Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Development
Flashback PHP - A Habbo CMS written in vanilla PHP
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="BIOS" data-source="post: 465440" data-attributes="member: 15674"><p>I know this may be more of a learning experience project type of thing, but I would highly recommend using a pre-existing templating library. I quite like <a href="https://twig.symfony.com/" target="_blank">Twig</a>.</p><p></p><p>Some reasoning and other tips:</p><ul> <li data-xf-list-type="ul">Twig is pretty fast, flexible in the sense it can be extended, and most importantly it is secure (provides you with methods to <a href="https://twig.symfony.com/doc/3.x/filters/escape.html" target="_blank">escape </a>output for different contexts, in-fact it actually default escapes output for the HTML context, so in 90% of cases you do not have to worry about XSS).</li> <li data-xf-list-type="ul">Highly consider using something like composer. It will make your life a whole lot easier in the long run, and your code much cleaner. For example, rather than manually including each of your required files at the top, you could use an <a href="https://getcomposer.org/doc/01-basic-usage.md#autoloading" target="_blank">autoloader</a>.</li> <li data-xf-list-type="ul">Also look into the concept of <a href="https://pimple.symfony.com/" target="_blank">dependency injection</a>. This allows you to essentially inject all of your services (User) into a container which you can use anywhere, rather than having to instantiate a new object of it everywhere you need to use it. That also makes unit testing much easier, should you choose to learn more about that (recommended, essentially confirms your code is behaving the way you expect it to).</li> <li data-xf-list-type="ul">I noticed you called $user->newUser() without validating any of the user submitted info, perhaps you should add another method under the User class to validate each of the inputs are valid (type, length, and semantically correct - e.g. validate e-mail's using filter_var($email, FILTER_VALIDATE_EMAIL).</li> <li data-xf-list-type="ul">After adding a new user ($user->newUser()), you sender a Location header to redirect. You should call exit/die() after redirections to make sure the rest of the script does not execute.</li> <li data-xf-list-type="ul">Not required, but you might also want to research type hinting, here's a link: <a href="https://phpenthusiast.com/object-oriented-php-tutorials/type-hinting" target="_blank">PHP type hinting</a>.</li> <li data-xf-list-type="ul">Again, not required, but I'd recommend following what's sometimes referred to as short circuiting for cleaner code. e.g. your code</li> </ul><p>[CODE]</p><p>if(isset($_POST["submit"])) {</p><p> if(!empty($_POST["email"]) && !empty($_POST["username"]) && !empty($_POST["password"]) && !empty($_POST["verify"])) {</p><p>//assign user input to variables</p><p>$email = $_POST["email"];</p><p>$username = $_POST["username"];</p><p>$password = $_POST["password"];</p><p>$verify = $_POST["verify"];</p><p>//creates new user with username, password and email</p><p>if($user->newUser($username, $password, $email)) {</p><p>header("location: index.php");</p><p>}</p><p>} else {</p><p>$message = "Whoops, something went wrong! Please check all of the fields, and try again.";</p><p>}</p><p>}</p><p>[/CODE]</p><p>could be rewritten as:</p><p>[CODE]</p><p>if (isset($_POST["submit"])) {</p><p> if (empty($_POST["email"]) || empty($_POST["username"]) || empty($_POST["password"]) || empty($_POST["verify"])) {</p><p> $message = "Whoops, something went wrong! Please check all of the fields, and try again.";</p><p> // return a response early here.</p><p> }</p><p> //assign user input to variables</p><p> $email = $_POST["email"];</p><p> $username = $_POST["username"];</p><p> $password = $_POST["password"];</p><p> $verify = $_POST["verify"];</p><p> //creates new user with username, password and email</p><p> if ($user->newUser($username, $password, $email)) {</p><p> header("location: index.php");</p><p> }</p><p>}</p><p>[/CODE]</p><p></p><p>Hopefully some of this helped, and good luck <img src="/styles/default/xenforo/smilies/emojione/smile.png" class="smilie" loading="lazy" alt=":)" title="Smile :)" data-shortname=":)" /></p></blockquote><p></p>
[QUOTE="BIOS, post: 465440, member: 15674"] I know this may be more of a learning experience project type of thing, but I would highly recommend using a pre-existing templating library. I quite like [URL='https://twig.symfony.com/']Twig[/URL]. Some reasoning and other tips: [LIST] [*]Twig is pretty fast, flexible in the sense it can be extended, and most importantly it is secure (provides you with methods to [URL='https://twig.symfony.com/doc/3.x/filters/escape.html']escape [/URL]output for different contexts, in-fact it actually default escapes output for the HTML context, so in 90% of cases you do not have to worry about XSS). [*]Highly consider using something like composer. It will make your life a whole lot easier in the long run, and your code much cleaner. For example, rather than manually including each of your required files at the top, you could use an [URL='https://getcomposer.org/doc/01-basic-usage.md#autoloading']autoloader[/URL]. [*]Also look into the concept of [URL='https://pimple.symfony.com/']dependency injection[/URL]. This allows you to essentially inject all of your services (User) into a container which you can use anywhere, rather than having to instantiate a new object of it everywhere you need to use it. That also makes unit testing much easier, should you choose to learn more about that (recommended, essentially confirms your code is behaving the way you expect it to). [*]I noticed you called $user->newUser() without validating any of the user submitted info, perhaps you should add another method under the User class to validate each of the inputs are valid (type, length, and semantically correct - e.g. validate e-mail's using filter_var($email, FILTER_VALIDATE_EMAIL). [*]After adding a new user ($user->newUser()), you sender a Location header to redirect. You should call exit/die() after redirections to make sure the rest of the script does not execute. [*]Not required, but you might also want to research type hinting, here's a link: [URL='https://phpenthusiast.com/object-oriented-php-tutorials/type-hinting']PHP type hinting[/URL]. [*]Again, not required, but I'd recommend following what's sometimes referred to as short circuiting for cleaner code. e.g. your code [/LIST] [CODE] if(isset($_POST["submit"])) { if(!empty($_POST["email"]) && !empty($_POST["username"]) && !empty($_POST["password"]) && !empty($_POST["verify"])) { //assign user input to variables $email = $_POST["email"]; $username = $_POST["username"]; $password = $_POST["password"]; $verify = $_POST["verify"]; //creates new user with username, password and email if($user->newUser($username, $password, $email)) { header("location: index.php"); } } else { $message = "Whoops, something went wrong! Please check all of the fields, and try again."; } } [/CODE] could be rewritten as: [CODE] if (isset($_POST["submit"])) { if (empty($_POST["email"]) || empty($_POST["username"]) || empty($_POST["password"]) || empty($_POST["verify"])) { $message = "Whoops, something went wrong! Please check all of the fields, and try again."; // return a response early here. } //assign user input to variables $email = $_POST["email"]; $username = $_POST["username"]; $password = $_POST["password"]; $verify = $_POST["verify"]; //creates new user with username, password and email if ($user->newUser($username, $password, $email)) { header("location: index.php"); } } [/CODE] Hopefully some of this helped, and good luck :) [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Development
Flashback PHP - A Habbo CMS written in vanilla PHP
Top