O Guia Definitivo do Yii 1.1

More documents

Recommendations

Info

Although Yii has measures to prevent the state cookie from being tampered on the client side, we strongly suggest that security sensitive information be not stored as states. Instead, these information should be restored on the server side by reading from some persistent storage on the server side (e.g. database). In addition, for any serious Web applications, we recommend using the following strategy to enhance the security of cookie-based login. When a user successfully logs in by filling out a login form, we generate and store a random key in both the cookie state and in persistent storage on server side (e.g. database). Upon a subsequent request, when the user authentication is being done via the cookie information, we compare the two copies of this random key and ensure a match before logging in the user. If the user logs in via the login form again, the key needs to be re-generated. By using the above strategy, we eliminate the possibility that a user may re-use an old state cookie which may contain outdated state information. To implement the above strategy, we need to override the following two methods: • CUserIdentity::authenticate(): this is where the real authentication is performed. If the user is authenticated, we should re-generate a new random key, and store it in the database as well as in the identity states via CBaseUserIdentity::setState. • CWebUser::beforeLogin(): this is called when a user is being logged in. We should check if the key obtained from the state cookie is the same as the one from the database. Access Control Filter Access control filter is a preliminary authorization scheme that checks if the current user can perform the requested controller action. The authorization is based on user's name, client IP address and request types. It is provided as a filter named as "accessControl". Tip: Access control filter is sufficient for simple scenarios. For more complex access control you may use role-based access (RBAC), which we will cover in the next subsection. To control the access to actions in a controller, we install the access control filter by overridingCController::filters (see Filter for more details about installing filters).
class PostController extends CController { ...... public function filters() { return array( 'accessControl', ); } } In the above, we specify that the access control filter should be applied to every action of PostController. The detailed authorization rules used by the filter are specified by overriding CController::accessRules in the controller class. class PostController extends CController { ...... public function accessRules() { return array( array('deny', 'actions'=>array('create', 'edit'), 'users'=>array('?'), ), array('allow', 'actions'=>array('delete'), 'roles'=>array('admin'), ), array('deny', 'actions'=>array('delete'), 'users'=>array('*'), ), ); } } The above code specifies three rules, each represented as an array. The first element of the array is either 'allow' or 'deny' and the other name-value pairs specify the pattern parameters of the rule. The rules defined above are interpreted as follows: the create and edit actions cannot be executed by anonymous users; the delete action can be executed by users with admin role; and the delete action cannot be executed by anyone.
Page 1 and 2:
O Guia Definitivo do Yii 1.1 Qiang
Page 3 and 4:
Coletando Entradas Tabulares! 59 Tr
Page 5 and 6:
Primeiros Passos Visão Geral Esse
Page 7 and 8:
• Added support for profiling SQL
Page 9 and 10:
no desenvolvimento Web e da investi
Page 11 and 12:
Página de Contato
Page 13 and 14:
Página de Login A listagem seguint
Page 15 and 16:
Conectando ao Banco de Dados A maio
Page 17 and 18:
% cd WebRoot/testdrive % protected/
Page 19 and 20:
Página de administração dos usu
Page 21 and 22:
Conceitos Básicos Modelo-Visão-Co
Page 23 and 24:
controle de acesso, benchmarking) a
Page 25 and 26:
deny from all Componentes da Aplica
Page 27 and 28:
3. Executa o controle; 8. Dispara o
Page 29 and 30:
class UpdateAction extends CAction
Page 31 and 32:
class PerformanceFilter extends CFi
Page 33 and 34:
$this->render('edit', array( 'var1'
Page 35 and 36:
A nomeclatura das visões do sistem
Page 37 and 38:
Um evento pode ter diversos manipul
Page 39 and 40:
forum/ ForumModule.php components/
Page 41 and 42:
RootAlias.path.to.target Onde RootA
Page 43 and 44:
Como não há suporte a namespaces
Page 45 and 46:
5. Implemente ações e as visões.
Page 47 and 48:
widgets that generate a lot of HTML
Page 49 and 50:
class LoginForm extends CFormModel
Page 51 and 52:
validação deverá ser efetuada; o
Page 53 and 54:
Nesse trecho de código, temos uma
Page 55 and 56:
public function rules() { return ar
Page 57 and 58:
Nota: Para fazer com que a variáve
Page 59 and 60:
A Página de Login com Erros A part
Page 61 and 62:
NamePriceCountDescription
Page 63 and 64:
usuário e senha para o acesso. Uma
Page 65 and 66:
Depois que o método CDbCommand::qu
Page 67 and 68:
Para mais detalhes sobre a vincula
Page 69 and 70:
• where: specifies the WHERE part
Page 71 and 72:
For example, array('in', 'id', arra
Page 73 and 74:
join and its variants function join
Page 75 and 76:
$sql = Yii::app()->db->createComman
Page 77 and 78:
uild and execute the following SQL:
Page 79 and 80:
CREATE TABLE `tbl_user` ( // `id` i
Page 81 and 82:
the new column name. The query buil
Page 83 and 84:
Below is an example showing how to
Page 85 and 86:
Dica: Existem duas maneiras de trab
Page 87 and 88:
class Post extends CActiveRecord {
Page 89 and 90:
$post=Post::model()->find(array( 's
Page 91 and 92:
Validação de Dados Ao inserir ou
Page 93 and 94:
$model=Post::model(); $transaction=
Page 95 and 96:
Named scopes podem ser parametrizad
Page 97 and 98:
Informação: O suporte à chaves e
Page 99 and 100:
Informação: Uma chave estrangeira
Page 101 and 102: $posts=Post::model()->with( 'author
Page 103 and 104: Informação: Quando o nome de uma
Page 105 and 106: Deve ser um vetor com pares nome-va
Page 107 and 108: The required name parameter specifi
Page 109 and 110: Sometimes, we may only want to appl
Page 111 and 112: yiic migrate up --migrationPath=ext
Page 113 and 114: • CZendDataCache: utiliza o Zend
Page 115 and 116: value irá expirar em 30 segundos /
Page 117 and 118: usuários. Para armazenar em cache
Page 119 and 120: A configuração acima, faz com que
Page 121 and 122: Nota: O path alias ext está dispon
Page 123 and 124: public function behaviors() { retur
Page 125 and 126: Controle Um controle, fornece um co
Page 127 and 128: • An extension should be self-con
Page 129 and 130: method invocations, we can start ou
Page 131 and 132: A console command should extend fro
Page 133 and 134: Testes Visão Geral Note: The testi
Page 135 and 136: $yiit='path/to/yii/framework/yiit.p
Page 138 and 139: Tip: Having too many fixture files
Page 140 and 141: public function testApprove() { //
Page 142 and 143: class PostTest extends WebTestCase
Page 144 and 145: array( ...... 'components'=>array(
Page 146 and 147: array( 'posts'=>'post/list', 'post/
Page 148 and 149: We first need to configure the Web
Page 150 and 151: class UserIdentity extends CUserIde
Page 154 and 155: The access rules are evaluated one
Page 156 and 157: a permission that is atomic. For ex
Page 158 and 159: $auth=Yii::app()->authManager; $aut
Page 160 and 161: Default roles must be declared in t
Page 162 and 163: WebRoot/ assets protected/ .htacces
Page 164 and 165: eturn array( 'components'=>array( '
Page 166 and 167: If we create a widget with a set o
Page 168 and 169: To use message routing, we need to
Page 170 and 171: array( ...... 'preload'=>array('log
Page 172 and 173: Yii defines two exception classes:
Page 174 and 175: Web Service Web service is a softwa
Page 176 and 177: To complete the example, let's crea
Page 178 and 179: class PostController extends CContr
Page 180 and 181: When translating a message, its cat
Page 182 and 183: '1#one book|n>1#many books' Plural
Page 184 and 185: The CDateFormatter class mainly pro
Page 186 and 187: // body content for the widget //
Page 188 and 189: Yii represents each console task in
Page 190 and 191: yiic sitemap index --type=News --li
Page 192 and 193: Cross-site scripting (also known as
Page 194 and 195: etrieve the cookie with the specifi
Page 196 and 197: Note: The scriptMap feature describ
show all

O Guia Definitivo do Yii 1.1

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?