[OWASP_PHPSEC] Need Help understanding framework

rahul chaudhary rahul300chaudhary400 at gmail.com
Wed Aug 21 12:15:09 UTC 2013

Hello All,

Here is what I learned about MVC. There are two ways to make a
web-application. One way is to create with haste and without planning...and
another is to create the application with proper planning.

MVC is the second type.

In MVC, there are three main components....controller, model and view. A
controller is used to mediate controls between model and view. It also
interprets commands and passes control between model and view.

Lets say there is a bank site. So, obviously, there is a DB. There are
web-pages and there are charts, graphs etc. To divide an application
properly, MVC states that you keep all your components in the "view" part
that shows the output. In our bank application, suppose a user requests a
slip of its bank details. Then the server would return some data such as
account number, available balance etc. The role of view is to show this
data in a proper format. View is also responsible for showing information
in different formats such as same information can be shown in bar charts as
well as pie charts....this is the role of view to show data in different
formats if requested.

The model part is business logic. So you will keep all files that actually
manage your application. For e.g. a user requests their details, then what
information is to be given, authorization of users, transactions
etc....these all components must be kept in the "model". It is also obvious
that access to the application's DB is also made from inside "model". So,
in our bank application, if the user is requesting some data from the
server, then that request must be handled by the "model" part.

The controller is what takes the request and decides how to process it.
E.g: a user says they want a bank slip. This request will be received by
the controller. The controller will pass this request to model. The model
will generate the data and will pass back to the controller. The controller
will then pass this generated data to the "view". The "view" will then
generate an output and will then give it back to the controller. The
controller will send this data back to the user.

*So, guys please tell me if anything is wrong.*

Now in our framework, I understand what is going on (overall). But my doubt
is with controller. There is a "front controller" in our application inside
"_core" folder. I am still trying to understand that fully. Rest I have
understood. Will update you guys on my findings later on this.


On Sat, Aug 17, 2013 at 9:33 AM, rahul chaudhary <
rahul300chaudhary400 at gmail.com> wrote:

> Congratulations Abbas, great news!!!
> On Sat, Aug 17, 2013 at 2:31 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>> Ok
>> Sorry for the vague code! I wanted to polish it more but my US visa got
>> ready and I'm in the process of moving to US, thats why I left it at that
>> (not so) fragile state.
>> loader.php is the environment setup file. It makes the framework work
>> properly whether its called from command line or the web. Basically
>> everything that comes from the environment to the framework is set here.
>> front.php is the FrontController. To know what that is, you need to learn
>> more about the MVC model. After that, drop another email and describe it to
>> others, and I can then describe the extended pull MVC model.
>> Controller is an abstract class, because the application developer should
>> create controllers that extend it.
>> DefaultController is a controller that handles a bunch of requests, not
>> just one. Basically each controller is assigned to a single URI, e.g
>> app/user/login. One might want to have a default controller to control a
>> lot of requests, e.g
>> app/posts/post-one-hello-world
>> app/posts/how-i-started-this
>> and everything at app/posts/* to be handled by a single controller. Those
>> are handled by a default (catch) controller.
>> routes define which URI is handled by which controller. everything
>> outside _core folder is a sample application, and not a necessary part of
>> the framework (except for files in config folder which are required for
>> framework configuration, e.g database credentials).
>> -Abbas
>>      ______________________________________________________________
>> *Notice:** *This message is *digitally signed*, its *source* and *
>> integrity* are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com
>> On Mordad 25, 1392, at 11:22 PM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>> Hello All,
>> I need help understanding the overall structure of framework that Abbas
>> created.
>> This is what I have understood this far:
>> There is a folder called _core:
>> 1) There is a file called "autoloader.php" which loads all the core
>> classes in PHPSEC and then defines path to all other classes. It provides
>> functions to load any class within framework or PHPSEC.
>> 2) "Loader.php" prepares the HTTP Requests prior to calling front.php.
>> E.g setting baseURL
>> *3) "front.php"---> this is the main doubt. It says that it handles the
>> application. But handling means what ? What are controllers. Because
>> Controller class is just an abstract class and DefaultController is also
>> not that descriptive that I can deduce what is does ?*
>> Other classes such as routes.php or default.php...I understand their
>> meaning not fully but up to like 80%......so can someone please explain me
>> what is framework about and what is it doing ? (Or you can just point me to
>> some link...I will learn from there..)
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>  _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130821/a0fc4004/attachment.html>

More information about the OWASP_PHP_Security_Project mailing list