CodeIgniter Forums

Full Version: Site Architecture with CI - question from advanced user
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

I have a question to CI community about site architecture with CI.
Suppose you have a site with many users and users can update their profiles. When they update a profile the users get an email confirmation.
As such, I have a model for updating user profiles and an MY_Email library to send the right email template.
Now, suppose a user logs into account and updates the profile. There are many ways to handle it. Which one is better from security perspective + site loading times.
When the user logs in, the database is queried for user data, and the updated fields are stored in the $_POST global array.
Is it a better practice to:
a) pass user id through $_POST, query database (again) on user id for user info, store it in $this->CI->data, then call on database model and email library that will take data from $this->CI->data (such as user email for email library) and then using this data will update profile

b) store all user data in hidden fields (such as user email because we will need to send them email conf) and then have email library send email base on $_POST data only

c) pass data to each method within the email library... bu this way we would have to pass every update field to the email library method if we want them to show up in the email sent to user.

Any thoughts?
Note that passing data to email library avoids an extra db query to get user email, however if we pass email to the email library we have to pass any and all other fields that we want to show up in the database. The other two methods are either saving all required info for email in the $_POST variable which also avoids extra db query or having the extra db query in the model to update database to retrieve user email for email library. Note that after all updates are done, we, again, need to query database to get the updated user information.


El Forum

I'll try to help, but I'm not real clear on what your asking. Are you just looking for a simple flow on how a user can log in, then update their profile?

After the user submits login form and data is validated, you could save a session variable that indicates the user has properly authenticated. Since CI already manages the session, it's pretty easy to implement. Then you can check this session variable in your library or what have you, before allowing any updates to the DB/send your email.

El Forum

[eluser]Colm Ward[/eluser]
I would say a). I wouldn't worry too much about the number of database queries in this particular case. I mean how often do you expect users to be updating their profiles?

In my (admittedly limited) experience you can get yourself into all kinds of knots trying to reduce the number of db queries at the expense of having easily understandable business logic.