Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers MeNeedz Auth
MeNeedz Auth
  • El Forum
    Guest
  •  
#161
07-17-2009, 10:34 AM

[eluser]davidbehler[/eluser]
Well...I will have to look into the register function again to answer your first question, but as far as testing is concerned I can answer you right away:

So far I have never used any testing libraries like PHPUnit, but I do alot of manual testing. Maybe I should have a look at PHPUnit/simpletest and rely on them for testing.
  • El Forum
    Guest
  •  
#162
07-17-2009, 10:44 AM

[eluser]meteor[/eluser]
Another thing, which is related to registering users with register() function.
If your function does vaidation check on the post variables, how I can determine what sort of error has just occured(assuming there has been at least one). This function returns true or false. The solution would be to check input before running register(). This is pointless of course but for now I can't see any other way to get validation errors from my form (not taking into account js validation).

Sorry, this is just my opinion which might help to improve your lib a bit Wink)
regards
  • El Forum
    Guest
  •  
#163
07-17-2009, 10:49 AM

[eluser]Mat-Moo[/eluser]
Auth does not do any field validation (But it does check primary key for duplicate entries), you simply setup the post names in your config so that Auth can get the data. You do all your validation as normal before calling the register function. Secondly register will only write the the basic user details, so on completion (result=TRUE) you need to get the last insert id, and update that record with any additional user data.

I'm currently using this in 2 project and not had any issues, and currently now using it in a 3rd project.
  • El Forum
    Guest
  •  
#164
07-17-2009, 10:58 AM

[eluser]meteor[/eluser]
I'm sure that with some sort of test framework your libs would be more manageable and your functions shorter, in addition you would know immediately when one of these small functions breaks. It would teach you writting decoupled code and make you better programmer and save you a lot of time and manual testing, and , and ,and .... Wink)
So I cross my fingers, because as I said above, I like the ideas of yours Wink)

regards
  • El Forum
    Guest
  •  
#165
07-17-2009, 11:07 AM

[eluser]meteor[/eluser]
Code:
$register_input_config = $this->input_config['register'];
        $user_identifier = $this->CI->input->post($register_input_config['identifier'], TRUE);
        $user_password = $this->CI->input->post($register_input_config['password'], TRUE);
        $user_email = $this->CI->input->post($register_input_config['email'], TRUE);
        $user_primary_key = $this->CI->input->post($register_input_config['primary_key'], TRUE);  
if($user_identifier == FALSE OR $user_password == FALSE OR $user_identifier == "" OR $user_password == "" OR ($this->use_email == TRUE AND ($user_email == FALSE OR $user_email == "")))
        {
            return FALSE;
        }

As far as I understand, above fragment of code just gets post data and checks what is available and what is not ... It might be replaced by validated data passed in the form of arguments to the register function in my opinion. This way we would avoid validating twice and shorten the function a bit ...

What do you think ?
  • El Forum
    Guest
  •  
#166
07-17-2009, 11:14 AM

[eluser]Mat-Moo[/eluser]
You understand wrong then, although the function does check that the data is not blank. I would not classify this as validation. Although you must remember that with XSS turned on the post data has already been "Cleaned" etc.

Edit: I understand what you are saying, but why would you do validation at that point? Validation would have to be done before performing any action (e.g. Register) in which case you have already validated the form data before hand.
  • El Forum
    Guest
  •  
#167
07-17-2009, 11:32 AM

[eluser]meteor[/eluser]
Well, in my opinion checking if something is false (no data) or '' (empty) is validating ... and it means that we are validating twice here ... Have a look how long that if condition is ... It's slows things down and repeats operation which should have already been done ... just to return false... in my opinion this fragment of code should be refactored. This function is supposed to return true (in case of successful registration) or false ... so it should be given 100 % valid data. If data is not valid it should not be run. What's more it would be good to delegate optional object to this function to save data with ... If something went wrong with saving ... Array of errors would be returned ... otherwise true ...

Just my humble opinion ... Wink))
  • El Forum
    Guest
  •  
#168
07-17-2009, 11:38 AM

[eluser]Mat-Moo[/eluser]
Better safe than sorry imo.
  • El Forum
    Guest
  •  
#169
07-17-2009, 11:44 AM

[eluser]meteor[/eluser]
right, but running overlapping code twice is inefficient ... Single check is enough in this case ..

regards
  • El Forum
    Guest
  •  
#170
07-17-2009, 03:42 PM

[eluser]davidbehler[/eluser]
I finally had time to look into the library again and you are right, there is no real validation done except checking for FALSE/empty value. But as I'm passing the second parameter as TRUE to the $this->input->post() method, the data is run through the XSS filter.

I guess it's totally save to drop the check for empty value and only check for FALSE. But I doubt that you will really feel a difference compared to checking for FALSE and empty value instead of only FALSE.

As far as error message instead of FALSE as return values are concerned I didn't implement those as that would require internationlization and would make the library further complicated. If you really want me to, I will add the feature in form of an additional language file 'auth_lang.php' or something similar.




Theme © iAndrew 2016 - Forum software by © MyBB