PHP help
I am in the process of writing a PHP website template, but i have hit a snag .
I need the user to enter there details for there, mysql database, and then use them details to connect to it.
I have that part, but now , how can i get save these details so it will always connect to the database?
Posted By: Joozey
Re: PHP help - 04/13/08 01:44
You need to reconnect everytime you enter a new page. If you store the connection data in, let's say a cookie or a session, you take a big risk that your clients will get to know the login data and abuse it.
I usually make a config.php where I put in all my global functions and external connections. Then include config.php in every file I will load, and call the database_connect function whenever I need it.
Yer, but how can i save the data they enter.
Before anyone says in there database, the data they enter is there database infomation.
I need to save what they enter and be able to recall it.
Posted By: Joozey
Re: PHP help - 04/13/08 01:53
Uh, okay. Well after the client is done filling in the form, the formdata is transmitted to the server as soon as the user presses the submit button. You can gain this information by calling $_POST['name_of_formobject'] in the page that is loaded after pressing submit.
but this will only work one, time after the form is entered, i need to save the data they enter and call it at a later time.
This is my code:
$dbhost = ($dbhost);
$dbuser = ($dbuser);
$dbpass = ($dbpass);
$dbname = ($dbname);
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die
('Error connecting to mysql. Please go back and check your details. ');
if($conn) echo("Connected to '$dbname' database<br> With these details:<br> Database Host: '$dbhost' <br> Database Username: '$dbuser' <br> Database Password: '$dbpass' <br>");
mysql_select_db($dbname)or die(mysql_error());
$dbhost= $_POST['dbhost'];
$dbuser= $_POST['dbuser'];
$dbpass= $_POST['dbpass'];
$dbname= $_POST['dbname'];
$sql_db = "CREATE TABLE rgb_dbinfo(
user_id int(10) AUTO_INCREMENT NOT NULL PRIMARY KEY,
dbhost varchar(100) NOT NULL,
dbuser varchar(100) NOT NULL,
dbpass varchar(100) NOT NULL,
dbname varchar(100) NOT NULL
)";
mysql_query($sql_db);
?>
<html>
<body>
<form action="adminsetup.php" method="post">
<input type="submit" value="Continue" name="continue">
</form>
</body>
</html>
<?php
$query = "INSERT INTO rgb_dbinfo (dbhost,dbuser,dbpass,dbname)
VALUES('$dbhost','$dbuser','$dbpass','$dbname')";
mysql_query($query) or die(mysql_error());
mysql_close();
and this is the database connecter
<?php
include 'databaseinfo.php';
/*This is the information to use to connect to the MYSql database */
$dbhost = '$dbhost';
$dbuser = '$dbuser';
$dbpass = '$dbpass';
$dbname = '$dbname';
/*If the connection could not be made show this message*/
?>
the connecter needs to call data from somewhere to connect, i want the data that is called, to be what the user has entered. But this data that they entered must be saved somewhere.
Posted By: Joozey
Re: PHP help - 04/13/08 02:11
After you compared the login details the clients filled into the form with the account details in your database, and they match, write a session that stores the user id. Every new page they enter you can see if $_SESSION['user_id'] is empty or not. If it is empty, then let them redirect back to your homepage. If not, then the user is apparantly logged in and he may proceed.
Make sure you put everyones password as md5, sha or whatever hash algorithm in the database, and never as the original password. Just compare the encrypted password in the database with the password you get from the form after you encrypted it as well, and you know if there is a match.
I can't guarantee that this is the most safe method in the big meany world of the internut, but it should work fine. For more secure methods, there is plenty of information to find with googly.
Soz, but this isn't about user login to a website, this is about storing mysql database information and then using that information to connect to the database.
Basically is there any way to store inputed data and then get the data?
Posted By: Joozey
Re: PHP help - 04/13/08 02:29
Using a $_SESSION or making a cookie. But you shouldn't just store your database connection details into a session (and certainly not into a cookie), that is kinda insecure.
Rather design something like this (Okay, some pseudo code!):
For registration of new users:
<!--Registration page!-->
<form>
<input id=name>
<input id=password>
</form> <!--After submit, link to input-user-page!-->
//input-user-page
$name = $_POST['name']
$pass = $_POST['password']
query_insertuser($name, $pass) //make some mysql code from this
For login existing users:
<form>
<input id=name>
<input id=password>
</form> <!--After submit, link to user-validation-page!-->
//User-validation-page
$name = $_POST['name']
$pass = $_POST['pass']
$result = query_validation($name, md5( $pass )) //compare name and password with those in the database (this is all psuedo code!!)
if (result == true) { //user validated! (of course, this is pseudo code too)
$_SESSION['userId'] = $name //We'll keep track of this user now
}
else {
header("Location: index.php") //no validation, be gone!
}
Every new page should call this code:
//function to be called in every page that requires login
if (!empty($_SESSION['userId')) { //user exists
echo("Let's drink a beer mate!");
}
else {
header("Location: index.php") //not validated, be gone!
}
What about, do u no how to store data in a text file and call the data,
using PHP?
Posted By: Joozey
Re: PHP help - 04/13/08 02:33
Yes, but i want the database information to be used site wide, for user signup etc. therefore if i use a session, that will only work on one user
Posted By: Uhrwerk
Re: PHP help - 04/13/08 03:12
Professional cms systems use a file they place in the root directory of the cms, if you take e.g. php-fusion there is a file named config.php where the database login information is stored within. Sorry, I can't tell you how files are read and written. I don't know .php.
hmm, yer the problem is that if i use a file to store all the data to connect to a database in a PHP file, it cannot be written in through a user input form.
Posted By: Uhrwerk
Re: PHP help - 04/13/08 03:33
It sure can. Maybe looking at an excerpt of the setup.php of php-fusion will help you:
if ($step == "1") {
$db_host = stripinput($_POST['db_host']);
$db_user = stripinput($_POST['db_user']);
$db_pass = stripinput($_POST['db_pass']);
$db_name = stripinput($_POST['db_name']);
$db_prefix = stripinput($_POST['db_prefix']);
$config = "<?php
// database settings
"."$"."db_host="."\"".$_POST['db_host']."\"".";
"."$"."db_user="."\"".$_POST['db_user']."\"".";
"."$"."db_pass="."\"".$_POST['db_pass']."\"".";
"."$"."db_name="."\"".$_POST['db_name']."\"".";
"."$"."db_prefix="."\"".$_POST['db_prefix']."\"".";
define("."\""."DB_PREFIX"."\"".", "."\"".$_POST['db_prefix']."\"".");
?>";
$temp = fopen("config.php","w");
if (!fwrite($temp, $config)) {
echo $locale['430']."\n</td></tr>\n</table>\n";
fclose($temp);
exit;
}
fclose($temp);
and this saves the data entered?
Posted By: Inestical
Re: PHP help - 04/13/08 08:36
Yeah, at least it opens up file in write mode and inputs the logindata.
Posted By: Joey
Re: PHP help - 04/13/08 09:40
you could also just use the php 'serialize' function to write an array with the information to a file, and 'unserialize' for reading it afterwards.
Posted By: Aaron_H
Re: PHP help - 04/13/08 11:51
I coded something a few years back which sounds like what you're looking for.
It's pretty useless to me at the moment but it might be good for learning from.
Here's the link:
http://download.yousendit.com/067F2DC1307951E1
that was very helpfull, a question though.
Where is config.inc.php?
or does it create it
Posted By: Inestical
Re: PHP help - 04/13/08 14:34
It creates it if it doesn't exist yet
ok, kool,
aaron
this code will really help
when i used your code to test it,
i get this error
Fatal error: Call to undefined function: mysql_create_db() in /home/www/deanwhitehouse.awardspace.co.uk/databaseinfo.php on line 21
this is the line it is talking about
if (mysql_create_db($db_name))
Posted By: Aaron_H
Re: PHP help - 04/13/08 16:44
As I said in the README, some servers don't allow databases to be created by that script (it would be a security flaw), I only used it because I was testing it on a local apache server..
What you will want to/need to do is create a new mySQL database on your server, and create a file called config.inc.php with:
<?php
$db_host = HOSTADDRESS;
$mysql_user = USERNAME;
$mysql_pass = PASSWORD;
$db_name = DATABASENAME;
?>
Looking at config_write.php explains this.
After you've created this file, it will allow db_driver.php to connect to the database. You would then need to run db_update.php to add the necessary tables.
On it's own the code doesn't really do much, it's just a bunch of small files not really linked together in any way.
After my chemistry investigation and final exams I may carry on working on the code and start linking it together, because at the moment it's just a mess.
If you have any more problems just post here and I'll try and help with what I can remember. I've not really used the code in a long long time and I don't have apache set up to test.
Oh and read the README, it should help explain things a bit better.
Yer, the readme is just a file, with no extension ,although i have already adjusted to code to my needs, check it out so far on
Thanks for the help, everyone, i was really stuck on how to save there database details.
Posted By: Aaron_H
Re: PHP help - 04/13/08 16:51
Yeah, sorry about that. I'm using Linux and you don't normally need an extension to view a file in a text editor.
And if I were you I wouldn't post that link..
It would make more sense to delete that file once the database is set up
I'm glad it helped though.
[EDIT: Oh, it's only a HTML file with no php behind it. Nevermind. :P]
delete the database setup file??
Posted By: Aaron_H
Re: PHP help - 04/13/08 17:33
If you have it exposed to the public, I would.
Unless you have some kind of method of making sure they don't overwrite the config file.
Otherwise any of the public would be able to change the database which is used.
well, this is a website system like,E107
so i will put instructions in it to delete it, or is there anyway to delete automaitcally using PHP.
Also is there a way to stop them continuing untill the file is deleted?
Posted By: Aaron_H
Re: PHP help - 04/13/08 18:29
Well, it is only usually the admin of the server that needs to set up the database (usually on the install). So you can just tell them in the installation instructions to delete the file once they've setup the server.
Or you can do a test with index.php or some other file that first loads after they've setup the sever like so:
<?php
$filename = "db_update.php";
if (file_exists($filename)) {
echo "Please remove db_update.php";
} else {
// The rest of your code goes here.
}
?>
Ok, thanks for that.
I have a problem with a code, can u help.
<?php
// Random Game Design: PHP Website Template
// Version 1
// Copyright Dean Whitehouse, 2008
include 'db_connect.php';
include 'config_table.inc.php';
$sql_user = "CREATE TABLE "user"(
user_id int(10) AUTO_INCREMENT NOT NULL PRIMARY KEY,
user_name varchar(100) NOT NULL,
user_password varchar(100) NOT NULL,
user_email varchar(100) NOT NULL,
user_timezone char(3) NOT NULL,
user_hideemail tinyint(3) unsigned NOT NULL,
user_ip varchar(20) NOT NULL,
user_ban tinyint(3) unsigned NOT NULL,
user_realname varchar (40) NOT NULL,
user_age int(10) unsigned NOT NULL,
user_class varchar(100) NOT NULL
)";
$user= mysql_query($sql_user);
if ($user)
echo('<br>User Table Created');
else
echo('Tables Not Created');
?>
that should create the table with the user submitted name
<?php
// Random Game Design: PHP Website Template
// Version 1
// Copyright Dean Whitehouse, 2008
?>
<html>
<body bgcolor="#999999">
<p align="center"><font color="#000099" size="+2">Please enter the table names you want, or if you want to use the preset names click continue. NOTE: Each table must be a different name. Please do not leave any blank spaces.</font></p>
<table align="center" bgcolor="#333333" width="300px" border="0">
<form method='post' action='create_tablenames.php'>
<tr><td>
<font color="#FFFFFF">
User Details:</td><td>
<input type="text" name="user" value="rgd_users"><br></td></tr>
<tr><td></td><td><input type='submit' value='Continue' name='check'></td></tr>
</font>
</form>
</table>
</body>
</html>
this is how they submit the name
<?php
// Random Game Design: PHP Website Template
// Version 1
// Copyright Dean Whitehouse, 2008
include 'db_connect.php';
$dbhost = $_POST["dbhost"]; // Database Host
include ("config_writetable.php");
?>
this runs the config_writeable.php file
<?php
// Random Game Design: PHP Website Template
// Version 1
// Copyright Dean Whitehouse, 2008
$config_file = "config_table.inc.php";
$fw=fopen($config_file,"w+")
or die("Unable to open file!"); // Unable to open file
$user = "\$user = \"".$user."\";\n";
$config_write = $user;
fwrite($fw, "<?php\n".$config_write."\n?>");
fclose($fw);
?>
this writes the name to the .inc.php file
This all works, except when i click run the page that creates the table, it doesnt create one.
but i don't get any sql errors
Posted By: Joozey
Re: PHP help - 04/13/08 18:45
Posted By: Joozey
Re: PHP help - 04/13/08 18:51
and if you backslash the doublequotes?
no, also the echo doesn't seem to worl
ok, i have fixed it thanks, for the advice though
Posted By: Joozey
Re: PHP help - 04/13/08 19:06
The echo wasn't working because there was a syntax error in the file. The query, like you had it, has to be one of the errors as the string is cut off at 'user' and the word 'user' wont be recognised by php, resulting in a "crash".
yer, i found out that i had put a link wrong so i was viewing the wrong page.
Hi again, i have another problem,this is the code
$dbhost = $_POST["dbhost"]; // Database Host
if ($dbhost)
{
echo ("Table name's saved, press continue to create the table.");
include ("config_writetable.php");
}
else
{
echo ("Please go back and fill in the required fields");
}
and the problem is that it only shows the else echo not the if echo, i have the form filled in and it still shows else.
Any ideas. all the other codes related to this are correct, just this bit
Posted By: Joozey
Re: PHP help - 04/13/08 20:46
echo $dbhost, if it contains the proper information, try:
otherwise, show the form with the "dbhost" field.
no, it still does the same.
this is the code for the page that goes to it.
<html>
<body bgcolor="#999999">
<p align="center"><font color="#000099" size="+2">Please enter the table names you want, or if you want to use the preset names click continue. NOTE: Each table must be a different name. Please do not leave any blank spaces.</font></p>
<table align="center" bgcolor="#333333" width="300px" border="0">
<form method='post' action='create_tablenames.php'>
<tr><td>
<font color="#FFFFFF">
User Details:</td><td>
<input type="text" name="user" value="rgd_users"><br></td></tr>
<tr><td></td><td><input type='submit' value='Continue' name='check'></td></tr>
</font>
</form>
</table>
</body>
</html>
Posted By: broozar
Re: PHP help - 04/13/08 20:53
well, if you don't submit any dbhost data, how do you expect the var to be filled?
Posted By: Joozey
Re: PHP help - 04/13/08 20:54
What input field does refer to "dbhost"? I can't see it, and I don't know what this variable should contain (as the name is not very descriptive)...
At least your problem is that the 'dbhost' variable is empty since it is not filled in by the form.
EDIT: what broozar said
Ok, soz my mistake , i missed a $_POST thing. SO again problem sovled
Does anyone no how to set user rights/classes?
My idea was to add a value to them in the MySql database and then each time someone logs in check for that value.
I also have this code
<?php
// Random Game Design: PHP Website Template
// Version 1
// Copyright Dean Whitehouse, 2008
include 'db_connect.php';
include 'config_table.inc.php';
$sql_user = "CREATE TABLE $user(
user_id int(10) AUTO_INCREMENT NOT NULL PRIMARY KEY,
user_name varchar(100) NOT NULL,
user_password varchar(100) NOT NULL,
user_email varchar(100) NOT NULL,
user_timezone char(3) NOT NULL,
user_hideemail tinyint(3) unsigned NOT NULL,
user_ip varchar(20) NOT NULL,
user_ban tinyint(3) unsigned NOT NULL,
user_realname varchar (40) NOT NULL,
user_age int(10) unsigned NOT NULL,
user_class varchar(100) NOT NULL,
userlevel tinyint(1) unsigned NOT NULL
)";
$make_user= mysql_query($sql_user);
$checkifexist = mysql_query ("SELECT * FROM '$user' LIMIT 0,1");
if ($make_user)
{
echo("'$user' Table Created. <form action='make_admin.php'>
<input type='submit' value='Continue' name='check'>
</form>");
}
else
{
echo("Table all ready exists. Please go back and enter a different name.<FORM>
<form action='name_tables.php'>
<INPUT TYPE='submit' VALUE='Back'></FORM>");
}
mysql_close();
?>
but the back button doesn't work.
the address changes from
create_tables.php?check=Continue
to
create_tables.php?
Posted By: Blade280891
Re: PHP help(urgent) - 04/15/08 23:01
This code, below is supposed to check the database for the user level, if the level = 1, this would be given the admin cookie. If the level = 0 , this would get given the user cookie, but i can't get it to work.
If anyone knows it would really help.
<?php
include '../includes/db_connect.php';
include '../includes/config_table.inc.php';
$user_name = $_POST["user_name"];
$user_password = $_POST["user_password"];
if ($user_name && $user_password)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd'" ));
$check_ad = mysql_query("SELECT * FROM `$user` WHERE userlevel = '0'");
$check_us = mysql_query("SELECT * FROM `$user` WHERE userlevel = '1");
if ($login_check == 1 && $check_ad)
{
echo "Logged In Sucessfully. Please wait while you are redirected";
echo "<meta http-equiv='refresh' content='2; url=setadmincookie.php?&u=$username&p=$user_password'>";
}
else
if ($login_check == 1 && $check_us)
{
echo "Logged In Sucessfully. Please wait while you are redirected";
echo "<meta http-equiv='refresh' content='2; url=setcookie.php?&u=$username&p=$user_password'>";
}
else
{
echo 'Login failed. Username and Password did not match database entries.';
}
}
else
{
echo "Form was not completed. Please go back and make sure that the form was fully completed.";
}
mysql_close();
?>