CodeIgniter Forums
Code Organization - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Code Organization (/showthread.php?tid=21492)



Code Organization - El Forum - 08-11-2009

[eluser]m40[/eluser]
I have a function, lets call it validate_user, that takes two values - username and password, and matches them against a database.

Where should that function reside?

a) in a Model, because it communicates with a database;
b) in a Controller;
c) in a Library;
d) other...;


Code Organization - El Forum - 08-11-2009

[eluser]jcavard[/eluser]
[quote author="m40" date="1250031075"]I have a function, lets call it validate_user, that takes two values - username and password, and matches them against a database.

Where should that function reside?

a) in a Model, because it communicates with a database;
b) in a Controller;
c) in a Library;
d) other...;[/quote]
I guess you could have validate_user() in a Authentication library and another function to query the db that would be called by the library, the latter would be in a model.

imho


Code Organization - El Forum - 08-11-2009

[eluser]m40[/eluser]
I might be wrong, but my understanding was that libraries are modular, reusable classes - independent from models and everything.


Code Organization - El Forum - 08-11-2009

[eluser]jedd[/eluser]
I choose option (a) - because it talks to the DB.

I have it in my member (user, people, person, etc) model.

I have a smaller function, either in MY_Controller or my stock helper - that just checks the relevant session data that the above model method sets - and lets me know if the user is authenticated.


Code Organization - El Forum - 08-11-2009

[eluser]m40[/eluser]
But isn't it redundant to have the same functoinality once in the Model and again in MY_Controller? I know the function in your MY_Controller is smaller and not the same, but still I assume a part of it is the same.


Code Organization - El Forum - 08-11-2009

[eluser]jedd[/eluser]
[quote author="m40" date="1250053222"]But isn't it redundant to have the same functoinality once in the Model and again in MY_Controller? I know the function in your MY_Controller is smaller and not the same, but still I assume a part of it is the same.[/quote]

No - my model hashes the password on the way in, does a DB lookup to check if the account is locked, another to see if the originating IP address is being spurned, then does another query with the user/pass and deals with not finding a username that matches, or a failed password hit, updates log files (perhaps) or attempted logins (perhaps), returns different values depending on the nature of the error (wrong user, wrong password, too many tries attempted) and so on.

My controller function does something different - and much simpler - it verifies that I'm allowed to look at a given controller (or method) and if I'm not it redirects me to somewhere special. It means I can have (usually in each of my controller's constructors) a line like this:
Code:
$this->_ensure_authenticated_user( "Forum" );

In MY_Controller, this is what's being called:
Code:
function  _ensure_authenticated_user ( $page_message = "this")  {
    if (! $this->session->userdata('login_name'))  {
        $this->session->set_flashdata('user_needs_to_login', $page_message);
        $this->session->set_flashdata('return_to_page', uri_string());
        redirect('/people/login');
        }
    }

Alternatively I've used a helper function before, to get a simple true/false on whether the user is logged in
Code:
function pdb_is_logged_in()  {
    $CI =& get_instance();
    return ($CI->session->userdata('id')) ? $CI->session->userdata('id') : FALSE ;
    } // end-function pdb_is_logged_in ()



Code Organization - El Forum - 08-12-2009

[eluser]m40[/eluser]
Thanks! This makes perfect sense.

One more question if I may. Consider a case where remember me cookies need to be used. Let's say each of these cookies stores a username and a matching token / random number. I would guess this would require adding a few lines to _ensure_authenticated_user so that if no login_name session is found the function will look for a remember me cookie and if it find one, it will validate it against a database. While I think a design like that would work, I wonder if it would be considered a good design.


Code Organization - El Forum - 08-12-2009

[eluser]phused[/eluser]
[quote author="m40" date="1250084034"]Thanks! This makes perfect sense.

One more question if I may. Consider a case where remember me cookies need to be used. Let's say each of these cookies stores a username and a matching token / random number. I would guess this would require adding a few lines to _ensure_authenticated_user so that if no login_name session is found the function will look for a remember me cookie and if it find one, it will validate it against a database. While I think a design like that would work, I wonder if it would be considered a good design.[/quote]

Yeah, that's correct and how most people do it.


Code Organization - El Forum - 08-12-2009

[eluser]jedd[/eluser]
phused - have you done this? I'd love to see what's involved from the CI session side, what schema objects you've created to manage these, code snippets etc?

I'm thinking about implementing something similar, but I have some ignorance about cookies. I see most sites say 'remember me for x days' - but it varies greatly from site to site. I'm guessing it's relatively easy to keep that variable, per user choice, or would you always stick with a site-wide constant?