我正在编写一个PHP中的大脚本,它需要从未来用户创建的扩展中安全。 我想通了,要创造这样的权限类检查,以一些核心变量等扩展访问从类中创建类的新实例它在PHP中扩展
这里是启动类:
class SystemStartup
{
private function startClass () {
require (dirname(__FILE__) . '/sys.run.php');
//starting SystemRun with something like core security token
new SystemRun (hash ('sha256' , $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] . microtime (TRUE)));
}
function __construct () {
//here i have some security stuff like checking class not already running
$this -> startClass ();
}
function __destruct () {
//wywolane na samym koncu
}
};
SystemRun类:
class SystemRun
{
private $SystemToken;
//static because i want to be callable from other classes extending SystemRun
protected static $SystemUrlControl;
private function startClass () {
//before more code
//loading file with child class
require (dirname(__FILE__) . '/urlcontrol.php');
//starting it with security token
echo $this -> SystemToken; //just for check
self :: $SystemUrlControl = new SystemUrlControl ($this -> SystemToken);
//more more more code (its main class)
}
protected function validateToken ($SystemToken) {
echo $this -> SystemToken; //just for check
//this should check tokens are the same
if ($this -> SystemToken == $SystemToken) return TRUE;
return FALSE;
}
function __construct ($SystemToken) {
//saving token for next classes
$this -> SystemToken = $SystemToken;
$this -> startClass ();
}
};
现在SystemUrlControl与扩展SystemRun
class SystemUrlControl extends SystemRun
{
private $SystemToken;
//functions
//more functions
//more more more
function __construct ($SystemToken) {
if (!parent :: validateToken ($SystemToken)) echo 'somebody else called me!';
$this -> SystemToken = $SystemToken;
}
};
问题是从SystemUrlControl
调用validateToken返回FALSE
- SystemRun将它自己的SystemToken视为NULL。
输出(从回声)是:
> 5b6a09d8f03dd7e6229a5... (valid token) (here NULL value) somebody else called me!
'自:: $ SystemToken'不是一个静态的成员,因此必须用'$这个 - > SystemToken'使用。 – Ian
其中一个“ctrl + z”小于调试时会改变;) –