Хороним $_COOKIE['pass'], отказываемся от md5('pass'). Это не регистрация, а чёрная дыра!

2023-01-06 16:57:25 +02:00
parent e9ec7eb2f2
commit 9e45f170c7
50 changed files with 1470 additions and 2242 deletions
@@ -97,17 +97,21 @@ class UserRegister

    public static function new(string $login, string $password, string $email, $ref, $birthday, $sex): string
    {
+        $password = password_hash($password, PASSWORD_DEFAULT);
+        $ref = (int)$ref;
+        $ip = UserIp::get();
+        $sex = (int)$sex - 10; //Íà âõîäå 10\11, à ïåðåäàòü íàäî 0\1.
        Db::sql(
-            'insert into users (users.real,login,host_reg,pass,ip,ipreg,room,timereg,activ,mail,bithday,sex,fnq,design,molch2,level,hobby,clan_zv) values (1,?,?,?,?,?,9,unix_timestamp(),0,?,?,?,0,1,unix_timestamp() + 86400,8,\'\',0)',
+            'insert into users (users.real,login,host_reg,pass,ip,ipreg,room,timereg,mail,bithday,sex,fnq,molch2,level,hobby,clan_zv) values (1,?,?,?,?,?,9,unix_timestamp(),?,?,?,0,unix_timestamp() + 86400,8,\'\',0)',
            [
                $login,
-                (int)$ref,
-                md5($password),
-                UserIp::get(),
-                UserIp::get(),
+                $ref,
+                $password,
+                $ip,
+                $ip,
                $email,
                date('d.m.Y', strtotime($birthday)),
-                $sex - 10,
+                $sex,
            ]
        );