Learning PHP and MySQL

Wednesday, September 27, 2006

Example 16-4 The login script, called login.php

<?php
//  Example  of  Auth_HTTP  the  also  returns  additional  information  about  the  user
require_once('config.php');
require_once('db_login.php');
require_once("Auth/HTTP.php");
//  We  use  the  same  connection  string  as  the  pear  DB  functions
$AuthOptions  =  array(
'dsn'=>"mysql://$db_username:$db_password@$db_host/$db_database",
'table'=>"users",  //  your  table  name
'usernamecol'=>"username",  //  the  table  username  column
'passwordcol'=>"password",  //  the  table  password  column
'cryptType'=>"md5",  //  password  encryption  type  in  your  db
'db_fields'=>"*"  //  enabling  fetch  for  other  db  columns
);
$authenticate  =  new  Auth_HTTP("DB",  $AuthOptions);
//  set  the  realm  name
$authenticate->setRealm('Member  Area');
//  authentication  failed  error  message
$authenticate->setCancelText('<h2>Access  Denied</h2>');
//  request  authentication
$authenticate->start();
//  compare  username  and  password  to  stored  values
if  ($authenticate->getAuth())  {
session_start();
$smarty->assign('blog_title',$blog_title);
$smarty->display('header.tpl');
//setup  session  variable
$SESSION['username']  =  $authenticate->username;
$SESSION['first_name']  =  $authenticate->getAuthData('first_name');
$SESSION['last_name']  =  $authenticate->getAuthData('last_name');
$SESSION['user_id']  =  $authenticate->getAuthData('user_id');
echo  "Login  successful.  Great  to  see  you  back  ";
echo  $authenticate->getAuthData('first_name');
echo  "  ";
echo  $authenticate->getAuthData('last_name').".<br  />";
$smarty->display('footer.tpl');
}
?>

Posted by krautgrrl on 09/27 at 11:33 AM
Chapter 16 Code • (0) Comments • (0) TrackbacksPermalink

Example 16-5 SQL to create the posts table

CREATE  TABLE  `posts`  (
   `post_id`  int(11)  NOT  NULL  auto_increment,
   `category_id`  int(11)  NOT  NULL,
   `user_id`  int(11)  NOT  NULL,
   `title`  varchar(150)  NOT  NULL,
   `body`  text  NOT  NULL,
   `posted`  timestampPRIMARY  KEY    (`post_id`)
);

Posted by krautgrrl on 09/27 at 11:35 AM
Chapter 16 Code • (2) Comments • (6) TrackbacksPermalink

Example 16-6 SQL to create the categories table

CREATE  TABLE  `categories`  (
    `category_id`  int(11)  NOT  NULL  auto_increment,
    `category`  varchar(150)  NOT  NULLPRIMARY  KEY    (`category_id`)
);

Example 16-6 returns:

Query OK,  0 rows affected  (0.01  sec)

Posted by krautgrrl on 09/27 at 11:36 AM
Chapter 16 Code • (5) Comments • (5) TrackbacksPermalink

Example 16-7 SQL to create the comments table

CREATE  TABLE  `comments`  (
    `comment_id`  int(11)  NOT  NULL  auto_increment,
    `user_id`  int(11)  NOT  NULL,
    `post_id`  int(11)  NOT  NULL,
    `title`  varchar(150)  NOT  NULL,
    `body`  text  NOT  NULL,
    `posted`  timestamp,
PRIMARY  KEY    (`comment_id`)
);

Posted by krautgrrl on 09/27 at 11:38 AM
Chapter 16 Code • (0) Comments • (1) TrackbacksPermalink

Example 16-8 SQL to create the users table (may have already been created

CREATE  TABLE  `users`  (
    `user_id`  int(11)  NOT  NULL  auto_increment,
    `first_name`  varchar(100)  NOT  NULL,
    `last_name`  varchar(100)  NOT  NULL,
    `username`  varchar(45)  NOT  NULL,
    `password`  varchar(32)  NOT  NULLPRIMARY  KEY    (`user_id`));

SQL code returns, again, that the query value was OK.

Query OK0 rows affected (0.02  sec)

Posted by krautgrrl on 09/27 at 11:40 AM
Chapter 16 Code • (4) Comments • (1) TrackbacksPermalink

Example 16-9 Inserting sample data for the tables

INSERT  INTO  categories  VALUES  (1,'Press  Releases'); INSERT  INTO  categories  VALUES  (2,'Feature  Requests');

INSERT  INTO  posts  VALUES  (NULL,1,1,'PHP  Version  12','PHP  Version  12,  to  be released  third  quarter  2006.  Featuring  the  artificial  inteligence  engine  that writes  the  code  for  you.',NULL);
INSERT  INTO  posts  VALUES  (NULL,1,1,'MySQL  Version  8','Returns  winning  lotto number.',NULL);
INSERT  INTO  posts  VALUES  (NULL,2,2,'Money  Conversion','  Please  add  functions for  converting  between  foreign  currentcies.  ',NULL);

INSERT  INTO  comments  VALUES  (NULL,1,1,'Correction','Release  delayed  till  the year  2099',NULL);

INSERT  INTO  users  VALUES  (NULL,'Michele','Davis','mdavis',md5('secret')); INSERT  INTO  users  VALUES  (NULL,'Jon','Phillips','jphillips',md5('password'));

You should see a result similar to the one below for each of the INSERT SQL commands.

Query OK1 row affected1 warning (0.03  sec)

Posted by krautgrrl on 09/27 at 11:41 AM
Chapter 16 Code • (2) Comments • (4) TrackbacksPermalink

Example 17-1 File comments

/*
*
*  this  file  is  about  furniture  stores.
*  this  file  is  about  furniture  stores  in  Minnesota,  Wisconsion,  Iowa  and  Illinois.
*
*  Portions  Copyright  2005-2006  (c)  O’Reilly  &  Associates
*  The  rest  Copyright  2005  (c)  from  their  respective  authors
*
*  @version    $Id:  coding_standards.html,v  1.2  2005/12/19  24:49:50
*
*/

Posted by krautgrrl on 09/27 at 12:36 PM
Chapter 17 Code • (0) Comments • (3) TrackbacksPermalink

Example 17-2 Function comments

/*
*  furniture  stores  locator.
*  Locate  furniture  stores  in  Minnesota,  Wisconsion,  Iowa  and
*  Illinois  based  on  their  zip  code.
*
*  @author    michele  davis  mdavis@example.com
*  @param    zipcode    the  zipcode  to  search  for  stores  near
*  @return    store    the  store  id  of  the  nearest  store
*  @date    2005-12-21
*
*/

Posted by krautgrrl on 09/27 at 12:39 PM
Chapter 17 Code • (0) Comments • (4) TrackbacksPermalink

Monday, September 25, 2006

SQL Injection

1,1);drop table users;. When this query is added to a query like this:

$query  =  "INSERT  INTO  ‘books’  VALUES  (NULL,$title,$pages)";

Here’s what could happen:

$query  =  "INSERT  INTO  ‘books’  VALUES  (NULL,1,1);drop  table  users;  ,$pages)";

Posted by krautgrrl on 09/25 at 11:08 AM
Chapter 12 Code • (0) Comments • (0) TrackbacksPermalink
Page 5 of 5 pages « First  <  3 4 5

Statistics

This page has been viewed 279466 times
Page rendered in 0.2892 seconds
Total Entries: 224
Total Comments: 16
Total Trackbacks: 307338
Most Recent Entry: 09/27/2006 12:39 pm
Most Recent Comment on: 10/26/2007 10:00 am
Total Members: 2
Total Logged in members: 0
Total guests: 10
Total anonymous users: 0
Most Recent Visitor on: 09/07/2010 05:46 pm
The most visitors ever was 1103 on 11/20/2007 12:50 pm

Referrers

Powered by ExpressionEngine