__destruct()析构函数的执行时刻 __construct()构造函数传入参数 构造函数与后台登录安全

 

 

<?php

class test_construct_avg
{
    function __construct($input = '')
    {
        $this->input = $input;
    }

    function w()
    {
        var_dump($this);
        var_dump($this->input);
    }

    function change_construct_avg($new_input)
    {
        $this->input = $new_input;
    }
}

$w = new test_construct_avg(45335);
$w->w();
$w->change_construct_avg('new_input');
$w->w();

die();

 

 

C:\>php D:\wamp64\www\w.php
object(test_construct_avg)#1 (1) {
  ["input"]=>
  int(45335)
}
int(45335)
object(test_construct_avg)#1 (1) {
  ["input"]=>
  string(9) "new_input"
}
string(9) "new_input"

C:\>

 

 

 

__destruct()析构函数的执行时刻

C:\>php D:\wamp64\www\w.php
In constructor
object(test)#2 (1) {
  ["test"]=>
  int(45335)
}
int(45335)
object(PHPTree1)#3 (3) {
  ["MinDataLevelNum"]=>
  string(2) "w2"
  ["DBPrimaryKeyFieldName"]=>
  string(2) "w0"
  ["DBParentFieldName"]=>
  string(2) "w1"
}
wwwDestroying MyDestructableClass

 

 

<?php

class MyDestructableClass
{
    function __construct()
    {
        print "In constructor\n";
        $this->name = "MyDestructableClass";
    }

    function __destruct()
    {
        print "Destroying " . $this->name . "\n";
    }
}

$obj = new MyDestructableClass();

class test
{
    public $test = '';

    function __construct($input = '')
    {
        $this->test = $input;
    }

    function getTest()
    {
        return $this->test;
    }

    function w()
    {
        var_dump($this);
        var_dump($this->test);
    }
}

$w = new test(45335);
$w->w();

class PHPTree1
{
    function __construct($DBPrimaryKeyFieldName, $DBParentFieldName, $MinDataLevelNum = 0)
    {
        $this->MinDataLevelNum = $MinDataLevelNum;
        $this->DBPrimaryKeyFieldName = $DBPrimaryKeyFieldName;
        $this->DBParentFieldName = $DBParentFieldName;
    }

    function w()
    {
        var_dump($this);
    }
}

$w = new PHPTree1('w0', 'w1', 'w2');
$w->w();

echo 'www';
die();

 

 

 

 

对__construct()构造函数传入参数，提高代码的复用性。

<?php
class PHPTree1
{
    function __construct($DBPrimaryKeyFieldName, $DBParentFieldName, $MinDataLevelNum = 0)
    {
        $this->MinDataLevelNum = $MinDataLevelNum;
        $this->DBPrimaryKeyFieldName = $DBPrimaryKeyFieldName;
        $this->DBParentFieldName = $DBParentFieldName;
    }
    function w()
    {
        var_dump($this);
    }
}
$w = new PHPTree1('w0', 'w1', 'w2');
$w->w();

die();

 

 

构造函数与后台登录安全

w

前言

0-访问后台安全方面暂且考虑客户端浏览器cookie和客户端的访问历程；

1-后台控制器中登录控制器相对其他业务控制器单列，暂未写安全控制器；

2-cookie是成功登录后被存储到客户端单个浏览器的，不考虑cookie的篡改，即有cookie则判定为合法身份，暂未进一步读取数据库校验合法性；

假设

0-在无cookie的情况下，访问后台非登录控制器的方法的行为，直接判定为恶意访问；

1-在有cookie的情况下，访问后台非登录控制器的方法的行为，如果前路径不对，则返回至登录界面。

 

 

 

<?php

defined('BASEPATH') OR exit('No direct script access allowed');


class Wa extends CI_Controller
{


    public $wgen_cookie = '';

    function __construct()
    {
        parent::__construct();
        $this->load->helper('cookie');
        $this->wgen_cookie = get_cookie('wdomain_login', NULL);
        $this->wno_cookie();
    }


    public function index()
    {
        $this->load->view('w_wa');
    }

    public function wadd()
    {

        $this->wcheck_addurl();
        $w5 = $this->wgen_cookie;
        $this->load->model('item_test');

        $wserver_name = array();

        for ($w = 0, $len = $_POST['winput']; $w < $len; $w++) {
            $wcheck = $this->do_upload('wimg' . $w);

            if (array_key_exists('error', $wcheck)) {
                $wserver_name[] = '@w@';

            } elseif (array_key_exists('upload_data', $wcheck)) {
                $wserver_name[] = $wcheck['upload_data']['file_name'];

            }

        }


        $wimg_json = json_encode($wserver_name);
        $wimg_string = implode(',', $wserver_name);


        $arr = array('name' => $_POST['w0'], 'desc' => $_POST['w1'], 'price_in' => $_POST['w2'], 'price_out' => $_POST['w3'], 'selling' => $_POST['w4'], 'author' => $w5, 'img' => $wimg_json, 'img_string' => $wimg_string, 'img_json' => $wimg_json);
        $warr = array('Msg' => 'Some errors occured.');
        if ($this->item_test->u_insert($arr)) $warr = array('Msg' => 'SUCCEED');
        echo json_encode($warr);
        $this->load->view('w_wa');


    }


    function do_upload($name)
    {

        $config['upload_path'] = './uploads/';
        $config['upload_path'] = './wsta/witem/';
        $config['allowed_types'] = 'gif|jpg|png';
        $config['max_size'] = 10 * 1024;
        $config['max_width'] = 3 * 1024;
        $config['max_height'] = 3 * 1024;

        $this->load->library('upload', $config);

        if (!$this->upload->do_upload($name)) {
            $data = array('error' => $this->upload->display_errors());

        } else {
            $data = array('upload_data' => $this->upload->data());
        }

        return $data;
    }

    protected function wcheck_addurl()
    {
        if (!isset($_SERVER['HTTP_REFERER']) || ($_SERVER['HTTP_REFERER'] != 'http://admin.domain.cn/login/in ' && $_SERVER['HTTP_REFERER'] != 'http://admin.domain.cn/wa')) {
            header('Location: http://admin.domain.cn');
            die();
        }
    }


    protected function wno_cookie()
    {
        //没有cookis
        if (empty($this->wgen_cookie)) {
            $this->wdanger();
        }
    }

    protected function wdanger()
    {

        sleep(13);
        header('Location: http://www.0.www');
        header('Location: http://www.1.www');
        die('die');
    }
}

 

0-登录后台

admin.w.cn

1-登录成功

admin.w.cn/wa

2-tab本地切换至提交商品页

3-访问wa控制器wadd方法提交商品信息

 

目的实现：指引合法者不合适的访问路径、禁止非法者的非法的访问路径。