[OWASP_PHPSEC] Need Help understanding framework

rahul chaudhary rahul300chaudhary400 at gmail.com
Fri Aug 23 04:22:28 UTC 2013


1) But you have defined "$staticPrefix" as "file".....why this string
"file" ???

2) The description of "is_a()" function in PHPDoc says the same....but the
problem is the third argument which is TRUE.....what is this third
argument...

also I see that when you have called the is_a function , you are not
passing it an object but you are passing it the class name.....how does
that tells if its a subclass of "Controller" or "defaultController" ???


On Thu, Aug 22, 2013 at 11:00 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> Very good questions.
> 1. Static content, are static files, not dynamic content. They do not
> require a running program to generate output. CSS/JS/IMG/etc files are
> static contents, as well as static html files. Usually the web server
> (apache) handles them, but handling them via the framework is much more
> secure, and allows for authorization and etc.
>
> 2. is_a checks whether an object is a (instance of) a class. if B derives
> from A, B is a A, and A is a A.
> -A
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Mordad 31, 1392, at 9:05 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> ok....two doubts in "front controller":
>
> 1) In function start()   Line 61: if
> (substr($Request,0,strlen(self::$StaticPrefix)+1)==self::$StaticPrefix."/"
> ) //static requset
>
> What os static rrequest, Why is the static prefix set to "file" and how
> does this helps us in handling the application.
>
>
> 2) in function startContoller(), I am having trouble understanding the
> usage of is_a() function: Can you help me understand this function ???
> Basically tell me what is the third option "TRUE" ??
> if (is_a($class, __NAMESPACE__."\\Controller",true))
>
>
> On Wed, Aug 21, 2013 at 6:32 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>
>> Start handles the front controller, and starts the appropriate controller
>> based on routes.
>>
>> Routes define which URL(s) should be handle by whch controllers.
>> -A
>>      ______________________________________________________________
>> *Notice:** *This message is *digitally signed*, its *source* and *
>> integrity* are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com <http://abiusx.com/>
>>
>> On Mordad 30, 1392, at 4:51 PM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>> yes yes...I know that...but there is a function called start and
>> matchRoutes....those two are difficult to understand... :(
>>
>>
>> On Wed, Aug 21, 2013 at 5:50 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>>
>>> It is almost correct. There is no rigid definition of borders in these
>>> three concepts.
>>> FrontController is in charge of receiving all requests sent to an
>>> application, and dispatching them to the correct controllers.
>>> -A
>>>
>>>      ______________________________________________________________
>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>> integrity* are verifiable.
>>> If you mail client does not support S/MIME verification, it will display
>>> a file (smime.p7s), which includes the X.509 certificate and the signature
>>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>> AbiusX.com <http://abiusx.com/>
>>>
>>> On Mordad 30, 1392, at 4:45 PM, rahul chaudhary <
>>> rahul300chaudhary400 at gmail.com> wrote:
>>>
>>> Hello All,
>>>
>>> Here is what I learned about MVC. There are two ways to make a
>>> web-application. One way is to create with haste and without planning...and
>>> another is to create the application with proper planning.
>>>
>>> MVC is the second type.
>>>
>>> In MVC, there are three main components....controller, model and view. A
>>> controller is used to mediate controls between model and view. It also
>>> interprets commands and passes control between model and view.
>>>
>>> E.g:
>>> Lets say there is a bank site. So, obviously, there is a DB. There are
>>> web-pages and there are charts, graphs etc. To divide an application
>>> properly, MVC states that you keep all your components in the "view" part
>>> that shows the output. In our bank application, suppose a user requests a
>>> slip of its bank details. Then the server would return some data such as
>>> account number, available balance etc. The role of view is to show this
>>> data in a proper format. View is also responsible for showing information
>>> in different formats such as same information can be shown in bar charts as
>>> well as pie charts....this is the role of view to show data in different
>>> formats if requested.
>>>
>>> The model part is business logic. So you will keep all files that
>>> actually manage your application. For e.g. a user requests their details,
>>> then what information is to be given, authorization of users, transactions
>>> etc....these all components must be kept in the "model". It is also obvious
>>> that access to the application's DB is also made from inside "model". So,
>>> in our bank application, if the user is requesting some data from the
>>> server, then that request must be handled by the "model" part.
>>>
>>> The controller is what takes the request and decides how to process it.
>>> E.g: a user says they want a bank slip. This request will be received by
>>> the controller. The controller will pass this request to model. The model
>>> will generate the data and will pass back to the controller. The controller
>>> will then pass this generated data to the "view". The "view" will then
>>> generate an output and will then give it back to the controller. The
>>> controller will send this data back to the user.
>>>
>>> *So, guys please tell me if anything is wrong.*
>>>
>>> Now in our framework, I understand what is going on (overall). But my
>>> doubt is with controller. There is a "front controller" in our application
>>> inside "_core" folder. I am still trying to understand that fully. Rest I
>>> have understood. Will update you guys on my findings later on this.
>>>
>>> Thanks.
>>>
>>>
>>> On Sat, Aug 17, 2013 at 9:33 AM, rahul chaudhary <
>>> rahul300chaudhary400 at gmail.com> wrote:
>>>
>>>> Congratulations Abbas, great news!!!
>>>>
>>>>
>>>> On Sat, Aug 17, 2013 at 2:31 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>>>>
>>>>> Ok
>>>>> Sorry for the vague code! I wanted to polish it more but my US visa
>>>>> got ready and I'm in the process of moving to US, thats why I left it at
>>>>> that (not so) fragile state.
>>>>> loader.php is the environment setup file. It makes the framework work
>>>>> properly whether its called from command line or the web. Basically
>>>>> everything that comes from the environment to the framework is set here.
>>>>> front.php is the FrontController. To know what that is, you need to
>>>>> learn more about the MVC model. After that, drop another email and describe
>>>>> it to others, and I can then describe the extended pull MVC model.
>>>>>
>>>>> Controller is an abstract class, because the application developer
>>>>> should create controllers that extend it.
>>>>>
>>>>> DefaultController is a controller that handles a bunch of requests,
>>>>> not just one. Basically each controller is assigned to a single URI, e.g
>>>>> app/user/login. One might want to have a default controller to control a
>>>>> lot of requests, e.g
>>>>> app/posts/post-one-hello-world
>>>>> app/posts/how-i-started-this
>>>>>
>>>>> and everything at app/posts/* to be handled by a single controller.
>>>>> Those are handled by a default (catch) controller.
>>>>>
>>>>> routes define which URI is handled by which controller. everything
>>>>> outside _core folder is a sample application, and not a necessary part of
>>>>> the framework (except for files in config folder which are required for
>>>>> framework configuration, e.g database credentials).
>>>>>
>>>>> -Abbas
>>>>>      ______________________________________________________________
>>>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>>>> integrity* are verifiable.
>>>>> If you mail client does not support S/MIME verification, it will
>>>>> display a file (smime.p7s), which includes the X.509 certificate and the
>>>>> signature body.  Read more at Certified E-Mail with Comodo and
>>>>> Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>>>> AbiusX.com <http://abiusx.com/>
>>>>>
>>>>> On Mordad 25, 1392, at 11:22 PM, rahul chaudhary <
>>>>> rahul300chaudhary400 at gmail.com> wrote:
>>>>>
>>>>> Hello All,
>>>>>
>>>>> I need help understanding the overall structure of framework that
>>>>> Abbas created.
>>>>>
>>>>> This is what I have understood this far:
>>>>>
>>>>> There is a folder called _core:
>>>>> 1) There is a file called "autoloader.php" which loads all the core
>>>>> classes in PHPSEC and then defines path to all other classes. It provides
>>>>> functions to load any class within framework or PHPSEC.
>>>>> 2) "Loader.php" prepares the HTTP Requests prior to calling front.php.
>>>>> E.g setting baseURL
>>>>> *3) "front.php"---> this is the main doubt. It says that it handles
>>>>> the application. But handling means what ? What are controllers. Because
>>>>> Controller class is just an abstract class and DefaultController is also
>>>>> not that descriptive that I can deduce what is does ?*
>>>>>
>>>>> Other classes such as routes.php or default.php...I understand their
>>>>> meaning not fully but up to like 80%......so can someone please explain me
>>>>> what is framework about and what is it doing ? (Or you can just point me to
>>>>> some link...I will learn from there..)
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Rahul Chaudhary
>>>>> Ph - 412-519-9634
>>>>>  _______________________________________________
>>>>> OWASP_PHP_Security_Project mailing list
>>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Rahul Chaudhary
>>>> Ph - 412-519-9634
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>>
>>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130823/31a1817a/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list