Question

我为我的android项目的登录/注册部分制作了几个php文件，我想知道是否有办法让它们更安全。下面发布的文件代码。

的config.php：

<?php
    define('hostname', 'localhost');
    define('username', 'username');
    define('password', 'password');
    define('db_name', 'database');
?>

connection.php：

<?php

    require_once 'config.php';

    class DB_Connection {

        private $connect;
        function __construct() {
            $this->connect = mysqli_connect(hostname, username, password, db_name) or die("db connection error");
        }

        public function get_connection() {
            return $this->connect;
        }

    }

?>

register.php：

<?php

    require_once 'connection.php';
    header('Content-Type: application/json');

    class User {

        private $db;
        private $connection;

        function __construct() {
            $this->db = new DB_Connection();
            $this->connection = $this->db->get_connection();
        }

        public function registration($email,$username,$password) {
            $query = "INSERT INTO users(email,username,password) VALUES ('$email','$username','$password')";
            $is_inserted = mysqli_query($this->connection, $query);
            if ($is_inserted == 1) {
                $json['success'] = 'account for '.$username.' was created';
            } else {
                $json['error'] = 'email or username is already taken';
            }
            echo json_encode($json);
            mysqli_close($this->connection);
        }

    }

    $user = new User();
    if (isset($_POST['email'],$_POST['username'],$_POST['password'])) {
        $email = $_POST['email'];
        $username = $_POST['username'];
        $password = $_POST['password'];

        if (!empty($email) && !empty($username) && !empty($password)) {
            $encrypted_password = md5($password);
            $user -> registration($email,$username,$encrypted_password);
        } else {
            $json['error'] = 'please fill in all fields';
            echo json_encode($json);
        }
    }

?>

的login.php：

<?php

    require_once 'connection.php';
    header('Content-Type: application/json');

    class User {

        private $db;
        private $connection;

        function __construct() {
            $this->db = new DB_Connection();
            $this->connection = $this->db->get_connection();
        }

        public function login($username,$password) {
            $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
            $result = mysqli_query($this->connection, $query);
            if (mysqli_num_rows($result) > 0) {
                $json['success'] = 'welcome '.$username;
            } else {
                $json['error'] = 'incorrect username or password';
            }
            echo json_encode($json);
            mysqli_close($this->connection);
        }

    }

    $user = new User();
    if (isset($_POST['username'],$_POST['password'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];

        if (!empty($username) && !empty($password)) {
            $encrypted_password = md5($password);
            $user -> login($username, $encrypted_password);
        } else {
            $json['error'] = 'you must fill out all fields';
            echo json_encode($json);
        }
    }

?>

提前感谢所有人和任何帮助！

如何使我的php文件更安全，android？

0 个答案: