Learning PHP and MySQL

Monday, September 25, 2006

Example 13-7 Creating the entry in the database for a user with an encrypted password

INSERT  INTO  users  (`first_name`,  `last_name`,  `username`,  `password`) VALUES
('Michele','Davis',  'mdavis',  MD5('secret'));

Yields:


Query  OK,  1  row  affected  (0.01  sec)

To check that your row was created and see what the MD5 encoding function returned, you query the users table:


SELECT  *  FROM  users;

Posted by krautgrrl on 09/25 at 11:29 AM
Chapter 13 Code • (0) Comments • (0) Trackbacks • Permalink

Example 13-8 The database login details

<?php
$db_host='localhost';
$db_database='test';
$db_username='test';
$db_password='yourpass';
?>

Posted by krautgrrl on 09/25 at 11:31 AM
Chapter 13 Code • (2) Comments • (0) Trackbacks • Permalink

Example 13-9 Verifying a username and password against the database

<?php require_once('db_login.php'); require_once('DB.php');
if  (!isset($_SERVER['PHP_AUTH_USER'])  ||
!isset($_SERVER['PHP_AUTH_PW']))  {
header('WWW-Authenticate:  Basic  realm="Member  Area"');
header("HTTP/1.0  401  Unauthorized");
echo  "You  must  enter  in  a  username  and  password  combination!";
exit;
}
$web_username  =  $_SERVER['PHP_AUTH_USER'];
$web_password  =  $_SERVER['PHP_AUTH_PW'];
$connection  =  DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if  (DB::isError($connection)){
die  ("Could  not  connect  to  the  database:  <br  />".  DB::errorMessage($connection));
}
$query  =  "SELECT  `user_id`,  `username`  FROM  `users`  WHERE
`username`='".$web_username."'  AND  `password`=MD5('".$web_password."')  LIMIT  1";
$result  =  $connection->query($query);
if  (DB::isError($result)){
die("Could  not  query  the  database:  <br  />".$query."  ".DB::errorMessage($result));
}
if  (!$row  =  $result->fetchRow(DB_FETCHMODE_ASSOC))  { header('WWW-Authenticate:  Basic  realm="Member  Area"'); header("HTTP/1.0  401  Unauthorized");
echo  "Your  username  and  password  combination  was  incorrect!";
exit;
}
echo("You  have  successfully  logged  in  as  ".$row['username']."!");
?>

Posted by krautgrrl on 09/25 at 11:31 AM
Chapter 13 Code • (1) Comments • (0) Trackbacks • Permalink

Example 14-1 Using Apache authentication to restrict access to scripts

AuthType  Basic
AuthName  "Administrators  Only"
AuthUserFile  /usr/local/apache/passwd/passwords
Require  valid-user

Posted by krautgrrl on 09/25 at 11:51 AM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-10 Suppressing the standard database error message

<?php require_once('db_login.php');
$error  =  "Site  down  for  maintenance,  please  check  back.";
$db_link  =  @mysql_connect($db_host,  $db_username,  $db_password)  or  die($error);
@mysql_select_db($db_database,  $db_link)  or  die($error);
?>

Posted by krautgrrl on 09/25 at 02:46 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-11 Seeing the results of magic quotes

<?php
$search=$_GET[search];
$self=$_SERVER['PHP_SELF'];
if  ($search  !=  NULL  )
{
  echo  "The  search  string  is:  <strong>$search</strong>.";
}
else
{
   echo  ("<form  action=\"$self\"  ");
   echo  ('method="get">
              <label>  Search:  <input  type="text"  name="search"  id="search">  </label>
              <input  type="submit"  value="Go!">
              </form>
              ');
}
?>

Posted by krautgrrl on 09/25 at 02:49 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-12 Checking for magic quotes

<?php
$search  =  $_GET["search"];
if  (!get_magic_quotes_gpc())  {
$search  =  addslashes($search);
}
if  ($search  !=  NULL  ){
echo  "The  search  string  is:  <strong>$search</strong>.";
}
else  {
echo  '<form  method="'.$_SERVER["PHP_SELF"].'"  method="GET">
<label> Search:
<input  type="text"  name="search"  id="search"  />
</label>
<input  type="submit"  value="Go!"  />
</form>';
}
?>

Posted by krautgrrl on 09/25 at 03:18 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-2 Creating an Apache password for .htaccess


htpasswd  -c  /usr/local/apache/passwd/passwords  mdavis

The –c option is required only for adding the first entry to a password file. You’ll be prompted to enter the password twice to ensure you don’t have a typo. If the pass- words match, you’ll see the following:


Adding  password  for  user  mdavis

Posted by krautgrrl on 09/25 at 11:52 AM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-3 Comparing the output of md5 to that of sha1

<?php
echo  "Encrypting  <b>testing</b>  using  md5:  ".md5("testing");
echo  "<br  />";
echo  "Encrypting  <b>testing</b>  using  sha1:  ".sha1("testing");
?>

Posted by krautgrrl on 09/25 at 11:53 AM
Chapter 14 Code • (2) Comments • (0) Trackbacks • Permalink

Example 14-4 Not initializing a variable was a hole in sample.php

<?php
if  (check_username_and_password())  {
//they  logged  in  successfully
$access  =  TRUE;
}
if  ($access)  {
echo  "Welcome  to  the  administrative  control  panel.";
//more  privileged  code  here…
}
else  {
echo  "Access  denied";
}
?>

The value for $access of TRUE from the GET parameter would cause the check for access to return TRUE when register_globals is on. Modifying the code to look like this:

<?php
//predefining  the  value  is  good  coding  practice  anyway
$access  =  FALSE;
if  (check_username_and_password())  {
//they  logged  in  successfully
$access  =  TRUE;
}
if  ($access)  {
echo  "Welcome  to  the  administrative  control  panel.";
//more  privileged  code  here…
}
else  {
echo  "Access  denied";
}
?>

This causes the correct message to come up.

Posted by krautgrrl on 09/25 at 02:39 PM
Chapter 14 Code • (2) Comments • (0) Trackbacks • Permalink

Example 14-5 Sessions with register_globals on or off in session_test.php

<?php session_start();
if  (isset($username))  {
echo  "Hello  $username";
}  else  {
echo  "Please  login.";
}
?>

Posted by krautgrrl on 09/25 at 02:41 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-6 Session using the proper $_SESSION super global

<?php session_start();
$username=$_SESSION['username'];
if  (isset($username))  {
echo  "Hello  $username";
}  else  {
echo  "Please  login.";
}
?>

Posted by krautgrrl on 09/25 at 02:42 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-7 Detecting simple variable poisoning

<?php
if  (isset($_COOKIE['MAGIC_COOKIE']))  {
    //  MAGIC_COOKIE  comes  from  a  cookie.
   //  Be  sure  to  validate  the  cookie  data!
}  elseif  (isset($_GET['MAGIC_COOKIE'])  ||  isset($_POST['MAGIC_COOKIE']))  { 
    mail("admin@example.com",  "Possible  breakin  attempt",  $_SERVER['REMOTE_ADDR']); 
    echo  "Security  violation,  admin  has  been  alerted.";
    exit;
}  else  {
     //  MAGIC_COOKIE  isn't  set  through  this  REQUEST

}
?>

Posted by krautgrrl on 09/25 at 02:42 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-8 Checking for session hijacking

<?php session_start();
$user_check  =  md5($_SERVER['HTTP_USER_AGENT']  .  $_SERVER['REMOTE_ADDR']);
if  (empty($_SESSION['user_data']))  {
session_regenerate_id();
echo  ("New  session,  saving  user_check.");
$_SESSION['user_data']  =  $user_check;
}
if  (strcmp($_SESSION['user_data'],  $user_check)  !==  0)  {
session_regenerate_id();
echo  ("Warning,  you  must  reenter  your  session.");
$_SESSION  =  array();
$_SESSION['user_data']  =  $user_check;
}
else  {
echo  ("Connection  verified!");
}
?>

Posted by krautgrrl on 09/25 at 02:45 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-9 session.save_path functionality

<?php
ini_set('session.save_path',  '/home/user/sessions/');
session_start();
?>

Posted by krautgrrl on 09/25 at 02:46 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Page 3 of 5 pages « First < 1 2 3 4 5 >

Statistics

This page has been viewed 374258 times
Page rendered in 0.2822 seconds
Total Entries: 224
Total Comments: 16
Total Trackbacks: 307338
Most Recent Entry: 09/27/2006 12:39 pm
Most Recent Comment on: 10/26/2007 10:00 am
Total Members: 2
Total Logged in members: 0
Total guests: 7
Total anonymous users: 0
Most Recent Visitor on: 02/06/2012 06:53 am
The most visitors ever was 1103 on 11/20/2007 12:50 pm

Referrers