 WebProWorld
Dev Forum |
Unable to upgrade PHP
I need to upgrade PHP to 4.3.10 because of the security issues with our current version. When I attempt to install through BASH using the ./configure command that I got from phpinfo();
Slow FTP connection & occasional "time out"
On Friday last week I uploaded a website via ftp for a customer. The connection was fast and I did all the necessary configuring without any problems at all. The site is running perfectly.
A little help with inadvertant shutdown
I am currently working on a HP 742C home PC. The problem is it shuts down either durring startup or minutes after startup. I tried Removing the PCI cards, thinking it was a PCI problem on the motherboard, but to no avail.
|
 |
| Recent Articles |
Intranet Portal Project - RAD or Waterfall?
In this short article, David Viney examines whether Rapid Application Development (RAD) or Waterfall development methodologies should be used during Intranet Portal projects.
Bill Gates Talks Office
Microsoft Chairman Bill Gates spoke at the Office Developer Conference yesterday held at Microsoft's Redmond, Washington headquarters.
Using ASP.NET to Prompt a User to Save When Leaving a Page
Previously I wrote an article titled Prompting a User to Save When Leaving a Page, which looked at how to use the client-side onbeforeunload event to display a confirmation messagebox...
Using Win32 Calling Conventions
When writing code for the Win32 platform, most developers don't pay attention to selecting a "calling convention", and in most cases it doesn't really matter much.
Oracle Unleashes Army of Developers
Oracle CEO Larry Ellison announced the release by 2008 of "Project Fusion," the company's next-generation information- oriented application architecture and application set.
Using PHP CURL Library to Scrape the Internet
Have you ever though how much information is there in DMOZ? Your entire life won't be enough to collect and sort it. Well, we had to do part of that. P.I.M. Team Bulgaria was involved in scraping the technology directories of DMOZ, google, yahoo and many more.
PHP On-The-Fly!
PHP can be used for a lot of different things, and is one of the most powerful scripting languages available on the web. Not to mention it's extremely cheap and widely used.
Sun Trying Something New ... Like Giving Away An Operating System
Sun Microsystems is trying a new marketing strategy, giving away its new Solaris 10 operating system for free. Hewlett Packard sells a printer at a low price and makes a lot of money on printer cartridges.
MySQL Database Handling in PHP
Most interactive websites nowadays require data to be presented dynamically and interactively based on input from the user. For example, a customer may need to log into a retail website to check his purchasing history.
|
|
02.15.05
Password Protection With PHP, MySQL, And Session Variables
 By Dan McConkey
One of the great promises that actually came true when our Internet-enabled world reached the twenty-first century is efficient customer-to-business interaction.
Each day, I find a new way to go through life's errands without ever waiting on hold for a bank teller, a pharmacist, or an insurance agent. I do it all online.
Internet savvy consumers are coming to expect such web empowerment. And while these information transactions usually require some sort of private data traveling the ether, you, as the webmaster, bear the burden of keeping that data away from those who have no right to it.
Since retina scans and brain wave signatures are still properties of James Bond flicks, we're stuck using plain old boring passwords.
Is this really secure?
Let's get this out of the way first. The only truly secure computer is one that's unplugged. Kind of like "the only safe car is the one that sits in your garage." Life is a risk/reward proposition and, let's face it, this (probably) isn't Fort Knox, we're securing.
 The security measures listed here are suitable for garden-variety data. I've used these schemes to write back-end website administration pages for online shopping carts. I've used them to write "partner" pages where retailers can download ads and sales data from wholesalers. I wouldn't use them to secure credit card numbers, social security numbers, or nuclear launch codes.
So what are PHP, MySQL, and session variables?
PHP is a programming language used (in this case) to write HTML. MySQL is a database. Session variable are used by web servers to track information from one page on a domain to another. This article isn't a how-to for either technology. If you aren't very comfortable with them, you could just copy and paste the code samples in this article and build yourself a basic password protected website. You could also just read the Cliff's notes for Pride and Prejudice and get a C+ in literature class. Your choice.
Let's get started with sessions
It's often been said that the web is "stateless", meaning that each web page is entirely independent, needing no other page to exist, and taking no information from the previous page. This is great for anonymous surfing from one site to the next, but it stinks for password protection. Consumers want password protected information, but they don't want to enter their password on every page. So we turn to our web server to keep track of a user while he's on our site.
Ex. 1.
<?php
session_start();
?>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http:// www.w3.org/ TR/ xhtml1/ DTD/ xhtml1-strict.dtd'>
<html xmlns="http://www.w3.org/1999/xhtml"" xml:lang="en" lang="en">
<head><title>Dan McConkey's Free Web Marketing Guide</title></head>
<body>
<p>Dan McConkey's Free Web Marketing Guide</p>
</body>
</html>
end Ex. 1
session_start() is a PHP function that looks to see if a session has already been started then does one of two things:
1. If a session has been started, it does nothing.
2. If a session has not been started, it begins one.
It is important to note that session_start() must occur before any other PHP on the page, if you want it to work. Begin every password-protected page with it. Validation
Now let's think basic validation. What sorts of things do we need to accomplish?
* First, we need to check to see if the user has already logged in, so we don't ask for a password on every page. If our user has already logged in, we pass him or her through to the secure content.
* If the user hasn't already logged in, we need him or her to do so. So we need to write a log-in form.
* We need next to compare log-in form results with a known list of usernames and passwords. If the user checks out, we pass him or her along to the secure content.
* If the user doesn't check out, we direct him or her back to the log-in screen.
* Lastly, we need to provide the user the ability to log out.
So let's start with a basic frame-work that we'll fill in later.
Read the Rest of the Article.
About the Author:
Dan McConkey is a freelance web marketing professional, working in and around Charlotte, NC. In the web, Dan has found an amazing potential for lead generation for businesses. Using traditional advertising theories, appropriate technologies, and a little common sense, your electronic marketing campaigns can easily be your most effective.
Dan maintains Dan McConkey's Free Web Marketing Guide at http://www.dmcconkey.com
dmcconkey@yahoo.com |
|
