PHP student here Consider the following 2 methods the 1 method checks if a user exists the other registers a user.
public function is_registered($userEmail)
{
$this->email = $userEmail;
$sql = "SELECT * from users WHERE email = :email";
$stmnt = $db->prepare($sql);
$stmnt->bindValue(':email', $userEmail);
$check = $stmnt->execute();
if($check >= 1) {
return true;
}
else {
return false;
}
}
public function register_user($email, $pword, $firstname, $lastname)
{
$this->email = $email;
//call method is_registered inside register user class
$registered = $this->is_registered($email);
if($registered == true){
die("USER EXISTS");
}
else {
//continue registration
}
}
Although this might not be the best use case example I basically want to know:
Is "normal / good practice" to call a method inside a method. Another use case might be calling a get_email() method inside a login() method or similar method where you need an email address.
What is the difference if I set a property inside a method or just access the passed parameter directly? Example:
Method with set property
public function is_registered($userEmail)
{
$this->email = userEmail // SET PROPERTY
$sql = "SELECT * from users WHERE email = :email";
$stmnt = $db->prepare($sql);
$stmnt->bindValue(':email', $userEmail);
}
Method with no set property.
public function is_registered($userEmail)
{
//NO SET PROPERTY
$sql = "SELECT * from users WHERE email = :email";
$stmnt = $db->prepare($sql);
$stmnt->bindValue(':email', $userEmail);
}
Hope this makes sense, any help or guidance much appreciated.
On the point of view of OOP, both approaches are kinda weird. Since your User class doesn't seem to be static, and since the e-mail address is one of the major uniqueness discriminant for authentication, your class should be instantiated with a valorized email property that never changes... either upon database extraction (1) or form filling (2):
$user = new User(..., $auth->email); (1)
$user = new User(..., $_POST['registration_mail']); (2)
On the top of that, a method named is_registered should really not mess with assignments. All it should do is to check whether the current User instance class is defined in your database or not.
In your first approach, the risk is to mess up everything. Let's suppose you have the following user:
$user = new User('John', 'john#domain.com');
Now, let's see what happens when, by mistake, you pass the wrong email as argument:
$result = $user->is_registered('marley#domain.com');
echo $user->name; // John
echo $user->email // marley#domain.com
In your second approach, you should not allow the is_registered to accept any argument since, as I explained you before, that property should be defined upon creation to avoid fatal mistakes. Let's bring back the same user we used in the first example:
$user = new User('John', 'john#domain.com');
Now, let's see what happens when, by mistake, you pass the wrong email as argument (john#domain.com is registered, marley#domain.com isn't):
$result = $user->is_registered('marley#domain.com'); // false
So my suggestion is, initialize the property upon the creation of the instance and never mess with it. Alternatively, you could implement a static function into a utility class that, for a given email, performs the desired check. But try to make your OOP design as strict as possible.
Related
I am relatively new to OO PHP and I am trying to create a login class.
The issue I am having is that I want to pass the POST values username and password to my class but I cannot establish a decent way of doing so.
below is a snippet of my class
class PortalLogin{
private $username;
private $password;
function __construct(){
//I connect to DB here
}
function login($username, $password){
//error check the paramaters here
//then I can run the query
}
function __destruct(){
//I disconnect from DB here
}
}
Above is a breakdown of the class I am creating below is how i plan to execute it (my main issue at the moment).
$login = new PortalLogin();
if(isset($_POST['username'])){
if(isset($_POST['password'])){
$login->login($_POST[username],$_POST[password]);
} else {
//throw error
}
} else {
//throw error
}
I really do not like the construction of the code above it seems to messy to be doing so much outside of my class. how can I pass the POST information to the class and execute the checks there? I am worrying that if I pass the POST information to the class and one of the POSTS contains nothing it will error.
I think you got a problem with the syntax of post..
if(isset($_POST['username']) && isset($_POST['password'])){
$login->login($_POST['username'],$_POST['password']);
}
use AND.. so if both username and password exist then call the login function()
I’m not sure where OOP comes in to this, but if you were going the object-oriented route you would have a class that represents a request from which you could grab POST data from:
$username = $request->post('username');
$password = $request->post('password');
Your post() method could return a default value (null) if the variable didn’t exist in the POST data.
You could then have a class that checks your user based on these variables:
$auth = new AuthService($dbConnection);
if ($auth->checkCredentials($username, $password)) {
// Valid user
} else {
$error = $auth->getLastError();
}
I know I might be in the minority with suggesting this, but I favour static methods for things like this. PortalLogin represents an action rather than data
class PortalLogin
{
/**
* Attempt login
* #param string $username
* #param string $password
*/
public static function login ($username, $password)
{
// do your login stuff
}
}
Then to use you would do this:
if (isset($_POST['username']
&& !empty($_POST['username']
&& isset($_POST['password']
&& !empty($_POST['password']
) {
PortalLogin::login($_POST['username'], $_POST['password']);
}
Even better OO would be to have the username/password checking baked into the User class. (Maybe User::checkLoginCredentials($u, $p); // boolean yup/nope)
You can use error suppression, like this:
$login->login(#$_POST['username'], #$_POST['password']);
If one or both values are not present in the $_POST variable, there won't be an error when calling the method, so you can do the error handling inside your class method.
For more info, check:
http://php.net/manual/en/language.operators.errorcontrol.php
Edit:
Another option is to do this:
$login->login((isset($_POST['username']) ? $_POST['username'] : null), (isset($_POST['password']) ? $_POST['password'] : null));
I'm currently validating input and returning errors in a "fat controller" as follows:
class SomeController
{
public function register()
{
// validate input
$username = isset($_POST['username']) && strlen($_POST['username']) <= 20 ? $_POST['username'] : null;
// proceed if validation passed
if (isset($username)) {
$user = $this->model->build('user');
if ($user->insert($username)) {
$_SESSION['success'] = 'User created!';
} else {
$_SESSION['error'] = 'Could not register user.';
}
} else {
$_SESSION['failed']['username'] = 'Your username cannot be greater than 20 characters.';
}
// load appropriate view here
}
}
class SomeModel
{
public function insert($username)
{
// sql for insertion
// ...
return $result;
}
}
While this works and is easy enough for me to implement, I understand that this is incorrect because the validation belongs in the model, which I'm attempting to correct using a "fat model" as follows:
class SomeController
{
public function register()
{
$user = $this->model->build('user');
$user->insert($_POST['username']);
// load appropriate view here
// ...
}
}
class SomeModel
{
public function insert($username)
{
// validate input
$error = false;
$username = trim($username) != '' && strlen($username) <= 20 ? $username : null;
// proceed if validation passed
if (isset($username)) {
// sql for insertion
// ...
$_SESSION['success'] = 'User created!';
} else {
// store error in session
$error = true;
$_SESSION['error']['username'] = 'Your username cannot be greater than 20 characters ';
}
return $error ? false : true;
}
}
The problem I see here is that the model is supposed to be portable, in that it should never need to change. But if the requirement for the length of $username changes, then obviously I'll have to alter my model.
I feel like this may be a really common question but I've yet to find a straight-forward answer. Without implementing any extra "layers", "mappers" or whatever other confusing terms are out there, how could the example pseudo-code provided be modified to correctly handle this transaction? (eg, validate input, return error if validation fails)?
Without implementing any extra "layers", "mappers" or whatever
You should consider the "model" to be a application layer rather than a single class. The term "layer" could be thought of as a simple way to reference the M slice of MVC sandwich. So to accomplish the flexibility you desire you will need to create it.
A number of clear seperations can be made. I would consider having three abstractions: services, data mappers and entities.
A service would be exposed to the controller and perform the service being requested.
// some controller
function register() {
$service = $this->getUserService();
$user = $service->register($_POST['first_name'], $_POST['last_name']);
if ($user instanceof \My\Entity\User) {
// set user in view
} else {
// redirect to error
}
}
So task one complete, the controller is now dumb to whatever happens within register, all it wants to know is how to resolve the appropriate result. If there is a user object, success, otherwise false something went wrong.
The service class itself would encapsulate the services being offered:
// class UserService.php
function register($firstname, $lastname) {
// validate arguments
if ($this->isValidUsername(....
$userMapper = $this->getUserMapper();
$user = new My\Entity\User();
$user->setFirstName($firstname);
$user->setLastName($lastname);
return $userMapper->save($user);
}
return false;
}
We handle the validation of the arguments and also create the new user, passing it to the data mapper which will perform the "actual save" abstracting the database operations.
// UserMapper
function save($user) {
// save $user to db
$sql = 'INSERT INTO ....
return true;
}
I'm not sure what you would consider to be an undesirable "layer" or "mapper". This is an interesting question, and my first though was that you could just include a configuration file that defined a constant for your username length. My second though was that you could have someModel extend a class or implement an interface, wherein you values would be set as properties or constants. I suspect that you have thought of these, and are avoiding them; that this is what you mean by avoiding "layers" and "mappers" It seems that you are being guided by these principals in this code:
Avoid "magic numbers"
KISS
Composition over inheritance
skinny controller/fat model
So, are you running php5.4+ ? Maybe define a trait which could be used in this and other models that defines the username length and other changeable values in the application. Or maybe that too is to much of a "layer"?
I am currently writing a login script because I am trying to learn PDO using OOP. I have a index.php page which only contain a login form. Then I have a User class, it looks like this:
<?php
include_once('database.php');
session_start();
class User{
public $id;
public $username;
public $password;
public $firstname;
public $lastname;
public function Login($username, $password) {
$db = new Database;
$db = $db->dbConnect();
$query = "SELECT * FROM users WHERE username = ? AND password = ?";
$statement = $db->prepare($query);
$statement->bindParam(1, $username);
$statement->bindParam(2, $password);
$statement->execute();
$rows = $statement->rowCount();
$data = $statement->fetchAll();
if( $rows == 1 ) {
$this->id = $data[0]['id'];
$this->username = $data[0]['username'];
$this->password = $data[0]['password'];
$this->firstname = $data[0]['firstname'];
$this->lastname = $data[0]['lastname'];
$_SESSION['SESSID'] = uniqid('', true);
header("location: dashboard.php");
}
}
}
?>
When the user is signed-in he/she goes to dashboard.php. I want to access the current User class from there, so I can use echo $user->username from there. But in dashboard.php, I have to declare the User class as new, so it doesn't keep all the variables.
Do you have any ideas on how i can access the User class variables in Dashboard.php which was declared in the Login-function?
Sorry for the bad explanation, but I hope you understand. Thank you in advance!
First off put your user class definition in another file and load it in like you do your database.php. In there you want only your class definition none of the session start business... <?php class User {....} ?> (the closing ?> is optionial).
so what you have now on your pages that need access to the user object is
<?php
include_once('database.php');
include_once('user.php');
session_start();
Then after a user has successfully logged you tuck the user in the session.
$_SESSION["user"] = $user;
Then when you want to get at it just say
$user = $_SESSION["user"];
echo $user->username;
What you could do is, put your user object into the session:
$obj = new Object();
$_SESSION['obj'] = serialize($obj);
$obj = unserialize($_SESSION['obj']);
or you could create a singleton, check out this link:
Creating the Singleton design pattern in PHP5
You have 2 options:
a) You store all the login info in a session.
b) You only store the user ID and some sort of identifier that the user has / is logged in, and create another method that will load the information from the database each time you load the page (bad idea really)
For example, you could add the following methods to your class in order to implement the above mentioned functionality and some more:
function createUserSession(array $userData) {
// Create / save session data
}
function readActiveUserSession() {
// Read current user information
}
function destroyActiveUserSession() {
// Call to destroy user session and sign out
}
Of course, you will have to add the appropriate code to the methods.
Currently I have the code below which registers a user.
It doesn't check to see if the username currently exists or anything like that, that is something that I want to implement.
I've never known how to use php objects and forms together. Any help will be much appreciated.
register.php
The page checks to see if a user is already logged in, either way the form is still displayed and submits to itself. The database access details are stored in config.php as constants.
<?php
session_start();
include("includes/config.php");
if(isset($_SESSION['username'])) {
echo "You are currently logged in as: " . $_SESSION['username'];
echo "<br />";
include("nav.php");
echo "<hr />";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
</head>
<body>
<?php
$odb = new PDO("mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME, DB_USER, DB_PASS);
if (isset($_POST['firstName'])) {
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5(DB_SALT.$password);
$type = $_POST['type'];
$date=date("Y-m-d");
$time=date("H:i:s");
$sql = "INSERT INTO tblMembers (firstName, lastName, username, passwordHash, type, joinedDate, joinedTime, lastActiveDate, lastActiveTime) VALUES (:firstName, :lastName, :username, :passwordHash, :type, :joinedDate, :joinedTime, :lastActiveDate, :lastActiveTime);";
$query = $odb->prepare($sql);
$results = $query->execute(array(
":firstName" => $firstName,
":lastName" => $lastName,
":username" => $username,
":passwordHash" => $password,
":type" => $type,
":joinedDate" => $date,
":joinedTime" => $time,
":lastActiveDate" => $date,
":lastActiveTime" =>$time
));
}
?>
<form method="post" action="">
Name: <input type="text" id="firstName" name="firstName" value="Michael" /><br />
Last Name: <input type="text" id="lastName" name="lastName" value="Norris" /><br />
Username: <input type="text" id="username" name="username" value="mstnorris" /><br />
Password: <input type="password" id="password" name="password" value="password" /><br />
Type: <input type="text" id="type" name="type" value="4" /><br />
<input type="submit" value="Add" />
</form>
</body>
</html>
I know how to write php objects using classes. This is what I had previously although I have been told that the methods I used are outdated. If anyone can shed any light on how to update it, it sure would help.
<?php
require_once("database.php");
class Member extends DatabaseObject {
protected static $table_name = "tblMembers";
var $firstName = "Mike"; // initiating the $firstName variable
var $lastName = "Norris"; // initiating the $lastName variable
var $username = "mstnorris"; // initiating the $username variable
var $password = "password"; // initiating the $password variable
var $reviews = "0"; // initiating the $reviews variable
var $type = "4"; // initiating the $type variable
function __construct($firstName, $lastName, $username, $password, $reviews, $type) {
$this->firstName = $firstName;
$this->lastName = $lastName;
$this->username = $username;
$this->password = $password;
$this->reviews = $reviews;
$this->type = $type;
//$this->insert($firstName, $lastName, $username, $password, $type);
}
function set_firstName($firstName) {
$this->firstName = $firstName;
}
function get_firstName() {
return $this->firstName;
}
function set_lastName($lastName) {
$this->lastName = $lastName;
}
function get_lastName() {
return $this->lastName;
}
function get_fullName() {
if (isset($this->firstName) && isset($this->lastName)) {
return $this->firstName . " " . $this->lastName;
} else {
return "";
}
}
function set_username($username) {
$this->username = $username;
}
function get_username() {
return $this->username;
}
function set_password($password) {
$this->password = md5(DB_SALT.$password);
}
function get_password() {
return $this->password;
}
public static function authenticate($username="", $password="") {
global $database;
$username = $database->escape_value($username);
$password = $database->escape_value($password);
$passwordHash = md5(DB_SALT.$password);
$sql = "SELECT * FROM tblMembers ";
$sql .= "WHERE username = '{$username}' ";
$sql .= "AND passwordHash = '{$passwordHash}' ";
$sql .= "LIMIT 1";
$result_array = self::find_by_sql($sql);
if (!empty($result_array)) {
//echo "true";
return array_shift($result_array); // Pulling first element from array
} else {
//echo "false";
return false; // Ability to ask whether we return something
}
}
public function insert($firstName, $lastName, $username, $password) {
$database = new Database();
$database->query("INSERT INTO tblMembers VALUES ('','{$firstName}','{$lastName}','{$username}','{$password}','4')");
}
// Common Database Methods
private static function instantiate($record) {
$object = new self;
foreach ($record as $attribute=>$value) {
if ($object->has_attribute($attribute)) {
$object->$attribute = $value;
}
}
return $object;
}
public static function find_all() {
return self::find_by_sql("SELECT * FROM ".self::$table_name);
}
public static function find_by_id($id=0) {
global $database;
$result_array = self::find_by_sql("SELECT * FROM ".self::$table_name." WHERE userID={$id} LIMIT 1");
if (!empty($result_array)) {
return array_shift($result_array); // Pulling first element from array
} else {
return false; // Ability to ask whether we return something
}
}
public static function find_by_sql($sql="") {
global $database;
$result_set = $database->query($sql);
$object_array = array();
while ($row = $database->fetch_array($result_set)) {
$object_array[] = self::instantiate($row);
}
return $object_array;
}
private function has_attribute($attribute) {
$object_vars = get_object_vars($this);
return array_key_exists($attribute, $object_vars);
}
}
?>
Can the MVC approach be used with AJAX? Also, with that in mind, the AJAX code I have used before in other projects use $_GET, is there any problems with this as the data is never being sent to the address bar? If so, how do I use $_POST with AJAX?
Mike:
your set a getter and a setter like this:
class Spam
{
public $attr;
public $var;
public $arg;
/* __construct, __set, and __get
these are all special functions
we know this from the double underscore */
function __construct ()
{
// construction code
}
function __set ( $arg0, $arg1 )
{
$this->$arg0 = $arg1;
}
function __get ( $arg )
{
return $this->$arg;
}
}
and you would call it from your code as follows:
// this calls the __constructor function
$barney = new Spam();
// this calls the __set function
$barney->attr = "garnished with spam & eggs";
// this calls the __get function
$attrValue = $barney->attr;
This reduces the need to call a different method to set/get the values of your variable. This will only work on public variables as private and protected variables cannot be accessed from outside of your class.
Also, it is a good idea to have separate views, models, and controllers. Your controller is the script that the form submits to, your model is the class that is instantiated, and your view is where the user sends the information from. This will make your code easier to understand, rather than having your controller and view together.
Are you restricted to PHP4 for some reason? Or did you download some really old code and you're now trying to get it to work?
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<[ UPDATE 2.27.2013 ]>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
OOP PHP Programming in Conjunction with JavaScript AJAX technology
Model-View-Controller:
MVC is not specific to PHP. MVC is a software design pattern that aims to solve a maintainability problem in code that combines separate
components of the code in ways that make the code less readable and
hard to maintain, which in the end is also a security risk.
Model-View-Controller is typically implemented via frameworks. In
regards to PHP there are frameworks available such as Zend,
CodeIgniter, CakePHP, etc. There frameworks implement the model view
controller through the document tree, although you can create your own
PHP framework (which isn't a good idea given your new to the
language), its probably better to use one that has already been
around. These frameworks may also enforce their own standards that result
in better code.
To understand a maintainable MVC framework you should be familiar with coding a website > > entirely in PHP. That means you should be using PHP classes [modules|models] to
dynamically generate the HTML pages[the view] depending what the user has done[the
controller file controls the model].
You question is very vague and its hard to tell what your asking, however, I get the
impression you're unable to figure out what MVC is and how to use it. Suppose you've
just created a layout for a website you will be developing. Since it
isn't possible to predict the size of your user's screen, you're
layout was designed in the browser. Your layout [or template if you
will] should be standard compliant HTML5 or XHTML. It should not be
constructed with images. Some people may disagree with me on this but
with the exception of your logo/header(though some use text for this
too), you should not have any tags are part of your
template(this is before any content has been written, obviously you'll
probably want to use a lot of images in your content). Your view at
this point should be HTML and CSS - any images that are a part of your
layout (ie patterns, backgrounds, anything layout specific) should be
in the CSS of your website. This is kind of the same reason that we
use the MVC pattern - it separates what should be separate.
You take your layout as the HTML and you write a PHP class[module]
that contains functions, for example we'll use
$view->showLeadboard();, $view->showAds(); $view->showFooter();
$view->setTitle("Title");, $view->setDescription("Description");...
This assumes that you've instantiated your class. Perhaps you don't
want to instantiate a class and you'd prefer to use static methods,
the choice is yours but you should understand what you're doing well
enough to have good reasons for doing it.
Now that your view is held inside of a PHP module you can worry about
your content. Chances are, if your website is dynamic, there will be
multiple pages and locations on those pages that contain dynamic
content from a database, or forms (we're still inside of the view)
that submit data to the controller.
Suppose somebody is registering at your website. The go to your
domain and a view is generated based on the request to
www.site.com and the view that is generated is the index page. This person who has come to your page has decided to register for an
account with your service. They click on the "register" hyperlink and
another view is generated that displays a form for them to create
their login credentials. They fill the form out click submit. The
information supplied in the form is submitted to a controller(we're
not talking about ajax or implementing an MVC design pattern for our
javascript code right now), we'll say that the view
site.com/register submits to the controller site.com/engine/process.php. Process.php filters/sanitizes the user data from the form and instantiates the correct class(model,
we'll call this one new User) that will then make a database
call through one of its methods, or maybe even through its
constructor(you should be aware of the magic methods available to you
in PHP) and this the result of this query mutates the view to be
slightly different depending on what the controller told the model and
what the model told the view.
I don't even know what I can say about your question regarding AJAX - given your position with PHP I'm going to guess that you're using JQuery for ajax calls. If this is the case you do not need to implement a model-view-controller from your jquery files, you can just create a jquery script and then add a method to your view that calls that script and implements it.
All in all if you are struggling to understand what a common pattern like MVC is and how to use it you should really go back to the basics. I can't stress enough that the online tutorials aren't going to help you if you don't understand why the author used the solution that they used and chances are they're not explaining that to you because its sometime simple that you should be able to understand yourself provided you have a basic understanding of the php language, its syntax, and how to solve problems with it. This all comes just from spending time with the language, learning how it works, and learning what it doesnt do well and what it does do well.
Ok, you have a couple of questions wrapped into one large question but I'll try to answer them as best as I can. I'll answer them in the order of importance.
How do you update your class(es).
How to structure forms better.
How to check login status.
Most applications now use some form of an MVC architecture. Models, Views, and Controllers are a way of separating responsibilities to classes. Here's a brief tutorial on MVC architecture for PHP. With that said, there are a number of open source frameworks that you can use like, Zend, CakePHP and more.
Try using one of the strategies for MVC or try a framework.
Try not to have the form self submit to itself. Instead route it to a seperate page and handle the logic there. Also you can wrap your inputs into and array by using the [] notation. For example: <input type="text" name="user[firstname]" />
However If you are just doing a login form, then all you need is some unique form of identification and a credential (e.g. username and password).
There are several ways to persist users' login status, chiefly used are sessions and cookies. Storing the entire model in the session or cookie is usually frowned upon. Instead try storing the username and a unique key that you can compare against in a database.
Using cookies gives you more control over how long you want the session to last.
I am using ZendFramework with PHP, and I want to set and get a variable as a global variable. I.E. I set it in the class of Zend Controller and access it any action in the class.
For example:
<?php
class SubscriptionController extends Zend_Controller_Action
{
private $EMAIL = false;
private $USERNAME = false;
First I am validating email addres with ajax call
public function checkusernameAction()
{
$email = //query to find email;
if($email){
$EMAIL = true;
}else{
$EMAIL = false;
}
}
then I want subscribe user on the basis of private variable again with ajax call
public function subscribeAction
{
if($EMAIL == true)
{
//some stuff
}
}
I am getting private var by $this->EMAIL, but not able to access it
You can use Zend_Registry to use the variable throughout application.
You can set a variable like this
Zend_Registry::set('email', $EMAIL);
and later can get it like this
$email= Zend_Registry::get('email');
Looks to me like you are making two distinct requests calling, respectively, checkusernameAction() and subscribeAction(). Since these are distinct requests, the email value you set in the controller during checkusernameAction() will be gone on the second request which calls subscribeAction(). It's the same controller class, but you are looking at two distinct instances, one in each request.
As I see it, you can either:
Pass the email address in each AJAX request, but this seems unlikely since you get the email address from the first call to checkusernameAction().
Save the email in the session during the first checkusernameAction() call and then pick it up during the second subscribeAction() call.
Extract the "get email from username" code into a separate class or method and then call it in both places. After all, you don't want to get bitten by a "race condition" in which the state of the system changes between the two AJAX requests (maybe the user's email changes via some other process or via another set of requests that occur after the first AJAX request containing the call to checkusernameAction().
You can also used a function for set and get a value.
// Setter function
public function setConsumerKey($key)
{
$this->_consumerKey = $key;
return $this;
}
// Getter function
public function getConsumerKey()
{
return $this->_consumerKey;
}