[OWASP_PHPSEC] Need Help understanding framework
rahul300chaudhary400 at gmail.com
Thu Aug 22 16:35:40 UTC 2013
ok....two doubts in "front controller":
1) In function start() Line 61: if
What os static rrequest, Why is the static prefix set to "file" and how
does this helps us in handling the application.
2) in function startContoller(), I am having trouble understanding the
usage of is_a() function: Can you help me understand this function ???
Basically tell me what is the third option "TRUE" ??
if (is_a($class, __NAMESPACE__."\\Controller",true))
On Wed, Aug 21, 2013 at 6:32 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> Start handles the front controller, and starts the appropriate controller
> based on routes.
> Routes define which URL(s) should be handle by whch controllers.
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body. Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> On Mordad 30, 1392, at 4:51 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
> yes yes...I know that...but there is a function called start and
> matchRoutes....those two are difficult to understand... :(
> On Wed, Aug 21, 2013 at 5:50 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>> It is almost correct. There is no rigid definition of borders in these
>> three concepts.
>> FrontController is in charge of receiving all requests sent to an
>> application, and dispatching them to the correct controllers.
>> *Notice:** *This message is *digitally signed*, its *source* and *
>> integrity* are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body. Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com <http://abiusx.com/>
>> On Mordad 30, 1392, at 4:45 PM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>> Hello All,
>> Here is what I learned about MVC. There are two ways to make a
>> web-application. One way is to create with haste and without planning...and
>> another is to create the application with proper planning.
>> MVC is the second type.
>> In MVC, there are three main components....controller, model and view. A
>> controller is used to mediate controls between model and view. It also
>> interprets commands and passes control between model and view.
>> Lets say there is a bank site. So, obviously, there is a DB. There are
>> web-pages and there are charts, graphs etc. To divide an application
>> properly, MVC states that you keep all your components in the "view" part
>> that shows the output. In our bank application, suppose a user requests a
>> slip of its bank details. Then the server would return some data such as
>> account number, available balance etc. The role of view is to show this
>> data in a proper format. View is also responsible for showing information
>> in different formats such as same information can be shown in bar charts as
>> well as pie charts....this is the role of view to show data in different
>> formats if requested.
>> The model part is business logic. So you will keep all files that
>> actually manage your application. For e.g. a user requests their details,
>> then what information is to be given, authorization of users, transactions
>> etc....these all components must be kept in the "model". It is also obvious
>> that access to the application's DB is also made from inside "model". So,
>> in our bank application, if the user is requesting some data from the
>> server, then that request must be handled by the "model" part.
>> The controller is what takes the request and decides how to process it.
>> E.g: a user says they want a bank slip. This request will be received by
>> the controller. The controller will pass this request to model. The model
>> will generate the data and will pass back to the controller. The controller
>> will then pass this generated data to the "view". The "view" will then
>> generate an output and will then give it back to the controller. The
>> controller will send this data back to the user.
>> *So, guys please tell me if anything is wrong.*
>> Now in our framework, I understand what is going on (overall). But my
>> doubt is with controller. There is a "front controller" in our application
>> inside "_core" folder. I am still trying to understand that fully. Rest I
>> have understood. Will update you guys on my findings later on this.
>> On Sat, Aug 17, 2013 at 9:33 AM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>> Congratulations Abbas, great news!!!
>>> On Sat, Aug 17, 2013 at 2:31 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>>>> Sorry for the vague code! I wanted to polish it more but my US visa got
>>>> ready and I'm in the process of moving to US, thats why I left it at that
>>>> (not so) fragile state.
>>>> loader.php is the environment setup file. It makes the framework work
>>>> properly whether its called from command line or the web. Basically
>>>> everything that comes from the environment to the framework is set here.
>>>> front.php is the FrontController. To know what that is, you need to
>>>> learn more about the MVC model. After that, drop another email and describe
>>>> it to others, and I can then describe the extended pull MVC model.
>>>> Controller is an abstract class, because the application developer
>>>> should create controllers that extend it.
>>>> DefaultController is a controller that handles a bunch of requests, not
>>>> just one. Basically each controller is assigned to a single URI, e.g
>>>> app/user/login. One might want to have a default controller to control a
>>>> lot of requests, e.g
>>>> and everything at app/posts/* to be handled by a single controller.
>>>> Those are handled by a default (catch) controller.
>>>> routes define which URI is handled by which controller. everything
>>>> outside _core folder is a sample application, and not a necessary part of
>>>> the framework (except for files in config folder which are required for
>>>> framework configuration, e.g database credentials).
>>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>>> integrity* are verifiable.
>>>> If you mail client does not support S/MIME verification, it will
>>>> display a file (smime.p7s), which includes the X.509 certificate and the
>>>> signature body. Read more at Certified E-Mail with Comodo and
>>>> Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>>> AbiusX.com <http://abiusx.com/>
>>>> On Mordad 25, 1392, at 11:22 PM, rahul chaudhary <
>>>> rahul300chaudhary400 at gmail.com> wrote:
>>>> Hello All,
>>>> I need help understanding the overall structure of framework that Abbas
>>>> This is what I have understood this far:
>>>> There is a folder called _core:
>>>> 1) There is a file called "autoloader.php" which loads all the core
>>>> classes in PHPSEC and then defines path to all other classes. It provides
>>>> functions to load any class within framework or PHPSEC.
>>>> 2) "Loader.php" prepares the HTTP Requests prior to calling front.php.
>>>> E.g setting baseURL
>>>> *3) "front.php"---> this is the main doubt. It says that it handles
>>>> the application. But handling means what ? What are controllers. Because
>>>> Controller class is just an abstract class and DefaultController is also
>>>> not that descriptive that I can deduce what is does ?*
>>>> Other classes such as routes.php or default.php...I understand their
>>>> meaning not fully but up to like 80%......so can someone please explain me
>>>> what is framework about and what is it doing ? (Or you can just point me to
>>>> some link...I will learn from there..)
>>>> Rahul Chaudhary
>>>> Ph - 412-519-9634
>>>> OWASP_PHP_Security_Project mailing list
>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>> Rahul Chaudhary
>> Ph - 412-519-9634
> Rahul Chaudhary
> Ph - 412-519-9634
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project