-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathREADME
More file actions
executable file
·231 lines (170 loc) · 6.42 KB
/
README
File metadata and controls
executable file
·231 lines (170 loc) · 6.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
=== SEC+ PHP ===
Sec+ is a little library for web development in PHP. It's focused in security
and performance.
Author: i4k - Tiago Natel de Moura
API Documentation:
http://www.secplus.com.br/secplus-php/doc/html/index.html
SEC+ - http://www.secplus.com.br/
bugsec - http://bugsec.googlecode.com/
Found a bug?
Want to get involved?
Do you have a review/critique?
Tell me: natel *nospam* secplus.com.br
== Documentation ==
=== Installation ===
Create the directory of your project.
$ mkdir /var/www/myportal
$ cd /var/www/myportal
Create the libraries directory with the name you want:
For example:
$ mkdir lib/
$ cd lib/
Get the current SecPlus-PHP library from github:
$ git clone https://github.com/SecPlus/secplus-php.git
$ ls
secplus-php
Go back to the root of your project.
$ cd /var/www/myportal/
Run the SecPlus-PHP shell and type 'y' for the script create a new
configuration file.
$ php lib/secplus-php/secplus.lib.php
SEC+ Security WebFramework
License: GNU GPL v2.0
Author: Tiago Natel de Moura aka i4k <tiago4orion@gmail.com>
Linux li351-42 2.6.39.1-x86_64-linode19 #1 SMP Tue Jun 21 10:04:20 2011 x86_64
[-] file 'config.php' not exists or permission denied to open.
[-] we need a configuration file to run scaffolding commands.
[?] You want that we generate the 'config.php' for you? [y/N] y
[+] Config file 'config.php' created with success.
[+] Output: config.php
[+] using 'config.php' for configuration.
For now, we have a project configuration file 'config.php'.
This file contain a Config default class. If you wish customize them for your needs.
After, create a new project based on your configuration.
SEC+> create project
[+] Index created with success.
[+] Output: ./index.php
[-] file './lib' already exists...
[+] [CREATED] ./controller
[+] [CREATED] ./view
[+] [CREATED] ./model
[+] [CREATED] ./model/dao
[+] [CREATED] ./model/vo
[+] Controller 'HomeController created with success.
[+] Output: ././controller/HomeController.php
[+] View 'HomeView created with success.
[+] Output: ././view/HomeView.php
SEC+>
Ok. A basic MVC project was created.
You could test visiting:
http://localhost/myportal/
=== Controllers and Actions ===
Controllers are classes to handle user requests. Every controller have one or
more actions that are the routines for interact with the user.
For example, in a User Manager application, we need a controller to create,
edit, delete and update users. For each operation that the user could activate
need a 'action' in your 'controller' to handle it.
Note that initially SecPlus-PHP create the HomeController.php and HomeView.php
for you. Every method in your controller is a suitable action to be trigged.
http://localhost/myportal/?controller=home&action=view
view is the default action in the default HomeController created. To execute
other action use the parameter 'action' of URL.
http://localhost/myportal/?controller=home&action=user
will execute the action 'user' in controller HomeController. But this action
will be executed ONLY IF this action is listed in the safe_actions property of
the controller.
In your controller:
...
public function setup() {
$this->safe_actions[] = 'user';
$this-=>handleAction();
}
...
=== Model ===
SecPlus-PHP by default uses the DAO (Data Access Object) to handle with
database operations. The framework have the basic functionalities to
facilitate the development of Models. You could use the SecPlus-PHP shell to
create DAO's and ValueObject's.
Classes DAO is the link between controllers and your database and Value Objects
are classes that represent the records in your database.
For example, if you have the table below:
CREATE TABLE user (
id INTEGER AUTO_INCREMENT NOT NULL PRIMARY KEY,
username VARCHAR(255) NOT NULL,
name VARCHAR(255) NOT NULL,
pass VARCHAR(255) NOT NULL
);
you could use the shell to generate the models for this table:
SEC+> create dao user
[+] DAO 'UserDAO' created with success.
[+] Output: ././model/dao/UserDAO.php
SEC+>
$ cat ././model/dao/UserDAO.php
<?php
require 'model/vo/User.php';
class UserDAO extends SecPlus\AbstractModel {
}
SEC+> create valueobject user
[+] ValueObject 'User' created with success.
[+] Output: ././model/vo/User.php
SEC+> ^C
$ cat ././model/vo/User.php
<?php
class User extends SecPlus\ValueObject {
}
As you can see, the DAO and ValueObject does not have any real information of
the user table in your database, but SecPlus-PHP has a few automagic methods to
get, save, update and delete records in this table.
Before use SecPlus-PHP Models you need adjust your configurations in the
Config class.
-- config.php
...
public function setup() {
...
$this->dbHost = '127.0.0.1';
$this->dbUser = 'portal';
$this->dbPass = '_s3cr3t_';
$this->dbDatabase = 'secplus-php-portal';
}
...
For interact with database see below:
-- HomeController.php
...
public function view() {
require('model/vo/User.php');
$user = new User();
$user->name = 'Tiago Natel de Moura';
$user->username = 'i4k';
/* please, dont use md5() for hash passwords in production ... */
$user->pass = md5('_s3cr3tp4ss_' . $this->config->getSalt());
/* Instantiate the DAO class */
$userDAO = new UserDAO();
/* save/insert the User in database */
if ($userDAO->save($user)) {
print "User {$user->username} saved successfully.<br>\n";
}
unset($user);
/* Get the record previously saved. */
$user = $userDAO->get(1);
print_r($user);
/* Update the user */
$user->username = '_i4k_';
if($userDAO->update($user)) {
print "User {$user->username} updated successfully.<br>";
}
/* delete the User with id 1 */
$userDAO->delete(1);
}
...
This is the basic concept about SecPlus-PHP framework.
This is a little framework that I've been using to develop web projects. It
implements the basic needs for a web framework. It is ridiculous simple, this
is possible because of the new features in PHP 5.*. This is still a early
stage project in active development. Various features need to be implemented,
feel free to contribute.
I don't have much time to write documentation, but if you really need more
information or you like the project and want to get involved, send me an email.
natel *nospam* secplus.com.br
;)
hack the world!
i4k