berhsi/matrix-register
1
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

ip des requests wird hexadezimal gespeichert

Browse source
This commit is contained in:
bernd 2021-03-04 13:46:42 +01:00
parent 8d6fcb9496
commit 2dab51cab3
3 changed files with 38 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
index.php
View file

@ -1,6 +1,6 @@
<?php <?php
define('INCLUDES_ALLOWED'); define('INCLUDES_ALLOWED', true);
require("static/web.php"); require("static/web.php");
require("lib/request.php"); require("lib/request.php");
@ -9,8 +9,8 @@ require("lib/request.php");
$outputLogin = null; $outputLogin = null;
$outputEmail = null; $outputEmail = null;
$class=null; $class=null;
$title = null; $title = "Sorry";
$message = ""; // checkRequest() erwartet einen string $message = "Something goes wrong";
$saved = false; $saved = false;
@ -26,7 +26,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$title = "Success"; $title = "Success";
} else { } else {
$class = "error"; $class = "error";
$title = "Sorry";
$outputLogin = $inputLogin; $outputLogin = $inputLogin;
$outputEmail = $inputEmail; $outputEmail = $inputEmail;
} }
@ -34,7 +33,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} else { } else {
$class = "error"; $class = "error";
$title = "Error"; $title = "Error";
$message = "Something goes wrong";
} }
} }
?> ?>

51
lib/db.php
View file

@ -7,6 +7,10 @@
* desc: Anbindung an die (Postgres) Datenbank. * desc: Anbindung an die (Postgres) Datenbank.
*/ */
error_reporting(E_ALL);
ini_set("display_errors", "on");
ini_set("display_startip_errors", "on");
if (!defined('INCLUDES_ALLOWED')) if (!defined('INCLUDES_ALLOWED'))
die('Access denied.'); die('Access denied.');
@ -154,23 +158,27 @@ class Database {
public function createTable(): bool public function createTable(): bool
{ {
/** /**
* Erstellt die Tabelle Requests. * Erstellt die Tabelle Requests. Wir speichern die IP als 16 Byte
* Binary. Damit soll später ein gewisser Schutz gegen Spammer
* erreicht werden. (Wie viele Requests innerhalb welcher Zeit)
*/ */
$this->log->n("try to create table requests"); $this->log->n("Try to create table requests");
$stmt = "CREATE TABLE IF NOT EXISTS requests ( $stmt = "CREATE TABLE IF NOT EXISTS requests (
id serial PRIMARY KEY, id serial PRIMARY KEY,
nick varchar(80) NOT NULL UNIQUE, nick varchar(80) NOT NULL UNIQUE,
email varchar(80) NOT NULL, email varchar(80) NOT NULL,
token char(32) NOT NULL UNIQUE, token char(32) NOT NULL UNIQUE,
ip bytea,
time integer NOT NULL);"; time integer NOT NULL);";
try { try {
$this->pdo->exec($stmt); $this->pdo->exec($stmt);
} catch (PDOException $e) { } catch (PDOException $e) {
$this->log-e("Failed to create table requests"); $this->log->e("Failed to create table requests");
$this->log->e("Error: {$e->getMessage()}");
return false; return false;
} }
$this->log-n("Table requests successfull created"); $this->log->n("Table requests successfull created");
return true; return true;
} }
@ -305,12 +313,16 @@ class Database {
public function saveRequest($token): bool public function saveRequest($token): bool
{ {
/** /**
* Speichert den gewünschten Nick, die Emailadresse, das Token und * Speichert den gewünschten Nick, die Emailadresse, das Token, die
* einen Zeitstempel in der Tabelle Requests. * IP und einen Zeitstempel in der Tabelle Requests.
* TODO: IP nicht Hexadezimal, sondern Binär speichern. Spart Platz
* und ist schneller. Bin ich leider zu blöd für.
* TODO: Sollten/Müssen Nick und Email noch durch htmlspecialchars() * TODO: Sollten/Müssen Nick und Email noch durch htmlspecialchars()
* oder reichen die prepared Statments? * oder reichen die prepared Statments?
*/ */
$bin = inet_pton($_SERVER['REMOTE_ADDR']);
$ip = bin2hex($bin);
$nick = $_POST['login']; $nick = $_POST['login'];
$email = $_POST['email']; $email = $_POST['email'];
date_default_timezone_set("Europe/Berlin"); date_default_timezone_set("Europe/Berlin");
@ -318,21 +330,26 @@ class Database {
$this->log->d("Save request for: {$nick} with {$token} at {$time}"); $this->log->d("Save request for: {$nick} with {$token} at {$time}");
try { try {
$stmt = $this->pdo->prepare("INSERT INTO requests $stmt = $this->pdo->prepare("INSERT INTO requests
(nick, email, token, time) VALUES (nick, email, token, ip, time) VALUES
(:nick, :email, :token, :time)"); (:nick, :email, :token, :ip, :time)");
$response = $stmt->execute(array(':nick' => $nick, $stmt->BindValue(':nick', $nick);
':email' => $email, $stmt->BindValue(':email', $email);
':token' => $token, $stmt->BindValue(':token', $token);
':time' => $time)); $stmt->BindValue(':ip', $ip, PDO::PARAM_LOB);
$stmt->BindValue(':time', $time);
$response = $stmt->execute();
} catch (PDOException $e) { } catch (PDOException $e) {
$errmsg = $e->getMessage();
$this->log->e("Saving request failed"); $this->log->e("Saving request failed");
$this->log->e("Error: {$errmsg}"); $this->log->e("Error: {$e->getMessage()}");
return false; return false;
} }
$this->log->i("Request saved successfull"); if ($response === 1) {
$this->log->d("Database returns: {$response}"); $this->log->i("Request saved successfull");
return true; return true;
} else {
$this->log->e("Database returns: {$response}");
}
return false;
} }
public function getToken(): array { public function getToken(): array {

2
validation.php
View file

@ -1,6 +1,6 @@
<?php <?php
define('INCLUDES_ALLOWED'); define('INCLUDES_ALLOWED', true);
require("static/web.php"); require("static/web.php");
require("lib/register.php"); require("lib/register.php");