Chapter 9: Security and Performance
272
‘status’ = > db_clean($_POST[‘status’],8) ,
‘password’ = > db_clean($_POST[‘password’],16)
);
$this- > db- > where(‘id’,id_clean($_POST[‘id’]));
$this- > db- > update(‘admins’,$data);
}
function deleteUser($id){
$data = array(‘status’ = > ‘inactive’);
$this- > db- > where(‘id’, id_clean($id) );
$this- > db- > update(‘admins’, $data);
}
Incorporating Previous Security Measures
Before moving on, it ’ s important to revisit the addUser() , updateUser() , and verifyUser()
functions. At the end of Chapter 6 , you used dohash() to secure passwords being saved to the database.
At that point, your code looked like this:
function addUser(){
$data = array(‘username’ = > $_POST[‘username’],
‘email’ = > $_POST[‘email’],
‘status’ = > $_POST[‘status’],
‘password’ = > substr(dohash($_POST[‘password’]),0,16)
);
$this- > db- > insert(‘admins’,$data);
}
function updateUser(){
$data = array(‘username’ = > $_POST[‘username’],
‘email’ = > $_POST[‘email’],
‘status’ = > $_POST[‘status’],
‘password’ = > substr(dohash($_POST[‘password’]),0,16)
);
$this- > db- > where(‘id’,id_clean($_POST[‘id’]));
$this- > db- > update(‘admins’,$data);
}
function verifyUser($u,$pw){
$this- > db- > select(‘id,username’);
$this- > db- > where(‘username’,$u);
$this- > db- > where(‘password’, substr(dohash($pw),0,16) ;
$this- > db- > where(‘status’, ‘active’);
$this- > db- > limit(1);
$Q = $this- > db- > get(‘admins’);
if ($Q- > num_rows() > 0){
$row = $Q- > row_array();
$_SESSION[‘userid’] = $row[‘id’];
$_SESSION[‘username’] = $row[‘username’];
}else{
$this- > session- > set_flashdata(‘error’, ‘Sorry, your username or password is
incorrect!’);
}
}^