I'm pretty new to FuelPHP (always used Wordpress before) and just want to check if I'm doing my authentication in the correct place.
Doing a straight install (with an admin area set up) say I have a table for 'posts' and I want only logged in users to be able to create/edit/delete posts, should I add the following:
if ( Auth::check() ) { //logged in } else { //redirect user }
in the view to (as an example) hide the edit buttons, and then in the controller I assume I should run the same check (say in the edit/create class) just before:
if (Input::method() == 'POST')
in my action_create() code?
Or is this completely the wrong way to do it, in which case - where am I going wrong?
Sorry if this is basic FuelPHP 101 - having worked with Wordpress I've only ever needed to concern myself with how a site displays (or using ACF to add fields to the admin area), building the admin area itself is new to me and I want to make sure I get it right first off.
Any pointers would appreciated!
P.S. I'll be using Ormauth mainly if that makes a difference to the authentication method.
Never put logic in a View. Views are only for markup of your output, so ideally they contain only HTML. If you need to use PHP, only use it for stuff like simple if's, or loops.
If you need pre-markup logic, for example to convert a database record to something you can display (for example by fetching related data), you do that in a Presenter.
Your control logic goes into the controller, and business logic goes into a Model.
Back to the question, we use base controllers, so you can do
class Authenticated extends Controller
{
public function before()
{
if ( ! Auth::check() ) { //redirect user }
}
}
You can then use
class Posts extends Authenticated {}
instead of
class Posts extends Controller {}
The basic flow in a controller action method depends a bit on personal preference and complexity. If they are not complex, you can use the same method for both get and post, and use the input method to check. https://fuelphp.com/docs/packages/auth/examples/auth.html has a few examples that use this method.
If they get complexer, it might be better to split them. So instead of using
public function action_create {}
you use
public function get_create {}
for loading the page, and
public function post_create {}
for processing the posted form.
The downside is that you possibly have some code repitition (which you can always split off to seperate internal methods, i.e. methods that don't start with action), the upside is that both request paths are separated, and there is (or should be) always a redirect involved at the end, making page reloads less likely (always something to check, you don't want people reposting the same form).
Hi Harro, thanks for the detailed reply - I think I get the gist of how it works now. I had a feeling that my initial thinking was way off base but that all goes back to how I'd work with Wordpress - I need to change my thinking somewhat.
Moving to Fuelphp is a big leap with a lot to take in (which I was prepared for) so I'll look into presenters more and run a few tests locally for the authentication.
Thanks very much for the pointers, most appreciated. :)
Donate
