noFrame在oschina托管地址:https://git.oschina.net/yii153/noFrame
noFrame在github托管地址:https://github.com/yii153/noFrame
目前noFrame的结构如下
|-Databases 数据库目录,该目录只能包含数据库类,且除Database类之外的所有类都要实现Database接口【仅供参考】
|-Database.class.php 数据库连接类,应用中链接数据库只需要引用该类并创建该类的对象【仅供参考】
|-Database.interface.php 数据库接口,定义了数据库类要实现的方法【仅供参考】
|-Mysql.class.php mysql数据库类,需要实现Database接口【仅供参考】
|-SqlServer.class.php sqlserver数据库类,需要实现Database接口【仅供参考】
|-Example 示例目录【仅供参考】
|-System.class.php 系统类,提供了欢迎信息,版本信息,入库示例,查询示例。可直接通过$webRoot/entrance.php/Example/System/$method调用获取信息【仅供参考】
|-Utils 工具目录【仅供参考】
|-Util.class.php 工具类,提供了请求执行成功,请求执行失败,请求执行成功并返回数据。可引用Util类并通过Util::$method调用【仅供参考】
|--LICENSE LICENSE文件
|--README.md README文件
|--entrance.php 入口文件【核心文件】
注:【仅供参考】部分可根据实际项目需要修改或删除。
noFrame 实现单一入口,类自动载入,全局类映射(可以通过单一入口映射任意目录中的任意类的任意公用方法,不局限于目录和层级),noFrame提供pathinfo模式和兼容模式两种入口模式,noFrame默认全局开启session,noFrame自带错误处理。noFrame不需要额外安装任何拓展和环境部署,只需拷贝到noFrame到您的web根目录下即可使用。并且,所有这些功能的实现都是通过一个文件来完成的。
noFrame以entrance.php(入口文件)作为核心文件。使用只需将该文件拷贝到应用根目录下,便可以快速开发出一套基于MVC、单一入口、类自动载入的应用。
noFrame基于PSR-0规范,类文件除类外不得有其他执行代码,所有类使用命名空间,命名空间和类的绝对路径一致,类名和路径名首字母大写,所有类自动载入。
下面以调用未知目录下的$Class类的$method方法为例
namespace $Folder_a\$Folder_b\Folder_c\...\$Folder_z; 命名空间与该文件的路径保持一致
use $Folder_d\$Folder_e\Folder_f\...\$IncludeClass; 引用其他目录下的类文件
use $Folder_g\$Folder_h\Folder_i\...\$IncludeStaticClass; 引用其他目录下的静态类文件
class $Class 创建类
{
public function $method() 创建public方法
{
$IC = new $IncludeClass(); 创建引用类的对象
$IC->$method(); 调用该对象的方法
$IncludeStaticClass::$method(); 调用引用静态类的方法
}
}
支持pathinfo的服务器环境调用地址如下
entrance.php/$Folder_a/$Folder_b/Folder_c/.../$Folder_z/$Class/$method
不支持pathinfo的服务器环境调用地址如下
entrance.php?$Folder_a/$Folder_b/Folder_c/.../$Folder_z/$Class/$method
pathinfo模式和兼容模式的调用区别仅仅是在entrance.php后面的/和?的区别。
noFrame对于请求的响应做了如下约定,具体可以参考Example下的System.class.php,当然你可以根据实际情况调整或修改其约定。
1.返回信息一定为json字符串
2.返回信息一定包含请求处理成功为真/假的信息
3.请求处理成功为假则一定包含错误信息。
4.完成请求后,将响应信息转成json对象,如果请求处理成功为假,则打印错误信息并返回。否则打印成功信息或解析数据
服务端示例 //Controller/Test/test
try{
//do some thing...
Util::echo_success();
}catch (Exception $e){
Util::echo_error($e->getMessage());
}
客户端示例 //entrance.php/Controller/Test/test
if(!response.success) {
alert(response.message);
return;
}
alert('success');
在使用过程中出现什么问题或bug可以反馈给我,以便及时更正

Effective methods to prevent session fixed attacks include: 1. Regenerate the session ID after the user logs in; 2. Use a secure session ID generation algorithm; 3. Implement the session timeout mechanism; 4. Encrypt session data using HTTPS. These measures can ensure that the application is indestructible when facing session fixed attacks.

Implementing session-free authentication can be achieved by using JSONWebTokens (JWT), a token-based authentication system where all necessary information is stored in the token without server-side session storage. 1) Use JWT to generate and verify tokens, 2) Ensure that HTTPS is used to prevent tokens from being intercepted, 3) Securely store tokens on the client side, 4) Verify tokens on the server side to prevent tampering, 5) Implement token revocation mechanisms, such as using short-term access tokens and long-term refresh tokens.

The security risks of PHP sessions mainly include session hijacking, session fixation, session prediction and session poisoning. 1. Session hijacking can be prevented by using HTTPS and protecting cookies. 2. Session fixation can be avoided by regenerating the session ID before the user logs in. 3. Session prediction needs to ensure the randomness and unpredictability of session IDs. 4. Session poisoning can be prevented by verifying and filtering session data.

To destroy a PHP session, you need to start the session first, then clear the data and destroy the session file. 1. Use session_start() to start the session. 2. Use session_unset() to clear the session data. 3. Finally, use session_destroy() to destroy the session file to ensure data security and resource release.

How to change the default session saving path of PHP? It can be achieved through the following steps: use session_save_path('/var/www/sessions');session_start(); in PHP scripts to set the session saving path. Set session.save_path="/var/www/sessions" in the php.ini file to change the session saving path globally. Use Memcached or Redis to store session data, such as ini_set('session.save_handler','memcached'); ini_set(

TomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe

Arrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.

PHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

SublimeText3 Chinese version
Chinese version, very easy to use

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function

SublimeText3 Linux new version
SublimeText3 Linux latest version

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
