Databases
StackOverflow2013
Postsdbo
POIs there any OOP way to secure this MVC web app design?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POIs there any OOP way to secure this MVC web app design?
    text
    copied!<p>I'm writing a shopping cart application for a family member's online seed business.</p> <p>It's a fairly straight-forward workflow - users select what they want to order, type in their contact information, and the application generates an HTML E-Mail receipt and sends it to the contact address.</p> <p>Now, here's the rub - I've implemented the application in a MVC pattern. </p> <p>I've got the AJAX front-end that only concerns itself with navigating through the workflow, and displaying forms/the currently placed order/etc. I generate all HTML displayed to the user through AJAX.</p> <p>The PHP backend simply generates the catalog, validates all user input, and does a bit of bookkeeping. My PHP scripts only return XML which gets parsed by my AJAX.</p> <p>Since the HTML E-mail receipt I send to the customer looks very much like the application itself, it makes sense for me to re-use the same AJAX code that displays order information within the application.</p> <p>However, since I cannot send an E-mail through AJAX alone, I have to make a call to a PHP script, pass in the string of HTML I want to send as an E-mail, have the PHP add proper headers to it, and send it on its way.</p> <p>A nasty side effect of this is that I essentially have an exposed PHP script that will... Send an arbitrary string to an arbitrary E-Mail address.</p> <p>How should I go about securing this, while still keeping to the MVC pattern? I want to keep the presentation out of my PHP, and avoid code duplication - as such, I don't want to have my PHP generate HTML that will go in the E-mail.</p> <p>Thank you in advance.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload