xtopolis Posted October 1, 2008 Share Posted October 1, 2008 I am new to OOP: Subject info: I have 1 class that extends another (Client extends User), which handles user login/authentication ( I will also have another class, Admin extends User). Upon trying to login, Client checks a database to see if their username exists, from there if found, it checks if there is a column set requiring the user to change their password(before being allowed in). If this is set ,they will be presented with a form requiring their current password, new password, and confirm new password input(s). [This form can only be accessed from trying to login, (checks a session var being set)] Anyway, I can create this separately, but I want to make this "change password process" a class (so that I can use it for Client or Admin, which use different database tables). Question: My first inclination is to create a class called RCPW, and call it from inside Client, at the step where it determines the user needs to change their password. And I would want to pass it a instance of User(either Client or Admin) Such as: <?php $client = new Client(); ... //inside class User if ($row['rcpw'] == 1){ $rcpw = new RCPW($client); } ?> And so from there, RCPW would take the User object's $this->username and hardset the form for trying to change the password, then output the form for the user to fill in... But where/how would I post it back, so that RCPW could validate it (such as, curpass is correct, new pws match, not too many failed attempts have been tried on the form)? Or am I going about this in the wrong way? Please let me know if I need to clarify/post code/be clearer. Quote Link to comment Share on other sites More sharing options...
aschk Posted October 1, 2008 Share Posted October 1, 2008 Probably need a little bit more code to go on than what has been provided. Quote Link to comment Share on other sites More sharing options...
xtopolis Posted October 1, 2008 Author Share Posted October 1, 2008 Here is some code: a form is posted from index.php -> login.php (config.php holds a database object, $db) login.php <?php require 'engine/config.php'; //if logout is set, set logout parameter if(isset($_GET['do']) && $_GET['do'] == 'logout'){ $client = new Client($db,'USERS',SECRET,DOCROOT,true); } $client = new Client($db,'USERS',SECRET,DOCROOT); ?> client.php <?php //Client class class Client extends User { protected $table; protected $secret; public $redirect; public $db; function __construct($db,$table,$secret,$redirect,$logout=false) { parent::__construct($db,$secret); if($logout) { parent::logout(); die('Logging out.');} $this->table = $table; $this->redirect = $redirect; $this->login(); }//__construct } ?> shortened user.php (relevant functions) <?php class User { protected $ip;//users ip protected $useragent;//browser info (for session integrity) public $session;//session instance protected $fails;//attempts on this page private $un; private $pw; public $db; private $secret; function __construct($db=false,$secret=false) { if($db) { $this->db = $db;} if($secret) { $this->secret = $secret;} $this->ip = $_SERVER['REMOTE_ADDR']; $this->useragent = $_SERVER['HTTP_USER_AGENT']; $this->session = &new Session(); } //login() pulls user information from a database and eventually gets to // the change password? section ,if it is set that the user must change their pw //check if account needs to change password private function checkRCPW($row) { switch($row['RCPW']) { case '1'://Require password change $rcpw = new RCPW($this); break; case '0'://password does not need to be changed, process login $this->validate(); break; default://default, process login $this->validate(); break; } }//checkRCPW I have not written the RCPW object yet because I'm not sure that this is going to work how I want it to: From the case '1', the next step must be a form with fields similar to this... (locked to a username, current password check, new password, confirm new password) <p>username: <?php echo $client->username; ?></p> <form action="??" method="post"> Current pass<input type="password" name="curpw" /><br /> New pw<input type="password" name="newpw1" /><br /> confirm new pw<input type="password" name="newpw2" /><br /> </form> So if I follow through and RCPW class outputs a form just like that on instantiation... what is my next step? Do i PHP_SELF with the form (which would = login.php), and if so, how do I get back into the RCPW object for validation (cur pw is correct, new pws match, not too many failed attempts, etc)? Or should I go about this in a different manner? Hope that makes it a little clearer.. Quote Link to comment Share on other sites More sharing options...
corbin Posted October 2, 2008 Share Posted October 2, 2008 <?php class RCPW { private $user; public function __construct($user) { $this->user = $user; if($_POST) { //check input and what not, then either do or don't do your magic } if(need to show form) { //show form } } } By the way, I wouldn't have stored each group in different tables. Also, the RCPW constructor could very well be static if you wanted it to be. Quote Link to comment Share on other sites More sharing options...
xtopolis Posted October 2, 2008 Author Share Posted October 2, 2008 Regarding my RCPW class, I think I see what you mean, and I think you're right, it'd be best to use it statically. .. header to a different page or same page (login.php) with a $_GET set to run the RCPW object, etc. --- Why would you not have stored them in different tables? My logic was to keep the administrators separate from the users, but they will still share similar attributes (hence each being derived from the User class). Are you suggesting rather I have a column set for 'admin' status, and proceed from there? The way it was being run now, I could use the Client/Admin classes to authenticate similarly but use different hashes(SECRET constant is different) to keep the clients out of the admin section, and vice versa. .. My app in a nutshell: ->Client logs in, taken to domain.com/theirfolder/ where 'theirfolder' is unique, but accessible by different usernames [any users in the 'theirfolder' group]. ->Admin logs in, taken to maybe /admin/ and is shown file/user management options. Using one class previously (User), allowed users to be authenticated on admin pages... obviously not what I intended... so I extended User to two classes (Client,Admin), and they have their own login.php page instantiate either a Client or Admin, so they no longer share the same hash, nor object... So, if I login through the same front end, with the admins and users in the same table, should I add a secondary permissions object that checks where they should be taken to/what they can be shown? I'm now kinda confused.. Was I not seeing a big enough picture..., or is there a better way of doing things? Quote Link to comment Share on other sites More sharing options...
corbin Posted October 2, 2008 Share Posted October 2, 2008 You could do it as basic as a binary yes or no switch as to whether the user is an admin or not. Or you could get complex with it and make an ACL-style system. In the end, isn't an admin [in this context] just a user with different privs? Just the way I would do it though. I guess your way works just as well ;p. Quote Link to comment Share on other sites More sharing options...
xtopolis Posted October 2, 2008 Author Share Posted October 2, 2008 lol. me: am I doing right? you: yes, but.. I love answers like that, they make my head explode I'll figure it out... thanks. Quote Link to comment Share on other sites More sharing options...
corbin Posted October 2, 2008 Share Posted October 2, 2008 Well, the way I see it, there is no right in programming. Just better ways than others. Quote Link to comment Share on other sites More sharing options...
aschk Posted October 3, 2008 Share Posted October 3, 2008 I concur with corbin, from my experience there is no "golden egg" of systems architecture... nevertheless i will still continue searching for it! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.