Mysql getting the power to store so much of values and getting more powerful and big brands like  AKA SUN Micro Systems supporting it (Now Part of Oracle Group). Can you ever imagine the power of the small tiny database can store in the values so much there.
So lets start the way we would go about it only from quatre-bornes.com site

HOW YOU CAN SIMPLY STORE YOUR CONTENT INSIDE YOUR DATABASE

You can hold your entire site, both coding and content, in a MySQL Database. Your PHP file then retrieves this information from the database.

To see how really these things which are said in here are possible we are going to build a very simple site with all the information and coding stored in the MySQL database.

Create the Tables

The first thing we need to do is create the database tables to store this information. Since we are making a very simple site we will only make two tables, one for code and one for content. Execute this code to create the database tables:

CREATE TABLE template (template_id INT(4) NOT NULL AUTO_INCREMENT PRIMARY KEY, Head_Open VARCHAR(60), Head_Close VARCHAR(60), Page_End VARCHAR(60), Date VARCHAR(60));

CREATE TABLE content (content_id INT(4) NOT NULL AUTO_INCREMENT PRIMARY KEY, title VARCHAR(60), body MEDIUMBLOB);

Add Some Data

Now we need to add data to the tables. If you were adding information on a regular basis, it might be easiest to add it from a web browser. In our case we will just add it in manually to demonstrate how to retrieve it from the database and use it. Remember if you are adding it from the web, you need to consider addslashes and magic quotes.

INSERT INTO content (title, body) VALUES ( “MyPage”, “This is my sample page, where I will use PHP and MySQL to template my website. <p> Here is a list of things I like <ul><li>PHP Code</li><li>MySQL</li><li>

<a href=http://www.quatre-bornes.com>PHP at quatre-bornes.com</a></li></ul><p> That is the end of my content.”) ;

INSERT INTO template (Head_Open, Head_Close, Page_End, Date) VALUES ( “<html><head><title>”, “</title><body>”, “</body></html>”, “$b = time (); print date(‘m/d/y’,$b) . ‘<br>’;”);

We can make additional pages simply by adding additional rows to the table called content. Likewise, we could make additional templates by adding a new row to the table called template.

Build the Page

Now all we need to do is call this information from our PHP file. We can do that like this:

<?php

// Connects to your Database

mysql_connect(“your.hostaddress.com”, “username”, “password”) or die(mysql_error());

mysql_select_db(“Database_Name”) or die(mysql_error());

//This retrieves the template and puts into an array. No where clause is used, because we only have one template in our database.

$coding = mysql_query(“SELECT * FROM template”) or die(mysql_error());

$template = mysql_fetch_array( $coding );

//This retrieves the content and puts into an array. Notice we are calling ID 1, this would change if we wanted to call a page stored on a different row

$text = mysql_query(“SELECT * FROM content WHERE content_id =1″) or die(mysql_error());

$content = mysql_fetch_array( $text );

//Actually puts the code and content on the page

Print $template['Head_Open'];

Print $content['title'];

Print $template['Head_Close'];

//When pulling PHP code we need to use EVAL

Eval ($template['Date']);

Print $content['body'];

Print $template['Page_End'];

?>

EVAL : Eval () is used to evaluate the input string as PHP. It is like using the Echo () function in the sense that it outputs everything, except instead of outputting it as text, it outputs it as PHP code to be executed. One use of this is to store code in a database to execute later

This method is a very effective way of creating a template based site, or executing different PHP on the fly simply by calling different rows from MySQL.

Quatre Bornes Town Portal Share

• 

We are going to create a simple login system using PHP code on our pages, and a MySQL database to store our users information. We will track the users who are logged in with COOKIES.

Before we can create a login script, we first need to create a database to store users. For the purpose of this tutorial we will simply need the fields “username” and “password”, however you can create as many fields as you wish.

CREATE TABLE users (ID MEDIUMINT NOT NULL AUTO_INCREMENT PRIMARY KEY, username VARCHAR(60), password VARCHAR(60))

This will create a database called users with 3 fields: ID, username, and password.

REGISTRATION PAGE

<?php

// Connects to your Database or Simply include your existing database connection as a include file

mysql_connect(“your.hostaddress.com”, “username”, “password”) or die(mysql_error());

mysql_select_db(“Database_Name”) or die(mysql_error());

//This code runs if the form has been submitted

if (isset($_POST['submit'])) {

//This makes sure they did not leave any fields blank

if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {

die(‘You did not complete all of the required fields’);

}

// checks if the username is in use

if (!get_magic_quotes_gpc()) {

$_POST['username'] = addslashes($_POST['username']);

}

$usercheck = $_POST['username'];

$check = mysql_query(“SELECT username FROM users WHERE username = ‘$usercheck’”)

or die(mysql_error());

$check2 = mysql_num_rows($check);

//if the name exists it gives an error

if ($check2 != 0) {

die(‘Sorry, the username ‘.$_POST['username'].’ is already in use.’);

}

// this makes sure both passwords entered match

if ($_POST['pass'] != $_POST['pass2']) {

die(‘Your passwords did not match. ‘);

}

// here we encrypt the password and add slashes if needed

$_POST['pass'] = md5($_POST['pass']);

if (!get_magic_quotes_gpc()) {

$_POST['pass'] = addslashes($_POST['pass']);

$_POST['username'] = addslashes($_POST['username']);

}

// now we insert it into the database

$insert = “INSERT INTO users (username, password)

VALUES (‘”.$_POST['username'].”‘, ‘”.$_POST['pass'].”‘)”;

$add_member = mysql_query($insert);

?>

<h1>Registered</h1>

<p>Thank you, you have registered – you may now login</a>.</p>

<?php

}

else

{

?>

<form action=”<?php echo $_SERVER['PHP_SELF']; ?>” method=”post”>

<table border=”0″>

<tr><td>Username:</td><td>

<input type=”text” name=”username” maxlength=”60″>

</td></tr>

<tr><td>Password:</td><td>

<input type=”password” name=”pass” maxlength=”10″>

</td></tr>

<tr><td>Confirm Password:</td><td>

<input type=”password” name=”pass2″ maxlength=”10″>

</td></tr>

<tr><th colspan=2><input type=”submit” name=”submit” value=”Register”></th></tr> </table>

</form>

<?php

}

?>

Basically what this does is check to see if the form has been submitted. If it has been submitted it checks to make sure that the data is all OK (passwords match, username isn’t in use) as documented in the code. If everything is OK it adds the user to the database, if not it returns the error.

If the form has not been submitted, they are shown the registration form, which collects the username and password.

<?php

// Connects to your Database

mysql_connect(“your.hostaddress.com”, “username”, “password”) or die(mysql_error());

mysql_select_db(“Database_Name”) or die(mysql_error());

//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page

{

$username = $_COOKIE['ID_my_site'];

$pass = $_COOKIE['Key_my_site'];

$check = mysql_query(“SELECT * FROM users WHERE username = ‘$username’”)or die(mysql_error());

while($info = mysql_fetch_array( $check ))

{

if ($pass != $info['password'])

{

}

else

{

header(“Location: members.php”);

//here its redirecting you to the members.php page

}

}

}

//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {

die(‘You did not fill in a required field.’);

}

// checks it against the database

if (!get_magic_quotes_gpc()) {

$_POST['email'] = addslashes($_POST['email']);

}

$check = mysql_query(“SELECT * FROM users WHERE username = ‘”.$_POST['username'].”‘”)or die(mysql_error());

//Gives error if user dosen’t exist

$check2 = mysql_num_rows($check);

if ($check2 == 0) {

die(‘That user does not exist in our database. <a href=add.php>Click Here to Register</a>’);

}

while($info = mysql_fetch_array( $check ))

{

$_POST['pass'] = stripslashes($_POST['pass']);

$info['password'] = stripslashes($info['password']);

$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {

die(‘Incorrect password, please try again.’);

}

else

{

// if login is ok then we add a cookie

$_POST['username'] = stripslashes($_POST['username']);

$hour = time() + 3600;

setcookie(ID_my_site, $_POST['username'], $hour);

setcookie(Key_my_site, $_POST['pass'], $hour);

//then redirect them to the members area

header(“Location: members.php”);

}

}

}

else

{

// if they are not logged in

?>

<form action=”<?php echo $_SERVER['PHP_SELF']?>” method=”post”>

<table border=”0″>

<tr><td colspan=2><h1>Login</h1></td></tr>

<tr><td>Username:</td><td>

<input type=”text” name=”username” maxlength=”40″>

</td></tr>

<tr><td>Password:</td><td>

<input type=”password” name=”pass” maxlength=”50″>

</td></tr>

<tr><td colspan=”2″ align=”right”>

<input type=”submit” name=”submit” value=”Login”>

</td></tr>

</table>

</form>

<?php

}

?>

This script first checks to see if the login information is contained in a cookie on the users computer. If it is, it tries to log them in. If this is successful they are redirected to the members area.

If there is no cookie, it allows them to login. If the form has been submitted, it checks it against the database and if it was successful sets a cookie and takes them to the members area. If it has not been submitted, it shows them the login form.

<?php

// Connects to your Database

mysql_connect(“your.hostaddress.com”, “username”, “password”) or die(mysql_error());

mysql_select_db(“Database_Name”) or die(mysql_error());

//checks cookies to make sure they are logged in

if(isset($_COOKIE['ID_my_site']))

{

$username = $_COOKIE['ID_my_site'];

$pass = $_COOKIE['Key_my_site'];

$check = mysql_query(“SELECT * FROM users WHERE username = ‘$username’”)or die(mysql_error());

while($info = mysql_fetch_array( $check ))

{

//if the cookie has the wrong password, they are taken to the login page

if ($pass != $info['password'])

{ header(“Location: login.php”);

}

//otherwise they are shown the admin area

else

{

echo “Admin Area<p>”;

echo “Your Content<p>”;

echo “<a href=logout.php>Logout</a>”;

}

}

}

else

//if the cookie does not exist, they are taken to the login screen

{

header(“Location: login.php”);

}

?>

This code checks cookies to make sure the user is logged in, the same way the login page did. If they are logged in, they are shown the members area. If they are not logged in they are redirected to the login page.

<?php

$past = time() – 100;

//this makes the time in the past to destroy the cookie

setcookie(ID_my_site, gone, $past);

setcookie(Key_my_site, gone, $past);

header(“Location: login.php”);

?>

All our logout page does is destroy the cookie, and then direct them back to the login page. We destroy the cookie by setting the expiration to some time in the past.

Quatre Bornes Town Portal Share

• 

All we want to tell them is just concentrate on what you would want to learn better and what you want to achieve, never try to copy the codes of other sites, or templates of other sites and make it your own, coz you are sure that your site is the one which is going to be attacked first! What are we talking about the attack! well yeah they are many ways people would attack your website just for fun, resolution or revolution or revenge. So don’t be a big fool to do the stupid things and make it a worst nightmare.

List of things we tell to most of them who pretend to know web knowledge is just a simple w3c standard webpage in notepad then we would talk. Be careful if you are using any of the templating system prebuilt like FrontPage, Dreamweaver, Webdev, Web Monkey or what so ever, use them as a structuring but not copy and paste the self driven code, coz they have so many loop holes.  Once your website has been hit by the first time, that literally means some bot is listening to your website (domain) and we guarantee you that they will come back again with different solution to hit you back and welcome to the game.

So lets talk about some of the main causes which would put your website down (Let it be Joomla, WordPress, Drupal, PHPwebsite, Pmachine or what so ever) one small hole leads to the disaster.

List of things to be done in drupal site once you install.

1. Set up the CRON JOBs where necessary and do it right – There is no second option for it, else your site is got to be doomed within few hours.

2. Message MSOffice/cltreq.asp – Severity warning

Message _vti_bin/owssvr.dll – Severity warning

3. Check your template with compatibility to the browser events

4. Check every script thoroughly

5. Don’t alias the links if its not necessary

6. Make the Ratios of script without much of Javascript

7. Upload the site in ASCII Mode

8. Don’t work on templates prebuilt or from any softwares locally – they leave way too many loop holes

9. Less of Image links or irregular aliasing for menu options

10.  Looping to be active from Cron and CGI Bin

11. drupal use index.php, instead of index.html, this is configured in the web server. say, inside the httpd.conf file if u are using apache httpd as your web server.  – A wrongly written .htaccess file or misconfiguration can lead to spoofing of your whole site and within minutes.

12. No using of Iframes of scripts which write index frames in the site

13. No copy paste from word to the online editior

14. It is possible that someone used SQL Injection to add JavaScript into the footer, the mission, a node body, etc.  Many Anti Virus programs will identify that as a malicious script in “index.php” if you do not have clean urls and use URLs like “index.php?q=”   SQL Injection in general is not particularly common in Drupal.

15. As you can see, XSS is the most common issue – almost covering 50%. Access Bypass, CSRF, SQL Injection, and Code Execution are the next most common making up a about a quarter of the weaknesses.

It’s important to note that these are only vulnerabilities for which there has been a Security Announcement. Many more exist only on an individual site with improper configuration or a custom module or theme and can never be included in an analysis like this.

Quatre Bornes Town Portal Share

•