Hello,
I'm currently building an application that uses the same models in different controllers. Instead of using the normal way, being loading the model in the controller i've build a "core controller" (Foundation_controller) which can load models all other controllers extend from this controller in a way.
In those extended controllers i load my model the following way:
*It' might look confusing here because i load the model in the constructor, but in some controllers i load a specific model (or get the object) inside of a function or at a certain point in a process.
Everything works but now i'm concerned this could lead to a potential security risk, or bad resource management , since the models are being loaded "somewhat" globally.
Some models are in subfolders and some versions of the app require a different version of a model. Or some app versions don't have some model files at all. (Lite version)
The main thing is that each controller in the app extends from Foundation_controller to use the load function, some controllers are being used for pages with "public" access and others are behind a authenticated users part. The main reason why I have the load_model function is that I don't want to repeat code to check if the model file exists, a particular function exists and that the class has already loaded. Also this approach has less chance for typos and if a model path changes less work to refactor.
Now I have doubts that this is secure, and I wonder if this is a valid way to load models in codeigniter and that it remains secure and stable / performant.
All remarks and suggestions are welcome.
Best regards, Bart
I'm currently building an application that uses the same models in different controllers. Instead of using the normal way, being loading the model in the controller i've build a "core controller" (Foundation_controller) which can load models all other controllers extend from this controller in a way.
In those extended controllers i load my model the following way:
PHP Code:
#Controller example
class Mod_controller extends Foundation_controller
{
private $list_model;
public function __construct()
{
parent::__construct();
#function from foundation_controller
$this->list_model = $this->load_model('list_model', true, false);
}
private function get_full_list(){
$this->list_model->get_list_info();
}
}
PHP Code:
#Function to load the models from foundation controller
protected function load_model($model_id, $mandatory = false, $die_on_fail = false)
{
$model_data = $this->get_model_info($model_id);
if(empty($model_data['model_alias']) || empty($model_data['model_path'] || empty($model_data['model_class_name']))
){
#outputs simple json fail object..
api_message_present_simple_failure_message('mi-error-01: ' . $model_id);
}
if ($this->model_did_load_check($model_data['model_class_name'])) {
#model is already loaded return the object
return $this->get_model_object_from_alias($model_data['model_alias']);
}
if ($this->check_model_php_file_exists($model_data['model_path'])) {
#load the model here based on file path and alias.
$this->load->model($model_data['model_path'], $model_data['model_alias']);
if ($mandatory) {
if (!$this->model_did_load_check($model_data['model_class_name'])) {
if ($die_on_fail) {
#outputs simple json fail object..
api_message_present_simple_failure_message('mi-error-02: ' . $model_data['model_alias']);
}
return false;
}
}
} else {
if ($mandatory) {
if ($die_on_fail) {
#outputs simple json fail object..
api_message_present_simple_failure_message('mi-error-03: ' . $model_data['model_alias']);
}
return false;
}
}
#model successfully loaded return the object
return $this->get_model_object_from_alias($model_data['model_alias']);
}
protected function get_model_object_from_alias($model_alias){
return $this->{$model_alias};
}
*It' might look confusing here because i load the model in the constructor, but in some controllers i load a specific model (or get the object) inside of a function or at a certain point in a process.
Everything works but now i'm concerned this could lead to a potential security risk, or bad resource management , since the models are being loaded "somewhat" globally.
Some models are in subfolders and some versions of the app require a different version of a model. Or some app versions don't have some model files at all. (Lite version)
The main thing is that each controller in the app extends from Foundation_controller to use the load function, some controllers are being used for pages with "public" access and others are behind a authenticated users part. The main reason why I have the load_model function is that I don't want to repeat code to check if the model file exists, a particular function exists and that the class has already loaded. Also this approach has less chance for typos and if a model path changes less work to refactor.
Now I have doubts that this is secure, and I wonder if this is a valid way to load models in codeigniter and that it remains secure and stable / performant.
All remarks and suggestions are welcome.
Best regards, Bart