media-bank

Table of content:

• ⚙️ Prerequists
• 📐 Conception
• 🚀 Usage
• 🏟️ Hosting
• 👨🏻‍💻 Development
  • ☑️ Types
  • ☑️ Response
  • ☑️ Object
  • ☑️ Structures
  • ☑️ Routing
  • ☑️ Template
  • ☑️ Globals
  • ☑️ XSS
  • 📝 TPS1
  • ❌ Data access
  • ❌ Session
  • ❌ CSRF
  • ❌ Side Effect
  • ❌ API
  • ❌ Cache

---

⚙️ Prerequists

☑️ IDE

PHPStorm

https://www.jetbrains.com/fr-fr/phpstorm/download/#section=windows

☑️ PHP Distribution

PHP 7.4.3 with XAMPP

https://www.apachefriends.org/download.html

• Run server

php -S localhost:8000

• Run server in a dir

php -S localhost:8000 -t public/

☑️ Package manager

Composer

Window: https://getcomposer.org/Composer-Setup.exe

Other: https://getcomposer.org/installer

• Execute

composer

• Execute locally

php composer.phar

• Declare a project

composer init 

File composer.json describe the project

• Install dependencies

composer install

• Install a package

composer require vendor/package-name

• Generate autoload

composer dump-autoload

Packages are avalaible on: https://packagist.org/

☑️ Migration

Execute

• serie_-_bank.sql

☑️ Skeleton

Coding style

• PSR-1: https://www.php-fig.org/psr/psr-1/

• PSR-2: https://www.php-fig.org/psr/psr-2/

Folders

• config/ : configuration files

File use json, xml or yml extension

• public/: web server files
  • index.php: entry point

Handle all HTTP requests

• src/ : PHP source code

Contain classes

• templates/: HTML view files

Contain views

• uml/: MDJ, JPG diagrams

Contain diagrams

---

📐 Conception

✔️ Use Cases

Authentification

Media item

✔️ Package

✔️ Class

Entity

Controller

Form

✔️ Sequence

Create user

Update user

Login

Logout

Suspend user

Forgot password

❌ Activity

✔️ Component

✔️ Deployment

---

🚀 Usage

☑️ Run

• Generate autoloader

composer dump-autoload

• Install npm dependencies

cd public
npm install
cd ..

• Run server in public

php -S localhost:8000 -t public

• Open your web browser at: http://localhost:8000

---

🏟️ Hosting

AlwaysData

Create an account, this gives you access to a disk space, a domain name and a database.

Account informations:

• ☑️ username
• ☑️ password
• ☑️ url du site

FTP informations:

• ☑️ host
• ☑️ port
• ☑️ username
• ☑️ password

FTP client:

• FileZilla: https://filezilla-project.org/

BDD information:

• ☑️ name
• ☑️ port
• ☑️ username
• ☑️ password

⚠️ Deployment problem

URL not Found

The server does not authorize URLs, xampp have same comportment.

✔️ Allow URLs

• You must place a .htaccess at the root of public

.htaccess

# Deny access to the .htaccess file and will trigger a 403 status code
<Files .htaccess>
    order allow,deny
    deny from all
</Files>
#Use index.php for project entry point
DirectoryIndex index.php
#Turn RewriteEngine to On
RewriteEngine On
#Deliver static file
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
#Trigger index.php and add query string append flag
RewriteRule ^(.*)$ index.php [QSA,L]

---

👨🏻‍💻 Developement

---

✔️ Types

Type void and resource are not represented:

/** @var null */
$foo = null;

/** @var int */
$foo = 33;

/**@var float */
$foo = 33 / 33;

/**@var bool */
$foo = true;

/**@var string */
$foo = "Hello";

/** @var array */
$foo = [];

/** @var stdClass */
$foo = new stdClass();

Var identifier can be dynamic:

$foo = "bar";
$$foo = "baz";
echo $bar; //baz

---

✔️ Response

Send header and body:

//Protocol and status
header("HTTP/1.1 404 TOTO");
//Add header
header("Content-Type: text/html");
//Add Body content
echo "Hello World";
//Import a file and add content to body
include "./foo.html";

---

✔️ Object Oriented Programming

The procedure describe how to instanciate a class with PHP

• Specify your vendor name for your src folder

composer.json

"autoload": {
    "psr-4": {
        "App\\": "src/"
    }
}

• Generate the autoloader

composer dump-autoload

• Require the autoloader

index.php

require "./../vendor/autoload.php"

---

✔️ Structures

• if else

if () {
} elseif () {
} else {
}

• foreach

foreach ($myArray as $key => $value) {
}

• try catch

try {
    echo "Always executed";
    $dbh = new PDO;
    echo "Never executed";
} catch (Throwable $e) {
    echo "Catched";
}

---

✔️ Routing

Requests are handle by one file: "index.php".

An URL is associated to a controller method

index.php

<?php

require '../vendor/autoload.php';

$url = "/";
if (array_key_exists("REDIRECT_URL", $_SERVER)) {
    $url = $_SERVER["REDIRECT_URL"];
} else if (array_key_exists("PATH_INFO", $_SERVER)) {
    $url = $_SERVER["PATH_INFO"];
}

$routes = [
    "/login" => [
        "controller" => "App\Controller\AuthentificationController",
        "method" => "login"
    ]
];

foreach ($routes as $key => $value) {
    if ($url === $key) {
        $className = $value["controller"];
        $obj = new $className;
        $methodName = $value["method"];
        $obj->$methodName();
    }
}

👨🏻‍💻 Manipulation

With the if and the try catch:

• Propose a 404 page if no route matches

• Propose a page "site under maintenance" if a Throwable has been throwed

⚠️Problems:

We need to enforce routing for dynamic URL.

---

✔️ Template

👨🏻‍💻 Manipulation

For "/ login" and "/ signup"

You must display a login and account creation page.

These pages or parts of pages, reside in the "templates" folder, the controller must include them.

These files must have the extension ".html.php".

For HTML creation, copy and paste bootstrap documentation.

⚠️Problems:

• Include path: all relative paths are relative to the execution point (index.php), path maintenance problem

• reusability: we repeat html, head, body

✔️ Solutions:

• Include path: be able to start the path from the current directory.

include __DIR__ . "/../../templates/foo.html.php";

• reusability: create header and footer file to include on each page.

templates
|- authentification
|_| - template.html.php
|- _header.html.php
|- _footer.html.php

Managing CSS and JS

👨🏻‍💻 Manipulation

with a front-end package manager of your choice:

• Initialize project in the pblic folder

npm init

• Install your dependencies

npm install bootstrap --save

• Add scripts and links to your projects

<link 
    rel="stylesheet" 
    type="text/css" 
    href="/node_modules/bootstrap/dist/css/bootstrap.css"
/>

<script type="text/javascript" src="/node_modules/bootstrap/dist/js/bootstrap.js"></script>

Remember that template are display by in the public folder

⚠️Problems:

If you do not use webpack, missing depencies throw errors

✔️ Solutions:

Install and declare dependencies

👨🏻‍💻 Manipulation

Use your CSS framework for set elements dimension and position

---

✔️ Globals

$_GET store parameters of the URL.

http://localhost:8000/signup?name=toto&email=tata

$_POST store parameters of a POST request.

⚠️ Prerequist for obtain POST parameters:

• Request must send header "Content-Type: application/x-www-form-urlencoded"

• Request must use POST method

• Data must be attached to an index, correponding to the name attribute value of an input

⚠️ Do not use superglobal directly because you can affect a value to them, use filter_input instead

✔️ filter_input

$value = filter_input(
     INPUT_POST,
    "foo"
);

👨🏻‍💻 Manipulation

• Use filter_input instead of superglobals

👨🏻‍💻 Manipulation

With form diagram:

• Create forms
• Fill entities with inputs value
• Display filled entities in the template

👨🏻‍💻 Manipulation

With form:

• Manage errors

---

✔️ XSS

Security issue: Cross Site Scripting

An user can inject script in your display.

• Example for an input

"><script>alert(0)</script>

" onblur="alert(this.value)" 

Never trust user, you have to escape input data before displaying.

✔️ filter_var

echo filter_var(
    $myVar,
    FILTER_SANITIZE_FULL_SPECIAL_CHARS
);

Documentation on filters: https://www.php.net/manual/en/filter.filters.sanitize.php

👨🏻‍💻 Manipulation

• Use filter_var for display user input

---

❌ Data access

---

❌ Session

---

❌ CSRF

---

❌ Side Effect

---

❌ API

---

❌ Cache

---