ksmaheshkumar / secplus-php Goto Github PK

=== SEC+ PHP ===

Sec+ is a little library for web development in PHP. It's focused in security
and performance.

Author: i4k   - Tiago Natel de Moura

API Documentation:
http://www.secplus.com.br/secplus-php/doc/html/index.html

SEC+   - http://www.secplus.com.br/
bugsec - http://bugsec.googlecode.com/

Found a bug?
Want to get involved?
Do you have a review/critique?
Tell me: natel *nospam* secplus.com.br

== Documentation ==

=== Installation ===

Create the directory of your project.
$ mkdir /var/www/myportal
$ cd /var/www/myportal

Create the libraries directory with the name you want:
For example:
$ mkdir lib/
$ cd lib/

Get the current SecPlus-PHP library from github:
$ git clone https://github.com/SecPlus/secplus-php.git
$ ls
secplus-php

Go back to the root of your project.
$ cd /var/www/myportal/

Run the SecPlus-PHP shell and type 'y' for the script create a new
configuration file.

$ php lib/secplus-php/secplus.lib.php 
SEC+ Security WebFramework
License:	GNU GPL v2.0
Author:	Tiago Natel de Moura aka i4k <[email protected]>
Linux li351-42 2.6.39.1-x86_64-linode19 #1 SMP Tue Jun 21 10:04:20 2011 x86_64
[-] file 'config.php' not exists or permission denied to open.
[-] we need a configuration file to run scaffolding commands.
[?] You want that we generate the 'config.php' for you? [y/N] y
[+] Config file 'config.php' created with success.
[+] Output: config.php
[+] using 'config.php' for configuration.

For now, we have a project configuration file 'config.php'.
This file contain a Config default class. If you wish customize them for your needs.
After, create a new project based on your configuration.

SEC+> create project
[+] Index created with success.
[+] Output: ./index.php
[-] file './lib' already exists...
[+] [CREATED] ./controller
[+] [CREATED] ./view
[+] [CREATED] ./model
[+] [CREATED] ./model/dao
[+] [CREATED] ./model/vo
[+] Controller 'HomeController created with success.
[+] Output: ././controller/HomeController.php
[+] View 'HomeView created with success.
[+] Output: ././view/HomeView.php
SEC+>

Ok. A basic MVC project was created.

You could test visiting:

http://localhost/myportal/

=== Controllers and Actions ===

Controllers are classes to handle user requests. Every controller have one or
more actions that are the routines for interact with the user.

For example, in a User Manager application, we need a controller to create,
edit, delete and update users. For each operation that the user could activate
need a 'action' in your 'controller' to handle it.

Note that initially SecPlus-PHP create the HomeController.php and HomeView.php
for you. Every method in your controller is a suitable action to be trigged.

http://localhost/myportal/?controller=home&action=view

view is the default action in the default HomeController created. To execute
other action use the parameter 'action' of URL.

http://localhost/myportal/?controller=home&action=user

will execute the action 'user' in controller HomeController. But this action
will be executed ONLY IF this action is listed in the safe_actions property of
the controller.

In your controller:

...
    public function setup() {
        $this->safe_actions[] = 'user';
        $this-=>handleAction();
    }
...

=== Model ===

SecPlus-PHP by default uses the DAO (Data Access Object) to handle with
database operations. The framework have the basic functionalities to
facilitate the development of Models. You could use the SecPlus-PHP shell to
create DAO's and ValueObject's.

Classes DAO is the link between controllers and your database and Value Objects
are classes that represent the records in your database.

For example, if you have the table below:

CREATE TABLE user (
       id INTEGER AUTO_INCREMENT NOT NULL PRIMARY KEY,
       username VARCHAR(255) NOT NULL,
       name VARCHAR(255) NOT NULL,
       pass VARCHAR(255) NOT NULL
);

you could use the shell to generate the models for this table:

SEC+> create dao user
[+] DAO 'UserDAO' created with success.
[+] Output: ././model/dao/UserDAO.php
SEC+>

$ cat ././model/dao/UserDAO.php
<?php

require 'model/vo/User.php';

class UserDAO extends SecPlus\AbstractModel {
    
}

SEC+> create valueobject user
[+] ValueObject 'User' created with success.
[+] Output: ././model/vo/User.php
SEC+> ^C
$ cat ././model/vo/User.php
<?php

class User extends SecPlus\ValueObject {

}

As you can see, the DAO and ValueObject does not have any real information of
the user table in your database, but SecPlus-PHP has a few automagic methods to
get, save, update and delete records in this table.

Before use SecPlus-PHP Models you need adjust your configurations in the
Config class.

-- config.php
...

    public function setup() {
    ...
        $this->dbHost = '127.0.0.1';
        $this->dbUser = 'portal';
        $this->dbPass = '_s3cr3t_';
        $this->dbDatabase = 'secplus-php-portal';
    }
...

For interact with database see below:

-- HomeController.php

...
    public function view() {
           require('model/vo/User.php');
           $user = new User();
           $user->name = 'Tiago Natel de Moura';
           $user->username = 'i4k';
           /* please, dont use md5() for hash passwords in production ...  */
           $user->pass = md5('_s3cr3tp4ss_' . $this->config->getSalt());

           /* Instantiate the DAO class */
           $userDAO = new UserDAO();

           /* save/insert the User in database */
           if ($userDAO->save($user)) {
              print "User {$user->username} saved successfully.<br>\n";
           }

           unset($user);

           /* Get the record previously saved. */
           $user = $userDAO->get(1);
           print_r($user);

           /* Update the user */
           $user->username = '_i4k_';
           if($userDAO->update($user)) {
               print "User {$user->username} updated successfully.<br>";
           }

           /* delete the User with id 1 */
           $userDAO->delete(1);
    }
...

This is the basic concept about SecPlus-PHP framework.

This is a little framework that I've been using to develop web projects. It
implements the basic needs for a web framework. It is ridiculous simple, this
is possible because of the new features in PHP 5.*. This is still a early
stage project in active development. Various features need to be implemented,
feel free to contribute.

I don't have much time to write documentation, but if you really need more
information or you like the project and want to get involved, send me an email.

natel *nospam* secplus.com.br

;)
hack the world!
i4k