Hallo allen,
Ik ben bezig met mijn eigen loginsysteem en wil deze vrij uitgebreid maar vooral zo veilig mogelijk maken.
Nu heb ik aan aantal regeltjes code geschreven, nog niet bar veel, maar ik zou wel eens willen weten of er nog dingen zijn waar ik op moet letten of dingen die veiliger kunnen volgens jullie.
Vergeef me als ik dit hier niet hoor te plaatsen, ik ben in verband met ziekte een aantal jaren niet actief geweest hier en de hele website is anders sinds de laatste keer dat ik hier was ;) p.s. mijn PHP-kennis is ook zeer roestig.
Anyway, ik waardeer het zeer als jullie een blik willen werpen. Alvast bedankt.
index.php
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
require_once("include/class.registration.php");
$registration = new Registration;
echo $registration->NewRegistration('Serellyn', '[email protected]', 'randompass');
?>
class.registration.php
<?php
error_reporting(E_ALL);
/*
* The functions password_hash and password_verify were introduced in PHP version 5.5
* and will not run on a lower version. This check looks at your PHP version, if it's
* a lower version that PHP 5.5 it will include a compatibility script.
*/
if(phpversion() < 5.5) {
require_once("security/password.php");
}
ini_set('display_errors',1);
require_once("class.database.php");
class Registration {
private $username;
private $email;
private $password;
private $ipAddress;
public function NewRegistration($username, $email, $password) {
$this->username = $username;
$this->email = $email;
$this->password = $password;
$this->ipAddress = $this->GetIpAddress();
$this->password = password_hash($this->password, PASSWORD_BCRYPT);
$database = new Database;
$database->OpenConnection();
return $database->RegisterUser($this->username, $this->email, $this->password, $this->ipAddress);
}
private function GetIpAddress(){
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){
if (array_key_exists($key, $_SERVER) === true){
foreach (explode(',', $_SERVER[$key]) as $ip){
$ip = trim($ip); // just to be safe
return $ip;
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false){
return $ip;
}
}
}
}
}
private function ValidatePassword() {
if(password_verify('randompass', $this->password)) {
return 'Password correct';
} else {
return 'Password incorrect';
}
}
public function DebugData() {
echo 'Username: ' . $this->username . '<br/>';
echo 'Password: ' . $this->password . '<br/>';
echo 'IP: ' . $this->ipAddress . '<br/>';
echo '::: ' . $this->ValidatePassword();
}
}
?>
class.database.php
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
require_once("configuration/database_configuration.php");
class Database {
protected $mysqli;
/* Open the connection with the database */
public function OpenConnection() {
$this->mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if($this->mysqli->connect_error) {
die('Connection Error (' . $this->mysqli->connect_errno . ') ' . $this->mysqli->connect_error );
} else {
echo 'Connection Succeeded';
}
}
public function RegisterUser($username, $email, $password, $ipAddress) {
$query = "INSERT INTO users (username, email, password, ip_address)
VALUES ('" . $this->mysqli->real_escape_string($username) . "',
'" . $this->mysqli->real_escape_string($email) . "',
'" . $this->mysqli->real_escape_string($password) . "',
'" . $this->mysqli->real_escape_string($ipAddress) . "')";
if($result = $this->mysqli->query($query)) {
return 'Register success';
} else {
return 'Register failed: ' . $this->mysqli->error . ' QUERY: ' . $query;
}
}
/* Close the connection with the database */
public function CloseConnection() {
if($this->mysqli) {
$this->mysqli->close();
echo 'Connection Closed';
} else {
echo 'Connection does not exist';
}
}
}
?>
1.299 views