I'm new to PHP. I'll like to check the scope of the variables I've used. In particular $model.
$model = new LoginModel();
$controller = new LoginController($model);
$view = new LoginView($controller, $model);
Attached below are codes I have written for logging in. A user would visit the page via GET /login.php then submits the form to POST /login.php?action=login. In this process the LoginModel is updated accordingly by LoginController.
I would like to use the $model that I have updated in later parts of the execution of the page. However, I noticed that $model is "reset" once the call returns from LoginController.login().
I'm not sure if it is because $model was passed by value in my case. Or if there is something else I'm doing wrong but I'm not aware of. Can anyone enlighten me on this?
<?php
class LoginModel {
public $username = "";
public $password = "";
public $message = "";
public $loginSuccess = false;
public function __construct() {
}
}
class LoginView {
private $model;
private $controller;
public function __construct($controller, $model) {
$this->controller = $controller;
$this->model = $model;
}
public function getUsernameField() {
return $this->makeInput("text", "username", "");
}
public function getPasswordField() {
return $this->makeInput("password", "password", "");
}
private function makeInput($type, $name, $value) {
$html = "<input type=\"$type\" name=\"$name\" value=\"$value\" />";
return $html;
}
}
class LoginController {
const HOME_URL = "http://localhost/";
private $model;
public function __construct($model) {
$this->model = $model;
}
public function login() {
$username = $_POST['username'];
$password = $_POST['password'];
if ($username === $password) {
$_SESSION['username'] = $username;
$model->username = $username;
$model->password = "";
$model->message = "Hello, $username!";
$model->loginSuccess = true;
header("Refresh: 3; URL=" + LoginController::HOME_URL);
} else {
$model->message = "Sorry, you have entered an invalid username-password pair.";
$model->loginSuccess = false;
}
}
public function handleHttpPost() {
if (isset($_GET['action'])) {
if ($_GET['action'] === 'login') {
$this->login();
}
} else {
// invalid request.
http_response_code(400);
die();
}
}
public function handleHttpGet() {
if (isset($_GET['action'])) {
// request for controller action
// No controller actions for HTTP GET
} else {
// display login page
}
}
public function redirectToHome() {
header("Location: " + LoginController::HOME_URL);
die();
}
}
$model = new LoginModel();
$controller = new LoginController($model);
$view = new LoginView($controller, $model);
if (isset($_SESSION['username'])) {
$controller->redirectToHome();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$controller->handleHttpPost();
} else if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$controller->handleHttpGet();
}
?>
<html>
<body>
<?php if ($model->loginSuccess) { ?>
<h1>Login Successful, Redirecting...</h1>
<p><?= $model->message; ?></p>
<?php
} else { ?>
<form action="login.php?action=login" method="POST">
Username: <br />
<?php echo $view->getUsernameField(); ?> <br/><br/>
Password: <br />
<?php echo $view->getPasswordField(); ?><br/><br/>
<input type="submit" value="Log In"/>
</form>
<p><?= $model->message; ?></p>
<?php
}?>
</body>
</html>
Update: Solved. Thanks #RiggsFolly for pointing it out.
Well, I got the wrong$model.
public function login() {
....
$model->username = $username; //referenced the wrong variable
$this->model->username = $username //should have done this.
}
Also, Thanks #Fred -ii-
(sorry I left you out)
public function login() {
....
header("Refresh: 3; URL=" + LoginController::HOME_URL); //not the right way to concat
header("Refresh: 3; URL=" . LoginController::HOME_URL); //should have been this.
}
Only a simple statement
for because $model was passed by value
We have an object in $model and pass it to the constructor
$controller = new LoginController($model);
it will be bound as reference to
$controller->model = $model.
Now we have an reference of the model in the controller.
If you know do (if possible, lets say yes) this: unset($controller->model);
you dont have killed the $model instance, you have just removed the reference to $model that was set before.
But now the other way around:
#create an object
$model = new stdClass();
#create the holder
$b=new stdClass();
#bind the first obj
$b->model=$model;
#unset the first object
$model=null;
unset($model);
#oooh, what it is still there
print_r($b->model);
Here we have not unset($model) for real, because php knows that the instance is used later. So php goes and kills the reference between $model and the real object, but not the reference between $b->model and the real object.
In a way the reference has moved vom one ref-pointer to the next.
Last thing about
By default, function arguments are passed by value (so that if the value of the argument within the function is changed, it does not get changed outside of the function).
that comes from php documentaion.
When here is written passed by value it means, how it will work.
But in the real process, it will copied in the moment when it is manipulated.
so it is passed by ref but act like passed by value and only objects will be always an reference until clone.
To keep the most important Infos in this answer:
For one thing, header("Refresh: 3; URL=" + LoginController::HOME_URL);
you're trying to concatenate with a + which in PHP it's a dot that
needs to be used. You seem to be coming from a C background, hence the
error.
Thanks to Fred -ii-
Related
I am new to php and I am trying to program an app that uses php as backend. I don't really have an error in my code but I can't figure something out I have search but nothing has helped.there maybe be a solution but I can't find it.
I have 3 php file
Index.php
<?php
include "methods.php";
$user=new user();
if (isset($_GET["action"])) {
// code...
switch ($_GET["action"]) {
case 'login':
// code...
$user->login();
break;
default:
// code...
echo("error 404");
break;
}
} else {
// code...
echo("error 404");
}
?>
Methods.php
<?php
include "extra.php";
class user {
public function login() {
$input = new input();
$error = "fucked";
$validationresult = json_decode($input->validateinput(), true);
echo var_dump($validationresult);
$validated = $validationresult["validated"];
if ($validated) {
// code...
echo ("yes");
} else {
echo var_dump($validationresult);
// echo json_encode(($validationresult["error"]));
}
}
}
?>
extra.php
<?php
class input {
public $password;
public $status;
public $validated;
public function __construct()
{
// code...
}
public function validateinput () {
$password = $_GET["password"];
$this-> $status = "red";
$this->$validated = false;
echo($this-> $status);
return json_encode('{
"validated":'.$this->get_validate().',
"error":{
"status":"'.$this->$status.'",
"username":"ok",
"password":"cannot be more than 5"
}
}');
}
public function get_validate(){
return $this->$validated;
}
}
?>
As you can see in index.php I called $user->login();
From methods.php which echos JSON $input->validateinput() from file extra.php.
But
"validated":'.$this->get_validate().'
And
"status":"'.$this->$status.'
From extra.php
Is empty
I don't why it is empty and the internet confuses me more.
I am sorry for my grammatical mistakes as I am typing from a mobile phone and English isn't my first language.
I have a class with contact form validation and a trait with a function which creates a token which is used for the validation.
I have tried to follow some advice from other stackoverflow posts but still can't figure out how to pass that token to the validation class. If I remove the token from the validation process it works fine.
My trait:
trait TokenTrait
{
public $token;
function __construct ()
{
if (!isset($token)) {
return $this->token = bin2hex(random_bytes(64));
}
}
}
which is used in a class:
class Token
{
use TokenTrait;
}
Below a class with contact form validation. I have included only validation of the 'name' field for sake of simplicity. Also, I'm not including code for the function test_input() which is used here as it is irrelevant.
class ContactForm
{
use TokenTrait;
public $name;
public $name_error;
public $token;
function __construct()
{
$this->name = isset($_POST['name']) ? $_POST['name'] : null;
$this->name_error = isset($_POST['name_error']) ? $_POST['name_error'] : null;
$this->token = isset($_POST['token']) ? $_POST['token'] : null;
}
function validateContactForm()
{
if (!empty($this->token)) {
// Validate the token.
if (hash_equals($_SESSION['token'], $_POST['token'])) {
// If the token is valid proceed.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['submit'])) {
// Rest of the validating code which works if I remove above token
// or if I validate $_SESSION['token'] against itself.
}
}
}
}
}
}
And this is what i have in my view file:
$token_obj = new Token();
$token = $token_obj->token; // Variable used in a hidden input field in the contact `<form>` .
//The same token is stored in two different superglobals: POST and SESSION, which are validated against each other and if they don't match no message is not sent.
$_SESSION['token'] = $token;
// Declare variables used in the contact form.
$name = $email = $message = '';
$name_error = $email_error = $message_error = $result = '';
$contact_form_obj = new ContactForm();
$contact_form_obj->validateContactForm();
When I do var_dump($contact_form_obj), name is NULL, token is NULL.
When I press SUBMIT in my contact form nothing happens bacuse $_POST['token'] = NULL .
Like the comments pointed out, I think there are some problems with the approach that would likely rectify your issues. Try this:
trait TokenTrait
{
public $token = null;
function setToken()
{
if ($this->token === null) {
$this->token = bin2hex(random_bytes(64));
}
return $this->token;
}
}
class Token
{
use TokenTrait;
public function __construct() {
$this->setToken();
}
}
class ContactForm
{
use TokenTrait;
public $name;
public $name_error;
public $token;
public function __construct()
{
$this->name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING) ?: null;
$this->name_error = filter_input(INPUT_POST, 'name_error', FILTER_SANITIZE_STRING) ?: null;
$this->token = filter_input(INPUT_POST, 'token', FILTER_UNSAFE_RAW) ?: null;
}
public function validateContactForm()
{
if (!empty($this->token)) {
// Validate the token. No need to pull from post since you did that in construct
if (hash_equals($_SESSION['token'], $this->token)) {
// If the token is valid proceed.
if (getenv('REQUEST_METHOD') == 'POST') {
if (filter_input(INPUT_POST, 'submit') !== null) {
// Rest of the validating code which works if I remove above token
// or if I validate $_SESSION['token'] against itself.
}
}
}
}
}
}
Granted, I can't see where all the pieces, such as your TokenTrait, fit into your larger Web App, but I'd question it's usefulness in the ContactForm class.
I think I may have found the answer.
class Token
{
public $token;
function __construct()
{
$this->token = bin2hex(random_bytes(64));
}
}
$token_obj = new Token();
if (empty($_SESSION['token'])) {
$_SESSION['token'] = $token_obj->token;
}
$token = $_SESSION['token'];
If you don't validate $_SESSION['token'] first, it won't work.
Thank you guys for clarifying all this for me.
I have a login.php and authenticate.php
I want to access a variable inside the authenticate.php inside a class.
I want to get the error message from authenticate class to my login.php
This is my class inside Authenticate.php
Class Authenticate {
public $invalidUserErrMsg = "sdfs";
static public function LDAPAuthenticate() {
//connection stuff
} else {
$msg = "Invalid username / password";
$this->invalidUserErrMsg = $msg;
}
}
static public function invalidUserErr() {
echo $hits->invalidUserErrMsg;
return $this->invalidUserErrMsg;
}
}
This is how I'm printing inside login.php
<?php
$error = new Authenticate();
$error->invalidUserErr();
?>
Class Authenticate {
public $invalidUserErrMsg = "sdfs";
public function LDAPAuthenticate() {
if($hello) {
echo 'hello';
} else {
$msg = "Invalid username / password";
$this->invalidUserErrMsg = $msg;
}
}
public function invalidUserErr() {
return $this->invalidUserErrMsg;
}
}
<?php
$error = new Authenticate();
echo $error->invalidUserErr();
?>
Don't echo the variable within the class but echo the method on login.php. There is no need to make it a static function if you are going to instantiate the object anyway.
Check out this page on the static keyword
For accessing static function you need
<?php
$error = new Authenticate::invalidUserErr();
?>
I would like to know that if there is a method in the controller which require arguments and the user changes the argument in the URL by hand, and presses enter it should display the default page. Below is my bootstrap, then I have already created a error controller for URL error. So please give some coding guide or if there is some thing in my code, change it. Thanks in advance.
<?php
class App
{
protected $controller = 'indexController';
protected $method = 'index';
protected $params = array();
public function __construct()
{
$url = $this->parseUrl();
//print_r($url);
if (isset($url[0]))
{
if (file_exists('app/controllers/'.$url[0].'.php'))
{
$this->controller = $url[0];
unset($url[0]);
}
require_once('app/controllers/'.$this->controller.'.php');
$this->controller = new $this->controller;
}
else
{
$error = new errorController();
$error->setError("Page Not Found");
echo $error->getError();
}
if (isset($url[1]))
{
if (method_exists($this->controller,$url[1]))
{
$this->method = $url[1];
unset($url[1]);
}
else
{
$error = new errorController();
$error->setError("Page Not Found");
echo $error->getError();
}
}
else
{
$error = new errorController();
$error->setError("Page Not Found");
echo $error->getError();
}
$this->params = $url ? array_values($url) : array();
call_user_func_array(array($this->controller,$this->method),$this->params);
}
public function parseUrl()
{
if (isset($_GET['url']))
{
return $url =explode('/',filter_var(rtrim($_GET['url'],'/'),FILTER_SANITIZE_URL));
}
}
}
The method itself must check if the parameters provided are valid and throw an exception if not. Afterwards just catch the exception and trigger and error page to be displayed.
Seems like you could use POST and $_POST, instead of GET. Then it won't matter if the user includes or alters parameters because your PHP will ignore them.
Here is a code:
public function loginAction()
{
$form = new Application_Form_Login();
$this->view->form = $form;
if($this->_request->isPost())
{
self::$dataForm = $this->_request->getPost();
if($this->form->isValid(self::$dataForm))
{
return $this->_forward('authorization');
} else
{
$this->form->populate(self::$form);
}
}
}
public function authorizationAction()
{
if($this->_request->isPost())
{
$auth = Zend_Auth::getInstance();
$authAdapter = new Application_Model_User($this->user->getAdapter(),'user');
$authAdapter->setIdentityColumn('USERNAME')
->setCredentialColumn('PASSWORD');
$password = md5(self::$dataForm['password']);
$authAdapter->setIdentity(self::$dataForm['username']);
$authAdapter->setCredental($password);
$result = $auth->authenticate($authAdapter);
echo 'ok';
/*
if($result->isValid())
{
//$this->_forward('authorized', 'user');
echo 'ok';
}*/
}
}
Any idea why it does not work? I didn't get any error just blank page.
Shouldn't you be calling if($form->isValid(self::$dataForm)) ?
As far as I understand it is a bad idea to use the $this->_forward() as it calls the dispatch loop again.
Personally I would place the authorization code into a model class and pass it the username & password from the form.