Learning PHP and MySQL

Chapter 14 Code

Monday, September 25, 2006

Example 14-1 Using Apache authentication to restrict access to scripts

AuthType  Basic
AuthName  "Administrators  Only"
AuthUserFile  /usr/local/apache/passwd/passwords
Require  valid-user

Posted by krautgrrl on 09/25 at 11:51 AM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-10 Suppressing the standard database error message

<?php require_once('db_login.php');
$error  =  "Site  down  for  maintenance,  please  check  back.";
$db_link  =  @mysql_connect($db_host,  $db_username,  $db_password)  or  die($error);
@mysql_select_db($db_database,  $db_link)  or  die($error);
?>

Posted by krautgrrl on 09/25 at 02:46 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-11 Seeing the results of magic quotes

<?php
$search=$_GET[search];
$self=$_SERVER['PHP_SELF'];
if  ($search  !=  NULL  )
{
  echo  "The  search  string  is:  <strong>$search</strong>.";
}
else
{
   echo  ("<form  action=\"$self\"  ");
   echo  ('method="get">
              <label>  Search:  <input  type="text"  name="search"  id="search">  </label>
              <input  type="submit"  value="Go!">
              </form>
              ');
}
?>

Posted by krautgrrl on 09/25 at 02:49 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-12 Checking for magic quotes

<?php
$search  =  $_GET["search"];
if  (!get_magic_quotes_gpc())  {
$search  =  addslashes($search);
}
if  ($search  !=  NULL  ){
echo  "The  search  string  is:  <strong>$search</strong>.";
}
else  {
echo  '<form  method="'.$_SERVER["PHP_SELF"].'"  method="GET">
<label> Search:
<input  type="text"  name="search"  id="search"  />
</label>
<input  type="submit"  value="Go!"  />
</form>';
}
?>

Posted by krautgrrl on 09/25 at 03:18 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-2 Creating an Apache password for .htaccess


htpasswd  -c  /usr/local/apache/passwd/passwords  mdavis

The –c option is required only for adding the first entry to a password file. You’ll be prompted to enter the password twice to ensure you don’t have a typo. If the pass- words match, you’ll see the following:


Adding  password  for  user  mdavis

Posted by krautgrrl on 09/25 at 11:52 AM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-3 Comparing the output of md5 to that of sha1

<?php
echo  "Encrypting  <b>testing</b>  using  md5:  ".md5("testing");
echo  "<br  />";
echo  "Encrypting  <b>testing</b>  using  sha1:  ".sha1("testing");
?>

Posted by krautgrrl on 09/25 at 11:53 AM
Chapter 14 Code • (2) Comments • (0) Trackbacks • Permalink

Example 14-4 Not initializing a variable was a hole in sample.php

<?php
if  (check_username_and_password())  {
//they  logged  in  successfully
$access  =  TRUE;
}
if  ($access)  {
echo  "Welcome  to  the  administrative  control  panel.";
//more  privileged  code  here…
}
else  {
echo  "Access  denied";
}
?>

The value for $access of TRUE from the GET parameter would cause the check for access to return TRUE when register_globals is on. Modifying the code to look like this:

<?php
//predefining  the  value  is  good  coding  practice  anyway
$access  =  FALSE;
if  (check_username_and_password())  {
//they  logged  in  successfully
$access  =  TRUE;
}
if  ($access)  {
echo  "Welcome  to  the  administrative  control  panel.";
//more  privileged  code  here…
}
else  {
echo  "Access  denied";
}
?>

This causes the correct message to come up.

Posted by krautgrrl on 09/25 at 02:39 PM
Chapter 14 Code • (2) Comments • (0) Trackbacks • Permalink

Example 14-5 Sessions with register_globals on or off in session_test.php

<?php session_start();
if  (isset($username))  {
echo  "Hello  $username";
}  else  {
echo  "Please  login.";
}
?>

Posted by krautgrrl on 09/25 at 02:41 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-6 Session using the proper $_SESSION super global

<?php session_start();
$username=$_SESSION['username'];
if  (isset($username))  {
echo  "Hello  $username";
}  else  {
echo  "Please  login.";
}
?>

Posted by krautgrrl on 09/25 at 02:42 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-7 Detecting simple variable poisoning

<?php
if  (isset($_COOKIE['MAGIC_COOKIE']))  {
    //  MAGIC_COOKIE  comes  from  a  cookie.
   //  Be  sure  to  validate  the  cookie  data!
}  elseif  (isset($_GET['MAGIC_COOKIE'])  ||  isset($_POST['MAGIC_COOKIE']))  { 
    mail("admin@example.com",  "Possible  breakin  attempt",  $_SERVER['REMOTE_ADDR']); 
    echo  "Security  violation,  admin  has  been  alerted.";
    exit;
}  else  {
     //  MAGIC_COOKIE  isn't  set  through  this  REQUEST

}
?>

Posted by krautgrrl on 09/25 at 02:42 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-8 Checking for session hijacking

<?php session_start();
$user_check  =  md5($_SERVER['HTTP_USER_AGENT']  .  $_SERVER['REMOTE_ADDR']);
if  (empty($_SESSION['user_data']))  {
session_regenerate_id();
echo  ("New  session,  saving  user_check.");
$_SESSION['user_data']  =  $user_check;
}
if  (strcmp($_SESSION['user_data'],  $user_check)  !==  0)  {
session_regenerate_id();
echo  ("Warning,  you  must  reenter  your  session.");
$_SESSION  =  array();
$_SESSION['user_data']  =  $user_check;
}
else  {
echo  ("Connection  verified!");
}
?>

Posted by krautgrrl on 09/25 at 02:45 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Example 14-9 session.save_path functionality

<?php
ini_set('session.save_path',  '/home/user/sessions/');
session_start();
?>

Posted by krautgrrl on 09/25 at 02:46 PM
Chapter 14 Code • (0) Comments • (0) Trackbacks • Permalink

Statistics

This page has been viewed 374243 times
Page rendered in 0.2480 seconds
Total Entries: 224
Total Comments: 16
Total Trackbacks: 307338
Most Recent Entry: 09/27/2006 12:39 pm
Most Recent Comment on: 10/26/2007 10:00 am
Total Members: 2
Total Logged in members: 0
Total guests: 13
Total anonymous users: 0
Most Recent Visitor on: 02/06/2012 06:43 am
The most visitors ever was 1103 on 11/20/2007 12:50 pm

Referrers