0

I have created a login system and I am trying to stick to the rules of MVC as much as possible.

I have a simple login form that uses AJAX to submit the form data to small script, which then calls the controller for the processing of the username and password:

function __autoload($classname) {
    include("../classes/$classname.php");
}

$username = $_POST['username'] ;
$password = $_POST['password'] ;

$AC = new AccessControl ;

$result = $AC->login($username, $password) ;

if($result !== 0)
{
echo $result ;
exit() ;
}

AccessControl is my class for user authentication and account management operations, the code is here in my other post: MVC Relationships and DRY

Have I done this wrong because this small script isn't a controller or a model? All it does is relay information returned from the controller back to the interface/view, such as error messages.

Community
  • 1
  • 1
imperium2335
  • 20,168
  • 36
  • 103
  • 181

3 Answers3

1

First, don't let any particular paradigm prevent you from doing things the best way possible in your particular situation.

That said, your small script is a controller. It's processing an action and returning a result. It may not be managing a specific view but it's delegating processing and handing off the result to a view.

Matt S
  • 13,731
  • 4
  • 45
  • 70
0

In my oppinion, haven't used the MVC structre to the blood, this is about right, with some minor changings.

I usually prefeer something like : 

$AC = new AccessControl ;
$AC->setUsername($_POST['username']);
$AC->setPassword($_POST['password']);
if ( $AC->login() )
     echo $result // if all is ok from login method return true
else
     // manage some error handling here if not true

Maybe you want to user that Username and Password in more places and other methods, so you can use getPassword() / getUsername()

Cosmin
  • 1,422
  • 11
  • 26
0

You are mixing authentication and authorization. Structures like AccessControl should be dealing with authorization, not authentication .. you choice of names .. emm ... leaves room for improvement. To learn more about the authorization in context of MVC, i would recommend to read this post.

Authentication, in context of MVC and MVC inspired design patterns, should be part of the model layer and handled by some form of Recognition service.

What you have on the code snipper looks a bot like code from controller's method, but it has several issues.

Ok .. lets pike apart to code:

  • The use of __autoload() function is not recommended. You should instead learn how to utilize spl_autoload_register() function. It would let you code to use multiple leaders.

    Also, since release of 5.3, it is possible to use namespaces in PHP. In combination with autoloaders, it would let you better organize you code. Lately it is common practices to map project directory structures (at least partially) to namespaces.

    The most known implementation would be PSR-0, though it should not be considered even close to ideal. It has some serious flaws, but it will make for a good example to illustrate use of namespaces in autoloading.

  • You should avoid use of new deep in the application call graph. This causes tight coupling to the name of class from which you are creating the new instance.

    Instead your controller should have a factory injected into constructor, which then is responsible for initialization of new instances. 

    namespace Controller;

class Foo
{
    protected $serviceFactory = null;
    protected $view = null;

    // --- SNIP ---
    public function __construct( HasSomeFactoryInterface $factory, $view )
    {
        $this->serviceFactory = $factory;
        $this->view = $view;
    }

    public function postLogin( $request )
    {
        $recognition = $this->serviceFactory->create('AccessControl');

        // --- SNIP ---

}

  • Controller in MVC design pattern should only change the state of model layer and current view. It does not return anything nor passes data from model layer to view. You seem to confuse classical MVC, Model2 MVC, MVP, MVVP and the Rails parody of MVC pattern.

    In the Model2 MVC (also known as Web MVC) design pattern the controller take the incoming user request, and, by passing data from said request to the respective parts of triad, changes their state.

    namespace Controller;

class Foo
{

    // --- SNIP ---
    public function postLogin( $request )
    {
        $recognition = $this->serviceFactory->create('AccessControl');
        $recognition->login( $request->getPost( 'username' ),
                             $request->getPost( 'password' ) );

        $this->view->prepare( $request->getMethod() );
    }
    // --- SNIP ---

}

    In this example view receives notification, that the POST request was received, which means, that, instead of generating HTML from several of templates, it has to only send HTTP header as a response.

    To see a short overview about the MVC-related patterns, try this post.

  • If you are aiming for Model2 MVC design pattern, then view should retrieve information from model layer on its own. But all MVC-inspired design patterns view is supposed to be responsible for the presentation logic.

    That also includes dealing with error state in model layer. Domain business logic has nothing to do with how view represents errors.

Community
  • 1
  • 1
tereško
  • 56,151
  • 24
  • 92
  • 147