Learning PHP and MySQL

Monday, September 25, 2006

Example 14-10 Suppressing the standard database error message

<?php require_once('db_login.php');
$error  =  "Site  down  for  maintenance,  please  check  back.";
$db_link  =  @mysql_connect($db_host,  $db_username,  $db_password)  or  die($error);
@mysql_select_db($db_database,  $db_link)  or  die($error);
?>

Posted by krautgrrl on 09/25 at 02:46 PM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 14-11 Seeing the results of magic quotes

<?php
$search=$_GET[search];
$self=$_SERVER['PHP_SELF'];
if  ($search  !=  NULL  )
{
  echo  "The  search  string  is:  <strong>$search</strong>.";
}
else
{
   echo  ("<form  action=\"$self\"  ");
   echo  ('method="get">
              <label>  Search:  <input  type="text"  name="search"  id="search">  </label>
              <input  type="submit"  value="Go!">
              </form>
              ');
}
?>

Posted by krautgrrl on 09/25 at 02:49 PM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 14-12 Checking for magic quotes

<?php
$search  =  $_GET["search"];
if  (!get_magic_quotes_gpc())  {
$search  =  addslashes($search);
}
if  ($search  !=  NULL  ){
echo  "The  search  string  is:  <strong>$search</strong>.";
}
else  {
echo  '<form  method="'.$_SERVER["PHP_SELF"].'"  method="GET">
<label> Search:
<input  type="text"  name="search"  id="search"  />
</label>
<input  type="submit"  value="Go!"  />
</form>';
}
?>

Posted by krautgrrl on 09/25 at 03:18 PM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 14-2 Creating an Apache password for .htaccess

htpasswd  -c  /usr/local/apache/passwd/passwords  mdavis

The –c option is required only for adding the first entry to a password file. You’ll be prompted to enter the password twice to ensure you don’t have a typo. If the pass- words match, you’ll see the following:

Adding  password  for  user  mdavis

Posted by krautgrrl on 09/25 at 11:52 AM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 14-3 Comparing the output of md5 to that of sha1

<?php
echo  "Encrypting  <b>testing</b>  using  md5:  ".md5("testing");
echo  "<br  />";
echo  "Encrypting  <b>testing</b>  using  sha1:  ".sha1("testing");
?>

Posted by krautgrrl on 09/25 at 11:53 AM
Chapter 14 Code • (2) Comments • (0) TrackbacksPermalink

Example 14-4 Not initializing a variable was a hole in sample.php

<?php
if  (check_username_and_password())  {
//they  logged  in  successfully
$access  =  TRUE;
}
if  ($access)  {
echo  "Welcome  to  the  administrative  control  panel.";
//more  privileged  code  here…
}
else  {
echo  "Access  denied";
}
?>

The value for $access of TRUE from the GET parameter would cause the check for access to return TRUE when register_globals is on. Modifying the code to look like this:

<?php
//predefining  the  value  is  good  coding  practice  anyway
$access  =  FALSE;
if  (check_username_and_password())  {
//they  logged  in  successfully
$access  =  TRUE;
}
if  ($access)  {
echo  "Welcome  to  the  administrative  control  panel.";
//more  privileged  code  here…
}
else  {
echo  "Access  denied";
}
?>

This causes the correct message to come up.

Posted by krautgrrl on 09/25 at 02:39 PM
Chapter 14 Code • (2) Comments • (0) TrackbacksPermalink

Example 14-5 Sessions with register_globals on or off in session_test.php

<?php session_start();
if  (isset($username))  {
echo  "Hello  $username";
}  else  {
echo  "Please  login.";
}
?>

Posted by krautgrrl on 09/25 at 02:41 PM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 14-6 Session using the proper $_SESSION super global

<?php session_start();
$username=$_SESSION['username'];
if  (isset($username))  {
echo  "Hello  $username";
}  else  {
echo  "Please  login.";
}
?>

Posted by krautgrrl on 09/25 at 02:42 PM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 14-7 Detecting simple variable poisoning

<?php
if  (isset($_COOKIE['MAGIC_COOKIE']))  {
    //  MAGIC_COOKIE  comes  from  a  cookie.
   //  Be  sure  to  validate  the  cookie  data!
}  elseif  (isset($_GET['MAGIC_COOKIE'])  ||  isset($_POST['MAGIC_COOKIE']))  
    mail("admin@example.com",  "Possible  breakin  attempt",  $_SERVER['REMOTE_ADDR']); 
    echo  "Security  violation,  admin  has  been  alerted.";
    exit;
}  else  {
     //  MAGIC_COOKIE  isn't  set  through  this  REQUEST

}
?>

Posted by krautgrrl on 09/25 at 02:42 PM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 14-8 Checking for session hijacking

<?php session_start();
$user_check  =  md5($_SERVER['HTTP_USER_AGENT']  .  $_SERVER['REMOTE_ADDR']);
if  (empty($_SESSION['user_data']))  {
session_regenerate_id();
echo  ("New  session,  saving  user_check.");
$_SESSION['user_data']  =  $user_check;
}
if  (strcmp($_SESSION['user_data'],  $user_check)  !==  0)  {
session_regenerate_id();
echo  ("Warning,  you  must  reenter  your  session.");
$_SESSION  =  array();
$_SESSION['user_data']  =  $user_check;
}
else  {
echo  ("Connection  verified!");
}
?>

Posted by krautgrrl on 09/25 at 02:45 PM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 14-9 session.save_path functionality

<?php
ini_set('session.save_path',  '/home/user/sessions/');
session_start();
?>

Posted by krautgrrl on 09/25 at 02:46 PM
Chapter 14 Code • (0) Comments • (0) TrackbacksPermalink

Example 15-1 Building a form that validates its fields before submission

<SCRIPT  LANGUAGE="JavaScript1.2"  SRC="source.js">
</SCRIPT>

<HTML>
<HEAD>
       <TITLE>Sample  Form</TITLE>
</HEAD>

<SCRIPT  LANGUAGE="JavaScript1.2"> 
         function  check_valid(form)  { 
         var  error  =  "";
         error  +=  verify_username(form.username.value);
         error  +=  verify_password(form.password.value); 
         error  +=  verify_phone(form.phone.value);
         error  +=  verify_email(form.email.value);
         if  (error  !=  "")  { 
              alert(error); 
              return  false;
         }
return  true;
}
</SCRIPT>

<BODY  BGCOLOR="#FFFFFF">
         <FORM  action="process.php"  METHOD="post"
onSubmit="return  check_valid(this)"  id="test1"  name="test1">
         <TABLE  BORDER="0"  WIDTH="100%"  CELLSPACING="0" CELLPADDING="0">
              <TR>
                     <TD  WIDTH="30%"  ALIGN="right">Username</TD>
                     <TD  WIDTH="70%">:  <INPUT  TYPE="text"  NAME="username"></TD>
              </TR>
              <TR>
                      <TD  ALIGN="right">Password</TD>
                      <TD>:  <INPUT  TYPE="password"  NAME="password"></TD>
               </TR>
               <TR>
                      <TD  ALIGN="right">Phone</TD>
                      <TD>:  <INPUT  TYPE="phone"  NAME="phone"></TD>
                </TR>
                <TR>
                      <TD  ALIGN="right">Email</TD>
                      <TD>:  <INPUT  TYPE="email"  NAME="email"></TD>
                 </TR>
                 <TR>
                      <TD>&nbsp;</TD>
                      <TD><INPUT  TYPE="SUBMIT"  VALUE="Submit"></TD>
                  </TR>
           </TABLE>
         </FORM>
</BODY>
</HTML>

Posted by krautgrrl on 09/25 at 04:05 PM
Chapter 15 Code • (0) Comments • (0) TrackbacksPermalink

Tuesday, September 26, 2006

Example 15-2 The file source.js contains functions to check the various fields

//  verify username - 6-10 chars, uc, lc, and underscore only. 
function verify_username  (strng)  {
var  error  =  "";
if  (strng  ==  "")  {
    error  =  "You didn't enter a username.\n";
}
     var  illegalChars  =  /\W/;  // allow letters, numbers, and underscores 
      if  ((strng.length  <  6)  ||  (strng.length  >  10))  {
           error  =  "The username is the wrong length. It must be 6-10 characters.\n";
      }
      else  if  (illegalChars.test(strng))  {
      error  =  "The username contains illegal characters.\n";
      }
return error;
}

//  verify password - between 6-8 chars, uppercase, lowercase, and numeral 
function  verify_password  (strng)  {
var  error  =  "";
if  (strng  ==  "")  {
    error  =  "You didn't enter a password.\n";
}
    var  illegalChars  =  /[\W_]/;  //  allow only letters and numbers
    if  ((strng.length  <  6)  ||  (strng.length  >  8))  {
        error  =  "The password is the wrong length. It must be 6-8 characters.\n";
     }
     else  if  (illegalChars.test(strng))  {
     error  =  "The  password contains illegal characters.\n";
    }
    else  if  (!((strng.search(/(a-z)+/))  &&  (strng.search(/(A-Z)+/))  &&
(strng.search(/(0-9)+/))))  {
          error  =  "The password must contain at least one uppercase letter, one 
lowercase letter, and one numeral.\n";
        }
return error;
}

//  verify email
function  verify_email  (strng)  {
var  error="";
if  (strng  ==  "")  {
    error  =  "You didn't enter an email address.\n";
}

    var  emailFilter=/^.+@.+\..{2,3}$/;
     if  (!(emailFilter.test(strng)))  {
         error  =  "Please enter a valid email address.\n";
     }
     else  {
//test email for illegal characters
          var  illegalChars=  /[\(\)\<\>\,\;\:\\\"\[\]]/
             if  (strng.match(illegalChars))  {
              error  =  "The email address contains illegal characters.\n";
         }
      }
return  error;
}

//  verify phone number - strip out delimiters and verify for 10 digits
function verify_phone (strng)  {
var  error  =  "";
if  (strng  ==  "")  {
    error  =  "You didn't enter a phone number.\n";
}
//strip out acceptable non-numeric characters
var  stripped  =  strng.replace(/[\(\)\.\-\  ]/g,  '');
       if  (isNaN(parseInt(stripped)))  {
           error  =  "The phone number contains illegal characters.";

      }
      if  (!(stripped.length  ==  10))  {
      error  =  "The phone number is the wrong length. Make sure you included an area 
code.\n";
       }
return error;
}

Posted by krautgrrl on 09/26 at 02:58 PM
Chapter 15 Code • (0) Comments • (91) TrackbacksPermalink

Wednesday, September 27, 2006

Example 15-3 Using preg_match to return an array of matches that start with ple

<?php
$subject  =  "example";
$pattern  =  '/^ple/';
preg_match($pattern,  $subject,  $matches);
print_r($matches);
?>

This code displays:

Array  (  )

Posted by krautgrrl on 09/27 at 11:10 AM
Chapter 15 Code • (0) Comments • (0) TrackbacksPermalink

Example 15-4 Displaying an error from PHP and redisplaying the form with submitted values

<html>
<head>
<title>Sample  Form</title>
<script  type="text/javascript"  src="source.js"></script>
<script  type="text/javascript">
function  check_valid(form)  {
var  error  =  "";
error  +=  verify_username(form.username.value); 
error  +=  verify_password(form.password.value); 
error  +=  verify_phone(form.phone.value);
error  +=  verify_email(form.email.value);
if  (error  !=  "")  { 
alert(error); 
return  false;
}
return  true;
}
</script>
</head>
<body>
<?php
//  Check for form post submit
 if  ($_POST["submit"])
require_once('db_login.php'); 
require_once('DB.php');
$connection  =  DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if  (DB::isError($connection)){
die  ("Could not connect to the database:  <br  />".  DB::errorMessage($connection));
}
//  Remember to use htmlentities to prevent cross-site scripting vulerablities
$username  =  htmlentities($_POST["username"]);
$password  =  htmlentities($_POST["password"]);
$email  =  htmlentities($_POST["email"]);
$phone  =  htmlentities($_POST["phone"]);
$error  =  "";
if  ($username  ==  ""){
$error  .=  "Username must not be null.<br  />";
}
if  ($password  ==  ""){
$error  .=  "Password must not be null.<br  />";
}
if  ($email  ==  ""){
$error  .=  "Email must not be null.<br  />";
}
if  ($phone  ==  ""){
$error  .=  "Phone must not be null.<br  />";
}
//  Query the posts with catagories and user information
$query  =  "SELECT * FROM `users` WHERE `username`='$username'";
//  Execute the database query
$result  =  $connection->query($query);
if  (DB::isError($result)){
die("Could not query the database: <br  />".$query."  ".DB::errorMessage($result));
}
$user_count  =  $result->numRows();
if  ($user_count  >  0)  {
$error  .=  "Error: Username $username is taken already. Please select another.<br  />";
}
if  ($error){
echo  $error;
}
else  {
echo  "User created successfully.";
exit;
}
}
?>
<form  action="<?php  echo $_SERVER["PHP_SELF"];  ?>" method="POST"
onsubmit="return  check_valid(this);"  id="test1"  name="test1">
<table>
<tr>
<td  width="30%"  align="right">Username:</td>
<td><input  type="text"  name="username"  value="<?php  echo 
htmlspecialchars(stripslashes($username));  ?>"  /></td>
</tr>
<tr>
<td  align="right">Password:</td>
<td><input  type="password"  name="password"  value="<?php echo 
htmlspecialchars(stripslashes($password));  ?>"  /></td>
</tr>
<tr>
<td  align="right">Phone:</td>
<td><input  type="phone"  name="phone"  value="<?php echo 
htmlspecialchars(stripslashes($phone));  ?>"  /></td>
</tr>
<tr>
<td  align="right">Email:</td>
<td><input  type="email"  name="email"  value="<?php echo 
htmlspecialchars(stripslashes($email));  ?>"  /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input  type="submit"  name="submit"  value="Submit"  /></td>
</tr>
</table>
</form>
</body>
</html>

Posted by krautgrrl on 09/27 at 11:13 AM
Chapter 15 Code • (0) Comments • (0) TrackbacksPermalink
Page 13 of 15 pages « First  <  11 12 13 14 15 >

Statistics

This page has been viewed 187020 times
Page rendered in 0.5118 seconds
Total Entries: 224
Total Comments: 16
Total Trackbacks: 307338
Most Recent Entry: 09/27/2006 12:39 pm
Most Recent Comment on: 10/26/2007 10:00 am
Total Members: 2
Total Logged in members: 0
Total guests: 9
Total anonymous users: 0
Most Recent Visitor on: 01/06/2009 10:28 pm
The most visitors ever was 1103 on 11/20/2007 12:50 pm

Referrers

Powered by ExpressionEngine