2 Replies - 1609 Views - Last Post: 10 November 2007 - 03:02 PM Rate Topic: -----

#1 rrwalkertr  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 09-November 07

Php help for a simple site with mysql database

Post icon  Posted 10 November 2007 - 12:47 AM

Hi everyone, my first post here is a doozy (not sure if thats a real word or not)

Let me explain what I want to do, then ill show you what i have done so far. I want a page that i can use to run a online racing series. The drivers in the series would register and log on to this site. once logged in, they would have access to their profile that would give them info like how much money they have for cars, the cars they own, etc. Now, there needs to be an admin page where the admin can modify their money, so if they bought a car i could reduce their money by x amount or just change a text value to the new value. The admin page would need to show all users and the ability to modify their stuff. The users need access to their own info with ability to change it. I figure for the cars they own, i could do a simple text box or something that they can change and store on database. I would also like to incorporate a team database that would take members and place them on teams and combine their money. The teams can also hire drivers for certain races and so forth so i might need to figure that in as well. Anyway, i am new to writing php but have been re writing and modifying others code for a while, simple style sheet stuff. I have a good knowledge of the web and html.

So far i have a test page that allows a user to register and log in, this is being done with simple session stuff.

<?php
session_start();
// dBase file
include "dbConfig.php";

if ($_GET["op"] == "login")
 {
 if (!$_POST["username"] || !$_POST["password"])
  {
  die("You need to provide a username and password.");
  }
 
 // Create query
 $q = "SELECT * FROM `dbUsers` "
  ."WHERE `username`='".$_POST["username"]."' "
  ."AND `password`=PASSWORD('".$_POST["password"]."') "
  ."LIMIT 1";
 // Run query
 $r = mysql_query($q);

 if ( $obj = @mysql_fetch_object($r) )
  {
  // Login good, create session variables
  $_SESSION["valid_id"] = $obj->id;
  $_SESSION["valid_user"] = $_POST["username"];
  $_SESSION["valid_time"] = time();

  // Redirect to member page
  Header("Location: members.php");
  }
 else
  {
  // Login not successful
  die("Sorry, could not log you in. Wrong login information.");
  }
 }
else
 {
//If all went right the Web form appears and users can log in
 echo "<form action=\"?op=login\" method=\"POST\">";
 echo "Username: <input name=\"username\" size=\"15\"><br />";
 echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
 echo "<input type=\"submit\" value=\"Login\">";
 echo "</form>";
 }
?>



thats the login php file

the site works up til i start trying to create a page that allows the user to input data to the database like the money and stuff, i cannot get this working. I would love to get with someone who does not mind working me through this project. please let me know what else you would need and i will supply my email addy, msn messenger addy, aim screen name and i use skype.

thanks a ton.

Is This A Good Question/Topic? 0
  • +

Replies To: Php help for a simple site with mysql database

#2 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4309
  • View blog
  • Posts: 12,088
  • Joined: 18-April 07

Re: Php help for a simple site with mysql database

Posted 10 November 2007 - 10:17 AM

I just wanted to make one quick comment on the login code you provided. Make sure you always validate information coming from the user before ever including it in a query like this. If the user was malicious, they could easily put in query building text that would inject SQL statements into your code and compromise your security.

You have taken one good step by doing a concatenation rather than putting the variable directly into the query, but you should also escape the text (using something like mysql_real_escape_string(). Also make sure the length and data types match what you expect the username and password to be.

Failure to validate incoming data from the user can cause a security problem in your application and make it hackable. Just thought I would bring that up.

As for seeking help with your project, you might want to try the job offers forum and see if you get a response there.

Good luck with the project. :)
Was This Post Helpful? 0
  • +
  • -

#3 rrwalkertr  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 09-November 07

Re: Php help for a simple site with mysql database

Posted 10 November 2007 - 03:02 PM

thanks for the reply, i really want to do this myself with help from someone, so i will post in the jobs but i am not after someone doing it for me, i just need help with some of the details i cant get to work. i saw a post with this link in it http://www.devshed.c...P-Login-Script/ about the sessions, is this what you suggest i do? thanks a ton
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1