } The chown command changes the owner of a file or directory. The value of the Owner parameter can be a user ID or a login name in the /etc/passwd file. Optionally, you also can specify a group. The value of the Group parameter can be a group ID or a group name in the /etc/group file. Only the root user can change the owner of a file. You can change the group of a file only if you are a root user or you own the file. If you own the file but are not a root user, you can change the group only to a group of which you are a member. Table D-3 describes the chown options. TABLE D-3 CHOWN OPTIONS Option Description -f Suppresses all error messages except usage messages. -h Changes the ownership of an encountered symbolic link but not that of the file or directory to which the symbolic link points. -R Descends directories recursively, changing the ownership for each file. When a symbolic link is encountered and the link points to a directory, the ownership of that directory is changed, but the directory is not further traversed. The following example changes the owner of the file to another user: chown bert hisfile.txt cp Syntax: cp [-r] source destination Use the cp command to make an exact copy of a file. The cp command requires at least two arguments. The first argument is the file you want to copy, and the sec- ond argument is the location or file name of the new file. If the second argument is 822 Part VII: Appendixes 34 549669 AppD.qxd 4/4/03 9:28 AM Page 822 an existing directory, cp copies the source file into the directory. The -r parameter recursively copies a directory. cp main.c main.c.bak The preceding example copies the existing file main.c and creates a new file called main.c.bak in the same directory. These two files are identical, bit for bit. grep Syntax: grep [-viw] pattern file(s) The grep command enables you to search for one or more files for particular character patterns. Every line of each file that contains the pattern is displayed at the terminal. The grep command is useful when you have numerous files and you want to find out which ones contain certain words or phrases. Using the -v option, you can display the inverse of a pattern. Perhaps you want to select the lines in data.txt that do not contain the word the: grep -vw ‘the’ data.txt If you do not specify the -w option, any word containing the matches, such as toge[the]r. The -w option specifies that the pattern must be a whole word. Finally, the -i option ignores the difference between uppercase and lowercase letters when searching for the pattern. Much of the flexibility of grep comes from the fact that you can specify not only exact characters but also a more general search pattern. To do this, you use what are described as regular expressions. find Syntax: find [path] [-type fdl] [-name pattern] [-atime [+-]number of days] [-exec command {} \;] [-empty] The find command finds files and directories, as shown in the following example: find . -type d The find command returns all subdirectory names under the current directory. The -type option is typically set to d (for directory), f (for file), or l (for links): find . -type f -name “*.txt” Appendix D: Linux Primer 823 34 549669 AppD.qxd 4/4/03 9:28 AM Page 823 The preceding command finds all text files (ending with a .txt extension) in the current directory, including all its subdirectories. find . -type f -name “*.txt” -exec grep -l “magic” {} \; The preceding command searches all text files (ending with the .txt extension) in the current directory, including all its subdirectories for the keyword magic, and returns their names (because -l is used with grep): find . -name ?*.gif? -atime -1 -exec ls -l {} \; The preceding command finds all GIF files that have been accessed in the past 24 hours (one day) and displays their details using the ls -l command. find . -type f -empty The preceding command displays all empty files in the current directory hierarchy. head Syntax: head [-count | -n number] filename This command displays the first few lines of a file. By default, it displays the first 10 lines of a file. However, you can use the preceding options to specify a different number of lines, as follows: head -2 doc.txt # Outline of future projects # Last modified: 02/02/99 The preceding example illustrates how to view the first two lines of the text file doc.txt. ln Syntax: ln [-s] sourcefile target ln creates two types of links: hard and soft. Think of a link as two names for the same file. Once you create a link, you cannot distinguish it from the original file. 824 Part VII: Appendixes 34 549669 AppD.qxd 4/4/03 9:28 AM Page 824 You cannot remove a file that has hard links from the hard disk until you remove all links. You create hard links without the -s option: ln ./www ./public_html A hard link does have limitations, however. A hard link cannot link to another directory, and a hard link cannot link to a file on another file system. Using the -s option, you can create a soft link, which eliminates these restrictions: ln -s /dev/fs02/jack/www /dev/fs01/foo/public_html Here you create a soft link between the directory www on file system 2 and a newly created file public_html on file system 1. locate Syntax: locate keyword The locate command finds the path of a particular file or command if updated script was run at an earlier time using cron job or manually. locate finds an exact or substring match. For example: locate foo /usr/lib/texmf/tex/latex/misc/footnpag.sty /usr/share/automake/footer.am /usr/share/games/fortunes/food /usr/share/games/fortunes/food.dat /usr/share/gimp/patterns/moonfoot.pat The output that locate produces contains the keyword foo in the absolute path or does not have any output. ls Syntax: ls [-1aRl] file or directory The ls command allows you to list files (and subdirectories) in a directory. It is one of the most popular programs. When you use it with the -1 option, it displays only the file and directory names in the current directory. When you use the -l Appendix D: Linux Primer 825 34 549669 AppD.qxd 4/4/03 9:28 AM Page 825 . location for files uploaded via PHP. It is customary to set this to /tmp on UNIX systems; on Windows systems, this is typically set to /temp or left alone, in which case, PHP uses the sys- tem default. Syntax: