Re: I need an opion!!! Thanks!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sebastian Dieser wrote:

Hi, we have been using the following codes on our site for a year and I wanted to know if these codes are just spaghetti or its actual usable code. I know it can be bettered a lot I just need opinions if the codes can be used a while more until we reprogram everything as a complete CMS system.

Thanks a lot! my superiors want to know because there is another coder that says these codes are just spaghetti.

There is more codes but i am able to access the database fine and everything else. Of course the codes can be bettered but i dont believe its just spaghetti!!!!! I used these codes because there was no need to reinvent the wheel. I apreciate your help!
I hope you have indenting in your code and it's just the email that came through badly. 

I wouldn't say it's spaghetti code but it could do with a clean-up.

--------
if ($loginConnector->getNumRows($getUser)> 0){
  // Login OK, store session details
  // Log in
  $_SESSION["user"] = $user;
  $_SESSION["pass"] = $this->userdata['pass'];
  $_SESSION["thegroup"] = $this->userdata['thegroup'];

  if ($goodRedirect) {
    header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
  }
  return true;

}else{
--------
If you're returning out of the function there why do you need an else? PHP will automatically skip that block if it's not going to process that code path. 

--------
// If user is already logged in then check credentials
if ($_SESSION['user'] && $_SESSION['pass']){
--------
...

reverse that:

if (!isset($_SESSION['user']) || !isset($_SESSION['pass'])) {
  return false;
}


You remove a huge if block which isn't needed.


--------
query('SELECT * FROM vendors WHERE ID = '.$HTTP_GET_VARS['id']);
--------
Go to this website and read everything you can find: http://phpsec.org/projects/guide/
You have sql injection here that needs attention (and if it's here I'm sure there could be other spots too). 

Also HTTP_GET_VARS is old, change it to the newer $_GET['id'] syntax.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux