Determining source of method call at runtime

Question

I'm wondering if there is a "better" way to do this:

class Foo {
    final public function bar() {
        if (is_subclass_of(get_called_class(), __CLASS__)) {
            throw new Exception();
        }
    }
}

class Bar extends Foo {
    public function baz() {
        parent::bar(); // shouldn't be allowed
    }
}

Essentially, I want certain methods in my parent class to prohibit child classes from calling them. This needs to be bullet-proof, which I doubt this is, so if you know how this could be circumvented, that's what I'm interested in knowing (along with how to prevent it, if possible).

Edit: For everyone suggesting private methods, this is not an option, as I need the interface to remain public to be externally accessible. Sorry, I guess I assumed that would be obvious.

Answer 1

class Foo {
    final public function bar() {
        if (is_subclass_of(get_called_class(), __CLASS__)) {
            throw new Exception('No cookies for you!');
        }
        echo 'Failure!';
    }
}

class Bar extends Foo {
    public function baz() {
        try{
                Foo::bar(); // shouldn't be allowed
        } catch (Exception $e){
                echo $e->getMessage();
        }
        try{
                $func = function() {Foo::bar();}; // is allowed, nags somewhat about it should't be called statically..
                $func();
        } catch (Exception $e){
                echo $e->getMessage();
        }
    }
}
$b = new Bar();
$b->baz();

Answer 2

This is not going to be "bulletproof". And I don't think there's anything you can do to make it so.

Fact of the matter is, a PHP process is usually running in an interpreter with filesystem access to the local server - as a relatively-unprivileged user. But that's still enough to open /proc/self/mem, which provides read-write access to the memory space of the current process. Using that, you could go into the memory the PHP interpreter is using and NOP over the bit of code you thought was providing your bulletproof security.

Answer 3

Im not sure if this helps, but private functions in parent classes cant be called by child classes. But if you need it to be public i think you would have to declare baz() in each child and throw an exception...