Professional Web Applications Themes

Inquiry from almost total newbie - MySQL

Good day, and thank you in advance for any help. I am a new MySQL user, and have just recently begun to learn something about PHP. I usually work with MS Access, and I can build databases, queries, table and so forth. So I think I understaqnd that stuff well enough to do most of what I want to do, but my project includes some stuff that I'm not familiar with. I am slowly working through the process of putting a small database on line for an organization that I help to run. The database will list events in certain ...

  1. #1

    Default Inquiry from almost total newbie

    Good day, and thank you in advance for any help.

    I am a new MySQL user, and have just recently begun to learn something about
    PHP. I usually work with MS Access, and I can build databases, queries,
    table and so forth. So I think I understaqnd that stuff well enough to do
    most of what I want to do, but my project includes some stuff that I'm not
    familiar with.

    I am slowly working through the process of putting a small database on line
    for an organization that I help to run. The database will list events in
    certain geographic areas, and the user/visitor will be able to select the
    geographic area in which he or she has an interest. It is not going to be a
    huge pile of data.

    We (those of us who run the organization) do not want to spend a lot of time
    maintaining this data, and there will be a relatively small number of people
    who we will want to be able to set up an event. I would like to allow anyone
    with a password, or some other way to log in, to be able to put their own
    data in, and wait for someone from my organization to approve it. So, my
    question is this - what is the best way to keep invalid logins from getting
    to the input form? I guess I need to check the log-in data against another
    database - or do I? Any tutorials on this subject, or on DB security, in
    general, will be appreciated.

    Thanks...


    Steve E.




    Serious_Practitioner Guest

  2. #2

    Default Re: Inquiry from almost total newbie

    Serious_Practitioner wrote:
    > Good day, and thank you in advance for any help.
    >
    > I am a new MySQL user, and have just recently begun to learn something about
    > PHP. I usually work with MS Access, and I can build databases, queries,
    > table and so forth. So I think I understaqnd that stuff well enough to do
    > most of what I want to do, but my project includes some stuff that I'm not
    > familiar with.
    >
    > I am slowly working through the process of putting a small database on line
    > for an organization that I help to run. The database will list events in
    > certain geographic areas, and the user/visitor will be able to select the
    > geographic area in which he or she has an interest. It is not going to be a
    > huge pile of data.
    >
    > We (those of us who run the organization) do not want to spend a lot of time
    > maintaining this data, and there will be a relatively small number of people
    > who we will want to be able to set up an event. I would like to allow anyone
    > with a password, or some other way to log in, to be able to put their own
    > data in, and wait for someone from my organization to approve it. So, my
    > question is this - what is the best way to keep invalid logins from getting
    > to the input form? I guess I need to check the log-in data against another
    > database - or do I? Any tutorials on this subject, or on DB security, in
    > general, will be appreciated.

    There at least two ways to achieve this:

    a) Secure the directory with the input form with a .htaccess file if you
    are running Apache.

    b) Program a small login script with PHP. A pseudo PHP code would look
    like this:

    <?php

    if user is not logged in
    ask for user and password in login form
    check user and password against database
    if user and password matches
    show input form
    else
    show login form again
    ?>

    You can store the state of your user in PHP within a session()

    For starting you can use something like this:
    <?php
    // Check user/password or show login form
    if (isset($_POST['user']) && isset($_POST['pass'])
    && $_POST['user'] != '' && $_POST['pass'] != ''
    && !isset($_SESSION['handel_login'])) {

    // Prevent SQL injection
    $user = mysql_real_escape_string($_POST['user']);
    $pass = mysql_real_escape_string($_POST['pass']);

    $sql = "SELECT email, pass
    FROM login
    WHERE email = '" . $user ."'
    AND pass = '" . $pass ."'
    ";
    $res = mysql_query("$sql")
    or die("Wrong query: " . mysql_error());

    // If we have exactly one result, the user/pass is correct
    if (mysql_num_rows($res) == 1) {
    $row = mysql_fetch_row($res);
    $_SESSION['t_haendler_id'] = $row[0];
    $_SESSION['handel_login'] = true;
    // Show input form
    require_once 'input_form.php';
    } else {
    // sleep(3);
    $my_error = "Wrong login, please try again<br />";
    unset($_SESSION);
    session_destroy();
    }
    } else {
    ?>
    <div class="content">
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <table>
    <tr>
    <td colspan="2" align="left">
    <h2>Please login</h2></td>
    </tr>
    <tr>
    <td align="right">
    <b>Username:</b></td>
    <td>
    <input type="text" name="user" size="30" maxlength="80" /></td>
    </tr>
    <?php
    if (isset($_POST['submit']) && isset($_POST['user']) && $_POST['user']
    == '') {
    ?>
    <tr>
    <td>&nbsp;</td>
    <td class="error">
    Please provide username!</td>
    </tr>
    <?php
    }
    ?>
    <tr>
    <td align="right">
    <b>Passwort:</b></td>
    <td>
    <input type="password" name="pass" size="30" maxlength="20" /></td>
    </tr>
    <?php
    if (isset($_POST['submit']) && isset($_POST['pass']) && $_POST['pass']
    == '') {
    ?>
    <tr>
    <td>&nbsp;</td>
    <td class="error">
    Please provide password!</td>
    </tr>
    <?php
    }
    ?>
    <tr>
    <td>
    <input type="reset" name="reset" value="Reset" /></td>
    <td>
    <input type="submit" name="submit" value="Login" /></td>
    </tr>
    </table>
    </form>

    </div>
    <?php
    }
    ?>


    Regards, Hakan
    Hakan Kuecuekyilmaz Guest

  3. #3

    Default Re: Inquiry from almost total newbie


    "Hakan Kuecuekyilmaz" <hakanlisas.de> wrote in message
    news:dih5b1$h06$01$1news.t-online.com...
    > Serious_Practitioner wrote:
    >> Good day, and thank you in advance for any help.
    >>
    >> I am a new MySQL user, and have just recently begun to learn something
    >> about PHP. I usually work with MS Access, and I can build databases,
    >> queries, table and so forth. So I think I understaqnd that stuff well
    >> enough to do most of what I want to do, but my project includes some
    >> stuff that I'm not familiar with.
    >>
    >> I am slowly working through the process of putting a small database on
    >> line for an organization that I help to run. The database will list
    >> events in certain geographic areas, and the user/visitor will be able to
    >> select the geographic area in which he or she has an interest. It is not
    >> going to be a huge pile of data.
    >>
    >> We (those of us who run the organization) do not want to spend a lot of
    >> time maintaining this data, and there will be a relatively small number
    >> of people who we will want to be able to set up an event. I would like to
    >> allow anyone with a password, or some other way to log in, to be able to
    >> put their own data in, and wait for someone from my organization to
    >> approve it. So, my question is this - what is the best way to keep
    >> invalid logins from getting to the input form? I guess I need to check
    >> the log-in data against another database - or do I? Any tutorials on this
    >> subject, or on DB security, in general, will be appreciated.
    >
    >
    > There at least two ways to achieve this:
    >
    > a) Secure the directory with the input form with a .htaccess file if you
    > are running Apache.
    >
    > b) Program a small login script with PHP. A pseudo PHP code would look
    > like this:
    >
    > <?php
    >
    > if user is not logged in
    > ask for user and password in login form
    > check user and password against database
    > if user and password matches
    > show input form
    > else
    > show login form again
    > ?>
    >
    > You can store the state of your user in PHP within a session()
    >
    > For starting you can use something like this:
    > <?php
    > // Check user/password or show login form
    > if (isset($_POST['user']) && isset($_POST['pass'])
    > && $_POST['user'] != '' && $_POST['pass'] != ''
    > && !isset($_SESSION['handel_login'])) {
    >
    > // Prevent SQL injection
    > $user = mysql_real_escape_string($_POST['user']);
    > $pass = mysql_real_escape_string($_POST['pass']);
    >
    > $sql = "SELECT email, pass
    > FROM login
    > WHERE email = '" . $user ."'
    > AND pass = '" . $pass ."'
    > ";
    > $res = mysql_query("$sql")
    > or die("Wrong query: " . mysql_error());
    >
    > // If we have exactly one result, the user/pass is correct
    > if (mysql_num_rows($res) == 1) {
    > $row = mysql_fetch_row($res);
    > $_SESSION['t_haendler_id'] = $row[0];
    > $_SESSION['handel_login'] = true;
    > // Show input form
    > require_once 'input_form.php';
    > } else {
    > // sleep(3);
    > $my_error = "Wrong login, please try again<br />";
    > unset($_SESSION);
    > session_destroy();
    > }
    > } else {
    > ?>
    > <div class="content">
    > <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    > <table>
    > <tr>
    > <td colspan="2" align="left">
    > <h2>Please login</h2></td>
    > </tr>
    > <tr>
    > <td align="right">
    > <b>Username:</b></td>
    > <td>
    > <input type="text" name="user" size="30" maxlength="80" /></td>
    > </tr>
    > <?php
    > if (isset($_POST['submit']) && isset($_POST['user']) && $_POST['user'] ==
    > '') {
    > ?>
    > <tr>
    > <td>&nbsp;</td>
    > <td class="error">
    > Please provide username!</td>
    > </tr>
    > <?php
    > }
    > ?>
    > <tr>
    > <td align="right">
    > <b>Passwort:</b></td>
    > <td>
    > <input type="password" name="pass" size="30" maxlength="20"
    > /></td>
    > </tr>
    > <?php
    > if (isset($_POST['submit']) && isset($_POST['pass']) && $_POST['pass'] ==
    > '') {
    > ?>
    > <tr>
    > <td>&nbsp;</td>
    > <td class="error">
    > Please provide password!</td>
    > </tr>
    > <?php
    > }
    > ?>
    > <tr>
    > <td>
    > <input type="reset" name="reset" value="Reset" /></td>
    > <td>
    > <input type="submit" name="submit" value="Login" /></td>
    > </tr>
    > </table>
    > </form>
    >
    > </div>
    > <?php
    > }
    > ?>
    >
    >
    > Regards, Hakan
    Hi, Hakan -

    My goodness! Thanks so much. I have to study this, figure out what it does
    and how to modify it to suit my installation, but thank you EVER so much for
    the great start on a solution.


    Steve E.







    Serious_Practitioner Guest

Similar Threads

  1. Total Newbie Needs Help
    By pflynn02 in forum Coldfusion - Getting Started
    Replies: 0
    Last Post: March 13th, 03:24 AM
  2. Newbie - Sum the total
    By Alan in forum ASP Database
    Replies: 5
    Last Post: July 20th, 07:43 PM
  3. preg_match_all total newbie
    By Tim Van Wassenhove in forum PHP Development
    Replies: 1
    Last Post: January 18th, 02:02 AM
  4. Total newbie to this!
    By Duo Maxwell1 in forum Adobe Photoshop Elements
    Replies: 18
    Last Post: August 30th, 06:47 PM
  5. Total newbie: ASP.NET or Coldfusion ?
    By Kevin Spencer in forum ASP.NET General
    Replies: 6
    Last Post: June 27th, 02:57 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139