[OWASP_PHPSEC] Need Help understanding framework

rahul chaudhary rahul300chaudhary400 at gmail.com
Thu Aug 22 16:35:40 UTC 2013


ok....two doubts in "front controller":

1) In function start()   Line 61: if
(substr($Request,0,strlen(self::$StaticPrefix)+1)==self::$StaticPrefix."/")
//static
requset

What os static rrequest, Why is the static prefix set to "file" and how
does this helps us in handling the application.


2) in function startContoller(), I am having trouble understanding the
usage of is_a() function: Can you help me understand this function ???
Basically tell me what is the third option "TRUE" ??
if (is_a($class, __NAMESPACE__."\\Controller",true))


On Wed, Aug 21, 2013 at 6:32 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> Start handles the front controller, and starts the appropriate controller
> based on routes.
>
> Routes define which URL(s) should be handle by whch controllers.
> -A
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Mordad 30, 1392, at 4:51 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> yes yes...I know that...but there is a function called start and
> matchRoutes....those two are difficult to understand... :(
>
>
> On Wed, Aug 21, 2013 at 5:50 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>
>> It is almost correct. There is no rigid definition of borders in these
>> three concepts.
>> FrontController is in charge of receiving all requests sent to an
>> application, and dispatching them to the correct controllers.
>> -A
>>
>>      ______________________________________________________________
>> *Notice:** *This message is *digitally signed*, its *source* and *
>> integrity* are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com <http://abiusx.com/>
>>
>> On Mordad 30, 1392, at 4:45 PM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>> Hello All,
>>
>> Here is what I learned about MVC. There are two ways to make a
>> web-application. One way is to create with haste and without planning...and
>> another is to create the application with proper planning.
>>
>> MVC is the second type.
>>
>> In MVC, there are three main components....controller, model and view. A
>> controller is used to mediate controls between model and view. It also
>> interprets commands and passes control between model and view.
>>
>> E.g:
>> Lets say there is a bank site. So, obviously, there is a DB. There are
>> web-pages and there are charts, graphs etc. To divide an application
>> properly, MVC states that you keep all your components in the "view" part
>> that shows the output. In our bank application, suppose a user requests a
>> slip of its bank details. Then the server would return some data such as
>> account number, available balance etc. The role of view is to show this
>> data in a proper format. View is also responsible for showing information
>> in different formats such as same information can be shown in bar charts as
>> well as pie charts....this is the role of view to show data in different
>> formats if requested.
>>
>> The model part is business logic. So you will keep all files that
>> actually manage your application. For e.g. a user requests their details,
>> then what information is to be given, authorization of users, transactions
>> etc....these all components must be kept in the "model". It is also obvious
>> that access to the application's DB is also made from inside "model". So,
>> in our bank application, if the user is requesting some data from the
>> server, then that request must be handled by the "model" part.
>>
>> The controller is what takes the request and decides how to process it.
>> E.g: a user says they want a bank slip. This request will be received by
>> the controller. The controller will pass this request to model. The model
>> will generate the data and will pass back to the controller. The controller
>> will then pass this generated data to the "view". The "view" will then
>> generate an output and will then give it back to the controller. The
>> controller will send this data back to the user.
>>
>> *So, guys please tell me if anything is wrong.*
>>
>> Now in our framework, I understand what is going on (overall). But my
>> doubt is with controller. There is a "front controller" in our application
>> inside "_core" folder. I am still trying to understand that fully. Rest I
>> have understood. Will update you guys on my findings later on this.
>>
>> Thanks.
>>
>>
>> On Sat, Aug 17, 2013 at 9:33 AM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>>> Congratulations Abbas, great news!!!
>>>
>>>
>>> On Sat, Aug 17, 2013 at 2:31 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>>>
>>>> Ok
>>>> Sorry for the vague code! I wanted to polish it more but my US visa got
>>>> ready and I'm in the process of moving to US, thats why I left it at that
>>>> (not so) fragile state.
>>>> loader.php is the environment setup file. It makes the framework work
>>>> properly whether its called from command line or the web. Basically
>>>> everything that comes from the environment to the framework is set here.
>>>> front.php is the FrontController. To know what that is, you need to
>>>> learn more about the MVC model. After that, drop another email and describe
>>>> it to others, and I can then describe the extended pull MVC model.
>>>>
>>>> Controller is an abstract class, because the application developer
>>>> should create controllers that extend it.
>>>>
>>>> DefaultController is a controller that handles a bunch of requests, not
>>>> just one. Basically each controller is assigned to a single URI, e.g
>>>> app/user/login. One might want to have a default controller to control a
>>>> lot of requests, e.g
>>>> app/posts/post-one-hello-world
>>>> app/posts/how-i-started-this
>>>>
>>>> and everything at app/posts/* to be handled by a single controller.
>>>> Those are handled by a default (catch) controller.
>>>>
>>>> routes define which URI is handled by which controller. everything
>>>> outside _core folder is a sample application, and not a necessary part of
>>>> the framework (except for files in config folder which are required for
>>>> framework configuration, e.g database credentials).
>>>>
>>>> -Abbas
>>>>      ______________________________________________________________
>>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>>> integrity* are verifiable.
>>>> If you mail client does not support S/MIME verification, it will
>>>> display a file (smime.p7s), which includes the X.509 certificate and the
>>>> signature body.  Read more at Certified E-Mail with Comodo and
>>>> Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>>> AbiusX.com <http://abiusx.com/>
>>>>
>>>> On Mordad 25, 1392, at 11:22 PM, rahul chaudhary <
>>>> rahul300chaudhary400 at gmail.com> wrote:
>>>>
>>>> Hello All,
>>>>
>>>> I need help understanding the overall structure of framework that Abbas
>>>> created.
>>>>
>>>> This is what I have understood this far:
>>>>
>>>> There is a folder called _core:
>>>> 1) There is a file called "autoloader.php" which loads all the core
>>>> classes in PHPSEC and then defines path to all other classes. It provides
>>>> functions to load any class within framework or PHPSEC.
>>>> 2) "Loader.php" prepares the HTTP Requests prior to calling front.php.
>>>> E.g setting baseURL
>>>> *3) "front.php"---> this is the main doubt. It says that it handles
>>>> the application. But handling means what ? What are controllers. Because
>>>> Controller class is just an abstract class and DefaultController is also
>>>> not that descriptive that I can deduce what is does ?*
>>>>
>>>> Other classes such as routes.php or default.php...I understand their
>>>> meaning not fully but up to like 80%......so can someone please explain me
>>>> what is framework about and what is it doing ? (Or you can just point me to
>>>> some link...I will learn from there..)
>>>>
>>>> --
>>>> Regards,
>>>> Rahul Chaudhary
>>>> Ph - 412-519-9634
>>>>  _______________________________________________
>>>> OWASP_PHP_Security_Project mailing list
>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>>
>>
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>>
>>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130822/0423fe19/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list