[OWASP_PHPSEC] Default Controller and Front Controller

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Sep 8 14:46:02 UTC 2013


Abbas, I have just added one commit to the framework.

This is my first attempt and I expect it to be wrong...because its new to
me. Anyways, I added a *loginController *and it is *incomplete*. But can
you just check it if I am going in the right direction ??


On Sun, Sep 8, 2013 at 10:23 AM, rahul chaudhary <
rahul300chaudhary400 at gmail.com> wrote:

> Yes yes...I get it now... :) Thanks...
>
>
> On Sun, Sep 8, 2013 at 10:17 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>
>> 1. just for test
>> 2. there are class names!
>> class DefaultController extends phpsec\framework\DefaultController
>>
>> -A
>>      ______________________________________________________________
>> *Notice:** *This message is *digitally signed*, its *source* and *
>> integrity* are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com
>>
>> On Sep 8, 2013, at 10:13 AM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>> 1) What you described, about Handle being abstract, that is another file.
>> That file is under framework/_core/base/control.php
>> I am talking about another file, *framework/control/default.php, *which
>> is a subclass of the above file and has defined the Handle method. So my
>> question was that in that Handle method, the definition is running the
>> scanner class to scan itself. I cannot understand why it is doing that ?
>>
>> 2) I will better understand with an example. So lets say that MatchRoutes
>> matches the wildcard "*". Now that means that the controller selected is
>> the "default" controller, and it is the same file as above - *framework/control/default.php.
>> *Now in this file, I cannot see any class names, so what will the
>> "GetClasses" method will find in this class ??
>>
>> After this I know. Once the classes will be found, appropriate
>> controllers are fetched and loaded and the start method is called. I just
>> have doubt on the "default" controller because it does not contains any
>> class names.
>>
>>
>> On Sun, Sep 8, 2013 at 9:52 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>>
>>> Hey Rahul,
>>> 1.
>>> What do you mean?
>>> Default controller (aka catch controller) is meant to catch a bunch of
>>> requests, not just one. That is why the Start method is overridden and the
>>> Handle method is abstract, which also gets the part of the requests that is
>>> mapped to the controller.
>>>
>>> Whatever an app puts in the controller code, is application specific and
>>> everything we did already is just for demonstration and testing.
>>>
>>> 2.
>>> We first need to see which file is needed to start the controller, that
>>> is done by MatchRoutes. jframework has strict routes, meaning that request
>>> *do/something* will be mapped to *control/do/something.php* which might
>>> not be convenient for some, many frameworks have the concept of routes,
>>> allowing the developer to map between requests and controllers
>>>
>>> Now that we have the controller file, we need to know what the
>>> controller class is called, so that we can instantiate it and call its
>>> start method! Thats why we run GetClasses and see whcih class in there is
>>> an instance of base controller, then instantiate and call it.
>>>
>>> 3.
>>> It's called a catch controller, in _japp/model/base/control/catch.php
>>>
>>> -Abbas
>>>      ______________________________________________________________
>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>> integrity* are verifiable.
>>> If you mail client does not support S/MIME verification, it will display
>>> a file (smime.p7s), which includes the X.509 certificate and the signature
>>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>> AbiusX.com <http://abiusx.com/>
>>>
>>> On Sep 8, 2013, at 2:19 AM, rahul chaudhary <
>>> rahul300chaudhary400 at gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> *1) The default controller class inside framework/control/default.php*
>>> I cannot understand why the Handle method contains code to scan itself.
>>>
>>> *2) The front controller inside framework/_core/front.php*
>>> In this file as I understand, first the method "MatchRoutes" will run
>>> and depending on the route, it will load the controller file. So lets
>>> suppose that it loads framework/control/default.php
>>>
>>> After this, the "StartController" function will run. In this function, I
>>> see that first the "GetClasses" method is run on
>>> "framework/control/default.php" which finds classes inside this file.
>>> However seeing the contents of this file, I cannot find any class names.
>>> So, how is this working ??
>>>
>>> Also my perception was first that after "MatchRoutes", we get the
>>> controller. But then again in "StartController" I see that after getting
>>> class names, it again searches for the appropriate controller.
>>>
>>> So, what is the difference between finding controller in "MatchRoutes"
>>> and finding controller in "StartController"
>>>
>>>
>>> *3) Also can you please tell me the default controller location in
>>> jFramework ??*
>>>
>>> --
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>>  _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>>
>>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>



-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130908/a7e06b13/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list