PHP框架设计入门
原文地址:http://bbs.phpchina.com/viewthread.php?tid=59397
(本文译自 Leon Bukhman 的 PHP Application Framework Design ,10/13/05)
引用:
This article describes the design of a complete application framework written in PHP. The reader is assumed to have a working knowledge of PHP. This part of the series describes the scope of the framework and goes over the initial class hierarchy. The following parts cover everything from session handling to creating page templates.
本文讲述了如何用PHP来做一个完整的应用框架设计。我们假定读者已有PHP的工作知识。系列的此部分讲述框架的应用和类的架构。接下来的部分将覆盖从会话处理到创造页面模板的内容。
引用:
Class Hierarchy
I like to start implementing large projects by drawing out the class diagrams and seeing how the components fit together. Luckily, as of version 4, PHP supports object oriented programming with all its bells and whistles. Although this article is written for PHP 4, you can accomplish all of the same results with PHP 5 (which is still somewhat bleeding edge at the time of writing this). Object oriented programming and design is beyond the scope of this article so I hope you are at least somewhat familiar with it. The point is that OOP is the key to developing large applications and web-development is no exception.
类的架构
在贯彻大项目时,我喜欢先画出类图,并看看怎样把各部分组件拼合在一起。幸亏,PHP从版本4开始具备了相应的功能支持面向对象编程。尽管本文是用PHP4写的,但你同样能用PHP5来实现所有的功能(在本文写作时PHP5还正待发布)。面向对象编程和设计的内容超出了本文的范围,希望读者至少在一定程度上熟识其相关内容。因为OOP是开发大型应用和web应用开发的关键,这点是毫无例外的。
引用:
We will want to keep the framework minimal for performance reasons yet scalable and flexible enough to handle any kind of project that you may encounter. To start of, lets agree that the logic for each and every page of you application will be encapsulated in a class. This class will inherit from the system base class, which will handle everything that you may want your application to do. The benefits of this approach are fairly obvious. First, you are encapsulating all of the complex code away from the project developers. Thus, you can rest assured that your new intern will not mess with your system classes (unless you want her to for some reason). All the pages in the application will be more consistent and you will not be copy-pasting the same code into every page. More importantly, if you decide to change some underlying functions of your application, you will not have to edit each page as long as you keep the interface to your system base class consistent.
为了提高效能,我们将尽可能把框架的结构最小化,但同时又有足够的扩展性和灵活性,以确保框架能满足以后各种项目的不同需求。开始之前,我们先预设一个处理逻辑,应用中的每一个页面都将被封装在一个类里面。这个类又继承了系统的基类,它将处理(此页面)应用要做的一切事情。这样做的好处是很明显的:第一,对项目开发人员封装了所有复杂的代码,这样就不用担心新同伴搞乱了系统架构 (除非你有意这样做)。第二,应用中的所有页面都能保持一致性,你再也不用去拷贝-粘贴相同的代码到每个页面。第三,更重要的,如果要改变应用中的一些功能,只有保持对系统基类的接口的一致性,就不用去编辑每一页了。
引用:
Now lets define what we want our system base class to do. Here is a basic list of features that I will go over in due time:
Establish the database connection
Define how the page will be laid out and print the HTML
Manage authentication and user session information
Define all your application’s core features
Here is the framework and all of it's glory:
现在确定一下基类要做什么。下面是准备讨论的一些基本特征:
建立数据库连接
确定页面布局和显示HTML
鉴证和用户会话信息管理
定义应用核心要素
下面是框架及其要素的实现:
复制内容到剪贴板
代码:
class_system.php - The base class which includes the following (基类包括以下部分)
|_constants.php - Application constants (应用常数)
|_functions.php - Generic functions (基本函数)
|_class_user.php - Session handling (会话处理)
|_class_template.php - Template handling (模板处理)
|_class_form.php - Form handling (表单处理)
Using this framework, all of your pages should have this structure:
此框架内,所有页面都有这样的结构:
复制内容到剪贴板
代码:
include "include/class_system.php";
class Page extends SystemBase {
//your code here
}
$p = new Page();
引用:
The idea here is that we want to minimize the time spent on the most common tasks such as creating new pages. In this case, all we have to do is include the base class (which will make sure that all the other necessary dependencies are also included), extend the base class, and simply make an instance of the class to get the ball rolling. This way you can start thinking about what the page will actually do rather than waste time with common tasks.
在这里,我们想要把像创造新页面这类最普通任务所花费的时间减到最小。在本例中,我们只需要包括基类,扩展基类,然后简单的把类实例化就可以玩下去了。这样大家就可以把精力放在研究页面具体要做什么上面,而不是把时间化在普通事务上。
Configuration Files and Useful Functions 文件配置和有用的函数
引用:
The simplest idea to explain is the need for a file that will contain the application’s configuration. We can go with XML or some other even more intricate technology that will inevitably make the framework less efficient but let’s start off with the basics. All we really need is a set of constants that define strings such as the database connection or installation paths. These are strings that we would not want to hunt down within each page of the application every time the database password is changed or the application is moved. The file constants.php is just that. The settings that I find most useful are the URL and system paths to the application.
为简单解释起见,先建立一个包含应用配置的文件。我们可以用XML或其他一些复杂的技术来做,不过这样框架的效率就会降低了,所以我们从最基本的技术开始。我们现在需要的只是一些常数用来定义像数据库连接或安装路径之类的字符串。我们不想在每次改数据库密码或者改变应用路径时都要在每页里翻来倒去的寻找修改的地方。只要把 constants.php 这个文件找出来就行了。通常我认为最有用的设定是URL和应用的系统路径。
引用:
On a similar note, there are some functions that we would like to always make available and I include them in the file functions.php. These functions are not made as methods of the base class because we would like to make them available to all the classes of our application (including those that do not extend the base class). I will go over the functions in this file when we need to use them. As a simple example, I include the me() function, which returns the file name of the current PHP file. (VB 6 programmers will remember that me is a reference to the current form).
同样的,有一些我们随时需要用到的函数,我把它们放在functions.php文件里。我们没有把这些函数作为基类的方法,是因为应用里所有的类都可能用到它们 (包括那些没有扩展基类的)。在需要用到时,我再讲这个函数。现在作为一个简单的例子,先包括一个me()函数,它将返回现在PHP文件的文件名。
复制内容到剪贴板
代码:
function me() {
return substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'],'/')+1,
strlen($_SERVER['PHP_SELF']));
} The Base Class
引用:
Now lets dissect the class_system.php file line by line. The first thing that we do is call session_start() which starts a new user session if none exists or does nothing otherwise (more on sessions in part 2 of this series). Then we include all the need libraries. There are two things to note about the way this is done. First, require_once is used which will only include the file once and throw an exception if the file is not available (as opposed to include which would only make a warning and proceed with execution of the page). The second thing to note is that absolute paths are used to include the files which are all in the same folder. This is done because we don’t want to have to reconfigure the server to get the application working (by changing the include path used in PHP). Relative paths would not work because the base class will be included from various other pages and the relative path would have to work for each page that includes the base class.
现在我们一行一行地来讨论system.php这个类。第一行调用了session_start() ,如果会话(session)不存在,它就打开一个新的会话(第二部分有更多内容)。然后把所有需要的库文件包括进来。这里要注意两件事情:第一,使用 require_once 只在第一次把文件包括进来,如果没有此文件,就抛出个异常 (而用include则之显示一个警告信息)。第二,把同一个文件夹里的所有文件都包括进来的绝对路径。这样做是因为我们不想为了应用而再配置服务器 (作PHP里改变包括的路径)。用相对路径行不通,因为基类会在各种不同的页面里用到,要为用到基类的每一页设定相对路径是很困难的。
复制内容到剪贴板
代码:
session_start();
$path = dirname(__FILE__);
require_once "$path/constants.php"; //defines
require_once "$path/functions.php"; //generic functions
require_once "$path/class_user.php"; //session handling
require_once "$path/class_template.php";//template handling
require_once "$path/class_form.php"; //form handling
(译注:在PHP5我们可以用 __autoload()的方法。)
The implementation of the system base class is not at all surprising if you consider the way we intended to use it. Since the code is only executed when an instance of the class is created, we put everything that we want to happen into the class’s constructor. Also, since the base class will not be able to know exactly how to render each page, we make the methods abstract and let polymorphism take care of the rest (i.e. the derived classes will override the base classes methods.) Here is a list of the methods called from within the constructor:
如果考虑到我们使用它的方式,系统基类的实施就没什么令人惊奇的了。因为只有在类的实例创造时,代码才被执行,我们可以把所有要用到的东西都放到类的构造器里。还有,因为基类不能确切的知道如何呈现出具体的每一页,我们要用到抽象的方法,并使用多态性来照料这一切。(如子类重载基类的方法。) 下面是构造器里要调用的一些方法:
复制内容到剪贴板
代码:
init() - initialize the page
authenticate() - perform authentication
handleFormEvents() - handle page submits
printPage() - output the HTML
destroy() - destroy page (close DB connection)
Unfortunately, PHP 4 does not enforce many OOP principles (note that PHP 5 has anew and much more robust object model). You can get everything to work,such as inheritance and polymorphism, but it takes some effort and some faith. For example, there is no concept of method protection so all methods (and attributes for that matter) are made public. Thisis a big no-no when it comes to OOP so a common convention is to prefix all methods that are intended to be private with anunderscore ( _ ) and then take it on faith that the users of the class will not call these methods. Another problem is that we cannot declare the class to be abstract (i.e. we do not want people to declare instances of the base class but rather force them to inherit from it). We can get around this limitation by including the following lines at the top of our constructor (you can read this article for an in-depth analysis of how this works). The code checks to see if the instance of the class is the base class and throws anexception.
复制内容到剪贴板
代码:
if (!is_subclass_of($this,'SystemBase')) {
trigger_error('Base instantiation from non subclass',E_USER_ERROR);
return NULL;}Database Access
引用:
The application framework should provide a clean interface to your data regardless of the type of SQLserver uses. It is also very desirable to have loose coupling between your application and your database backend. So, for example, if you ever decide to change the location of the database or even change the type of SQL server used, you don’t want to have to rewrite all your code. Luckily, someone has already tackled this problem for us and all we have to do is use the PEAR::DB module, which provides a consistent interface to several popular database servers. You can read all about it at the PHP Extension and Application Repository and I recommend reading the following PEAR::DB tutorial as well.
无论使用什么类型的SQL数据库,应用框架都应该对数据提供一个清晰的接口。在应用和数据库后台之间,最好能保持松散的偶合。比如说,如果用户打算要改变数据库的地理位置,或甚至于要改变SQL数据库的类型,你也用不着去改写代码。幸好,已经有人为我们处理好了这些问题了,我们要做的就是使用PEAR::DB模块,它对一些通用的数据库服务器都提供了统一的接口。你可以在”PHP扩展和应用分类“ 里阅读这部分,我建议大家也阅读下面的PEAR::DB辅导部分。
引用:
Assuming that the PEAR::DB module is installed and configured correctly, all we need to have a persistent database connection available in every page is a reference to a PEAR::DB object. We will create this object as a member variable in the System Base class and create the database connection inside the constructor. We already have the necessary constants to build a DNS string and there is also a function in functions.php that returns a pointer to a new PEAR::DB object.
假如PEAR::DB模块已经正确地安装和配置好了,在每一页里需要用到一个持续的数据库连接时,我们要做的就是引用PEAR::DB对象。我们将在系统基类里创建此对象作为一个成员变量,并在构造器里建立数据库的连接。我们已经有了建立DNS字串所需要的常量,并且在 functions.php 里也有一个函数可以返回一个指向新PEAR::DB 对象的指针。
复制内容到剪贴板
代码:
function &db_connect() {
require_once 'DB.php'; //pear db class
PEAR::setErrorHandling(PEAR_ERROR_DIE);
$db_host = DB_HOST;
$db_user = DB_USER;
$db_pass = DB_PASS;
$db_name = DB_NAME;
$dsn = "mysql://$db_user:$db_pass@$db_host/$db_name";
$db = DB::connect($dsn);
$db->setFetchMode(DB_FETCHMODE_ASSOC);
return $db;
}
The function imports the PEAR:DB library if it has not yet been imported, creates a DNS string, and connects to the database. All we have to do now is use this function in the System Base constructor as follows: $this->db = db_connect(); and we are done.
此函数在没有引进PEAR:DB库时予以引进,创建一个DNS字串,并连接数据库。我们要做的就是在系统基类的构架器里像这样:$this->db = db_connect(); 来使用此函数,而我们已经这样做了。
Optimization
You may think it is a bit too early to discuss code optimization at this point since we have yet to implement most of the necessary features. Code optimization is more of an art and I will not go into a line-by-line analyses of how we can achieve the same effect faster. The point here is that we already can tell what the major bottlenecks will be so let’s nip the problem now before its gets out of hand. The most obvious performance loss will be due to the persistent database connection that we establish for each page. In fact, if you make a few timing test to benchmark the performance of the framework you will see that establishing the connection alone take more time than everything else combined. Although it is a necessary evil and we will have to pay that price for it when using the database, not every page in our application will have to connect to the database. In fact, not every page will need toprint out HTML content (i.e. it may just process the request and redirect). So before we go on lets define a few constants for the base class to indicate that we don’t need a database connection or to print the page. You will simply define these constants in pages thatneed them.
也许你会认为现在讨论代码优化还为时太早,因为很多需要的特征还没贯彻。代码优化是一种艺术,我也不会一行一行的去分析怎么取得优化。关键的一点是,现在我们已经可以说出主要的瓶颈是什么,我们如何在其失控之前,把问题处理好。最明显导致效能丧失的是每一页都要用到的数据库的持续连接。
复制内容到剪贴板
代码:
define('NO_DB', 1) if persistent DB connection
is not needed
define('NO_PRINT', 1) if page does not get rendered
Summary
So far, we have laid the foundation for how our application will be haveand how the framework will be used. We established an OOP design for the application, defined some constants and function to expedite routine work, and added database support. Read the next part to see how to manage session data and users.
In part 1, we covered the basic class structure of the framework andlaid out the scope of the project. This part adds session handling toour application and illustrates ways of managing users.
这是PHP应用程序框架设计系列教程的第二部分。在第一部分,我们已经介绍框架的基础类结构,并展示了项目的大体。这一部分,我们将在程序中添加会话处理功能,并演示管理用户的各种方法。
Sessions
会话
引用:
HTTP is a stateless protocol and, as such, does not maintain anyinformation about the connections made to the server. This meansthat, with HTTP alone, the web server cannot know anything about theusers connected to your web application and will treats each pagerequest as a new connection. Apache/PHP gets around this limitation byoffering support for sessions. Conceptually sessions are a fairlysimple idea. The first time a web user connects to the server, he isassigned a unique ID. The web server maintains session information ina file, which can be located using this ID. The user also has tomaintain this ID with each connection to the server. This is typicallydone by storing the ID in a cookie, which is sent back to the server aspart of the typical Request-Response1sequence. If the user does not allow cookies, the session ID can alsobe sent to the server with each page request using the query string(the part of the URL after the “?”). Because the web client isdisconnected, the web server will expire sessions after predefinedperiods of inactivity.
HTTP是一种无状态的协议,正因为如此,它没有包含任何与服务器连接的相关信息。这就意味着,HTTP是孤立的,web服务器并不知道用户与你web程序相连接的任何信息,并且服务器会将每个页面请求视为一个新的连接。Apache/PHP通过提供对会话的支持来避开这一限制。从概念上来说,会话是相当简单的。在一个用户第一次连接到服务器的时候,他被分配一个唯一的ID。web服务器在一个文件中维护会话信息(译注:即把会话信息存储到文件中),于是可以通过这个ID来定位用户信息。用户同样会在每次连接中维护这个ID。最典型的作法,就是将ID存储在cookie中,之后,这个ID会作为请求-应答序列的一部分发回给服务器。如果用户不允许使用cookie,会话ID同样可以在请求每个页面时,通过query字符串(即URL中?以后的部分)发回给服务器。因为web客户端会断开连接,所以web服务器会在一定周期后,使那些不活动的会话信息过期。
引用:
We will not go over configuring Apache/PHP in this article butwill utilize sessions to maintain user information in our application.It is assumed that session support is already enabled and configured onyour server. We will pick up where we left off in part 1 of this serieswhen we described the system base class. You may recall that the firstline in class_system.phpis session_start(), which starts a new user session if none exists ordoes nothing otherwise. Depending on how your server is configured,this will cause the session ID to be saved in the client’s cookie fileor passed as part of the URL. The session ID is always available to youby calling the build in function session_id(). With these tools athand, we can now build a web application that can authenticate a userand maintain the user’s information as he is browsing the differentpages on the site. Without sessions, we would have to prompt the userfor their login credentials every single time they request page.
我们不想在这篇文章中过多地谈论Apache/PHP的配置,除了利用会话来维护用户信息。我们假设会话支持功能已经开启,并在你的服务器上配置好了。我们将直接从本序列教程第一部分谈论系统基础类时,被我们搁在一边的地方谈起。你可能还记得class_system.php的第一行是session_start(),这一句的作用是,如果不存在会话信息,则开始一个新的用户会话,否则不做其他的事情。根据你服务器的配置,开始会话的时候,会话ID会被保存在客户端的cookie里或者作为URL的一部分进行传递。当你调用内建的session_id()函数时,总可以得到会话ID。通过这些工具,我们现在可以建立一个web应用程序,它可以对用户进行验证,并且能够在用户浏览网站不同页面的时候去维护用户的信息。如果没有会话,那么用户每一次请求页面的时候,我们就不得不提醒用户进行登录。
引用:
So what will we want to store in the session? Let’s start withthe obvious like the user’s name. If you take a look at class_user.phpyou will see the rest of the data being stored. When this file is included, the first thing that is checked is whether a user is loggedin (default session values are set if the users id is not set). Notethat the session_start() must have already been called before we start playing with the $_SESSION array which contains all our session data.The UserID will be used to identify the user in our database (whichshould already be accessible after part one of this series). The Rolewill be used to determine whether the user has sufficient privileges toaccess certain features of the application. The LoggedIn flag will beused to determine if the user has already been authenticated and thePersistent flag will be used to determine whether the user wants toautomatically be logged in based on their cookie content.
那么,我们应该在会话中存储什么信息呢?我们一下子就可以想到如用户名这类信息。如果你看一下class_user.php,你会看到其他要存储的数据。(在程序中)include这个文件的时候,首先会检查用户是否登录(如果没有用户id,那么会设置一个默认的会话值)。注意,session_start()必须在我们使用$_SESSION数组之前调用,$_SESSION数组包含所有我们的会话数据。UserID用来标识存储在我们数据库中的用户(如果您已经完成了本系列教程的第一部分,那么这个数据库中的数据应该可以访问了)。Role(角色)是用来检测用户是否有足够的权限去访问程序中的某一部分功能。LoggedIn标识用来检测用户是否通过验证,Persistent标识用来检测用户是否想依靠他们的cookie内容自动进行登录。
复制PHP内容到剪贴板
PHP代码:
//session has not been established
if (!isset($_SESSION['UserID']) ) {
set_session_defaults();
}
//reset session values
function set_session_defaults() {
$_SESSION['UserID'] = '0'; //User ID in Database
$_SESSION['Login'] = ''; //Login Name
$_SESSION['UserName'] = ''; //User Name
$_SESSION['Role'] = '0'; //Role
$_SESSION['LoggedIn'] = false; //is user logged in
$_SESSION['Persistent'] = false; //is persistent cookie set
}
User Data
用户数据
We store all the user data in our database in table tblUsers. Thistable can be created using the following SQL statement (mySQL only).
我们将所有的用户数据存储到数据库的tblUsers表,这个表可以使用下面的SQL语句来创建(仅限MySQL)
复制PHP内容到剪贴板
PHP代码:
CREATE TABLE `tblUsers` (
`UserID` int(10) unsigned NOT NULL auto_increment,
`Login` varchar(50) NOT NULL default '',
`Password` varchar(32) NOT NULL default '',
`Role` int(10) unsigned NOT NULL default '1',
`Email` varchar(100) NOT NULL default '',
`RegisterDate` date default '0000-00-00',
`LastLogon` date default '0000-00-00',
`SessionID` varchar(32) default '',
`SessionIP` varchar(15) default '',
`FirstName` varchar(50) default NULL,
`LastName` varchar(50) default NULL,
PRIMARY KEY (`UserID`),
UNIQUE KEY `Email` (`Email`),
UNIQUE KEY `Login` (`Login`)
) TYPE=MyISAM COMMENT='Registered Users';
引用:
This statement creates a bare-bones user table. Most of the fields are selfexplanatory. We need the UserID field to uniquely identify each user.The Login field, which must also be unique, stores the user's desiredlogin name. The Password field stores the MD5 hash of the user'spassword. We are not storing the actual password for security andprivacy reasons. Instead we can compare the MD5 hash of the passwordentered with the value stored in this table to authenticate the user.The user's Role will be used to assign the user to a permission group.Finaly, we will use the LastLogon, SessionID, and SessionIP fields totrack the user's usage of our system including the last time the userlogged in, the last PHP session ID the user had, and the IP address ofthe user's host. These fields are updated each time the usersuccessfully logs in using the _updateRecord() function in the usersystem class. These fields are also used for security in preventingcross-site scripting attacks.
这个语句建立了一个大概的用户表。大多数字段不言自明。我们用UserID这个字段来唯一标识每个用户。Login字段同样也必须是唯一的,存储用户使用的登录名。Password字段用来存储用户密码的MD5散列值。我们没有存储实际的密码是因为安全和隐私的原因。我们可以拿用户输入的密码的MD5散列值与数据表中的进行对比来验证用户。用户角色用来将用户分配到一个许可组。最后,我们用LastLogon, SessionID和SessionIP字段来跟踪用户对系统的使用情况,包括用户最后登录时间,用户最后使用的会话ID,用户机器的IP地址。用户每次成功登录后,会调用user系统类中的_updateRecord()函数来更新这些字段值。这些字段同时也可以用来保证安全性,保证不受XSS(跨站脚本)攻击。
复制PHP内容到剪贴板
PHP代码:
//Update session data on the server
function _updateRecord () {
$session = $this->db->quote(session_id());
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
$sql = "UPDATE tblUsers SET
LastLogon = CURRENT_DATE,
SessionID = $session,
SessionIP = $ip
WHERE UserID = $this->id";
$this->db->query($sql);
}
Security Issues
Authentication
验证
Now that we understand the various security issues involved, lets lookat the code for authenticating a user. The login() function accepts alogin name and password and returns a Boolean reply to indicatesuccess. As stated above, we must assume that the values passed intothe function came from an untrusted source and use the quote() functionto avoid problems. The complete code is provided below.
现在我们已经了解了各种相关的安全问题,下面我们来看一看验证用户的代码。login()函数接收一个登录名和密码,返回一个Boolean(布尔值)来标明是否正确。正如上面所说的,我们必须假定传入函数中的值是来自于不可靠的来源,用quote()函数来避免问题。完整的代码如下:
复制PHP内容到剪贴板
PHP代码:
//Login a user with name and pw.
//Returns Boolean
function login($username, $password) {
$md5pw = md5($password);
$username = $this->db->quote($username);
$password = $this->db->quote($password);
$sql = "SELECT * FROM tblUsers WHERE
Login = $username AND
Password = md5($password)";
$result = $this->db->getRow($sql);
//check if pw is correct again (prevent sql injection)
if ($result and $result['Password'] == $md5pw) {
$this->_setSession($result);
$this->_updateRecord(); //update session info in db
return true;
} else {
set_session_defaults();
return false;
}
}
To logout, we have to clear the session variables on the server as well asthe session cookies on the client. We also have to close the session.The code below does just that.
用户注销的时候,我们要清理在服务器上的会话变量,还有在客户端的会话cookie。我们还要关闭会话。代码如下:
复制PHP内容到剪贴板
PHP代码:
//Logout the current user (reset session)
function logout() {
$_SESSION = array(); //clear session
unset($_COOKIE[session_name()]); //clear cookie
session_destroy(); //kill the session
}
Inevery page that requires authentication, we can simply check thesession to see if they user is logged in or we can check the user'srole to see if the user has sufficient privileges. The role is definedas a number with the larger numbers indicating more rights. The codebelow checks to see if the users has enough rights using the role.
在每一个页面都要求验证,我们可以简单地检查一下会话,看用户是否已经登录,或者我们可以检查用户角色,看用户是否有足够的权利。角色被定义为一个数字(译者注:即用数字来表明角色),更大的数字意味着更多的权利,下面的代码使用角色来检查用户是否有足够的权利。
复制PHP内容到剪贴板
PHP代码:
//check if user has enough permissions
//$role is the minimum level required for entry
//Returns Boolean
function checkPerm($role) {
if ($_SESSION['LoggedIn']) {
if ($_SESSION['Role']>=$role) {
return true;
} else {
return false;
}
} else {
return false;
}
}
Login/Logout Interface
登录/注销的接口
引用:
Now that we have a framework for handling sessions and user accounts,we need an interface to allow the user to login and out. Using ourframework, creating this interface should be fairly easy. Let us startwith the simpler logout.php page which will be used to log a user out.This page has no content to display to the user and simply redirectsthe user to the index page after having logged him out.
现在我们已经有一个处理会话和用户账号的框架了,我们需要一个接口,这个接口允许用户登录和注销。使用我们的框架,建立这样的一个接口应该是十分简单的。下面我们就从比较简单的logout.php页面开始,这个页面用来注销用户。这个页面没有任何内容展现给用户,只是在注销用户以后,简单将用户重定向到index页面。
复制PHP内容到剪贴板
PHP代码:
define('NO_DB', 1);
define('NO_PRINT', 1);
include "include/class_system.php";
class Page extends SystemBase {
function init() {
$this->user->logout();
$this->redirect("index.php");
}
}
$p = new Page();
引用:
First we define the NO_DB and NO_PRINT constants to optimize the loading time of this page (asdescribed in Part 1 of this series). Now all we have to do is use theuser class to log the user out and redirect to another page in thepage's initialization event.
首先,我们定义NO_DB和NO_PRINT常量来优化加载这个页面的时间(正如我们在本系列教程中第一部分描述的那样)。现在,我们要做的所有事情,就是使用user类来注销用户,并在页面初始化事件中重定向到另外的页面。
引用:
The login.php page will need an interface and we will use the system'sform handling abilities to simplify the implementation process. Details of how this works will be described in Parts 3 and 4 of thisseries. For now, all we need to know is that we need an HTML form thatis linked the application logic. The form is provided below.
这个login.php页面需要一个接口,我们使用系统的表单处理能力简化处理的实现过程。至于这个过程是如何运作的,我们将会在本系列教程的第三和第四部分详细介绍。现在呢,我们所需要知道的全部事情,就是我们需要一个HTML表单,这个表单与应用程序的逻辑相连接。表单代码如下:
复制PHP内容到剪贴板
PHP代码:
<form action="<?=$_SERVER['PHP_SELF']?>" method="POST" name="<?=$formname?>">
<input type="hidden" name="__FORMSTATE" value="<?=$_POST['__FORMSTATE']?>">
<table>
<tr>
<td>Username:
<td><input type="text" name="txtUser" value="<?=$_POST['txtUser']?>"></td>
</tr>
<tr>
<td>Password:
<td><input type="password" name="txtPW" value="<?=$_POST['txtPW']?>"></td>
</tr>
<tr>
<td colspan="2">
<input type="checkbox" name="chkPersistant" <?=$persistant?>>
Remember me on this computer
</td>
</tr>
<tr style="text-align: center; color: red; font-weight: bold">
<td colspan="2">
<?=$error?>
</td>
</tr>
<tr>
<td colspan="2">
<input type="submit" name="Login" value="Login">
<input type="reset" name="Reset" value="Clear">
</td>
</tr>
</table>
</form>
引用:
Now we need the code to log a user in. This code sample demonstrates how touse the system framework to load the above form into a page template,handle the form events, and use the user class to authenticate the user.
现在我们来编写用户登录的代码。这个代码演示了如何使用系统框架将上面的表单加载到一个页面模板中,以及处理表单事件、使用user类来验证用户。
复制PHP内容到剪贴板
PHP代码:
class Page extends SystemBase {
function init() {
$this->form = new FormTemplate("login.frm.php", "frmLogin");
$this->page->set("title","Login page");
if (!isset($_POST['txtUser']) && $name=getCookie("persistantName")) {
$this->form->set("persistant","checked");
$_POST['txtUser']=$name;
}
}
function handleFormEvents() {
if (isset($_POST["Login"])) {
if($this->user->login($_POST['txtUser'],$_POST['txtPW'])) {
if (isset($_POST['chkPersistant'])) {
sendCookie("persistantName", $_POST['txtUser']);
} else {
deleteCookie("persistantName");
}
$this->redirect($_SESSION['LastPage']);
} else
$this->form->set("error","Invalid Account");
}
}
}
$p = new Page();
引用:
Onpage initialization, the form is loaded into the page template, thepage's title is set and the user's login name is pre-entered into theinput field if the persistent cookie is set. The real work happens whenwe handle the form events (i.e. when the user presses a button tosubmit the page). First we check if the login button was clicked. Thenwe use the login name and password submitted to authenticate the user.If authentication is successful, we also set a cookie to remember theusers name for the next time. If the authentication fails, an error isdisplayed on the page.
在页面初始化时,表单被加载到页面模板中,页面的标题已经被设置好,如果有永久的cookie,那么用户的登录名还会被预先输入到输入框中。当我们处理表单的时候,我们就真正有事情要做了(比如:当用户按下一个按钮提交页面)。首先,我们检查登录按钮是否被点击了。然后,我们使用提交过来的登录名和密码来验证用户。如果验证成功,我们同时设置一个cookie来记住用户名以便下次使用。如果验证失败,则会在