Hello, I am attempting to tackle a fairly large project ( it is for me anyways..). I am completely self taught when it comes to programming. I would have to say that I have done pretty good so far, but I have never done anything this big, and I am finding myself getting caught up with questions about optimization, efficiency, and security.
These three have never been an issue for me, and for this project they are going to be very important, so I keep finding myself coming up short. I currently have the framework for 30 classes that do their basic functions and I plan on needing many more. I need to begin extending these classes but I keep coming up with different ways of doing things, and I do not know which is the best, or if any of my ideas are even ideal. I am under a bit of a time constraint, and I want to avoid rewriting as much code as possible. And on another note, I have not fully tested some of my ideas, so if you know that something I am suggesting will not work at all, please tell me so I can quit wasting time on it. I will throw you what I have, and any criticism is much appreciated.
It all starts with a class called Main that ties all the other classes together. In any one web page there will be 10 classes that are required, and then the number of classes after that depends on the individual page. Some required classes are for Authentication, Error Handling, Error Reporting, Logging, and Data collection/retrieval, Sessions, and Member information. Each Main class then holds a class called Page which takes care of larger scale business logic and organization for the Template classes that it holds. The Page class is primarily a template itself, although it writes nothing to the screen, and is used to hold common configurations of Templates that a series of web pages may share. The Template classes can only perform presentational logic, output HTML, report errors, and update logs.
(When I refer to children and their parents, I am not referring to class inheritance but rather its position in the call stack)
My first question will involve data requests. Currently, every single class will have a property that holds a call stack. If any information is needed by a Template lets say, it will pass the request on to its parent upon initialization. When the parent has gathered the requests of all its children, it then passes on to its parent, and then the process continues until it gets back to the Main class. When all requests have been received, Main will then take the appropriate measures to get all of this requested data. At this point, Templates are not active, or ready to write code in any way, they have only been initialized, they have requested data they know they will need, and are waiting to be called again for activation.
Now, should I have Main process all the requests and then pass the data down back to the requester where it can be loaded into properties of the class, or should Main just make the data available in another public class that organizes all the data and then exports it to a public namespace that all Templates can see. Or, should I scratch this idea of collecting data requests, and just build database/filesystem access into every class that will need it?
Next question is about authentication, should I have central authentication or not? On any one page, there may be several different permissions that are not related to each other. I propose an Authentication class that receives all permission requests from Main as it is busy getting requested data(the process above). It will help authenticate sessions, members, and data requests by those members, and inform Main of whether or not certain operations should be allowed to continue. Is this a good idea? Or should i just build authentication straight into each class that needs it, and if that class has a password that works, then it will be able to get into the associated database or filesystem.
If I stick with Main making all data requests available on a public namespace, and then nesting all of the Template classes underneath it ( and also nesting all of the output buffers they will use to fill in variable data), will Templates be able to "see" this data, or will I have scope issues?
I know security will always be an issue, but are there any blatant security problems with this design? If I do go with central authentication and central data retrieval, where are the weak points?
Like I said, I only have the framework for this down, so if I am going to make major changes to design, now is the time to do so. On a side note, I tried to make this as short as possible, so I simplified things to a good degree. There will be many classes in between the ones listed that will facilitate communication or provide other functions that are necessary for integrity. Sorry for the long posts, and thanks if you read through all of this mess and can help me in any way.
Chad
Design Advice
Moderator: General Moderators
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Well, just so you know, when under time constraints, optimization and efficiency should be the last thing on your mind. In web development, we have the luxury of being able to take a product that is already made and alter it. So, make it, then add stuff and change things around.
In the interest of optimization, you'll want to deal with objects in a global scope rather than send them up and down through class trees. The requests stack sounds fine, but if you can simplify the process by making object readily available, maybe you should.
As for your authentication, you'll want to have different classes for different levels of authentication, and just check against the class type (after password validation). I find that different levels of authentication is the ideal place for inheritance as the different users' abilities can branch out into different classes. Each user class has the functions that the user can perform, no more, no less.
I don't see any security holes in your design, but you haven't told us many specifics.
But it seems to me that you are making this process a bit more difficult than it needs to be.
I'd suggest running more tests and keeping the process more visual than conceptual in order for you to be able to easily decipher what needs to be done.
In the interest of optimization, you'll want to deal with objects in a global scope rather than send them up and down through class trees. The requests stack sounds fine, but if you can simplify the process by making object readily available, maybe you should.
As for your authentication, you'll want to have different classes for different levels of authentication, and just check against the class type (after password validation). I find that different levels of authentication is the ideal place for inheritance as the different users' abilities can branch out into different classes. Each user class has the functions that the user can perform, no more, no less.
I don't see any security holes in your design, but you haven't told us many specifics.
But it seems to me that you are making this process a bit more difficult than it needs to be.
I'd suggest running more tests and keeping the process more visual than conceptual in order for you to be able to easily decipher what needs to be done.
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Not by much, because you also mentioned time constraints. There's nothing wrong with dealing with objects in a global scope if you're careful not to do anything silly like set one to a null value or call it's destructor. When in comes down to it, it sounds to me like these objects are sharing other objects, and the simplest way to share them is to have them readily available for sharing.
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
cpetzol2, unless you really know what your doing, and you sound pretty unsure, attempting to write your own framework as you go along probably isn't going to do a lot of good for you. You need the ability to see what works and what doesn't and the best way to do this is to learn about design patterns (unit testing helps massively also). In the short term I would recommend you use a PHP framework such as symfony as this will both do a lot of the work for you and also be well designed.
Someone brought up codeigniter the other day in another discussion. Have a look at the videos. They may give you some good insight.