2 of 4
updated link
Try to avoid creating your own hashing function. Instead (if your PHP version allows), use the built in password_hash() and password_verify() functions.
Your method of gaining the IP address is a start, but I think it could be more complete.
If you can, avoid using echo $r->getMessage(); as it may produce information a malicious user could exploit. Control the output given to the user.
In Member.class.php I see a lot of nested ifs. Try to flatten your code for greater readability.
Alex L
- 5.8k
- 2
- 26
- 69
default