Page 1 of 1

Object Oriented (OOP) - Privacy problem with variables

Posted: Fri Jul 31, 2009 11:11 am
by ctrLogicDotNet
The thing is, I'm new to PHP, learned programming through Java.

I have a class:

Code: Select all

 
class myClass{
    private static $objectNumber = 1;
    private $var;
    public $var2;
    private $otherVar1;
    private $otherVar2;
...
 
containing a constructor declared as is:

Code: Select all

 
function __construct($var){
        $this->objIncrement = self::incrementObjectNumber();
        $this->var = $var;
        $this->var2 = $var;
        $this->otherVar1 = 'whatever';
        $this->otherVar2 = 'also whatever';
}
 
and containing a static method:

Code: Select all

 
final private static function incrementObjectNumber(){
    self::$objectNumber++;
}
 
why is it that when I use a function not within myClass (not in a class at all) to print the object, I still have all the private variables showing?
like this:

Code: Select all

 
myClass Object
(
    [var:private] => Array
        (
            [something] => Array
                (
                    [value1] => whatever
                    [value3] => whatever
                )
        )
 
    [otherVar1:private] => whatever
    [otherVar2:private] => also whatever
    [var2] => Array
        (
            [something] => Array
                (
                    [value1] => whatever
                    [value3] => whatever
                )
        )
)
 

Re: Object Oriented (OOP) - Privacy problem with variables

Posted: Fri Jul 31, 2009 12:10 pm
by requinix
Because you're using print_r - a built-in PHP function. It can do whatever it wants to, and it was decided that it will print private and protected member variables.

Try accessing those variables outside your class normally and see what happens.

Re: Object Oriented (OOP) - Privacy problem with variables

Posted: Fri Jul 31, 2009 1:11 pm
by ctrLogicDotNet
Yeah, well ok for the access outside the class thing.
Seams to me that print_r is accessing this data from outside the class, am I wrong? How is that, built in like that...? Don't see the purpose of doing so... PHP is the way people want it to be I guess...

But anyway could I configure print_r for not being able to print such private or protected member, or a walk around to prevent it?

Re: Object Oriented (OOP) - Privacy problem with variables

Posted: Fri Jul 31, 2009 2:06 pm
by requinix
No, you can't change the behavior of a PHP function (not without the runkit, that is).

Why are you so concerned about this?

Re: Object Oriented (OOP) - Privacy problem with variables

Posted: Fri Jul 31, 2009 3:03 pm
by ctrLogicDotNet
Created a class with some variables in it to authentify users on a dedicated server whether they can include some other classes part of a website editor/creator package.
This classverifies if the user is one of our customer and if his package includes the class he tried to include.
Normally it automatically includes all the needed classes for each customer, but the authentification is just in case a non-customer tries to also includes the classes.
There might be better ways of doing so that I have not considered. .htaccess files, root access...
What I liked about this way is that the desired information is in a database and I could create a WHM plugin/add-on to give package access to new customers whether we are doing their website or not.

Re: Object Oriented (OOP) - Privacy problem with variables

Posted: Fri Jul 31, 2009 3:07 pm
by Eran
The visibility keywords are a scoping feature only, they were not meant to be used as a security measure.

How could clients include classes? are you allowing them to run custom PHP code on your server? that could be a major security issue

Re: Object Oriented (OOP) - Privacy problem with variables

Posted: Fri Jul 31, 2009 5:20 pm
by Benjamin
You can disable the print_r function in php.ini.