Na mij een tijd ingelezen te hebben op PHP gebied ben ik dit forum tegen gekomen.
Ik ben nieuw op het gebied van OOP en PHP.
Graag zou ik wat meningen en inzichten willen hebben op de betreffende code die ik zojuist heb geprogrammeerd of er dingen zijn die wellicht beter kunnen in relatie tot OOP.
Hierbij mijn user klasse, wat mij voornamelijk zelf dwars zit hierin is dat ik een ontzettend lelijk stuk PDO statements erin heb staan, ik moet hier nog een fatsoenlijke klasse voor maken.
Ik heb maar niet al mijn code mee gepost omdat het anders veel te veel zou zijn voor een first post maar hierbij het begin. Elk commentaar of advies is van harte welkom.
<?php
require 'connector.php';
require 'validator.php';
require 'encrypter.php';
class users {
//define some variabels
private $email, $password, $remember, $error, $notification;
//The constructor for this class
public function __construct($user = array()){
if(isset($user['email'],$user['password'],$user['remember'])){
$this->email = (string) mb_strtolower(stripslashes(htmlentities($user['email'],ENT_QUOTES)));
$this->password = (string) stripslashes(htmlentities($user['password'],ENT_QUOTES));
$this->remember = (boolean) stripslashes(htmlentities($user['remember'],ENT_QUOTES));
}
}
//$_POST the submitted values into an associative array
public function setUserValues($postValues){
$this->__construct($postValues);
}
//Get email
public function getUserEmail(){
return $this->email;
}
//Get password
public function getUserPassword(){
return $this->password;
}
//Get remember me
public function getRememberMe(){
return $this->remember;
}
//Login a user
public function userLogin(){
//Check if both fields are filled in
if($this->getUserEmail() && $this->getUserPassword() !== ""){
//validate if a valid email has been entered before generating a salt and querying the database
$check = new Validator();
if($check->validEmail($this->getUserEmail())){
//generate the dynamic salt
$enc = new encrypter();
$enc->generateSalt($this->getUserEmail());
$enc->encryptPassword($this->getUserPassword(), $enc->getSalt());
//initialize a new database connection
$db = new Connector();
$this->pdo = $db->getConnection();
//prepare and execute the SQL statement
$this->sql = (string) 'SELECT userId,email,password FROM users WHERE email = :email and password = :password LIMIT 1';
$this->stmt = $this->pdo->prepare($this->sql);
$this->stmt->bindValue(':email',$this->getUserEmail(), PDO::PARAM_STR);
$this->stmt->bindValue(':password',$enc->getEncryptedPassword(), PDO::PARAM_STR);
$this->stmt->execute();
//the resultset is returned as an array
$this->rs = (array) $this->stmt->fetch(PDO::FETCH_ASSOC);
//validate password
if($enc->getEncryptedPassword() === $this->rs['password']){
//password validated - more code to come, secured database cookies for scalability.
return true;
} else {
//passwords did not match
$this->error = (string) 'Invalid email and password combination';
return false;
}
} else {
//an invalid email was entered
$this->error = (string) 'Please enter a valid email';
return false;
}
} else {
//not all fields were filled in
$this->error = (string) 'Please fill in all required fields';
return false;
}
}
//Register a new user
public function userRegister(){
if($this->getUserEmail() && $this->getUserPassword() !== ""){
$check = new Validator();
if($check->validEmail($this->getUserEmail())){
if(!$check->emailExist($this->getUserEmail())){
$enc = new encrypter();
$enc->generateSalt($this->getUserEmail());
$enc->encryptPassword($this->getUserPassword(), $enc->getSalt());
$db = new Connector();
$this->pdo = $db->getConnection();
$this->sql = 'INSERT INTO users (email, password) VALUES (:email, :password)';
$this->stmt = $this->pdo->prepare($this->sql);
$this->stmt->bindValue(':email',$this->getUserEmail(), PDO::PARAM_STR);
$this->stmt->bindValue(':password',$enc->getEncryptedPassword(), PDO::PARAM_STR);
$this->stmt->execute();
$this->notification = (string) 'You are registered';
return true;
} else {
$this->error = (string) 'Email is taken, please try a different one';
return false;
}
} else {
$this->error = (string) 'Please enter a valid email';
return false;
}
} else {
$this->error = (string) 'Please fill in all required fields';
return false;
}
}
//Get encountered errors along the way
public function getUserErrors(){
return $this->error;
}
//Get success notifications along the way
public function getUserNotifications(){
return $this->notification;
}
}
?>
De encrypter klasse, mijns inzien redelijk okey, al zal ik de salt wel gaan randomizen
<?php
class encrypter {
private $encryptedPassword, $salt;
//Create a dynamic salt key used for encryption
public function generateSalt($saltInput){
//additional modifications to the salt can be applied at some point
$this->saltInput = $saltInput;
$this->salt = (string) substr(hash('md5', $this->saltInput),0,22);
}
//Return the generated salt
public function getSalt(){
return $this->salt;
}
//Return the encrypted user password
public function getEncryptedPassword(){
return $this->encryptedPassword;
}
//Encrypt the userpassword
public function encryptPassword($password,$salt){
//Blowfish Encryptionmode and Computing Factor
$encryptionMode = "$2y";
$encryptionFactor = "$12$";
$this->password = (string) $password;
$this->salt = (string) $salt;
$this->encryptedPassword = (string) crypt($this->password, $encryptionMode.$encryptionFactor.$this->getSalt());
}
}
?>
En dan nog de validator klasse, die een aantal checks uitvoert
<?php
class Validator{
//Small function written for email validation - I kept forgetting the syntaxes
public function validEmail($email){
$this->email = $email;
return filter_var($this->email, FILTER_VALIDATE_EMAIL);
}
//Does the email exist in the database?
public function emailExist($email){
$this->email = (string) $email;
$db = new Connector();
$this->pdo = $db->getConnection();
$this->sql = 'SELECT email FROM users WHERE email = :email LIMIT 1';
$this->stmt = $this->pdo->prepare($this->sql);
$this->stmt->bindValue(':email',$this->email, PDO::PARAM_STR);
$this->stmt->execute();
if($this->stmt->fetchColumn()){
return true;
} else {
return false;
}
}
}
?>