He's got a supposedly well tested registration/login class.
Has anyone tested it out for security or know of a better/simpler alternative?
I looked over the code and dont see any obvious security flaws or missing code. The examples dont have field validation, but the class itself looks pretty good.
Anyone looked at the code for phpuserclass.com?
Moderator: General Moderators
-
mattpointblank
- Forum Contributor
- Posts: 304
- Joined: Tue Dec 23, 2008 6:29 am
Re: Anyone looked at the code for phpuserclass.com?
I've used it. I wouldn't call myself a security expert but it didn't seem obviously flawed, especially once I added in some of my own validation tests.
Re: Anyone looked at the code for phpuserclass.com?
Thanks, yes I'm going to have to add some filters as well.
My main reason for posting this is that I've created a few register/login scripts in the past, but I've never seen a true 'best use' portable script made by anyone. I'd be interested in contributing to a community project to create one, but not if one already exists
My main reason for posting this is that I've created a few register/login scripts in the past, but I've never seen a true 'best use' portable script made by anyone. I'd be interested in contributing to a community project to create one, but not if one already exists
-
mattpointblank
- Forum Contributor
- Posts: 304
- Joined: Tue Dec 23, 2008 6:29 am
Re: Anyone looked at the code for phpuserclass.com?
The nice thing about it (if I remember) is that it's easily extensible, eg, if you add a database column called isAdmin (boolean), you can (without updating any code, I think) run code like:
if($user->isAdmin) {
which is nice (I hope I remembered that properly).
if($user->isAdmin) {
which is nice (I hope I remembered that properly).