5

I don't know which one is the best? do you think it's better to validate user login form or other forms in controller or it's better to define one class for example 'security class' in model to validation? or define some classes for validation? do you know a better choice or good technique?

<?php
class acontroller{
.
.
.
private function loginformAction()
{
    $this->actionform='loginform';
    $this->errorMsg=array();
    if(isset($post)){
        if(empty($post('aliasName'))){
                       ...
        }else{
           ...
                    }
        if(empty($post('password'))){
                      ...
        }
        if(empty($post('re_password'))){
                      ...   
        }
        if(!empty($post('password')) && isset($post('re_password')) ){
                      ...
        }
    }

    $this->render();
}
  .
  .
  .
 }
navid
  • 823
  • 2
  • 11
  • 29

2 Answers2

8

Validation is part of the domain logic. Controller should have nothing to do with this. It only has to pass the incoming request values to the proper parts of model layer.

The validation itself should happen in domain objects within the model layer. Also, in some forms you have to worry about data integrity (i.e. unique usernames in registration form). In that case the data integrity checks actually should be handled by data mappers by, essentially, passing data to SQL database, which performs the check and, if there is a violation, it triggers an exception on DB abstraction.

Update

Since your problems is dealing with authentication/authorization, you might find this post relevant.

Community
  • 1
  • 1
tereško
  • 58,060
  • 25
  • 98
  • 150
  • excuse me, If I understood it completely, Domain objects are completely unaware of the storage used, and instead exists to handle business logic. Data mappers on the other hand takes care of storing the data set in the Domain objects to a set data storage. – navid Nov 30 '12 at 19:48
  • but I have different forms,it means i should write some classes to handle business logic of those forms?! :( – navid Nov 30 '12 at 19:51
  • 2
    Forms are for creating entries. If you have multiple forms, creating **same** entities (for example you have normal user registration and OpenID-based registration), then, if the underlaying logic is the same, the validation happens in the same type of domain object. The discrepancy between inputs can be handled either by controller or the services. If the logic is different, then it means that you should be using different domain object. This is where the polymorphism would come in. – tereško Nov 30 '12 at 19:57
1

IMO 'Form Validation' aka "is field X filled in? check length, check content, etc" can be handled in the Controller, but 'User Authentication/Access Control' is best handled as its own Model object.

In practice I have a 'Form' Model object that both builds and validates forms so I'm not re-implementing the code in every controller that takes input.

Sammitch
  • 30,782
  • 7
  • 50
  • 77