Results 1 to 2 of 2
  1. #1
    Join Date
    May 2007
    Posts
    3

    Question Unanswered: Using PHPadmin to alter database

    Newbie HELP PLEASE!

    If this post belongs in mySQL forum, say so.

    I'm just beginning and I have no hair left.
    No pain, no gain!!

    My goal is to install 3rd party php programs into databases without very little experience.


    The current ojective is to modify a database.


    This is what I need to accomplish:


    Add the main administrator (via phpMyAdmin)

    a) Your Name
    b) Your Email
    c) Status = 'approved'
    d) Access = 10 (gives you administrator access)
    e) Password string encryped with md5() alg.


    I found this script on the net and my mods have ********* after them.
    Names and passwords are "******"
    It might be easier to copy and paste the script in your reply so you can edit it.

    Here are the scripts.

    I need to know if it looks good and need a line of script to accomplish step "e" above.

    I believe it goes where I put "!!!!!!!!!!!!!!!!!!!!"





    CREATE TABLE login (
    ID int NOT NULL AUTO_INCREMENT,
    user varchar(30),
    pass varchar(30),
    INDEX (ID)
    );





    <form method="post" name="login" action="process.php">
    <p>Username : <input type="text" name="**" /></p>
    <p>Password : <input type="text" password="***" /></p>
    <p><Email : <input type="text" Email="me@yahoo.com"/></p>********
    <p><Status : <input type="text" status="approved"/></p>***********
    <p><Access : <input type="text" access="10"/></p>**************
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!
    <p><input type="submit" name="submit" value="Submit" /></p>

    </form>

    <?php
    if (isset($_GET['error'])) {
    echo 'Invalid login data supplied. Please try again.';
    }
    ?>

    process.php

    <?php
    session_start();

    $dbHost = "******"; // Database Connection Details - host
    $dbUser = "****"; // Database Connection Details - username
    $dbPass = "*******"; // Database Connection Details - password
    $dbname = "******"; // Database Connection Details - database name

    $username = $_POST['username'];
    // Stores our inputted data in these variable names

    $password = $_POST['password'];
    // Stores our inputted data in these variable names

    $db = mysql_connect($dbHost,$dbUser,$dbPass); // Connection Code
    mysql_select_db($dbname,$db); // Connects to database

    $query = "SELECT user, pass FROM login WHERE user = '$username'
    AND pass = '$password'";
    $result = mysql_query($query, $db);
    if(mysql_num_rows($result)) {
    $_SESSION['loggedin'] = 1;
    header('Location: http://www.domain.com/admin.php');
    exit(); }
    else {
    header('Location: http://www.domain.com/form.php?error=1');
    exit(); }
    ?>
    process.php

    <?php
    session_start();

    $dbHost = ""; // Database Connection Details - host
    $dbUser = ""; // Database Connection Details - username
    $dbPass = ""; // Database Connection Details - password
    $dbname = ""; // Database Connection Details - database name

    $username = $_POST['username'];
    // Stores our inputted data in these variable names

    $password = $_POST['password'];
    // Stores our inputted data in these variable names

    $db = mysql_connect($dbHost,$dbUser,$dbPass); // Connection Code
    mysql_select_db($dbname,$db); // Connects to database

    $query = "SELECT user, pass FROM login WHERE user = '$username'
    AND pass = '$password'";
    $result = mysql_query($query, $db);
    if(mysql_num_rows($result)) {
    $_SESSION['loggedin'] = 1;
    header('Location: http://www.domain.com/admin.php');
    exit(); }
    else {
    header('Location: http://www.domain.com/form.php?error=1');
    exit(); }
    ?>


    Something you may not have seen before is session_start();. Here we are using sessions, this is the code to declare that
    we are doing so. The code that you may already know, have got php comments next to them, the rest I will explain.


    $query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";
    $result = mysql_query($query, $db);


    Select the fields 'user' and 'pass' from the table 'login' and give the data inside the user field the variable name $username
    and the password field the variable name $password. The second line of the code is the whole query which we are giving a
    variable name $result.


    if(mysql_num_rows($result)) {
    $_SESSION['loggedin'] = 1;
    header('Location: http://www.domain.com/admin.php');
    exit(); }
    else {
    header('Location: http://www.domain.com/form.php?error=1');
    exit(); }
    ?>



    Here we have, the if/else statement, if our variables from the form match the data inside the database then forward you
    to http://www.domain.com/admin.php. If they do not match then go back to our login form with an error.

    Still with me? good, now lets move onto our admin section.



    <?php
    session_start();

    if(!isset($_SESSION['loggedin'])) {
    header('Location: http://www.domain.com/form.php?error=1');
    exit();
    }
    ?>
    Welcome to the admin section. <a href="logout.php">Log out</a>.<br />

    You remember those sessions I was telling you about, this is where they come into play, the code we have in basic english translates to:

    <?php
    declare that we are using sessions

    if(we are not logged in forward the user to) {
    this URL('Location: http://www.domain.com/form.php?error=1');
    exit();
    }
    ?>
    If we are logged in we will be able to see our content which is displayed here.

    Easy huh? The next part would be our logout script, which is very simple. Sessions are stored in the users browser and stay
    there until they logout or close the browser window, so all we need to do on the logout script is destroy these variables.
    logout.php

    <?php
    session_start();
    // declare that we are using sessions

    session_unset();
    // unset our sessions

    session_destroy();
    // now destory them and remove them from the users browser

    header('Location: http://www.domain.com/');
    // forward you to a page of your choice

    exit(); // exit
    ?>

    Not that hard was it? If you have any questions or problems don't hesitate to contact me using the feedback form or head
    over to Weborum to contact me or any of the other talented members.

    The Weborum has very little traffic so I'm trying here.

    How am I doing?
    Nothing can hurt as much as the last 2 weeks.

    Thanks to all who help.

  2. #2
    Join Date
    Mar 2007
    Location
    636f6d7075746572
    Posts
    770
    Not sure why this was dumped into the PHP section of this forum as the answer is really related to MySQL. However, what you need to do (for step e) is encrypt your password into a MD5 format, correct? Thus you remove the need to store plain passwords (which are insecure).
    So, if you are inserting into your DB (a user), you will need a statement similar to the following :
    Code:
    INSERT INTO 
    login(user,pass)
    VALUES ('usernamehere',MD5('passwordhere'));
    MySQL has a MD5 function which allows you to encrypt plain strings. However you will need to extend your pass column in your login table to be long enough to take a MD5 string, which is 32 varchars.

    So when you are testing to see if the user is valid you do
    Code:
    SELECT ID,user,pass 
    FROM login
    WHERE user='$username'
    AND pass=MD5('$password');
    It's worth noting that I don't believe your form is passing through variables properly. Make sure you have the "name" attribute to each input.
    e.g. you are missing name="password" for the password input box and you need to set name="username" for the username input box.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •