Timeline for MVC Auth Structure and Dependency Injection with PHP-DI 5 and Slim 3
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 26, 2017 at 1:42 | comment | added | Mike Brant |
@RamonBakker Based on your comments, this question might be flirting with being off topic, as the expectation is that your you are not posting partially implemented code for review. The philosophy is that you are posting your code and context on what your code does and you can get review comments around any aspects of what you have shown - thus my reason for security commentary. :) To your question on what methods should be moved from Auth, as I said, I would honestly consider just getting rid of the class altogether, as it doesn't really perform authentication anyway, that is in User.
|
|
| Apr 25, 2017 at 21:43 | comment | added | Ramon Bakker | "Why do you need anything other than user id and authentication status/timestamp to be stored in session?": Tbh, i dont know. I'll remove them. "Most of your methods should probably be move to User class.": Which methods do you mean here? "You are really handling sessions in an insecure manner.": I am aware of all security concerns. The code provided was not about security, because i still need to implement that. Just started on this project. The question was only about dependency injection and structuring the project. | |
| Apr 25, 2017 at 21:39 | comment | added | Ramon Bakker | Thanks for your reaction. Your first answer, did'nt thought about that, thanks. In reaction to your second answer, partially. "You don't want to leak account verification status data to a user making request with bad password": Why not? This was actually my intention. Yes, the fields are unique and the username field got priority. But in shown code not implemented. The project is far from finished. n. "It seems odd to have password verification in User while having a login() method on Auth": I can find your opinion there. Going to replace it. | |
| Apr 25, 2017 at 21:29 | history | edited | Mike Brant | CC BY-SA 3.0 |
added 73 characters in body
|
| Apr 25, 2017 at 21:21 | history | answered | Mike Brant | CC BY-SA 3.0 |