We clearly only see the portions of your code, you want us to comment on. I can understand that, the question would get too long. Your question is very broad though: Whether you 'understand' it. That's rather difficult to say from these parts. It seems like you do, but I did notice some obvious things:
Never store passwords
It is good practice never to store password in a database, not even encrypted. What you store is a hash and a salt, and then you use these to see if access is allowed. It would be a very long answer to explain this all, so take a look here: httphttps://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords and here: https://crackstation.net/hashing-security.htm which explains it much better than I can.Open database once, then reuse
I assume you have one, or perhaps a few, databases with a lot of, perhaps quite unrelated information in them. Just one of the many tables present might be your `user_master` table. You even have a nice INI file which contains your database access information. (Make sure this INI file is not served to the world through your webserver.) It is a bit strange that you open a connection to the database within the queryByUsernameAndPassword() method. This method shouldn't be doing that, it's got one task: To see if the username and password occur in the database. A better name would be: userExists().
My advice would be to open a connection to the database at the beginning of your application, and then reuse this throughout the application. Opening a database is a lengthy process which you do not want to repeat many times.
We clearly only see the portions of your code, you want us to comment on. I can understand that, the question would get too long. Your question is very broad though: Whether you 'understand' it. That's rather difficult to say from these parts. It seems like you do, but I did notice some obvious things:
Never store passwords
It is good practice never to store password in a database, not even encrypted. What you store is a hash and a salt, and then you use these to see if access is allowed. It would be a very long answer to explain this all, so take a look here: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords and here: https://crackstation.net/hashing-security.htm which explains it much better than I can.Open database once, then reuse
I assume you have one, or perhaps a few, databases with a lot of, perhaps quite unrelated information in them. Just one of the many tables present might be your `user_master` table. You even have a nice INI file which contains your database access information. (Make sure this INI file is not served to the world through your webserver.) It is a bit strange that you open a connection to the database within the queryByUsernameAndPassword() method. This method shouldn't be doing that, it's got one task: To see if the username and password occur in the database. A better name would be: userExists().
My advice would be to open a connection to the database at the beginning of your application, and then reuse this throughout the application. Opening a database is a lengthy process which you do not want to repeat many times.
We clearly only see the portions of your code, you want us to comment on. I can understand that, the question would get too long. Your question is very broad though: Whether you 'understand' it. That's rather difficult to say from these parts. It seems like you do, but I did notice some obvious things:
Never store passwords
It is good practice never to store password in a database, not even encrypted. What you store is a hash and a salt, and then you use these to see if access is allowed. It would be a very long answer to explain this all, so take a look here: https://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords and here: https://crackstation.net/hashing-security.htm which explains it much better than I can.Open database once, then reuse
I assume you have one, or perhaps a few, databases with a lot of, perhaps quite unrelated information in them. Just one of the many tables present might be your `user_master` table. You even have a nice INI file which contains your database access information. (Make sure this INI file is not served to the world through your webserver.) It is a bit strange that you open a connection to the database within the queryByUsernameAndPassword() method. This method shouldn't be doing that, it's got one task: To see if the username and password occur in the database. A better name would be: userExists().
My advice would be to open a connection to the database at the beginning of your application, and then reuse this throughout the application. Opening a database is a lengthy process which you do not want to repeat many times.
We clearly only see the portions of your code, you want us to comment on. I can understand that, the question would get too long. Your question is very broad though: Whether you 'understand' it. That's rather difficult to say from these parts. It seems like you do, but I did notice some obvious things:
Never store passwords
It is good practice never to store password in a database, not even encrypted. What you store is a hash and a salt, and then you use these to see if access is allowed. It would be a very long answer to explain this all, so take a look here: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords and here: https://crackstation.net/hashing-security.htm which explains it much better than I can.Open database once, then reuse
I assume you have one, or perhaps a few, databases with a lot of, perhaps quite unrelated information in them. Just one of the many tables present might be your `user_master` table. You even have a nice INI file which contains your database access information. (Make sure this INI file is not served to the world through your webserver.)It is a bit strange that you open a connection to the database within the queryByUsernameAndPassword() method. This method shouldn't be doing that, it's got one task: To see if the username and password occur in the database. A better name would be: userExists().
My advice would be to open a connection to the database at the beginning of your application, and then reuse this throughout the application. Opening a database is a lengthy process which you do not want to repeat many times.