导航

hen hao

你到这里找找吧，应该有的：
http://p2p.wrox.com/forum.asp?FORUM_ID=12

Summmary of Changes Made in ThePhile II

1) Made the original code download work, and ported to VS 2003
a) restore the database from the backup file in the code download, and
not from the script (their script was obsolete)
b) make a new DB scripts that included all the objects, and all data rows
c) set up the Virtual Directory, ThePhile
d) delete all .dll and .pdb files
e) comment out all of the strong-name key stuff in all of the
AssemblyInfo.cs files. We don't need strong names on anything for
this project, and we wouldn't want to use somebody else's key anyway.
f) Open the .sln in VS2003, and work through the conversion of each
project to VS2003. This is the process to fix the DLL references:
- rebuild solution - we expect it to fail with errors about
namespaces not found
- this rebuild makes us new DLLs to reference by other modules
- go to the main project in solution explorer - drill down on the
references - you'll see the bad ones
- add a new reference for each of the DLLs we've already made
- once you make new referances for the new DLLs, go back to
"rebuild solution" above. You have to do these steps several times.
g) give NTFS permissions to ASPNET and IUSR_MACHINENAME
h) Install the client javascript files (needed for logging in)
(this wasn't needed on hosting co's site):
aspnet_regiis -c
This makes a subdirectory called "aspnet_client" under the virtual
root directory.

2) Made it work with a hosted website
a) edit .sln file - chg the path to the project:
old: http://localhost/ThePhile/ThePhile.csproj
new: http://localhost/ThePhile.csproj
b) change all the paths by taking out "/thephile/" and replacing it
with "/".
c) I modified application logging as described in the .doc file of the
VB code download. You can't log to the Windows Event Log on a hosted
site, so I changed it to log to a file.
d) Move the project from a virtual directory to the virtual root
e) change the hard-coded pathnames to use the virtual root dir,
and this includes some necessary changes to database records
f) set up the file manager with Forms security so it works on a
hosted site (where NTFS security isn't appropriate)
g) Fix the sign out link:
old: Response.Redirect("/thephile");
new: Response.Redirect("/Default.aspx");

3) fixed security problems
a) make sure EVERY admin page checks for the needed permissions.
Many of the sensitive admin pages did not validate permissions.
b) Some pages need to have new security perms defined: like
the File Manager, and the Ads Manager.
c) Added Forms authorization to all pages of the File Manager.
We can't use Windows

4) Added missing functionality, and change some existing functionality
a) Move the menu to the left side, and put the Poll under it on
the main page.
b) Fix the way the current poll renders. The bars don't look
good, and the title of the poll isn't centered.
c) Create a new main page, Books and DVD's pages, Contact Us page
d) fix the footer links
e) I moved all images to one common /images folder. There were
separate images folders under each module. It was hard to
debug path problems with so many image folders. I also updated
the database accordingly.
f) Change the login error label to be bold and red, and larger font


5) Added new features
a) add RSS to the Books page. Uses Scott Mitchell's skmRSS.
b) change the Nav box into a nicer menu that supports rollovers,
and a visual clue about what page the user is on. Have it
generated by a User control. Don't show the current page as a
link, since the user is already on that page.


Details of Security changes

In some cases we have no error when a non-admin tries to access admin stuff.
For File Manager, it was never given forms security to begin with. For some
of the other modules it's due to a bug:

Advert Admin - NO ERROR and it LETS ANONYMOUS USER IN - BIG HOLE!!!!!!!
- We need to create a new permission category in the DB for AdministerAds.
insert into accounts_permissioncategories
values ('AdsManager')

- We need to create a new permission in the DB for AdministerAds.
insert into accounts_permissions
values (600, 'AdministerAds', 6)

- We need to give this permission to our general admin role.
insert into accounts_rolepermissions
values (2,600)

- add in C:\ThePhile\Modules\Core\enums.cs:
namespace Wrox.WebModules.AdsManager
{
public enum AdsPermissions
{
AdministerAds = 600
};
}

- add in C:\ThePhile\Modules\AdsManager\AdDetail.aspx.cs, admin.aspx.cs,
NewAd.aspx.cs, NewCompany.aspx.cs, in the Page_Load event

if (!Context.User.Identity.IsAuthenticated ||
!((PhilePrincipal)Context.User).HasPermission((int)AdsPermissions.AdministerAds))
{
// if not, redirect to the Login page
Response.Redirect("/Modules/Users/Login.aspx?ShowError=true", true);
}

File Manager - NO ERROR and it LETS ANONYMOUS USER IN - BIG HOLE!!!!!!!
- This bad design results for Windows auth in the original design.
- We need to create a new permission in the DB for File Mgr Admin.
(note that the file manager should ideally have broken out perms
for various folders, but this can be an enhancement later).

- We need to create a new permission category in the DB for AdministerFiles.
insert into accounts_permissioncategories
values ('FileManager')

- We need to create a new permission in the DB for AdministerFiles.
insert into accounts_permissions
values (700, 'AdministerFiles', 7)

- We need to give this permission to our general admin role.
insert into accounts_rolepermissions
values (2,700)

- add in C:\ThePhile\Modules\Core\enums.cs:

namespace Wrox.WebModules.FileManager.Web
{
public enum FilesPermissions
{
AdministerFiles = 700
};
}


- add in C:\ThePhile\Modules\FileManager - all .cs codebehind files, in
the Page_Load event:

if (!Context.User.Identity.IsAuthenticated ||
!((PhilePrincipal)Context.User).HasPermission((int)FilesPermissions.AdministerFiles))
{
// if not, redirect to the Login page
Response.Redirect("/Modules/Users/Login.aspx?ShowError=true", true);
}

User Admin - no error, but doesn't let people in wrongly (safe, but not friendly)
- I fixed this in C:\ThePhile\Modules\Users\Admin\Default.aspx.cs
- UPDATE: a nonpriv user can go here without an error:
http://localhost/Modules/Users/Admin/EditRole.aspx?RoleID=2
- I fixed this here: C:\ThePhile\Modules\Users\Admin\EditRoles.aspx.cs

NEWS Admin - works good - blocks anon users and we do get the error

Polls Admin - works good - blocks anon users and we do get the error

Mailing List Admin - works good - blocks anon users and we do get the error

There is no forum admin area - there's 2 special columns in the grid for admin
users. Anon users can't see them. I think this is working ok.

This is what News Admin is using (requires business object support):

// check if the current user is allowed to administer the news
if (!Context.User.Identity.IsAuthenticated ||
!((PhilePrincipal)Context.User).HasPermission((int)NewsManagerPermissions.AdministerNews))
{
// if not, redirect to the Login page
Response.Redirect("/Modules/Users/Login.aspx?ShowError=true", true);
}



TODO:

the screen text is wrong in modules/forums/settings.aspx - the
item for the path to the smile pics has the wrong caption.

也能给我一个吗？Wallop的

非常感谢,我要个GMAIL,邮箱xwt027@sohu.com,xwt027@hotmail.com也可以,wallop是什么,

没有源文件,大家怎么知道哪里改进了?????

我想要个Gmail，谢谢
ArthurKing84@hotmail.com

我也想要
我的信箱：grace50130@yahoo.com.tw

我也要
信箱：grace50130@yahoo.com.tw

已经发了

我想要一个Wallop，十分感谢。真的，很感谢你！
My e-mail is My_Samshang@hotmail.com

thax a lot
求求你也给我一个邀请
我的邮箱My_Samshang@hotmail.com

想要wallop
youhui220@gmail.com
谢谢

都发了

我也要!!!!!还有吗?给我一个吧谢谢!
bingyu123@mail.china.com

我也想要一个，可以吗 谢谢 lovejln@163.com

给我一份吧，谢谢

logitech007@gmail.com
我要

发了，收到回复！

还有吗，给我一个
purpmoon@hotmail.com
谢谢