4 Responses to “OOP Registration-Login Part II: PHP Strategy & Proxy”


  • A Captcha probably goes in the security class. However, it is not clear where sanitization and validation of user input goes? Where we display the validation errors? Shouldn’t be a validation class in the mix? Thanks.

  • Hi George,

    The Proxy (security) design pattern is simply to get from an insecure to a secure location via a proxy class. You could add a second (or third or fourth, etc.) Proxy for validation as well on “the other side” of the login proxy.

    Kindest regards,
    Bill

  • Pretty much everybody is used to have login and register as methods of a class, not as separate classes interacting. I can understand the theory as it is simple and very well explained, but it differs significantly from a real life production example and the way most PHP programmers are accustomed (MVC frameworks). To the point, for authentication, usually anybody would like to have at least validation to input forms and will have to have something to control the session (and nobody would put the name of a database table in a form element). Probably will be something as a Session class, with methods to create, delete and check sessions. The validation will be some kind of strategy structure (validation algorithms) that will return an error array on validation error(s) that has to be displayed on the page. I mention I have your book on PHP patterns as well, which I enjoyed reading it, so you can direct me to its content if needed. I would love to understand how the issues mention will fit in the design presented. For me, this will probably mean passing the point of no return and become a true believer. I understand you may have limited time, but it may be well possible to already have a production-ready working example that I may research on my own, as most projects will require authentication. In this regards, I may be contacted by email as well. Eager to learn, really appreciate your teaching skills. Thank you.

  • Hi Greg,

    In Eugène Ionesco ‘s play Rhinoceros, a small French town is beset by rhinoceros. People are horrified by the beasts at first, but gradually, over time they come to accept them and even become rhinoceros themselves. Ionesco ‘s rhinoceros are symbols for the Nazis, who at first are detested and then embraced. The sad results of such “everyone is doing it” mentality is well-known, and so when I hear “everyone is using MVC,” I cringe.

    There’s nothing wrong with MVC, and in PHP, it seems to be a portal for design patterns. That’s fine, and in 1979 when MVC was introduced it was revolutionary. When the Gang of Four published “Design Patterns” in 1995, another revolution occurred and instead of a single design pattern, we now had 23, each one for a different kind of typical programming problem. The MVC was replaced by the Observer pattern (or mimicked by it) and the 22 other patterns focused on typical programming tasks such as “login”. The Proxy pattern is actually three different types of Proxy: remote, virtual and protection. In this case the protection Proxy is employed because it is designed for the typical kinds of issues involving logins: security and ease of use. Granted, the example is quite simple, but the whole issue is providing an example that is transparent enough to see the process while actually accomplishing the task it was designed to do.

    The Proxy is coupled with the Strategy pattern to illustrate two patterns doing two different things well. I suppose that if I wanted, I could use the MVC for both, but that’s like using a single tool for building a house. You need hammers for nailing, saws for cutting and sanders for smoothing. (Of course you could use a Swiss Army knife…)

    In any event, thank you for your thoughtful comment. I appreciate comments like yours because it is clear that you had thought about it, and I hope I have responded in kind.

    Kindest regards,
    Bill

Leave a Reply