PHP-Projekt/Testdatenbank: Unterschied zwischen den Versionen

Aus Mikiwiki
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
 
(2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 188: Zeile 188:
}
}


?>
</source>
== mysql_authentification.php ==
Erfordert
* base/database.md.base.inc.php
Quelltext:
<source lang=php enclose=div>
<?php
## Name          mysql_authentification.php
## Description 
### FUNCTIONS ###
function authenticate()
{
  header('WWW-authenticate: basic realm="Musikdatenbank"');
  header('HTTP/1.0 401 Unauthorized');
  echo <<<INFO
  Du benoetigst einen gueltigen Benutzernamen
  ...
INFO;
  exit;
}
##### MAIN PROGRAM #####
if(!isset($_SERVER['PHP_AUTH_USER']))
{
  authenticate();
}
else
{
  include("base/database.md.base.inc.php");
  $id    = strtolower($_SERVER['PHP_AUTH_USER']);
  $query = mysql_query("
    SELECT * FROM t_authentication 
    WHERE f_authentication_name    = '$id'
      AND f_authentication_password = '{$_SERVER['PHP_AUTH_PW']}'
    ");
  if(!mysql_num_rows($query))
  {
    authenticate();
  }
}
?>
?>
</source>
</source>

Aktuelle Version vom 31. März 2009, 21:16 Uhr

Auf Rechner "kanzler".

Anlegen der Datenbank "md".

$ mysql -u root -p
mysql> create database md;
mysql> quit

Anlegen Verzeichnis mit PHP-Skripten.

$ cd /WWW
$ sudo mkdir md && sudo chown mik:mik md

base/phpinfo.php

Quelltext:

<?php
phpinfo();
?>

base/database.md.base.inc.php

Erfordert

  • base/server.mysql.inc.php

Bereitgestellte Variablen

  • $database
  • $connection

Verwendete Funktionen

  • mysqlconnection()
  • mysqldie()

Quelltext:

<?php

### Name          database.md.base.inc.php
### Description   Standard variables and functions with database "md"

require("server.mysql.inc.php");

### VARIABLES ###

$database   = "md";
$connection = mysqlconnection("{$database}",
                              "database.{$database}.password.inc.php")
                or mysqldie("Unable to connect");
?>

base/database.md.password.inc.php

Diese Datei sollte später in ein anderes Verzeichnis verschoben werden, das mit ".htaccess" gegen allgemeines Herunterladen geschützt ist. Die include-Zeilen in den anderen Dateien müssen dann entsprechend angepasst werden.

Bereitgestellte Variablen

  • $mysqluser
  • $mysqlpassword
  • $mysqlserver

Quelltext:

<?php

### Name          database.md.password.inc.php
### Description   

### VARIABLES ###

## Doesn't work if $mysqlhost = "kanzler"
## "localhost" or "127.0.0.1" or "" are OK
## also check "bind-address" in file "/etc/mysql/my.cnf"

$mysqlhost     = "localhost";   # name of host on which Mysql is running
$mysqluser     = "root";        # Mysql user
$mysqlpassword = "xxxxxx";      # password
?>

base/server.mysql.inc.php

Bereitgestellte Funktionen

  • mysqlconnection()
  • mysqldie()
  • mysqlinsert()
  • mysqlselect()

Verwendete Variablen

  • $mysqluser
  • $mysqlpassword
  • $mysqlserver

Quelltext:

<?php

## Name          server.mysql.inc.php
## Description   Basic MySQL input and output functions


### FUNCTIONS ###

## Connecting with MySQL, activating database "md"; in case of a
## connection error, show a complete HTML document with a short error message
function mysqlconnection($mysqldatabase, $passwordfile) {
  ## In order to increase the security of this project, 
  ## move database.md.password.inc.php to another directory which is protected
  ## against general download by .htaccess and change the include line accordingly
  require($passwordfile);
  ## "@" suppresses PHP error messages in case of connection error
  $connection = @mysql_connect($mysqlhost, $mysqluser, $mysqlpassword);
  if ($connection) {
    mysql_select_db($mysqldatabase);
    return $connection;
  }
  ## In case of connection error show complete HTML file with error message
  else {
    echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">";
    echo "<html>";
    echo "<head>";
    echo "<title>No connection</title>";
    echo "</head>";
    echo "<body>";
    echo "<p>No connection to database</p>";
    echo "</body>";
    echo "</html>";
    ## Quit PHP interpreter
    exit();
  }
}

function mysqldie($errortext)
{
  $message = mysql_error();
  $number  = mysql_errno();
  return  "[{$errortext}] ( {$number} : {$message} )<br />\n";
  exit;
}

function mysqlinsert($tarray) {
  ## number of insert fields
  $noif   = count($tarray["insert"]);
  $insert = "insert into {$tarray["t"]} (";
  for ($i = 0; $i < $noif; $i++) {
    $insert .= $tarray["fname"][$tarray["insert"][$i]];
    if ($i < $noif - 1) {
      $insert .= ",";
    }
  }
  $insert .= ") values (";
  for ($i = 0; $i < $noif; $i++) {
    $insert .= "'{$tarray["fvalue"][$tarray["insert"][$i]]}'";
    if ($i < $noif - 1) {
      $insert .= ",";
    }
  }
  $insert .= ")";
  return $insert;
}

function mysqlselect($resultfields, $tarray) {
  ## number of clauses
  $noc    = count($tarray["clause"]);
  ## number of select fields
  $nosf   = count($resultfields);
  $select = "select ";
  for ($i = 0; $i < $nosf; $i++) {
    $select .= $tarray["fname"][$resultfields[$i]];
    if ($i < $nosf - 1) {
      $select .= ",";
    }
  }
  $select .= " from {$tarray["t"]} where ";
  for ($i = 0; $i < $noc; $i++) {
    $select .= $tarray["fname"][$tarray["clause"][$i]];
    $select .= " = '{$tarray["fvalue"][$tarray["clause"][$i]]}'";
    if ($i < $noc - 1) {
      $select .= " and ";
    }
  }
  return $select;
}

?>

mysql_authentification.php

Erfordert

  • base/database.md.base.inc.php

Quelltext:

<?php

## Name          mysql_authentification.php
## Description   

### FUNCTIONS ###

function authenticate() 
{
  header('WWW-authenticate: basic realm="Musikdatenbank"');
  header('HTTP/1.0 401 Unauthorized');
  echo <<<INFO
  Du benoetigst einen gueltigen Benutzernamen
  ...
INFO;
  exit;
}

##### MAIN PROGRAM #####

if(!isset($_SERVER['PHP_AUTH_USER'])) 
{
  authenticate();
} 
else 
{
  include("base/database.md.base.inc.php");
  $id    = strtolower($_SERVER['PHP_AUTH_USER']);
  $query = mysql_query("
    SELECT * FROM t_authentication  
     WHERE f_authentication_name     = '$id' 
       AND f_authentication_password = '{$_SERVER['PHP_AUTH_PW']}'
    ");
  if(!mysql_num_rows($query)) 
  {
    authenticate();
  }
} 
?>

Weiteres

Apache-Errorlog unter "/var/log/apache2/error.log"