shop34-11- profile system
Profiles
In the application directory, add a subdirectory config for managing projects that appear in the configuration file:
Design , configuration files, store data format:
To enable the comparison of management :
Initialized when the project, load the configuration file, configuration information
In the framework class, increase in the operating configuration of loading:
In the initialization complete path constant, you can complete the initialization of the configuration:
Use configuration:
Distribution parameters:
Database server information:
Model:
SessionDB:
shop34-12- prevent SQL injection
Item added to prevent SQL code injection
In MySQLDB , add a can complete turn -defined methods, in the model, when you need to call!
/ * Prevent sql injection automatically escapes traditional values * / function escapeString($str){ return $this->db->real_escape_string($str); } |
Project used, AdminModel , a complete conversion:
In order to avoid, integer data may not be SQL increased quotes force in quotes package data converted;
Patchwork SQL data without adding quotation marks :
Tip:
In PHP magic quotes ( Magic QUOTES), in PHP automatically request data (the GET , the POST ) increased escape an SQL preventing injection mechanism.
shop34-13-DAO layer extracted
Project in for PDO use
Use of the PDO , realized mysqlDB the DAO external object operation consistent with the additional one kind of DAO implementation can be done, model switching DAO , is not need to change any code in the model (hot-swap, seamless handover)
DAO increasing operation of the interface (I_DAO) , all DAO of definitions ( MySQL extension, the PDO extension) will achieve the same the DAO operator interface (I_DAO)
shop34-14- background Home show
Background Home function
Main function
Frameset layout, each frame, the need to request a feature action projects, the completion of the final show!
Back/ManageController->indexAction()
Complete background mode plate index.html
Each frame function
Implement the corresponding view template:
shop34-15- platform controller - centralized authentication
Background Public login authentication - Platform Controller
Background not only Manage-> indexaction () requires login authentication, and other actions need to login authentication.
The operation belongs to the background of the current platform common controller functions.
Increase the platform controller background, complete the appropriate validation:
Platform in other controllers, are inherited from the platform controller:
The verification login operation, moved to PlatformController :
achieve:
Call opportunity:
(When the constructor is executed) instantiates the background controller when the object:
test:
Found not logged in already verified, and jump to logon, but the login page does not load properly:
Why?
Request admin 's login time, we must determine whether the login, not by a jump to the admin 's login , resulting in an infinite loop.
Visible: the vast majority of the action backstage login verification is required in the implementation, but there are exceptions: Log related, recover your password and the like.
When it should determine whether the login if action is not a special case judgment:
How to determine a special case?
Since the open session in a public place, the action in the background, you do not need to re-open session on:
adminController-> check action ()
shop34-17- login authentication code
Analysis of code
Login: prevent brute force
Forum: prevent irrigation water
Display categories: be crawled.
Technology needs:
Image processing technology.
Session session technique.
PHP Image Processing Technology - GD
Specific steps
Open GD extension
Apache restart
Scenes:
Production of 500 × 300 green pictures
Creating the Canvas
Canvas, a resource type data. Can image resource operations.
Create a new canvas ( New)
ImageCreate ( width , height ) , to create a palette based on the canvas.
imageCreateTrueColor (width , height ); create true color of the canvas.
Based on the picture to create a canvas ( open)
imageCreateFromJPEG (picture address );
imageCreateFromPNG (picture address );
imageCreateFromGIF (picture address );
Operating canvas
Assign color: If you need to use a color on the canvas, you should be the color assigned to the canvas.
Use function:
Color identification = imageColorAllocate (canvas , R & lt , G , B);
Color representation:
RGB
Filled canvas: the filling point, and the continuous same color point for filling (replacement)
Use function:
ImageFill ( canvas , filling position X , the filling position of the Y , skin) to complete
Location using coordinates management:
Origin : 0 , 0, canvas upper left corner.
Right , X -axis increases, the downward Y -axis increases.
The lower right corner coordinates: width-1, height-1
Output canvas
The canvas Deal pattern information, and outputs it.
Typical of :
1 output to the image file.
2 direct output.
Use function:
imagePNG ( canvas [, file address ]):
imagejpeg ();
imagegif ();
If no second parameter represents a direct output.
If the direct output to the browser, you need to tell the browser, the response data of the type should be PNG format images:
Use instructions Content-type
tip: a canvas can output many times, for a variety of output formats!
Destruction canvas resources
imageDestroy();
The project implemented in code
Code Tools category
Framework/tool/Captcha.class.php
Automatic load:
Generates CAPTCHA image:
Session open to avoid repetition:
Background Location:
Login form when the show
In the login form page by IMG tag , requesting born into the picture URL address and display pictures.
<img src=”URL” />
Increase in an action for completion of generating login screen background picture verification code:
Back/AdminController->captchaAction();
Page of img tag src attribute, the requested action:
Tip : If the picture display fails, how to debug?
It should directly address the request generated images , rather than img View tab.
My program, should be captchaAction () is also listed as a login authentication exceptions:
Background of the platform controller:
The results :
Click to replace:
By clicking event, re-request for production verification picture address to form a new a verification code on display!
If img tag src attribute is changed, the new browser will url request, appear img within the picture area.