A few improvements #65
Conversation
-Muted file_get_contents() so that the API key is not publicly exposed -userInfo.php won't do anything if the user hasn't logged in -Added the constant STEAMAUTH_LOGOUT_LINK to make logout more flexible.
|
Good improvements, except that constant. |
|
Hi,
|
|
I cannot change your Pull Request. Go ahead and edit the files in your fork. It will automatically add theese changes to the PR. |
|
Ok, I've commited the new changes. |
|
This looks ready to merge from my side now. |
|
Sorry about the delay, been really busy with exams. Thanks for your help! :) |
Hey there. First of all, I'll be using your framework for my project wich I'll upload to GitHub soon, so thank you. Now, I've made some changes that you may want to consider adding to your project:
Please, do consider making this change: with the current script, if the server doesn't reach the Steam servers (i.e: Steam is down),
file_get_contents()will display a warning to the user with the URL used, and this URL contains the API key. We do not want the user to be able to access it; this is a security issue.I know that in the example you handle this manually by including only userInfo.php when the user has logged in, but a good framework should take care of everything for you. In the current script, including this file without an user session wastes resources, increases load time and displays warnings. With this fix, it simply won't do anything.
Its value is
steamauth/logout.phpand it is an alternative tologoutbutton(), wich provides more flexibility. Withlogoutbutton()you get a simple, non-customizable button, but with the constant you can make your own button, or simply have a logout link.Many thanks for your time.