I wanted some suggestions from someone with experience in php.
I am making a website in php which will have 4 kinds of users :
1. guest(unregistered),
2. registered,
3. registered with special privilages,
4. admins
So the same page will be visible differently to all four of them.
Right now I am doing that by using if conditions.
In every page, I am checking the role of the user and then using many if statements to display the page accordingly.
It makes the code very big and untidy and I have to check conditions again and again in all the pages.
Is there a better way to do this?
How is this done in big professional websites?
Extended Question:
What is the most optimal way to do the same using a MVC framework like kohana 3.1? Does it have anything to do with acl?
It really depends on what you need.
For example if the page has big part that change completely, what I would suggest is to create different templates and include them depending on their "permissions"
$permission = $_SESSION['type_user'];
include '/path/to/file/with/permission/'.$permission.'/tpl.html';
and have something in the page similar to
<?php
//inside include.php you have the line similar to
//$permission = isset($_SESSION['type_user']) && $_SESSION['type_user']!=''?$_SESSION['type_user']:'common';
require_once '/mast/config/include.php';
include '/path/to/file/with/permission/common/header.html';
include '/path/to/file/with/permission/'.$permission.'/tpl_1.html';
include '/path/to/file/with/permission/common/tpl_2.html';
include '/path/to/file/with/permission/'.$permission.'/tpl_3.html';
include '/path/to/file/with/permission/common/footer.html';
?>
if the script is full of small parts like "show this text", or "show this button", you can create a function that will check the permissions for you
<?php
function can_user($action, $what){
switch($action){
case 'write':
return $your_current_if_on_what;
break;
case 'read':
default:
return $your_current_if_on_what;
break;
}
}
?>
and the template will look like:
[my html]
<?=can_user('read','button')?'My Button':''?>
[my html]
As a rule of thumb, if a piece of code is used more than 2 times, it needs to be put in a function/file separately, so if you have many "IFS" you need to create a function
Related
I have pages in my website with URLs like this:
http://example.com/index.php?page=about
http://example.com/index.php?page=portofolio
http://example.com/index.php?page=location
http://example.com/index.php?page=mission
http://example.com/index.php?page=contact
http://example.com/index.php?page=register
http://example.com/index.php?page=login
Now, the objective is to include be it a simple about.html page containing a simple text about the company, or a form processor file called register.php when ?page=register is called.
This is how I am handling the contents.
$id= isset($_GET && !empty($_GET['page'])) ? htmlspecialchars($_GET['page']) : false;
switch($id){
case 'about':
include 'about.html';
break;
case 'porofolio':
include 'portofolio.html';
break;
case 'contact':
include 'contact_form.html';
include 'contact_process.php';
break;
case 'login':
if(isset($_SESSION['user_login'])){
echo 'You are already logged in';
}else{
include 'login_form.html';
include 'login_process.php';
}
default:
die('Page not found');
break;
}
Yes, I know It is horrible. I know trust me. That is why, I need better maintainable solution to this.
Now, if you are just curious what could be inside process_login.php It looks like:
if($_POST){
if(!empty($_POST['username']) && !empty($_POST['password'])){
try{
$pdo = new PDO(...);
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = ? AND password = ?");
if($stmt->rowCount(){
$_SESSION['user_login'] = $_POST['username'];
header('location: success.php'); exit;
}
}
}
}
This is just an example I quickly wrote, so there may be some typo or another thing I've left. What I am interested to know is how to better create/emulate a practice of handling the switch statements, as it does not seem to me a good oop-oriented approach for such task. I want something maintainable, extensible approach.
If you are wandering why I have only have one page index.php, it is because I don't want to create static pages for all the pages, as they have the same layout, making the HTML improvement easier. Instead of one day, opening 7 files to change/add a single tag, it would make sense to do it only once.
second, if you wandering why I chose to include the about.html page instead of simple storing the plain text in database, is because I didn't want to create a field/table/connection just for that 10 line simple text, as I would be saving some overhead performance. (Although I am sure, you may not agree on this)
So, the general question is, how to get rid of that complexity with switch statement, which makes me end up creating files like login_process.php instead of dealing with it, in some OOP way that I am not aware of.
Sorry for the wall of text :( and thanks in advance.
The solution that you're looking for is really MVC and templating your views. Further, you're essentially creating your own router, your router is pretty simple compared to some of the complex routing schemes found in some of the major frameworks, so if you're looking to simplify further, that's going to be kinda difficult.
If you want to see how this is all done in a very OOP manner, checkout something like the Zend Framework 2, CakePHP, etc.
I am creating a site where different account types will be shown a different version of each page. I have it working, but my question is in terms of speed / "best practices". Which of the following (or something completely different) would be the best way to do this?
Option 1. Break each account type into individual sections of the file:
if($accountType == "type1"){
//All lines of code for the account type1 page
}
elseif($accountType == "type2"){
//All lines of code for the account type2 page
}
elseif($accountType == "type3"){
//All lines of code for the account type3 page
}
Option 2. Break each account type into sections of the file using include files:
if($accountType == "type1"){
//this file has all of the code for account type1 page
require('includes/accounts/type1/file.php');
}
elseif($accountType == "type2"){
//this file has all of the code for account type1 page
require('includes/accounts/type2/file.php');
}
elseif($accountType == "type3"){
//this file has all of the code for account type1 page
require('includes/accounts/type3/file.php');
}
Option 3. Use lots of conditional statements throughout the file to generate the page for each account type:
if($accountType == "type1"){
$result = mysql_query("//sql statement for account type1");
}
elseif($accountType == "type2"){
$reslut = mysql_query("//sql statement for account type2");
}
elseif($accountType == "type3"){
$result = mysql_query("//sql statement for account type3");
}
while ($row = mysql_fetch_array($result)) {
$variable1 = $row['variable1'];
if($accountType == "type1"){
$variable2 = $row['type1Variable2'];
$variable3 = $row['type1Variable3'];
}
elseif($accountType == "type2"){
$variable2 = $row['type2Variable2'];
}
elseif($accountType == "type3"){
$variable2 = $row['type3Variable2'];
}
$variable4 = $row['Variable4'];
}
echo "The variables echoed out are $variable1, $variable2";
if($accountType == "type1"){
echo ", $variable3";
}
echo "and $variable4";
//the rest of the file to follow in the same way
Basically it comes down to this:
Option 1: the file is 1000 lines of code.
Option 2: the file is 30 lines of code, and each include file is between 250-350 lines of code.
Option 3: the file is 650 lines of code. It is less because some of the code can be 'shared' between all three account types.
Which option would be the fastest / "best practice"? I am leaning toward option 3 because overall file size would be smaller, but there are a lot more conditional statements with this option (option 1 and 2 only would have three conditional statements, whereas option 3 would have 40 for example). Does having this many more conditional statements make the file process slower? Is there actually any difference between option 1 and option 2 (does separating the blocks of code into include files mean that it will only load one include file per account type? Or does php load all three files and just choose the proper one?)?
Thanks for your help!
In terms of efficiency, Option 3 would be the slowest as it would have more conditional-checks than any other - however, the speed would be very (very) negligible.
To define the "best practice" would be impossible - it really comes down to "what will be the easiest for you and who-you-work-with to maintain". If, down the road, you have to make massive changes to the code but only for $accountType == "type2", do you want to go through a ton of spagetti code (Option 3), or a bit more separated-into-blocks (Option 1), or just open the specific file for that type (Option 2)?
In my personal opinion, even without using OOP/MVC-framework practices, I would recommend Option 2. Splitting each individual type into their own separated files will save you a lot of headaches in the future if you need to update anything. You can even merge certain parts - for instance, if all three types have one "block" that has all of the same look & feel, you can define that in it's own include and include it in all three of the types'-files.
Please, toss version 1 out of the window, will you! Its very sensitive for errors, and mega files are not really handy.
Myself, I use option 2, but I am not sure if it has to do with the lesser code part. I found it easier to create seperate files for each term, so data doesnt get mixed up. Next to that, its easier to modify. Version 3 is sensitive mxiing up data if you dont look out, and I tried to avoid that. So I personally would pick and still picked in my work version 2.
In terms of performance I don't see much difference between any of the options.
Regarding best practices, I would suggest you go for option 2 which is in my opinion the most maintainable, since you get to keep things concerning each type of user separate and within their own bounds.
If you want to reuse code between the pages, you can still create controls for the shared code that can be encapsulated.
Option 1 sounds like having a huge file where it's hard to find things when you want to modify and you have to be concerned about not modifying stuff for other account types.
Option 3 is IMHO the worst since you get awful spaghetti code and in order to find out what is shown to each account type implies having to go through all of the code.
The code below ensures that when a user accesses control panel, they are ran through a quick verification process to validate what their entities are. For instance, if a user is level 1 they are only given access to video feed which means nothing else is available to them.
When I look at the code though, I can see video feed being called when case 1 and 3 are called. I would possibly enjoy an alternative to make the code more efficient.
I was told a possible array could make things a little easier but then again this is faster.
switch ($_SESSION['permission']) {
case 1: // Level 1: Video Feed
include ("include/panels/videofeed.index.php");
break;
case 2: // Level 2: Announcements / Courses / Teachers
include ("include/panels/announcements.index.php");
include ("include/panels/courses.index.php");
include ("include/panels/teachers.index.php");
break;
case 3: // Level 3: Announcements / Video Feed / Courses / Teachers / Accounts / Logs
include ("include/panels/announcements.index.php");
include ("include/panels/videofeed.index.php");
include ("include/panels/courses.index.php");
include ("include/panels/teachers.index.php");
include ("include/panels/accounts.index.php");
include ("include/panels/log.index.php");
break;
case 4: // Level 4: Teachers
include ("include/panels/teachers.index.php");
}
It's fine the way it is. I think you don't mean "efficiency" when you refer to the "repeated" includes. You mean you could compact your code by using the switch fall-through.
While this might make your code smaller, it has no significant impact of efficiency (the time the script takes to run) and it will actually make the code harder to read. Leave it be.
Frist you may run better if you use require_once if its possible.
The second point is to shorten the url it seems that its every include the same.
Maybe try to use it in a function for example:
$permission_id = $_SESSION['permission']
function requireModule($moduleName, $path = 'include/panels/') {
$moduleName .= '.index.php';
require_once($path . $moduleName);
}
// if you want you can add an arry for it:
$permissionModules = array(
array('videofeed'),
array('announcements', 'courses', 'teachers'),
array('announcements', 'courses', 'teachers', 'accounts', 'log', 'videofeed'),
array('teachers')
);
// now we can put it in a more effectiv way
if(array_key_exists($permission_id, $permissionModules)) {
foreach($permissionModules[$permission_id] as $includes) {
requireModule($includes);
}
}
Wrong ? Correct me!
I am developing a site using php and mysql. I want to know... what's a good way to deal with multi-lingual support? I want a user to be able to select from a drop down and select their language. Then everything (content, buttons, links) except the user-written content is in their language.
What's a good way to approach this? Use a cookie? Session?
Something like this works fine:
Langs.php
<?
// check if language switch as been set at url var
if ($_GET["lang_change"]) {
$_SESSION['session_name']["lang"] = $_GET["lang_change"];
}
// set value to lang for verification
$active_lang = $_SESSION['session_name']["lang"];
// verify $lang content and set proper file to be load
switch ($active_lang) {
case 'prt':
$lang_file = 'prt.php';
break;
case 'gbr':
$lang_file = 'gbr.php';
break;
case 'fra' :
$lang_file = 'fra.php';
break;
case 'esp' :
$lang_file = 'esp.php';
break;
case 'deu' :
$lang_file = 'deu.php';
break;
default:
$lang_file = 'gbr.php';
}
// load proper language file for site presentation
include_once ('$lang_file);
?>
LANG GBR FILE (gbr.php)
define("LANG_PAGETITLE_HOMEPAGE", 'Homepage');
define("LANG_BTN_KNOW_MORE", 'know more');
METHOD TO CHANGE LANGUAGE (url sample)
USE ENG
Basically, you have PHP files with constants, each file with a lang.
On click you set a url var (ex: lang_change = lang).
That will force page reload, and the langs.php file include at top of your index.php will load the selected language...
If you need more explanation about this, leave a comment and I'll send you a working sample!
Ps: session variables shown in this code is usefully for interaction with login systems, or just to avoid having the url parameters...
Save all dynamic content flagged with actual language
Make use of gettext() for buttons, etc. This one is much faster than including .php files with arrays
First of all you have to add all values in each language dynamically.
While adding dynamic content to your website, u can add languageId to each field of your tables in database. And then you can show that content at front end on behalf of that languageId.
I think it's a good idea to consider working with a framework that has internationalization support.
Take a look at this example using CakePHP http://bakery.cakephp.org/articles/view/p28n-the-top-to-bottom-persistent-internationalization-tutorial
I think the following will help you get some basic idea of developing it.
In a website, specially a multilingual website should have user interfaces / templates where hardcoded labels should be linked to variables. These variables should be loaded with correct language values. This can be done easily by including the language file containing the values in that specific language. You can have as many language files in a folder.
You will need to write a script in php, as whenever the user selects the language from the drop down, the page can reload with a language session. Another php script to fetch the selected language inside this session data and include the relevant language file inside the template/UI.
The same approach can be used in fetching content data from a table, where in all MySQL queries, you can use an additional lookup for language type from the content table. so that that file will be loaded.
SELECT * FROM posts WHERE lang='en' AND featured = 1
In many cases, the languages require HTML and CSS to be set accordingly to make the language render perfectly inside the browser. This means, you can also define language inside the HTML and in CSS define the fonts and directions (right to left or left to right).
I am recommending you to read the following in order to get more information on how to do it.
http://www.stylusinc.com/website/multilanguage_support.htm
I want to control the access in php website.
I have a solution right now with switch case.
<?php
$obj = $_GET['obj'];
switch ($obj)
{
case a:
include ('a.php');
break;
default:
include ('f.php');
}
?>
But when i have so many pages, it becomes difficult to manage them. Do you have better solutions?
Right now, i develop the application using php4. And i want to use php5. Do you have any suggestions when i develop it using php5?
Thanks
$obj = $_GET['obj'];
$validArray = array('a','b','c','d','e');
if (in_array($obj,$validArray)) {
include ($obj.'.php');
} else {
include ('f.php');
}
The more pages you have the harder it will be to control this.
Your best off using a framework of some sort, my personal preference is CodeIgniter.
why not just address a page itself?
first page
another page
I am not saying that this is the best solution, but years ago I used to have a website which used a database to manage the key, the page to be included, and some informations like additional css for instance.
So the code was something like:
<?php
$page = htmlspecialchars($_GET['page']);
$stuffs = $db->query('select include,css from pages where pageid = "' . $page . '" LIMIT 1');
?>
So when we needed to add a page, we just created a new field in the database. That let us close a part of the website too: we could have a "available = {0,1}" field, and if zero, display a static page saying that this page was under maintenance.