Diving Deeper
This page shows some of the internal working parts and features of the mvcSPA platform
User Session $_SESSION
A session is a way to store information (in variables) to be used across multiple pages.
Anytime a user logs in, session variables are stored with user particulars like organization, userid, userlevel, user role, activity timestamp
(see: models/login_model.php).
This session information is temporary and is usually deleted after the user has left the website.
A static Session class is always loaded and available, which contain some useful session manipulation functions.
Session Class Functions
- set() - e.g. Session::set ('orgid', $orgid)
- get() - e.g. $orgid = Session::get ('orgid');
- .. additional functions are available (see: libs/Session.php)
MVC Routing
Initial routing for the MVC platform is done thru Apache via .htaccess located in the project root directory.
The AltoRouter is automatically loaded and is available for fancier mapping routing requests. (See link above)
Controller User Authorization
The user has an assigned userlevel based on his primary user role [1 - 98].
Each user role has an assigned userlevel. The Auth class located in libs/Auth.php controls which
user has access to which controller. If the user does not have the user role or proper level, he is denied access.
The Auth class controls user access, timeout: controller === user role
- by excluding users from navigating to user roles NOT assigned to them
- by excluding users from navigating to controllers above their primary userrole authority level
- by excluding users with blockcode which exclude certain controller functionality
( see: Menu AppControl -> User Method Block ) - by blocking users within a system defined ip address blacklist
- tracks user idle activity, forcing a timeout ( default: 24 minutes, see: config/config.php )
function __construct() {
parent::__construct();
$auth = new Auth(); // controls Authority to execute controller
$auth->allow($userlevel=20); // controller userlevel: 20
}
Controller CSS/JS Library Includes
In every Controller class, the startup method is index(), you can make specific Style Sheets (.css) and
javascript/jQuery libraries available to the controller via the following commands:
- regular stylesheet - $this->view->css[] - (preferred way, invoked in index method)
- network stylesheet - $this->view->cdncss[]
- method stylesheet - $this->view->methodcss[]
- regular javascript - $this->view->js[] - (preferred way, invoked in index method)
- network javascript - $this->view->cdnjs[]
- method javascript - $this->view->methodjs[] - (does not work well with complex plugins)
NOTE: some generic styles and scripts are already defined in [ views/top.php, views/footer.php ]
... like bootstrap, jquery and the included spadash theme assets.
Additionally, having assets located locally, reduces the number of failure points in your application
function index() {
$this->view->title = "myProject/Controller"; // shows on browser tab
// stylesheets - will load at page header
$this->view->css[] = 'public/path/abc.min.css';
$this->view->cdncss[] = 'https://network-url/xyz.css'; // network
// javascripts - will load at end of body
$this->view->js[] = 'public/path/abc.min.js';
$this->view->cdnjs[] = 'https://network-url/xyz.js'; // network
$this->view->anyvariable = "some value"; // accessible in page/view
// shows html page/view in [views/controller/index.php]
$this->view->render('controller/index');
}
User Control - defines system user roles
The usercontrol table defines the user roles, userlevel [1-99] and controller class designation.
A user role is defined by its role type and role code combination. Users can be assign to any number of user roles.
When logging in any user having a primary user role, will be presented with the corresponding associated mvcspa page.
UserControl maintenance is done, via [SysAdmin] -> App Control -> UserControl menu option.
Below are some sample user roles [ RoleType : RoleCode ]:
- 'ROLE' : 'SYADMIN'
- 'ALTERNATE' : 'CUSTSVC' .. when defining modified version of an existing role
User Group - aggregates users into groups
(Optional) The usergroup table contains the group prefix (2 char) associated with the group code.
User roles can be assign to any group code, if it follows the group prefix controller class naming convention.
Any user role belonging to a group will be associated with a specific roletype / rolecode.
UserGroup maintenance is done, via [SysAdmin] -> App Control -> User Group menu option.
This feature is good for horizontally organized applications. Users can be grouped into departments, sections, etc.
This feature is purely for documentation purposes. e.g. by assigning group prefix to controller classes, you can identify
processes belonging to a department.
User Method Block - denies method access
The user method block table contain a controller method(s) to be blocked and assigned block code.
User roles can be assign to any block code within the class assigned.
Any user having a user role that has a block code will be prevented from accessing the associated method/functions specified.
UserBlock maintenance is done, via [SysAdmin] -> App Control -> User Method Block menu option.
This feature is good to exclude/block a user from methods/functions in a role. If lots, lots of exclusions are envisioned, your are better off creating a new user role.
User TimeOut
User timeout occurs, when the users idle time exceeds the TIMEOUT value specified in config/config.php
The following describes the timeout process:
- on user action, session variable lastactivity its timestamped
- on next user action after being idle longer than TIMEOUT value, system signals timeout
- system destroys $_SESSION variable, then renders web application login landing page in views/home/index.php
Encryption
To encrypt data such as credit cards and social security numbers and NOT for passwords !
It uses the Encryption class located in libs/manual/OpenSSLEncrypt.php. The project encrypt key ENCRYPT_KEY is located in config/config.php.
The Encryption class functions are below:
- encrypt( plaintext )
- decrypt( cyphertext )
// for testing Encryption
$key = "23c34eWrg56fSdrt"; // Encryption Key [16 characters]
$crypt = new Encryption();
$cc = '4356789434679645'; // your credit card number
$encrypted_string = $crypt->encrypt($cc); // Encrypt your credit card number
$decrypted_string = $crypt->decrypt($encrypted_string); // Decrypt your encrypted string.
// Show Results
echo "Credit Card: $cc";
echo "
";
echo "encrypted_string: $encrypted_string";
echo "
";
echo "decrypted_string: $decrypted_string";
Note: Hashing is used to store passwords ( see: password_hash PHP function)
SysMaster and OrgMaster
Most websites have the need to keep global values and settings for both the entire application and the specific organizations. The sysmaster and orgmaster tables were created for this reason.
- SysMaster - keeps application settings and can be maintained via [SysAdmin]->SysMaster
- OrgMaster - keeps organization settings and can be maintained via [OrgAdmin]->OrgMaster
View User Interface Options
Added as an exception to MVC philosophy, the ability to call controller and model methods within the html page / view. If you have tried to implement more complex views or back office utility tools, you will appreciate having these capabilities. Again, if you are follower of the MVC architecture gods, these capabilities are optional.
- $this->_c ->controller-function - allows you to invoke a controller function
- $this->_m ->model-function - allows you to invoke a model function
- $this->_m->db ->pdo-function - allows you to invoke any PDO CRUD function
Sysadmin SuperUser Mode
The SuperUser mode is found in the menu for the SysAdmin role under SuperDuper.
The purpose of SuperDuper is to allow the impersonation of other users in different organizations / user roles. Thus, allowing the developer
to be able to test with ease as he makes changes, by not having to login in and out of different user roles which would be very time consuming.