Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>It is so important that new programmers learn to do username/password authentication properly I felt it necessary to write this longer post.</p> <p>Firstly, as eicto pointed out, the mysql extension is both deprecated and should really not even be used ever.</p> <p>So to the metal.<br> visit php.net and learn about <a href="http://ca1.php.net/pdo" rel="nofollow">PDO</a></p> <p>Never store unencoded passwords.</p> <p>here is what you should do:</p> <p>set up PDO:</p> <pre><code>// you need to store $link somewhere. in a class preferrably function InitPDO(&amp;$link) { // havet the database handle all strings as UTF-8. $options = array('PDO::MYSQL_ATTR_INIT_COMMAND' =&gt; 'set names utf8'); $link = new PDO ( 'mysql:host='.$config['dsn_host'].';dbname='.$config['dsn_db'], $config['username'], $config['password'], $options ) ; // If there is an error executing database queries, have PDO to throw an exception. $link-&gt;setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $link-&gt;setAttribute(PDO::ATTR_EMULATE_PREPARES, false); } </code></pre> <p>upon registration of user.</p> <pre><code>function RegisterUser($username, $password, $company) { // hash the pwd $hpwd = hash('sha256',$password); $q ='insert into users values(username, password, company) values(?,?,?)'; $stmt = $link-&gt;prepare($q); $stmt-&gt;execute(array( $username, $hpwd, $company)); } </code></pre> <p>// validate user and return the company if successfull</p> <pre><code>function ValidateUser($username, $password, &amp;$company) { $hpwd = hash('sha256',$password); $q ='select company from users where username=? AND password=?'; $stmt = $link-&gt;prepare($q); $stmt-&gt;execute(array( $username, $hpwd)); if( ($company = $stmt-&gt;fetch(PDO::FETCH_COLUMN)) === false ) { $company = 'invalid'; // because user auth failed'; } //else all is good } </code></pre> <p>example test usage.</p> <pre><code>// assumes there is a 'login.php' and a 'invalid.php' file $link = null; InitPDO( $link ); RegisterUser('tester','password','login'); VerifyUser('tester','password', $redir ); if( file_exists( $redir . '.php' ) ) { header( 'Location: '. $redir . '.php' ); exit; } echo 'error. no valid page found to fullfill query'; </code></pre>
    singulars
    1. This table or related slice is empty.
    1. POUsing a variable to direct traffic
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USSassafras_wot
    1. USSassafras_wot
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. COParse error: syntax error, unexpected ';' for the 4th line of code. I agree that this is important and that is why I am trying to make sure that I understand it. It has been mentioned to me about the deprecated code I will make sure that I start to learn the changes. Thanks for your help. I have been struggling with this for a week ad a half before I turned to the community.
      singulars
      1. PO
      1. UStom simo
    2. COI added the ; at the end of the line and that cleared that and I added the extra perens. Now it seems to be working because I get a blank page. Any advice on how to use the company to move them along and can I keep the company to then determine content when they get to the user page?
      singulars
      1. PO
      1. UStom simo
    3. COI took a stab in the dark and surmised you'd infer that the 'invalid company ...' text would be the name of your default 'invalid user' page. as far as additional meta data relating to other content based on company.. I'd suggest adding more db fields. return them and use them as you see fit.
      singulars
      1. PO
      1. USSassafras_wot
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload