nutballs

So I been working on creating my own framework. Basically a starting point for developing sites that all have the same basic structure, template methodology, and can easily ingest new classes that I create.
However, I ran into a problem that I did not think far enough ahead to avoid, partly because OOP is rusty for me. alot of the files depend on each other, which is fine because this is after all a framework, remove 1 brick and it falls down. I don't care about the arguments for or against this methodology, i care about the correctness of execution of it.
This is going to be a bit difficult to describe, but I am going to post the relevant chunks and we will see how it goes i guess.
The real question is at the end of the post.

somepage.

php

  - this is the page that gets hit by the surfer. There will be a few of these, 1 for each pagetype of the site.

<?

php

 
require_once('classes/_binder.

php

 '); //includes ALL my classes

//messages
$messages = new messages(); //create the messages object for displaying errors and messages

//Security.
$security = new security(); //create the security object
$security->overridemagicquotes(); //undoes the stupid magic quotes function to fix database issues.
//$security->bounceto = 'http://www.somesite.com/login.

php

 '; //where to send denied users
//$security->validusertypes = 'admin,user,guest'; //allowed usertypes
//$security->enforcepagesecurity(); //this is the page level enforcement.

$template = new template(); //create the template object

$template->templatefile = 'templates/maintemplate.

php

 ';
$template->metatitle = 'TITLE HERE';
$template->metakeywords = 'KEYWORDS HERE';
$template->metadescription = 'DESCRIPTION HERE';
$template->stylepath = '/styles.css';

//1st page specific content gets generated into a STRING
$template->pagecontent = <<<CONTENT
content goes here. remember to wrap objects and such in {}
{$security->HTMLsafe('this is a <test>')}
CONTENT;

//2nd the template gets executed, with the page specific STRING dropped into place
require_once($template->templatefile); //loads the template for this page. which also runs PageContent below.
echo $fullpage; //this var is the result from the template file

?>


maintemplate.

php

  - just an example of a template file, which is used by the page above. this is my personal pref for methodology, since I hate header/footer template splitting.

<?

php

 
$fullpage = <<<TEMPLATEHTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>{$template->metat}</title>
<meta name="description" content="{$template->metad}">
<meta name="keywords" content="{$template->metak}">
<link href="{$template->stylepath}" rel="stylesheet" type="text/css">
</head>
<body>
<div>
{$template->menuitem('<a href="index.

php

 ">Home</a>','')}
{$template->menuitem('<a href="someadminpage.

php

 ">admin</a>','admin')}
</div>
<div>{$messages->showmsg()}</div>
<div>{$messages->showerr()}</div>
<div>{$template->content()}</div>
</body>
</html>
TEMPLATEHTML;
?>



security.class.

php

  - this is the beginning of my security class, not just for user logins, but for site security issues like injections as well. This is the class that has caused me a problem because I know my execution is bad.

<?

php

 
/*
depends on:
messages.class.

php

 
*/
class security
{
public $bounceto; //Where to send the user upon NOT AUTHORIZED
public $validusertypes; //valid usertypes for the page. comma seperated

public function enforcepagesecurity()
{
if (strlen($this->validusertypes)>0) //then there is security to enforce
{
if (array_search($_SESSION['usertype'],array($this->validusertypes))===false)
{
//HERE IS THE PROBLEM - global gives me the willies and creates a dependency on another class being instantiated to work.
global $messages;
if (strlen($_SESSION['usertype'])>0)
{
$messages->adderr('You are not authorized for the page '.$this->HTMLsafe($_SESSION['

PHP

 _SELF']));
header('Location:'.$this->bounceto);
}
else
{
$messages->adderr('You are not logged in and cannot access the page '.$this->HTMLsafe($_SESSION['

PHP

 _SELF']));
header('Location:'.$this->bounceto.'?from='.urlencode($_SESSION['

PHP

 _SELF']));
}
}
}
}
//CLIPPED some methods that are not necessary for show and tell.
}
?>


My methodology is that I use a session variable to store errors and messages for eventual display to the user. This is simpler to deal with in my mind because in a site where the user might bounce through a couple of pages before finally getting a rendered page, such as redirecting because they are not logged in, the errors accumulate, and I can display them all on the final page, as a part of the template. Sure I could store it in a property of the class, and pass it along with each request, but that makes for ugly URLs, and can have limitations.

So the problem is that message object. Since I am inside the security object, the message object which was instantiated on the somepage.

php

  is not  in scope. The easy way I found is to just global $message, and it all works. I also can create a brand new message object inside the security class, and just keep adding errors to the session object, because the session object is global by default, accessible anywhere. However, that also seems wrong to me.

I also tried EXTENDS on the security class, extending the message class, but that won't work as a real solution because if I ever need a second class accessible inside the security class, I would be back to global being needed again. (if that makes sense)

So what are the thoughts on this? Is using global OK in this case? Since I know that EVERY TIME there will be a $messages object floating around at the root scope, or is there another way that I am missing?

perkiset

Nuts -

My framework mod_rewrites into a single file for processing all pages which calls for the theme, page content etc in a similar way that yours has. I have a similar conundrum where I have a db connection object (etc etc) that I don't want multiple copies of all over the place, an output array that any number of functions/objects etc might need access to... so I use the $GLOBALS array to store pointers to them. In my analysis, I see certain of my objects every bit as validly "global" as the

PHP

  global variables themselves, so it makes sense programmatically and from a methodology standpoint. Remeber to put the reference indicator in front of the variable. For example: (dbConnection is my database connection class)


<?

php

 

$db = new dbConnection('127.0.0.1', 'username', 'password', 'dbname');
$GLOBALS['utilDB'] = &$db;
$content = array();
$GLOBALS['contentArray'] = &$content;

function someIncludedFunction()
{
$db = &$GLOBALS['utilDB'];
$db->query('select * from...');
}
?>


I think you're right on the dot

nutballs

ahhh maybe that is it then. I guess i will just stuff all my objects (at least the ones referenced from within classes) into the $GLOBALS. that will solve the problem you touched on of the DB connection, which I will run into in a bit. I guess that methodology will allow me to create a standard as well for objects. though can you just access the global directly, so instead of you what you have, do something like this:
$GLOBALS['utilDB']->query('select crap')
without reassigning it to a local variable?

perkiset

I suppose you could, although I've not tried it TBH... although you'd add a bit of hash-lookup everytime you access it, which would add a tiny-tiny amount to your overhead. Personally I don't like typing that much either... and more importantly, when you do $db = &$GLOBALS['utilDB'] you are only creating a new name reference for it, so there is no memory penalty at all and the name will fall out of scope and disap

pear

  when the function is over anyway.

Applause

nutballs

true, and I guess the other advantage to doing it the way you do is that if the root object name changes, you only change 1 refernce to it in the class, as opposed to however many uses of it there may be.

nutballs

err final question

you do this:
$db = new dbConnection('127.0.0.1', 'username', 'password', 'dbname');
$GLOBALS['utilDB'] = &$db;

could you instead do this (why or why not):
$GLOBALS['utilDB']  = new dbConnection('127.0.0.1', 'username', 'password', 'dbname');

perkiset

Abalootely.

I s'pose that you could even:

$db = &$GLOBALS['utilDB'] = new dbConnection(...

as well, although I've not done that and you'd want to confirm that your local reference handle was in fact a reference and not a new instance (I think it would be OK).

perkiset

You lost me jm...

jammaster82

sorry, i was distracted...

interesting stuff though, im loving
getting to read along and

learn

 ..


Perkiset's Place Home   Politics @ Perkiset's