Your own template-engines...

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

NoReason
Forum Commoner
Posts: 51
Joined: Tue Sep 10, 2002 6:19 pm

Post by NoReason »

I appolgize for my lack of lingo, but I do understand were you going with your framework.

Questions though;
how do you deal with query data?
IE: iteration through the returned dataset, creation of dynamic html reporting.

you mentioned that you are going to add the url to your response document to lock what can be displayed. I would assume there would a navigation document with conditional statements set to remove or add components. And for me this would require a query to obtain what elements/modules/ and functions they would have access to.

Which brings up another question, currently I have a navigation system that works thusly;

<a href id="NameOfLink" value="NavigationValue" onClick="Navigate(this.value);">Text</a>

the javascript sets a value to a hidden form textbox with its own value which in turn corrisponds to a fixed navigation value on the proccessng page which sets $_SESSION info with the new document to be displayed.

so; click ; set value to form box; java script document.form.submit() to proccessing page; new values are set for the new page; header("location") redirects back to the main page and displayes new content.

That is the basic navigation.. It also includes some actions that require modifaction to session information, but not content.

Have to remember, I am trying to stay away from getvariables do to security concerns (i know it doenst solve it 100%).

And to be honest the navigation system was the most painfull part to get working right..
User avatar
greenhorn666
Forum Commoner
Posts: 87
Joined: Thu Aug 14, 2003 7:14 am
Location: Brussels, Belgium

Post by greenhorn666 »

I'm afraid I don't get your point!
Data used for display is set by the controller inside the HttpResponse object...
So you could easely use your onClick (While I would add a href="#" for weird browsers or is that like the "question mark" "greater than" at the end of my <?xml version... declaration that get strips by this none MVC forum lol!) passing a post var to the controller, let's call it show.html
Depending on the var it sets the objects inside the HttpResponse object and uses a particular .xsl template for layout (like NavigationValue.xsl ie). And no need for redirecting anymore...

But, on a side note, your post var thing doesn't resolve any sercurity issue at all! It's the m$ way of security thru obscurity, I'm afraid!

It's up to your controller to determine if the value for the NavigationValue is acceptable for that particular user...

Cause I didn't say I'd add the request url to lock what can be displayed but to ease the decision on context sensitiv menus; but again I wonder if that should be the controller that sets, let's say an array with keys being the menu and values being boolean, for like $menu["userLogin"] = (true|false) and depending on that displaying the user menu on the say left menu column.

Let's get back to your authorisation level idea you brought.
your could compare the $_SESSION["registeredUser"]->level to the level of authorisation required by the page's content. You could define that in an Array, or in the hypothetic class of the page...

As I see it, I guess you came up with a single file deciding on params what content to display. Like show.html?page=userlist. I don't really see the point, but I guess you had one to do so...
The post thing is imho solving no problem what so ever, but rather adds complexity to the whole thing. It's all a bit unclear in my mind. I believe that the problem you solved could have been solved some other way, but since I don't really get the reason you came up with that solution, it's hard to say my framework could be of any help...

Does the above relates to your situation?
NoReason
Forum Commoner
Posts: 51
Joined: Tue Sep 10, 2002 6:19 pm

Post by NoReason »

Man I wish I could explain things better :) .. I feel like such a dunce somtimes.

And yes it is security through obsurity in a way .. but I do have a second layer of verification that will not allowed any malformed requests to pass.

To explain my methodology I would need a white board and a marker me thinks..

But yes I do a User class that stores bollean values for each possible element that would require a certain security level to view.. However I am taling a bit further by creating a grainular access based on specific values in a database..

$_SESSSION['UserObject']->LoadSecurityElements();

That function, once authentication was complete, would load an associative array in the user class with bollean values indicating what eleemts/functions/moduls they have access to.

$_SESSSION['UserObject']->Security['Modules']['AccountManagment'] = [yes|no]

$_SESSSION['UserObject']->Security['Elements']['ModifyPasswordSelf'] = [yes|no]

And so and so forth through all the possible elements/modules/functions.
Its acualy very fast and works really well when checking for permisions from the fron end..

if( $_SESSSION['UserObject']->CheckSecurity('Elements','ModifyPasswordSelf') )
echo $HTML_ELEMENT;
else
echo $SOME_DENY_ACCESS;

And yes I agree the navigation could be solved in some other manner, and I am welcome to suggestions. Get variables will probaly be the response I would imagine.. But a previous model i had for navigation is very similar to the one I am using now.. However each link was a form button, that submited to a proccessing page. The proccessing page would look at the post and see that they selected Account Managment, set the $_SESSION['UserData']->SetCurrentPage($SUBMITED_VALUE); and redirect them back to the main index page with the new document being displayed.

---|----------
N |Header
|----------
A |Content
|---------
V |Footer
---|---------

Content displayed by $_SESSION['UserData']->DisaplyContent();

Each content page is coded totaly seperate and based off of a simple template.. However because each app requires some specific functionality, there is no generic way to contruct them at present.
User avatar
greenhorn666
Forum Commoner
Posts: 87
Joined: Thu Aug 14, 2003 7:14 am
Location: Brussels, Belgium

Post by greenhorn666 »

Heh...
Now I think I got it all, and can answer you with the positiv:
"Yes, you could handle all that with the framework I am developping"

Even the "twisted" (sorry ;) ) post var thing... It would only require to code a class Page, that gets initiated with a param $Submitted_Value for the page to display, then it would instanciate an aggregate links object with links, services (that could yet be another aggregate) depending on the users authentication and security level (the array of boolean inside the user's session object).
So that way you would have your object representing the data of the page, including aggregate object(s?) with the links and services available (and not available if needed).
Depending on the requested page, the controller that instantiated those objects, will choose an xsl template file to represent the data.
That template would look about links and services availability to that particular user and act à la this forum's management:

Code: Select all

You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum

while:

You can not delete your posts in this forum
You can not vote in polls in this forum
In addition to put available links at appropriate places on the page in order to give the user to access to his available services.

On click, he will hand the controller back control that would check again, that he has access to that service, so that if he manually went to the url:

controller.html?action=delete&post=15556

He would be redirected to a general "No provilige for that action" error page.

While:

controller.html?action=edit&post=15556
Would simply see that he has rights to edit the post, hence instantiate the object, links and services, choose the right xsl template (like /forum/post/edit.xsl) to transform the objects in HTML for the user's browser...

So you could simply define a array with available services giving this XML:

Code: Select all

<services>
   <forum>
      <post />
      <reply />
      <edit />
   </forum>
<!-- ... snip ... -->
</services>
And have in your template:

Code: Select all

<xsl:if test="services/forum/edit">
   <a><xsl:attribute name="href">?action=edit&post=<xsl:value-of select="id" /></xsl:attribute>Edit post</a>
</xsl:if>

You <b>can <xsl:if test="not(services/forum/edit)">not </xsl:if></b> your posts in this forum

Is that some answer concerning my framework and your situation?
NoReason
Forum Commoner
Posts: 51
Joined: Tue Sep 10, 2002 6:19 pm

Post by NoReason »

Well thats greta news .. I have been trying to develop my own framework for sometime now.. I have a methodology, but nothing to contain it.

I look forward to your finished product :)
User avatar
greenhorn666
Forum Commoner
Posts: 87
Joined: Thu Aug 14, 2003 7:14 am
Location: Brussels, Belgium

Post by greenhorn666 »

I've posted on another topic that link:
http://lily.itresolved.org/

There is something there already yet, while still waiting for a few important stuff:
- Doc
- Demo App
- CVS on sf.net
fjonte
Forum Newbie
Posts: 2
Joined: Wed Dec 18, 2002 9:00 am

Post by fjonte »

Post Reply