Web サイト用に Ajax ログインを作成しましたが、最適化できるように感じますが、方法と場所がわかりません。
質問:
- コードを最適化するにはどうすればよいですか?
- コードは安全ですか?それを破る方法(注射など)はありますか?
また、ログインしようとすると、現在、ログインの処理に約 1 秒かかります (ローカルホスト上)。これは長いですか?
これが私のAjax呼び出しです:
$(document).ready(function() {
$(document).on("submit", "form", function(event) {
event.preventDefault();
$.ajax({
url: 'assets/php/login_script.php',
type: 'POST',
data: $(this).serialize(),
success: function(data) {
if (data == true) {
window.location.href = "index.php";
} else {
$("input[name=password_field]").focus();
$(".error").html(data);
}
}
});
});
});
PHPスクリプトは次のとおりです。
<?php
include_once("access.php");
$cxn = mysqli_connect($host, $user, $pass, $db) or die ("Couldn't connect to the server. Please try again.");
$username = $_POST["username"];
$password = $_POST["password"];
$date = date('Y-m-d h:i:s', time());
$ip_address = get_ip_address();
$expire = time() + 86400 * 365;
$options = array('cost' => 12);
$hash_password = password_hash($password, PASSWORD_BCRYPT, $options);
/* Log the login request. */
$stmt = $cxn->prepare("INSERT INTO login_logs (log_id, username, password, datetime, ip_address) VALUES ('', ?, ?, ?, ?)");
$stmt->bind_param('ssss', $username, $hash_password, $date, $ip_address);
$stmt->execute();
/* Get user information from database. */
$stmt = $cxn->prepare('SELECT * FROM users WHERE username = ?');
$stmt->bind_param('s', $username);
$stmt->execute();
$result = $stmt->get_result();
/* If a result exists, continue. */
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$db_username = $row['username'];
$db_password = $row['password'];
$random_hash = password_hash(time() . $db_username . time(), PASSWORD_BCRYPT, $options);
/* Password matches. */
if (password_verify($password, $db_password)) {
/* Get user's cookie information in database. */
$stmt2 = $cxn->prepare("SELECT * FROM cookies WHERE username = ?");
$stmt2->bind_param('s', $db_username);
$stmt2->execute();
$result2 = $stmt2->get_result();
/* If a result exists, update the cookie. */
if ($result2->num_rows > 0) {
$stmt = $cxn->prepare("UPDATE cookies SET hash = ? WHERE username = ?");
$stmt->bind_param('ss', $random_hash, $db_username);
$stmt->execute();
setcookie("user", $db_username, $expire, "/");
setcookie("hash", $random_hash, $expire, "/");
} else {
$stmt = $cxn->prepare("INSERT INTO cookies (cookie_id, username, hash) VALUES ('', ?, ?)");
$stmt->bind_param('ss', $db_username, $random_hash);
$stmt->execute();
setcookie("user", $db_username, $expire, "/");
setcookie("hash", $random_hash, $expire, "/");
}
echo true;
} else {
echo "Incorrect credentials.";
}
}
} else {
echo "Incorrect credentials.";
}
function get_ip_address() {
$ip_address = '';
if (getenv('HTTP_CLIENT_IP'))
$ip_address = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ip_address = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ip_address = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ip_address = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ip_address = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ip_address = getenv('REMOTE_ADDR');
else
$ip_address = 'UNKNOWN';
return $ip_address;
}
?>
スクリプトを最適化して見栄えを良くしたり、高速にしたりするにはどうすればよいですか?