PHP Class theory question?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
RecoilUK
Forum Commoner
Posts: 30
Joined: Sun Feb 29, 2004 7:13 pm

PHP Class theory question?

Post by RecoilUK »

Hi guys

I was wondering what and how everyone uses Classes when coding for PHP.

I know they are supposed to be used so you are not typing a lot of repetive code, and therefore your code or more organised, but what other purpose do they serve?

I had the following idea as a security measure ...

Code: Select all

<?php
 
Class Config {
 
  var $ServerConfig;
 
  function __construct() {
  
    include $_SERVER['DOCUMENT_ROOT'] . "/config.php";
    $count = count($Config);
    foreach($Config as $key => $value) {
      $this->ServerConfig[$key] = $value;
    }
  
  }
 
  function GetConfig($var) {
  
    return $this->ServerConfig[$var];
  
  }    
 
}
 
?>
as you can see from the code, it includes config.php which contains nothing more than an array with server information like file paths for classes and templates etc, but it keeps the information inside the class and only accesible from the class.

Do other people do anything like this?

Thanks guys
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Re: PHP Class theory question?

Post by Maugrim_The_Reaper »

Lots of people use a similar approach ;). Usually you'll see classes called Configuration or Settings. They're sole purpose becomes representing in an OO form a tree of configuration options. Often the class will have several subclasses to handle the import of varying formats - PHP, INI, XML, YAML, etc.

You could look up one of the PHP frameworks for a few examples.
RecoilUK
Forum Commoner
Posts: 30
Joined: Sun Feb 29, 2004 7:13 pm

Re: PHP Class theory question?

Post by RecoilUK »

Thanks for the response Maugrim.

However I have one more class related question that you or someone else may be able to help with.

Say I had a database class that started a new connection to the sever, and I want to give other classes this access, how do I do it without having to start a database connection in global space and then globalising the resource in each class function?

for example :

Code: Select all

function some_none_db_func() {
  global $dbconn; // Database Resource
}
 
Hope you understand all that :)

Thanks again
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: PHP Class theory question?

Post by Chris Corbyn »

RecoilUK wrote:Thanks for the response Maugrim.

However I have one more class related question that you or someone else may be able to help with.

Say I had a database class that started a new connection to the sever, and I want to give other classes this access, how do I do it without having to start a database connection in global space and then globalising the resource in each class function?

for example :

Code: Select all

function some_none_db_func() {
  global $dbconn; // Database Resource
}
 
Hope you understand all that :)

Thanks again
Read up on the singleton pattern and the Registry pattern ;)
RecoilUK
Forum Commoner
Posts: 30
Joined: Sun Feb 29, 2004 7:13 pm

Re: PHP Class theory question?

Post by RecoilUK »

OK

Will do.

Cheers
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Re: PHP Class theory question?

Post by Maugrim_The_Reaper »

Preferably the Registry. The next question is whether to make the Registry a Singleton or pass it into other objects more deliberately.
mabus
Forum Newbie
Posts: 17
Joined: Wed Apr 16, 2008 11:52 pm

Re: PHP Class theory question?

Post by mabus »

RecoilUK wrote:Hi guys

I was wondering what and how everyone uses Classes when coding for PHP.

I know they are supposed to be used so you are not typing a lot of repetive code, and therefore your code or more organised, but what other purpose do they serve?

I had the following idea as a security measure ...
Hi, I just want to comment on this, since your interest in using classes somewhat interests me too.

Since you've already mentioned the use of classes, I would suggest that you also start with the dicipline of OOP. In this way, you'll be able to maximize your knowledge about classes. I would like to share some key points for using classes, and here are some of them.

First of all, since you mentioned it. Classes are not only used to keep you from writing cocdes over and over, you can easily do that in a funciton. Classes are meant to be used if you want a clean mplementation, and a well structured code for your application. Classes basically creates objects, and objects are meant not only to contain functions that you can reuse, but it is also meant to co-exist with one another, that each can have relationships, if you design them to be. An object is composed of members, properties, and methods.

It is good that you are thinking of security when creating an application. Inline to this I would also suggest that you also provide security for your code. As per object oriented programming is concerned, your class should contain members that are private, properties that are responsible for accessing the members, and methods that contains the functionalities that you need. The reason for this is so that the members cannot be accessed by any other function directly , but only through the properties. Now, this is also what I would consider as one major concern with php's OOP , due to the fact that each variable or function in a class is by default public.

So, I hope this opens up your mind, and get you more interested on the whole programming environment. Have fun.
RecoilUK
Forum Commoner
Posts: 30
Joined: Sun Feb 29, 2004 7:13 pm

Re: PHP Class theory question?

Post by RecoilUK »

Hi guys

First I would like to thank everyone that has posted so far, it is greatly appreciated.

I had heard of patterns ofcourse, before this, but I had largely ignored them while I got the hang of the basic's.

Thanks to the help so far I have managed to grasp the idea of both the Singleton and Registry pattern and here is what I have come up with so far ...

Code: Select all

 
<?php
 
Class Settings {
 
  private static $instance = null;  // declare static var for Singleton pattern.
 
  private $settings = array(); // declare private var to hold registry data.
 
  private function __construct() { // private constructor restricts instantiation to Instance().
 
    // Settings.php holds application settings, loop through the array and 
    // assign to class property array.
    include 'settings.php';
    foreach ($setting as $key => $value) {
      $this->settings[$key] = $value;
    }
  }
 
  public static function Instance() {
 
    if (!isset(self::$instance)) {
      $c = __CLASS__;
      self::$instance = new $c;
    }
    return self::$instance;
  }
 
  public function GetFilePath($var) {
 
    return $this->settings['filepath'][$var];
  }
 
  
  function __clone() { // restricts cloning of object.
  
  }
}
?>
As you can see its a singleton registry but I declined to include ways of modifying the settings as a security measure, it basically just loads the settings as they are decsribed in the settings file, and provides a way to retrieve them.

I have also starting writing the database class ...

Code: Select all

<?php
 
Class Database {
 
  private static $instance = null;
 
  private $settings;
  private $dbsettings;
 
  private function __construct() {
 
    $this->settings = Settings::Instance();
    include $this->settings->GetFilePath('root') . 'dbsettings.php';
    foreach ($dbsetting as $key => $value) {
      $this->dbsettings[$key] = $value;
    }
  }
 
  public static function Instance() {
 
    if (!isset(self::$instance)) {
      $c = __CLASS__;
      self::$instance = new $c;
    }
    return self::$instance;
  }
 
  function __clone() {
  
  }
}
?>
As you can see from this code its also a singleton and uses the settings class above it, it also has a seperate function for gaining access to the database sensitive information which will be held in $dbsettings.

As this has been declared as private am I correct in thinking the there is no now way of gaining access to the sensitive information from outside the class, even if there is an extending class? obviously this file is located outside of the webserver,s document root.

Thanks again guys.

L8rs
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: PHP Class theory question?

Post by Mordred »

RecoilUK wrote: As you can see from this code its also a singleton and uses the settings class above it, it also has a seperate function for gaining access to the database sensitive information which will be held in $dbsettings.

As this has been declared as private am I correct in thinking the there is no now way of gaining access to the sensitive information from outside the class, even if there is an extending class? obviously this file is located outside of the webserver,s document root.
You are confusing member visibility with web security. "private" is not a security measure against a web attacker, it's to protect the programmer(s) from shooting himself in the foot. There are classes of vulnerabilities which can disclose your database credentials, but they have nothing to do with the current topic.

Since your file is called "settings.php" there is almost no added value for keeping it outside the docroot. (Not so if it were - say - settings.inc)
RecoilUK
Forum Commoner
Posts: 30
Joined: Sun Feb 29, 2004 7:13 pm

Re: PHP Class theory question?

Post by RecoilUK »

Hi again.

Interesting point.

So how is it possible to get access to that information if the class has no means by which someone can request it? from a PHP perspective.

Also ...
Mordred wrote:(Not so if it were - say - settings.inc)
Could you explain this a little further?

Thanks
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: PHP Class theory question?

Post by Chris Corbyn »

RecoilUK wrote:
Mordred wrote:(Not so if it were - say - settings.inc)
Could you explain this a little further?

Thanks
The .inc extension will be ignored by most web servers and will not be parsed as PHP code. As a result, anybody requesting the file directly over HTTP will be sent the plain text version of the file as-is. They'd see database usernames and passwords and everything else in the file. It's very rare that a file ending in .php would ever be served up in plain text. The only time that would happen is if some server admin with a fat finger messes up the server configuration so it's not parsing PHP files.
RecoilUK
Forum Commoner
Posts: 30
Joined: Sun Feb 29, 2004 7:13 pm

Re: PHP Class theory question?

Post by RecoilUK »

Hi again

Its really no problem for me to change the file extension and do some file parsing in a script and I understand the reason for doing so, however, if the file is outside the document root, then it should never be served directly from a request, and if the server stops parsing php for some reason then the details would still be safe because if PHP is not working, it wouldnt have included the file so the details still wouldnt be able to be seen.

I,ll reserach the .inc file extension though and see.

Thanks.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: PHP Class theory question?

Post by Christopher »

RecoilUK wrote:however, if the file is outside the document root, then it should never be served directly from a reques
You may always put it outside of the document root, but will everyone using your code?
(#10850)
Post Reply