168 Creating a User Administration Application.. 186 Testing the user management application.. 187 Creating a User Password Application.. 238 Testing the Intranet Home Application.. 248
Trang 2Preface vii
Acknowledgments xi
Part I Designing PHP Applications Chapter 1 Features of Practical PHP Applications 3
Features of a Practical PHP Application 3
Employing the Features in Applications 5
Creating object-oriented design 5
Using external HTML templates 5
Using external configuration files 11
Using customizable messages 14
Using relational database 21
Using portable directory structure 22
Using access control 24
Summary 24
Chapter 2 Understanding and Avoiding Security Risks 25
Identifying the Sources of Risk 25
Minimizing User-Input Risks 26
Running external programs with user input 26
Getting user input in a safe way 30
Using validation code 35
Not Revealing Sensitive Information 38
Summary 40
Chapter 3 PHP Best Practices 41
Best Practices for Naming Variables and Functions 41
Best Practices for Function/Method 43
Returning arrays with care 43
Simplifying the function or method argument list order issue 45
Best Practices for Database 47
Writing good SELECTstatements 47
Dealing with missing data 48
Handling SQL action statements 49
Best Practices for User Interface 54
Avoiding HTML in application code 54
Generating HTML combo lists in application code 55
Reducing template code 58
Best Practices for Documentation 59
xv
Trang 3Best Practices for Web Security 60
Keep authentication information away from prying eyes 60
See your errors before someone else does 61
Restrict access to sensitive applications 61
Best Practices for Source Configuration Management 61
Summary 62
Part II Developing Intranet Solutions Chapter 4 Architecture of an Intranet Application 65
Understanding Intranet Requirements 65
Building an Intranet Application Framework 67
Using an HTML template-based presentation layer 68
Using PHP Application Framework components 68
Business logic 69
Relational database 69
Creating a Database Abstraction Class 71
Creating an Error Handler Class 81
Creating a Built-In Debugger Class 85
Creating an Abstract Application Class 91
Creating a Sample Application 113
Summary 119
Chapter 5 Central Authentication System 121
How the System Works 121
Creating an Authentication Class 124
Creating the Central Login Application 127
Creating the Central Logout Application 138
Creating the Central Authentication Database 146
Testing Central Login and Logout 148
Making Persistent Logins in Web Server Farms 149
Summary 155
Chapter 6 Central User Management System 157
Identifying the Functionality Requirements 157
Creating a User Class 158
User Interface Templates 168
Creating a User Administration Application 168
Configuring user administration applications 181
Configuring user administration application messages 186
Configuring user administration application error messages 186
Testing the user management application 187
Creating a User Password Application 190
Creating a Forgotten-Password Recovery Application 194
Designing the forgotten-password recovery application 195
Implementing the forgotten-password recovery application 197
Testing the forgotten-password recovery application 201
Summary 202
xvi Contents
Trang 4Chapter 7 Intranet System 203
Identifying Functionality Requirements 203
Designing the Database 204
Designing and Implementing the Intranet Classes 207
Messageclass 207
ActivityAnalyzerclass 213
Creating theIntranetUserclass 217
Setting Up Application Configuration Files 219
Setting Up the Application Templates 222
Intranet Home Application 223
MOTD manager application 225
Access reporter application 230
Admin access reporter application 233
Daily logbook manager application 236
User tip application 237
User preference application 237
Installing Intranet Applications from the CD-ROM 238
Testing the Intranet Home Application 240
Changing user preferences 242
Checking user access logs 242
Writing a message to other users 244
Summary 245
Chapter 8 Intranet Simple Document Publisher 247
Identifying the Functionality Requirements 247
The Prerequisites 248
Designing the Database 248
The Intranet Document Application Classes 250
The Category class 251
The Doc class 255
The Response class 258
Setting Up Application Configuration Files 261
The main configuration file 261
The messages file 266
The errors file 267
Setting Up the Application Templates 267
The Document Publisher Application 268
The document index display application 278
The document details application 280
The document response application 281
The document view list application 282
Installing Intranet Document Application 283
Testing Intranet Document Application 285
Creating a new category 286
Adding a new document 288
Summary 292
Trang 5Chapter 9 Intranet Contact Manager 293
Functionality Requirements 293
Understanding Prerequisites 294
The Database 294
The Intranet Contact Manager Application Classes 297
The Categoryclass 298
The Contactclass 302
The Application Configuration Files 308
The main configuration file 308
The messages file 312
The errors file 312
The Application Templates 312
The Contact Category Manager Application 313
The Contact Manager Application 317
Installing Intranet Contract Manager 323
Testing Contract Manager 325
Adding categories 326
Adding a contact 328
Searching for a contact 329
Sending e-mail to a contact 330
Searching for contacts in a subcategory 330
Summary 333
Chapter 10 Intranet Calendar Manager 335
Identifying Functionality Requirements 335
Understanding Prerequisites 336
Designing the Database 336
The Intranet Calendar Application Event Class 337
The Application Configuration Files 343
The main configuration file 344
The messages file 347
The errors file 347
The Application Templates 348
The Calendar Manager Application 348
The Calendar Event Manager Application 350
Installing the Event Calendar on Your Intranet 353
Testing the Event Calendar 354
Adding a new event 355
Modifying an existing event 356
Viewing an event reminder 356
Summary 358
Chapter 11 Internet Resource Manager 359
Functionality Requirements 359
Understanding the Prerequisites 360
Designing the Database 360
CATEGORY table 360
RESOURCE table 360
xviii Contents