Secure PHP Development- P20

Secure PHP Development- P20: Welcome to Secure PHP Development: Building 50 Practical Applications. PHPhas come a long way since its first incarnation as a Perl script. Now PHP is a powerfulWeb scripting language with object-oriented programming support. Slowlybut steadily it has entered the non-Web scripting arena often reserved for Perl andother shell scripting languages. Arguably, PHP is one of the most popular Web platforms.
Nội dung trích xuất từ tài liệu:
Secure PHP Development- P2066 Part II: Developing Intranet Solutions Marketing Sales MIS PC PC PC PC Firewall PC PC PC PC Intranet Engineering Administration Server PC PC PC PC PC PC Database Server PC PC PC PC Figure 4-1: A typical intranet-enabled company. Any Department Project 1 Project (n) Team Team Employee Employee Team Leader Team Leader Department Head Figure 4-2: User requirements for a typical intranet-enabled company. Each intranet application you develop must be able to authenticate and autho- rize different types of users. For example, an employee vacation management application has to incorporate the hierarchical chain of command that enables employee vacation requests to be reviewed and approved first by team leaders and then by the department head. So far, our intranet application framework has the following requirements: ◆ Central authentication: Users need to be authenticated to access intranet applications. There are likely to be many intranet applications within an organization and therefore user authentication should be done such that a user logs in only once to access any application. A session should be Chapter 4: Architecture of an Intranet Application 67 created that allows all applications to identify an authenticated user. When a user attempts to access an intranet application without logging in first, the application should automatically redirect the user to the login application. When the user is successfully authenticated via the login application, she should be automatically forwarded back to the applica- tion she had been attempting to access. The login process should be seam- less. Similarly, a central, seamless logout facility should be provided to allow the users to log out from the intranet. ◆ Application-specific authorization: Different types of users exist in an intranet and, therefore, intranet applications must discriminate when authorizing users. Employee access to an intranet application will vary. Because each application will have different requirements for authorizing the user, the task of authorization should be left to the application itself. ◆ A shared database: Most intranet activity involves collaboration or group efforts. For example, users working in a team within a project might need to report the status of the project tasks individually, but the team leader or department head needs to access the information from the entire team to make technical or business decisions. A shared database is therefore the solution to store data. Based on these requirements, let’s go ahead and build an intranet applicationframework.Building an Intranet ApplicationFrameworkAn intranet consists of many applications. It is a good idea to create an applicationframework that provides a set of commonly needed objects and services to imple-ment applications. Typical intranet applications have user authentication require-ments, database access requirements, user interfaces requirements, and businesslogic requirements. Each application’s business logic, which is the work done by theapplication, is unique and must be implemented in the application code itself.However, each application can benefit from using a standard application frame-work consisting of objects that standardize authentication, database access, userinterface, etc. The framework I will build here will do just that. Figure 4-3 shows the high-level design diagram for an intranet application thatwill use our application framework. Now let’s discuss the components of this architecture.68 Part II: Developing Intranet Solutions Relational Database PHP Application Framework Business Logic Components HTML Template-based Presentation Layer Your PHP Application INPUT OUTPUT Figure 4-3: High-level architecture diagram of an intranet application using our framework. Using an HTML template-based presentation layer All input and output to and from the application is handled via a template-driven HTML presentation layer. When the application needs input from the user, it pre- sents an HTML page generated from an appropriate HTML template. Similarly, when the application needs to display output, it generates an HTML page by replac- ing special application-specific tags within the template. This ensures that cosmetic changes to the input or output interfaces can be done without requiring help from the application developer. For example, an application that uses the template-based presentation layer can have its interface modified by an HTML writer or graphics artist. Using PHP Application Framework components The components in the PHP Application Framework (PHPAF) layer implement the base application by providing the following services: ◆ Da ...