ok, so, this is mainly for Pig, but anyone else can jump in.
I'm playing with OOP (object oriented programming for you poor schmucks out there). I'm curious as to some best practices.
I'm building a user authentication class, mainly for code portability reasons. Any time I build user authentication into an app, is roughly the same. Minor improvements each time, of course, but blah.
Anyway, I was wondering...what's the best way to do that? Should I build everything right into the __construct method, or should I break it out across several public functions? Also, would I be better off just lumping everything inline into a single public function, or breaking the thing off into separate private functions? I'm guessing the second part is really more about ease-of-coding more than anything else. I just can't think of a reason for not sticking everything into the __construct method.
Here's what I've got so far for perusal. Maybe Gfree will have input too. It's not complete, but should be pretty obvious where I'm going. I'm just missing the actual authentication portion.
| | |
| Code: class userAuthentication { public $username; private $priv_password; private $result; private $authtable; private $dbtype;
//constructor - set defaults public function __construct($username, $password, $db, $table){ //clean inputs $this->username = clean($username); $this->priv_password = clean($password); //validate database type validate_db($db); }
private function clean($variable){ $pattern= array ( '@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@&(quot|#34);@i', // Replace HTML entities ' '@&(amp|#38);@i', // & '@&(lt|#60);@i', // < '@&(gt|#62);@i', // > '@&(nbsp|#160);@i', // nbsp; '@&(iexcl|#161);@i', '@&(cent|#162);@i', // cent '@&(pound|#163);@i', // # '@&(copy|#169);@i'); // copyright $variable = preg_replace($pattern," ",trim($variable)); return $variable; }
private function validate_db($db){ //validate 'A' class dbs supported by ADOdb switch ($db){ case 'db2': case 'vfp': case 'mssql': case 'mssqlpo': case 'mysql': case 'mysqlt': case 'maxsql': case 'oci8': case 'oci8po': case 'odbc': case 'case': case 'postgres': case 'postgres64': case 'postgres7': case 'posgres8': return $db; break; default: //invalid db == -1 $this->$result=-1; break; } } } | |
| | |
for the auth portion, I plan on checking $this->result, so if it's -1 (invalid db) it'll just die. Anyway, any input? Best practices?