Sveiki! Es neesmu profesionālis, tapec nenodiršam mani uzreiz.. :) PHP esmu apguvis pašmācība, un jau kādu laiciņu neatlaidīgi strādāju.
Tātad, es pabeidzu reģistrācijas skriptu, bet es vēlēteos uzināt jūsu viedokli, vai šis skripts ir pietiekami nodrošināts, lai šo varētu lietot publiskā saitā. Viņš šobrīd lieto MySQLi prepare un bind params.. SqlQuery ir sagatavota funkcija, ar ko tu veicu.
Lūk pati reģistrācija:
<?php
/* Signup */
# Load Modules
require('./system/class.validator.php');
######################################################################################################################################################
##| Registration Data verification and processing |##
######################################################################################################################################################
if(isset($_POST['signup_finish'])) {
# Define Variables and Objects
$failed = false;
$Validator = new Validate;
# Username, Required
# Min: 5, Max: 25
# Numbers and Letters Only
# Unique
$USERNAME = ($Validator -> ValidString($_POST['USERNAME'], 1, 5, 25) == 'success' ? $_POST['USERNAME'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['username'][$Validator -> ValidError()]));
if($USERNAME) {
$Query = "SELECT `username` FROM `users` WHERE `username`=?";
$Params = array($USERNAME);
$Sqlresult = SqlQuery($Sqli, $Query, 's', $Params);
if($Sqlresult ) {
$failed = true;
$iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['username']['exists']);
}
}
# Email, Required
# Specific email format Only
# Unique
$EMAIL = ($Validator -> ValidEmail($_POST['EMAIL']) ? $_POST['EMAIL'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['email']['invalid']));
if($EMAIL) {
$Query = "SELECT `email` FROM `users` WHERE `email`=?";
$Params = array($EMAIL);
$Sqlresult = SqlQuery($Sqli, $Query, 's', $Params);
if($Sqlresult ) {
$failed = true;
$iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['email']['exists']);
}
}
# Passwords, Required
# Min: 8, Max: 50
# Numbers and Letters Only
# Must Match
$PASSWORD1 = ($Validator -> ValidString($_POST['PASSWORD1'], 1, 8, 50) ? $_POST['PASSWORD1'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['password'][$Validator -> ValidError()]));
$PASSWORD2 = ($Validator -> ValidString($_POST['PASSWORD2'], 1, 8, 50) ? $_POST['PASSWORD2'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['password'][$Validator -> ValidError()]));
if($PASSWORD1 != $PASSWORD2) {
$failed = true;
$iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['password']['match']);
}
# Name, Required
# Min: 2, Max: 50
# Letters Only
$NAME = ($Validator -> ValidString($_POST['NAME'], 3, 3, 50) == 'success' ? $_POST['NAME'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['name'][$Validator -> ValidError()]));
# Surname, Required
# Min: 2, Max: 50
# Letters Only
$SURNAME = ($Validator -> ValidString($_POST['SURNAME'], 3, 3, 50) == 'success' ? $_POST['SURNAME'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['surname'][$Validator -> ValidError()]));
# Phone, Optional
# Min: 8, Max: 30
# Letters Only
if($_POST['PHONE']){
$PHONE = ($Validator -> ValidString($_POST['PHONE'], 2, 8, 30) == 'success' ? $_POST['PHONE'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['phone'][$Validator -> ValidError()]));
}
# Skype, Optional
# Min: 6, Max: 30
# All
if($_POST['SKYPE']){
$SKYPE = ($Validator -> ValidString($_POST['SKYPE'], 4, 6, 30) == 'success' ? $_POST['SKYPE'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['skype'][$Validator -> ValidError()]));
}
# Captcha, Required
# Min, Max: 6
# Letter and Nummers Only
# Must Match
$CAPTCHA = ($Validator -> ValidString($_POST['CAPTCHA'], 1, 6, 6) == 'success' ? $_POST['CAPTCHA'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['captcha'][$Validator -> ValidError()]));
if($_SESSION['security_code'] != $CAPTCHA) {
$failed = true;
$iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['captcha']['wrong']);
}
# Rules
# Must be Checked
if(!isset($_POST['RULES'])) {
$failed = true;
$iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['rules']['empty']);
}
# Referred By
# Min: 1, Max: 25
# Letters Only
if($_POST['REFERRED_BY']){
$REFERRED_BY = ($Validator -> ValidString($_POST['REFERRED_BY'], 2, 1, 25) == 'success' ? $_POST['REFERRED_BY'] : $iMessage -> false);
}
## Start the Registration of a New User ##
##########################################################################################################################
if(!$failed && !$Validator -> ValidError()) {
$SqlQuery = $Sqli -> prepare("INSERT INTO `users` (`username`, `name`, `surname`, `email`, `password`, `phone`, `language`, `signup_date`, `referred_by`, `ip`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$SqlQuery -> bind_param('sssssisiis', $USERNAME, $NAME, $SURNAME, $EMAIL, md5($PASSWORD1), $PHONE, $userLang, time(), $REFERRED_BY, $IP);
if($SqlQuery -> execute()) {
$iMessage -> SetIMessage('SUCCESS', $global['signup']['success']['email_sent']);
}
$HideForm = true;
}
}
}
}
?>
<?php
/* Data Validator Module */
class Validate {
# Store Variables
public $ErrorType;
# String
# $string: String to Validate
# $type: 1 = Numbers and Letters, 2 = Numbers, 3 = Letters, 4 = All
# $min: The minimum length of the string
# $max: The maximum length of the string
# Returns ErrorType if Failed
function ValidString($string, $type, $min, $max) {
$failed = false;
if(strlen($string) < $min) {
$this -> ErrorType = 'short';
$failed = true;
}
if(strlen($string) > $max) {
$this -> ErrorType = 'long';
$failed = true;
}
# Type 1: Numbers and Letters
if($type == 1) {
if(!ctype_alnum($string)) {
$this -> ErrorType = 'invalid';
$failed = true;
}
}
# Type 2: Numbers only
if($type == 2) {
if(!is_numeric($string)) {
$this -> ErrorType = 'invalid';
$failed = true;
}
}
# Type 1: Letters only
if($type == 3) {
if(!ctype_alpha($string)) {
$this -> ErrorType = 'invalid';
$failed = true;
}
}
if(!$failed) { return 'success'; }
}
# Email
# $email: Email to Validate
# MaxLength: 50
# Returns False if Failed, else returns True
function ValidEmail($email) {
if(strlen($email) > 50) {
return false;
}
else {
$email = strtolower($email);
if (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $email)) {
return true;
}
else {
return false;
}
}
}
# Output the ErrorType
function ValidError() {
return $this -> ErrorType;
}
}
?>