AQ2World.com

ok so i am just started to learn php and i see that there is people who really can do it well. *krhm*den*krhm* so i need to know how do i do that admin part on my clan sites so i can put match results easily there. i would be very thankfull if somebody helped me whit this.

Its all basic stuff so isnt that hard ill help ya when im home

w0h00. thnx. i thought that its quite basic but im so noob on this now.

read some tutorials then



http://www.google.nl/search?q=php+tutor ... zoeken&lr=

yep i'v readed what i need and now im working and really bored and i think this way i get it easier. because its sooooo booring to try find the right thing and then try to do it youself.. i should learn basics good and this would be easier i think.

Ok here goes:



Im not gonna code every thing for you, so its better to learn the basics of php and mysql. You can ask me / others for questions tho



http://www.php.net and http://www.mysql.org for documentation



Tutorials:

http://www.zend.com/zend/tut/

http://hotwired.lycos.com/webmonkey/programming/php/

http://tut.php-q.net/



or just google



To add the games on your website - there was allready a thread about it - look below its a working script. The only thing u have to do is create a table



http://alcoholics.dk/aq2world/phpBB2/vi ... .php?t=495



Ok now for a login thing:

Also here create a table



login

[php]<?php

$db = mysql_connect("*****", "*****", "*****"); // DB ip, user en pw

mysql_select_db("*****",$db); // DB name

$table = "******";



if (isset($submit)) {

$query = "select * from $table where username='$username' and password='$password'";

$result = mysql_query($query) ;

$isAuth = false; //set to false originally

while($row = mysql_fetch_array($result)) {

if($row['username'] === $username) {

$isAuth = true;

session_start();

session_register('username');

}

}

if($isAuth) {

print "Logged in successfully<br>";

print "<A href='pagewhereyouwannago.php'>Go to the pagewhereyouwannago</a>";

}

else {

print "Wrong username or password";

}

}

else {

echo "<form method='POST' action='$PHP_SELF'>

Username: <input type='text' name='username' size='15'><br><br>

Password: <input type='password' name='password' size='15'><br><br>

<input type='submit' value='Login' name='submit'>

</form>";

}

?>[/php]



Ok u got the login with sessions. Below you got a script that checks if the sessions key is correct.





pagewhereyouwannago.php

[php]<?php

session_start(); //this must be at the top of every page

if (isset($_SESSION['username'])) {

echo "weeee it works!"; // put your stuff here

}

else {

print "Not logged in";

}

?>[/php]

oh. thnx alot. den=one of my gods.

Den...



{

echo "weeee it works!"; // put your stuff here





isnt that?





{

echo "weeee it works!"; } // put your stuff here



cuz of a pharse error?



iam totally n00b in php... but i tested the script and saw this fault...

maybe its only me ... but najs script!



my login script fucked up :S think i gonna use this one!

oops yeh sorry



forgot to check

...

if (isset($submit)) { -> if (isset($_POST['submit'])) {



...

echo "<form method='POST' action='$PHP_SELF'> -> echo "<form method='POST' action='".$_SERVER['PHP_SELF']."'>



...


$query = "select * from $table where username='$username' and password='$password'";



as everybody already knows register_globals should be turned off from php.ini as it is a considerable security risk. just as you should NOT mysql_query anything straight from user input, for example this login script is VERY easily cracked. try inserting following string to password-box:


better to learn to code secure scripts from the beginning ;)

And here's some functions you need to secure your site.



http://fi.php.net/manual/en/function.strip-tags.php

strip_tags removes all html tags (like <br>, <b>, ...) except <scr<script>ipt> attack



http://fi.php.net/manual/en/function.ht ... lchars.php

changes all characters so that it can be seen excatly how its written (good for security)



http://fi.php.net/manual/en/function.addslashes.php

addslashes does same as mysql_espace_string, just that it adds slashes to "-character also.



http://fi.php.net/manual/en/function.stripslashes.php

and stripslashes removes those slashes if you like to print something.





There's something usefull for you N00BSS!!!!!1111 ;D





ps. Den, whats the point of password in your script? It isn't checked in any way. Now if you just guess username you will be authed.






md5 helps to secure a bit peoples passwords... its not nice to admin know everything you know. If you use md5 on checking you need to add people to your database with this line:


Okay... I have had enough of my babling -> Back to studies



Rallu

Software Application Engineering Project Manager

(eg. PHP-coder)

hey im still learning

Rallu wrote:
ps. Den, whats the point of password in your script? It isn't checked in any way. Now if you just guess username you will be authed.

well, it actually is checked, on SQL level, which is much better way to do it :)




... and example how register_globals = "on" is security risk: you would be able to get into the system using some form similar as following:


...and executing it from anywhere within internet.

spectre wrote:

Rallu wrote:
ps. Den, whats the point of password in your script? It isn't checked in any way. Now if you just guess username you will be authed.

well, it actually is checked, on SQL level, which is much better way to do it

wups...You are right. Missed that point *grins* But by my way there's DOUBLE CHECK! It double as secure as it needs to be