PHP Question

forumbeat · February 28, 2010, 5:37pm

Hi,

Developing an application (must be about the 3rd time I have recoded it) and just have a question about the best way to go about it.

For example I will use my register section (I understand some inputs havent been cleaned as of yet).


        if($_POST['do'] == "register")
        {
            if(_empty($_POST['username'], $_POST['password'], $_POST['passwordConfirmation'], $_POST['email']))
            {
                $template-&gt;assign('message', array('type' =&gt; 'Error', 'content' =&gt; 'Please go back and ensure all fields are filled in.'));
                $template-&gt;assign('template', 'message');
            }
            elseif($core-&gt;db-&gt;fetch_row("SELECT `user_id` FROM `users` WHERE `username` = '{$_POST['username']}' OR `email` = '{$_POST['email']}'"))
            {
                $template-&gt;assign('message', array('type' =&gt; 'Error', 'content' =&gt; 'The username or email you are trying to use already exists in the database.'));
                $template-&gt;assign('template', 'message');
            }
            elseif($_POST['password'] != $_POST['passwordConfirmation'])
            {
                $template-&gt;assign('message', array('type' =&gt; 'Error', 'content' =&gt; 'The passwords you entered do not match.'));
                $template-&gt;assign('template', 'message');
            }
            elseif(!$core-&gt;db-&gt;insert("users", array('username' =&gt; mysql_real_escape_string($_POST['username']), 'password' =&gt; md5($_POST['password']), 'email' =&gt; mysql_real_escape_string($_POST['email']))))
            {
                $template-&gt;assign('message', array('type' =&gt; 'Error', 'content' =&gt; 'Something went wrong, please go back and try again.'));
                $template-&gt;assign('template', 'message');
            }
            else
            {
                $template-&gt;assign('message', array('type' =&gt; 'Success', 'content' =&gt; 'You have registered.'));
                $template-&gt;assign('template', 'message');
            }

This relies on my DB class and some of the functions I have written for it. Now, should I be doing something like this instead (the above works, but I want to know the best way to approach this).

        if($_POST['do'] == "register")
        {
            
            if(_empty($_POST['username'], $_POST['password'], $_POST['passwordConfirmation'], $_POST['email']))
            {
                $template-&gt;assign('message', array('type' =&gt; 'Error', 'content' =&gt; 'Please go back and ensure all fields are filled in.'));
                $template-&gt;assign('template', 'message');
            }
            else
            {
                $register = $core-&gt;auth-&gt;register($_POST['username'], $_POST['password'], $_POST['passwordConfirm'], $_POST['email']);
                
                if($register == "USERNAME_EXISTS")
                {
                    $template-&gt;assign('message', array('type' =&gt; 'Error', 'content' =&gt; 'The email you entered already exists.'));
                    $template-&gt;assign('template', 'message');
                }
                elseif($register == "EMAIL_EXISTS")
                {
                    $template-&gt;assign('message', array('type' =&gt; 'Error', 'content' =&gt; 'The username you entered already exists.'));
                    $template-&gt;assign('template', 'message');
                }
                elseif($register == "SUCCESS")
                {
                    $template-&gt;assign('message', array('type' =&gt; 'Error', 'content' =&gt; 'You have registered..'));
                    $template-&gt;assign('template', 'message');
                }
            }

Then my Auth class register function will have pretty much the same code as my first bit of code, and return either USERNAME_EXISTS, EMAIL_EXISTS, SUCCESS etc.

It looks a bit cleaner in the user.php page and moves some of the messy code to the auth class file, but is there any advantage of doing this?

Hope that makes sense.

Ryan

Paul_Wilkins · February 28, 2010, 7:26pm

The advantage that I see is that you can now use a switch statement to retrieve the message from a message class.


$errorMessage = array(
    'FILL_ALL_FIELDS' => 'Please go back and ensure all fields are filled in.',
    'USERNAME_EXISTS' => 'The email you entered already exists.',
    ...
);
if($_POST['do'] == "register") {
    if (_empty($_POST['username'], $_POST['password'], $_POST['passwordConfirmation'], $_POST['email'])) {
        $errorType = 'FILL_ALL_FIELDS';
    } else {
        $errorType = $core->auth->register($_POST['username'], $_POST['password'], $_POST['passwordConfirm'], $_POST['email']);
    }
    $template->assign('message', array('type' => 'Error', 'content' => $errorMessage[$errorType]));
    $template->assign('template', 'message');
}

You might even want to put together an error class, so that you can extend it to add different messages.

Topic		Replies	Views
Registration form help PHP	8	631	October 17, 2010
Need assistance checking code and possibly converting it to prepared statemetnts PHP php , mysql	10	1254	October 8, 2019
Checking if username is already taken Databases	30	20340	October 8, 2014
Login form question PHP	4	417	August 5, 2011
Registration Class Ideas PHP	6	512	July 1, 2011

PHP Question

Related topics