◆ For each of those forms the AccessControlobject is used to check whether the request IP is allowed to access the form.. ◆ In case of modifyand delete, the AccessControlobject is used t
Trang 1Creating the Tell-a-Friend Main Menu Manager Application
This application, taf_mngr.php, is responsible for managing the main menu of the system This application is included on the CD-ROM in the ch13/appsdirectory
It implements the following functionality:
◆ Allows every user to create messages and forms
◆ Allows users from authenticated IP addresses to delete or modify forms or messages
◆ Allows users from authenticated IP addresses to view the form report
This application has the following methods
run()
When the application is run, this method is called It simply calls the displyTAFMenu()method to render the main menu for the system
displayTAFMenu()
This method is responsible for showing the main menu according to the privileges based on the IP address of the client It works in the following manner:
◆ A menu template (TAF_MENU_TEMPLATE) is loaded in a template object called $template
◆ All the form names and form IDs of the database are loaded in the array
$frms
◆ For each of those forms the AccessControlobject is used to check whether the request IP is allowed to access the form If the check result is yes, then the form name is showed in the list to the user for him to mod-ify, delete, or view a report
◆ Similarly, all the messages are loaded in an array and the AccessControl object is again used to verify the request IP’s eligibility to access the mes-sage and the mesmes-sage list is prepared thereby
◆ After preparing the message list and the form list and setting all the links for deletion, modification, and report for the messages or forms, the tem-plate is parsed and printed to the user
Trang 2Creating a Tell-a-Friend Form Manager Application
This application, taf_form_mngr.php, is responsible for managing forms This application is included on the CD-ROM in the ch13/appsdirectory
It implements the following functionality:
◆ Allows any user to add a new form
◆ Allows users from authenticated IP addresses to delete or modify selected forms
This application has the following methods
run()
When the application is run, this method is called It does the following:
◆ First it retrieves the $cmdvalue from the user request
◆ Depending on the $cmdvalue, different methods are called
◆ When the $cmdis addor modify, it calls the addModifyDriver()method with the appropriate mode (addor modify)
◆ And when the $cmdis delete, it calls the deleteForm()method to delete the form
authorize()
This method checks whether the IP address from where the user is accessing the application is an authorized one This is how it works:
◆ This application allows everyone to add forms So when the request $cmd
is add, it directly returns true
◆ In case of modifyand delete, the AccessControlobject is used to verify whether the request IP is allowed to access the given form It returns TRUE
or FALSEdepending on the verification result
addModifyDriver()
This method is responsible for driving the add/modify procedure Depending on the hidden form value $step, it decides whether to call the add/modify menu rendering method, displayAddModifyMenu(), or the add/modify method, addModifyForm() Both the methods are called with the proper mode (addor modify)
Trang 3This method is used to show the menu for adding or modifying forms It works as follows:
◆ If the method is called with mode modify, it first checks whether the form
ID has been supplied or not In case of no form ID, the method shows an alert message and returns null
◆ Otherwise, all the previous information of the given form is retrieved and loaded in variables for later usage, to preload the modification Web form while showing to the user In this case, the AccessControlobject is used
to retrieve the authorized and banned IPs for the form
◆ Then a form setup template (TAF_FRM_SETUP_TEMPLATE) is loaded in a template object called $template
◆ For loading different message lists in the Web form, the Messageobject’s getAllMessages()is used and then filtered using the AccessControl object’s isAccessAllowed()method
◆ At the end, the template is parsed and printed to the user to give her a Web form to add or modify forms
addModifyForm()
This method is used to add or modify forms It works as follows:
◆ First, it checks whether the date range given for the form (the activation and termination date) is a valid one or not If not, the method shows an alert message and returns null
◆ Then it prepares the $paramsarray with all the form field values from the user request
◆ Then it creates an object of AccessControlto add or modify the access to the form
◆ When the mode for the method is addthe paramsarray is fed into the addForm()method of the Formclass to add the new form If the addition fails, the method shows a failure message and returns
◆ If the addition operation is successful, the authorized and denied IPs are added to the database using the addAccessIPs()and addDeniedIPs() methods of the AccessControlclass Then a successful addition message
is shown to the user
◆ When the mode for the method is modify, the $paramsarray is fed into the modifyForm()method of the Formclass to update the given form If the update fails, the method shows a failure message
Trang 4◆ If the update operation is successful, the authorized and denied IPs are added to the database using the addAccessIPs()and addDeniedIPs() methods of the AccessControlclass after deleting the previous IPs And then a successful update message is shown to the user
deleteForm()
This method is used for deleting forms This works as follows:
◆ First, it checks whether the form ID has been supplied or not If not, it shows an alert message and returns null
◆ Then a new Formobject, $frmObj, is created and the deleteForm() method of $frmObjis used to delete the form
◆ If the deletion succeeds, the AccessControlclass is used to delete the related IPs from the authorized and banned tables for the form
◆ At the end, a status message is shown depending on the outcome of the deletion operation
Creating a Tell-a-Friend Message Manager Application
This application, taf_msg_mngr.php, is responsible for managing all messages for the system This application is included on the CD-ROM in the ch13/appsdirectory
It implements the following functionality:
◆ Allows any user to add a new message
◆ Allows users from authenticated IP addresses to delete or modify the selected message
This application has the following methods
run()
When the application is run, this method is called It does the following:
◆ First, it retrieves the $cmdvalue from the user request
◆ Depending on the $cmdvalue, different methods are called
Trang 5◆ When the $cmdis addor modify, it calls the addModifyDriver()method with the appropriate mode (addor modify)
◆ And when the $cmdis delete, it calls the deleteForm()method to delete the form
authorize()
This method checks whether the IP address (where the user is accessing the applica-tion from) is an authorized one This is how it works:
◆ This application allows everyone to add messages So when the request
$cmdis add, it directly returns true
◆ In case of modifyand delete, the AccessControlobject is used to verify whether the request IP is allowed to access the given message It returns TRUEor FALSEdepending on the verification result
addModifyDriver()
This method is responsible for driving the add/modify procedure Depending on the hidden form value $step, it decides whether to call the add/modify menu rendering method, displayAddModifyMenu(), or the add/modify method, addModifyMessage() Both the methods are called with proper mode (addor modify)
displayAddModifyMenu()
This method is used to show the Web form for adding or modifying forms It works
as follows:
◆ If the method is called with mode modify, it first checks whether the mes-sage ID has been supplied or not In case of no mesmes-sage ID, the method shows an alert message and returns null
◆ Otherwise, all the previous information of the given message is retrieved and loaded in variables for later usage, to preload the modification Web form while showing to the user In this case, the AccessControlobject is used to retrieve the authorized IPs for the message
◆ Then a message setup template (TAF_MSG_SETUP_TEMPLATE) is loaded in a template object called $template
◆ The different form fields required for adding or modifying a message are prepared
◆ At the end, the template is parsed and printed to the user to give her a Web form to add or modify messages