Migrating to Page Controllers
Subject:   Front controller
Date:   2004-11-06 06:25:45
From:   SilvioMolinari
In PHP web applications you can't force requests to go through a controller in an easy, standard way (unlike J2EE apps, where it's just a matter of configuring the web.xml file). As a result, users might bypass the controller and gain access to views, and other resources directly.
This design (as described in some J2EE best practice pattern design books) can be achieved with some Apache configuration directives using mod_rewrite. For example, mod_rewrite could force all requests to be handled by the same PHP file (the controller), with the exception of requests starting with '/images/' or '/css/' just to name a few.
More design patters could be applied at this stage, for instance, the Controller, could rely on a Factory class to produce Command and/or View objects to handle the request as specified, let's say, in a configuration file.
This sounds like a lot of work (and it is!) but once the framework is in place, it makes life a lot easier.
Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • Front controller
    2004-11-07 05:58:20  Q Ethan McCallum | O'Reilly AuthorO'Reilly Blogger [View]

    It's true, Java/J2EE webapps have a portable, standard means to limit access to resources (among other useful features); that said, in a non-J2EE webapp you can still prevent people from directly accessing view pages:

    1/ use .htaccess to disable bare directory listings. It's tougher for people to access a resource if they don't know what it is.

    2/ put a different extension on your view pages (e.g. ".phpv") and use .htaccess to deny access to them. The controller can still access those files because PHP's include() bypasses the Apache request cycle.