PHP example needs lots of improvements (meta) #13
Comments
This commit only adds comments but is not complete in that regard. More comments are needed. See also bug mozilla#13
Thanks for your help Lars! One thing I'd like to note is that the goal behind this repo is not to have perfect code, but rather to show how easy it is to use Persona in PHP. We should make sure that we're not recommending unsafe or otherwise bad practices (like the input filtering stuff), however we don't have to have the best possible architecture for this quick sample code. I got lots of good feedback from people who said that it was really handy to have the whole thing in a single file so that you can get a complete picture of how everything fits together. At the same time, what you're suggesting, a proper "full" application, sounds quite useful too. So maybe what we need is two things:
What do you think? That second program, could live in a separate repo just like this node.js sample application: https://github.com/tmarble/nongrata |
i would contribute the php classes with namespace and correctly written in PSR-2 with composer and everything else for the full-size application. I'll would develop it anyway |
refactor readability refactor function into a Persona class use a php template to display the output, not functions fix issues when E_NOTICE is enabled inject audience if $_SERVER is not avaible indent html
why not:
things i don't understand: what is the "assertion" hidden field here? how can we filter it better? i fixed some issues when E_NOTICE is in error reporting |
refactor readability refactor function into a Persona class use a php template to display the output, not functions fix issues when E_NOTICE is enabled inject audience if $_SERVER is not avaible indent html
Thanks for the patch @pscheit. I've cleaned up a few things in follow-up commits and was able to bring it down to less than 100 lines of code :) I'm not sure I understand your question about the assertion in the hidden form though. The assertion needs to be posted to the backend for verification. We can either do that via an AJAX call or by submitting a form. The latter seems simpler for the purpose of a quick example. In larger applications, I'm sure many people will choose to use something like jQuery to do it. |
okay, cool. I like it. good job i was just wondering if the assertion is a string, a json plain, an elefant, something that flies, etc. But I understand now, that the formular is just a hack around ajax. |
@pscheit The assertion is a string that's base64-encoded. If you decode it, you get a JSON object. (If you're curious, you can use these tools to take a peak into one: https://github.com/fmarier/browserid-tools) |
GitHub does not support bug Bugzilla-style dependencies, but I'll make one anyway.
The PHP example can be improved in many ways, some of which are small and easy, some that may require more thought.
Small improvements:
Medium improvements
Big improvements
The text was updated successfully, but these errors were encountered: