using 'include' in CI code |
I got some code from CodexWorld. In it one of the files has a line
include 'user.php' I have a user.php file, but is it common to use an include in PHP? How does having an include line up with the whole MVC paradigm? Here is the top of my userAccount.php file: <?php //start session //session_start(); //load and initialize user class include 'user.php'; $user = new User(); if(isset($_POST['signupSubmit'])){ //check whether user details are empty if(!empty($_POST['first_name']) && !empty($_POST['last_name']) && !empty($_POST['email']) && !empty($_POST['phone']) && !empty($_POST['password']) && !empty($_POST['confirm_password'])){ //password and confirm password comparison if($_POST['password'] !== $_POST['confirm_password']){ $sessData['status']['type'] = 'error'; I commented out the session_start since phpstorm is complaining that I already have a session started. I am not sure why I would need to start another session.
proof that an old dog can learn new tricks
Richard, if you're attempting to use this code:
https://www.codexworld.com/registration-...l-session/ Please note that this code has security vulnerabilities. For instance, registering a user and directly inserting posted values into a SQL string allows for SQL injection attacks to succeed. While the author could have used query bindings to protect the query from this type of attack, he/she did not. For more details, see: https://www.codeigniter.com/userguide3/d...y-bindings
(06-26-2018, 11:02 AM)richb201 Wrote: I got some code from CodexWorld. In it one of the files has a line Yes, it is common, very common to use the include statement in PHP. If you do a text search of the files in CodeIgniter's system directory (v3.1.9) you'll find 53 places in 20 files where it is used. Obviously then, it has a place in the MVC pattern. In general, using include is not the "CodeIgniter way" to load files. But there's no "rule" against it. (06-26-2018, 03:47 PM)skunkbad Wrote: Richard, if you're attempting to use this code: Good point! And since I am freaking out over not being able to 'clean' an email address, it is probably a good time to take care of this. But I really don't want to deal with this part anymore. I have more interesting stuff to work on like the Google Extension to Phonegap conversion and I feel a little more comfortable in the JS space. Since this is now destined for AWS, I wonder if they have any type of security API?
proof that an old dog can learn new tricks
Thanks for that head's up. I wrote a new function to replace the Codexworld function getRows that uses query bindings:
public function getRows_for_lost_password($conditions = array()){ $email=$conditions[where][email]; $sql = "SELECT * FROM users WHERE email = ? "; $query=$this->db->query($sql, $email); $row = $query->row(); return $row; easy enough. thanks again. Now that took care of it for the forgot password. Do I need to be concerned about injection when someone is registering too or changing their password?
proof that an old dog can learn new tricks
(06-26-2018, 04:32 PM)dave friend Wrote:(06-26-2018, 11:02 AM)richb201 Wrote: I got some code from CodexWorld. In it one of the files has a line
proof that an old dog can learn new tricks
It can be wherever you want. If it's in /models then try
PHP Code: include APPPATH.'models/user.php`; |
Welcome Guest, Not a member yet? Register Sign In |