OO PHP multiple 'methods'?

Question

This isn't a direct code question, but more of request for guidance.

I'm fairly new to OO PHP, I'm usually an old school developer, but I want to do things the modern way, perhaps the right way.

I am going to 3 SEPERATE protected areas. I've written a class called Account, but rather than create 3 instances of this class - because this is a global class and I don't want to create a new instance of it inside individual pages - I want to have something like this for example:

$account = new Account();
$account->areaOne->login();
$account->areaTwo->login();
$account->admin->login();

Few things to point out...

• The difference between each of the instances is the Session variable.
• Each of the different account information (username/passwords) are stored in different tables

So here's my questions:

1. Is this even possible
2. What's the logic behind this
3. Where would be a good place to start
4. Is this even a good way of doing what I need?

Sorry for my noobiness, but I wouldn't even know what to search for on Google.

Answer 1

Having multiple authentication methods in separate classes will be code duplication, which means a nightmare to debug and maintain. If you are also choosing to hold your users information in separate tables in the database it will only further complicate the issue. Remember they are all users, just with different permissions.

If it were me, I would encapsulate all the authentication into one class and pass in the account instance into the login method.

class Authentication {
  public function login(Account $account, $password) {
    if ($this->isValidPassword($account, $password)) {
     // Login successful
    }
  }
} 

When they access a resource, say Area1, they are then authorized:

class Authorisation {
  public function authorise($account, $resource) {
    $role = $this->account->getRole();
    if ($this->isAllowedAccess($role, $resource)) {
     // Grant access
    }
  }
}

One of the big benefits of a design like this is the ability to interdependently modify the internal methods of account without it affecting any of the functionality within your other classes.

If the purpose here is to learn then I would consider writing your own authentication and authorization classes it would be good learning experience. The best inspiration should be from existing, well written opensource frameworks such as Zend Framework.

Search all my highlighted words too, these are keywords for what you are trying to achieve.

Answer 2

1. Is this even possible

Yes!

2. What's the logic behind this

Every time you do -> you're accessing an object's property or function. Given this we infer that areaOne, areaTwo and admin must be objects too. So you basically have an Account class that creates Login objects that have a login() function.

3. Where would be a good place to start

Just read more about OOP in general, and then PHP in particular.

So you understand the concept behind your example, a sample implementation could be structured as follows.

(This sample is meant to reflect OP's example and should not be taken as good or bad!)

class Account
{
  public $areaOne, $areaTwo, $admin;
  public function __construct()
  {
    $this->areaOne = new Login();
    $this->areaTwo= new Login();
    $this->admin= new Login();
  }
}

class Login
{
  //Maybe receive some parameter here...
  public function __construct(){}

  public function login()
  {
    //Login logic
  }
}

4. Is this even a good way of doing what I need?

Well... that's always subjective. I would need to know more about the application you're developing to know for sure. It depends on how complex the project will be, what patterns your using, etc. But yes, I think you should improve upon this idea. Refer to question #3 to know how to do that, as that's not something I could teach how to do in a simple answer :)

Some questions to ask yourself:

• What is the use for each of these classes? Do I really need all this?
• Will the number of areas change? If they change what can I do to make the code support it without changes? (Maybe use the factory pattern?)

Answer 3

All you need is

$account = new Account();
$account->login();

You account object should contain the necessary fields to know whether it's an admin or what. If you need more fine grained access, you might want to look into ACL (Access Control Lists).

Although, as someone suggested in the comments, you might want to look in frameworks. While they're usually have a great learning curve, they're also a good way to really dive into OOP and MVC. There are many, including: Symfony2, Zend, Laravel and CodeIgniter. I am biased toward Symfony, but it depends who you ask and what you're trying to accomplish.

Sure, they do a lot of the dirty work, but there's also a lot to learn even when using a framework.