Making OOP Persistent

Freejack

Hi. I've been using and coding with PHP for (jeeze) a couple of years now but it's been mainly simple, personal hobby stuff.

Now I want to take the next step.

I programmed in C many years ago and learned the basics of C++ so OOP isn't unfamiliar to me.

The main problem I'm having is how to use the class functions in different parts of the web site. Everything I've been finding in Google have been how to's on OOP and nothing on actual usage.

Can anyone point me to a good tutorial (book or web) on how to use classes and class functions in a web site?

Example. Managing logged in users. I have the User class and User function as a constructor and then several User validation functions all in "dbinc.php". I included it in index.php in order to snag cookie information and automatically log the user in. But what's the right/best way to make that class visible to login.php and the other php scripts that need to use the User class functions?

Thanks for any pointers.

Carl

Freejack

More thoughts.

What did work is just doing it all again.

Include dbinc.php
connect to the database
create a new user class

And I'm able to try and log in (and it fails because there aren't any accounts just yet 🙂

But it seems incorrect to connect to the database in every script and certainly seems wrong to create a new users class each time. After a while I'll have several hundred open connections and new user classes hanging around on the server.

So while I can whack and hack, I'd like to find a nice article on the right way to do it so I'm not stumbling around reinventing the wheel and leaving myself open to every tom, dick, and yuri script kiddie who wants to test my coding 🙂

Carl

NogDog

You should only need to access the database when validating a new login request. Assuming you are using a sessions-based login control system, once a user is logged in, all the user data can be stored in the session data. If you create a user object upon successful login, you can store that object in the session data as well. (Note that if you do this, you must load the user class definition before you do your session_start().)

Also, all database connections, class definitions, objects, variables, constants and function definitions are destroyed when your script ends, so no, you will not "have several hundred open connections and new user classes hanging around on the server."

Freejack

Ok. So I use the $SESSION variables to store data, run session_start() at the top of all the scripts (well, if (!isset($SESSION))... of course) to make the data available, and when I need to access mysql, just reopen the connection.

Thanks for the additional info on the connections being destroyed when the script ends.

Carl

bradgrafelman

Freejack wrote:
(well, if (!isset($SESSION))... of course)

That doesn't make sense - $SESSION is a superglobal array that is always set.

But yes, as long as you don't use [man]mysql_pconnect/man, the connection to MySQL is closed when the script has finished executing.

Freejack

bradgrafelman wrote:
That doesn't make sense - $_SESSION is a superglobal array that is always set.

Ok, but if I don't run session_start(), the variables are not set. The session module is configured to not automatically be available. Since I didn't have it in the followon script, I figured I just needed to check to see if it had been enabled for that script and enable access if necessary.

I can test it again to make sure but it didn't work last night when I tried it (of course I was doing several things at the time).

But yes, as long as you don't use [man]mysql_pconnect/man, the connection to MySQL is closed when the script has finished executing.

No, I'm using the MDB2.php functions to access mysql. Originally I did it with the actual functions but as I said, I'm trying something new 🙂

Thanks again.

Carl

Freejack

Yea, just checked:

session.auto_start Off Off

So it's not started automatically. Since it wasn't available in the third script I was using (the user validation script), I figured I needed to just check to see if SESSION was set and then set it if necessary.

Carl

Freejack

I was just checking out my scripts.

index.php - starts the session if it's not already started. Calls login.php if user clicks on the login link.

validate.user.php - checks the database to see if the user exists; sets $_SESSION['error'] and sends back to login.php if not. Sends to main screen as logged in if the user successfully logged in.

If I didn't call session_start() at the beginning of login.php, the $_SESSION['error'] would always be unset.

I just tried it out by commenting out the session_start() portion in login.php and it never sees the error. When I uncomment it, it sees it right away. So access must need to be enabled in each script before it can be used.

Carl

bradgrafelman

Yes, that'll work if you check for a specific value; I thought you were just using isset() on the $_SESSION array itself.

NogDog

I normally put all the login stuff, including checking to see if the user is logged in yet, displaying the log-in form if not, and processing the login request from the form into one class file. Then each page that needs to be access-controlled only needs to require that class file at its beginning. I include the instantiation of the class in its file, so all I need on each page is:

<?php
require 'login.class.php';
// rest of page...
?>

<?php
/**
*  Session-based login control
*  @version 1.0
*  @author Charles Reace (www.charles-reace.com)
*  @license http://opensource.org/licenses/gpl-license.php GNU Public License
*/

require_once 'Mysql.class.php';

/**
*  Login control class
*/
class Login
{
   /**
   *  change the $loginTable, $loginField and $loginPassword values to match
   *  the table and field names used in your database
   */

   /**
   *  @var string DB table to query for login validation
   */
   private $loginTable     = 'provider';

   /**
   *  @var string DB field for login name
   */
   private $loginField     = 'login';

   /**
   *  @var string DB field for password
   */
   private $loginPassword  = 'password';

   //------------ DO NOT MODIFY BELOW THIS LINE ---------------//
   private $db;
   private $login;
   private $password;

   /**
   *  Constructor
   *  @param object $db
   *  @return void
   */
   public function __construct()
   {
      session_start();
      try
      {
         $this->db = Mysql::singleton();
      }
      catch (BookingException $e)
      {
         print $e;
         die("Unable to connect to database");
      }
      if(isset($_POST['login'])and isset($_POST['password']))
      {
         $this->login = trim($_POST['login']);
         $this->password = trim($_POST['password']);
         if($this->validLogin())
         {
            session_regenerate_id();
            $_SESSION['login'] = $this->login;
         }
         else
         {
            $this->displayForm('Invalid login name and/or password');
         }
      }
      else
      {
         if(empty($_SESSION['login']))
         {
            $this->displayForm();
         }
      }
   }

   /**
   *  Validate login
   *
   *  @return boolean
   */
   private function validLogin()
   {
      if(strlen($this->login) > 16 or strlen($this->password) > 16)
      {
         return(false);
      }
      $sql = 'SELECT '.$this->loginField.' FROM '.$this->loginTable.' '.
             'WHERE '.$this->loginField.' = '.
             $this->db->sanitize($this->login). 
             ' AND '.$this->loginPassword.' = PASSWORD('.
             $this->db->sanitize($this->password) . ')';
      $result = $this->db->select($sql);
      if($result->getNumRows() == 0)
      {
         return(false);
      }
      return(true);
   }

   /**
   *  output login form to the browser
   *
   *  @param string $error
   *  @return void
   */
   public function displayForm($error=NULL)
   {
      echo <<<EOD
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang='en'>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=ISO-8859-1'>
<title>Booking Login</title>
<style type="text/css">
<!--
body {
   font: 95% arial, helvetica, sans-serf;
   background-color: white;
   color: black;
}
form {
   width: 20em;
   margin: 50px auto;
   padding: 0.5em;
   background-color: ButtonFace;
   border: outset 2px ButtonFace;
}
fieldset {
   margin: 0;
   padding: 0.5em;
   border: 2px groove ButtonFace;
}
label {
   float: left;
   clear: left;
   width: 7em;
}
legend, .submit {
   text-align: center;
   font-size: 105%;
   font-weight: bold;
}
p {
   margin: 0.5em;
}
#error {
   color: red;
}
-->
</style>
</head>
<body>
<form action="{$_SERVER['PHP_SELF']}" method="post">
<fieldset>
<legend>Booking Login</legend>
EOD;
      if(!empty($error))
      {
         echo "<p id='error'>ERROR: $error</p>\n";
      }
      echo <<<EOD
<p><label for="login">Login Name:</label>
<input type="text" name="login" id="login" size="16" maxlength="16"></p>
<p><label for="password">Password:</label>
<input type="password" name="password" id="password" size="16" maxlength="16">
</p>
<p class="submit">
<input class="submit" name="login_submit" type="submit" value="Log In"></p>
</fieldset>
</form>
</body>
</html>
EOD;

  exit;
   }
}

// instantiate it:
$login = new Login();