3

I saw this code. I removed some of the irrelevant code to make it simpler (like the identical validator that checks that the passwords match). 

$password = new Zend_Form_Element_Password('password');
$password->addFilter(new My_Filters_Sha());

$password2 = new Zend_Form_Element_Password('password2');
$password2->addFilter(new My_Filters_Sha());

My question is about the filter. My guess is that whoever wrote it is saving the password in the database as a hashed and that's why they hash the password with the filter. But what's the point of having a filter handle the hashing? Shouldn't this be done once in the controller when he account is being created? When the input is received, process it to a hash and save it then. Is there a point to having this done as a filter?

samquo
  • 757
  • 7
  • 21

1 Answers1

2

The responsibility of your controller is to handle the request and delegate to the appropriate Model. Hashing a password is business logic. Business logic has no place in a controller but belongs to the Model. Your Form class is a Model class and thus it's appropriate to put the filter there.

Gordon
  • 312,688
  • 75
  • 539
  • 559
  • This is the first time I think of the form as Model class. So let's say at registration time I also check if the username is available. You're saying I should put this check in the form also? not in the controller? – samquo Jan 22 '11 at 23:43
  • What I do now is make sure all the required fields are there. Then I handle the hashing and user availability and all that in the controller. – samquo Jan 22 '11 at 23:44
  • 1
    @samquo Well, Zend Forms are … hard to define. There is an interesting blog post by ZF's Matthew Weier O'Phinney about this at http://weierophinney.net/matthew/archives/200-Using-Zend_Form-in-Your-Models.html. Checking if a username is available is definitely something that belongs to the Model. It has no place in the controller. Where in the model you put that is up to you, but dont put it in the controller. Your controllers should be thin and your models fat. See http://stackoverflow.com/questions/3109715/understanding-mvc-whats-the-concept-of-fat-on-models-skinny-on-controllers – Gordon Jan 22 '11 at 23:57