Page 1 of 1

PHP Class theory question?

Posted: Sat Apr 19, 2008 10:43 am
by RecoilUK
Hi guys

I was wondering what and how everyone uses Classes when coding for PHP.

I know they are supposed to be used so you are not typing a lot of repetive code, and therefore your code or more organised, but what other purpose do they serve?

I had the following idea as a security measure ...

Code: Select all

<?php
 
Class Config {
 
  var $ServerConfig;
 
  function __construct() {
  
    include $_SERVER['DOCUMENT_ROOT'] . "/config.php";
    $count = count($Config);
    foreach($Config as $key => $value) {
      $this->ServerConfig[$key] = $value;
    }
  
  }
 
  function GetConfig($var) {
  
    return $this->ServerConfig[$var];
  
  }    
 
}
 
?>
as you can see from the code, it includes config.php which contains nothing more than an array with server information like file paths for classes and templates etc, but it keeps the information inside the class and only accesible from the class.

Do other people do anything like this?

Thanks guys

Re: PHP Class theory question?

Posted: Sun Apr 20, 2008 6:17 am
by Maugrim_The_Reaper
Lots of people use a similar approach ;). Usually you'll see classes called Configuration or Settings. They're sole purpose becomes representing in an OO form a tree of configuration options. Often the class will have several subclasses to handle the import of varying formats - PHP, INI, XML, YAML, etc.

You could look up one of the PHP frameworks for a few examples.

Re: PHP Class theory question?

Posted: Thu Apr 24, 2008 10:44 pm
by RecoilUK
Thanks for the response Maugrim.

However I have one more class related question that you or someone else may be able to help with.

Say I had a database class that started a new connection to the sever, and I want to give other classes this access, how do I do it without having to start a database connection in global space and then globalising the resource in each class function?

for example :

Code: Select all

function some_none_db_func() {
  global $dbconn; // Database Resource
}
 
Hope you understand all that :)

Thanks again

Re: PHP Class theory question?

Posted: Fri Apr 25, 2008 3:19 am
by Chris Corbyn
RecoilUK wrote:Thanks for the response Maugrim.

However I have one more class related question that you or someone else may be able to help with.

Say I had a database class that started a new connection to the sever, and I want to give other classes this access, how do I do it without having to start a database connection in global space and then globalising the resource in each class function?

for example :

Code: Select all

function some_none_db_func() {
  global $dbconn; // Database Resource
}
 
Hope you understand all that :)

Thanks again
Read up on the singleton pattern and the Registry pattern ;)

Re: PHP Class theory question?

Posted: Fri Apr 25, 2008 4:37 am
by RecoilUK
OK

Will do.

Cheers

Re: PHP Class theory question?

Posted: Fri Apr 25, 2008 6:34 am
by Maugrim_The_Reaper
Preferably the Registry. The next question is whether to make the Registry a Singleton or pass it into other objects more deliberately.

Re: PHP Class theory question?

Posted: Sat Apr 26, 2008 11:44 am
by mabus
RecoilUK wrote:Hi guys

I was wondering what and how everyone uses Classes when coding for PHP.

I know they are supposed to be used so you are not typing a lot of repetive code, and therefore your code or more organised, but what other purpose do they serve?

I had the following idea as a security measure ...
Hi, I just want to comment on this, since your interest in using classes somewhat interests me too.

Since you've already mentioned the use of classes, I would suggest that you also start with the dicipline of OOP. In this way, you'll be able to maximize your knowledge about classes. I would like to share some key points for using classes, and here are some of them.

First of all, since you mentioned it. Classes are not only used to keep you from writing cocdes over and over, you can easily do that in a funciton. Classes are meant to be used if you want a clean mplementation, and a well structured code for your application. Classes basically creates objects, and objects are meant not only to contain functions that you can reuse, but it is also meant to co-exist with one another, that each can have relationships, if you design them to be. An object is composed of members, properties, and methods.

It is good that you are thinking of security when creating an application. Inline to this I would also suggest that you also provide security for your code. As per object oriented programming is concerned, your class should contain members that are private, properties that are responsible for accessing the members, and methods that contains the functionalities that you need. The reason for this is so that the members cannot be accessed by any other function directly , but only through the properties. Now, this is also what I would consider as one major concern with php's OOP , due to the fact that each variable or function in a class is by default public.

So, I hope this opens up your mind, and get you more interested on the whole programming environment. Have fun.

Re: PHP Class theory question?

Posted: Sun Apr 27, 2008 11:59 am
by RecoilUK
Hi guys

First I would like to thank everyone that has posted so far, it is greatly appreciated.

I had heard of patterns ofcourse, before this, but I had largely ignored them while I got the hang of the basic's.

Thanks to the help so far I have managed to grasp the idea of both the Singleton and Registry pattern and here is what I have come up with so far ...

Code: Select all

 
<?php
 
Class Settings {
 
  private static $instance = null;  // declare static var for Singleton pattern.
 
  private $settings = array(); // declare private var to hold registry data.
 
  private function __construct() { // private constructor restricts instantiation to Instance().
 
    // Settings.php holds application settings, loop through the array and 
    // assign to class property array.
    include 'settings.php';
    foreach ($setting as $key => $value) {
      $this->settings[$key] = $value;
    }
  }
 
  public static function Instance() {
 
    if (!isset(self::$instance)) {
      $c = __CLASS__;
      self::$instance = new $c;
    }
    return self::$instance;
  }
 
  public function GetFilePath($var) {
 
    return $this->settings['filepath'][$var];
  }
 
  
  function __clone() { // restricts cloning of object.
  
  }
}
?>
As you can see its a singleton registry but I declined to include ways of modifying the settings as a security measure, it basically just loads the settings as they are decsribed in the settings file, and provides a way to retrieve them.

I have also starting writing the database class ...

Code: Select all

<?php
 
Class Database {
 
  private static $instance = null;
 
  private $settings;
  private $dbsettings;
 
  private function __construct() {
 
    $this->settings = Settings::Instance();
    include $this->settings->GetFilePath('root') . 'dbsettings.php';
    foreach ($dbsetting as $key => $value) {
      $this->dbsettings[$key] = $value;
    }
  }
 
  public static function Instance() {
 
    if (!isset(self::$instance)) {
      $c = __CLASS__;
      self::$instance = new $c;
    }
    return self::$instance;
  }
 
  function __clone() {
  
  }
}
?>
As you can see from this code its also a singleton and uses the settings class above it, it also has a seperate function for gaining access to the database sensitive information which will be held in $dbsettings.

As this has been declared as private am I correct in thinking the there is no now way of gaining access to the sensitive information from outside the class, even if there is an extending class? obviously this file is located outside of the webserver,s document root.

Thanks again guys.

L8rs

Re: PHP Class theory question?

Posted: Sun Apr 27, 2008 2:02 pm
by Mordred
RecoilUK wrote: As you can see from this code its also a singleton and uses the settings class above it, it also has a seperate function for gaining access to the database sensitive information which will be held in $dbsettings.

As this has been declared as private am I correct in thinking the there is no now way of gaining access to the sensitive information from outside the class, even if there is an extending class? obviously this file is located outside of the webserver,s document root.
You are confusing member visibility with web security. "private" is not a security measure against a web attacker, it's to protect the programmer(s) from shooting himself in the foot. There are classes of vulnerabilities which can disclose your database credentials, but they have nothing to do with the current topic.

Since your file is called "settings.php" there is almost no added value for keeping it outside the docroot. (Not so if it were - say - settings.inc)

Re: PHP Class theory question?

Posted: Sun Apr 27, 2008 11:51 pm
by RecoilUK
Hi again.

Interesting point.

So how is it possible to get access to that information if the class has no means by which someone can request it? from a PHP perspective.

Also ...
Mordred wrote:(Not so if it were - say - settings.inc)
Could you explain this a little further?

Thanks

Re: PHP Class theory question?

Posted: Mon Apr 28, 2008 6:53 am
by Chris Corbyn
RecoilUK wrote:
Mordred wrote:(Not so if it were - say - settings.inc)
Could you explain this a little further?

Thanks
The .inc extension will be ignored by most web servers and will not be parsed as PHP code. As a result, anybody requesting the file directly over HTTP will be sent the plain text version of the file as-is. They'd see database usernames and passwords and everything else in the file. It's very rare that a file ending in .php would ever be served up in plain text. The only time that would happen is if some server admin with a fat finger messes up the server configuration so it's not parsing PHP files.

Re: PHP Class theory question?

Posted: Mon Apr 28, 2008 8:39 am
by RecoilUK
Hi again

Its really no problem for me to change the file extension and do some file parsing in a script and I understand the reason for doing so, however, if the file is outside the document root, then it should never be served directly from a request, and if the server stops parsing php for some reason then the details would still be safe because if PHP is not working, it wouldnt have included the file so the details still wouldnt be able to be seen.

I,ll reserach the .inc file extension though and see.

Thanks.

Re: PHP Class theory question?

Posted: Mon Apr 28, 2008 12:19 pm
by Christopher
RecoilUK wrote:however, if the file is outside the document root, then it should never be served directly from a reques
You may always put it outside of the document root, but will everyone using your code?