Page 1 of 1
Anyone looked at the code for phpuserclass.com?
Posted: Tue Feb 17, 2009 8:47 pm
by Citizen
He's got a supposedly well tested registration/login class.
Has anyone tested it out for security or know of a better/simpler alternative?
I looked over the code and dont see any obvious security flaws or missing code. The examples dont have field validation, but the class itself looks pretty good.
Re: Anyone looked at the code for phpuserclass.com?
Posted: Wed Feb 18, 2009 3:11 am
by mattpointblank
I've used it. I wouldn't call myself a security expert but it didn't seem obviously flawed, especially once I added in some of my own validation tests.
Re: Anyone looked at the code for phpuserclass.com?
Posted: Wed Feb 18, 2009 10:56 am
by Citizen
Thanks, yes I'm going to have to add some filters as well.
My main reason for posting this is that I've created a few register/login scripts in the past, but I've never seen a true 'best use' portable script made by anyone. I'd be interested in contributing to a community project to create one, but not if one already exists

Re: Anyone looked at the code for phpuserclass.com?
Posted: Wed Feb 18, 2009 11:13 am
by mattpointblank
The nice thing about it (if I remember) is that it's easily extensible, eg, if you add a database column called isAdmin (boolean), you can (without updating any code, I think) run code like:
if($user->isAdmin) {
which is nice (I hope I remembered that properly).