ip des requests wird hexadezimal gespeichert
This commit is contained in:
parent
8d6fcb9496
commit
2dab51cab3
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
|
||||
define('INCLUDES_ALLOWED');
|
||||
define('INCLUDES_ALLOWED', true);
|
||||
|
||||
require("static/web.php");
|
||||
require("lib/request.php");
|
||||
|
|
@ -9,8 +9,8 @@ require("lib/request.php");
|
|||
$outputLogin = null;
|
||||
$outputEmail = null;
|
||||
$class=null;
|
||||
$title = null;
|
||||
$message = ""; // checkRequest() erwartet einen string
|
||||
$title = "Sorry";
|
||||
$message = "Something goes wrong";
|
||||
$saved = false;
|
||||
|
||||
|
||||
|
|
@ -26,7 +26,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
$title = "Success";
|
||||
} else {
|
||||
$class = "error";
|
||||
$title = "Sorry";
|
||||
$outputLogin = $inputLogin;
|
||||
$outputEmail = $inputEmail;
|
||||
}
|
||||
|
|
@ -34,7 +33,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
} else {
|
||||
$class = "error";
|
||||
$title = "Error";
|
||||
$message = "Something goes wrong";
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
51
lib/db.php
51
lib/db.php
|
|
@ -7,6 +7,10 @@
|
|||
* desc: Anbindung an die (Postgres) Datenbank.
|
||||
*/
|
||||
|
||||
error_reporting(E_ALL);
|
||||
ini_set("display_errors", "on");
|
||||
ini_set("display_startip_errors", "on");
|
||||
|
||||
|
||||
if (!defined('INCLUDES_ALLOWED'))
|
||||
die('Access denied.');
|
||||
|
|
@ -154,23 +158,27 @@ class Database {
|
|||
public function createTable(): bool
|
||||
{
|
||||
/**
|
||||
* Erstellt die Tabelle Requests.
|
||||
* Erstellt die Tabelle Requests. Wir speichern die IP als 16 Byte
|
||||
* Binary. Damit soll später ein gewisser Schutz gegen Spammer
|
||||
* erreicht werden. (Wie viele Requests innerhalb welcher Zeit)
|
||||
*/
|
||||
|
||||
$this->log->n("try to create table requests");
|
||||
$this->log->n("Try to create table requests");
|
||||
$stmt = "CREATE TABLE IF NOT EXISTS requests (
|
||||
id serial PRIMARY KEY,
|
||||
nick varchar(80) NOT NULL UNIQUE,
|
||||
email varchar(80) NOT NULL,
|
||||
token char(32) NOT NULL UNIQUE,
|
||||
ip bytea,
|
||||
time integer NOT NULL);";
|
||||
try {
|
||||
$this->pdo->exec($stmt);
|
||||
} catch (PDOException $e) {
|
||||
$this->log-e("Failed to create table requests");
|
||||
$this->log->e("Failed to create table requests");
|
||||
$this->log->e("Error: {$e->getMessage()}");
|
||||
return false;
|
||||
}
|
||||
$this->log-n("Table requests successfull created");
|
||||
$this->log->n("Table requests successfull created");
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -305,12 +313,16 @@ class Database {
|
|||
public function saveRequest($token): bool
|
||||
{
|
||||
/**
|
||||
* Speichert den gewünschten Nick, die Emailadresse, das Token und
|
||||
* einen Zeitstempel in der Tabelle Requests.
|
||||
* Speichert den gewünschten Nick, die Emailadresse, das Token, die
|
||||
* IP und einen Zeitstempel in der Tabelle Requests.
|
||||
* TODO: IP nicht Hexadezimal, sondern Binär speichern. Spart Platz
|
||||
* und ist schneller. Bin ich leider zu blöd für.
|
||||
* TODO: Sollten/Müssen Nick und Email noch durch htmlspecialchars()
|
||||
* oder reichen die prepared Statments?
|
||||
*/
|
||||
|
||||
$bin = inet_pton($_SERVER['REMOTE_ADDR']);
|
||||
$ip = bin2hex($bin);
|
||||
$nick = $_POST['login'];
|
||||
$email = $_POST['email'];
|
||||
date_default_timezone_set("Europe/Berlin");
|
||||
|
|
@ -318,21 +330,26 @@ class Database {
|
|||
$this->log->d("Save request for: {$nick} with {$token} at {$time}");
|
||||
try {
|
||||
$stmt = $this->pdo->prepare("INSERT INTO requests
|
||||
(nick, email, token, time) VALUES
|
||||
(:nick, :email, :token, :time)");
|
||||
$response = $stmt->execute(array(':nick' => $nick,
|
||||
':email' => $email,
|
||||
':token' => $token,
|
||||
':time' => $time));
|
||||
(nick, email, token, ip, time) VALUES
|
||||
(:nick, :email, :token, :ip, :time)");
|
||||
$stmt->BindValue(':nick', $nick);
|
||||
$stmt->BindValue(':email', $email);
|
||||
$stmt->BindValue(':token', $token);
|
||||
$stmt->BindValue(':ip', $ip, PDO::PARAM_LOB);
|
||||
$stmt->BindValue(':time', $time);
|
||||
$response = $stmt->execute();
|
||||
} catch (PDOException $e) {
|
||||
$errmsg = $e->getMessage();
|
||||
$this->log->e("Saving request failed");
|
||||
$this->log->e("Error: {$errmsg}");
|
||||
$this->log->e("Error: {$e->getMessage()}");
|
||||
return false;
|
||||
}
|
||||
$this->log->i("Request saved successfull");
|
||||
$this->log->d("Database returns: {$response}");
|
||||
return true;
|
||||
if ($response === 1) {
|
||||
$this->log->i("Request saved successfull");
|
||||
return true;
|
||||
} else {
|
||||
$this->log->e("Database returns: {$response}");
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getToken(): array {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
|
||||
define('INCLUDES_ALLOWED');
|
||||
define('INCLUDES_ALLOWED', true);
|
||||
|
||||
require("static/web.php");
|
||||
require("lib/register.php");
|
||||
|
|
|
|||
Loading…
Reference in a new issue