Posted by Jochem Maas on 10/01/01 11:20

Matthew Weier O'Phinney wrote:
> * Jochem Maas <jochem@iamjochem.com> :
>
>>Matthew Weier O'Phinney wrote:
>>
>>>* "Jim MacDiarmid" <jim.macdiarmid@comcast.net> :
>>>
>>>>I'm very new to Smarty so I'm hoping someone can help me.
>>>>
>>>>Can someone explain how the $smarty.session.user variable is set? Is this
>>>>something native to smarty or something unquie to the sample code I have?
>>>
>>>Smarty loads most of the superglobal variables (_GET, _POST, SESSION,
>>
>>I never realised Smarty made all the superglobals available -
>>seems like madness to me.
>>
>
> <snip>
>
>>also SESSION/ENV/SERVER are for programmers not designers. again MO
>
>
> I do not use these often in my templates, but I *do* sometimes use the
> *presence* of one or more session keys to trigger content availability
> in the template:
>
> {if $smarty.session.user}
> display personalization
> {/if}
>
> Granted, on consideration, it would probably be better to assign such a
> key to the template *first*:
>
> <?php
> if (!empty($_SESSION['user'])) {
> $smarty->assign('userLoggedIn', true);
> }
> ?>
>
> {if $userLoggedIn}
> display personalization
> {/if}
>
> But sometimes the shortcuts are easier. Additionally, my content

you are correct on all counts IMO - my point being that if 'shielding the
designer from his own stupidness' in such a big issue (and people keep arguing
that it is) then such shortcuts should not be provided (at least not by default)
because they contradict the 'shield the designer' mantra.


> editors/designers are not putting in the Smarty elements, so I have a
> large degree of safety in this regards. And since the $_SESSION array is
> under the control of the script, it can be in large part trusted.

ok, actually it not clear if access to the SESSION array (etc) is readonly or
not (seeing as I have hacked my copy of Smarty to not even
compile GET/POST/REQUEST/SERVER references anyway I can't be bothered to test
it right now) - if it's read/write then ....:

{if $smarty.session.user = 0}
display personalization
{/if}


instead of:

{if $smarty.session.user == 0}
display personalization
{/if}

which is a convoluted example but you get how it could really waste a
few hours of debugging time trying to figure out why your session keeps
breaking.

>
> However, I *never* use $_GET, $_POST, or $_COOKIE in my templates --
> like you, it seems to me that that way madness lies.
>

• Next in forum: Re: [SMARTY] Re: Smarty and Sessions
• Prev in forum: Re: [SMARTY] Re: Smarty and Sessions
• Thread view: Re: [SMARTY] Re: Smarty and Sessions

[Reply to this message]