subject:"\[PHP\] I need an opion\!\!\! Thanks\!"

[PHP] I need an opion!!! Thanks!

2007-10-01 Thread Sebastian Dieser


Hi, we have been using the following codes on our site for a year and I wanted 
to know if these codes are just spaghetti or its actual usable code. I know it 
can be bettered a lot I just need opinions if the codes can be used a while 
more until we reprogram everything as a complete CMS system.

Thanks a lot! my superiors want to know because there is another coder that 
says these codes are just spaghetti.

There is more codes but i am able to access the database fine and everything 
else. Of course the codes can be bettered but i dont believe its just 
spaghetti! I used these codes because there was no need to reinvent the 
wheel. I apreciate your help!

--
file name: SystemComponent.php
--






file name: dbconnector.php

link = mysql_connect($host, $user, $pass);
mysql_select_db($db);
register_shutdown_function(array($this, 'close'));

}

//*** Function: query, Purpose: Execute a database query ***
function query($query) {
$this-theQuery = $query;
return mysql_query($query, $this-link);
}

//*** Function: getQuery, Purpose: Returns the last database query, for 
debugging ***
function getQuery() {
return $this-theQuery;
}

//*** Function: getNumRows, Purpose: Return row count, MySQL version ***
function getNumRows($result){
return mysql_num_rows($result);
}

//*** Function: fetchArray, Purpose: Get array of query results ***
function fetchArray($result) {
return mysql_fetch_array($result);
}

//*** Function: close, Purpose: Close the connection ***
function close() {
mysql_close($this-link);
}

}
?

-
File Name: Sentry.php

userdata);
session_destroy();
return true;
}

//==
// Log in, and either redirect to goodRedirect or badRedirect depending on 
success
function checkLogin($user = '',$pass = '',$group = 10,$goodRedirect = 
'',$badRedirect = ''){

// Include database and validation classes, and create objects
require_once('DbConnector.php');
require_once('Validator.php');
$validate = new Validator();
$loginConnector = new DbConnector();

// If user is already logged in then check credentials
if ($_SESSION['user']  $_SESSION['pass']){

// Validate session data
if (!$validate-validateTextOnly($_SESSION['user'])){return false;}
if (!$validate-validateTextOnly($_SESSION['pass'])){return false;}

$getUser = $loginConnector-query(SELECT * FROM rusers WHERE user = 
'.$_SESSION['user'].' AND pass = '.$_SESSION['pass'].' AND thegroup = 
.$group.' AND enabled = 1');

if ($loginConnector-getNumRows($getUser) 0){
// Existing user ok, continue
if ($goodRedirect != '') {
header(Location: .$goodRedirect.?.strip_tags(session_id())) ;
}
return true;
}else{
// Existing user not ok, logout
$this-logout();
return false;
}

// User isn't logged in, check credentials
}else{
// Validate input
if (!$validate-validateTextOnly($user)){return false;}
if (!$validate-validateTextOnly($pass)){return false;}

// Look up user in DB
$getUser = $loginConnector-query(SELECT * FROM rusers WHERE user = '$user' 
AND pass = PASSWORD('$pass') AND thegroup = $group AND enabled = 1);
$this-userdata = $loginConnector-fetchArray($getUser);

if ($loginConnector-getNumRows($getUser) 0){
// Login OK, store session details
// Log in
$_SESSION[user] = $user;
$_SESSION[pass] = $this-userdata['pass'];
$_SESSION[thegroup] = $this-userdata['thegroup'];

if ($goodRedirect) {
header(Location: .$goodRedirect.?.strip_tags(session_id())) ;
}
return true;

}else{
// Login BAD
unset($this-userdata);
if ($badRedirect) {
header(Location: .$badRedirect) ;
}
return false;
}
}
}
}
?

-

filename: validator.php

errors[] = $description;
return false;
}
}

// Validate text only
function validateTextOnly($theinput,$description = ''){
$result = ereg (^[A-Za-z0-9\ ]+$, $theinput );
if ($result){
return true;
}else{
$this-errors[] = $description;
return false;
}
}

// Validate text only, no spaces allowed
function validateTextOnlyNoSpaces($theinput,$description = ''){
$result = ereg (^[A-Za-z0-9]+$, $theinput );
if ($result){
return true;
}else{
$this-errors[] = $description;
return false;
}
}

// Validate email address
function validateEmail($themail,$description = ''){
$result = ereg (^[^@ [EMAIL PROTECTED]@ ]+\.[^@ \.]+$, $themail );
if ($result){
return true;
}else{
$this-errors[] = $description;
return false;
}

}

// Validate numbers only
function validateNumber($theinput,$description = ''){
if (is_numeric($theinput)) {
return true; // The value is numeric, return true
}else{
$this-errors[] = $description; // Value not numeric! Add error description to 
list of errors
return false; // Return false
}
}

// Validate date
function validateDate($thedate,$description = ''){

if (strtotime($thedate) === -1 || $thedate == '') {
$this-errors[] = $description;
return

Re: [PHP] I need an opion!!! Thanks!

2007-10-01 Thread Chris


Sebastian Dieser wrote:

Hi, we have been using the following codes on our site for a year and I wanted 
to know if these codes are just spaghetti or its actual usable code. I know it 
can be bettered a lot I just need opinions if the codes can be used a while 
more until we reprogram everything as a complete CMS system.

Thanks a lot! my superiors want to know because there is another coder that 
says these codes are just spaghetti.

There is more codes but i am able to access the database fine and everything 
else. Of course the codes can be bettered but i dont believe its just 
spaghetti! I used these codes because there was no need to reinvent the 
wheel. I apreciate your help!


I hope you have indenting in your code and it's just the email that came 
through badly.


I wouldn't say it's spaghetti code but it could do with a clean-up.


if ($loginConnector-getNumRows($getUser) 0){
  // Login OK, store session details
  // Log in
  $_SESSION[user] = $user;
  $_SESSION[pass] = $this-userdata['pass'];
  $_SESSION[thegroup] = $this-userdata['thegroup'];

  if ($goodRedirect) {
header(Location: .$goodRedirect.?.strip_tags(session_id())) ;
  }
  return true;

}else{


If you're returning out of the function there why do you need an else? 
PHP will automatically skip that block if it's not going to process that 
code path.



// If user is already logged in then check credentials
if ($_SESSION['user']  $_SESSION['pass']){

...

reverse that:

if (!isset($_SESSION['user']) || !isset($_SESSION['pass'])) {
  return false;
}


You remove a huge if block which isn't needed.



query('SELECT * FROM vendors WHERE ID = '.$HTTP_GET_VARS['id']);


Go to this website and read everything you can find: 
http://phpsec.org/projects/guide/


You have sql injection here that needs attention (and if it's here I'm 
sure there could be other spots too).


Also HTTP_GET_VARS is old, change it to the newer $_GET['id'] syntax.

--
Postgresql  php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] I need an opion!!! Thanks!

Re: [PHP] I need an opion!!! Thanks!

2 matches

Site Navigation

Mail list logo

Footer information