The code below ensures that when a user accesses control panel, they are ran through a quick verification process to validate what their entities are. For instance, if a user is level 1 they are only given access to video feed which means nothing else is available to them.
When I look at the code though, I can see video feed being called when case 1 and 3 are called. I would possibly enjoy an alternative to make the code more efficient.
I was told a possible array could make things a little easier but then again this is faster.
switch ($_SESSION['permission']) {
case 1: // Level 1: Video Feed
include ("include/panels/videofeed.index.php");
break;
case 2: // Level 2: Announcements / Courses / Teachers
include ("include/panels/announcements.index.php");
include ("include/panels/courses.index.php");
include ("include/panels/teachers.index.php");
break;
case 3: // Level 3: Announcements / Video Feed / Courses / Teachers / Accounts / Logs
include ("include/panels/announcements.index.php");
include ("include/panels/videofeed.index.php");
include ("include/panels/courses.index.php");
include ("include/panels/teachers.index.php");
include ("include/panels/accounts.index.php");
include ("include/panels/log.index.php");
break;
case 4: // Level 4: Teachers
include ("include/panels/teachers.index.php");
}
It's fine the way it is. I think you don't mean "efficiency" when you refer to the "repeated" includes. You mean you could compact your code by using the switch fall-through.
While this might make your code smaller, it has no significant impact of efficiency (the time the script takes to run) and it will actually make the code harder to read. Leave it be.
Frist you may run better if you use require_once if its possible.
The second point is to shorten the url it seems that its every include the same.
Maybe try to use it in a function for example:
$permission_id = $_SESSION['permission']
function requireModule($moduleName, $path = 'include/panels/') {
$moduleName .= '.index.php';
require_once($path . $moduleName);
}
// if you want you can add an arry for it:
$permissionModules = array(
array('videofeed'),
array('announcements', 'courses', 'teachers'),
array('announcements', 'courses', 'teachers', 'accounts', 'log', 'videofeed'),
array('teachers')
);
// now we can put it in a more effectiv way
if(array_key_exists($permission_id, $permissionModules)) {
foreach($permissionModules[$permission_id] as $includes) {
requireModule($includes);
}
}
Wrong ? Correct me!
Related
I currently have this setup
<?php
$nav = filter_input(INPUT_GET, 'nav', FILTER_SANITIZE_STRING);
$Working_On = true;
//$Working_On = false;
if ($Working_On == true) {
$title = '- Under Construction';
$error_msg = "Website Under Construction.";
include('404.php');
exit;
} else {
switch ($nav) {
case "":
include('main.php');
break;
default:
$title = '- 404 Page Not Found';
include('404.php');
break;
}
}
I'd love to know if there is a better way more efficent way of orginising this type of setup so i can easily add more options ?
While accessing a page with
example.com/?nav=examplepage
is a valid approach (that I also used in past projects), today's standard is to use something like
example.com/examplepage
This creates URLs that are easier to understand by humans and more semantic than query parameters. Doing so will also prevent you from running into possible caching issues with URLs defined by query parameters.
It also brings you the benefit of including even more information in the URL without the need for query parameters, for example
example.com/posts/view/20
Such URLs are usually parsed by a "Router". There are many reference and open source implementations for PHP routing on the web, just search for "PHP Router", take a look and decide what best fits your needs.
Side note:
use type-safe checks, aka === instead of == to save you a lot of headache and follow security best practices; if you're still at the beginning of your project, you might want to take a look at https://phptherightway.com/
you exit() if the site is on maintenance. In that case you don't need to put the switch statement inside else{}, you can just put it after the if clause
I have pages in my website with URLs like this:
http://example.com/index.php?page=about
http://example.com/index.php?page=portofolio
http://example.com/index.php?page=location
http://example.com/index.php?page=mission
http://example.com/index.php?page=contact
http://example.com/index.php?page=register
http://example.com/index.php?page=login
Now, the objective is to include be it a simple about.html page containing a simple text about the company, or a form processor file called register.php when ?page=register is called.
This is how I am handling the contents.
$id= isset($_GET && !empty($_GET['page'])) ? htmlspecialchars($_GET['page']) : false;
switch($id){
case 'about':
include 'about.html';
break;
case 'porofolio':
include 'portofolio.html';
break;
case 'contact':
include 'contact_form.html';
include 'contact_process.php';
break;
case 'login':
if(isset($_SESSION['user_login'])){
echo 'You are already logged in';
}else{
include 'login_form.html';
include 'login_process.php';
}
default:
die('Page not found');
break;
}
Yes, I know It is horrible. I know trust me. That is why, I need better maintainable solution to this.
Now, if you are just curious what could be inside process_login.php It looks like:
if($_POST){
if(!empty($_POST['username']) && !empty($_POST['password'])){
try{
$pdo = new PDO(...);
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = ? AND password = ?");
if($stmt->rowCount(){
$_SESSION['user_login'] = $_POST['username'];
header('location: success.php'); exit;
}
}
}
}
This is just an example I quickly wrote, so there may be some typo or another thing I've left. What I am interested to know is how to better create/emulate a practice of handling the switch statements, as it does not seem to me a good oop-oriented approach for such task. I want something maintainable, extensible approach.
If you are wandering why I have only have one page index.php, it is because I don't want to create static pages for all the pages, as they have the same layout, making the HTML improvement easier. Instead of one day, opening 7 files to change/add a single tag, it would make sense to do it only once.
second, if you wandering why I chose to include the about.html page instead of simple storing the plain text in database, is because I didn't want to create a field/table/connection just for that 10 line simple text, as I would be saving some overhead performance. (Although I am sure, you may not agree on this)
So, the general question is, how to get rid of that complexity with switch statement, which makes me end up creating files like login_process.php instead of dealing with it, in some OOP way that I am not aware of.
Sorry for the wall of text :( and thanks in advance.
The solution that you're looking for is really MVC and templating your views. Further, you're essentially creating your own router, your router is pretty simple compared to some of the complex routing schemes found in some of the major frameworks, so if you're looking to simplify further, that's going to be kinda difficult.
If you want to see how this is all done in a very OOP manner, checkout something like the Zend Framework 2, CakePHP, etc.
I am creating a site where different account types will be shown a different version of each page. I have it working, but my question is in terms of speed / "best practices". Which of the following (or something completely different) would be the best way to do this?
Option 1. Break each account type into individual sections of the file:
if($accountType == "type1"){
//All lines of code for the account type1 page
}
elseif($accountType == "type2"){
//All lines of code for the account type2 page
}
elseif($accountType == "type3"){
//All lines of code for the account type3 page
}
Option 2. Break each account type into sections of the file using include files:
if($accountType == "type1"){
//this file has all of the code for account type1 page
require('includes/accounts/type1/file.php');
}
elseif($accountType == "type2"){
//this file has all of the code for account type1 page
require('includes/accounts/type2/file.php');
}
elseif($accountType == "type3"){
//this file has all of the code for account type1 page
require('includes/accounts/type3/file.php');
}
Option 3. Use lots of conditional statements throughout the file to generate the page for each account type:
if($accountType == "type1"){
$result = mysql_query("//sql statement for account type1");
}
elseif($accountType == "type2"){
$reslut = mysql_query("//sql statement for account type2");
}
elseif($accountType == "type3"){
$result = mysql_query("//sql statement for account type3");
}
while ($row = mysql_fetch_array($result)) {
$variable1 = $row['variable1'];
if($accountType == "type1"){
$variable2 = $row['type1Variable2'];
$variable3 = $row['type1Variable3'];
}
elseif($accountType == "type2"){
$variable2 = $row['type2Variable2'];
}
elseif($accountType == "type3"){
$variable2 = $row['type3Variable2'];
}
$variable4 = $row['Variable4'];
}
echo "The variables echoed out are $variable1, $variable2";
if($accountType == "type1"){
echo ", $variable3";
}
echo "and $variable4";
//the rest of the file to follow in the same way
Basically it comes down to this:
Option 1: the file is 1000 lines of code.
Option 2: the file is 30 lines of code, and each include file is between 250-350 lines of code.
Option 3: the file is 650 lines of code. It is less because some of the code can be 'shared' between all three account types.
Which option would be the fastest / "best practice"? I am leaning toward option 3 because overall file size would be smaller, but there are a lot more conditional statements with this option (option 1 and 2 only would have three conditional statements, whereas option 3 would have 40 for example). Does having this many more conditional statements make the file process slower? Is there actually any difference between option 1 and option 2 (does separating the blocks of code into include files mean that it will only load one include file per account type? Or does php load all three files and just choose the proper one?)?
Thanks for your help!
In terms of efficiency, Option 3 would be the slowest as it would have more conditional-checks than any other - however, the speed would be very (very) negligible.
To define the "best practice" would be impossible - it really comes down to "what will be the easiest for you and who-you-work-with to maintain". If, down the road, you have to make massive changes to the code but only for $accountType == "type2", do you want to go through a ton of spagetti code (Option 3), or a bit more separated-into-blocks (Option 1), or just open the specific file for that type (Option 2)?
In my personal opinion, even without using OOP/MVC-framework practices, I would recommend Option 2. Splitting each individual type into their own separated files will save you a lot of headaches in the future if you need to update anything. You can even merge certain parts - for instance, if all three types have one "block" that has all of the same look & feel, you can define that in it's own include and include it in all three of the types'-files.
Please, toss version 1 out of the window, will you! Its very sensitive for errors, and mega files are not really handy.
Myself, I use option 2, but I am not sure if it has to do with the lesser code part. I found it easier to create seperate files for each term, so data doesnt get mixed up. Next to that, its easier to modify. Version 3 is sensitive mxiing up data if you dont look out, and I tried to avoid that. So I personally would pick and still picked in my work version 2.
In terms of performance I don't see much difference between any of the options.
Regarding best practices, I would suggest you go for option 2 which is in my opinion the most maintainable, since you get to keep things concerning each type of user separate and within their own bounds.
If you want to reuse code between the pages, you can still create controls for the shared code that can be encapsulated.
Option 1 sounds like having a huge file where it's hard to find things when you want to modify and you have to be concerned about not modifying stuff for other account types.
Option 3 is IMHO the worst since you get awful spaghetti code and in order to find out what is shown to each account type implies having to go through all of the code.
I wanted some suggestions from someone with experience in php.
I am making a website in php which will have 4 kinds of users :
1. guest(unregistered),
2. registered,
3. registered with special privilages,
4. admins
So the same page will be visible differently to all four of them.
Right now I am doing that by using if conditions.
In every page, I am checking the role of the user and then using many if statements to display the page accordingly.
It makes the code very big and untidy and I have to check conditions again and again in all the pages.
Is there a better way to do this?
How is this done in big professional websites?
Extended Question:
What is the most optimal way to do the same using a MVC framework like kohana 3.1? Does it have anything to do with acl?
It really depends on what you need.
For example if the page has big part that change completely, what I would suggest is to create different templates and include them depending on their "permissions"
$permission = $_SESSION['type_user'];
include '/path/to/file/with/permission/'.$permission.'/tpl.html';
and have something in the page similar to
<?php
//inside include.php you have the line similar to
//$permission = isset($_SESSION['type_user']) && $_SESSION['type_user']!=''?$_SESSION['type_user']:'common';
require_once '/mast/config/include.php';
include '/path/to/file/with/permission/common/header.html';
include '/path/to/file/with/permission/'.$permission.'/tpl_1.html';
include '/path/to/file/with/permission/common/tpl_2.html';
include '/path/to/file/with/permission/'.$permission.'/tpl_3.html';
include '/path/to/file/with/permission/common/footer.html';
?>
if the script is full of small parts like "show this text", or "show this button", you can create a function that will check the permissions for you
<?php
function can_user($action, $what){
switch($action){
case 'write':
return $your_current_if_on_what;
break;
case 'read':
default:
return $your_current_if_on_what;
break;
}
}
?>
and the template will look like:
[my html]
<?=can_user('read','button')?'My Button':''?>
[my html]
As a rule of thumb, if a piece of code is used more than 2 times, it needs to be put in a function/file separately, so if you have many "IFS" you need to create a function
I want to control the access in php website.
I have a solution right now with switch case.
<?php
$obj = $_GET['obj'];
switch ($obj)
{
case a:
include ('a.php');
break;
default:
include ('f.php');
}
?>
But when i have so many pages, it becomes difficult to manage them. Do you have better solutions?
Right now, i develop the application using php4. And i want to use php5. Do you have any suggestions when i develop it using php5?
Thanks
$obj = $_GET['obj'];
$validArray = array('a','b','c','d','e');
if (in_array($obj,$validArray)) {
include ($obj.'.php');
} else {
include ('f.php');
}
The more pages you have the harder it will be to control this.
Your best off using a framework of some sort, my personal preference is CodeIgniter.
why not just address a page itself?
first page
another page
I am not saying that this is the best solution, but years ago I used to have a website which used a database to manage the key, the page to be included, and some informations like additional css for instance.
So the code was something like:
<?php
$page = htmlspecialchars($_GET['page']);
$stuffs = $db->query('select include,css from pages where pageid = "' . $page . '" LIMIT 1');
?>
So when we needed to add a page, we just created a new field in the database. That let us close a part of the website too: we could have a "available = {0,1}" field, and if zero, display a static page saying that this page was under maintenance.