PHP OOP based login system

Suppose I am building an OOP based user authentication system and I would like to include the following principles: direct injection, inheritance, encapsulation, polymorphism, and the single responsibility principle.

My programming experience has always been based on procedural programming, and as such it is difficult for me to really apply these techniques in their correct use.

Suppose I have these classes:

class Config
    public function set($key, $value);
    public function get($key, $default = null);

class User
    public function __construct(PDO $dbh, $id = null);
    public function setProfile(Profile $profile);

class Auth
    public function __construct(Config $config);
    public function login($username, $password, $keepLoggedIn = true);
    public function isLoggedIn();
    public function getLoggedInUser();
    public function logout();
    public function register(array $data);

class Session
    public function start($sessionName = null);
    public function write($key, $value);
    public function read($key, $default = null);

class Profile
    public function setAddress(Address $address);
    public function setName($name);
    public function setDOB(DateTime $date);
    public function getAge();

class Validator
    public function validate($input);


I purposely left function bodies to keep things simple.

As far as I know, I believe I am using the principles correctly. However, I am still unclear how you would connect classes like: Validator

with model User

, model User

with classes Auth

and Session

in Auth

. They all depend on each other.


source to share

1 answer

You are on the right track. The way these classes are connected to each other is called extension. I am leaning towards setting up MVC, which stands for M odel, V iew, C ontroller.

Your logic goes into the controller, all your database queries and specific inverse methods go into the model. The controller receives requests and returns responses. This is an intermediary. It talks to the rear end after the request has been made and feeds the front through the response.

So you have a main controller (keep it minimal), then every class you make extends the main controller. So, your controller is where you tie it all together.

//your main core controller, where you load all these things you need avilable, so long as this class is extended
class CoreController {

    public $auth
    public $session;
    public $view;

   function construct__ ()
       $this->auth = instantiateAuthClassHere();
       $this->session = instantiateSessionClassHere();
       $this->view = instantiateViewClassHere();

    public function anotherHelperForSomething(){
        //helper stuff for this method    

//index, page, or content controller, depending on how many you need, i.e. if you want a controller for each page, thats fine, e.g indexController, etc..
//this is the middle man, has logic, receives requst, returns response to view.
class Controller extends CoreController {

    public function index (){

        $userModel = new userModel();

        //do something with this
        $session = $this->session;

        $content = 'some html';
        $userInfo = $userModel->getUsers();

        $view = $this->view->render( array(
            'content' => $content,
            'userInfo' => $userInfo,

        return $view;

//Core LIbraries
class Validator {
    //your validator stuff

//Core LIbraries
class Session {
    //your validator stuff

//Core LIbraries
class Auth {
    //your validator stuff

class CoreModel{

    public $validator;

    function __construct(){
        $this->validator = instantiateValidatorClassHere();

//a user model  class (back end). you want a model class for each db table pretty much. 
class UserModel extends CoreModel {

// if you need the validator anywhere inside this class, its globally available here inside any class that extends the CoreModel, e.g.  $this->validator->methodName()

    public function getUsers (){
        $sql = 'SELECT * from users';
        $result = $db->get($sql);

        return $result;


Note that Controller

this is a common name for something like indexController

or something common. Besides, I have a word extends

. It inherits all the objects from the parent object that it extends. Inside, they will now be accessible through $this->

. See my example where I am getting $this->session


Try to avoid constructs - you probably don't need them anywhere other than the kernel, and under special circumstances, which you will then need to test yourself before you do this. I don't use constructs anymore. It can be a little awkward and unmanageable.



All Articles