Comments on: Superglobals In Classes: Revisited

By: fqqdk

fqqdk — Fri, 17 Jul 2009 13:41:59 +0000

This snippet still has some problems…

$ValidUser = new VerifyLogin($_POST['username'], $_POST['password']);
if($validUser) //…

First: now that you modified the method to not be a constructor, the construction could should be updated too:
$ValidUser = new VerifyLogin();
//…
Second: you have the variable name starting with different cases: you have $ValidUser assigned to your VerifyLogin instance and you check for $validUser in the conditional.

Third: after you fix the variable name, the condition will always evaluate to true because $ValidUser is an object, and that would impose some very serious security problems :D The condition should be spelled
if($ValidUser->verifyCredentials($_POST['username'], $_POST['password']) //…

Fourth: even the variable name is misleading. After moving the authentication logic from the constructor to the verifyCredentials method $ValidUser does not at all denote a valid user! That name should be changed.

And the last problem is what Dave already mentioned, I will not repeat him. This problem is related to what you write in your recent article (the one about multiple levels of inheritance). The authentication process should be separated from the actual representation of users. The statement VerifyLogin IS A User does not make sense at all!

I would advise that you review your articles more thoroughly. Clueless noobs may find them, and without the same background as seasoned veterans they might take your code or worse your flawed concepts for granted, and replicate it in their designs! I actually found this post through the feed of Planet PHP, and given that popularity is power, the Spiderman principle should apply :)

By: Brandon Savage’s Blog: Superglobals In Classes: Revisited | DreamNest - Technology | Web | Net

Tue, 14 Jul 2009 16:00:29 +0000

[...] an earlier post dealing with superglobals and classes, Brandon Savage looks at an example of why its still a bad idea. I asserted at the time that superglobals inside of a class violated [...]

By: Gyorgy

Gyorgy — Tue, 14 Jul 2009 14:30:24 +0000

Good point, I’d like that every developer would use OOP powers to the max, because
superglobals in classes renders useless one of the basic principles of OOP (code isolation)

By: Dave

Dave — Tue, 14 Jul 2009 10:21:34 +0000

You’ve just switched your dependancy from the global variable to an SQL table leaving the fundamental problem unaddressed.

The real problem is that the OO model you’ve chosen isn’t very sensible. Why should verifyLogin be an object? Personally I would have an AuthenticationHandler which is responsible for maintaining the global state. This could be an interface with site specific implementations but it maps much better to the necesary global state because you can at least make it a singleton.

By: Artur Ejsmont

Artur Ejsmont — Tue, 14 Jul 2009 08:18:16 +0000

Although refactoring makes sense and code seems better now, you are not escaping user name any more …. its like asking for injections.

Art

By: Christer

Christer — Tue, 14 Jul 2009 05:40:24 +0000

You should probably fix the security holes as well since many beginners might use the code anyway, regardless of the warning in the bottom of the post, and they wouldn’t have any knowledge on how to fix the security flaws…

By: Daniel O'Connor

Daniel O'Connor — Tue, 14 Jul 2009 01:09:51 +0000

I’d still do this differently, because you’ve still got global state.

class DBAuthenticator {
/** @param resource $db The database connection to use, which is a dependency */
public function __construct($db) {}

/**
* @return int User ID
* @throws Exception No such user
* @throws Exception Invalid login
*/
public function authenticate($user, $pass) {}
}

class User {
public $id;
}

// Setup
$user = new User(); // Your model/data structure
$storage = new DBStorage(); // A layer to load and populate your models
$security = new DBAuthenticator($db_connection);

// Wiring
$user->id = $security->authenticate($_POST['user'], $_POST['pass']);
$user = $storage->load($user);

That neatly splits:
* The authentication method (“Are these credentials allowed to access my resources”) from the user profile
* The authentication backend (database) from the user profile model

Changing the security mechanism from DBAuthenticator to MockAuthenticator or LDAPAuthenticator is then trivial, too.

By: Brandon Savage

Brandon Savage — Tue, 14 Jul 2009 00:06:20 +0000

Your comment was just a bit behind my correction; you’re 100% right that a constructor returns an object regardless of a return statement.

By: Jason Stubbs

Jason Stubbs — Mon, 13 Jul 2009 23:39:16 +0000

The biggest “security hole” is that $validUser will always evaluate to true as it becomes an instance of VerifyLogin regardless of the constructor’s return value… To make your point explicit, you should probably have the original verifyCredentials() function to take $username and $password as parameters.

Your point itself though is completely valid and I’d even extend it to say that classes should not use _any_ global variable at all. Everything should be either passed in via a constructor/function or, in the case of cross-object internal data, stored in a static class variable.

By: Brandon Savage

Brandon Savage — Mon, 13 Jul 2009 23:31:33 +0000

You’re right; I’ve fixed that error. Constructors cannot return things.

By: fqqdk

fqqdk — Mon, 13 Jul 2009 23:26:47 +0000

Why did the verifyCredentials() method turn into a constructor in the second snippet? It servers no purpose for the topic (superglobals in methods). It’s confusing. Constructors should not do work. What does returning boolean values from a constructor do?

Aside of these things what you say is good and correct. Global state is evil. :)