SartajPHP ( PHP Framework )

Quick Start

Basics

Design UI

Examples

Demo App

Secure Your Website

Secure Your Website

We need to secure our website. Here I explain how you secure your website with in SartajPHP. Put the code onstart event of application. SartajPHP application understand you as GUEST when you are not login. After the login your type is defined by application developer.

class login extends \Sphp\tools\BasicApp {

    private $mainhome = null;
    private $showhome = null;

    public function onstart() {

        // this application can access by ADMIN or GUEST type in session, if you something else then it will call getWelcome function from comp.php file
        $this->getAuthenticate("ADMIN,GUEST");
       //  Use Session Security, App can only access with valid session
       $this->getSesSecurity();
      // use permissions for authentication
    // this work like same as getAuthenticate
     $this->page->getAuthenticatePerm("GUEST,ADMIN,MEMBER");
    // you can declare permissions when you register app
    /*  registerApp("pkgs", __DIR__ . "/apps/pkgs.app","","My Permission Title",
    array(["view","Permission View"],["add","Add Record"],["delete","Delete Record"]));
 you can also set the menu with permisions in menu file like:-
// this menu will only show if permission system is enable and user login as MEMBER or ADMIN
 $this->sphp_api->addMenu("Account",'',"","root",false,"ADMIN,MEMBER");
  $this->sphp_api->addMenuLink("Packages",getAppURL('pkgs'),"","Account",false,"pkgs-view");
*/
   /* check permission pkgs-view for current user
 pkgs is controller of current application so no need
  $this->page->getAuthenticatePerm("view");
if you need to check another app permission then use:-
$this->page->hasPermission("view","pkgs"); 
OR
if you extend PermisApp or AutoAppPermis class then
$this->hasPermission("view","pkgs"); 
OR
SphpBase::sphp_permissions()->hasPermission("pkgs-view");
*/
    }

    public function page_event_login($evtp){

        // any function get record from database

        $row = $this->getRow($evtp);

         if(!getCheckErr()) {
             $this->Client->session('admin-name', $row['name']);
             //setSession with Authenticate type ADMIN, you can give anything isn't fix
           // you have full power to design any type of authentication system
             setSession('ADMIN', $row['id']);
             getWelcome();
        }else {
            setErr('app', 'Invalid User or Password' );
            $this->setTempFile($this->mainhome);
        }

    }    

    public function page_event_logout($param) {
        destSession();

        $this->page->forward(getAppPath("index"));
   }

}

comp.php file getWelcome Function for froward to  corect url according to login type

function getWelcome() {
    $page = SphpBase::page();
    $logType = SphpBase::page()->getAuthenticateType();

    switch ($logType) {

        case "ADMIN": {
                $page->forward(getAppURL("admhome", '', '', true));
                break;
            }

        case "MEMBER": {
                $page->forward(getAppURL("mebhome", '', '', true));
                break;
            }

        default: {
                $page->forward(getAppURL("index"));
                break;
            }
    }
}