I have simple clasS:
User:
id | login | password | desc
and form with this.
How can i make - if input password is null(strlen == 0) then in model doesn`t matter.
Now i have in User.class.php in function save:
$this->setPassword(sha512($this->getPassword));
You have to ensure not to have a "NOT NULL" on DB level, so empty values are ignored normally by ORM.
There are 2 possibilties to change a given password by a custom function, so i'll give you some simple examples.
1) In your model file (i guess you have doctrine or propel ?!) :
/**
* via object's event handler
*/
preSave(){
if(strlen($this->getPassword()) > 0){
$this->setPassword(sha512($this->getPassword()));
}
}
2) Or even as a form validator :
/**
* custom validator
*/
class myValidatorOldPassword extends sfValidatorBase{
/**
* Clean and validate user input
*
* #param mixed $value Value of form input
* #return mixed Value
*/
protected function doClean($value)
{
// trim is not needed
$clean = (string) $value;
// password is ok?
if (strlen($clean) > 0)
{
return sha512($clean);
}
// Throw error - if you want
// throw new sfValidatorError($this, 'invalid', array('value' => $value));
// or return empty value
return $clean;
}
}
Of course this code may be improved, as it's only hint for you.
Related
I am working on an application that I need to post a secret variable. I wrote this code.
<form target="_blank" action="/validate/lista.php" method="POST">
<input type="hidden" name="evento" value="<?php echo $pname ?>" />
<button class="btn btn-block btn-md btn-outline-success">Lista</button>
</form>
My problem is that if the user inspect the element with chrome or whatever, he can see the value and change it before POST.
I could use SESSION but every user has a different session ID and this way I would need to POST the session ID (because they are separete applications), which I think is not secure. Or is it ok?
How can I prevent this? I am new to programming...
Thank you
Maintain HTML Form State safely ('Conversation' Tracking)
Keep track of the 'state' of an HTML Form as it is processed by the client and the server.
The typical 'conversation' is:
Send a new form to the client, often for a specific user who has to login.
The client enters data and returns it.
It is validated and may be sent out again.
The data changes are applied.
the client is informed of the result.
It sounds simple. Alas, we need to keep track of the 'state' of the form during the 'conversation'.
We need to record the state in a hidden field. This can open us up to various 'failure modes'.
This answer is one method of reliably keeping track of the 'conversations'.
Including people being 'malicious'. It happens. ;-/
This is a data change form so we don't want it applied to the wrong person.
There are various requirements:
Sensible ones:
prevent a form being processed twice
Ask a user to confirm the data if the form is too old
Malicious ones:
Changing the form to appear to be from a different user
Using an old copy of the form
Changing other hidden data to corrupt the user data
Now, we cannot prevent the client changing the hidden data, or storing it to replay later. etc.
What to do?
We need to ensure that if it is changed then we can detect that it is tampered with and tell the user about it. We do nothing.
If they send us an old stored valid copy then we can detect that as well.
Is there a simple way of doing this? Oh yes! :)
Answers:
Give each form a unique id: makes it easy to determine if we have already seen it.
Give each form a timestamp of when it was first created.
we can then decide the max age we allow to use it.
If it is too old then we just copy the entered data to a new form and ask the user to confirm it. see Captcha :)
When we process the form we store the form id.
The first check before processing a form is to see if we have already processed it
Identifying 'tampering'?
We encrypt it with AES! :) Only the server needs to know the password so there are no client issues.
If it is changed then the decrypt will fail and we just issue a new form to the user with the data input on it. :)
Is it a lot of code? Not really. And it makes forms processing safe.
One advantage is that has the protection for the CSRF attack built in so no separate code needed.
Program Code (FormState Class)
<?php
/**
* every 'data edit' form has one of these - without exeception.
*
* This ensures that the form I sent out came from me.
*
* It has:
* 1) A unique #id
* 2) A date time stamp and a lifetime
*
* Can be automatically generated and checked.
*/
class FormState {
const MAX_FORM_AGE = 600; // seconds
const ENC_PASSWORD = '327136823981d9e57652bba2acfdb1f2';
const ENC_IV = 'f9928260b550dbb2eecb6e10fcf630ba';
protected $state = array();
public function __construct($prevState = '')
{
if (!empty($prevState)) {
$this->reloadState($prevState); // will not be valid if fails
return;
}
$this->setNewForm();
}
/**
* Generate a new unique id and timestanp
*
* #param $name - optional name for the form
*/
public function setNewForm($name = '')
{
$this->state = array();
$this->state['formid'] = sha1(uniqid(true)); // each form has a unique id
$this->state['when'] = time();
if (!empty($name)) {
$this->setAttribute('name', $name);
}
}
/**
* retrieve attribute value
*
* #param $name attribute name to use
* #param $default value to return if attribute does not exist
*
* #return string / number
*/
public function getAttribute($name, $default = null)
{
if (isset($this->state[$name])) {
return $this->state[$name];
} else {
return $default;
}
}
/**
* store attribute value
*
* #param $name attribute name to use
* #param $value value to save
*/
public function setAttribute($name, $value)
{
$this->state[$name] = $value;
}
/**
* get the array
*/
public function getAllAttributes()
{
return $this->state;
}
/**
* the unique form id
*
* #return hex string
*/
public function getFormId()
{
return $this->getAttribute('formid');
}
/**
* Age of the form in seconds
* #return int seconds
*/
public function getAge()
{
if ($this->isValid()) {
return time() - $this->state['when'];
}
return 0;
}
/**
* check the age of the form
*
*#param $ageSeconds is age older than the supplied age
*/
public function isOutOfDate($ageSeconds = self::MAX_FORM_AGE)
{
return $this->getAge() >= $ageSeconds;
}
/**
* was a valid string passed when restoring it
* #return boolean
*/
public function isValid()
{
return is_array($this->state) && !empty($this->state);
}
/** -----------------------------------------------------------------------
* Encode as string - these are encrypted to ensure they are not tampered with
*/
public function asString()
{
$serialized = serialize($this->state);
$encrypted = $this->encrypt_decrypt('encrypt', $serialized);
$result = base64_encode($encrypted);
return $result;
}
/**
* Restore the saved attributes - it must be a valid string
*
* #Param $prevState
* #return array Attributes
*/
public function fromString($prevState)
{
$encrypted = #base64_decode($prevState);
if ($encrypted === false) {
return false;
}
$serialized = $this->encrypt_decrypt('decrypt', $encrypted);
if ($serialized === false) {
return false;
}
$object = #unserialize($serialized);
if ($object === false) {
return false;
}
if (!is_array($object)) {
throw new \Exception(__METHOD__ .' failed to return object: '. $object, 500);
}
return $object;
}
public function __toString()
{
return $this->asString();
}
/**
* Restore the previous state of the form
* will not be valid if not a valid string
*
* #param $prevState an encoded serialized array
* #return bool isValid or not
*/
public function reloadState($prevState)
{
$this->state = array();
$state = $this->fromString($prevState);
if ($state !== false) {
$this->state = $state;
}
return $this->isValid();
}
/**
* simple method to encrypt or decrypt a plain text string
* initialization vector(IV) has to be the same when encrypting and decrypting
*
* #param string $action: can be 'encrypt' or 'decrypt'
* #param string $string: string to encrypt or decrypt
*
* #return string
*/
public function encrypt_decrypt($action, $string)
{
$output = false;
$encrypt_method = "AES-256-CBC";
$secret_key = self::ENC_PASSWORD;
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$secret_iv_len = openssl_cipher_iv_length($encrypt_method);
$secret_iv = substr(self::ENC_IV, 0, $secret_iv_len);
if ( $action == 'encrypt' ) {
$output = openssl_encrypt($string, $encrypt_method, $secret_key, OPENSSL_RAW_DATA, $secret_iv);
} else if( $action == 'decrypt' ) {
$output = openssl_decrypt($string, $encrypt_method, $secret_key, OPENSSL_RAW_DATA, $secret_iv);
}
if ($output === false) {
// throw new \Exception($action .' failed: '. $string, 500);
}
return $output;
}
}
Example Code
Full Example Application Source Code (Q49924789)
Website Using the supplied Source Code
FormState source code
Do we have an existing form?
$isExistingForm = !empty($_POST['formState']);
$selectedAction = 'start-NewForm'; // default action
if ($isExistingForm) { // restore state
$selectedAction = $_POST['selectedAction'];
$formState = new \FormState($_POST['formState']); // it may be invalid
if (!$formState->isValid() && $selectedAction !== 'start-NewForm') {
$selectedAction = "formState-isWrong"; // force user to start a new form
}
} else {
$_POST = array(); // yes, $_POST is just another PHP array
$formState = new \FormState();
}
Start New Form
$formState = new \FormState();
$_POST = array();
$displayMsg = "New formstate created. FormId: ". $formState->getFormId();
Store UserId (Database Id) in the FormState
$formState->setAttribute('userId' $userId);
Check a form being to old?
$secsToBeOutOfDate = 3;
if ($formState->isOutOfDate($secsToBeOutOfDate)) {
$errorMsg = 'Out Of Date Age: '. $secsToBeOutOfDate .'secs'
.', ActualAge: '. $formState->getAge();
}
Reload State from the form hidden field.
$formState = new \FormState('this is rubbish!!');
$errorMsg = "formState: isValid(): ". ($formState->isValid() ? 'True' : 'False');
Check if a form has already been processed.
if (isset($_SESSION['processedForms'][$formState->getFormId()])) {
$errorMsg = 'This form has already been processed. (' . $formState->getFormId() .')';
break;
}
$_SESSION['processedForms'][$formState->getFormId()] = true;
$displayMsg = "Form processed and added to list.";
I have question about constraints,
https://symfony.com/doc/current/reference/constraints.html
I have entity with multiple checkboxes (boolean type) .
Now i need some non-standard logic here like:
if checkbox A is checked then checkbox B must be checked too.
if checkboxes A,B,C are checked then checkbox D must be checked too
And now the question is :
Am i able to make logic like this with constraints (if yes - it would be grat if someone can provide example) ? or only way is to move this logic to controller ?
As your logic is specific, you have to do some specific code to validate it.
Symfony gives you 3 tools to do it:
The Callback Constraints which is a custom php function (see #Yoshi answer's)
The Expression Constraint which is a custom expression parsed. Example:
/**
* #Assert\Expression(
* "'1' in this.getCheckboxValues() and !('3' in this.getCheckboxValues())",
* )
*/
Or your own custom constraint
I think the simplest solution would be to use a callback contraint:
Something like:
<?php
namespace App\Entity;
use Symfony\Component\Validator\Constraints as Assert;
use Symfony\Component\Validator\Context\ExecutionContextInterface;
class Entity
{
private $checkbox_a = false;
private $checkbox_b = false;
private $checkbox_c = false;
private $checkbox_d = false;
/**
* #Assert\Callback
*
* #param ExecutionContextInterface $context
* #param mixed $payload
*/
public function validate(ExecutionContextInterface $context, $payload)
{
if ($this->checkbox_a && !$this->checkbox_b) {
$context->buildViolation('Must be checked because of checkbox_a!')
->atPath('checkbox_b')
->addViolation();
}
if ($this->checkbox_a && $this->checkbox_b && $this->checkbox_c && !$this->checkbox_d) {
$context->buildViolation('Must be checked because of all others are checked!')
->atPath('checkbox_d')
->addViolation();
}
}
}
I am creating a multistep form in CakePHP using http://bakery.cakephp.org/2012/09/09/Multistep-forms.html?
But it's not redirecting well. As I click next in step 1, it redirects me to msf_index.
Probably I'm not proceeding the right step count in the msf_setup method.
Why is this happening ?
Here is the Controller Code that I have just copy-pasted.
class UsersController extends AppController {
/**
* use beforeRender to send session parameters to the layout view
*/
public function beforeRender() {
parent::beforeRender();
$params = $this->Session->read('form.params');
$this->set('params', $params);
}
/**
* delete session values when going back to index
* you may want to keep the session alive instead
*/
public function msf_index() {
$this->Session->delete('form');
}
/**
* this method is executed before starting the form and retrieves one important parameter:
* the form steps number
* you can hardcode it, but in this example we are getting it by counting the number of files that start with msf_step_
*/
public function msf_setup() {
App::uses('Folder', 'Utility');
$usersViewFolder = new Folder(APP.'View'.DS.'Users');
$steps = count($usersViewFolder->find('msf_step_.*\.ctp'));
$this->Session->write('form.params.steps', $steps);
$this->Session->write('form.params.maxProgress', 0);
$this->redirect(array('action' => 'msf_step', 1));
}
/**
* this is the core step handling method
* it gets passed the desired step number, performs some checks to prevent smart users skipping steps
* checks fields validation, and when succeding, it saves the array in a session, merging with previous results
* if we are at last step, data is saved
* when no form data is submitted (not a POST request) it sets this->request->data to the values stored in session
*/
public function msf_step($stepNumber) {
/**
* check if a view file for this step exists, otherwise redirect to index
*/
if (!file_exists(APP.'View'.DS.'Users'.DS.'msf_step_'.$stepNumber.'.ctp')) {
$this->redirect('/users/msf_index');
}
/**
* determines the max allowed step (the last completed + 1)
* if choosen step is not allowed (URL manually changed) the user gets redirected
* otherwise we store the current step value in the session
*/
$maxAllowed = $this->Session->read('form.params.maxProgress') + 1;
if ($stepNumber > $maxAllowed) {
$this->redirect('/users/msf_step/'.$maxAllowed);
} else {
$this->Session->write('form.params.currentStep', $stepNumber);
}
/**
* check if some data has been submitted via POST
* if not, sets the current data to the session data, to automatically populate previously saved fields
*/
if ($this->request->is('post')) {
/**
* set passed data to the model, so we can validate against it without saving
*/
$this->User->set($this->request->data);
/**
* if data validates we merge previous session data with submitted data, using CakePHP powerful Hash class (previously called Set)
*/
if ($this->User->validates()) {
$prevSessionData = $this->Session->read('form.data');
$currentSessionData = Hash::merge( (array) $prevSessionData, $this->request->data);
/**
* if this is not the last step we replace session data with the new merged array
* update the max progress value and redirect to the next step
*/
if ($stepNumber < $this->Session->read('form.params.steps')) {
$this->Session->write('form.data', $currentSessionData);
$this->Session->write('form.params.maxProgress', $stepNumber);
$this->redirect(array('action' => 'msf_step', $stepNumber+1));
} else {
/**
* otherwise, this is the final step, so we have to save the data to the database
*/
$this->User->save($currentSessionData);
$this->Session->setFlash('Account created!');
$this->redirect('/users/msf_index');
}
}
} else {
$this->request->data = $this->Session->read('form.data');
}
/**
* here we load the proper view file, depending on the stepNumber variable passed via GET
*/
$this->render('msf_step_'.$stepNumber);
}
}
The problem might be here:
public function msf_setup() {
App::uses('Folder', 'Utility');
$usersViewFolder = new Folder(APP.'View'.DS.'Users');
$steps = count($usersViewFolder->find('msf_step_.*\.ctp'));
$this->Session->write('form.params.steps', $steps);
$this->Session->write('form.params.maxProgress', 0);
$this->redirect(array('action' => 'msf_step', 1));
}
Also, I have added four msf_setp files in view/Users like
msf_step_1, msf_step_2, msf_setp_3, msf_step_4.
Please help. I'm Stuck. Thankx in advance.
Is it possible to create custom HTML attributes on CHtml::checkboxList?
For example, I want to generate an input like this, adding the custom attribute "data-input-x":
<input class="customClass" id="Model_inputX_0" value="1" name="Model[relationX][]" type="checkbox" data-input-x="3">
I already tried using the code bellow, but it not worked:
echo $form->checkboxList($model, 'relationX', $dataList, array('class'=>'checkboxFase refeicaoFaseComum', 'data-input-x'=>3));
If you run your code and inspect element it you will see values the values created by Yii, the difference. Echos under a foreach loop will work nicely..
You can extend CHtml like that:
In folder "components" you create a new file named MyCHtml. In there create the class MyCHtml and copy the core code of framework for checkBoxList (https://github.com/yiisoft/yii/blob/1.1.16/framework/web/helpers/CHtml.php#L1123).
class MyCHtml extends CHtml {
//Final method is provided below
}
Then you add the parameter $extraAttributes=array() after $htmlOptions=array().
The trick is to add those attributes and their values at $htmlOptions array of each input.
If all your configurations are correct and you have access to your componenets as normal, you can call the new checkBoxList function like this:
<?php
//Values can be created dynamically or statically depending on situation
//Each value corresponds to each checkbox value that you want to contain the extra attribute
$extraAttributes = array(
'data-input-x'=>array(
6=>'k',
11=>'a',
7=>'b'),
'data-input-y'=>array(
6=>'c',
2=>'d'),
);
echo MyCHtml::checkboxList(($name, $select, $data, $htmlOptions, $extraAttributes);
?>
The whole class is the following:
<?php
class MyCHtml extends CHtml
{
/**
* Generates a list box.
* ...
* #param array $extraAttributes extra HTML attributes corresponding on each checkbox
* ...
*/
public static function checkBoxList($name,$select,$data,$htmlOptions=array(), $extraAttributes=array())
{
$template=isset($htmlOptions['template'])?$htmlOptions['template']:'{input} {label}';
$separator=isset($htmlOptions['separator'])?$htmlOptions['separator']:self::tag('br');
$container=isset($htmlOptions['container'])?$htmlOptions['container']:'span';
unset($htmlOptions['template'],$htmlOptions['separator'],$htmlOptions['container']);
if(substr($name,-2)!=='[]')
$name.='[]';
if(isset($htmlOptions['checkAll']))
{
$checkAllLabel=$htmlOptions['checkAll'];
$checkAllLast=isset($htmlOptions['checkAllLast']) && $htmlOptions['checkAllLast'];
}
unset($htmlOptions['checkAll'],$htmlOptions['checkAllLast']);
$labelOptions=isset($htmlOptions['labelOptions'])?$htmlOptions['labelOptions']:array();
unset($htmlOptions['labelOptions']);
$items=array();
$baseID=isset($htmlOptions['baseID']) ? $htmlOptions['baseID'] : self::getIdByName($name);
unset($htmlOptions['baseID']);
$id=0;
$checkAll=true;
foreach($data as $value=>$labelTitle)
{
$checked=!is_array($select) && !strcmp($value,$select) || is_array($select) && in_array($value,$select);
$checkAll=$checkAll && $checked;
$htmlOptions['value']=$value;
$htmlOptions['id']=$baseID.'_'.$id++;
//********This does the trick
foreach($extraAttributes as $attributesKey => $attributesValue) {
$found = false;
foreach($attributesValue as $subAttributesKey => $subAttributesValue) {
if ($value === $subAttributesKey) {
$htmlOptions[$attributesKey] = $subAttributesValue;
$found = true;
break;
}
}
if (!$found) {
$htmlOptions[$attributesKey] = '';
}
}
//********All the rest is the same with core method
$option=self::checkBox($name,$checked,$htmlOptions);
$beginLabel=self::openTag('label',$labelOptions);
$label=self::label($labelTitle,$htmlOptions['id'],$labelOptions);
$endLabel=self::closeTag('label');
$items[]=strtr($template,array(
'{input}'=>$option,
'{beginLabel}'=>$beginLabel,
'{label}'=>$label,
'{labelTitle}'=>$labelTitle,
'{endLabel}'=>$endLabel,
));
}
if(isset($checkAllLabel))
{
$htmlOptions['value']=1;
$htmlOptions['id']=$id=$baseID.'_all';
$option=self::checkBox($id,$checkAll,$htmlOptions);
$beginLabel=self::openTag('label',$labelOptions);
$label=self::label($checkAllLabel,$id,$labelOptions);
$endLabel=self::closeTag('label');
$item=strtr($template,array(
'{input}'=>$option,
'{beginLabel}'=>$beginLabel,
'{label}'=>$label,
'{labelTitle}'=>$checkAllLabel,
'{endLabel}'=>$endLabel,
));
if($checkAllLast)
$items[]=$item;
else
array_unshift($items,$item);
$name=strtr($name,array('['=>'\\[',']'=>'\\]'));
$js=<<<EOD
jQuery('#$id').click(function() {
jQuery("input[name='$name']").prop('checked', this.checked);
});
jQuery("input[name='$name']").click(function() {
jQuery('#$id').prop('checked', !jQuery("input[name='$name']:not(:checked)").length);
});
jQuery('#$id').prop('checked', !jQuery("input[name='$name']:not(:checked)").length);
EOD;
$cs=Yii::app()->getClientScript();
$cs->registerCoreScript('jquery');
$cs->registerScript($id,$js);
}
if(empty($container))
return implode($separator,$items);
else
return self::tag($container,array('id'=>$baseID),implode($separator,$items));
}
public static function activeCheckBoxList($model,$attribute,$data,$htmlOptions=array())
{
self::resolveNameID($model,$attribute,$htmlOptions);
$selection=self::resolveValue($model,$attribute);
if($model->hasErrors($attribute))
self::addErrorCss($htmlOptions);
$name=$htmlOptions['name'];
unset($htmlOptions['name']);
if(array_key_exists('uncheckValue',$htmlOptions))
{
$uncheck=$htmlOptions['uncheckValue'];
unset($htmlOptions['uncheckValue']);
}
else
$uncheck='';
$hiddenOptions=isset($htmlOptions['id']) ? array('id'=>self::ID_PREFIX.$htmlOptions['id']) : array('id'=>false);
$hidden=$uncheck!==null ? self::hiddenField($name,$uncheck,$hiddenOptions) : '';
return $hidden . self::checkBoxList($name,$selection,$data,$htmlOptions);
}
/**
* Generates a push Html button that can submit the current form in POST method.
* #param string $label the button label
* #param mixed $url the URL for the AJAX request. If empty, it is assumed to be the current URL. See {#link normalizeUrl} for more details.
* #param array $ajaxOptions AJAX options (see {#link ajax})
* #param array $htmlOptions additional HTML attributes. Besides normal HTML attributes, a few special
* attributes are also recognized (see {#link clientChange} and {#link tag} for more details.)
* #return string the generated button
*/
public static function ajaxSubmitHtmlButton($label,$url,$ajaxOptions=array(),$htmlOptions=array())
{
$ajaxOptions['type']='POST';
$htmlOptions['type']='submit';
return self::ajaxHtmlButton($label,$url,$ajaxOptions,$htmlOptions);
}
}
I'm writing a large project, and here's a class that I'll use it often:
class Star
{
/**
* Add
*
* Add a star to something.
*
* #param int $ID The ID of the thing.
*/
function Add($ID)
{
if($this->Starred($ID))
return 'You starred it already.';
if(!$this->Existing($ID))
return 'The one you tried to star does no longer exist.';
$this->DB->Star($ID);
return 'Starred successfully!';
}
}
$Star = new Star();
But I will use it in different ways like: single page or inside a function,
here's the problem, sometimes, I want to know the return code not the message,
but when I use it in the single page, I want it to return the messaage,
so if I change the Add() function to this:
function Add($ID)
{
if($this->Starred($ID))
return 0;
if(!$this->Existing($ID))
return 1;
$this->DB->Star($ID);
return 2;
}
I can now use it in my functions like this to handle an error:
/** Leaves a comment */
$Comment->Say('Hello.', $ID);
/** Auto star the post because we commented on it */
if($Star->Add($ID) == 2)
{
/** Remove the comment because the post does no longer exist */
$Comment->Remove('Hello.', $ID);
return 'Sorry ; _ ;, the post does no longer exist.';
}
but what if I need to return a message in many other pages?
I need to write this code every time?
switch($Star->Add($ID))
{
case 0:
return 'You starred it already.';
break;
case 1:
return 'The one you tried to star does no longer exist.';
break;
case 2:
return 'Starred successfully!';
break;
}
I'm just confuse about it, any help would be appreciated.
For a direct solution to your code read the Edit 1 section.
I'm currently working on a rather large project and I'm using a ErrorHandler class that I made. I found that working with a generic error handler class has made it easier.
class ErrorHandler
{
/**
* #var string an array containing all the errors set.
*/
private static $errors = [];
/**
* Set an error.
*
* #param string $error - The error message you'd like to set.
* #return string - The error being set to $errors array.
*/
public static function add($error)
{
return self::$errors[] = $error;
}
/**
* Get all the errors.
*
* #return boolean if the $errors array is empty it will return false, otherwise it will return the errors.
*/
public static function get()
{
foreach (self::$errors as $error) {
if (empty(trim($error)))
return false;
}
return self::$errors;
}
}
Basically how I use it is like this, say I needed to validate a form input say a login, I'd first check if the user pressed the submit button, then I'd use the ternary operator to run some validations and if it fails I use the ErrorHandler class.
if(isset($_POST['login'])) {
$emailAddress = someValidationsHere ? doSomethingWithValidInput : ErrorHandler::add("Email field is empty or format is invalid.");
$password = someValidationsHere ? doSomethingWithValidInput : ErrorHandler::add("Password field can't be empty and can't use special characters.");
if(!ErrorHandler::get()) {
echo User::login($emailAddress, $password, $autoLogin);
} else {
$errors = ErrorHandler::get();
foreach($errors as $error) {
echo $error . "<br/>";
}
}
}
So what that bottom if statement does is check if the ErrorHandler::get functions does not return false which in that case no need to show an error message and you can progress with the code, else it will display the error page, this way you can show multiple errors and have custom formatting.
I prefer this method as it is more of a long term solution as you may change the ID's then you'd have to go through all your code and change the code manually. Also it gives your code some sort of structure and that keeps your code clean.
Edit 1
How is this class? You now know the error codes using the const value and you can parse the error code to a message using the getMessage function. Also your code is more understandable and adaptable.
Why is it more...
understandable?
Because now when you (or someone else) looks at this code they see the clean name from the const so ALREADY_STARRED_ERROR will let the developer know instantly what the error means.
adaptable?
Well now you can change your hard coded errors and it wouldn't affect the code in anyway, so if in the future you wish to changed it because of a spelling mistake or other errors, you can change the array message.
<?php
class Star
{
const ALREADY_STARRED_ERROR = 1;
const NOT_FOUND_ERROR= 2;
const SUCCESSFUL_ENTRY = 3;
function getMessage($code)
{
$messages = [
1 => "You starred it already.",
2 => "The one you tried to star does no longer exist.",
3 => "Starred successfully!"
];
return $message[$code];
}
/**
* Add
*
* Add a star to something.
*
* #param int $ID The ID of the thing.
*/
function Add($ID)
{
if($this->Starred($ID))
return self::ALREADY_STARRED_ERROR;
if(!$this->Existing($ID))
return self::NOT_FOUND_ERROR;
$this->DB->Star($ID);
return self::SUCCESSFUL_ENTRY;
}
}
?>
I'd like to think Edit 1 addressed both the issues you had.
sometimes, I want to know the return code not the message,
but when I use it in the single page, I want it to return the messaage,
Place the switch to a function, like AddWithMessage:
function AddWithMessage($Star)
{
switch($Star->Add($ID))
{
case 0:
return 'You starred it already.';
break;
case 1:
return 'The one you tried to star does no longer exist.';
break;
case 2:
return 'Starred successfully!';
break;
}
}
Then use it across any single page you need instead of Add