Women in Technology

Hear us Roar



Article:
  Migrating to Page Controllers
Subject:   Front controller
Date:   2004-11-06 06:25:45
From:   SilvioMolinari
In PHP web applications you can't force requests to go through a controller in an easy, standard way (unlike J2EE apps, where it's just a matter of configuring the web.xml file). As a result, users might bypass the controller and gain access to views, and other resources directly.
This design (as described in some J2EE best practice pattern design books) can be achieved with some Apache configuration directives using mod_rewrite. For example, mod_rewrite could force all requests to be handled by the same PHP file (the controller), with the exception of requests starting with '/images/' or '/css/' just to name a few.
More design patters could be applied at this stage, for instance, the Controller, could rely on a Factory class to produce Command and/or View objects to handle the request as specified, let's say, in a configuration file.
This sounds like a lot of work (and it is!) but once the framework is in place, it makes life a lot easier.
Full Threads Oldest First

Showing messages 1 through 3 of 3.

  • Front controller
    2004-11-07 05:58:20  Q Ethan McCallum | O'Reilly AuthorO'Reilly Blogger [View]

    It's true, Java/J2EE webapps have a portable, standard means to limit access to resources (among other useful features); that said, in a non-J2EE webapp you can still prevent people from directly accessing view pages:

    1/ use .htaccess to disable bare directory listings. It's tougher for people to access a resource if they don't know what it is.

    2/ put a different extension on your view pages (e.g. ".phpv") and use .htaccess to deny access to them. The controller can still access those files because PHP's include() bypasses the Apache request cycle.
    • Front controller
      2004-12-13 16:13:36  alexSchmid [View]

      3.) hold your views in a Directory not accesible through the browser but by php.

      I often use a setup like:

      +documentRoot
      +html //holds you php-scripts
      +elements //holds images, css and .js
      +templates //holds template files e.g. 'views'
      +Language1
      +Language2

      With a setup like this you can employ a template engine like smarty or sigma to populate the views with content and deliver through the page controler. If necessary also in different languages/screen-layouts or with content created by loops for result-sets with not too much effort.

      Due to the physical location of the template-files the webserver will never deliver those files to the user. Only trap is to make sure that the directories can be accessed by php and the path is working (use a global value like: /var/www/myDomain/templates/ and complete by the pagecontroller depending on language/view)

      Happy programming,
      Alex Schmid

      P.S.: Excuse my bad english & typos
      • Front controller
        2004-12-13 16:16:43  alexSchmid [View]

        +documentRoot

        ++html //holds you php-scripts
        +++elements //holds images, css and .js

        ++templates //holds template files e.g. 'views'
        +++Language1
        +++Language2

        Sorry