Jump to content




Usage Of Php


11 replies to this topic

#1 makerimages

  • Members
  • 236 posts

Posted 21 September 2013 - 07:32 AM

heres my code on the server, pass not real

<?php
$user="a7255804_IDS";
$password="somepass";
$db="a7255804_IDS";
$host="mysql16.000webhost.com";
$name=hash("sha256",urldecode($_GET["name"]),false);
$pass=hash("sha256",urldecode($_GET["pass"]),false);
$con=mysqli_connect($host,$user,$password,$db) or die ("Cant connect");
if(mysqli_connect_errno($con))
{
  $sqluser="SELECT 'name' FROM 'ids' WHERE 'name'='$name' AND 'password'='$pass'";
		$sqluser_run=mysqli_query($con,$sqluser);
		if (mysqli_num_rows($sqluser_run)==1)
		{
		   echo "ok";
		}
		else
		{
		 echo "No user in system!";
		}
}
?>

heres the computer, url beginning not real

os.loadAPI("Apis/DesignUtil")
os.loadAPI("Apis/AccountSytem")
os.loadAPI("Apis/windowSystem")
DesignUtil.setDesign("whiteLightGray")
local background,topBar =DesignUtil.getDesign()
local window =windowSystem.createWindow("xxxxxxxxx",2,2,48,16,false)

function identify(name,pass)
local auth=http.get("http://somesite.com/folder/auth.php?name="..textutils.urlEncode(name).."?pass="..textutils.urlEncode(pass))
local response=auth.readAll()
auth.close()
print(response)
end

while true do
paintutils.drawImage(background,1,1)
windowSystem.drawWindow(window)
term.setBackgroundColor(colors.white)
term.setCursorPos(48/2-6,5)
print("xxxxxxxxxx name:")
term.setCursorPos(48/2-10,7)
print("xxxxxx password:")
term.setTextColor(colors.white)
term.setBackgroundColor(colors.gray)
term.setCursorPos(48/2+8,5)
print("		")
term.setCursorPos(48/2+8,7)
print("		")
term.setCursorPos(48/2+8,5)
local enteredName= read()
term.setCursorPos(48/2+8,7)
local enteredPass= read("*")
identify(enteredName,enteredPass)
end

so, its supposed to look in the db and see if theres a field with matching name and pass, if is, return the ok statement(wont return currently, since table is empty) if there isnt, it will return the other statement. Not working, nothing wont be printed on the computer side.

could the only issue really be that the table is empty at this point?

#2 Zudo

  • Members
  • 800 posts
  • LocationUK

Posted 21 September 2013 - 07:41 AM

local auth=http.get("http://somesite.com/folder/auth.php?name="..textutils.urlEncode(name).."?pass="..textutils.urlEncode(pass))

This line is incorrect. It should say:

local auth=http.get("http://somesite.com/folder/auth.php?name="..textutils.urlEncode(name).."&pass="..textutils.urlEncode(pass))


#3 makerimages

  • Members
  • 236 posts

Posted 21 September 2013 - 08:30 AM

not working, have the actual url in here aswell

os.loadAPI("Apis/DesignUtil")
os.loadAPI("Apis/AccountSytem")
os.loadAPI("Apis/windowSystem")
DesignUtil.setDesign("whiteLightGray")
local background,topBar =DesignUtil.getDesign()
local window =windowSystem.createWindow("Enter OSOne ID information",2,2,48,16,false)

function identify(name,pass)
local auth=http.get("http://osone.uphero.com/serverside/auth.php?name="..textutils.urlEncode(name).."&pass="..textutils.urlEncode(pass))
local response=auth.readAll()
auth.close()
error(response)
end

while true do
paintutils.drawImage(background,1,1)
windowSystem.drawWindow(window)
term.setBackgroundColor(colors.white)
term.setCursorPos(48/2-6,5)
print("OSOne ID name:")
term.setCursorPos(48/2-10,7)
print("OSOne ID password:")
term.setTextColor(colors.white)
term.setBackgroundColor(colors.gray)
term.setCursorPos(48/2+8,5)
print("	    ")
term.setCursorPos(48/2+8,7)
print("	    ")
term.setCursorPos(48/2+8,5)
local enteredName= read()
term.setCursorPos(48/2+8,7)
local enteredPass= read("*")
identify(enteredName,enteredPass)
end


#4 makerimages

  • Members
  • 236 posts

Posted 21 September 2013 - 09:16 AM

latest code:

server
<?php
$user="a7255804_IDS";
$password="LIMPA112";
$db="a7255804_IDS";
$host="mysql16.000webhost.com";
$name=urldecode($_GET["name"]);
$pass=hash("sha256",urldecode($_GET["pass"]),false);
$con=mysqli_connect($host,$user,$password,$db) or die ("Cant connect");
if(mysqli_connect_errno($con))
{
$sqluser="SELECT 'name' FROM 'ids' WHERE 'name'='$name' AND 'password'='$pass'";
        $sqluser_run=mysqli_query($con,$sqluser);
        if (mysqli_num_rows($sqluser_run)==1)
        {
           echo("ok");
        }
        else
        {
         echo("No user in system!");
        }
}

?>

comp:

os.loadAPI("Apis/DesignUtil")
os.loadAPI("Apis/AccountSytem")
os.loadAPI("Apis/windowSystem")
DesignUtil.setDesign("whiteLightGray")
local background,topBar =DesignUtil.getDesign()
local window =windowSystem.createWindow("Enter OSOne ID information",2,2,48,16,false)

function identify(name,pass)
local auth=http.get("http://osone.uphero.com/serverside/auth.php?name="..textutils.urlEncode(name).."&pass="..textutils.urlEncode(pass))
local response=auth.readAll()
auth.close()
error(response)
end

while true do
paintutils.drawImage(background,1,1)
windowSystem.drawWindow(window)
term.setBackgroundColor(colors.white)
term.setCursorPos(48/2-6,5)
print("OSOne ID name:")
term.setCursorPos(48/2-10,7)
print("OSOne ID password:")
term.setTextColor(colors.white)
term.setBackgroundColor(colors.gray)
term.setCursorPos(48/2+8,5)
print("	    ")
term.setCursorPos(48/2+8,7)
print("	    ")
term.setCursorPos(48/2+8,5)
local enteredName= read()
term.setCursorPos(48/2+8,7)
local enteredPass= read("*")
identify(enteredName,enteredPass)
end


#5 theoriginalbit

    Semi-Professional ComputerCrafter

  • Moderators
  • 7,332 posts
  • LocationAustralia

Posted 21 September 2013 - 09:33 AM

View Postmakerimages, on 21 September 2013 - 09:16 AM, said:

latest code:
-code snip-
Are you posting the code as in you got it to work? or does it still have a problem?

In either case you really, really, really need to look into prepared statements so you're not open to SQL injection!

#6 makerimages

  • Members
  • 236 posts

Posted 21 September 2013 - 09:45 AM

it still has a problem-it wont work

#7 makerimages

  • Members
  • 236 posts

Posted 21 September 2013 - 10:21 AM

Heres what i have now on servers side, I now get some 000webhost code back, but no query result

<?php
$user="a7255804_IDS";
$password="LIMPA112";
$db="a7255804_IDS";
$host="mysql16.000webhost.com";
$name=$_GET["name"];
$pass=hash("sha256",$_GET["pass"],false);
$con=mysqli_connect($host,$user,$password,$db) or die ("Cant connect");
mysqli_select_db($con,$db);

$sqluser="SELECT 'name' FROM 'ids' WHERE 'name'='$name' AND 'password'='$pass'";

        if(mysqli_connect_errno())
        {
         echo"Whoops! something aint right!";
        }
        else
        {
        $sqluser_run=mysqli_query($con,$sqluser) ;


       if ($sqluser_run)
        {
         if(mysqli_num_rows($sqluser_run)==1)
         {
         echo("Passed.Verified");
         }
             else
          {
         echo("No user in system!");
        }
    }
}

?>

edit: current

#8 theoriginalbit

    Semi-Professional ComputerCrafter

  • Moderators
  • 7,332 posts
  • LocationAustralia

Posted 21 September 2013 - 10:28 AM

View Postmakerimages, on 21 September 2013 - 10:21 AM, said:

Heres what i have now on servers side, I now get some 000webhost code back, but no query result
What do you actually get back from the query?

#9 makerimages

  • Members
  • 236 posts

Posted 21 September 2013 - 10:38 AM

currently? nothing, i presume...nothin gbut this
<!-- Start Of Analytics Code -->
<script type="text/javascript" src="http://stats.hosting24.com/count.php"></script>
<!-- End Of Analytics Code -->



#10 theoriginalbit

    Semi-Professional ComputerCrafter

  • Moderators
  • 7,332 posts
  • LocationAustralia

Posted 21 September 2013 - 01:02 PM

Ok give this code a try. Personally I've always had issues with PHP and databases in any other way than what I've done in the code below. It's commented to tell you what's going on, but still ask questions if you have any.


<?php
    // if the name or password is missing, don't bother running through the script
    if (!(isset($_GET['name']) && isset($_GET['pass']))) {
        die("Missing login details!");
    }

    // Prefixed with input_ so you know they're from the client program
    $input_name=$_GET["name"];
    $input_pass=hash("sha256",$_GET["pass"],false);

    // Prefixed variables with db_ so you know they're for the database
    $db_user="a7255804_IDS";
    $db_password="LIMPA112";
    $db_name="a7255804_IDS";
    $db_host="mysql16.000webhost.com";

    // Created a new mysqli object for the connection
    $con = new mysqli($db_host, $db_user, $db_pass, $db_name);

    // There has been an error in the connection
    if (mysqli_connect_error()) {
        die("Could not connect to the database");
    }

    // Now if I'm going to be making code, I'm going to be doing it right, we're going to use prepared statements

    // Create the prepared statement - we tell the DBMS here to return us a count of the entries
    $query = "SELECT count(name) FROM ids WHERE name = ? AND password = ?";
    $stmt = $con->prepare($query);

    // fill in the blanks with the data, each value replaces a ? from left to right
    // "s" means string, other letters mean other types, I'm assuming you're using varchar2 in the db for these values
    // there need to be 2 "s" because there are 2 "?" in the prepared statement
    $stmt->bind_param("ss", $input_name, $input_pass)

    // execute the statement
    if (!$stmt->execute()) {
        die("An error occured while contacting the database");
    }

    // get the result of the query and place it in a variable
    $stmt->bind_result($numResults);
    $stmt->fetch();

    // check the count returned from the database and output the success
    if ($numResults != 1) {
        echo("Invalid login details!");
    } else {
        echo("Passed.Verified");
    }

    // It's always a good idea to perform cleanup, I know in PHP you don't have to with DB connections, but best to anyway!
    $stmt->close();
    $con->close();
?>

As for the analytics code being added to the page, you may have to see if you can disable that on your host, if not you'll have to remove it when you receive the webpage on the Lua end.

#11 makerimages

  • Members
  • 236 posts

Posted 21 September 2013 - 01:23 PM

did actually manage to get this working earlier. Thanks to the folks over at the IRC!

#12 theoriginalbit

    Semi-Professional ComputerCrafter

  • Moderators
  • 7,332 posts
  • LocationAustralia

Posted 21 September 2013 - 01:39 PM

Ok, its good that you got it working. Still though use prepared statements, if you don't you will have people doing SQL injections on your database within minutes of you releasing your program.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users