将php4类转换为php5：帮助替换“var $ this var;”到PHP 5等效

Question

我在网上发现了一个用户登录脚本，我后来发现它是用PHP4编写的，我正在将它更新到PHP5并同时学习OOP：）

我的用户类的片段是

<?php
session_start();   //Tell PHP to start the session
include("include/database.php");
include("include/mailer.php");
include("include/form.php");

include("constants.php");

class user
{
var $username;     //Username given on sign-up
var $firstname;
var $lastname;
var $userid;       //Random value generated on current login
var $userlevel;    //The level to which the user pertains
var $time;         //Time user was last active (page loaded)
var $logged_in;    //True if user is logged in, false otherwise
var $userinfo = array();  //The array holding all user info
var $url;          //The page url current being viewed
var $referrer;     //Last recorded site page viewed
var $num_active_users;   //Number of active users viewing site
var $num_active_guests;  //Number of active guests viewing site
var $num_members;        //Number of signed-up users

/**
* Note: referrer should really only be considered the actual
* page referrer in process.php, any other time it may be
* inaccurate.
*/

public function __construct(db $db, Form $form)
{
    $this->database = $db;
    $this->form = $form;
    $this->time = time();
    $this->startSession();

    $this->num_members = -1;

    if(TRACK_VISITORS)
    {
        /* Calculate number of users at site */
        $this->calcNumActiveUsers();

        /* Calculate number of guests at site */
        $this->calcNumActiveGuests();
    }


 }      
/**
* startSession - Performs all the actions necessary to 
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables 
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession()
{

    /* Determine if user is logged in */
    $this->logged_in = $this->checkLogin();

    /**
    * Set guest value to users not logged in, and update
    * active guests table accordingly.
    */
    if(!$this->logged_in)
    {
        $this->username = $_SESSION['username'] = GUEST_NAME;
        $this->userlevel = GUEST_LEVEL;
        $this->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
    }
    /* Update users last active timestamp */
    else
    {
        $this->addActiveUser($this->username, $this->time);
    }

    /* Remove inactive visitors from database */
    $this->removeInactiveUsers();
    $this->removeInactiveGuests();

    /* Set referrer page */
    if(isset($_SESSION['url']))
    {
         $this->referrer = $_SESSION['url'];
    }
    else
    {
        $this->referrer = "/";
    }
    /* Set current url */
    $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
}

/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's 
* authenticity. Returns true if the user has logged in.
*/
function checkLogin()
{
    /* Check if user has been remembered */
    if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid']))
    {
        $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
        $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
    }

    /* Username and userid have been set and not guest */
    if(isset($_SESSION['username']) && isset($_SESSION['userid']) && $_SESSION['username'] != GUEST_NAME)
    {
        /* Confirm that username and userid are valid */
        if($this->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0)
        {
            /* Variables are incorrect, user not logged in */
            unset($_SESSION['username']);
            unset($_SESSION['userid']);
            return false;
        }

        /* User is logged in, set class variables */
        $this->userinfo  = $this->getUserInfo($_SESSION['username']);
        $this->username  = $this->userinfo['username'];
        $this->userid    = $this->userinfo['userid'];
        $this->userlevel = $this->userinfo['userlevel'];
        $this->lastlogin = $this->userinfo['lastlogin'];
        $this->townid = $this->userinfo['placeID'];

        return true;
    }
    /* User not logged in */
    else
    {
        return false;
    }
}
}
$db = new db($config);
$form = new Form;
$user = new User($db, $form);

但我被告知var $ username;等等不是很安全，不应该使用，所以我在这里问我应该用什么呢？

我为每个var做了这​​样的事吗？

private $username;

/**
 * @return the $username
 */
public function getUsername() {
    return $this->username;
}

/**
 * @param $newUsername
 * the username to set
 */
public function setUsername($newUsername) {
    $this->username = $newUsername;
}

感谢

Answer 1

var相当于public。通过制作所有成员变量private并为每个变量添加getter（但不是setter），您可以有效地使用它，以便使用您的API的其他开发人员不会[意外]更新值。这就是“安全”的意思 - 如果你没有用正确的隐私级别声明它们，就不会有人能够入侵你的服务器或访问数据。

如果你要添加一个二传手，我会说你在浪费你的时间（尽管其他人会不同意我）。无论如何，你已经完全统治了这个变量。唯一的好处是，如果您决定以不同方式存储值，可以在getter / setter中挤压其他一些计算。

*虽然其他开发人员可能会意外地泄露他不应该泄露的信息，例如密码。