Search the Community

Hello, I hope it's ok to ask this question here. I have a registration script, but I'm not sure how to handle it efficiently and I have some questions about it. This is used in the page 'signup.php'. The class is called 'User'. I haven't noticed any errors or bugs. It would be very useful for me to be aware of my mistakes. public function regUser($uname,$upass,$upassverify) { $new_password = password_hash($upass, PASSWORD_DEFAULT); if(!password_verify($upassverify, $new_password)) { // passwords are not the same (I thought it would be better to do this after hashing, but maybe it doesn't matter or it's worse. I'm not sure about it) $info = 'pass_err'; } $stmt1 = $this->db->prepare("SELECT * FROM users WHERE username=:uname"); $stmt1->execute(array(':uname'=>$uname)); if($stmt1->rowCount() > 0) { // this username has already been used $info = 'user_err'; } if (!$info) { $stmt2 = $this->db->prepare("INSERT INTO users(username,password) VALUES(:uname, :upass)"); $stmt2->bindparam(":uname", $uname); $stmt2->bindparam(":upass", $new_password); $stmt2->execute(); // succesfully made an account $info = "success"; } header("Location:/signup.php?status=".$info); exit(); } Am I using the prepared statements as how I should be using them? Is this a safe way of handling my data or do you see vulnerabilities? I'm using PRG to prevent resubmission but I want to show a 'everything is fine' or 'oh no, something went wrong' to the one who is signinup. If I now go to signup.php?status=success, i see 'eveything is fine', without actually signing up, is there a better way to do this or can I somehow prevent everyone being able to see this? As you might have noticed in my last post, my English is not very good, sorry about that. Thanks, Fabian

I am getting Fatal error: Uncaught Error: Call to a member function real_query() on null with this code: public final function Retrieve($TABLE, $CRIT){ $_query = "SELECT * FROM `{$TABLE}` WHERE "; foreach($CRIT as $_field => $info){ $_query .= " `{$_field}` = `{$info}` &&"; } if($this->LINK->real_query(rtrim($_query, ' &'))){ return $this->LINK->store_result(); } else{ return json_encode(array("Error"=>$this->LINK->errno(), "Description"=>$this->LINK->error())); } } (LINK is my mysql_connect() result.) I have tried everything i can think of, ->query, going to mysqli_query, breaking it sown and using a $result variable, but nothing seems to work...

I wrote a Token Generator class based off the code from the following thread. It works as expected. I just want to get some more eyes on it for any feedback on improvements or problems. http://forums.phpfreaks.com/topic/298729-forgotten-password/?hl=%2Bmcrypt_create_iv&do=findComment&comment=1524084 <?php /** * Class Token * * Generates a Cryptographically Secure Pseudo Random Number Generator (CSPRNG) */ class Token { /** * Generates a pseudo-random string of bytes * * @return string */ public function getRandomBytes() { return openssl_random_pseudo_bytes(16); } /** * Convert (Encodes) binary data into hexadecimal representation * * Returns an ASCII string containing the hexadecimal representation of $randomBytes * * @param $randomBytes * @return string */ public function getEncodedToken($randomBytes) { return bin2hex($randomBytes); } /** * Decodes a hexadecimally encoded binary string * * @param $encoded_token * @return string */ public function getDecodedToken($encoded_token) { return hex2bin($encoded_token); } /** * Generate a hash value * * @param $raw_token * @return string */ public function sha256Hash($raw_token) { return hash('sha256', $raw_token); } } //---------------------------------------------------------------------------- //Test //---------------------------------------------------------------------------- $token = new Token(); /** Encode token and hash it */ $raw_token = $token->getRandomBytes(); echo $encoded_token =$token->getEncodedToken($raw_token);// Sent to User echo '<br>'; echo $token_hash = $token->sha256Hash($raw_token);// Stored in DB echo '<br>'; /** Decode token and hash it */ $raw_token = $token->getDecodedToken($encoded_token); echo $token_hash = $token->sha256Hash($raw_token);// Compare user token to DB token

I was practicing OOP and made a simple class to log logins. Does anyone see any problems with this or improvements that can be made? Any issue with using NOW() in the query string instead of a placeholder? In another thread, @Jaques1 said: How would I implement that? I rtfm and don't understand it as of yet. <?php // ---------------------------------------------------------------------------- // Database Connection // ---------------------------------------------------------------------------- $dbhost = 'localhost'; $dbname = 'test'; $dbuser = 'root'; $dbpass = ''; $charset = 'utf8'; $dsn = "mysql:host=$dbhost;dbname=$dbname;charset=$charset"; $opt = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; $pdo = new PDO($dsn, $dbuser, $dbpass, $opt); //------------------------------------------------------------------------ // //------------------------------------------------------------------------ $valid_login = new LogLoginStatus($pdo); $valid_login->validLogin('goodusername'); $invalid_login = new LogLoginStatus($pdo); $invalid_login->invalidLogin('bad_username', 'bad_password'); //------------------------------------------------------------------------ // //------------------------------------------------------------------------ class LogLoginStatus { /** * Log Valid/Invalid logins * * @param string login_username * @param string login_password */ public function __construct($pdo) { $this->pdo = $pdo; } function validLogin($username) { $sql = "INSERT INTO user_login (login_status, login_ip, login_username,login_password, login_datetime) values(?, INET_ATON(?), ?, ?, NOW())"; $stmt = $this->pdo->prepare($sql); $stmt->execute(array( 1, $_SERVER['REMOTE_ADDR'], $username, '***' )); } function invalidLogin($username, $password) { $sql = "INSERT INTO user_login (login_status, login_ip, login_username,login_password, login_datetime) values(?, INET_ATON(?), ?, ?, NOW())"; $stmt = $this->pdo->prepare($sql); $stmt->execute(array( 0, $_SERVER['REMOTE_ADDR'], $username, $password )); } } ?> CREATE TABLE `user_login` ( `login_id` int(11) NOT NULL AUTO_INCREMENT, `login_status` tinyint(1) DEFAULT NULL, `login_ip` int(10) unsigned DEFAULT NULL, `login_username` varchar(255) DEFAULT NULL, `login_password` varchar(255) DEFAULT NULL, `login_datetime` datetime DEFAULT NULL, PRIMARY KEY (`login_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Hi all, I have just put together a tentative proof of concept MVC framework proposal. After many weeks of slogging through an array of PHP MVC tutorials and courses (some of which I paid for) I have decided to strip back all the frills, bells and whistles to try and put together a core proof of concept that uses best practices. In this simplified example I am trying to test the viability of the framework itself... so there is no routing code or query string management and the controller and action are hard coded. Here is the repository: https://github.com/JethroHazelhurst/psr-4-mvc I like this framework because it: Has clear seperation of concerns Is not cluttered with static functions Is clearly namespaced - thanks to the PSR-4 autoloading Has a clear way of passing data to and from the model - e.g. $this->_view->foo = $this->_model->getBar(); Below is the directory structure: and here is a print_r of my Object structure: Questions I am interested in hearing any feedback on the idea... I can't see any glaring issues at them moment. Some questions in the back of my mind are: Are there any dangers in heavily depending on the parent::__construct() function to call parent classes? In the controller, is passing data from Model to View using $this->_view->foo = $this->_model->getBar(); good practice? Are there any dangers in using Namespaces? I am also interested in reading up on MVC framework best practices so if anyone can recommend some resources I would be very grateful. It seems like there are a million ways to write an MVC framework, I am confused as to which way is best practice. EDIT: Hmm, can't seem to get a list to display here...

I want to see your opinion about OOP and Procedural. Which method has more easier to code in PHP? I'm using Procedural, but I notice PHP can read OOP as C++. Which is better for PHP? Thanks, Gary

Howdy, I am writing a forum from scratch because I like to play with fire. Moving on, I can't think of the best way to store table and column names in either variables or constants. And where to store them? Maybe in a new config.php file? I thought about it and not one sane idea entered my head. I really don't like to write them each time in my DB wrapper methods since if i change the name of a table or a column, the whole thing will fall apart. Currently i have it set like this: <?php class Posts extends DB { public function list_topics_based_on_category() { return $this->select_from_table_condition('posts_id, posts_title, posts_date, author_id', 'posts', 'posts_categories_id = 1'); } public function display_contributor_name_by_id($user_id_array) { $contributor_name = $this->select_from_table_condition_user_input('username', 'users', 'id = ', $user_id_array); return $contributor_name[0]['username']; } public function count_comments($topic_id) { return count($this->select_from_table_condition_user_input('comments_id', 'comments', 'comments_topic_id = ', $topic_id)); } public function select_single_topic($topic_id) { return $this->select_from_table_condition_user_input('*', 'posts', 'posts_id = ', $topic_id)[0]; } } Please help! Thank you very much!

This is my first oop php library and wanted to get advice on how I can improve what I wrote. This is what I needed to do: I'm also not sure on what it meant by "proportionally resize the shape up or down, given a floating-point scale factor" I think what I did might be right but I could be wrong. Also am I supposed to have a new class for each shape or is there a better solution? Any help is much appreciated. <?PHP echo "Circle (r=5) <br/>"; $circle = new circle(5); $circle->getArea(); $circle->getPerimiter(); $circle->scale(up, .5); echo "Scaled up .5<br/>"; $circle->getArea(); $circle->getPerimiter(); echo "<br/>Right Triangle (a=4, b=5) <br/>"; $rt = new RightTriangle(4, 5); $rt->getArea(); $rt->getPerimiter(); $rt->scale(down, .5); echo "Scaled down .5<br/>"; $rt->getArea(); $rt->getPerimiter(); echo "<br/>Equilateral Triangle <br/>"; $et = new EquilateralTriangle(6); $et->getArea(); $et->getPerimiter(); $et->scale(up, .; echo "Scaled Up .8<br/>"; $et->getArea(); $et->getPerimiter(); echo "<br/>Rectangle<br/>"; $r = new Rectangle(8, 7); $r->getArea(); $r->getPerimiter(); $r->scale(down, .; echo "Scaled Down .8<br/>"; $r->getArea(); $r->getPerimiter(); echo "<br/>Square<br/>"; $s = new Square(25); $s->getArea(); $s->getPerimiter(); $s->scale(up, 2.5); echo "Scaled Up 2.5<br/>"; $s->getArea(); $s->getPerimiter(); echo "<br/>Parallelogram<br/>"; $p = new Parallelogram(5.7, 6.; $p->getArea(); $p->getPerimiter(); $p->scale(up, 1); echo "Scaled Up 1<br/>"; $p->getArea(); $p->getPerimiter(); class Circle { public function __construct( $radius ) { $this->radius = $radius; } public function getArea() { echo number_format(pow($this->radius, 2) * M_PI, 2)."<br/>"; } public function getPerimiter() { echo number_format(2 * M_PI * $this->radius, 2)."<br/>"; } public function scale($direction, $scale) { if($direction == 'up') { $this->radius = $this->radius + ($this->radius * $scale); } else { $this->radius = $this->radius - ($this->radius * $scale); } } } class RightTriangle { public function __construct( $a, $b ) { $this->a = $a; $this->b = $b; } public function getArea() { echo number_format(($this->a*$this->b/2), 2)."<br/>"; } public function getPerimiter() { echo number_format($this->a + $this->b + sqrt(pow($this->a, 2) + pow($this->b, 2)), 2)."<br/>"; } public function scale($direction, $scale) { if($direction == 'up') { $this->a = $this->a + ($this->a * $scale); $this->b = $this->b + ($this->b * $scale); } else { $this->a = $this->a - ($this->a * $scale); $this->b = $this->b + ($this->b * $scale); } } } class EquilateralTriangle { public function __construct( $a ) { $this->a = $a; } public function getArea() { echo number_format((sqrt(3)/4)*pow($this->a,2),2)."<br/>"; } public function getPerimiter() { echo number_format(3 * $this->a, 2)."<br/>"; } public function scale($direction, $scale) { if($direction == 'up') { $this->a = $this->a + ($this->a * $scale); } else { $this->a = $this->a - ($this->a * $scale); } } } class Rectangle { public function __construct( $w, $l ) { $this->w = $w; $this->l = $l; } public function getArea() { echo number_format($this->w * $this->l,2)."<br/>"; } public function getPerimiter() { echo number_format(2 * ($this->w + $this->l), 2)."<br/>"; } public function scale($direction, $scale) { if($direction == 'up') { $this->w = $this->w + ($this->w * $scale); $this->l = $this->l + ($this->l * $scale); } else { $this->w = $this->w - ($this->w * $scale); $this->l = $this->l - ($this->l * $scale); } } } class Square { public function __construct( $a ) { $this->a = $a; } public function getArea() { echo number_format(pow($this->a,2),2)."<br/>"; } public function getPerimiter() { echo number_format(4 * $this->a, 2)."<br/>"; } public function scale($direction, $scale) { if($direction == 'up') { $this->a = $this->a + ($this->a * $scale); } else { $this->a = $this->a - ($this->a * $scale); } } } class Parallelogram { public function __construct( $a, $b ) { $this->a = $a; $this->b = $b; $this->h = $a/$b; } public function getArea() { echo number_format($this->b * $this->h,2)."<br/>"; } public function getPerimiter() { echo number_format(2 * ($this->a + $this->b), 2)."<br/>"; } public function scale($direction, $scale) { if($direction == 'up') { $this->a = $this->a + ($this->a * $scale); $this->b = $this->b + ($this->b * $scale); } else { $this->a = $this->a - ($this->a * $scale); $this->b = $this->b - ($this->b * $scale); } } } ?>