Php help

[debkar]

Hey guys i really dnt know about php language.so need ur help

actually i want to make a program dat will add user through php script and later when i will login it will check username and password and do the login..plz help

[sim]

What you need to do is use google to find a good online php login script maybe one that users templates or use a tut on how to make one from scratch just make sure its a newish one as the old ones have really big holes in them, but read up on a few of them you mostly see your host will need php and mysql, there are some that use a flat file but I would not recormend using a flat file, once you have your login working online then you need to take to it via your app so if your html forum called login.php then you just call this in your app and give it the details it wants, I would myself not send the password in plain text but I would encypt it before sending it then do another encrypen on the php side so the true password is only known by the use.

Many of use could just wip up a apz and php script but this would not help you in learn and all the data is out there and if you also look about you find demos all over the forum that do just that your asking I know I have made a few in the past.

[shane9082]

Hey guys i really dnt know about php language.so need ur help

actually i want to make a program dat will add user through php script and later when i will login it will check username and password and do the login..plz help

I would also check Scriptonite,s serialize plugin in the pluging section. You code use passwords instead of serials but you will need to install word press.

Also you might want to take a look at this. which shows how to use a simple php-script hosted on any web server supporting PHP, to allow/deny access to your application. (Direct link to it here: http://www.autoplaymediastudio.com/u...oad_file_3.apz) Its not the best in the world but it is a starting point. I was always told you need to go from small to big. Hope this helps.

[shane9082]

What you need to do is use google to find a good online php login script maybe one that users templates or use a tut on how to make one from scratch just make sure its a newish one as the old ones have really big holes in them, but read up on a few of them you mostly see your host will need php and mysql, there are some that use a flat file but I would not recormend using a flat file, once you have your login working online then you need to take to it via your app so if your html forum called login.php then you just call this in your app and give it the details it wants, I would myself not send the password in plain text but I would encypt it before sending it then do another encrypen on the php side so the true password is only known by the use.

Many of use could just wip up a apz and php script but this would not help you in learn and all the data is out there and if you also look about you find demos all over the forum that do just that your asking I know I have made a few in the past.

I have to say sim i have seen quite a few of yours. and i have learnt a lot from them.

[sim]

I could be better with adding comments in my code for people to understand and well thanks I do try I used to try and give back to the forum all the time I might of cut it down little but I still love to help out when I can.

[shane9082]

I could be better with adding comments in my code for people to understand and well thanks I do try I used to try and give back to the forum all the time I might of cut it down little but I still love to help out when I can.

I no sometimes giveing people the code or even giveing them a example might be makeing them lazy or even not trying to help them self, but in some case i find it easy when i see the code or example so that when i see the code i no where i am going wrong. That way i no i wasnt far off what i was trying to achieve. atleast then i no i am getting some where and it gives me motivation for the next time i run in to a problem. i dnt mean when i asked for help just give me the code there try that. it takes the fun out of learning i mean give me hints on where i am going wrong. That should stop most of the hair loss lol. So i wouldnt say cut it down some of the examples you have posted are great and i have learn quite a bit from them.

[sim]

When it comes to php there are way better ways to learn on tut's online when he gets the basics working there I am sure one of use will be happy to how him to get it to work in AMS but php as nothing to do with ams also one note if you want to return a table from php to lua best idea is to use json.

[shane9082]

When it comes to php there are way better ways to learn on tut's online when he gets the basics working there I am sure one of use will be happy to how him to get it to work in AMS but php as nothing to do with ams also one note if you want to return a table from php to lua best idea is to use json.

Yeah thanks sim i read on the other thread and also had a look round.

[RizlaUK]

funny enough, im working on my login system for my site, and needed to generate a truly random key for the email conformation

this is what i come up with

PHP Code:

<?php 
    function GenerateRandomKey()
    {
        $Alpha=array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");

        $ConfirmCode=array();
        for($i=1; $i<=20; $i++)
        {
            $Type=rand(1, 2);
            switch ($Type)
            {
                case 1:
                    // alpha
                    $Case=rand(1, 2);
                    switch ($Case)
                    {
                        case 1:
                            $ConfirmCode[$i]=strtolower($Alpha[rand(1, 26)]);
                            break;
                        
                        case 2:
                            $ConfirmCode[$i]=strtoupper($Alpha[rand(1, 26)]);
                            break;
                    }
                    break;
                
                case 2:
                    // number
                    $ConfirmCode[$i]=rand(0, 9);
                break;
                
            }
        }
        return implode($ConfirmCode).md5(uniqid());
    }    
    
    // Test
    for($i=1; $i<=10000; $i++)
    {
        echo GenerateRandomKey()."<br/>";
    }
?>

outputs a bunch of keys like below (wow, 10,000 in 2 sec's)

m09S5c94Gu62q80RTkpe0f583682b9f2525b5e9539eac39fe1 ad
6o6W68H70HCgl8T6753222b3abc725aa21cf9e390aa07613d4 95
kCTE472chh7YZhwqX2Ex799fbdd5cff92fa1d46dc727a88edd 26
W4590686y8i0pCe309C10b600bdb6bda662699f5d4a85ccf33 9
M6u55D23UGx6bCy4R5K17588c291c9e3f8c66db14a308ad697 a5
F329deE3CB9uy809040496a345e421a4f8142d310090c36d4a
46n6s9rx404F2Ri4891b7d15783eb68cc0177c0ca8b8213d4f 0
91j4kLmd81NmV844Yz6Ld720b46a6c05a72e4b292e403fb2c3 c2

Not bad for a PHP noob, huh ?

When i get my site finished and a few other things iv got to get done (and finding time as im back at work too), i'll make some AMS+PHP examples, iv always wanted to get to grips with this, and (even if i say so myself) im getting there

@debkar, PHP really isn't hard to learn, there's so much information out there just waiting for you to read it, 2 weeks ago i knew nothing about PHP, now im writing my own site with complex functions, but i guess its fair to say "im a bit of a code junkie!", lol

[azmanar]

Hi Riz,

Code junkie you are !

Hey, why would you make randomized keys for PHP Sec?

Are you adding these randomized keys after you MD5 the HTTP headers?

Pretty awesome way to prevent cookie and session hijacks as well as session impersonation. Over-deliver is always better.

Amazing.

[RizlaUK]

Hi Azman

Yes, im trying to prevent session hijacks as well as other things, i read (a lot) about securing the site and some solutions showed to use a key, so i made the strongest i possibly could

and yes, id rather overkill then get hacked, the site will host commercial projects in user accounts so i want/need it be as secure as possible.

[azmanar]

Hi Riz,

Same here. I love over-delivery.

Heads up.

Say someone managed to hijack a session ( which is always doable because of the insecurity of WIFI and ability to spoof with minimal effort through hidden trojans and packet sniffers ). He then moves around from page to page pretending he is the session owner.

PHP has some steps to prevent this impersonation.
> Get certain parts of the http headers during login,
> append some 7 or 8 secret characters to the value taken from the http headers
> md5 the value
> attach the value to the session.

The secret characters can be anything that has been assigned to the person at the initial stage when the person first subscribes or registers as a member. This is when your RandomKey Generator would fit in very comfortably.

The reason being http headers are "almost unique" to the person logging in. Everyone uses different browsers, different browser versions and different computer versions. The probability of exact match between 2 persons are very low.

At a scheduled time or upon reaching a heightened level area, the server verifies that session values ( which contained the http header of the person who first logged in) against the current http headers of current person browsing. This checking is done transparently.

If the values are the same, the user continues without knowing he is being validated throughout.

If there are some changes to the current http headers, instead of killing the session, the server should pop a message saying "Password Please". If that password is valid at the first attempt, the session continues. If the password is not valid, terminate the session instantly.

The overhead for such checking is so minute, so it is not tasking to the system resources of the server.

[shane9082]

Hi Riz,

Same here. I love over-delivery.

Heads up.

Say someone managed to hijack a session ( which is always doable because of the insecurity of WIFI and ability to spoof with minimal effort through hidden trojans and packet sniffers ). He then moves around from page to page pretending he is the session owner.

PHP has some steps to prevent this impersonation.
> Get certain parts of the http headers during login,
> append some 7 or 8 secret characters to the value taken from the http headers
> md5 the value
> attach the value to the session.

The secret characters can be anything that has been assigned to the person at the initial stage when the person first subscribes or registers as a member. This is when your RandomKey Generator would fit in very comfortably.

The reason being http headers are "almost unique" to the person logging in. Everyone uses different browsers, different browser versions and different computer versions. The probability of exact match between 2 persons are very low.

At a scheduled time or upon reaching a heightened level area, the server verifies that session values ( which contained the http header of the person who first logged in) against the current http headers of current person browsing. This checking is done transparently.

If the values are the same, the user continues without knowing he is being validated throughout.

If there are some changes to the current http headers, instead of killing the session, the server should pop a message saying "Password Please". If that password is valid at the first attempt, the session continues. If the password is not valid, terminate the session instantly.

The overhead for such checking is so minute, so it is not tasking to the system resources of the server.

Great detailed post azmanar a lot of usefull information in there.