I'm doing something like this in my controller:
$myapp->$class->$function($params)
The vars are being extracted from the request url i.e. /class/function/field1/val1/field2/val2/.../fieldN/valN
Through the website template only certain functions are linked but clearly anyone could view the source code and try to access sensitive functions which aren't supposed to be visible.
So my question is, how can I hide some functions while allowing others to be accessed through the URL?
I want to continue using this approach if possible $myapp->$class->$function($params)
At the same time it shoudn't work for some functions in the class i.e. $myapp->Page->delPage(...) should return an error
While other functions should work i.e. $myapp->Guestbook->createPost(...)
I haven't implemented a user login yet but for example, Guestbook->createPost(...) would check that the user is logged in. But there are too many classes and functions so I don't want to have to write out a separate request page for each one, if possible.
You could have a look at how the popular PHP frameworks like Zend or Symfony handle this standard problem.
They have though a lot about it already, and their implementation is tested by thousands of users.
Both Zend and Symfony components should be usable standalone.
Zend Framework 2 Router: http://framework.zend.com/manual/2.0/en/modules/zend.mvc.routing.html
Symfony 2 Router: http://symfony.com/doc/current/book/routing.html
Related
I am quite new to zend framework-2 i am working on a web app in zend framework 2. I want to know if its possible to create extensions or plugins and attach them to hooks and call those hooks in view templates as we can do in wordpress or prestashop ?
Any response is highly appreciated
Thanks !
Update
In response to your comment. It turns out you have certain "blocks" of code you want to use in your view. That, to me at least, sounds like a partial view-script.
To which, of course, the explanation below still applies (no logic, apart from the odd loop and if, etc...)
I think you're confusing extensions and plugins with view-helpers. In wordpress and other blog/CMS systems that are in common use, little add-ons are often referred to as extensions or plugins.
Zend Framework has plugins, too, but I don't think that that's what you're looking for.
I take it you're actually looking for zend view helpers
A couple of these helpers are part of the ZendFW as is, but you can extend the abstract helper quite easily to create your own. After that, it's a simple matter of passing that helper to the view, and you're all set.
If you are indeed looking for ZendFW plugins, then I'm afraid you're barking up the wrong tree. Sure: these things exist, and of course you can create your own. But to use these kinds of plugins from within the view? No, that would be a crime against everything MVC is about.
The basic layout of any MVC framework/application is such that the controller does the initial processing of the request, the Model layer (== data-models, DB connection, DataProviders, Services... the works) takes care of the actual logic & computing. When this layer (sometimes referred to as the business layer) is done, it returns the results to the controller.
The controller might do some simple prepping, but then passes on the data to the view.
Once the data is passed to the view, all that is left to do is representing the data (most of the time, this is building a page). Any logic that is more complex than a simple if (empty($this->foo)) { echo 'No data';} else { echo $this->foo; } of a loop is bad practice
ZendFW's plugins can be used to authenticate users, redirect clients if a cookie/session has expired, and even set headers so on. Not something you'd want to do in the view.
My team of coworkers and me have decided to rewrite a legacy app in Yii but the management have a strict policy that all the functionality must remain as it is, so we have to use old modules until they are ported to Yii, these modules are written in a procedural manner and every one of them has a php file that is included in the general index.php. The general index.php does three things:
Starts the session and adds variables to it.
Creates the db connection.
Renders the main php file of the requested module.
How can we use the old modules once we begin to use Yii?
We have looked at URL Management and the logic would be really simple: If the url matches an old module, render it with renderFile() else let do Yii the work, however we don't know if this is the best approach.
Should we consider anything else before beginning the process?
I want to know if URLManagement + renderFile() is the way to go?
The URL handling can indeed be used, but then I would simply write a custom URL Rule class instead of using a ton of routes as your config will be a mess.
If you want some alternative suggestions:
To begin with, split out the creation of the app and its execution
require_once($yii);
Yii::createWebApplication($config);
// If you want to run the app:
Yii::app()->run();
That way you are in full control whether the app actually runs or not.
As for the DB. If you are using PDO you are in luck. I would just give Yii a db component the regular way and then modify the general.php to use the PDO instance from Yii (Yii::app()->db->pdoInstance). It will always be loaded after so that should work. If you aren't using PDO, just use 2 connections, it's not that bad unless you have a lot of visitors.
Regarding the session there shouldn't be that much initialization so unless you have a custom handler, move it to Yii as well. The functions are the same anyway so there shouldn't be much of a problem.
Then there are 2 ways of doing things as I see it:
1) general.php goes first.
You would have to make a list of modules in the legacy file and determine if the current requested module was migrated or not. Basically put the module names that are still in general.php in an array, see if the url requires one of those and include general.php (and don't do Yii::app()->run()). The rest go through Yii.
2) Yii goes first.
Have yii do it's magic but intercept the 404 http exceptions. This is easily done with a custom error handler function (http://www.yiiframework.com/doc/guide/1.1/en/topics.error). If you get to the error function again: determine if its a valid legacy module and include general.php.
Both ways are pretty messy but at least like this you get the chance to migrate one module whilst keeping the rest in the legacy file.
Depending on Size ,complexity and Person Months for a software is critical to take any decisions. Of course it is very very advisable to have homogeneous nature of application rather than heterogeneous nature. If modules you mentioned above are the one you intend to convert I suggest you must have a RE-DO in Yii because Yii has strong ORM modules are very very easy to make.
I suggest you should go for a RE-Do
Following may be of your interest
How do you convert an old OOP PHP project into the Yii Framework?
I wonder why many CMSs (cmsms, wordpress,joomla and ...) use index.php for all articles in all modules? how it can help them? why they don't use separate php files for each module or plugin? I wanna design a small CMS and wanna know this technik. thanks
why they don't use separate php files for each module or plugin?
They can't afford to do so. The CMS's machanism allows third party plugins as well for which they can't create separate pages beforehand and that will be an overhead anyway.
What CMSs typically do is transter requests through URL and implement design patterns such as:
Front Controller
Model View Controller
This helps them keep simple and be able to figure out which classes to load and functions to call. Same goes easy in case there is a plugin in-house or third party.
You should study those patterns to figure out the things for yourself.
Here is quote from Front Controller:
The front controller may be implemented as a Java object, or as a
script in a script language like PHP, ASP, CFML or JSP that is called
on every request of a web session. This script, for example an
index.php, would handle all tasks that are common to the application
or the framework, such as session handling, caching, and input
filtering. Based on the specific request it would then instantiate
further objects and call methods to handle the particular task(s)
required.
The alternative to a front controller would be individual scripts like
login.php and order.php that would each then satisfy the type of
request. Each script would have to duplicate code or objects that are
common to all tasks. But each script might also have more flexibility
to implement the particular task required.
I’m in the process of learning to use the Zend Framework, and I’m therefore trying to grasp the concept of MVC. Through the Zend manual, and a very helpful Youtube video tutorial I have sort of understood the concept – still there are some things I need to clarify.
The web project I’m currently working on is a web site for an organization I’m a part of. It consists of:
The public portion, mainly consisting of information about us, a calendar and some media – mostly static information, but a couple of pages, like the calendar, will need to retrieve some data from the DB.
The internal pages, which after a login will allow users to RSVP to events and comment them as well.
The administrative controls , allows the admins to add events and manage users etc.
So far it looks like Zend wants the URL to look like this:
http?://[domain]/[controller]/[action]
So here are my questions:
Do I always have to have an action in the url, or will the lack of an action use the index-action as default?
Can I have a subdirectory to distinguish between the internal and public portions of the site: http://[domain]/internal/[controller]/[action] ?
Can this be done simply by having a subfolder within the different MVC-folders somehow?
The latter question isn’t really that important, but I’d like to separate the two portions of the site somehow.
Do I always have to have an action in the url, or will the lack of an action use the index-action as default?
A controller can have a default action which is triggered when no action is specified in the URL. Look for default action or index action.
Can I have a subdirectory to distinguish between the internal and public portions of the site: http://[domain]/internal/[controller]/[action] ?
Yes you can have, but I assume subdirectory refers to your URL, not to the actual file-layout on the server. You can do so by just having a controller per "subdirectory".
Can this be done simply by having a subfolder within the different MVC-folders somehow? The latter question isn’t really that important, but I’d like to separate the two portions of the site somehow.
You can separate per controller and you can even separate with modules. As far as I know of modules in zend-framework, this will all be in it's own sudirectory per module.
I think you're especially looking for Using a Conventional Modular Directory Structure.
The questions you are asking are in the area of routing which generally means: Given a URL on which the HTTP request is being made:
Which controller should be instantiated?
Which action on that controller should be run?
What parameters should be passed to the action?
The routing docs in the ZF Manual explain how routing works by default and how you can specify your own routing. But looking at them now, I don't think they do a great job of introducing the subject matter for a first time user. This post might be better, though it is only a single, simple example.
I am a PHP and ExtJS user. I am looking into developing an application using a good PHP framework (CakePHP; good as in "I consider this good for me") and ExtJS version 3. What I would like to achieve is a complete Ext viewport with many grids and functions that would call PHP urls for retrieving data, saving data, edit/remove data (not just for grids, also for treepanel and such). I would like to use CakePHP as backend with all its capabilities for executing these functions. My first goal is to integrate the obAuth component (or any other secure authentification plugin for CakePHP) with an ExtJS 3 login interface. I am searching for the best method of combining these too so that I can easily restrict functions based on the usergroup access. I am thinking of a setup where the logged in user makes one post from Ext regarding the execution of a function and the CakePHP response made present as errors or notifiers through Ext alert boxes.
Do you think this is possible ? Any thoughts of an ideal config for this ?
Thank you.
If you're going back and forth between JavaScript and Cake a lot the first thing you might want to do is override or extend the default View class so it'll package variables you set in the controller automatically into a JSON array or whatever you prefer. That'll save you from having to make a view for each action and/or overriding the layout each time. Study cake/libs/view/view.php and/or cake/libs/view/media.php, you can create custom views in app/views/.
Make use of the RequestHandler Component a lot to reuse logic both for normal views and AJAX.
Beyond that it's normal JS with a PHP backend.
This is actually very easy. First, integrate the obAuth Component into a basic CakePHP install, to see if it works properly and doesn't have any strange quirks. Once that's done, get to work on your frontend.
Your frontend should be designed entirely with ExtJS components. Either design your frontend with ExtJS or via HTML templates, but try not to do both, as it gets confusing and hard to maintain. I recently did this, and every controller action had a view that set up the DOM with some basic elements (a header for the page, any divs I needed to bind components to, and the .js file that was specific to that page/view).
Then, make your application RESTful. All of your ExtJS components can read data from a DataStore (or can just take a URL as the data source), so you just give them the paths you'd like and you're done.
Check out Bancha, it integrates ExtJS 4 and CakePHP 2.
It does this by doing all the communication in the background using an completely implemented Ext.Direct for CakePHP.
cheers
Roland