Page 1 of 1

using PEAR in security methods

Posted: Thu May 08, 2008 9:54 pm
by mahoutekiyo
referring to http://www.devshed.com/c/a/PHP/Creating ... in-Script/

it took me awhile to fully understand this code and although I can follow the code okay, I feel like this is a round about approach, especially since my provider does not make use of PEAR on their server.

Initially I decided to make a class that uses a method to make a connection to the database with normal php functions and assign that connection to a member of that class and make several other methods that return necessary information from the database.

For example

Code: Select all

$check = $obj->check($username, $password); 
if($check == true){ // print page }
else { header("location: login.php"); }
would access a method to make the user data mysql safe, check the info against that in the db and if true, set all the session/user data and return a boolean value. Now, however, after looking at the code at the link I provided, I started thinking to myself they may have a better approach but I don't know if using objects within objects to establish session and user data is really all that necessary.

Any thoughts or opinions on the subject would be greatly appreciated.

Re: using PEAR in security methods

Posted: Fri May 09, 2008 12:58 am
by Mordred
That class is not among the best examples of good coding, but if you remove the dubious use of serializing in a cookie, it looks okay.
You can use PEAR by just manually copying the folder structure with the required files in a PEAR subdirectory on your server.
Your login class definitely shouldn't connect to the database itself. Make it accept a connection from outside.
I don't understand the rest of your question/comment.

Re: using PEAR in security methods

Posted: Fri May 09, 2008 3:46 pm
by mahoutekiyo
Thank you Mordred. I appreciate the input, and will definitely follow your advice.

Why is it a bad idea to use a class to connect to your database?

Re: using PEAR in security methods

Posted: Fri May 09, 2008 4:14 pm
by Mordred
Have one database connection per page request. Not only your login class will want to use the database - it's better to open one connection, and then pass it around.