forked from berhsi/matrix-register
ip des requests wird hexadezimal gespeichert
This commit is contained in:
parent
8d6fcb9496
commit
2dab51cab3
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
define('INCLUDES_ALLOWED');
|
define('INCLUDES_ALLOWED', true);
|
||||||
|
|
||||||
require("static/web.php");
|
require("static/web.php");
|
||||||
require("lib/request.php");
|
require("lib/request.php");
|
||||||
|
@ -9,8 +9,8 @@ require("lib/request.php");
|
||||||
$outputLogin = null;
|
$outputLogin = null;
|
||||||
$outputEmail = null;
|
$outputEmail = null;
|
||||||
$class=null;
|
$class=null;
|
||||||
$title = null;
|
$title = "Sorry";
|
||||||
$message = ""; // checkRequest() erwartet einen string
|
$message = "Something goes wrong";
|
||||||
$saved = false;
|
$saved = false;
|
||||||
|
|
||||||
|
|
||||||
|
@ -26,7 +26,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
$title = "Success";
|
$title = "Success";
|
||||||
} else {
|
} else {
|
||||||
$class = "error";
|
$class = "error";
|
||||||
$title = "Sorry";
|
|
||||||
$outputLogin = $inputLogin;
|
$outputLogin = $inputLogin;
|
||||||
$outputEmail = $inputEmail;
|
$outputEmail = $inputEmail;
|
||||||
}
|
}
|
||||||
|
@ -34,7 +33,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
} else {
|
} else {
|
||||||
$class = "error";
|
$class = "error";
|
||||||
$title = "Error";
|
$title = "Error";
|
||||||
$message = "Something goes wrong";
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
47
lib/db.php
47
lib/db.php
|
@ -7,6 +7,10 @@
|
||||||
* desc: Anbindung an die (Postgres) Datenbank.
|
* desc: Anbindung an die (Postgres) Datenbank.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
error_reporting(E_ALL);
|
||||||
|
ini_set("display_errors", "on");
|
||||||
|
ini_set("display_startip_errors", "on");
|
||||||
|
|
||||||
|
|
||||||
if (!defined('INCLUDES_ALLOWED'))
|
if (!defined('INCLUDES_ALLOWED'))
|
||||||
die('Access denied.');
|
die('Access denied.');
|
||||||
|
@ -154,23 +158,27 @@ class Database {
|
||||||
public function createTable(): bool
|
public function createTable(): bool
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Erstellt die Tabelle Requests.
|
* Erstellt die Tabelle Requests. Wir speichern die IP als 16 Byte
|
||||||
|
* Binary. Damit soll später ein gewisser Schutz gegen Spammer
|
||||||
|
* erreicht werden. (Wie viele Requests innerhalb welcher Zeit)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$this->log->n("try to create table requests");
|
$this->log->n("Try to create table requests");
|
||||||
$stmt = "CREATE TABLE IF NOT EXISTS requests (
|
$stmt = "CREATE TABLE IF NOT EXISTS requests (
|
||||||
id serial PRIMARY KEY,
|
id serial PRIMARY KEY,
|
||||||
nick varchar(80) NOT NULL UNIQUE,
|
nick varchar(80) NOT NULL UNIQUE,
|
||||||
email varchar(80) NOT NULL,
|
email varchar(80) NOT NULL,
|
||||||
token char(32) NOT NULL UNIQUE,
|
token char(32) NOT NULL UNIQUE,
|
||||||
|
ip bytea,
|
||||||
time integer NOT NULL);";
|
time integer NOT NULL);";
|
||||||
try {
|
try {
|
||||||
$this->pdo->exec($stmt);
|
$this->pdo->exec($stmt);
|
||||||
} catch (PDOException $e) {
|
} catch (PDOException $e) {
|
||||||
$this->log-e("Failed to create table requests");
|
$this->log->e("Failed to create table requests");
|
||||||
|
$this->log->e("Error: {$e->getMessage()}");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$this->log-n("Table requests successfull created");
|
$this->log->n("Table requests successfull created");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -305,12 +313,16 @@ class Database {
|
||||||
public function saveRequest($token): bool
|
public function saveRequest($token): bool
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Speichert den gewünschten Nick, die Emailadresse, das Token und
|
* Speichert den gewünschten Nick, die Emailadresse, das Token, die
|
||||||
* einen Zeitstempel in der Tabelle Requests.
|
* IP und einen Zeitstempel in der Tabelle Requests.
|
||||||
|
* TODO: IP nicht Hexadezimal, sondern Binär speichern. Spart Platz
|
||||||
|
* und ist schneller. Bin ich leider zu blöd für.
|
||||||
* TODO: Sollten/Müssen Nick und Email noch durch htmlspecialchars()
|
* TODO: Sollten/Müssen Nick und Email noch durch htmlspecialchars()
|
||||||
* oder reichen die prepared Statments?
|
* oder reichen die prepared Statments?
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
$bin = inet_pton($_SERVER['REMOTE_ADDR']);
|
||||||
|
$ip = bin2hex($bin);
|
||||||
$nick = $_POST['login'];
|
$nick = $_POST['login'];
|
||||||
$email = $_POST['email'];
|
$email = $_POST['email'];
|
||||||
date_default_timezone_set("Europe/Berlin");
|
date_default_timezone_set("Europe/Berlin");
|
||||||
|
@ -318,21 +330,26 @@ class Database {
|
||||||
$this->log->d("Save request for: {$nick} with {$token} at {$time}");
|
$this->log->d("Save request for: {$nick} with {$token} at {$time}");
|
||||||
try {
|
try {
|
||||||
$stmt = $this->pdo->prepare("INSERT INTO requests
|
$stmt = $this->pdo->prepare("INSERT INTO requests
|
||||||
(nick, email, token, time) VALUES
|
(nick, email, token, ip, time) VALUES
|
||||||
(:nick, :email, :token, :time)");
|
(:nick, :email, :token, :ip, :time)");
|
||||||
$response = $stmt->execute(array(':nick' => $nick,
|
$stmt->BindValue(':nick', $nick);
|
||||||
':email' => $email,
|
$stmt->BindValue(':email', $email);
|
||||||
':token' => $token,
|
$stmt->BindValue(':token', $token);
|
||||||
':time' => $time));
|
$stmt->BindValue(':ip', $ip, PDO::PARAM_LOB);
|
||||||
|
$stmt->BindValue(':time', $time);
|
||||||
|
$response = $stmt->execute();
|
||||||
} catch (PDOException $e) {
|
} catch (PDOException $e) {
|
||||||
$errmsg = $e->getMessage();
|
|
||||||
$this->log->e("Saving request failed");
|
$this->log->e("Saving request failed");
|
||||||
$this->log->e("Error: {$errmsg}");
|
$this->log->e("Error: {$e->getMessage()}");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if ($response === 1) {
|
||||||
$this->log->i("Request saved successfull");
|
$this->log->i("Request saved successfull");
|
||||||
$this->log->d("Database returns: {$response}");
|
|
||||||
return true;
|
return true;
|
||||||
|
} else {
|
||||||
|
$this->log->e("Database returns: {$response}");
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getToken(): array {
|
public function getToken(): array {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
define('INCLUDES_ALLOWED');
|
define('INCLUDES_ALLOWED', true);
|
||||||
|
|
||||||
require("static/web.php");
|
require("static/web.php");
|
||||||
require("lib/register.php");
|
require("lib/register.php");
|
||||||
|
|
Loading…
Reference in a new issue