Jump to content

benanamen

Members
  • Content Count

    1,849
  • Joined

  • Last visited

  • Days Won

    34

benanamen last won the day on May 26

benanamen had the most liked content!

Community Reputation

110 Excellent

3 Followers

About benanamen

  • Rank
    Master Coder

Contact Methods

  • Website URL
    http://galaxyinternet.us/
  • Yahoo
    phpfreaks@galaxyinternet.us

Profile Information

  • Gender
    Not Telling
  • Interests
    Email me at phpfreaks@galaxyinternet.us

Recent Profile Visitors

4,259 profile views
  1. It is called a Subquery. Now you know the proper term so you can look it up and learn about it.
  2. Assuming Sarcasm.... So are you saying you are OK with explicitly verifying 50% of a valid system login to an attacker? So instead of just saying "Username Invalid " you want to say "Congratulations, that exact username is in the database. Now you just need to guess the password that goes with it"?
  3. Just how many different errors do you expect? The registration (insert query) is either successful (true) or it fails (false). duplicate error = false other error = false no error = true You do not want to output system error messages to the user. In the case of a duplicate username, you do not want to specify that the username is already used. That would open you up to a User Enumeration Attack.
  4. Mysql is case insensitive by default. Doesnt matter how Fabian is cased.
  5. In addition to what @Barand said, your Method should return a Boolean. You have hard coded a redirect and have done nothing in case of failure which could be something other than a duplicate user. As is, if you want to redirect somewhere other than what you hard coded you have to edit the Class. Classes should be closed for modification. That is known as the "Open-closed Principle" and the the "O" in the SOLID Principal of Object-Oriented Programming. Do the redirect outside the class in the program flow. PSEUDO Code if ( $var->regUser($x,$y,$z) ) { // Success } OR $status = $var->regUser($x,$y,$z) ? 'Success' : 'Failed'; I would not put the password hashing in the method or class. Hashing a password is not really related to doing a DB insert query which when you get down to it, is really what you are doing. It would also mean you have to duplicate the hashing code such as the case of a password change. Pass the hashed password to the Class.
  6. What is the real problem you are trying to solve by doing this?
  7. Get rid of all the space in your method calls.
  8. Op, could you tell us why you want to do this?
  9. That error could not have happened from a windows update. Post the code.
  10. Instead of spinning your wheels trying to configure your own dev just do what I told you and you will be up and running in seconds
  11. The easiest way to get a correct LAMP stack working for older php is to run Laragon Portable with Php 5.4 https://laragon.org/
  12. Not sure what you are doing with this, but you can easily generate a CSPRNG (Cryptographically secure pseudorandom number generator) in Php7 with minimal code. <?php $bytes = random_bytes(5); var_dump(bin2hex($bytes));
  13. This reminds me of the Bike Shed Problem.
  14. It just doesn't matter. MariaDB is a drop-in replacement for MySQL. If you really want to head down this path you might as well throw in the "What about Percona?" which is another drop-in replacement fork of MySQL.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.