1
Tarik
XoopsObject & XoopsObjectHandler some guidelines?
  • 2011/1/26 20:24

  • Tarik

  • Not too shy to talk

  • Posts: 170

  • Since: 2010/2/3 1


Hello, everybody I'm Tarik not new to xoops (almost 2 years), I xoopsed some themes and created some of my own but now i want to upgrade my knowledge about module developing, and the basic thing to know when creating a Modules with poo - using classes instead of functions -
The tutos and resources about this two classes are quite few here it will give you a start but the problem is when you want to develop on a certain level you need to have a full idea about the function of each class and the difference between them so i opened this tread - finally the reason - to expose some of the things that are flow to me and in the same time expose what i learned (maybe exporting the result to media wiki)

here is what i have got until now about these two classes:

Quote:
The object model in xoops is based on 2 classes XoopsObject and XoopsObjectHandler both encoded in the file /kernel/object.php. These two classes form the gateway to access to persistent data such as it is described in the DAO pattern. It is by specializing them we implement the model for a particular entity (often associated to a single table BD) as do all classes of the kernel directory which is the core of xoops. I strongly encourage developers of new modules based on xoops tables `BD using this model.

XoopsObject has all the services related to managing an object (an instance of the class) and attributes (getter and setter)

XoopsObjectHandler while serving manipulator or controller instances (insertion, modification or selection objects..)

(translated from here)


example of it (liaise)
class PmMessage extends XoopsObject

{

    function 
__construct() {
        
$this->XoopsObject();
        
$this->initVar('msg_id'XOBJ_DTYPE_INTnullfalse);
        
$this->initVar('msg_image'XOBJ_DTYPE_OTHER'icon1.gif'false100);
        
$this->initVar('subject'XOBJ_DTYPE_TXTBOXnulltrue255);
        
$this->initVar('from_userid'XOBJ_DTYPE_INTnulltrue);
        
$this->initVar('to_userid'XOBJ_DTYPE_INTnulltrue);
        
$this->initVar('msg_time'XOBJ_DTYPE_INTtime(), false);
        
$this->initVar('msg_text'XOBJ_DTYPE_TXTAREAnulltrue);
        
$this->initVar('read_msg'XOBJ_DTYPE_INT0false);
        
$this->initVar('from_delete'XOBJ_DTYPE_INT1false);
        
$this->initVar('to_delete'XOBJ_DTYPE_INT0false);
        
$this->initVar('from_save'XOBJ_DTYPE_INT0false);
        
$this->initVar('to_save'XOBJ_DTYPE_INT0false);
    }

    function 
PmMessage(){
        
$this->__construct();
    }
}


and the sql table that this class is intended to has this skeleton:
CREATE TABLE `pm_messages` (

  `
msg_id`      int(10unsigned        NOT NULL auto_increment,
  `
msg_image`   varchar(255)            default NULL,
  `
subject`     varchar(255)            NOT NULL default '',
  `
from_useridmediumint(8unsigned   NOT NULL default '0',
  `
to_userid`   mediumint(8unsigned   NOT NULL default '0',
  `
msg_time`    int(10unsigned        NOT NULL default '0',
  `
msg_text`    text,  
  `
read_msg`    tinyint(1unsigned     NOT NULL default '0',
  `
from_deletetinyint(1unsigned     NOT NULL default '1',
  `
from_save`   tinyint(1unsigned     NOT NULL default '0',
  `
to_delete`   tinyint(1unsigned     NOT NULL default '0',
  `
to_save`     tinyint(1unsigned     NOT NULL default '0',

  

  
PRIMARY KEY  (`msg_id`),
  
KEY to_userid (`to_userid`),
  
KEY inbox (`to_userid`,`read_msg`),
  
KEY outbox (`from_userid`, `read_msg`),
  
KEY prune (`msg_time`, `read_msg`, `from_save`, `to_delete`)
TYPE=MyISAM;


so basically the class extended from xoopsobject
class Moduletable extends XoopsObject {
    function 
__construct(){
        
$this->XoopsObject();
    
//    key, data_type, value, req, max, opt
        //        foreach column
        
$this->initVar(keydata_typevaluereqmaxopt);
    }
        function 
Moduletable() {
              
$this->__construct();
        }
}

Data Types (for initVar function above):

* XOBJ_DTYPE_TXTBOX - Text Box
* XOBJ_DTYPE_TXTAREA - Text Area
* XOBJ_DTYPE_INT - Integer
* XOBJ_DTYPE_URL - URLs
* XOBJ_DTYPE_EMAIL - E-mails
* XOBJ_DTYPE_ARRAY - Arrays
* XOBJ_DTYPE_OTHER - Others (won't be cleaned)
* XOBJ_DTYPE_SOURCE -
* XOBJ_DTYPE_STIME - Short Time
* XOBJ_DTYPE_MTIME - Medium Time
* XOBJ_DTYPE_LTIME - Long Time

now come the xoopsobjecthandler
here is an example
class PmMessageHandler extends XoopsPersistableObjectHandler{
    function 
__construct(&$db) {
        
parent::__construct($db"priv_msgs"'PmMessage''msg_id''subject');
    }
    function 
PmMessageHandler(&$db){
        
$this->__construct($db);
    }
}


so the form is
class ModuletableHandler extends XoopsPersistableObjectHandler{
    function 
__construct(&$db) {
        
parent::__construct($db"table name"'Moduletable''keyName''identifierName');
    }
    function 
ModuletableHandler(&$db){
        
$this->__construct($db);
    }
}

all this is good when wanting to retrive an object
$name_handler =& xoops_getModuleHandler('Modulename''classname);

then retrieve the object with an id
$name =& $name_handler->get($id);

finally we can have values for each column of the table
$name->getVar('Key')


Now for inserting data
here is an example
$pm_handler =& xoops_getModuleHandler('message''pm');
        
$pm =& $pm_handler->create();
        
$pm->setVar("msg_time"time());
        
$pm->setVar("subject"$_POST['subject']);
        
$pm->setVar("msg_text"$_POST['message']);
        
$pm->setVar("to_userid"$_POST['to_userid']);
        
$pm->setVar("from_userid"$GLOBALS['xoopsUser']->getVar("uid"));

        if (!
$pm_handler->insert($pm)) {
            echo 
$pm->getHtmlErrors();
        }

so the first line is for acessing the handler
the second line is to creating a new object
then setting vars
to finally insert them

with getHtmlErrors() to have errors

all these things are simple
hope someone would get some info from tis
Tarik
Some people like what you do,
-- some people hate what you do,
---- but most people simply don’t give a damn.

2
Tarik
Re: XoopsObject & XoopsObjectHandler some guidelines?
  • 2011/1/26 20:42

  • Tarik

  • Not too shy to talk

  • Posts: 170

  • Since: 2010/2/3 1


here are my questions
1- what is the role of identifierName when constructing the handlerclass
2- how do function tables relation (jointures in french) like category table and download table
3- the link for the class generator is broken
4- is there any thing wrong so far
Some people like what you do,
-- some people hate what you do,
---- but most people simply don’t give a damn.

3
ghia
Re: XoopsObject & XoopsObjectHandler some guidelines?
  • 2011/1/27 1:01

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


1)
The name is the modulename, as in gethandler the indentifier is implicit the module name of the calling one.
4)
$pm->setVar("subject"$_POST['subject']);
        
$pm->setVar("msg_text"$_POST['message']);
        
$pm->setVar("to_userid"$_POST['to_userid']);

As example it is OK, but values need to be sanitized, before put in the database, to avoid XSS and other nasty exploits.

4
trabis
Re: XoopsObject & XoopsObjectHandler some guidelines?
  • 2011/1/27 20:18

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Quote:

Tarik wrote:
here are my questions
1- what is the role of identifierName when constructing the handlerclass
2- how do function tables relation (jointures in french) like category table and download table
3- the link for the class generator is broken
4- is there any thing wrong so far


1. IdentifierName is normally the name that indentifies the row/item. In an article table the identifier could be the title of the article. It will be used in methods such as getList() where you get an array of identifiers(article titles, categories titles, etc)
2 - Refer to class/model/sync
3 - Don't understand´
4 - Nothing is wrong. Ghia mentioned you need to sanitize vars before insert but that may be misleading. Using XoopsObjectHandler XoopsPersistableObjectHandler ensures sanitation against sql injection and that is one of the big reasons for using it. You should only be careful with sanitation when using Criteria() on queries, all values used in Criteria() should be sanitized/escaped. Danger of XSS, directory travessal and other exploits are not directly related with database read/write operations.

5
Tarik
Re: XoopsObject & XoopsObjectHandler some guidelines?
  • 2011/1/29 17:32

  • Tarik

  • Not too shy to talk

  • Posts: 170

  • Since: 2010/2/3 1


Ghia & Trabis, Thank you very much for this big amount of info
as for variables to be sanitized before giving it to the object i found very odd that the XoopsObject do already the work so thank you for clearing it.

I have an other dummy question what is the diffrence between XoopsObjectHandler and XoopsPresistentObjectHandler?
Some people like what you do,
-- some people hate what you do,
---- but most people simply don’t give a damn.

6
bumciach
Re: XoopsObject & XoopsObjectHandler some guidelines?
  • 2011/2/1 12:06

  • bumciach

  • Not too shy to talk

  • Posts: 153

  • Since: 2007/6/25


Quote:

I have an other dummy question what is the diffrence between XoopsObjectHandler and XoopsPresistentObjectHandler?


Look into /kernel/object.php
XoopsPresistentObjectHandler has the same methods (and many more) like XoopsObjectHandler. But "fill" them with code.
I'm using only XoopsPresistentObjectHandler, so I do not know if XoopsObjectHandler is useful to something.

7
Tarik
Re: XoopsObject & XoopsObjectHandler some guidelines?
  • 2011/2/4 12:53

  • Tarik

  • Not too shy to talk

  • Posts: 170

  • Since: 2010/2/3 1


Sorry for the late response, but it's what I'm wondering about XoopsObjectHandler has methods undefined as opposite they are redefined in XoopsPresistentObjectHandler, so what is the deal between these two
Some people like what you do,
-- some people hate what you do,
---- but most people simply don’t give a damn.

8
trabis
Re: XoopsObject & XoopsObjectHandler some guidelines?
  • 2011/2/4 14:00

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Errata:
Quote:
Using XoopsObjectHandler ensures sanitation against sql injection and that is one of the big reasons for using it.


Should read:
Quote:
Using XoopsPersistableObjectHandler ensures sanitation against sql injection and that is one of the big reasons for using it.


Tarik, in your example you are using XoopsPersistableObjectHandler. This class implements CRUD functionality for a given database table. XoopsObjectHandler is just a class with abstract methods. Think of it has an interface, developer extending from XoopsObjectHandler would have to implement get(), insert() and other methods.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

52 user(s) are online (30 user(s) are browsing Support Forums)


Members: 0


Guests: 52


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits