CodeIgniter question

Question

Im thinking about using CodeIgniter for a new project. I was reading the user-guide for CI and I noticed a few things. In all their examples, they seem to put all the logic in the Controller and just use the model to get and set data. I like to put all my logic in my Model.

Are all of their functions universal to all 3 parts (model, view, and controller) or will there be problems if trying to do logic in the model as opposed to the controller.

Also, are all variables accessible to all 3 parts (model, view, and controller). If I wanted to know if a user was logged in within the view, would I have to pass that information to the view from the controller or is it already accessible within the view?

Also, I noticed that session data is stored within cookies, even though they are encrypted. Is the encryption safe enough to use, beause im more used to using sessions. Also, how long are these cookies stored by default? I was a little confused about that part, if anybody can clear that up.

If you have any other tips to help my learning this new framework, I would appreciate it.

Thanks

EDIT: I like to use Fat Models and skinny controllers, so that I can use the same functions in more than one place.

Just read about Kohana, I think I'll look more into that

Answer 1

CodeIgniter is based on the Model-View-Controller development pattern. The model represents your data structures and should be used just for that.

I would follow that convention, especially if you want to learn the new framework.

Answer 2

they seem to put all the logic in the Controller and just use the model to get and set data.

CodeIgniter expects very little logic in its models, and instead gives you a very dumb SQL wrapper for returning simple arrays of POD types to represent your data. It even puts a lot of validation code into the controllers, which (in my opinion) is incorrect and repetitive. I've rolled my own solution for Rails-style in-model validation and dynamic find method, allowing things like

// inside model: 
// username must be 8 to 25 chars long
$this->validates_length_of('username', 8, 25);

// dynamically handled via __call()
$this->User->find_first_by_username('john'); // Return object or null
$this->User->find(); // select *
$this->User->find_by_group('admin'); // return 0 or more records

but AFAIK there isn't any built-in way of doing similar things with CodeIgniter.

Also, are all variables accessible to all 3 parts

No; you have to manually pass your variables from your controller to your view, and there is no sharing of variables with models/controllers or models/views.

I believe the method suggested by CodeIgniter:

<?php

function users() {
  $data['users'] = $this->User->find(); 

  // must use $data['users'] for controller logic; verbose and annoying

  $this->load->view('users/index', $data); // $users defined for view
}

?>

can be improved by using PHP's compact keyword:

<?php

function users() {
  $users  = $this->User->find(); 

  // now we can use $users more easily

  $this->load->view('users/index', compact('users'));
}

?>

I noticed that session data is stored within cookies

CodeIgniter can store session data in a database; see $config['sess_use_database'] in config/config.php. There are other config settings in there that pertain to the lifetime of the session cookie.

I'm inclined to say that the only thing CodeIgniter does well is their documentation, read more about session configuration and their implemntation of active record (really a language-independant SQL wrapper which has nothing to do with the Active Record pattern)

Answer 3

AFAIK, the session id is encrypted and stored in cookies, but session data is stored in local database.

The main idea of MVC is such division. But models are not restricted to just direct access to data, they can perform various data manipulation. The idea is to represent objects(and sets of objects) stored in database as php objects, so if it seems logical to have some function in you object - it's as much logical to have it in your model.

Answer 4

You have made a lot of assumptions from some basic examples which are not entirely correct.

Controllers should contain interaction logic.

That means that your Controllers should just be saying what models, views, libraries, etc should be used based on what the user is doing.

Models contain data logic.

This can be your business logic, tax calculations, all sorts of data related work. The examples in the userguide suggest just using Models as a "dump wrapper for the database" but you can do anything with them. The model simple represents your data and the rest of your application should not care where it came from.

My models contain a mixture of XML file parsing, REST method calls and of course, some ActiveRecord queries.

Views just show stuff, therefore has no idea about login/logout state. You would of course need to tell it this from your controller (or from global code such as MY_Controller, which IMHO almost every decent sized application needs).

Sessions stored as encrypted cookies are perfectly safe. They would only be able to decode them if they knew your application encryption key, but that is very unlikely unless you have not set one; in which case you only have yourself to blame.

If storing sessions in cookies is not your cup of tea, you can store session values in the database to keep them even more secure, or grab a different session library to work with.

The thing to remember with CodeIgniter is that it only suggests ways to work, if you don't like it, extend, override or replace.

Answer 5

I think the misunderstanding here is that so many web applications have hardly any logic outside some simple data processing, that developers are getting used to it.