diff --git a/index.php b/index.php index a6393a7..752a2c9 100644 --- a/index.php +++ b/index.php @@ -1,6 +1,6 @@ diff --git a/lib/db.php b/lib/db.php index acd5e41..01afeba 100644 --- a/lib/db.php +++ b/lib/db.php @@ -7,6 +7,10 @@ * desc: Anbindung an die (Postgres) Datenbank. */ +error_reporting(E_ALL); +ini_set("display_errors", "on"); +ini_set("display_startip_errors", "on"); + if (!defined('INCLUDES_ALLOWED')) die('Access denied.'); @@ -154,23 +158,27 @@ class Database { public function createTable(): bool { /** - * Erstellt die Tabelle Requests. + * Erstellt die Tabelle Requests. Wir speichern die IP als 16 Byte + * Binary. Damit soll später ein gewisser Schutz gegen Spammer + * erreicht werden. (Wie viele Requests innerhalb welcher Zeit) */ - $this->log->n("try to create table requests"); + $this->log->n("Try to create table requests"); $stmt = "CREATE TABLE IF NOT EXISTS requests ( id serial PRIMARY KEY, nick varchar(80) NOT NULL UNIQUE, email varchar(80) NOT NULL, token char(32) NOT NULL UNIQUE, + ip bytea, time integer NOT NULL);"; try { $this->pdo->exec($stmt); } catch (PDOException $e) { - $this->log-e("Failed to create table requests"); + $this->log->e("Failed to create table requests"); + $this->log->e("Error: {$e->getMessage()}"); return false; } - $this->log-n("Table requests successfull created"); + $this->log->n("Table requests successfull created"); return true; } @@ -305,12 +313,16 @@ class Database { public function saveRequest($token): bool { /** - * Speichert den gewünschten Nick, die Emailadresse, das Token und - * einen Zeitstempel in der Tabelle Requests. + * Speichert den gewünschten Nick, die Emailadresse, das Token, die + * IP und einen Zeitstempel in der Tabelle Requests. + * TODO: IP nicht Hexadezimal, sondern Binär speichern. Spart Platz + * und ist schneller. Bin ich leider zu blöd für. * TODO: Sollten/Müssen Nick und Email noch durch htmlspecialchars() * oder reichen die prepared Statments? */ + $bin = inet_pton($_SERVER['REMOTE_ADDR']); + $ip = bin2hex($bin); $nick = $_POST['login']; $email = $_POST['email']; date_default_timezone_set("Europe/Berlin"); @@ -318,21 +330,26 @@ class Database { $this->log->d("Save request for: {$nick} with {$token} at {$time}"); try { $stmt = $this->pdo->prepare("INSERT INTO requests - (nick, email, token, time) VALUES - (:nick, :email, :token, :time)"); - $response = $stmt->execute(array(':nick' => $nick, - ':email' => $email, - ':token' => $token, - ':time' => $time)); + (nick, email, token, ip, time) VALUES + (:nick, :email, :token, :ip, :time)"); + $stmt->BindValue(':nick', $nick); + $stmt->BindValue(':email', $email); + $stmt->BindValue(':token', $token); + $stmt->BindValue(':ip', $ip, PDO::PARAM_LOB); + $stmt->BindValue(':time', $time); + $response = $stmt->execute(); } catch (PDOException $e) { - $errmsg = $e->getMessage(); $this->log->e("Saving request failed"); - $this->log->e("Error: {$errmsg}"); + $this->log->e("Error: {$e->getMessage()}"); return false; } - $this->log->i("Request saved successfull"); - $this->log->d("Database returns: {$response}"); - return true; + if ($response === 1) { + $this->log->i("Request saved successfull"); + return true; + } else { + $this->log->e("Database returns: {$response}"); + } + return false; } public function getToken(): array { diff --git a/validation.php b/validation.php index 65f6551..c64ff5c 100644 --- a/validation.php +++ b/validation.php @@ -1,6 +1,6 @@