Page 1 of 1

Anyone looked at the code for phpuserclass.com?

Posted: Tue Feb 17, 2009 8:47 pm
by Citizen
He's got a supposedly well tested registration/login class.

Has anyone tested it out for security or know of a better/simpler alternative?

I looked over the code and dont see any obvious security flaws or missing code. The examples dont have field validation, but the class itself looks pretty good.

Re: Anyone looked at the code for phpuserclass.com?

Posted: Wed Feb 18, 2009 3:11 am
by mattpointblank
I've used it. I wouldn't call myself a security expert but it didn't seem obviously flawed, especially once I added in some of my own validation tests.

Re: Anyone looked at the code for phpuserclass.com?

Posted: Wed Feb 18, 2009 10:56 am
by Citizen
Thanks, yes I'm going to have to add some filters as well.

My main reason for posting this is that I've created a few register/login scripts in the past, but I've never seen a true 'best use' portable script made by anyone. I'd be interested in contributing to a community project to create one, but not if one already exists ;)

Re: Anyone looked at the code for phpuserclass.com?

Posted: Wed Feb 18, 2009 11:13 am
by mattpointblank
The nice thing about it (if I remember) is that it's easily extensible, eg, if you add a database column called isAdmin (boolean), you can (without updating any code, I think) run code like:

if($user->isAdmin) {

which is nice (I hope I remembered that properly).