documentation.txt

PHPLOB注释详细版 使用模板技术的好帮手 PHP最有用的东东了

     SStteepp 88
        Access the "/" URL of your web server with cookies enabled. If
        no index.html is present, index.php3 will be displayed.  If you
        reload that page, the number shown must increment.  Access your
        database with the mysql command client and select * from
        active_sessions. Check that there is a single session record for
        your browser and see how the text in val changes when you reload
        the page and select * from active_sessions again. If this works,
        the session class is functional with cookie mode.


     SStteepp 99
        Now access showoff.php3. Try to login as kris, password test.
        Check active_sessions again. You now should have a
        Example_Session entry (see the name column) and a Example_User
        entry in your table. Both should increment on reload.


     SStteepp 1100
        Try again with cookies disabled. You should get a new session
        (the cookie is lost) and you should be able to see your session
        id as the get parameter part of your URL.



  11..44..  UUssiinngg ccoorree ffeeaattuurreess ooff PPHHPPLLIIBB

  Many applications don't use PHPLIB's advanced features, but see PHPLIB
  as a convenient way to protect pages or functionality with passwords.
  This section covers such core functionality usage of PHPLIB.


     CCuussttoommiizziinngg tthhee llooggiinn ssccrreeeenn
        Edit loginform.ihtml in the include directory to suit your
        needs.


     CCuussttoommiizziinngg tthhee ppeerrmmiissssiioonn lleevveellss
        Edit local.inc and change the class Example_Perm to enumerate
        your permissions. Your users in auth_user must have one or more
        comma separated permission names from that list. Edit
        perminvalid.ihtml for a suitable error message.


     CCrreeaattiinngg NNeeww UUsseerrss
        Use new_user.php3 from the pages/admin directory of the
        distribution. If you followed the installation instructions, it
        should be available under the /admin URL of your web server.

        To manually create a user, run print md5(uniqid("some magic
        string") to get a user id. insert into auth_user values ( "that
        userid", "username", "password", "permissions");.


     CCrreeaattiinngg aann uunnpprrootteecctteedd sseessssiioonn ppaaggee
        Begin that page with



          ___________________________________________________________________
          <?php page_open(array("sess" => "Example_Session")); ?>
          ___________________________________________________________________




     End that page with



          ___________________________________________________________________
          <?php page_close(); ?>
          ___________________________________________________________________





     CCrreeaattiinngg aa pprrootteecctteedd sseessssiioonn ppaaggee
        Begin that page with



          ___________________________________________________________________
          <?php
            page_open(
              array("sess" => "Example_Session",
                    "auth" => "Example_Auth",
                    "perm" => "Example_Perm"));
            $perm->check("desired protection");
          ?>
          ___________________________________________________________________




     and end that page with



          ___________________________________________________________________
          <?php page_close(); ?>
          ___________________________________________________________________



     CCrreeaattiinngg pprrootteecctteedd ffuunnccttiioonnaalliittyy
        Begin that page with



          ___________________________________________________________________
          <?php
            page_open(
              array("sess" => "Example_Session",
                    "auth" => "Example_Auth",
                    "perm" => "Example_Perm"));
          ?>
          ___________________________________________________________________




     and end that page with



          ___________________________________________________________________
          <?php page_close(); ?>
          ___________________________________________________________________




     Enclose the protected functionality in



          ___________________________________________________________________
          <?php
            if ($perm->have_perm("desired protection")):
          ?>
          Put protected HTML or PHP here
          <?php
            endif
          ?>
          ___________________________________________________________________




     _N_o_t_e_: desired protection is any combination of permissions from
     Example_Perm. Using the default values from Example_Perm, "user",
     "user,author" or "admin" are all valid sample values. A user can
     access a page, if that user has all permissions that are being
     requested in a $perm->check() or $perm->have_perm() call.

     _N_o_t_e_: Users can have multiple permission in their perms column of
     auth_user. A user with perms "user,author,editor" can access all
     pages requesting any combination of these permissions.

     _N_o_t_e_: Don't use spaces. "user,author,editor" works.  "user, author,
     editor" does not.

     _N_o_t_e_: If $auth->auth["uid"] is set on a protected page _a_n_d if (time
     < auth->auth["exp"]), then and only then the authentication is
     valid. You may then use $auth->auth["uname"] as the user name,
     $auth->auth["uid"] as a unique user id and $auth->auth["perm"] for
     the current permissions of that user. Actually, you never want to
     touch $auth->auth["perm"] manually, but use $perm->have_perm("...")
     for that.

     GGeettttiinngg aa ggrriipp oonn PPHHPPLLIIBB
        Read on. Then read the source. Read it again -
        Session->serialize() and Auth->start() are ugly. Get a CVS
        account. Contribute. Become famous. Buy a ferrari.

        _N_o_t_e_: You want to understand what registered variables are.  You
        want to understand in what order form variables and session
        variables are imported into your page. You want to understand
        how to copy values from form values into session values without
        killing yourself. You do not want to make form variables
        persistent, ever. Then you will live happily thereafter...



  11..55..  TTeessttiinngg


  These instructions apply to PHPLIB running with CGI PHP. Most of them
  is valid for mod_php as well, though. This section offers an
  incremental approach to find installation problems, should the above
  installation process fail.

  We do have a support mailing list available under the address
  phplib@lists.netuse.de. To subscribe to the list, send the command
  subscribe to the address phplib-request@lists.netuse.de.


     CChheecckkiinngg tthhaatt tthhee wweebb sseerrvveerr iiss uupp aanndd rruunnnniinngg
        Make sure your web server is up and serving the virtual host you
        just set up. To do this, construct a small file test1.html in
        your DocumentRoot and access test1.html through your web server.


     CChheecckkiinngg tthhaatt tthhee wweebb sseerrvveerr iiss eexxeeccuuttiinngg CCGGII pprrooggrraammss
        Make sure your web server is up and does run CGI. Check the
        current directory, the UID/GID it is running programs under and
        have a look at the environment variables. Install the shell
        script



          ___________________________________________________________________
          #! /bin/sh --

          echo "Content-Type: text/plain"
          echo
          id
          echo
          pwd
          echo
          env | sort
          echo
          ___________________________________________________________________




     in your cgi directory under the name of cgi-test and in your
     document root under the name of cgi-test.cgi. Make it executable.
     Try to access /cgi/cgi-test?par1=one&par2=two and /cgi-
     test.cgi?par1=one&par2=two and check the output. What UID/GID are
     you running under, what is the output of pwd and what environment
     variables are set? What does QUERY_STRING look like? What does the
     PATH variable look like, what does the LD_LIBRARY_PATH variable
     look like and are all libraries needed by PHP accessible to PHP
     running in the CGI environment (Check by running the Unix ldd
     command on PHP).

     In particular, if you built Oracle support into PHP and linked
     libclntsh dynamically: Can it be loaded from the CGI environment?
     If not, PHP will not come up later in the next step.


     CChheecckkiinngg tthhaatt tthhee PPHHPP iinntteerrpprreetteerr iiss rruunnnniinngg ((AAssssuummiinngg CCGGII
        PHP)" Copy your PHP binary into the cgi binary directory (which
        should NOT be below DocumentRoot!) and make it executable. Copy
        php3.ini into the same directory. In DocumentRoot, create a
        test2.php3 and put <?php phpinfo() ?> into it.

        Are you running Apache? Add



          ___________________________________________________________________
          Action       php3-script /cgi/php
          AddHandler   php3-script .php3
          DirectoryIndex index.php3 index.html index.htm
          FancyIndexing on
          ___________________________________________________________________




     to your config. This will map all requests to files ending in .php3
     to the php3-script handler and define /cgi/php as the URL handling
     php3-script requests internally.

     Request /test2.php3 and see that it is being executed.  Make
     changes to your php3.ini (preferable some color definitions) and
     reload. Are they reflected in the output of phpinfo()? If not, your
     php3.ini is not being found and your are having a problem.
     Recompile with proper settings.

     Check the output of phpinfo() carefully! Is your PHP version
     current (We have tested and developed this release with PHP
     3.0.12)? Are your database interfaces present in the output of
     phpinfo()? If not, recompile again.

     Can you access /test2.php3 under the URL /cgi/php/test2.php3 as
     well? If so, you did not compile your PHP interpreter with
     --enable-force-cgi-redirect.  PHPLIB will not work with this
     interpreter. Recompile with the switch being set.


     PPHHPP iinntteerrpprreetteerr ((AAssssuummiinngg mmoodd__pphhpp))

        Assuming your server is already correctly setup (don't forget to
        activate the PHP lines in srm.conf!), enter the following file
        and save it as test2.php3 under your DocumentRoot.



          ___________________________________________________________________
          <? phpinfo() ?>
          ___________________________________________________________________




     If you access this using a web browser now, it should spit out much
     info about PHP, Apache and its environment.

     CChheecckkiinngg PPHHPPLLIIBB iinncclluussiioonn
        Does you PHP include PHPLIB properly? Check your php3.ini file.
        It must include the following settings:



          ___________________________________________________________________
          include_path = pathname to directory with all the .inc files
          auto_prepend_file = path to prepend.php3
          track_vars = On
          ___________________________________________________________________




     It should contain the following settings, too:



          ___________________________________________________________________
          magic_quotes_gpc = On
          ___________________________________________________________________




     If PHPLIB is included properly by your setup, the following page
     will execute without errors:



          ___________________________________________________________________
          <?php
          $db = new DB_Example;
          print "It works without error messages.<br>\n";
           ?>
          ___________________________________________________________________





     CChheecckkiinngg ddaattaabbaassee ccoonnnneeccttiivviittyy
        PHPLIB installation requires that you adapt local.inc properly.
        Particularly, the provided class DB_Example must be customized
        for your database connection. Test that your web server can
        access the database with the following page: