Jenk is arguing that in an application the following transaction ORDER is a fact:
1.) Establish which action is to be taken. (e.g. which page to display)
2.) Authenticate, Filter, Validate and Escape input.
3.) Logic (the 'workings' of your script - including establishing data sources, error handling, etc.)
4.) Display output.
I'm arguing that this is not completely accurate, and at least some authentication should be able to take place before you can properly determin the 'route' (e.g. what logic to execute).
My last compromize:
1) get route
L1a) get requested route
L1c) adjust route if required
2) delegate (processing logic)
L2b) all other logic
3) send output
Jenk is presenting me with this challenge:
I suggest you re-read up on the FrontController pattern.
Ok, let's see you prove your statements. Authenticate the through put from this form:
<form action="index.php" method="post"> <input type="text" name="myfield" size="15" /> <br /> <input type="text" name="myfield2" size="15" /> <br /> <input type="submit" /> </form>
Authenticate, Validate and Filter that, please.
I can't, because it's not a representation of a request. I can't determin the requested route, nor is there in this case anything to authenticate.
Example of authentication BEFORE routing:
User ip/host combo is on the banned list, adjust routing accoringly.