PHP MVC: Best Practice and Right way for print data validation error

Question

I have Php Login system using MVC structure. For database data validation I create LoginModel. I need to print failure error to view like: User Not Exist Now Which way is right and better:

1- Add error data validation in Login Model and get in Controller and Print to View Like This:

class LoginModel extends \App\Core\Model
{
    public function login($user_name, $user_password, $set_remember_me_cookie = null)
    {
        $returnError = array();

            // checks if user exists, if login is not blocked (due to failed logins) and if password fits the hash
            $result = $this->validateAndGetUser($user_name, $user_password);

            // check if that user exists. 
            if (!$result) {
               $returnError['isMessage'] = false;
               $returnError['name'] = "User Not Found";
            }

        return $returnError;
    }
    private function validateAndGetUser($user_name, $user_password){
      //Check User Data Validation
    }
}

2- Add Only True Or False in LoginModel and Get in Controller And Set Error Name and Print to View Like This:

class LoginModel extends \App\Core\Model
{
    public function login($user_name, $user_password, $set_remember_me_cookie = null)
    {

            // checks if user exists, if login is not blocked (due to failed logins) and if password fits the hash
            $result = $this->validateAndGetUser($user_name, $user_password);

            // check if that user exists. 
            if (!$result) {
                return false;
            }

        return true;
    }
    private function validateAndGetUser($user_name, $user_password){
      //Check User Data Validation
    }
}

In action my really question is: Can I add error message in Model and Get in Controller?! Which way is right and true?

Answer 1

There are many ways to do this. For me the best way is the first way you have suggested, but better declare bug reports in a single file eg errors.php and make the model return you array with 2 keys, the first key is always TRUE or FALSE and then if your model returns the first key FALSE reads the error number from the second key. Then, in the controller you can replace the error number with the corresponding key in the array you declared in errors.php If the first key is TRUE, then the second key will be your user information.

Answer 2

Suggestion:

Split the login functionality into two (main) steps:

• Check if the posted user already exists. If not, throw an exception.
• Match the posted password against the stored one. If they don't match, throw an exception. I suggest the use of password_hash for storing passwords, and of password_verify for matching a password with the stored one.

Then - based on your current architecture, in your controller, use a try-catch block to catch the exception thrown by the login steps and proceed as you wish to display the exception message to the user.

Just as a note: In case of an ajax request, you would send a specific response header (with status code 500, for example) or a custom response header (with status code 420, for example) back to the client, e.g. browser, in order to activate the error function of the ajax request.

Notes:

• The domain model is a layer. And it must have no knowledge about the outside world.
• A controller should only (!) update the domain model (through services).
• A view should be a class - not a template file - responsible with fetching data from the model layer (through services), preparing/formatting it for presentation, and passing it to a response object, in order for this to be returned and printed.
• The controller and the view (mostly 1:1 relation) should be created separately. The controller should not have any knowledge about the view. This creation step would take place in the front-controller class or file.
• As for error reporting, I would recommend to read this.