Boards.ie

arleitiss · 19-08-2012, 17:42

Hey, I was just playing around in notepad++ and decided to see how long will it take me to make a simple basic login/registration system with sessions.
So if anyone is interested here are the files:
by the way, I am just 100% sure it's not the pro way, but I am not a pro anyways, I am just a guy who's in college and we do web dev but don't do php so I went ahead and started learning it on my own, so if you are learning on your own, you might be interested in this. Also would be great for feedback and suggestions of what to improve in this code for my and others future reference.
It's just 7 files but technically all this could be done in 1 long file.
I didn't bother with styling up it fancy and so, just made rough.

index.php - main homepage.
process.php - all processing and actions.
css/main.css - obvious crappy style.
includes/sql.php - sql connection (I removed my details)
includes/menu.php - menu bar
includes/sessions.php - sessions file.
includes/functions.php - contains some functions.

Hopefully someone will find it useful.

Index.php: http://pastebin.com/hYhAqkzU
Process.php: http://pastebin.com/JwSm9J1s
Sessions.php: http://pastebin.com/xZswaa3F
Menu.php: http://pastebin.com/cWR2N07h
Functions.php: http://pastebin.com/QcAQgwAW
sql.php: http://pastebin.com/BZF7s2FC

in live example:

www.arleitiss.com/example/index.php

philologos · 19-08-2012, 20:35

I think as a start this is really good. As for where you could go further with PHP is making use of object orientation both in respect to entities, and in respect to the database itself. PHP has come a long way in terms of object orientation since version 4.

For example, you could have one class to handle the database. You could have user objects returned when you want to select users rather than a result set. You could have thread objects returned when you want to see the number of threads in a forum and so on. You could have an authentication class to ensure that the user is a valid one.

What a lot of people do with databases is to use some abstraction. Whether that is to have an interface (entirely abstract) or an abstract class (partially abstract, partially must be implemented). For example IDataProvider with common functions / methods, and MYSQLDataProvider which implements IDataProvider. This means at any point in the future, you can implement a class which implements IDataProvider and replace the other without changing functionality. Or you could make it so you can pick between different sources like MySQL, Oracle, SQL Server, SOAP webservice and so on.

I think getting a good grip on object oriented principles will help you out both in PHP and in other languages which are more strictly object oriented. You'll find that you write code quicker, and that you can reuse more of it when you take an Object Oriented approach rather than flat out scripting.

arleitiss · 19-08-2012, 21:00

yeah I am trying to learn about object orientation now, as it seems more efficient

fcrossen · 20-08-2012, 10:32

Like philologos says - you're off to an excellent start. When you start using libraries, PHP frameworks for example, or Wordpress, you don't want to be using them like black boxes. These kind of exercises are very useful for developing your understanding of basic processes.

Just a couple of pointers:

If you store the user id in $_SESSION['logged'] you can avoid the SQL call. SQL calls are computationally expensive, so avoid whenever you can.

PHP Code:


			
if(!function_exists('crypter')){

- Better to ensure the file is only included once rather than use something like this... Errors like 'function already defined' can indicate a weakness in your design pattern, and are better fixed by reorganising your code than using function_exists()

PHP Code:


			
$crypted = sha1(md5(sha1(sha1(md5(md5(md5(sha1(sha1(md5(crypt('$pass', 'la')))))))))));

this is redundant. Use one hashing function with salt. See http://php.net/manual/en/function.crypt.php - example 1.

Nice to see you getting stuck in - it brings me back a while! Have a look at design patterns too - MVC is very common. You could try implementing a basic MVC pattern using objects.

Creamy Goodness · 20-08-2012, 10:54

Quote:

Originally Posted by arleitiss

yeah I am trying to learn about object orientation now, as it seems more efficient

Depends what you mean by efficient.

OO code isn't by any means more efficient computationally per se, but it's more efficient in the way you can re-use classes and objects in 1, 2 or 100 different projects.

This is a good start, I would as fcrossen says use one hashing function with a user unique salt.

If you haven't heard of coding horror blog i suggest you follow it, it's a gem and specificially read this post - http://www.codinghorror.com/blog/201...passwords.html

Best of luck.

20-08-2012, 10:32	#4
fcrossen Registered User Join Date: Dec 2009 Location: Dublin Posts: 175 Adverts \| Friends	Like philologos says - you're off to an excellent start. When you start using libraries, PHP frameworks for example, or Wordpress, you don't want to be using them like black boxes. These kind of exercises are very useful for developing your understanding of basic processes. Just a couple of pointers: If you store the user id in $_SESSION['logged'] you can avoid the SQL call. SQL calls are computationally expensive, so avoid whenever you can. PHP Code: `if(!function_exists('crypter')){` - Better to ensure the file is only included once rather than use something like this... Errors like 'function already defined' can indicate a weakness in your design pattern, and are better fixed by reorganising your code than using function_exists() PHP Code: `$crypted = sha1(md5(sha1(sha1(md5(md5(md5(sha1(sha1(md5(crypt('$pass', 'la')))))))))));` this is redundant. Use one hashing function with salt. See http://php.net/manual/en/function.crypt.php - example 1. Nice to see you getting stuck in - it brings me back a while! Have a look at design patterns too - MVC is very common. You could try implementing a basic MVC pattern using objects.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

19-08-2012, 20:35	#2
philologos Closed Account Join Date: Jan 2005 Posts: 22,152 Adverts \| Friends	I think as a start this is really good. As for where you could go further with PHP is making use of object orientation both in respect to entities, and in respect to the database itself. PHP has come a long way in terms of object orientation since version 4. For example, you could have one class to handle the database. You could have user objects returned when you want to select users rather than a result set. You could have thread objects returned when you want to see the number of threads in a forum and so on. You could have an authentication class to ensure that the user is a valid one. What a lot of people do with databases is to use some abstraction. Whether that is to have an interface (entirely abstract) or an abstract class (partially abstract, partially must be implemented). For example IDataProvider with common functions / methods, and MYSQLDataProvider which implements IDataProvider. This means at any point in the future, you can implement a class which implements IDataProvider and replace the other without changing functionality. Or you could make it so you can pick between different sources like MySQL, Oracle, SQL Server, SOAP webservice and so on. I think getting a good grip on object oriented principles will help you out both in PHP and in other languages which are more strictly object oriented. You'll find that you write code quicker, and that you can reuse more of it when you take an Object Oriented approach rather than flat out scripting.

19-08-2012, 21:00	#3
arleitiss Registered User Join Date: Jun 2009 Posts: 2,146 Adverts \| Friends	yeah I am trying to learn about object orientation now, as it seems more efficient