Gister weer begonnen met OOP en ik had gister een login/register/passforget systeem gemaakt met OOP en ik vroeg mij af of ik het zo ongeveer goed deed en wat ik kan verbeteren.
De database users ziet er zo uit:
databaseClass.php
<?php
class Database
{
private $servername;
private $username;
private $password;
private $database;
private $conn;
protected function connect()
{
if ($this->conn == NULL)
{
$this->servername = 'localhost';
$this->username = 'root';
$this->password = '';
$this->database = 'oop';
$this->conn = new mysqli($this->servername, $this->username, $this->password, $this->database);
}
return $this->conn;
}
}
?>
userClass.php
<?php
class User extends Database
{
protected function generateRandomCode($length)
{
$unique = false;
while (!$unique)
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomCode = '';
for ($i = 0; $i < $length; $i++)
{
$randomCode .= $characters[rand(0, $charactersLength - 1)];
}
$sql = "SELECT `pcode` FROM `users` WHERE `change_ww_code` = '" . $this->connect()->real_escape_string($randomCode) . "'";
$query = $this->connect()->query($sql);
if ($query || $query->num_rows == 0)
{
$unique = true;
}
}
if ($unique == true)
{
return $randomCode;
}
}
public function login($username, $password)
{
$sql = "SELECT `username`, `password`, `active` FROM `users` WHERE `username` = '" . $this->connect()->real_escape_string($username) . "'";
$query = $this->connect()->query($sql);
if ($query->num_rows == 0)
{
throw new Exception("De inlog gegevens zijn onjuist.");
}
else
{
$data = $query->fetch_assoc();
if ($data['active'] == 0)
{
throw new Exception("Je account is gedeactiveerd, neem contact op met een administrator.");
}
elseif (password_verify($password, $data['password']) == true)
{
$sql = "UPDATE `users` SET `password` = '" . password_hash($password, PASSWORD_BCRYPT) . "', `last_online` = '" . date('Y-m-d H:i:s') . "', `change_ww_code` = '', `change_ww_perm` = '0' WHERE `username` = '" . $this->connect()->real_escape_string($username) . "'";
$query = $this->connect()->query($sql);
}
else
{
throw new Exception("De inlog gegevens zijn onjuist.");
}
}
}
public function register($username, $password, $passwordrepeat)
{
$sql = "SELECT `username`, `password` FROM `users` WHERE `username` = '" . $this->connect()->real_escape_string($username) . "'";
$query = $this->connect()->query($sql);
if ($query->num_rows == 1)
{
throw new Exception("De gebruikersnaam is ongeldig.");
}
elseif ($password != $passwordrepeat || strlen($password) <= 5)
{
throw new Exception("Controleer de wachtwoorden of ze overeenkomen en 6 tekens of langer zijn.");
}
else
{
$sql = "INSERT INTO `users` (`username`, `password`, `register_date`) VALUE ('" . $this->connect()->real_escape_string($username) . "', '" . password_hash($password, PASSWORD_BCRYPT) . "', '" . date('Y-m-d H:i:s') . "')";
$query = $this->connect()->query($sql);
if (!$query)
{
throw new Exception("Er is iets fout gegaan, neem contact op met een administrator.");
}
}
}
public function passForget($username, $password, $passwordrepeat, $code)
{
$sql = "SELECT `username`, `change_ww_perm`, `change_ww_code` FROM `users` WHERE `username` = '" . $this->connect()->real_escape_string($username) . "'";
$query = $this->connect()->query($sql);
if ($query->num_rows == 0)
{
throw new Exception("De gebruikersnaam is ongeldig.");
}
else
{
$data = $query->fetch_assoc();
if ($password != $passwordrepeat || strlen($password) <= 5)
{
throw new Exception("Controleer de wachtwoorden of ze overeenkomen en 6 tekens of langer zijn.");
}
elseif ($data['change_ww_perm'] == 0)
{
throw new Exception("Je hebt geen toestemming om je wachtwoord te veranderen.");
}
elseif (!isset($code) || $code != $data['change_ww_code'])
{
throw new Exception("De opgegeven code is onjuist.");
}
else
{
$sql = "UPDATE `users` SET `password` = '" . password_hash($password, PASSWORD_BCRYPT) . "', `change_ww_perm` = '', `change_ww_code` = '' WHERE `username` = '" . $this->connect()->real_escape_string($username) . "'";
$query = $this->connect()->query($sql);
if (!$query)
{
throw new Exception("Er is iets fout gegaan, neem contact op met een administrator.");
}
}
}
}
}
?>
Ik weet niet of ik teveel if/elseif/else statements heb zo ja, zouden jullie mij dan kunnen vertellen hoe ik dit kan verbeteren :)
Graag hoor ik verbeter punten.
Mvg,
Rob
