Digital Workshop

Welcome to the Digital Workshop Message Boards
It is currently December 22nd, 2024, 6:22 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Post Web Data - Part 3: Log-in Example
PostPosted: May 4th, 2005, 11:43 am 
Offline

Joined: October 25th, 2004, 12:27 pm
Posts: 526
Location: Digital Workshop
The following PHP script should give you some idea as to how to create a log-in interface in Opus:

Code:
<?php

$user = $HTTP_POST_VARS['user'];
$pass = $HTTP_POST_VARS['pass'];

$DBhost = "localhost";
$DBuser = "username";
$DBpass = "password";
$DBName = "mydb";

$connect = mysql_connect($DBhost,$DBuser,$DBpass);
$db = mysql_select_db($DBName,$connect);

$query = "SELECT * FROM tablename WHERE username='$user'";
$result = mysql_query($query, $connect);

$resultRow=mysql_fetch_array($result);
$storedpassword=$resultRow[userpassword];
$storeduser = $resultRow[username];

if ($password==$storedpassword) {
echo "&success=1";
} else {
echo "&success=0";
}

?>


If the username and password are correct, a name-value pair of "success" and "1" is transmitted via the echo function.

If the username and password do not match, the name "success" and value "0" are transmitted.

You would therefore need to use the ''Destination' tab of the existing Post Web Data action to retrieve this name-value pair and store it to a variable. You can then use an If statement to trigger different actions depending on the value of the target variable, such as showing an 'Invalid Login' message or displaying the next page if the login was successful.


For this message Robin Garrett has been thanked by : mackavi


Top
 Profile Visit website  
 
 Post subject: hi,
PostPosted: June 7th, 2009, 8:03 pm 
Offline

Joined: May 20th, 2006, 4:53 pm
Posts: 43
Location: Italy
Opus: Opus Pro 7.01
OS: Windows 7
can you post any example for this script?
i've some problem to generate the login func

Thnaks

_________________
Software: Opus v7.01
OS: Windows 7 64 bit
Hardware: In progress


For this message Mikolson05 has been thanked by : mackavi


Top
 Profile Visit website  
 
 Post subject: dont understand the logic
PostPosted: September 18th, 2009, 11:05 am 
Offline

Joined: December 11th, 2004, 12:51 am
Posts: 36
Location: UK
I don't understand the logic in this.

This example seems to connect to the database using:
$connect = mysql_connect($DBhost,$DBuser,$DBpass)

with the $DBuser and $DBpass already defined as before.

It then goes on to check that the 'user' and 'pass' parameters input into the opus login page are the same as some written within the database?

Surely there is no need to write a username and password into the database? and hardly secure because you've already connected to the database?

Why not just input the 'user' and 'pass' parameters into the opus login page, but then use them to try and connect to the database, i.e. set $DBuser and $DBpass to 'user' and 'pass' somehow?

I'm very new at this, so maybe I'm missing something here.

Any help appreciated.

/Mark


For this message markatnicebrook has been thanked by : mackavi


Top
 Profile  
 
 Post subject:
PostPosted: September 19th, 2009, 10:35 am 
Offline
Godlike
Godlike
User avatar

Joined: March 21st, 2007, 10:44 am
Posts: 3188
Location: UK
Opus: Evolution
YES THERE REALLY IS!!

Imagine a bank vault full of safety despotit boxes - you need a key (user name & password) for the vault and INDIVIDUAL keys (user names & passwords) for the boxes.

If the keys for both systems were the same it would be a bad day at the 'help yourself bank' :-)

Mack

_________________
When you have explored all avenues of possibilities, what ever remains, how ever improbable, must be the answer.

Interactive Solutions for Business & Education
Learn Anywhere. Learn Anytime.

www.interaktiv.co.uk
+44 (0) 1395 548057


Top
 Profile Visit website  
 
 Post subject: almost there
PostPosted: September 19th, 2009, 2:48 pm 
Offline

Joined: December 11th, 2004, 12:51 am
Posts: 36
Location: UK
Thanks for the reply.

OK, I think I am getting a little closer to understanding this. There is a password for:
- the data base (the 'bank')
- each table in the database (each 'deposit box' in the bank)

Correct?

With regards to the database username and password:
I have found conflicting advice on whether the database username and password should be written directly into the php file in the website root directory.

One recommendation was to use the INCLUDE function to copy them in from another php file in another directory.

Another recommendation was not to worry about the database username and password in the php file, as they cannot be easily accessed.

I would have thought that a better option would have been to have the database username and password stored in the Opus publication, then pass this information through to the php file which it then uses to connect to the database....but maybe this is not possible?
If possible, this would mean that the database username and password would not be stored in any php file. It would be stored in the Opus publication (swf) file insead which I assume is more secure?

/Mark


For this message markatnicebrook has been thanked by : mackavi


Top
 Profile  
 
 Post subject:
PostPosted: September 19th, 2009, 3:04 pm 
Offline
Godlike
Godlike
User avatar

Joined: March 21st, 2007, 10:44 am
Posts: 3188
Location: UK
Opus: Evolution
I've never tested the security of it in that much detail but here are a few thoughts.

1. If the username / password are in the SWF file, then they must be passed to the database over the internet connection. I assume that if this is unencrypted (not https) then you could read them.

2. I don't think SWF files are encrypted and thus it might be possible to extract such information.

3. No you shouldn't be able to see the contents of a PHP after all its a server side language not client BUT I recommend to our clients that they use include for a file outside of root. It's simple and adds an extra layer IMHO.

Mack

_________________
When you have explored all avenues of possibilities, what ever remains, how ever improbable, must be the answer.

Interactive Solutions for Business & Education
Learn Anywhere. Learn Anytime.

www.interaktiv.co.uk
+44 (0) 1395 548057


Top
 Profile Visit website  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 18 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group