Upload
bo-yi-wu
View
1.790
Download
1
Embed Size (px)
DESCRIPTION
實戰 CodeIgniter
Citation preview
2
關於我
Bo-Yi Wu (appleboy)– Blog: http://blog.wu-boy.com/– Github: https://github.com/appleboy– CodeIgniter 站長– Laravel 站長
11
常用管理介面路徑
● /admin/● /phpMyAdmin/● /adminLogin/● /manage/● /management/● /root/● /wp-admin/
政府機關、學校機構、電信業者
23
如何防禦
● 不要在正式產品環境中進行開發● 關閉編輯器自動備份● 伺服器過濾檔案下載
– Nginx
# Prevent clients from accessing to backup/config/source fileslocation ~* (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ { deny all;}
25
版本控管
http://xxxx.com/.git/confighttp://xxxx.com/.githttp://xxxx.com/.svn
29
SQL Injection
SELECT id FROM users WHERE email = ‘$email‘ and password = ‘$password’;
SELECT id FROM users WHERE email = ‘$email‘ and password = ‘anything' OR ‘1’ = ‘1’;
30
如何防禦
● 請不要相信使用者任何輸入字串● 正規比對格式
– preg_match(‘/^(\w)+$/’, $string);– 使用 framework 提供 escape 函式
● 型態轉換 Typecasting
31
型態轉換 Typecasting
$var = (array) $var;$var = (binary) $var;$var = (bool) $var;$var = (boolean) $var;$var = (double) $var;$var = (float) $var;$var = (int) $var;$var = (integer) $var;$var = (object) $var;$var = (real) $var;$var = (string) $var;
38
繁中文件目前只有 CodeIgniter 、 Laravel 有繁中文件
http://codeigniter.org.tw/user_guide/http://bit.ly/ci-userguide
40
EllisLab Seeking New Owner for CodeIgniter
http://bit.ly/ci-seek-new-owner
42
3.0 版本有超過100 個 bug fixed
100 個 feature commit
http://bit.ly/ci-changelog
51
ApacheRewriteEngine onRewriteBase /RewriteCond $1 !^(index\.php|robots\.txt|$)RewriteRule ^(.*)$ index.php/$1 [L,QSA]
53
使用此架構好處
● 避免 .git 曝露
● 根目錄可以放其他設定檔– .editorconfig– .gitignore– gulpfile.coffee– bower.js– package.json
54
作業一
● 建立一個 virtual host: ci.localhost● 安裝 codeigniter 2.2.0● 移除 url 的 index.php 字串
– http://ci.localhost/welcome
56
核心架構● core
– Controller, Model, Router, Loader, Input …● database
– MySQL, ODBC, MSSQL, Sqlite …● helpers
– email, url, text, number, language …● language
– zh-tw, zh-cn, english …● libraries
– Form, Image, Session, Email, Pagination
58
擴充核心函式庫
● core– MY_Model, MY_Controller, MY_Input ….
● libraries– MY_Email, MY_Upload ….
● helpers– MY_array_helper ….
60
讀取優先順序
● application/libraries/MY_Email.php● application/libraries/Email.php● system/libraries/Email.php● application/libraries/MY_email.php● application/libraries/email.php● system/libraries/email.php
66
擴充 Core Language$ cp application/config/language.php app/application/config/ $ cp application/core/MY_Lang.php app/application/core/
67
設定
$config['language_field'] = 'lang';$config['language_key'] = 'en-us'; $config['language_list'] = array( 'en-us' => 'english', 'zh-tw' => 'zh-tw‘);
72
簡介class Topic_model extends MY_Model { } $this->load->model('topic_model', 'topic');$this->topic->get_all();$this->topic->get(1);$this->topic->get_by('title', 'Pigs CAN Fly!');$this->topic->get_many_by('status', 'open');
$this->topic->insert(array( 'status' => 'open', 'title' => "I'm too sexy for my shirt"));
$this->topic->update(1, array( 'status' => 'closed' ));$this->topic->delete(1);
77
Callbacks
● $before_create ● $after_create ● $before_update ● $after_update ● $before_get ● $after_get ● $before_delete ● $after_delete
78
範例
class Topic_model extends MY_Model{ public $before_create = array( 'timestamps' );
protected function timestamps($topic) { $topic['created_at'] = date('Y-m-d H:i:s'); $topic['updated_at'] = date('Y-m-d H:i:s'); return $topic; }}
79
參數處理
public $before_create = array('data_process(name)');public $before_update = array('data_process(date)');
protected function data_process($row){ $row[$this->callback_parameters[0]] = $this-
>_process($row[$this->callback_parameters[0]]);
return $row;}
80
驗證 Validation
class User_model extends MY_Model{ public $validate = array( array( 'field' => 'email', 'label' => 'email', 'rules' => 'required|valid_email|is_unique[users.email]' ), array( 'field' => 'password', 'label' => 'password', 'rules' => 'required' ), array( 'field' => 'password_confirmation', 'label' => 'confirm password', 'rules' => 'required|matches[password]' ), );}
82
忽略資料驗證$this->user_model->skip_validation();
$this->user_model->insert(['email' => 'blah'], true);
84
$this->topic_model->insert(array( 'id' => 2, 'title' => 'A new topic'));
// INSERT INTO topics (title) VALUES ('A new topic')
86
$this->topic_model ->as_array() ->get(1);$this->topic_model ->as_object() ->get_by('column', 'value');
87
Soft Delete
class Topic_model extends MY_Model{ protected $soft_delete = true; protected $soft_delete_key = 'deleted';}
88
$this->topic_model->get(1); // SELECT * FROM topics WHERE id = 1 and
deleted = 0 $this->topic_model->only_deleted()->get(1); // SELECT * FROM topics WHERE id = 1 AND
deleted = 1 $this->topic_model->with_deleted()->get(1); // SELECT * FROM topics WHERE id = 1
89
內建 Observers
class Topic_model extends MY_Model{ public $before_create = ['created_at',
'updated_at']; public $before_update = ['updated_at'];}
91
作業三
● 實做最新消息系統– 建立 topics 資料表
● id, title, description, is_feature, created_at, updated_at
● 實做 CRUD ( 新增 , 刪除 , 修改 , 查詢 )● 實做置頂功能
92
Relationships
class Topic_model extends MY_Model{ public $belongs_to = ['user']; public $has_many = ['comments'];}
94
指定相關資料表
class Topic_model extends MY_Model{ public $belongs_to = ['user' => ['model' =>
'user_m']]; public $has_many = ['comments' => ['model'
=> 'model_comments']];}
95
讀取資料
$topic = $this->topic_model ->with(user') ->with('comments') ->get(1);
echo $topic->user->name;
foreach ($topic->comments as $comment) { echo $message;}
96
SQL 表示
● SELECT * FROM users WHERE id = $topic->user_id
● SELECT * FROM comments WHERE topic_id = $topic->id
97
更換 Primary Key
class Topic_model extends MY_Model{ public $belongs_to = ['user' => ['primary_key' => 'post_user_id']]; public $has_many = ['comments' => ['primary_key' => 'parent_topic_id']];}
102
設定檔資料表
$config['tables']['users'] = 'users';$config['tables']['groups'] = 'groups';$config['tables']['users_groups'] = 'users_groups';$config['tables']['login_attempts'] = 'login_attempts';$config['join']['users'] = 'user_id';$config['join']['groups'] = 'group_id';
103
會員認證設定$config['admin_email'] = "[email protected]"; $config['default_group'] = 'members'; $config['admin_group'] = 'admin'; $config['identity'] = 'email'; $config['min_password_length'] = 8; $config['max_password_length'] = 20; $config['email_activation'] = FALSE; $config['manual_activation'] = FALSE; $config['remember_users'] = TRUE; $config['user_expire'] = 86500; $config['user_extend_on_login'] = FALSE; $config['track_login_attempts'] = FALSE; $config['track_login_ip_address'] = TRUE; $config['maximum_login_attempts'] = 3; $config['lockout_time'] = 600; $config['forgot_password_expiration'] = 0;
104
電子郵件表單
$config['email_templates'] = 'auth/email/';$config['email_activate'] = 'activate.tpl.php';$config['email_forgot_password'] = 'forgot_password.tpl.php';$config['email_forgot_password_complete'] = 'new_password.tpl.php';
105
自訂錯誤訊息
● $config['message_start_delimiter'] = '<p>'; ● $config['message_end_delimiter'] = '</p>'; ● $config['error_start_delimiter'] = '<p>';● $config['error_end_delimiter'] = '</p>';
106
Template模組A Lightweight Codeigniter Template Libray
http://bit.ly/ci-template
109
新增 CSS連結$this->template->add_css("/min.css", "screen");
// <link href="/min.css" rel="stylesheet" type="text/css" media="screen" />
110
新增 JavaScript連結$this->template->add_js("/index.js", true);// <script src="/index.js" type="text/javascript"></script>
111
動態新增 Meta Tag$this->template->add_meta_tag("og:title", "Test Title",
'property');//output <meta property="og:title" content="Test Title" /> $this->template->add_meta_tag("keywords", "some
keywords"); // output <meta name="keywords" content="some
keywords" />
115
作業五
● 整合會員到最新消息系統– 登入後才可以修改及發表– 管理者才可以刪除文章
● 整合 Template模組– 加入 jQuery元件 http://jquery.com/– 加入 Bootstraphttp://getbootstrap.com/
119
格式 FormatJSON, XML
你不可不知的 JSON 基本介紹
120
JSON usage in JavaScript
var output = { ‘title’: ‘I am appleboy.’, ‘desctiption’: ‘CodeIgniter in Action.’};
121
JSON usage in PHP
json_encode* http://bit.ly/php-json-encode
json_decode* http://bit.ly/php-json-decode
123
傳統
● /topic/create ● /topic/show/1 ● /topic/update/1 ● /topic/destroy/1
現在
● POST /topic● GET /topic/1 ● PUT /topic/1 ● DELETE /topic/1
125
安裝方式
● application/libraries/Format.php● application/libraries/REST_Controller.php● application/config/rest.php
126
範例
class Topic extends REST_Controller{ public function index_get() { // Display all topics } public function index_post() { // Create a new topic }}
127
參數
● $this->get('blah'); // GET ● $this->post('blah'); // POST ● $this->put('blah'); // PUT ● $this->delete('blah'); // DELETE
128
Response回覆
public function index_delete($id)
{
$this->response([
'returned from delete:' => $id,
]);
}
129
Response回覆
● // Send an HTTP 201 Created● $this->response($book, 201);● // HTTP 404 Not Found● $this->response([]);
131
建立 API KEY 資料表
CREATE TABLE `keys` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`key` varchar(40) NOT NULL,
`level` int(2) NOT NULL,
`ignore_limits` tinyint(1) NOT NULL DEFAULT '0',
`date_created` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
133
作業六
● 實作 Topic RESTful API 撰寫– /api/topic GET 新聞列表– /api/topic/{id} GET單一新聞列表– /api/topic/{id} PUT 更新新聞– /api/topic POST 建立新聞– /api/topic/{id} DELETE刪除新聞
● 用 jQuery AJAX搭配後端 CRUD 功能● 整合 Facebook登入 API
135
參考文獻
● CodeIgniter 台灣官網– http://codeigniter.org.tw/
● 被遺忘的資訊洩漏-重點回顧– http://goo.gl/UO7Akz