The contents of the service handles the protocol structure and permissions of the data used.
init path admin and user can be changed and control ways available. Init content is included in the annotations and road map as well as invitations (Permissions).
DAO: Data connection module area
Event: data permissions
Data table creation and deletion.
Abundant Folder:
event.php (Here is the privacy of the sutular to be used in the data table. Example: stay-book-table. Specify the privacy so that they can be added and removed.)
event_dao: Data table connection 3 stages.
1-Create 2-Replace 3-Remove.
You must select the columns that can be used in the event.php in the table with the linked data table operation. Otherwise, you may experience problems.
Merge the kernel system in the data table that connects with the services.php and set the kernel permissions.
class folder:
A management template is created for all permissions used within the site in the event.php content. This page links with the kernel and other links.
provider.php security fields user security, admin security, writable area. Nesler movement safety. Post process security of the forum printing process occurs here.
The connection used in the init is at the stage of creation. The loaded data table of the add-in used. Combination EXAMPLE: Determining the usage quota allowed by the administration on the Admin page. In this field, all of the connexions are triggered in the service.php.
When i use php 7,2 or 7,3 on event i have trouble line 108 any answer ?You have to use PHP 5.6
If not, you will get multiple errors, warnings and erratic behavior.
You can also install the latest version of the events plugin:
https://github.com/oxwall/event
but it will still get errors from other parts of the script
Antonio please start a new topic, thanks
Marcus, to answer your question simply, its all about security and following the model. The model is written this way for a reason and one of the main reasons is to protect exactly what you just did, which bypasses that security.
Here is a simple example:
You own a car and inside that car you have a safe. There are only 2 people that have access to that safe. One is a person named safe_service.php and the other is a person named safe_dao.php
What this means is that someone might be able scratch the car, or maybe even break the class, but the only way they can bypass the alarm of the car is to use proper access method.
The php classes have permissions on them, public/private/protected. These permissions are used to allow only certain classes to access the database, that is by design using the MVC (Model - Controller - View) environment model.
Oxwall still needs to work on this model more to close those gaps so that you will not be able to access data from just any file directly. But the way it should work is like this...
Request data directly from any other place other than inside the bol folder - denied
Meaning that any direct request inside the init file or other file outside of the bol folder should be denied with error.
The proper way is to first call the function inside the service file which acts as a subway station for lack of a better example, for the plugin.
$whatever = $this BOL Service..... and so on
Then the service file has direct access to the dao file which has direct access to the database connection.
Remember "dao - this is where my queries go" lol
And then the data travels back (via returns) from the dao to the service and then to the requesting function in the lower php file.
This provides security that only certain direct paths to the database are open. Now what you have discovered is that Oxwall still needs work on those permissions to improve them.
However just because you can do it inside of the init file, does not mean you should.. Every one should still use the proper method even though there are repairs to be made.
As an example: In my WSS software project, one cannot request anything directly from the data base, try a query in any other file other than the right class and it will blow up errors. It only allows the data to travel in a certain pathway and it cannot be sidestepped.
I will not approve any plugins that have sql queries anywhere other that in the BOL folder or the basic required queries in the install file.
This is the way Oxwall will also be one day if developement continues.
I hope that helps... :)