Thread: PHP cleanup
View Single Post
Old 19th October 2005, 11:26
till till is online now
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,005
Thanks: 840
Thanked 5,650 Times in 4,460 Posts

Originally Posted by Spum
The code really hasnt been dramatically changed ...
The code was completely rewritten from scratch, the only code that has "survived" is the code from the database wrapper class. Also the scheme how data is parsed and the dataformat for the forms has changed...

What i meant was a complete rewrite of the system, the idea being that all the requests would go through central page parsers, so that everything is handled, and secured through a singular page, which would mean "anonymous" URL's, and direct action logging through the headers being sent to the main page parser.
All requests for forms are handled by a central class. The file is lib/classes/ with the helper class

I assume you've looked at e.g. the user forms, they are written "by hand" because the event based framework was not finished as i needed them.

Currently a form page only includes these lines:

PHP Code:

// Defining the form definition page.
// These pages includes no code, only the definition as PHP array
$tform_def_file "form/test.tform.php";

// Loading classes

// let tform_actions handle the page
I will make a better demo page for this and put it on SVN.
The big plus of this approach is that you dont loose the flexibility and the pages can be extended in an object orientd manner. If you want to e.g. overwrite the form show event handler to add somthing that can not be handled by the base framework and is only needed here, you can add before the onLoad() call:

PHP Code:
class custom_action extends tform_actions {

onShowEnd() {
// Do some custom things here

        // parse template

$app->tform_actions = new custom_action();
With this in place, it'd be so much easier to then put all the other systems in place -> the encryption and whatever. Although, i'm still juggling with the idea which is more secure -> actual accounts within the Operating system, or accounts in Tables, of course, with tables, they could be individually and dynamically encoded, or hashed so there's a security bonus in that, and that their secluded away from the actual system.
I agree with you that there must be a central place where all this is handled for security reasons, and that is why the new framework was developed. If you implement the encryption in the file lib/classes/ it will apply to all form pages automatically. In this class is also the datalog function, this records all the actions taken on the different database tables. You can use it as undo function, security log for the admin and the datalog can also be replayed on an external database.

Hmm, i'll work on it, but at the moment, i'm working on the installer to interactively & automatically download the components after wget is installed, so that the versions are the latest, and that the people don't have to download the entire package with things they may already have installed
This sounds really good. Does the installer then detect also the current version of an installed application in update mode and skips the compilation if it is not newer?

Last edited by till; 19th October 2005 at 11:29.
Reply With Quote