我看到了这段代码。 我删除了一些不相关的代码以使其更简单(就像检查密码匹配的相同验证器一样)。
$password = new Zend_Form_Element_Password('password'); $password->addFilter(new My_Filters_Sha()); $password2 = new Zend_Form_Element_Password('password2'); $password2->addFilter(new My_Filters_Sha());我的问题是关于过滤器。 我的猜测是,无论谁编写它都是将密码保存在数据库中作为散列,这就是他们用过滤器散列密码的原因。 但是过滤器处理散列有什么意义呢? 在创建帐户时,不应该在控制器中执行一次这样的操作吗? 收到输入后,将其处理为哈希并保存。 是否有必要将此作为过滤器完成?
I saw this code. I removed some of the irrelevant code to make it simpler (like the identical validator that checks that the passwords match).
$password = new Zend_Form_Element_Password('password'); $password->addFilter(new My_Filters_Sha()); $password2 = new Zend_Form_Element_Password('password2'); $password2->addFilter(new My_Filters_Sha());My question is about the filter. My guess is that whoever wrote it is saving the password in the database as a hashed and that's why they hash the password with the filter. But what's the point of having a filter handle the hashing? Shouldn't this be done once in the controller when he account is being created? When the input is received, process it to a hash and save it then. Is there a point to having this done as a filter?
最满意答案
您的控制器的职责是处理请求并委托给相应的模型。 散列密码是业务逻辑。 业务逻辑在控制器中没有位置但属于模型。 您的Form类是Model类,因此将过滤器放在那里是合适的。
The responsibility of your controller is to handle the request and delegate to the appropriate Model. Hashing a password is business logic. Business logic has no place in a controller but belongs to the Model. Your Form class is a Model class and thus it's appropriate to put the filter there.
更多推荐
发布评论