Date: 12/29/04 (PHP Development)    Keywords: php, mysql, browser, database, sql, security, web

i am preparing to design a website for my family. i'd like it to have a secure log-in, which references usernames and passwords in a mysql database. i'd like the rest of the website to be secure, meaning, if you're not logged in, you're redirected to the index. i'm planning to use sessions with cookies. as i'm relatively new to security in web design, i'd like some advice.

i know the login.php script will check the username and password against a corresponding user table. if the login succeeds, a call will be made to session_start(). session_start() will be called on all subsequent pages, as well as a check to see if the login status is true (or something like that). herein is my first question:
what should each subsequent page of the site check for?

do i need to turn SSL on or will sessions, cookies and a database be enough? (it doesn't need to be super tight--mainly, some of my aunts and uncles don't want the pictures of their bikini clad daughters from our beach trips accessible to just anyone over the net.)

... i guess i'm not entirely sure what else to ask. i suppose that i'll need to make each page check to see if the above mentioned login status variable is set to true, but how do i set it to false? do i just design the session or cookie to expire when the browser is closed?

any help or feedback is appreciated. if you know of a good site (that's easy to understand) which goes over what you need to do to design s secure site, please let me know.

ah, by the way, the environment i'm designing this site for is a RedHat server with PHP4.3.9 and MySQL4.0

thanks for your help

Source: http://www.livejournal.com/community/php_dev/50687.html

Date: 11/17/04 (PHP Development)    Keywords: php, mysql, database, sql, web

(x-posted all over the damn place)

I am currently looking for a good web host that offer Tomcat AND php AND some kind of database (MySQL or PostGres - I'm not picky). I'd also like to go with someone who has a sane usage policy (I once had a site yanked by addr.net due to "inappropriate content").

Currently, http://www.oxxus.net/ looks pretty good.

Anyone have any other suggestions?

Source: http://www.livejournal.com/community/php_dev/49616.html

Date: 10/15/04 (Elite PHP Development)    Keywords: php, mysql, database, sql, java

I was lookin around and found this tonight. Very much kewlness, I am hopeing to join in on the fun in the development community so I can add in my ideas to make PHP even better.
This is a little bit of information I picked up on Creating Custom Exceptions and sending data to the parent class from a function in a subclass. Very spiffy.

query("SELECT NOW()");
var_dump($result->fetch_row());
}
catch(ConnectException $exception) {
echo "Connection Error\n";
var_dump($exception->getMessage());
}
catch(QueryException $exception) {
echo "Query Error\n";
var_dump($exception->getMessage());
}
/* Handle exceptions that we weren't expecting */
catch(Exception $exception) {
echo "Who was that masked exception?\n";
var_dump($exception->getMessage());
}

$result->close();
$my->close();

?>

very spiffy, and I will be posting something using the new MySQLi class. Maybe a whole class system for the generation of graphics pulled from a database. Possibly attach that to a javascript paint proggy, or even better a flash paint proggy..... hmmm the posibilities are endless, but i have to get back to my money making... Gotta love it, but it would be so much more fun if i had a project that really challenged my knowledge and abilities, but well get to that someday.
-=Levi=-

Source: http://www.livejournal.com/community/php_elite/504.html

Date: 02/23/05 (PHP Community)    Keywords: php, mysql, xml, sql, java, linux, apache

I'm having a few problems getting Mambo working on FreeBSD 5.3

Whenever I try to log in to the administrators account, with a valid username\password, you get presented with the same screen with the username\password boxes still filled in. /var/log/messages states "Feb 23 17:42:42 linux kernel: pid 15803 (httpd), uid 1006: exited on signal 11"

Nothing is written to the Apache access or error logs

If I try to log in with an invalid combo, a JavaScript popup tells me I got either the username or password wrong. So, the authentication is sort-of happening

The only useful thread I've found on the Mambo forums was this one. Which states "To all who have this issue, it is a problem with duplicate extension entries in your php.ini"

All I have in my php.ini that contains references to extension are:

extension_dir = "/usr/local/lib/php/20020429/"
extension=session.so
extension=mysql.so

So there aren't any duplicates

I really don't know much about setting PHP up. Does anyone have any pointers?

I seem to remember having this problem in the past with Gallery, and the issue was resolved by installing php4-extensions

Here's the version of all PHP stuff I have installed:

# portversion -v | grep php
mod_php4-4.3.10_2,1         =  up-to-date with port
php4-bz2-4.3.10_2           =  up-to-date with port
php4-ctype-4.3.10_2         =  up-to-date with port
php4-extensions-1.0         =  up-to-date with port
php4-gd-4.3.10_2            =  up-to-date with port
php4-mysql-4.3.10_2         =  up-to-date with port
php4-openssl-4.3.10_2       =  up-to-date with port
php4-overload-4.3.10_2      =  up-to-date with port
php4-pcre-4.3.10_2          =  up-to-date with port
php4-posix-4.3.10_2         =  up-to-date with port
php4-session-4.3.10_2       =  up-to-date with port
php4-snmp-4.3.10_2          =  up-to-date with port
php4-tokenizer-4.3.10_2     =  up-to-date with port
php4-xml-4.3.10_2           =  up-to-date with port
php4-zlib-4.3.10_2          =  up-to-date with port
phpMyAdmin-2.6.1            =  up-to-date with port

Source: http://www.livejournal.com/community/php/265349.html

Date: 02/27/05 (PHP Community)    Keywords: php, mysql, xml, sql

Can anyone recommend a good script they know of that is used to get XML into MySQL, via PHP? I'm creating my own but would like to see some examples if you know of any, thanks!

Source: http://www.livejournal.com/community/php/266834.html

Date: 01/08/05 (Java Web)    Keywords: mysql, sql

/etc/rc.d/init.d/mysqld start /etc/rc.d/init.d/mysqld stop /etc/rc.d/init.d/mysqld restart And of course there is the brute force way to kill all the processes: $ for i in `ps -ef |grep mysqld |awk '{print $2}'`; do `kill -9 $i`; done cut doesn't cut it in this case. Sure you can also just use awk. Thanks to Anthony Eden for the comment (below) to remove the [...]

Source: http://blog.taragana.com/index.php/archive/how-to-startstop-mysql-server-on-linux/

Date: 02/25/05 (Mozilla)    Keywords: php, mysql, html, xml, sql

Do any of you bright minds know WHY some programmers decide to use Decimal Unicode notation (e.g., Firefox), whereas others decide to use Hex Unicode notation (e.g. the Gnome/libxml2/xmllint folks)?

My wish is that:

1.) They had all gotten together and decided on just one,
2.) They had all chosen Hex, padded on the left with zeroes so that all characters are represented by a full four digits (e.g. Â rather than Â for Â), the latter of which is NOT conformant to the Unicode specification, which requires four to six digits, not bloody darn one, two or three).

I know they are functionally equivalent, and I know it's a simple mathematical calculation to go from one to the other, and that Perl and PHP both probably have built-in functions that I could use to convert from one to the other, but GRRRR. I long for consistency, and god forbid, standards-compliance.

Also, why if Firefox smart enough to take UTF-8 input in an HTML form and convert it automatically to Decimal Unicode (which mySQL 4.0 can actually understand), but Safari is not smart enough (and of course, neither is I.E., duh).

--

Don't get me wrong, I don't hate Safari. Safari is FAR better than Firefox at rendering certain difficult Unicode glyphs, like Devanagari (Sanskrit) that has internal HTML markup inside conjunct consonants (Opera 6.03 comes close on this). However, when it comes to Hebrew, Greek, and Romanian (the others I've had to deal with recently), Firefox is just hands-down better.

Source: http://www.livejournal.com/community/mozilla/254172.html

Date: 02/11/05 (IT Professionals)    Keywords: php, mysql, sql, google

Does anybody have experience setting up PHP4 on Debian (woody) such that the GD module is recognized?

I've installed PHP4 and three modules: mysql, mcrypt, gd2:

apt-get install php4
apt-get install php4-mysql
apt-get install php4-mcrypt
apt-get install php4-gd2

Fatal error: Call to undefined function: imagecreatefrompng() in /var/www/cparker15/test.php on line 3

crossposted to debian

Source: http://www.livejournal.com/community/itprofessionals/5053.html

Date: 09/11/04 (Web Hosts)    Keywords: mysql, database, sql, linux

Just curious on what you guys use to host your sites. Pros/cons? Specs? Like myself:

Site: Frankly Jason
Host: Cyberpixels.com
Specs: 9.95/mo for 400 MBs, 15 GBs bandwidth, and uber amount of pop 3 emails, ftp accounts, sub-domains and mysql databases
Server OS: RedHat Linux
Control Panel: cPanel

Pros/cons: Everything runs pretty smoothly except the lag time on uploading to the FTP. Uploading is fast, just the connection with the ftp as each file goes onto the space.

Source: http://www.livejournal.com/community/webhosts/19341.html

Date: 12/23/04 (SQL Server)    Keywords: mysql, database, sql, postgresql

cross-posted to databases

For privacy protection within an application, I hash email addresses into MD5. MySQL, PostgreSQL, and Oracle all have a scalar function that allows you to hash a column/string -- for example MD5(emailaddr).

I have yet to find such a function, or a handy library/package for creating such a function in SQL Server 2000. Did I miss something? recommendations?

Source: http://www.livejournal.com/community/sqlserver/13063.html

Date: 03/10/05 (WebDesign)    Keywords: php, mysql, sql, java, web

so, my quest for the perfect gallery continues. my question to you all is this: what gallery applications do you use and what do you think of them? I prefer php and no need for mysql, but I'm open to other options. the only thing I'm adamant about is not using javascript. ;)


x-posted to webdesign and webdev.

Source: http://www.livejournal.com/community/webdesign/826746.html

Date: 03/10/05 (Web Development)    Keywords: php, mysql, sql, java, web

so, my quest for the perfect gallery continues. my question to you all is this: what gallery applications do you use and what do you think of them? I prefer php and no need for mysql, but I'm open to other options. the only thing I'm adamant about is not using javascript. ;)


x-posted to webdesign and webdev.

Source: http://www.livejournal.com/community/webdev/179032.html

Date: 03/11/05 (PHP Community)    Keywords: php, mysql, database, sql

I have a base class in which I'd like to extend. The thing is, the base class connects to a database. How can I make it so any classes I extend from base class will share the one connection to the database and not make a duplicate connection for each object i make?

example:

class base {
 var $connection;
 function base(){
  $this->connection = mysql_connection("server","user","password");
  mysql_select_db("database",$this->connection);
 }
 function exec($query){
  return mysql_query($query,$this->connection);
 }
}

class child extends base {
 var $foo;
 var $bar;
 function child(){
  $this->foo = mysql_result($this->exec("select foo from foobar"),0);
 }
}

Source: http://www.livejournal.com/community/php/271677.html

Date: 03/13/05 (MySQL Communtiy)    Keywords: mysql, sql

the timediff functions and others witihn mysql... is that only available for max db? and is maxdb the paid version?

I'm just making sure my simple sql syntax is not wrong.

thanks in advance.

Source: http://www.livejournal.com/community/mysql/50317.html

Date: 03/15/05 (Web Development)    Keywords: php, mysql, html, database, sql, java, web

This is long so a cut tag...

So recently I’ve been working on some new stuff. In recent versions of Mozilla (including Firefox) there is now a SOAP client. This means that a web application can access the server at any time, and not just when the page loads. This means a huge amount of flexibility is now available to the developer in a DHTML application. I have been playing with this for several months and realized that a large amount of the code is very repetitive.

I am working on a application to build these applications. I have a DHTML page which lets you model your application. It pulls table and index definitions from a MySQL database, and then it lets you set up validation rules for each field, set up custom SQL queries (In addition to a number of automatically generated ones), set field labels, and change other things about the data model.




So far I can auto generate
* DHTML Forms
* Javascript glue for the forms
* Javascript to wrap the soap functions into simple javascript methods.
* PHP classes to access a mysql database
* A wrapper to serve the PHP classes up as SOAP.

Still to do

* Data validation
* Unit test frameworks
* Installer scripts for a generated application

For more information see my wiki
I plan to have the code on source forge (project “xulbuilder”) today or tomorrow

Source: http://www.livejournal.com/community/webdev/181661.html

Date: 03/15/05 (MySQL Communtiy)    Keywords: php, mysql, database, sql

I'm working on a database table and am having trouble getting the dates added properly. I want two date fields, one to store the date the record was created, the other to store the date it was last modified. However, I can't figure out how to get the fields to hold anything but a bunch of zeros. I've tried TIMESTAMP and DATETIME and using the PHP time function and reading through the mysql.com documentation and am still in the dark. Any help would be appreciated.

Source: http://www.livejournal.com/community/mysql/50849.html

Date: 03/16/05 (PHP Community)    Keywords: php, mysql, sql, java

Does anybody read about creating MySql connection's pool in PHP like in Java2EE. I have read a LOT about mysql_connect and mysql_pconnect but no one word about pools.

Source: http://www.livejournal.com/community/php/273139.html

Date: 03/16/05 (PHP Community)    Keywords: php, mysql, database, sql

I have a timestamp in my MySQL database. I grab the information along with the other table information using a select, then want to display it in my PHP pages. However, everything I've tried turns up really funny displays. Is there a way in PHP to format MySQL timestamps?

Source: http://www.livejournal.com/community/php/273803.html

Date: 03/17/05 (PHP Community)    Keywords: php, mysql, browser, database, sql, web

Hi, thanks in advance for any advice.

I am working on a website on my PC, and I don't know anything about servers but I wanted to develop locally, so I am using a WAMP package. I would like the site to be able to display database entries from mysql that are in Japanese, but when I call them I just see question marks instead of the Japanese (using various browsers and encoding options). I can, however, just echo Japanese text in the php file and it will display properly. Also, in phpmyadmin where I am creating the database the Japanese is displaying correctly.

I don't know if it's a problem with the server, mysql, or the script, so I don't even know where to start. I have tried it with the db, table and fields collated in both sjis_japanese_ci and utf8_unicode_ci, with the same results.

Does anyone know what the problem could be? Thanks!

Source: http://www.livejournal.com/community/php/274046.html

Date: 03/17/05 (MySQL Communtiy)    Keywords: php, mysql, database, sql

Alright, so I'm a bit new to MySQL. I haven't had to work with databases much, and when I have done them, it was with Access (Ick!). Anyway, i've got a php page that I'm trying to connect to a MySQL database. This isn't how the data's going to be displayed, obviously, but I'm unsure where to go from here.


// Connecting, selecting database
$connect = mysql_connect('localhost', 'mannsye', 'nickmann1169');
if (!$connect)
die('Could not connect: ' . mysql_error());
else
echo "Connected successfully

";

$category = 1;

mysql_select_db("mannsye_conigeninformation") or die("Could not select database");

// Performing SQL query
$query = "SELECT * FROM residental_links, residental_types ";
$query += "WHERE ((residental_links.section)=(residental_types.type)) ";

$query += "ORDER BY residental_types.index, residental_links.name;";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
// Free resultset
mysql_free_result($result);

// Closing connection
mysql_close($connect);
?>


I've got my query seperated from the code, but as I know very little about MySQL, I don't know if the syntax is correct or not.


SELECT * FROM residental_links, residental_types
WHERE ((residental_links.section)=(residental_types.type))
ORDER BY residental_types.index, residental_links.name;


Whenever I try and access the database and the tables, I can connect, but I can't display any data.



Connected successfully

Query failed: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '0' at line 1



Please, any help would be appreciated.

Many thanks!
--Lisa

Source: http://www.livejournal.com/community/mysql/50953.html