Secure a class for an hydratation from ma form POST Announcing the arrival of Valued Associate...
How to react to hostile behavior from a senior developer?
Do I really need recursive chmod to restrict access to a folder?
Why aren't air breathing engines used as small first stages?
When a candle burns, why does the top of wick glow if bottom of flame is hottest?
Can a party unilaterally change candidates in preparation for a General election?
Is it fair for a professor to grade us on the possession of past papers?
What is the meaning of the simile “quick as silk”?
Is there such thing as an Availability Group failover trigger?
Why are there no cargo aircraft with "flying wing" design?
Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?
Can you use the Shield Master feat to shove someone before you make an attack by using a Readied action?
Is grep documentation wrong?
What does できなさすぎる means?
How to Make a Beautiful Stacked 3D Plot
What would be the ideal power source for a cybernetic eye?
How do I create a variable that uses I?
Most bit efficient text communication method?
Trademark violation for app?
Wu formula for manifolds with boundary
Is CEO the profession with the most psychopaths?
Why are both D and D# fitting into my E minor key?
What font is "z" in "z-score"?
Why wasn't DOSKEY integrated with COMMAND.COM?
Significance of Cersei's obsession with elephants?
Secure a class for an hydratation from ma form POST
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)PHP form with bot deterrentGet data from some SOAP resourcesIs this system to block bots reliable?My lost password functionValidating user credentials and logging into a Symfony sitesimple form validationPHP contact form using PHPMailer and Google RecaptchaPHP form simple validationObject-oriented Bank classPHP CouponGenerator class - preventing concurrent file access
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
$begingroup$
I use php classes for managing users accounts and I wonder if what I'm doing is correct.
I directly use the $_POST['form'] for hydrate User objects. But there is some field that I don't want user to modify (i.e. : Id_user, admin_level,... [They can be able to do it by creating a new input field called id_user or admin_level, and get admin level])
So i use an argument in each setID or setAdmin_level (a boolean called $forcer) :
<?php
Class User extends Content{
private $_id_user;
private $_date_inscription;
private $_ip_inscription;
private $_derniere_connexion;
private $_nom_utilisateur;
private $_email;
private $_mot_de_passe;
private $_nom;
private $_prenom;
private $_role;
const USER_UNLOGGED = 0;
const USER_LOGGED = 1;
const USER_ADMIN = 5;
public function __construct(array $donnees = null, $forcer = false)
{
if($donnees){
$this->hydrate($donnees,$forcer);
}
}
public function hydrate(array $donnees, $forcer = false)
{
foreach($donnees as $champ => $valeur){
$method = 'set'.ucfirst($champ);
if(method_exists($this,$method))
{
if($forcer){
try {
$this->$method($this->securite($valeur), true);
}catch(Exception $e){
$this->$method($this->securite($valeur));
}
}else {
$this->$method($this->securite($valeur));
}
}
}
}
public function setId_user($id_user, $forcer = false)
{
if(is_numeric($id_user)&&$forcer)
{
$this->_id_user = $id_user;
return true;
}else {
$this->addErreur('id_user','User ID incorrect');
return false;
}
}
public function getId_user()
{
return $this->_id_user;
}
public function setDate_inscription($date_inscription = "")
{
if(is_numeric($date_inscription))
{
$this->_date_inscription = $date_inscription;
}else {
$this->_date_inscription = time();
}
}
public function getDate_inscription()
{
return $this->_date_inscription;
}
public function setIp_inscription($ip_inscription ='')
{
if($ip_inscription)
{
$this->_ip_inscription = $ip_inscription;
}else {
$this->_ip_inscription = $_SERVER['REMOTE_ADDR'];
}
}
public function getIp_inscription()
{
return $this->_ip_inscription;
}
public function setDerniere_connexion()
{
$this->_derniere_connexion = time()."#".$_SERVER['REMOTE_ADDR'];
}
public function getDerniere_connexion()
{
return $this->_derniere_connexion;
}
public function setNom_utilisateur($nom_utilisateur)
{
$this->_nom_utilisateur = $nom_utilisateur;
}
public function getNom_utilisateur()
{
return $this->_nom_utilisateur;
}
public function setEmail($email)
{
if($this->is_mail($email))
{
$this->_email = $email;
}else {
$this->addErreur('email','email incorrect.');
return false;
}
}
public function getEmail()
{
return $this->_email;
}
public function setMot_de_passe($mot_de_passe, $encrypted=false)
{
if($this->is_password($mot_de_passe))
{
if($encrypted)
{
$this->_mot_de_passe = $mot_de_passe;
}else {
$this->_mot_de_passe = crypt($mot_de_passe, $GLOBALS['salt_crypt']);
}
}else{
$this->addErreur('mot_de_passe','Mot de passe incorrect. Minimum 6 caractères.');
return false;
}
}
public function getMot_de_passe()
{
return $this->_mot_de_passe;
}
public function setNom($nom)
{
$this->_nom = $nom;
}
public function getNom()
{
return $this->_nom;
}
public function setPrenom($prenom)
{
$this->_prenom = $prenom;
}
public function getPrenom()
{
return $this->_prenom;
}
public function setRole($role, $forcer = false)
{
if(is_numeric($role)&&$forcer)
{
$this->_role = intval($role);
}else{
$this->addErreur('role','Role incorrect');
return false;
}
}
public function getRole()
{
return $this->_role;
}
} // Fin de la classe User
So, in order to register a new user, I hydrate a new User object with the form POST :
$user = new User($_POST['form'], false);
And I need to set the $force bool to true for create a new User from an Id or if I want to set a field protected.
$user = $userManager->getUserFromId(new User(['id_user' => 1], true));
Is this a good way ?
php object-oriented form
asked 8 mins ago
ZekkyoZekkyo
1
New contributor
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
I use php classes for managing users accounts and I wonder if what I'm doing is correct.
I directly use the $_POST['form'] for hydrate User objects. But there is some field that I don't want user to modify (i.e. : Id_user, admin_level,... [They can be able to do it by creating a new input field called id_user or admin_level, and get admin level])
So i use an argument in each setID or setAdmin_level (a boolean called $forcer) :
<?php
Class User extends Content{
private $_id_user;
private $_date_inscription;
private $_ip_inscription;
private $_derniere_connexion;
private $_nom_utilisateur;
private $_email;
private $_mot_de_passe;
private $_nom;
private $_prenom;
private $_role;
const USER_UNLOGGED = 0;
const USER_LOGGED = 1;
const USER_ADMIN = 5;
public function __construct(array $donnees = null, $forcer = false)
{
if($donnees){
$this->hydrate($donnees,$forcer);
}
}
public function hydrate(array $donnees, $forcer = false)
{
foreach($donnees as $champ => $valeur){
$method = 'set'.ucfirst($champ);
if(method_exists($this,$method))
{
if($forcer){
try {
$this->$method($this->securite($valeur), true);
}catch(Exception $e){
$this->$method($this->securite($valeur));
}
}else {
$this->$method($this->securite($valeur));
}
}
}
}
public function setId_user($id_user, $forcer = false)
{
if(is_numeric($id_user)&&$forcer)
{
$this->_id_user = $id_user;
return true;
}else {
$this->addErreur('id_user','User ID incorrect');
return false;
}
}
public function getId_user()
{
return $this->_id_user;
}
public function setDate_inscription($date_inscription = "")
{
if(is_numeric($date_inscription))
{
$this->_date_inscription = $date_inscription;
}else {
$this->_date_inscription = time();
}
}
public function getDate_inscription()
{
return $this->_date_inscription;
}
public function setIp_inscription($ip_inscription ='')
{
if($ip_inscription)
{
$this->_ip_inscription = $ip_inscription;
}else {
$this->_ip_inscription = $_SERVER['REMOTE_ADDR'];
}
}
public function getIp_inscription()
{
return $this->_ip_inscription;
}
public function setDerniere_connexion()
{
$this->_derniere_connexion = time()."#".$_SERVER['REMOTE_ADDR'];
}
public function getDerniere_connexion()
{
return $this->_derniere_connexion;
}
public function setNom_utilisateur($nom_utilisateur)
{
$this->_nom_utilisateur = $nom_utilisateur;
}
public function getNom_utilisateur()
{
return $this->_nom_utilisateur;
}
public function setEmail($email)
{
if($this->is_mail($email))
{
$this->_email = $email;
}else {
$this->addErreur('email','email incorrect.');
return false;
}
}
public function getEmail()
{
return $this->_email;
}
public function setMot_de_passe($mot_de_passe, $encrypted=false)
{
if($this->is_password($mot_de_passe))
{
if($encrypted)
{
$this->_mot_de_passe = $mot_de_passe;
}else {
$this->_mot_de_passe = crypt($mot_de_passe, $GLOBALS['salt_crypt']);
}
}else{
$this->addErreur('mot_de_passe','Mot de passe incorrect. Minimum 6 caractères.');
return false;
}
}
public function getMot_de_passe()
{
return $this->_mot_de_passe;
}
public function setNom($nom)
{
$this->_nom = $nom;
}
public function getNom()
{
return $this->_nom;
}
public function setPrenom($prenom)
{
$this->_prenom = $prenom;
}
public function getPrenom()
{
return $this->_prenom;
}
public function setRole($role, $forcer = false)
{
if(is_numeric($role)&&$forcer)
{
$this->_role = intval($role);
}else{
$this->addErreur('role','Role incorrect');
return false;
}
}
public function getRole()
{
return $this->_role;
}
} // Fin de la classe User
So, in order to register a new user, I hydrate a new User object with the form POST :
$user = new User($_POST['form'], false);
And I need to set the $force bool to true for create a new User from an Id or if I want to set a field protected.
$user = $userManager->getUserFromId(new User(['id_user' => 1], true));
Is this a good way ?
php object-oriented form
asked 8 mins ago
ZekkyoZekkyo
1
New contributor
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
I use php classes for managing users accounts and I wonder if what I'm doing is correct.
I directly use the $_POST['form'] for hydrate User objects. But there is some field that I don't want user to modify (i.e. : Id_user, admin_level,... [They can be able to do it by creating a new input field called id_user or admin_level, and get admin level])
So i use an argument in each setID or setAdmin_level (a boolean called $forcer) :
<?php
Class User extends Content{
private $_id_user;
private $_date_inscription;
private $_ip_inscription;
private $_derniere_connexion;
private $_nom_utilisateur;
private $_email;
private $_mot_de_passe;
private $_nom;
private $_prenom;
private $_role;
const USER_UNLOGGED = 0;
const USER_LOGGED = 1;
const USER_ADMIN = 5;
public function __construct(array $donnees = null, $forcer = false)
{
if($donnees){
$this->hydrate($donnees,$forcer);
}
}
public function hydrate(array $donnees, $forcer = false)
{
foreach($donnees as $champ => $valeur){
$method = 'set'.ucfirst($champ);
if(method_exists($this,$method))
{
if($forcer){
try {
$this->$method($this->securite($valeur), true);
}catch(Exception $e){
$this->$method($this->securite($valeur));
}
}else {
$this->$method($this->securite($valeur));
}
}
}
}
public function setId_user($id_user, $forcer = false)
{
if(is_numeric($id_user)&&$forcer)
{
$this->_id_user = $id_user;
return true;
}else {
$this->addErreur('id_user','User ID incorrect');
return false;
}
}
public function getId_user()
{
return $this->_id_user;
}
public function setDate_inscription($date_inscription = "")
{
if(is_numeric($date_inscription))
{
$this->_date_inscription = $date_inscription;
}else {
$this->_date_inscription = time();
}
}
public function getDate_inscription()
{
return $this->_date_inscription;
}
public function setIp_inscription($ip_inscription ='')
{
if($ip_inscription)
{
$this->_ip_inscription = $ip_inscription;
}else {
$this->_ip_inscription = $_SERVER['REMOTE_ADDR'];
}
}
public function getIp_inscription()
{
return $this->_ip_inscription;
}
public function setDerniere_connexion()
{
$this->_derniere_connexion = time()."#".$_SERVER['REMOTE_ADDR'];
}
public function getDerniere_connexion()
{
return $this->_derniere_connexion;
}
public function setNom_utilisateur($nom_utilisateur)
{
$this->_nom_utilisateur = $nom_utilisateur;
}
public function getNom_utilisateur()
{
return $this->_nom_utilisateur;
}
public function setEmail($email)
{
if($this->is_mail($email))
{
$this->_email = $email;
}else {
$this->addErreur('email','email incorrect.');
return false;
}
}
public function getEmail()
{
return $this->_email;
}
public function setMot_de_passe($mot_de_passe, $encrypted=false)
{
if($this->is_password($mot_de_passe))
{
if($encrypted)
{
$this->_mot_de_passe = $mot_de_passe;
}else {
$this->_mot_de_passe = crypt($mot_de_passe, $GLOBALS['salt_crypt']);
}
}else{
$this->addErreur('mot_de_passe','Mot de passe incorrect. Minimum 6 caractères.');
return false;
}
}
public function getMot_de_passe()
{
return $this->_mot_de_passe;
}
public function setNom($nom)
{
$this->_nom = $nom;
}
public function getNom()
{
return $this->_nom;
}
public function setPrenom($prenom)
{
$this->_prenom = $prenom;
}
public function getPrenom()
{
return $this->_prenom;
}
public function setRole($role, $forcer = false)
{
if(is_numeric($role)&&$forcer)
{
$this->_role = intval($role);
}else{
$this->addErreur('role','Role incorrect');
return false;
}
}
public function getRole()
{
return $this->_role;
}
} // Fin de la classe User
So, in order to register a new user, I hydrate a new User object with the form POST :
$user = new User($_POST['form'], false);
And I need to set the $force bool to true for create a new User from an Id or if I want to set a field protected.
$user = $userManager->getUserFromId(new User(['id_user' => 1], true));
Is this a good way ?
php object-oriented form
asked 8 mins ago
ZekkyoZekkyo
1
New contributor
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
I use php classes for managing users accounts and I wonder if what I'm doing is correct.
I directly use the $_POST['form'] for hydrate User objects. But there is some field that I don't want user to modify (i.e. : Id_user, admin_level,... [They can be able to do it by creating a new input field called id_user or admin_level, and get admin level])
So i use an argument in each setID or setAdmin_level (a boolean called $forcer) :
<?php
Class User extends Content{
private $_id_user;
private $_date_inscription;
private $_ip_inscription;
private $_derniere_connexion;
private $_nom_utilisateur;
private $_email;
private $_mot_de_passe;
private $_nom;
private $_prenom;
private $_role;
const USER_UNLOGGED = 0;
const USER_LOGGED = 1;
const USER_ADMIN = 5;
public function __construct(array $donnees = null, $forcer = false)
{
if($donnees){
$this->hydrate($donnees,$forcer);
}
}
public function hydrate(array $donnees, $forcer = false)
{
foreach($donnees as $champ => $valeur){
$method = 'set'.ucfirst($champ);
if(method_exists($this,$method))
{
if($forcer){
try {
$this->$method($this->securite($valeur), true);
}catch(Exception $e){
$this->$method($this->securite($valeur));
}
}else {
$this->$method($this->securite($valeur));
}
}
}
}
public function setId_user($id_user, $forcer = false)
{
if(is_numeric($id_user)&&$forcer)
{
$this->_id_user = $id_user;
return true;
}else {
$this->addErreur('id_user','User ID incorrect');
return false;
}
}
public function getId_user()
{
return $this->_id_user;
}
public function setDate_inscription($date_inscription = "")
{
if(is_numeric($date_inscription))
{
$this->_date_inscription = $date_inscription;
}else {
$this->_date_inscription = time();
}
}
public function getDate_inscription()
{
return $this->_date_inscription;
}
public function setIp_inscription($ip_inscription ='')
{
if($ip_inscription)
{
$this->_ip_inscription = $ip_inscription;
}else {
$this->_ip_inscription = $_SERVER['REMOTE_ADDR'];
}
}
public function getIp_inscription()
{
return $this->_ip_inscription;
}
public function setDerniere_connexion()
{
$this->_derniere_connexion = time()."#".$_SERVER['REMOTE_ADDR'];
}
public function getDerniere_connexion()
{
return $this->_derniere_connexion;
}
public function setNom_utilisateur($nom_utilisateur)
{
$this->_nom_utilisateur = $nom_utilisateur;
}
public function getNom_utilisateur()
{
return $this->_nom_utilisateur;
}
public function setEmail($email)
{
if($this->is_mail($email))
{
$this->_email = $email;
}else {
$this->addErreur('email','email incorrect.');
return false;
}
}
public function getEmail()
{
return $this->_email;
}
public function setMot_de_passe($mot_de_passe, $encrypted=false)
{
if($this->is_password($mot_de_passe))
{
if($encrypted)
{
$this->_mot_de_passe = $mot_de_passe;
}else {
$this->_mot_de_passe = crypt($mot_de_passe, $GLOBALS['salt_crypt']);
}
}else{
$this->addErreur('mot_de_passe','Mot de passe incorrect. Minimum 6 caractères.');
return false;
}
}
public function getMot_de_passe()
{
return $this->_mot_de_passe;
}
public function setNom($nom)
{
$this->_nom = $nom;
}
public function getNom()
{
return $this->_nom;
}
public function setPrenom($prenom)
{
$this->_prenom = $prenom;
}
public function getPrenom()
{
return $this->_prenom;
}
public function setRole($role, $forcer = false)
{
if(is_numeric($role)&&$forcer)
{
$this->_role = intval($role);
}else{
$this->addErreur('role','Role incorrect');
return false;
}
}
public function getRole()
{
return $this->_role;
}
} // Fin de la classe User
So, in order to register a new user, I hydrate a new User object with the form POST :
$user = new User($_POST['form'], false);
And I need to set the $force bool to true for create a new User from an Id or if I want to set a field protected.
$user = $userManager->getUserFromId(new User(['id_user' => 1], true));
Is this a good way ?
php object-oriented form
php object-oriented form
asked 8 mins ago
ZekkyoZekkyo
1
New contributor
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 8 mins ago
ZekkyoZekkyo
1
New contributor
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 8 mins ago
ZekkyoZekkyo
1
New contributor
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 8 mins ago
ZekkyoZekkyo
1
asked 8 mins ago
ZekkyoZekkyo
1
1
New contributor
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Zekkyo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "196"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Zekkyo is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f217659%2fsecure-a-class-for-an-hydratation-from-ma-form-post%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Zekkyo is a new contributor. Be nice, and check out our Code of Conduct.
Zekkyo is a new contributor. Be nice, and check out our Code of Conduct.
Zekkyo is a new contributor. Be nice, and check out our Code of Conduct.
Zekkyo is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Code Review Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f217659%2fsecure-a-class-for-an-hydratation-from-ma-form-post%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
