Professional CodeIgniter, Thomas Myer
Chapter 9: Security and Performance
272
`status' =
>
db_clean($_POST[`status'],8)
,
`password' =
>
db_clean($_POST[`password'],16)
);
$this-
>
db-
>
where(`id',id_clean($_POST[`id']));
$this-
>
db-
>
update(`admins',$data);
}
function deleteUser($id){
$data = array(`status' =
>
`inactive');
$this-
>
db-
>
where(`id',
id_clean($id)
);
$this-
>
db-
>
update(`admins', $data);
}
Incorporating Previous Security Measures
Before moving on, it ' s important to revisit the
addUser()
,
updateUser()
, and
verifyUser()
functions. At the end of Chapter 6 , you used
dohash()
to secure passwords being saved to the database.
At that point, your code looked like this:
function addUser(){
$data = array(`username' =
>
$_POST[`username'],
`email' =
>
$_POST[`email'],
`status' =
>
$_POST[`status'],
`password' =
>
substr(dohash($_POST[`password']),0,16)
);
$this-
>
db-
>
insert(`admins',$data);
}
function updateUser(){
$data = array(`username' =
>
$_POST[`username'],
`email' =
>
$_POST[`email'],
`status' =
>
$_POST[`status'],
`password' =
>
substr(dohash($_POST[`password']),0,16)
);
$this-
>
db-
>
where(`id',id_clean($_POST[`id']));
$this-
>
db-
>
update(`admins',$data);
}
function verifyUser($u,$pw){
$this-
>
db-
>
select(`id,username');
$this-
>
db-
>
where(`username',$u);
$this-
>
db-
>
where(`password',
substr(dohash($pw),0,16)
;
$this-
>
db-
>
where(`status', `active');
$this-
>
db-
>
limit(1);
$Q = $this-
>
db-
>
get(`admins');
if ($Q-
>
num_rows()
>
0){
$row = $Q-
>
row_array();
$_SESSION[`userid'] = $row[`id'];
$_SESSION[`username'] = $row[`username'];
}else{
$this-
>
session-
>
set_flashdata(`error', `Sorry, your username or password is
incorrect!');
}
}
c09.indd 272
c09.indd 272
6/10/08 5:37:59 PM
6/10/08 5:37:59 PM