<?php class test_construct_avg { function __construct($input = '') { $this->input = $input; } function w() { var_dump($this); var_dump($this->input); } function change_construct_avg($new_input) { $this->input = $new_input; } } $w = new test_construct_avg(45335); $w->w(); $w->change_construct_avg('new_input'); $w->w(); die();
C:>php D:wamp64wwww.php object(test_construct_avg)#1 (1) { ["input"]=> int(45335) } int(45335) object(test_construct_avg)#1 (1) { ["input"]=> string(9) "new_input" } string(9) "new_input" C:>
__destruct()析构函数的执行时刻
C:>php D:wamp64wwww.php In constructor object(test)#2 (1) { ["test"]=> int(45335) } int(45335) object(PHPTree1)#3 (3) { ["MinDataLevelNum"]=> string(2) "w2" ["DBPrimaryKeyFieldName"]=> string(2) "w0" ["DBParentFieldName"]=> string(2) "w1" } wwwDestroying MyDestructableClass
<?php class MyDestructableClass { function __construct() { print "In constructor "; $this->name = "MyDestructableClass"; } function __destruct() { print "Destroying " . $this->name . " "; } } $obj = new MyDestructableClass(); class test { public $test = ''; function __construct($input = '') { $this->test = $input; } function getTest() { return $this->test; } function w() { var_dump($this); var_dump($this->test); } } $w = new test(45335); $w->w(); class PHPTree1 { function __construct($DBPrimaryKeyFieldName, $DBParentFieldName, $MinDataLevelNum = 0) { $this->MinDataLevelNum = $MinDataLevelNum; $this->DBPrimaryKeyFieldName = $DBPrimaryKeyFieldName; $this->DBParentFieldName = $DBParentFieldName; } function w() { var_dump($this); } } $w = new PHPTree1('w0', 'w1', 'w2'); $w->w(); echo 'www'; die();
对__construct()构造函数传入参数,提高代码的复用性。
<?php class PHPTree1 { function __construct($DBPrimaryKeyFieldName, $DBParentFieldName, $MinDataLevelNum = 0) { $this->MinDataLevelNum = $MinDataLevelNum; $this->DBPrimaryKeyFieldName = $DBPrimaryKeyFieldName; $this->DBParentFieldName = $DBParentFieldName; } function w() { var_dump($this); } } $w = new PHPTree1('w0', 'w1', 'w2'); $w->w(); die();
构造函数与后台登录安全
w
前言
0-访问后台安全方面暂且考虑客户端浏览器cookie和客户端的访问历程;
1-后台控制器中登录控制器相对其他业务控制器单列,暂未写安全控制器;
2-cookie是成功登录后被存储到客户端单个浏览器的,不考虑cookie的篡改,即有cookie则判定为合法身份,暂未进一步读取数据库校验合法性;
假设
0-在无cookie的情况下,访问后台非登录控制器的方法的行为,直接判定为恶意访问;
1-在有cookie的情况下,访问后台非登录控制器的方法的行为,如果前路径不对,则返回至登录界面。
1 <?php 2 3 defined('BASEPATH') OR exit('No direct script access allowed'); 4 5 6 class Wa extends CI_Controller 7 { 8 9 10 public $wgen_cookie = ''; 11 12 function __construct() 13 { 14 parent::__construct(); 15 $this->load->helper('cookie'); 16 $this->wgen_cookie = get_cookie('wdomain_login', NULL); 17 $this->wno_cookie(); 18 } 19 20 21 public function index() 22 { 23 $this->load->view('w_wa'); 24 } 25 26 public function wadd() 27 { 28 29 $this->wcheck_addurl(); 30 $w5 = $this->wgen_cookie; 31 $this->load->model('item_test'); 32 33 $wserver_name = array(); 34 35 for ($w = 0, $len = $_POST['winput']; $w < $len; $w++) { 36 $wcheck = $this->do_upload('wimg' . $w); 37 38 if (array_key_exists('error', $wcheck)) { 39 $wserver_name[] = '@w@'; 40 41 } elseif (array_key_exists('upload_data', $wcheck)) { 42 $wserver_name[] = $wcheck['upload_data']['file_name']; 43 44 } 45 46 } 47 48 49 $wimg_json = json_encode($wserver_name); 50 $wimg_string = implode(',', $wserver_name); 51 52 53 $arr = array('name' => $_POST['w0'], 'desc' => $_POST['w1'], 'price_in' => $_POST['w2'], 'price_out' => $_POST['w3'], 'selling' => $_POST['w4'], 'author' => $w5, 'img' => $wimg_json, 'img_string' => $wimg_string, 'img_json' => $wimg_json); 54 $warr = array('Msg' => 'Some errors occured.'); 55 if ($this->item_test->u_insert($arr)) $warr = array('Msg' => 'SUCCEED'); 56 echo json_encode($warr); 57 $this->load->view('w_wa'); 58 59 60 } 61 62 63 function do_upload($name) 64 { 65 66 $config['upload_path'] = './uploads/'; 67 $config['upload_path'] = './wsta/witem/'; 68 $config['allowed_types'] = 'gif|jpg|png'; 69 $config['max_size'] = 10 * 1024; 70 $config['max_width'] = 3 * 1024; 71 $config['max_height'] = 3 * 1024; 72 73 $this->load->library('upload', $config); 74 75 if (!$this->upload->do_upload($name)) { 76 $data = array('error' => $this->upload->display_errors()); 77 78 } else { 79 $data = array('upload_data' => $this->upload->data()); 80 } 81 82 return $data; 83 } 84 85 protected function wcheck_addurl() 86 { 87 if (!isset($_SERVER['HTTP_REFERER']) || ($_SERVER['HTTP_REFERER'] != 'http://admin.domain.cn/login/in ' && $_SERVER['HTTP_REFERER'] != 'http://admin.domain.cn/wa')) { 88 header('Location: http://admin.domain.cn'); 89 die(); 90 } 91 } 92 93 94 protected function wno_cookie() 95 { 96 //没有cookis 97 if (empty($this->wgen_cookie)) { 98 $this->wdanger(); 99 } 100 } 101 102 protected function wdanger() 103 { 104 105 sleep(13); 106 header('Location: http://www.0.www'); 107 header('Location: http://www.1.www'); 108 die('die'); 109 } 110 }
0-登录后台
admin.w.cn
1-登录成功
admin.w.cn/wa
2-tab本地切换至提交商品页
3-访问wa控制器wadd方法提交商品信息
目的实现:指引合法者不合适的访问路径、禁止非法者的非法的访问路径。
