so i need to know how do i do that admin part on my clan sites so i can put match results easily there. i would be very thankfull if somebody helped me whit this.php: n00b on php so i need stuff. ;)
Moderator: Moderators
php: n00b on php so i need stuff. ;)
ok so i am just started to learn php and i see that there is people who really can do it well. *krhm*den*krhm* so i need to know how do i do that admin part on my clan sites so i can put match results easily there. i would be very thankfull if somebody helped me whit this.
so i need to know how do i do that admin part on my clan sites so i can put match results easily there. i would be very thankfull if somebody helped me whit this.
Ok here goes:
Im not gonna code every thing for you, so its better to learn the basics of php and mysql. You can ask me / others for questions tho
http://www.php.net and http://www.mysql.org for documentation
Tutorials:
http://www.zend.com/zend/tut/
http://hotwired.lycos.com/webmonkey/programming/php/
http://tut.php-q.net/
or just google
To add the games on your website - there was allready a thread about it - look below its a working script. The only thing u have to do is create a table
http://alcoholics.dk/aq2world/phpBB2/vi ... .php?t=495
Ok now for a login thing:
Also here create a table
login
[php]<?php
$db = mysql_connect("*****", "*****", "*****"); // DB ip, user en pw
mysql_select_db("*****",$db); // DB name
$table = "******";
if (isset($submit)) {
$query = "select * from $table where username='$username' and password='$password'";
$result = mysql_query($query) ;
$isAuth = false; //set to false originally
while($row = mysql_fetch_array($result)) {
if($row['username'] === $username) {
$isAuth = true;
session_start();
session_register('username');
}
}
if($isAuth) {
print "Logged in successfully<br>";
print "<A href='pagewhereyouwannago.php'>Go to the pagewhereyouwannago</a>";
}
else {
print "Wrong username or password";
}
}
else {
echo "<form method='POST' action='$PHP_SELF'>
Username: <input type='text' name='username' size='15'><br><br>
Password: <input type='password' name='password' size='15'><br><br>
<input type='submit' value='Login' name='submit'>
</form>";
}
?>[/php]
Ok u got the login with sessions. Below you got a script that checks if the sessions key is correct.
pagewhereyouwannago.php
[php]<?php
session_start(); //this must be at the top of every page
if (isset($_SESSION['username'])) {
echo "weeee it works!"; // put your stuff here
}
else {
print "Not logged in";
}
?>[/php]
Im not gonna code every thing for you, so its better to learn the basics of php and mysql. You can ask me / others for questions tho
http://www.php.net and http://www.mysql.org for documentation
Tutorials:
http://www.zend.com/zend/tut/
http://hotwired.lycos.com/webmonkey/programming/php/
http://tut.php-q.net/
or just google
To add the games on your website - there was allready a thread about it - look below its a working script. The only thing u have to do is create a table
http://alcoholics.dk/aq2world/phpBB2/vi ... .php?t=495
Ok now for a login thing:
Also here create a table
login
[php]<?php
$db = mysql_connect("*****", "*****", "*****"); // DB ip, user en pw
mysql_select_db("*****",$db); // DB name
$table = "******";
if (isset($submit)) {
$query = "select * from $table where username='$username' and password='$password'";
$result = mysql_query($query) ;
$isAuth = false; //set to false originally
while($row = mysql_fetch_array($result)) {
if($row['username'] === $username) {
$isAuth = true;
session_start();
session_register('username');
}
}
if($isAuth) {
print "Logged in successfully<br>";
print "<A href='pagewhereyouwannago.php'>Go to the pagewhereyouwannago</a>";
}
else {
print "Wrong username or password";
}
}
else {
echo "<form method='POST' action='$PHP_SELF'>
Username: <input type='text' name='username' size='15'><br><br>
Password: <input type='password' name='password' size='15'><br><br>
<input type='submit' value='Login' name='submit'>
</form>";
}
?>[/php]
Ok u got the login with sessions. Below you got a script that checks if the sessions key is correct.
pagewhereyouwannago.php
[php]<?php
session_start(); //this must be at the top of every page
if (isset($_SESSION['username'])) {
echo "weeee it works!"; // put your stuff here
}
else {
print "Not logged in";
}
?>[/php]
Last edited by Den on Sun Mar 14, 2004 5:07 am, edited 1 time in total.
There's a chopper coming in 3 days and there's a katana on top of the cafe and that's all you need to know
Den...
{
echo "weeee it works!"; // put your stuff here
isnt that?
{
echo "weeee it works!"; } // put your stuff here
cuz of a pharse error?
iam totally n00b in php... but i tested the script and saw this fault...
maybe its only me ... but najs script!
my login script fucked up :S think i gonna use this one!
{
echo "weeee it works!"; // put your stuff here
isnt that?
{
echo "weeee it works!"; } // put your stuff here
cuz of a pharse error?
iam totally n00b in php... but i tested the script and saw this fault...
maybe its only me ... but najs script!
my login script fucked up :S think i gonna use this one!
Nobody Likes Us We Dont Care!
...
if (isset($submit)) { -> if (isset($_POST['submit'])) {
...
echo "<form method='POST' action='$PHP_SELF'> -> echo "<form method='POST' action='".$_SERVER['PHP_SELF']."'>
...
$query = "select * from $table where username='$username' and password='$password'";
as everybody already knows register_globals should be turned off from php.ini as it is a considerable security risk. just as you should NOT mysql_query anything straight from user input, for example this login script is VERY easily cracked. try inserting following string to password-box:
better to learn to code secure scripts from the beginning ;)
if (isset($submit)) { -> if (isset($_POST['submit'])) {
...
echo "<form method='POST' action='$PHP_SELF'> -> echo "<form method='POST' action='".$_SERVER['PHP_SELF']."'>
...
Code: Select all
$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);$query = "select * from $table where username='$username' and password='$password'";
as everybody already knows register_globals should be turned off from php.ini as it is a considerable security risk. just as you should NOT mysql_query anything straight from user input, for example this login script is VERY easily cracked. try inserting following string to password-box:
Code: Select all
a' OR 1>0better to learn to code secure scripts from the beginning ;)
-
Rallu
- hit the ground hard, real hard
- Posts: 93
- Joined: Thu Jul 31, 2003 11:36 pm
- Location: fi
- Contact:
And here's some functions you need to secure your site.
http://fi.php.net/manual/en/function.strip-tags.php
strip_tags removes all html tags (like <br>, <b>, ...) except <scr<script>ipt> attack
http://fi.php.net/manual/en/function.ht ... lchars.php
changes all characters so that it can be seen excatly how its written (good for security)
http://fi.php.net/manual/en/function.addslashes.php
addslashes does same as mysql_espace_string, just that it adds slashes to "-character also.
http://fi.php.net/manual/en/function.stripslashes.php
and stripslashes removes those slashes if you like to print something.
There's something usefull for you N00BSS!!!!!1111 ;D
ps. Den, whats the point of password in your script? It isn't checked in any way. Now if you just guess username you will be authed.
md5 helps to secure a bit peoples passwords... its not nice to admin know everything you know. If you use md5 on checking you need to add people to your database with this line:
Okay... I have had enough of my babling -> Back to studies
Rallu
Software Application Engineering Project Manager
(eg. PHP-coder)
http://fi.php.net/manual/en/function.strip-tags.php
strip_tags removes all html tags (like <br>, <b>, ...) except <scr<script>ipt> attack
http://fi.php.net/manual/en/function.ht ... lchars.php
changes all characters so that it can be seen excatly how its written (good for security)
http://fi.php.net/manual/en/function.addslashes.php
addslashes does same as mysql_espace_string, just that it adds slashes to "-character also.
http://fi.php.net/manual/en/function.stripslashes.php
and stripslashes removes those slashes if you like to print something.
There's something usefull for you N00BSS!!!!!1111 ;D
ps. Den, whats the point of password in your script? It isn't checked in any way. Now if you just guess username you will be authed.
Code: Select all
if ($row['username'] === $_POST['username'] && $row['password'] === md5($_POST['password']))
{
echo 'auhted blaa blaa blaa';
}
md5 helps to secure a bit peoples passwords... its not nice to admin know everything you know. If you use md5 on checking you need to add people to your database with this line:
Code: Select all
INSERT INTO userstable SET username='rallu', password=md5('mypass');
Okay... I have had enough of my babling -> Back to studies
Rallu
Software Application Engineering Project Manager
(eg. PHP-coder)
Rallu wrote:
ps. Den, whats the point of password in your script? It isn't checked in any way. Now if you just guess username you will be authed.
well, it actually is checked, on SQL level, which is much better way to do it :)
Code: Select all
$query = "select * from $table where username='$username' and password='$password'";
... and example how register_globals = "on" is security risk: you would be able to get into the system using some form similar as following:
Code: Select all
<html>
<body>
<form action="http://www.yourdomain.com/location/of/the/script.php" method="post">
<input type="hidden" name="isAuth" value="1">
<input type="submit" name="somethingelsethansubmit" value="And in we goooo">
</form>
</body>
</html>-
Rallu
- hit the ground hard, real hard
- Posts: 93
- Joined: Thu Jul 31, 2003 11:36 pm
- Location: fi
- Contact:
spectre wrote:Rallu wrote:
ps. Den, whats the point of password in your script? It isn't checked in any way. Now if you just guess username you will be authed.
well, it actually is checked, on SQL level, which is much better way to do it
wups...You are right. Missed that point *grins* But by my way there's DOUBLE CHECK! It double as secure as it needs to be