diff options
Diffstat (limited to 'demos/blog-tutorial/samples/day5/blog/protected')
16 files changed, 632 insertions, 632 deletions
| diff --git a/demos/blog-tutorial/samples/day5/blog/protected/BlogErrorHandler.php b/demos/blog-tutorial/samples/day5/blog/protected/BlogErrorHandler.php index 56b71f8a..e8908ba7 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/BlogErrorHandler.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/BlogErrorHandler.php @@ -1,40 +1,40 @@ -<?php
 -
 -Prado::using('System.Exceptions.TErrorHandler');
 -Prado::using('Application.BlogException');
 -
 -class BlogErrorHandler extends TErrorHandler
 -{
 -	/**
 -	 * Retrieves the template used for displaying external exceptions.
 -	 * This method overrides the parent implementation.
 -	 */
 -	protected function getErrorTemplate($statusCode,$exception)
 -	{
 -		// use our own template for BlogException
 -		if($exception instanceof BlogException)
 -		{
 -			// get the path of the error template file: protected/error.html
 -			$templateFile=Prado::getPathOfNamespace('Application.error','.html');
 -			return file_get_contents($templateFile);
 -		}
 -		else // otherwise use the template defined by PRADO
 -			return parent::getErrorTemplate($statusCode,$exception);
 -	}
 -
 -	/**
 -	 * Handles external error caused by end-users.
 -	 * This method overrides the parent implementation.
 -	 * It is invoked by PRADO when an external exception is thrown.
 -	 */
 -	protected function handleExternalError($statusCode,$exception)
 -	{
 -		// log the error (only for BlogException)
 -		if($exception instanceof BlogException)
 -			Prado::log($exception->getErrorMessage(),TLogger::ERROR,'BlogApplication');
 -		// call parent implementation to display the error
 -		parent::handleExternalError($statusCode,$exception);
 -	}
 -}
 -
 +<?php + +Prado::using('System.Exceptions.TErrorHandler'); +Prado::using('Application.BlogException'); + +class BlogErrorHandler extends TErrorHandler +{ +	/** +	 * Retrieves the template used for displaying external exceptions. +	 * This method overrides the parent implementation. +	 */ +	protected function getErrorTemplate($statusCode,$exception) +	{ +		// use our own template for BlogException +		if($exception instanceof BlogException) +		{ +			// get the path of the error template file: protected/error.html +			$templateFile=Prado::getPathOfNamespace('Application.error','.html'); +			return file_get_contents($templateFile); +		} +		else // otherwise use the template defined by PRADO +			return parent::getErrorTemplate($statusCode,$exception); +	} + +	/** +	 * Handles external error caused by end-users. +	 * This method overrides the parent implementation. +	 * It is invoked by PRADO when an external exception is thrown. +	 */ +	protected function handleExternalError($statusCode,$exception) +	{ +		// log the error (only for BlogException) +		if($exception instanceof BlogException) +			Prado::log($exception->getErrorMessage(),TLogger::ERROR,'BlogApplication'); +		// call parent implementation to display the error +		parent::handleExternalError($statusCode,$exception); +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/BlogException.php b/demos/blog-tutorial/samples/day5/blog/protected/BlogException.php index fd17fc84..946a1bfe 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/BlogException.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/BlogException.php @@ -1,7 +1,7 @@ -<?php
 -
 -class BlogException extends THttpException
 -{
 -}
 -
 +<?php + +class BlogException extends THttpException +{ +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/BlogUser.php b/demos/blog-tutorial/samples/day5/blog/protected/BlogUser.php index 6b9e0a23..4f094a0c 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/BlogUser.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/BlogUser.php @@ -1,59 +1,59 @@ -<?php
 -
 -// Include TDbUserManager.php file which defines TDbUser
 -Prado::using('System.Security.TDbUserManager');
 -
 -/**
 - * BlogUser Class.
 - * BlogUser represents the user data that needs to be kept in session.
 - * Default implementation keeps username and role information.
 - */
 -class BlogUser extends TDbUser
 -{
 -	/**
 -	 * Creates a BlogUser object based on the specified username.
 -	 * This method is required by TDbUser. It checks the database
 -	 * to see if the specified username is there. If so, a BlogUser
 -	 * object is created and initialized.
 -	 * @param string the specified username
 -	 * @return BlogUser the user object, null if username is invalid.
 -	 */
 -	public function createUser($username)
 -	{
 -		// use UserRecord Active Record to look for the specified username
 -		$userRecord=UserRecord::finder()->findByPk($username);
 -		if($userRecord instanceof UserRecord) // if found
 -		{
 -			$user=new BlogUser($this->Manager);
 -			$user->Name=$username;  // set username
 -			$user->Roles=($userRecord->role==1?'admin':'user'); // set role
 -			$user->IsGuest=false;   // the user is not a guest
 -			return $user;
 -		}
 -		else
 -			return null;
 -	}
 -
 -	/**
 -	 * Checks if the specified (username, password) is valid.
 -	 * This method is required by TDbUser.
 -	 * @param string username
 -	 * @param string password
 -	 * @return boolean whether the username and password are valid.
 -	 */
 -	public function validateUser($username,$password)
 -	{
 -		// use UserRecord Active Record to look for the (username, password) pair.
 -		return UserRecord::finder()->findBy_username_AND_password($username,$password)!==null;
 -	}
 -
 -	/**
 -	 * @return boolean whether this user is an administrator.
 -	 */
 -	public function getIsAdmin()
 -	{
 -		return $this->isInRole('admin');
 -	}
 -}
 -
 +<?php + +// Include TDbUserManager.php file which defines TDbUser +Prado::using('System.Security.TDbUserManager'); + +/** + * BlogUser Class. + * BlogUser represents the user data that needs to be kept in session. + * Default implementation keeps username and role information. + */ +class BlogUser extends TDbUser +{ +	/** +	 * Creates a BlogUser object based on the specified username. +	 * This method is required by TDbUser. It checks the database +	 * to see if the specified username is there. If so, a BlogUser +	 * object is created and initialized. +	 * @param string the specified username +	 * @return BlogUser the user object, null if username is invalid. +	 */ +	public function createUser($username) +	{ +		// use UserRecord Active Record to look for the specified username +		$userRecord=UserRecord::finder()->findByPk($username); +		if($userRecord instanceof UserRecord) // if found +		{ +			$user=new BlogUser($this->Manager); +			$user->Name=$username;  // set username +			$user->Roles=($userRecord->role==1?'admin':'user'); // set role +			$user->IsGuest=false;   // the user is not a guest +			return $user; +		} +		else +			return null; +	} + +	/** +	 * Checks if the specified (username, password) is valid. +	 * This method is required by TDbUser. +	 * @param string username +	 * @param string password +	 * @return boolean whether the username and password are valid. +	 */ +	public function validateUser($username,$password) +	{ +		// use UserRecord Active Record to look for the (username, password) pair. +		return UserRecord::finder()->findBy_username_AND_password($username,$password)!==null; +	} + +	/** +	 * @return boolean whether this user is an administrator. +	 */ +	public function getIsAdmin() +	{ +		return $this->isInRole('admin'); +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/database/PostRecord.php b/demos/blog-tutorial/samples/day5/blog/protected/database/PostRecord.php index 25702727..3407c09b 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/database/PostRecord.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/database/PostRecord.php @@ -1,28 +1,28 @@ -<?php
 -/**
 - * Auto generated by prado-cli.php on 2007-04-07 10:44:20.
 - */
 -class PostRecord extends TActiveRecord
 -{
 -	const TABLE='posts';
 -
 -	public $post_id;
 -	public $author_id;
 -	public $create_time;
 -	public $title;
 -	public $content;
 -	public $status;
 -
 -	public $author;
 -
 -	public static $RELATIONS=array
 -	(
 -		'author' => array(self::BELONGS_TO, 'UserRecord'),
 -	);
 -
 -	public static function finder($className=__CLASS__)
 -	{
 -		return parent::finder($className);
 -	}
 -}
 +<?php +/** + * Auto generated by prado-cli.php on 2007-04-07 10:44:20. + */ +class PostRecord extends TActiveRecord +{ +	const TABLE='posts'; + +	public $post_id; +	public $author_id; +	public $create_time; +	public $title; +	public $content; +	public $status; + +	public $author; + +	public static $RELATIONS=array +	( +		'author' => array(self::BELONGS_TO, 'UserRecord'), +	); + +	public static function finder($className=__CLASS__) +	{ +		return parent::finder($className); +	} +}  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/database/UserRecord.php b/demos/blog-tutorial/samples/day5/blog/protected/database/UserRecord.php index 2051e5de..021f8b09 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/database/UserRecord.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/database/UserRecord.php @@ -1,28 +1,28 @@ -<?php
 -/**
 - * Auto generated by prado-cli.php on 2007-04-07 10:44:25.
 - */
 -class UserRecord extends TActiveRecord
 -{
 -	const TABLE='users';
 -
 -	public $username;
 -	public $email;
 -	public $password;
 -	public $role;
 -	public $first_name;
 -	public $last_name;
 -
 -	public $posts=array();
 -
 -	public static $RELATIONS=array
 -	(
 -		'posts' => array(self::HAS_MANY, 'PostRecord'),
 -	);
 -
 -	public static function finder($className=__CLASS__)
 -	{
 -		return parent::finder($className);
 -	}
 -}
 +<?php +/** + * Auto generated by prado-cli.php on 2007-04-07 10:44:25. + */ +class UserRecord extends TActiveRecord +{ +	const TABLE='users'; + +	public $username; +	public $email; +	public $password; +	public $role; +	public $first_name; +	public $last_name; + +	public $posts=array(); + +	public static $RELATIONS=array +	( +		'posts' => array(self::HAS_MANY, 'PostRecord'), +	); + +	public static function finder($className=__CLASS__) +	{ +		return parent::finder($className); +	} +}  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/layouts/MainLayout.php b/demos/blog-tutorial/samples/day5/blog/protected/layouts/MainLayout.php index 46c1483d..f605f75c 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/layouts/MainLayout.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/layouts/MainLayout.php @@ -1,19 +1,19 @@ -<?php
 -
 -class MainLayout extends TTemplateControl
 -{
 -	/**
 -	 * Logs out a user.
 -	 * This method responds to the "logout" button's OnClick event.
 -	 * @param mixed event sender
 -	 * @param mixed event parameter
 -	 */
 -	public function logoutButtonClicked($sender,$param)
 -	{
 -		$this->Application->getModule('auth')->logout();
 -		$url=$this->Service->constructUrl($this->Service->DefaultPage);
 -		$this->Response->redirect($url);
 -	}
 -}
 -
 +<?php + +class MainLayout extends TTemplateControl +{ +	/** +	 * Logs out a user. +	 * This method responds to the "logout" button's OnClick event. +	 * @param mixed event sender +	 * @param mixed event parameter +	 */ +	public function logoutButtonClicked($sender,$param) +	{ +		$this->Application->getModule('auth')->logout(); +		$url=$this->Service->constructUrl($this->Service->DefaultPage); +		$this->Response->redirect($url); +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/Contact.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/Contact.php index b6ce575e..77d7374a 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/Contact.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/Contact.php @@ -1,30 +1,30 @@ -<?php
 -
 -class Contact extends TPage
 -{
 -	/**
 -	 * Event handler for the OnClick event of the submit button.
 -	 * @param TButton the button triggering the event
 -	 * @param TEventParameter event parameter (null here)
 -	 */
 -	public function submitButtonClicked($sender, $param)
 -	{
 -		if ($this->IsValid)  // check if input validation is successful
 -		{
 -			// obtain the user name, email, feedback from the textboxes
 -			$name = $this->Name->Text;
 -			$email = $this->Email->Text;
 -			$feedback = $this->Feedback->Text;
 -
 -			// send an email to administrator with the above information
 -			$this->mailFeedback($name, $email, $feedback);
 -		}
 -	}
 -
 -	protected function mailFeedback($name, $email, $feedback)
 -	{
 -		// implementation of sending the feedback email
 -	}
 -}
 -
 +<?php + +class Contact extends TPage +{ +	/** +	 * Event handler for the OnClick event of the submit button. +	 * @param TButton the button triggering the event +	 * @param TEventParameter event parameter (null here) +	 */ +	public function submitButtonClicked($sender, $param) +	{ +		if ($this->IsValid)  // check if input validation is successful +		{ +			// obtain the user name, email, feedback from the textboxes +			$name = $this->Name->Text; +			$email = $this->Email->Text; +			$feedback = $this->Feedback->Text; + +			// send an email to administrator with the above information +			$this->mailFeedback($name, $email, $feedback); +		} +	} + +	protected function mailFeedback($name, $email, $feedback) +	{ +		// implementation of sending the feedback email +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/EditPost.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/EditPost.php index e137b85e..1b0f82b6 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/EditPost.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/EditPost.php @@ -1,72 +1,72 @@ -<?php
 -
 -class EditPost extends TPage
 -{
 -	/**
 -	 * Initializes the inputs with existing post data.
 -	 * This method is invoked by the framework when the page is being initialized.
 -	 * @param mixed event parameter
 -	 */
 -	public function onInit($param)
 -	{
 -		parent::onInit($param);
 -		// Retrieves the existing user data. This is equivalent to:
 -		// $postRecord=$this->getPost();
 -		$postRecord=$this->Post;
 -		// Authorization check: only the author or the administrator can edit the post
 -		if($postRecord->author_id!==$this->User->Name && !$this->User->IsAdmin)
 -			throw new THttpException(500,'You are not allowed to edit this post.');
 -
 -		if(!$this->IsPostBack)  // if the page is initially requested
 -		{
 -			// Populates the input controls with the existing post data
 -			$this->TitleEdit->Text=$postRecord->title;
 -			$this->ContentEdit->Text=$postRecord->content;
 -		}
 -	}
 -
 -	/**
 -	 * Saves the post if all inputs are valid.
 -	 * This method responds to the OnClick event of the "Save" button.
 -	 * @param mixed event sender
 -	 * @param mixed event parameter
 -	 */
 -	public function saveButtonClicked($sender,$param)
 -	{
 -		if($this->IsValid)  // when all validations succeed
 -		{
 -			// Retrieves the existing user data. This is equivalent to:
 -			// $postRecord=$this->getPost();
 -			$postRecord=$this->Post;
 -
 -			// Fetches the input data
 -			$postRecord->title=$this->TitleEdit->SafeText;
 -			$postRecord->content=$this->ContentEdit->SafeText;
 -
 -			// saves to the database via Active Record mechanism
 -			$postRecord->save();
 -
 -			// redirects the browser to the ReadPost page
 -			$url=$this->Service->constructUrl('posts.ReadPost',array('id'=>$postRecord->post_id));
 -			$this->Response->redirect($url);
 -		}
 -	}
 -
 -	/**
 -	 * Returns the post data to be editted.
 -	 * @return PostRecord the post data to be editted.
 -	 * @throws THttpException if the post data is not found.
 -	 */
 -	protected function getPost()
 -	{
 -		// the ID of the post to be editted is passed via GET parameter 'id'
 -		$postID=(int)$this->Request['id'];
 -		// use Active Record to look for the specified post ID
 -		$postRecord=PostRecord::finder()->findByPk($postID);
 -		if($postRecord===null)
 -			throw new THttpException(500,'Post is not found.');
 -		return $postRecord;
 -	}
 -}
 -
 +<?php + +class EditPost extends TPage +{ +	/** +	 * Initializes the inputs with existing post data. +	 * This method is invoked by the framework when the page is being initialized. +	 * @param mixed event parameter +	 */ +	public function onInit($param) +	{ +		parent::onInit($param); +		// Retrieves the existing user data. This is equivalent to: +		// $postRecord=$this->getPost(); +		$postRecord=$this->Post; +		// Authorization check: only the author or the administrator can edit the post +		if($postRecord->author_id!==$this->User->Name && !$this->User->IsAdmin) +			throw new THttpException(500,'You are not allowed to edit this post.'); + +		if(!$this->IsPostBack)  // if the page is initially requested +		{ +			// Populates the input controls with the existing post data +			$this->TitleEdit->Text=$postRecord->title; +			$this->ContentEdit->Text=$postRecord->content; +		} +	} + +	/** +	 * Saves the post if all inputs are valid. +	 * This method responds to the OnClick event of the "Save" button. +	 * @param mixed event sender +	 * @param mixed event parameter +	 */ +	public function saveButtonClicked($sender,$param) +	{ +		if($this->IsValid)  // when all validations succeed +		{ +			// Retrieves the existing user data. This is equivalent to: +			// $postRecord=$this->getPost(); +			$postRecord=$this->Post; + +			// Fetches the input data +			$postRecord->title=$this->TitleEdit->SafeText; +			$postRecord->content=$this->ContentEdit->SafeText; + +			// saves to the database via Active Record mechanism +			$postRecord->save(); + +			// redirects the browser to the ReadPost page +			$url=$this->Service->constructUrl('posts.ReadPost',array('id'=>$postRecord->post_id)); +			$this->Response->redirect($url); +		} +	} + +	/** +	 * Returns the post data to be editted. +	 * @return PostRecord the post data to be editted. +	 * @throws THttpException if the post data is not found. +	 */ +	protected function getPost() +	{ +		// the ID of the post to be editted is passed via GET parameter 'id' +		$postID=(int)$this->Request['id']; +		// use Active Record to look for the specified post ID +		$postRecord=PostRecord::finder()->findByPk($postID); +		if($postRecord===null) +			throw new THttpException(500,'Post is not found.'); +		return $postRecord; +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/ListPost.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/ListPost.php index 7402dace..ae5a7eeb 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/ListPost.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/ListPost.php @@ -1,64 +1,64 @@ -<?php
 -
 -class ListPost extends TPage
 -{
 -	/**
 -	 * Initializes the repeater.
 -	 * This method is invoked by the framework when initializing the page
 -	 * @param mixed event parameter
 -	 */
 -	public function onInit($param)
 -	{
 -		parent::onInit($param);
 -		if(!$this->IsPostBack)  // if the page is requested the first time
 -		{
 -			// get the total number of posts available
 -			$this->Repeater->VirtualItemCount=PostRecord::finder()->count();
 -			// populates post data into the repeater
 -			$this->populateData();
 -		}
 -	}
 -
 -	/**
 -	 * Event handler to the OnPageIndexChanged event of the pager.
 -	 * This method is invoked when the user clicks on a page button
 -	 * and thus changes the page of posts to display.
 -	 */
 -	public function pageChanged($sender,$param)
 -	{
 -		// change the current page index to the new one
 -		$this->Repeater->CurrentPageIndex=$param->NewPageIndex;
 -		// re-populate data into the repeater
 -		$this->populateData();
 -	}
 -
 -	/**
 -	 * Determines which page of posts to be displayed and
 -	 * populates the repeater with the fetched data.
 -	 */
 -	protected function populateData()
 -	{
 -		$offset=$this->Repeater->CurrentPageIndex*$this->Repeater->PageSize;
 -		$limit=$this->Repeater->PageSize;
 -		if($offset+$limit>$this->Repeater->VirtualItemCount)
 -			$limit=$this->Repeater->VirtualItemCount-$offset;
 -		$this->Repeater->DataSource=$this->getPosts($offset,$limit);
 -		$this->Repeater->dataBind();
 -	}
 -
 -	/**
 -	 * Fetches posts from database with offset and limit.
 -	 */
 -	protected function getPosts($offset, $limit)
 -	{
 -		// Construts a query criteria
 -		$criteria=new TActiveRecordCriteria;
 -		$criteria->OrdersBy['create_time']='desc';
 -		$criteria->Limit=$limit;
 -		$criteria->Offset=$offset;
 -		// query for the posts with the above criteria and with author information
 -		return PostRecord::finder()->withAuthor()->findAll($criteria);
 -	}
 -}
 -
 +<?php + +class ListPost extends TPage +{ +	/** +	 * Initializes the repeater. +	 * This method is invoked by the framework when initializing the page +	 * @param mixed event parameter +	 */ +	public function onInit($param) +	{ +		parent::onInit($param); +		if(!$this->IsPostBack)  // if the page is requested the first time +		{ +			// get the total number of posts available +			$this->Repeater->VirtualItemCount=PostRecord::finder()->count(); +			// populates post data into the repeater +			$this->populateData(); +		} +	} + +	/** +	 * Event handler to the OnPageIndexChanged event of the pager. +	 * This method is invoked when the user clicks on a page button +	 * and thus changes the page of posts to display. +	 */ +	public function pageChanged($sender,$param) +	{ +		// change the current page index to the new one +		$this->Repeater->CurrentPageIndex=$param->NewPageIndex; +		// re-populate data into the repeater +		$this->populateData(); +	} + +	/** +	 * Determines which page of posts to be displayed and +	 * populates the repeater with the fetched data. +	 */ +	protected function populateData() +	{ +		$offset=$this->Repeater->CurrentPageIndex*$this->Repeater->PageSize; +		$limit=$this->Repeater->PageSize; +		if($offset+$limit>$this->Repeater->VirtualItemCount) +			$limit=$this->Repeater->VirtualItemCount-$offset; +		$this->Repeater->DataSource=$this->getPosts($offset,$limit); +		$this->Repeater->dataBind(); +	} + +	/** +	 * Fetches posts from database with offset and limit. +	 */ +	protected function getPosts($offset, $limit) +	{ +		// Construts a query criteria +		$criteria=new TActiveRecordCriteria; +		$criteria->OrdersBy['create_time']='desc'; +		$criteria->Limit=$limit; +		$criteria->Offset=$offset; +		// query for the posts with the above criteria and with author information +		return PostRecord::finder()->withAuthor()->findAll($criteria); +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/NewPost.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/NewPost.php index a5e3ea4d..d3a36133 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/NewPost.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/NewPost.php @@ -1,34 +1,34 @@ -<?php
 -
 -class NewPost extends TPage
 -{
 -	/**
 -	 * Creates a new post if all inputs are valid.
 -	 * This method responds to the OnClick event of the "create" button.
 -	 * @param mixed event sender
 -	 * @param mixed event parameter
 -	 */
 -	public function createButtonClicked($sender,$param)
 -	{
 -		if($this->IsValid)  // when all validations succeed
 -		{
 -			// populates a PostRecord object with user inputs
 -			$postRecord=new PostRecord;
 -			// using SafeText instead of Text avoids Cross Site Scripting attack
 -			$postRecord->title=$this->TitleEdit->SafeText;
 -			$postRecord->content=$this->ContentEdit->SafeText;
 -			$postRecord->author_id=$this->User->Name;
 -			$postRecord->create_time=time();
 -			$postRecord->status=0;
 -
 -			// saves to the database via Active Record mechanism
 -			$postRecord->save();
 -
 -			// redirects the browser to the newly created post page
 -			$url=$this->Service->constructUrl('posts.ReadPost',array('id'=>$postRecord->post_id));
 -			$this->Response->redirect($url);
 -		}
 -	}
 -}
 -
 +<?php + +class NewPost extends TPage +{ +	/** +	 * Creates a new post if all inputs are valid. +	 * This method responds to the OnClick event of the "create" button. +	 * @param mixed event sender +	 * @param mixed event parameter +	 */ +	public function createButtonClicked($sender,$param) +	{ +		if($this->IsValid)  // when all validations succeed +		{ +			// populates a PostRecord object with user inputs +			$postRecord=new PostRecord; +			// using SafeText instead of Text avoids Cross Site Scripting attack +			$postRecord->title=$this->TitleEdit->SafeText; +			$postRecord->content=$this->ContentEdit->SafeText; +			$postRecord->author_id=$this->User->Name; +			$postRecord->create_time=time(); +			$postRecord->status=0; + +			// saves to the database via Active Record mechanism +			$postRecord->save(); + +			// redirects the browser to the newly created post page +			$url=$this->Service->constructUrl('posts.ReadPost',array('id'=>$postRecord->post_id)); +			$this->Response->redirect($url); +		} +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/PostRenderer.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/PostRenderer.php index cf0539a1..ed80f10c 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/PostRenderer.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/PostRenderer.php @@ -1,7 +1,7 @@ -<?php
 -
 -class PostRenderer extends TRepeaterItemRenderer
 -{
 -}
 -
 +<?php + +class PostRenderer extends TRepeaterItemRenderer +{ +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/ReadPost.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/ReadPost.php index 0c120824..ab7429c3 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/ReadPost.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/posts/ReadPost.php @@ -1,59 +1,59 @@ -<?php
 -
 -Prado::using('Application.BlogException');
 -
 -class ReadPost extends TPage
 -{
 -	private $_post;
 -	/**
 -	 * Fetches the post data.
 -	 * This method is invoked by the framework when initializing the page
 -	 * @param mixed event parameter
 -	 */
 -	public function onInit($param)
 -	{
 -		parent::onInit($param);
 -		// post id is passed via the 'id' GET parameter
 -		$postID=(int)$this->Request['id'];
 -		// retrieves PostRecord with author information filled in
 -		$this->_post=PostRecord::finder()->withAuthor()->findByPk($postID);
 -		if($this->_post===null)  // if post id is invalid
 -			throw new BlogException(500,'Unable to find the specified post.');
 -		// set the page title as the post title
 -		$this->Title=$this->_post->title;
 -	}
 -
 -	/**
 -	 * @return PostRecord the PostRecord currently being viewed
 -	 */
 -	public function getPost()
 -	{
 -		return $this->_post;
 -	}
 -
 -	/**
 -	 * Deletes the post currently being viewed
 -	 * This method is invoked when the user clicks on the "Delete" button
 -	 */
 -	public function deletePost($sender,$param)
 -	{
 -		// only the author or the administrator can delete a post
 -		if(!$this->canEdit())
 -			throw new THttpException('You are not allowed to perform this action.');
 -		// delete it from DB
 -		$this->_post->delete();
 -		// redirect the browser to the homepage
 -		$this->Response->redirect($this->Service->DefaultPageUrl);
 -	}
 -
 -	/**
 -	 * @return boolean whether the current user can edit/delete the post being viewed
 -	 */
 -	public function canEdit()
 -	{
 -		// only the author or the administrator can edit/delete a post
 -		return $this->User->Name===$this->Post->author_id || $this->User->IsAdmin;
 -	}
 -}
 -
 +<?php + +Prado::using('Application.BlogException'); + +class ReadPost extends TPage +{ +	private $_post; +	/** +	 * Fetches the post data. +	 * This method is invoked by the framework when initializing the page +	 * @param mixed event parameter +	 */ +	public function onInit($param) +	{ +		parent::onInit($param); +		// post id is passed via the 'id' GET parameter +		$postID=(int)$this->Request['id']; +		// retrieves PostRecord with author information filled in +		$this->_post=PostRecord::finder()->withAuthor()->findByPk($postID); +		if($this->_post===null)  // if post id is invalid +			throw new BlogException(500,'Unable to find the specified post.'); +		// set the page title as the post title +		$this->Title=$this->_post->title; +	} + +	/** +	 * @return PostRecord the PostRecord currently being viewed +	 */ +	public function getPost() +	{ +		return $this->_post; +	} + +	/** +	 * Deletes the post currently being viewed +	 * This method is invoked when the user clicks on the "Delete" button +	 */ +	public function deletePost($sender,$param) +	{ +		// only the author or the administrator can delete a post +		if(!$this->canEdit()) +			throw new THttpException('You are not allowed to perform this action.'); +		// delete it from DB +		$this->_post->delete(); +		// redirect the browser to the homepage +		$this->Response->redirect($this->Service->DefaultPageUrl); +	} + +	/** +	 * @return boolean whether the current user can edit/delete the post being viewed +	 */ +	public function canEdit() +	{ +		// only the author or the administrator can edit/delete a post +		return $this->User->Name===$this->Post->author_id || $this->User->IsAdmin; +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/users/AdminUser.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/users/AdminUser.php index ad8f6e3d..ad668e1a 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/users/AdminUser.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/users/AdminUser.php @@ -1,36 +1,36 @@ -<?php
 -
 -class AdminUser extends TPage
 -{
 -	/**
 -	 * Populates the datagrid with user lists.
 -	 * This method is invoked by the framework when initializing the page
 -	 * @param mixed event parameter
 -	 */
 -	public function onInit($param)
 -	{
 -		parent::onInit($param);
 -		// fetches all data account information
 -		$this->UserGrid->DataSource=UserRecord::finder()->findAll();
 -		// binds the data to interface components
 -		$this->UserGrid->dataBind();
 -	}
 -
 -	/**
 -	 * Deletes a specified user record.
 -	 * This method responds to the datagrid's OnDeleteCommand event.
 -	 * @param TDataGrid the event sender
 -	 * @param TDataGridCommandEventParameter the event parameter
 -	 */
 -	public function deleteButtonClicked($sender,$param)
 -	{
 -		// obtains the datagrid item that contains the clicked delete button
 -		$item=$param->Item;
 -		// obtains the primary key corresponding to the datagrid item
 -		$username=$this->UserGrid->DataKeys[$item->ItemIndex];
 -		// deletes the user record with the specified username primary key
 -		UserRecord::finder()->deleteByPk($username);
 -	}
 -}
 -
 +<?php + +class AdminUser extends TPage +{ +	/** +	 * Populates the datagrid with user lists. +	 * This method is invoked by the framework when initializing the page +	 * @param mixed event parameter +	 */ +	public function onInit($param) +	{ +		parent::onInit($param); +		// fetches all data account information +		$this->UserGrid->DataSource=UserRecord::finder()->findAll(); +		// binds the data to interface components +		$this->UserGrid->dataBind(); +	} + +	/** +	 * Deletes a specified user record. +	 * This method responds to the datagrid's OnDeleteCommand event. +	 * @param TDataGrid the event sender +	 * @param TDataGridCommandEventParameter the event parameter +	 */ +	public function deleteButtonClicked($sender,$param) +	{ +		// obtains the datagrid item that contains the clicked delete button +		$item=$param->Item; +		// obtains the primary key corresponding to the datagrid item +		$username=$this->UserGrid->DataKeys[$item->ItemIndex]; +		// deletes the user record with the specified username primary key +		UserRecord::finder()->deleteByPk($username); +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/users/EditUser.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/users/EditUser.php index 81538c33..f8c61463 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/users/EditUser.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/users/EditUser.php @@ -1,83 +1,83 @@ -<?php
 -
 -class EditUser extends TPage
 -{
 -	/**
 -	 * Initializes the inputs with existing user data.
 -	 * This method is invoked by the framework when the page is being initialized.
 -	 * @param mixed event parameter
 -	 */
 -	public function onInit($param)
 -	{
 -		parent::onInit($param);
 -		if(!$this->IsPostBack)  // if the page is initially requested
 -		{
 -			// Retrieves the existing user data. This is equivalent to:
 -			// $userRecord=$this->getUserRecord();
 -			$userRecord=$this->UserRecord;
 -
 -			// Populates the input controls with the existing user data
 -			$this->Username->Text=$userRecord->username;
 -			$this->Email->Text=$userRecord->email;
 -			$this->Role->SelectedValue=$userRecord->role;
 -			$this->FirstName->Text=$userRecord->first_name;
 -			$this->LastName->Text=$userRecord->last_name;
 -		}
 -	}
 -
 -	/**
 -	 * Saves the user account if all inputs are valid.
 -	 * This method responds to the OnClick event of the "save" button.
 -	 * @param mixed event sender
 -	 * @param mixed event parameter
 -	 */
 -	public function saveButtonClicked($sender,$param)
 -	{
 -		if($this->IsValid)  // when all validations succeed
 -		{
 -			// Retrieves the existing user data. This is equivalent to:
 -			$userRecord=$this->UserRecord;
 -
 -			// Fetches the input data
 -			$userRecord->username=$this->Username->Text;
 -			// update password when the input is not empty
 -			if(!empty($this->Password->Text))
 -				$userRecord->password=$this->Password->Text;
 -			$userRecord->email=$this->Email->Text;
 -			// update the role if the current user is an administrator
 -			if($this->User->IsAdmin)
 -				$userRecord->role=(int)$this->Role->SelectedValue;
 -			$userRecord->first_name=$this->FirstName->Text;
 -			$userRecord->last_name=$this->LastName->Text;
 -
 -			// saves to the database via Active Record mechanism
 -			$userRecord->save();
 -
 -			// redirects the browser to the homepage
 -			$this->Response->redirect($this->Service->DefaultPageUrl);
 -		}
 -	}
 -
 -	/**
 -	 * Returns the user data to be editted.
 -	 * @return UserRecord the user data to be editted.
 -	 * @throws THttpException if the user data is not found.
 -	 */
 -	protected function getUserRecord()
 -	{
 -		// the user to be editted is the currently logged-in user
 -		$username=$this->User->Name;
 -		// if the 'username' GET var is not empty and the current user
 -		// is an administrator, we use the GET var value instead.
 -		if($this->User->IsAdmin && $this->Request['username']!==null)
 -			$username=$this->Request['username'];
 -
 -		// use Active Record to look for the specified username
 -		$userRecord=UserRecord::finder()->findByPk($username);
 -		if(!($userRecord instanceof UserRecord))
 -			throw new THttpException(500,'Username is invalid.');
 -		return $userRecord;
 -	}
 -}
 -
 +<?php + +class EditUser extends TPage +{ +	/** +	 * Initializes the inputs with existing user data. +	 * This method is invoked by the framework when the page is being initialized. +	 * @param mixed event parameter +	 */ +	public function onInit($param) +	{ +		parent::onInit($param); +		if(!$this->IsPostBack)  // if the page is initially requested +		{ +			// Retrieves the existing user data. This is equivalent to: +			// $userRecord=$this->getUserRecord(); +			$userRecord=$this->UserRecord; + +			// Populates the input controls with the existing user data +			$this->Username->Text=$userRecord->username; +			$this->Email->Text=$userRecord->email; +			$this->Role->SelectedValue=$userRecord->role; +			$this->FirstName->Text=$userRecord->first_name; +			$this->LastName->Text=$userRecord->last_name; +		} +	} + +	/** +	 * Saves the user account if all inputs are valid. +	 * This method responds to the OnClick event of the "save" button. +	 * @param mixed event sender +	 * @param mixed event parameter +	 */ +	public function saveButtonClicked($sender,$param) +	{ +		if($this->IsValid)  // when all validations succeed +		{ +			// Retrieves the existing user data. This is equivalent to: +			$userRecord=$this->UserRecord; + +			// Fetches the input data +			$userRecord->username=$this->Username->Text; +			// update password when the input is not empty +			if(!empty($this->Password->Text)) +				$userRecord->password=$this->Password->Text; +			$userRecord->email=$this->Email->Text; +			// update the role if the current user is an administrator +			if($this->User->IsAdmin) +				$userRecord->role=(int)$this->Role->SelectedValue; +			$userRecord->first_name=$this->FirstName->Text; +			$userRecord->last_name=$this->LastName->Text; + +			// saves to the database via Active Record mechanism +			$userRecord->save(); + +			// redirects the browser to the homepage +			$this->Response->redirect($this->Service->DefaultPageUrl); +		} +	} + +	/** +	 * Returns the user data to be editted. +	 * @return UserRecord the user data to be editted. +	 * @throws THttpException if the user data is not found. +	 */ +	protected function getUserRecord() +	{ +		// the user to be editted is the currently logged-in user +		$username=$this->User->Name; +		// if the 'username' GET var is not empty and the current user +		// is an administrator, we use the GET var value instead. +		if($this->User->IsAdmin && $this->Request['username']!==null) +			$username=$this->Request['username']; + +		// use Active Record to look for the specified username +		$userRecord=UserRecord::finder()->findByPk($username); +		if(!($userRecord instanceof UserRecord)) +			throw new THttpException(500,'Username is invalid.'); +		return $userRecord; +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/users/LoginUser.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/users/LoginUser.php index a0955490..407906ae 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/users/LoginUser.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/users/LoginUser.php @@ -1,37 +1,37 @@ -<?php
 -
 -class LoginUser extends TPage
 -{
 -	/**
 -	 * Validates whether the username and password are correct.
 -	 * This method responds to the TCustomValidator's OnServerValidate event.
 -	 * @param mixed event sender
 -	 * @param mixed event parameter
 -	 */
 -	public function validateUser($sender,$param)
 -	{
 -		$authManager=$this->Application->getModule('auth');
 -		if(!$authManager->login($this->Username->Text,$this->Password->Text))
 -			$param->IsValid=false;  // tell the validator that validation fails
 -	}
 -
 -	/**
 -	 * Redirects the user's browser to appropriate URL if login succeeds.
 -	 * This method responds to the login button's OnClick event.
 -	 * @param mixed event sender
 -	 * @param mixed event parameter
 -	 */
 -	public function loginButtonClicked($sender,$param)
 -	{
 -		if($this->Page->IsValid)  // all validations succeed
 -		{
 -			// obtain the URL of the privileged page that the user wanted to visit originally
 -			$url=$this->Application->getModule('auth')->ReturnUrl;
 -			if(empty($url))  // the user accesses the login page directly
 -				$url=$this->Service->DefaultPageUrl;
 -			$this->Response->redirect($url);
 -		}
 -	}
 -}
 -
 +<?php + +class LoginUser extends TPage +{ +	/** +	 * Validates whether the username and password are correct. +	 * This method responds to the TCustomValidator's OnServerValidate event. +	 * @param mixed event sender +	 * @param mixed event parameter +	 */ +	public function validateUser($sender,$param) +	{ +		$authManager=$this->Application->getModule('auth'); +		if(!$authManager->login($this->Username->Text,$this->Password->Text)) +			$param->IsValid=false;  // tell the validator that validation fails +	} + +	/** +	 * Redirects the user's browser to appropriate URL if login succeeds. +	 * This method responds to the login button's OnClick event. +	 * @param mixed event sender +	 * @param mixed event parameter +	 */ +	public function loginButtonClicked($sender,$param) +	{ +		if($this->Page->IsValid)  // all validations succeed +		{ +			// obtain the URL of the privileged page that the user wanted to visit originally +			$url=$this->Application->getModule('auth')->ReturnUrl; +			if(empty($url))  // the user accesses the login page directly +				$url=$this->Service->DefaultPageUrl; +			$this->Response->redirect($url); +		} +	} +} +  ?>
\ No newline at end of file diff --git a/demos/blog-tutorial/samples/day5/blog/protected/pages/users/NewUser.php b/demos/blog-tutorial/samples/day5/blog/protected/pages/users/NewUser.php index 76e8cb88..3bf6768a 100644 --- a/demos/blog-tutorial/samples/day5/blog/protected/pages/users/NewUser.php +++ b/demos/blog-tutorial/samples/day5/blog/protected/pages/users/NewUser.php @@ -1,45 +1,45 @@ -<?php
 -
 -class NewUser extends TPage
 -{
 -	/**
 -	 * Checks whether the username exists in the database.
 -	 * This method responds to the OnServerValidate event of username's custom validator.
 -	 * @param mixed event sender
 -	 * @param mixed event parameter
 -	 */
 -	public function checkUsername($sender,$param)
 -	{
 -		// valid if the username is not found in the database
 -		$param->IsValid=UserRecord::finder()->findByPk($this->Username->Text)===null;
 -	}
 -
 -	/**
 -	 * Creates a new user account if all inputs are valid.
 -	 * This method responds to the OnClick event of the "create" button.
 -	 * @param mixed event sender
 -	 * @param mixed event parameter
 -	 */
 -	public function createButtonClicked($sender,$param)
 -	{
 -		if($this->IsValid)  // when all validations succeed
 -		{
 -			// populates a UserRecord object with user inputs
 -			$userRecord=new UserRecord;
 -			$userRecord->username=$this->Username->Text;
 -			$userRecord->password=$this->Password->Text;
 -			$userRecord->email=$this->Email->Text;
 -			$userRecord->role=(int)$this->Role->SelectedValue;
 -			$userRecord->first_name=$this->FirstName->Text;
 -			$userRecord->last_name=$this->LastName->Text;
 -
 -			// saves to the database via Active Record mechanism
 -			$userRecord->save();
 -
 -			// redirects the browser to the homepage
 -			$this->Response->redirect($this->Service->DefaultPageUrl);
 -		}
 -	}
 -}
 -
 +<?php + +class NewUser extends TPage +{ +	/** +	 * Checks whether the username exists in the database. +	 * This method responds to the OnServerValidate event of username's custom validator. +	 * @param mixed event sender +	 * @param mixed event parameter +	 */ +	public function checkUsername($sender,$param) +	{ +		// valid if the username is not found in the database +		$param->IsValid=UserRecord::finder()->findByPk($this->Username->Text)===null; +	} + +	/** +	 * Creates a new user account if all inputs are valid. +	 * This method responds to the OnClick event of the "create" button. +	 * @param mixed event sender +	 * @param mixed event parameter +	 */ +	public function createButtonClicked($sender,$param) +	{ +		if($this->IsValid)  // when all validations succeed +		{ +			// populates a UserRecord object with user inputs +			$userRecord=new UserRecord; +			$userRecord->username=$this->Username->Text; +			$userRecord->password=$this->Password->Text; +			$userRecord->email=$this->Email->Text; +			$userRecord->role=(int)$this->Role->SelectedValue; +			$userRecord->first_name=$this->FirstName->Text; +			$userRecord->last_name=$this->LastName->Text; + +			// saves to the database via Active Record mechanism +			$userRecord->save(); + +			// redirects the browser to the homepage +			$this->Response->redirect($this->Service->DefaultPageUrl); +		} +	} +} +  ?>
\ No newline at end of file | 
