www.webdeveloper.com
Results 1 to 15 of 16

Thread: good code or bad

Threaded View

  1. #1
    Join Date
    Aug 2012
    Posts
    40

    good code or bad

    was wondering if there is anything wrong with this code it works fine but i wanna know if there is anything experts or pro would do diff y and what this is just the class that does the processing ect. im gonna write another page to filter input ect before it sends the information here


    <?php

    define("host","localhost");
    define("database_name","yourchoice");
    define("username","root");
    define("password","feind");

    try{

    $conn=new pdo("mysql:host=".host.";dbname=".database_name.";charset=utf8",username,password);
    }
    catch(pdoexception $e)
    {
    echo"sorry the connection to database has failed ".$e;
    }
    ?>



    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>
    <body>
    <?php
    session_start();
    require ("config.php");
    class users
    {
    public $uid;
    public $u_name;
    protected $u_password;
    protected $u_info;
    protected $u_salt;
    public function login ($u_name,$u_password)
    {
    $now=time();
    global $conn;
    $this->getsalt($u_name);
    $stmnt=$conn->prepare("select*from users where name=:name and pass=ass");
    $stmnt->execute(array(":name"=>$u_name,"ass"=>sha1($u_password.$this->u_salt)));
    $result=$stmnt->fetch(pdo::FETCH_OBJ);
    if(!$result==null)
    {
    $this->uid=$result->id;
    $this->u_name=$result->name;
    $this->u_password=$result->pass;
    $this->u_info=$result;

    if($this->brute_check($result->id)==false)
    {
    $_session['u_name']=$this->u_name;//registers a session if all checks out

    //deletes the previously failed loggin attempts from table
    $delete_prev_failed_attempts=$conn->prepare("delete from login_attempts where u_id=:id");
    $delete_prev_failed_attempts->execute(array(":id"=>$this->uid));


    echo"<p>login sucessfull</p><br/>ect......whatever page xanda chooses them to see";
    }


    else
    {
    echo"user account locked for the next hour";
    }

    }
    else
    {
    $query=$conn->prepare("select*from users where name=:u_name");
    $query->execute(array(":u_name"=>$u_name));
    $name=$query->fetch(PDO::FETCH_OBJ);
    if($name==null)
    {
    die("<p>Username or password is incorrect........ill bring you back to the login page or ask alex to register you</p>");
    }
    $id=$name->id;
    $insert=$conn->prepare("insert into login_attempts(u_id,time) values(:id,:time)");
    $insert->execute(array(":id"=>$id,":time"=>$now));
    if($this->brute_check($id)==true)
    {
    echo"user account locked for the next hour";
    }
    else
    {
    echo"<p>Username or Password is incorrect........ill bring you back to the login page or ask alex to register you</p>";
    }
    }
    }




    //function to check amount of login attempts with a hour time period refrence table login attemts
    public function brute_check($id)
    {
    global $conn;
    $now=time();
    $hour_ago=$now-(1*60*60);
    $stmnt=$conn->prepare("select time from login_attempts where u_id=:uid and time>=ast1_hour");
    $stmnt->execute(array(":uid"=>$id,"ast1_hour"=>$hour_ago));
    $rows=$stmnt->rowcount();
    if($rows>5)
    return true;
    else
    return false;
    }

    /*this is the login function note to try create a new user ect. ect. via certain things being true*/
    public function register($req_name,$req_pass)
    {
    global $conn;
    $time=time();
    $salt=$time;
    $this->u_salt=$salt;
    $pass=$this->hash_pass($req_pass,$salt);
    $check=$conn->prepare("select*from users where name=:req_name");
    $check->execute(array(":req_name"=>$req_name));
    $rows_check=$check->rowcount();
    if(!$rows_check==null)
    {
    echo"username already taken";
    return false;
    }
    else
    {
    try{
    $insert=$conn->prepare("insert into users(name,pass,salt) values(:req_name,:req_pass,:salt)");
    $insert->execute(array(":req_name"=>$req_name,":req_pass"=>$pass,":salt"=>$salt));
    echo"user created you may now login";
    return true;
    }
    catch(pdoexception $e)
    {
    echo"error ".$e;
    }

    }
    }
    //function to hash passwords
    public function hash_pass($req_pass,$salt)
    {
    $hashed_pass=sha1($req_pass.$salt);
    return $hashed_pass;
    }

    /*im so soryy if this code is cumbersome the point of good code is to be easily understood
    This function Gets the salt from the username and also varifies the user exists*/
    public function getsalt($u_name)
    {
    global $conn;
    $get_salt=$conn->prepare("select name,salt from users where name=:name");
    $get_salt->execute(array(":name"=>$u_name));
    $result=$get_salt->fetch(PDO::FETCH_OBJ);
    if($get_salt->rowcount()>0)
    {
    $this->u_salt=$result->salt;
    return true;
    }
    }

    }
    if($_POST['op']=='login')
    {
    $user=new users;
    $user->login($_POST['name'],$_POST['pass']);
    }
    else if ($_POST['op']=='register')
    {
    $user=new users;
    $user->register($_POST['name'],$_POST['pass']);
    }
    else
    echo"Unknown Request";
    ?>
    </body>
    </html>
    Last edited by zanda; 01-20-2013 at 06:47 PM. Reason: forgot the config

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles