WingTsun Posted June 4, 2012 Report Share Posted June 4, 2012 (edited) Sveiki! Es neesmu profesionālis, tapec nenodiršam mani uzreiz.. :) PHP esmu apguvis pašmācība, un jau kādu laiciņu neatlaidīgi strādāju. Tātad, es pabeidzu reģistrācijas skriptu, bet es vēlēteos uzināt jūsu viedokli, vai šis skripts ir pietiekami nodrošināts, lai šo varētu lietot publiskā saitā. Viņš šobrīd lieto MySQLi prepare un bind params.. SqlQuery ir sagatavota funkcija, ar ko tu veicu. Lūk pati reģistrācija: <?php /* Signup */ # Load Modules require('./system/class.validator.php'); ###################################################################################################################################################### ##| Registration Data verification and processing |## ###################################################################################################################################################### if(isset($_POST['signup_finish'])) { # Define Variables and Objects $failed = false; $Validator = new Validate; # Username, Required # Min: 5, Max: 25 # Numbers and Letters Only # Unique $USERNAME = ($Validator -> ValidString($_POST['USERNAME'], 1, 5, 25) == 'success' ? $_POST['USERNAME'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['username'][$Validator -> ValidError()])); if($USERNAME) { $Query = "SELECT `username` FROM `users` WHERE `username`=?"; $Params = array($USERNAME); $Sqlresult = SqlQuery($Sqli, $Query, 's', $Params); if($Sqlresult ) { $failed = true; $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['username']['exists']); } } # Email, Required # Specific email format Only # Unique $EMAIL = ($Validator -> ValidEmail($_POST['EMAIL']) ? $_POST['EMAIL'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['email']['invalid'])); if($EMAIL) { $Query = "SELECT `email` FROM `users` WHERE `email`=?"; $Params = array($EMAIL); $Sqlresult = SqlQuery($Sqli, $Query, 's', $Params); if($Sqlresult ) { $failed = true; $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['email']['exists']); } } # Passwords, Required # Min: 8, Max: 50 # Numbers and Letters Only # Must Match $PASSWORD1 = ($Validator -> ValidString($_POST['PASSWORD1'], 1, 8, 50) ? $_POST['PASSWORD1'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['password'][$Validator -> ValidError()])); $PASSWORD2 = ($Validator -> ValidString($_POST['PASSWORD2'], 1, 8, 50) ? $_POST['PASSWORD2'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['password'][$Validator -> ValidError()])); if($PASSWORD1 != $PASSWORD2) { $failed = true; $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['password']['match']); } # Name, Required # Min: 2, Max: 50 # Letters Only $NAME = ($Validator -> ValidString($_POST['NAME'], 3, 3, 50) == 'success' ? $_POST['NAME'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['name'][$Validator -> ValidError()])); # Surname, Required # Min: 2, Max: 50 # Letters Only $SURNAME = ($Validator -> ValidString($_POST['SURNAME'], 3, 3, 50) == 'success' ? $_POST['SURNAME'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['surname'][$Validator -> ValidError()])); # Phone, Optional # Min: 8, Max: 30 # Letters Only if($_POST['PHONE']){ $PHONE = ($Validator -> ValidString($_POST['PHONE'], 2, 8, 30) == 'success' ? $_POST['PHONE'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['phone'][$Validator -> ValidError()])); } # Skype, Optional # Min: 6, Max: 30 # All if($_POST['SKYPE']){ $SKYPE = ($Validator -> ValidString($_POST['SKYPE'], 4, 6, 30) == 'success' ? $_POST['SKYPE'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['skype'][$Validator -> ValidError()])); } # Captcha, Required # Min, Max: 6 # Letter and Nummers Only # Must Match $CAPTCHA = ($Validator -> ValidString($_POST['CAPTCHA'], 1, 6, 6) == 'success' ? $_POST['CAPTCHA'] : $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['captcha'][$Validator -> ValidError()])); if($_SESSION['security_code'] != $CAPTCHA) { $failed = true; $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['captcha']['wrong']); } # Rules # Must be Checked if(!isset($_POST['RULES'])) { $failed = true; $iMessage -> SetIMessage('ERROR', $global['signup']['form']['error']['rules']['empty']); } # Referred By # Min: 1, Max: 25 # Letters Only if($_POST['REFERRED_BY']){ $REFERRED_BY = ($Validator -> ValidString($_POST['REFERRED_BY'], 2, 1, 25) == 'success' ? $_POST['REFERRED_BY'] : $iMessage -> false); } ## Start the Registration of a New User ## ########################################################################################################################## if(!$failed && !$Validator -> ValidError()) { $SqlQuery = $Sqli -> prepare("INSERT INTO `users` (`username`, `name`, `surname`, `email`, `password`, `phone`, `language`, `signup_date`, `referred_by`, `ip`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $SqlQuery -> bind_param('sssssisiis', $USERNAME, $NAME, $SURNAME, $EMAIL, md5($PASSWORD1), $PHONE, $userLang, time(), $REFERRED_BY, $IP); if($SqlQuery -> execute()) { $iMessage -> SetIMessage('SUCCESS', $global['signup']['success']['email_sent']); } $HideForm = true; } } } } ?> <?php /* Data Validator Module */ class Validate { # Store Variables public $ErrorType; # String # $string: String to Validate # $type: 1 = Numbers and Letters, 2 = Numbers, 3 = Letters, 4 = All # $min: The minimum length of the string # $max: The maximum length of the string # Returns ErrorType if Failed function ValidString($string, $type, $min, $max) { $failed = false; if(strlen($string) < $min) { $this -> ErrorType = 'short'; $failed = true; } if(strlen($string) > $max) { $this -> ErrorType = 'long'; $failed = true; } # Type 1: Numbers and Letters if($type == 1) { if(!ctype_alnum($string)) { $this -> ErrorType = 'invalid'; $failed = true; } } # Type 2: Numbers only if($type == 2) { if(!is_numeric($string)) { $this -> ErrorType = 'invalid'; $failed = true; } } # Type 1: Letters only if($type == 3) { if(!ctype_alpha($string)) { $this -> ErrorType = 'invalid'; $failed = true; } } if(!$failed) { return 'success'; } } # Email # $email: Email to Validate # MaxLength: 50 # Returns False if Failed, else returns True function ValidEmail($email) { if(strlen($email) > 50) { return false; } else { $email = strtolower($email); if (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $email)) { return true; } else { return false; } } } # Output the ErrorType function ValidError() { return $this -> ErrorType; } } ?> Edited June 4, 2012 by WingTsun Quote Link to comment Share on other sites More sharing options...
daGrevis Posted June 4, 2012 Report Share Posted June 4, 2012 Kas uzreiz lec acīs... uzzini kas tas ir un sāc izmantot tādu lietu kā phpDoc! Quote Link to comment Share on other sites More sharing options...
WingTsun Posted June 4, 2012 Author Report Share Posted June 4, 2012 Paldies par atbildi. Ņemšu to turpmāk vērā. Bet nu šajā skriptā nav daudz funkciju, kas nebūtu Custom, pietam validate klasi es iekļāvu. Varbūt es esmu kautko nepareizi sapratis, tapēc lūdzu neuzbrukt, jo esmu iesācējs. Galvenais jautājums ir, vai pamatā skripts ir ņemams, un pietiekami drošs, vai arī sķībs? :) Quote Link to comment Share on other sites More sharing options...
briedis Posted June 4, 2012 Report Share Posted June 4, 2012 Nez, es ieteiktu pievērsties kādam konkrētam kodēšanas stlima, citādi caps lock mainīgo nosaukumi, kā arī # komentāri izskatās dikti dīvaini.. Ieteiktu arī kādu izstrādes patternu piekopt, piemēram, MVC... Quote Link to comment Share on other sites More sharing options...
rATRIJS Posted June 4, 2012 Report Share Posted June 4, 2012 Nevarētu teikt ka es daudz lasīju, bet kods liekas pa garu priekš tā ko viņam vajadzētu darīt. Tāpat arī ir pārāk daudz if'i. Atsevišķas metodes noteikti butu velamāk. Quote Link to comment Share on other sites More sharing options...
briedis Posted June 4, 2012 Report Share Posted June 4, 2012 rATRIJam good point's - koda tur daudz par daudz. Derētu pamācīties no kāda ietvara, kā tas tiek darīts. Piemēram, Kohanas.Tur reģistrācija tiktu realizēta šādi: $post = Validate::factory($_POST) ->filter(TRUE, 'trim') ->filter('username', 'strtolower') ->rule('username', 'not_empty') ->rule('username', 'regex', array('/^[a-z_.]++$/iD')) ->rule('username', array($user, 'unique_username')) ->rule('password', 'not_empty') ->rule('password', 'min_length', array('6')) ->rule('confirm', 'matches', array('password')) ->rule('use_ssl', 'not_empty') ->rule('use_ssl', 'in_array', array(array('yes', 'no'))) ->callback('password', array($user, 'hash_password')); if ($post->check()) { // Data has been validated, register the user $user->register($post); // Always redirect after a successful POST to prevent refresh warnings $this->request->redirect('user/profile'); } // Validation failed, collect the errors $errors = $post->errors('user'); Protams, atsevišķā vietā ir definēti visas validācijas funkcijas, kovar ērti atkārtoti izmantot. http://kohanaframework.org/3.0/guide/kohana/security/validation Quote Link to comment Share on other sites More sharing options...
WingTsun Posted June 5, 2012 Author Report Share Posted June 5, 2012 Paldies par atbildēm. Ņemšu vērā ieteikumus, un izveidošu atsevišķu Class, kas veiks vairākas populāras darbības, kuras man nācies atkārtot šeit reģistrācija, un kuru pēctam varēšu pielietot citur. Quote Link to comment Share on other sites More sharing options...
daGrevis Posted June 6, 2012 Report Share Posted June 6, 2012 Un nevis vienu klasi visam, bet... Validation -- par validāciju, Validation_Rules -- validācijas rūļi, Database -- viss saistīts ar datubāzi, ORM extends Database -- viss ar datubāzi, bet darbības notiek «ORM-way»... utt. utjp.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.