Part II: Developing Intranet Solutions The application checks (X web hosting)
Part II: Developing Intranet Solutions The application checks for valid user credentials in the authentication phase, which is already supplied by the framework s login application for valid users. The authorization step involves application-specific privilege management. Not all valid (authenticated) users are likely to have the same privilege based on the type of application. For example, an Employee Information System (EIS) application in an engineering firm can assign different privileges to executive management, department heads, team leaders, and engineers. This is why the authorization code is specific to the instance of the application and should be written by the application developer and should not be provided by the framework. When an application has gone through the authentication and authorization phases, it will run the application. This code will involve invoking application specific business objects and database interaction. The application will have database access via the database-independent abstraction and also will produce status messages and errors using the facilities provided by the framework. Figure 4-5 shows a real-world application framework that we will create in this chapter. DB.php (from PEAR) class.PHPApplication.php class.Debugger.php class.ErrorHandler.php class.DBI.php Your PHP Application Business Logic Figure 4-5: A real-world PHP Application Framework. The core of this framework is the class.PHPApplication.php. This class provides an abstract PHP application that you can extend to incorporate facilities provided by the error handler (class.ErrorHandler.php), the debugger (class.Debugger.php), and the database abstraction (class.DBI.php).