Jump to content
Killersites Forums

wjohn

Member
  • Posts

    22
  • Joined

  • Last visited

Everything posted by wjohn

  1. wjohn

    htaccess, mod_rewrite

    Hi, I have no problem to wait, I have loads of other stuff to do!
  2. wjohn

    htaccess, mod_rewrite

    Hmm, I guess it need more edit.. Now: http://localhost/test/index.php/hej What I think is decent would be to get rid of index.php and when it's the default controller let's say index.php i don't think index would be needed, don't you agree? I mean http://localhost/test/hej = http://localhost/test/index/hej
  3. wjohn

    htaccess, mod_rewrite

    This seem nice I've tried this, but it doesn't really work RewriteEngine On RewriteRule ^$2$ $1?action=$2 [NC,L] What I',m trying to achive is that i dynamically get it to look like http://localhost/hello http://localhost/wtf is http://localhost/index.php?action=hello http://localhost/index.php?action=wtf The $1 is that I simply want to have more controllers and if it doesnt exists it will just show index.php. But I guess I did something wrong. http://localhost/baby is http://localhost/admin.php?action=baby To avoid problems RewriteEngine On RewriteRule ^$1/$2$ $1?action=$2 [NC,L] Could be solid - but it doesnt work!!
  4. Hello I'm looking to change my urls and generally I just want to have a going on how to do it. First url http://localhost/index.php?action=login I would like that to simply be http://localhost/login But is it then possible to make like http://localhost/admin/adduser And the real link would be http://localhost/admin.php?action=adduser And finally http://localhost/map/x/y would be http://localhost/map.php?x=&y= I'm not asking code for all urls, just a snippet for one of them, and hopefully a link to a good resource. But if someone feel like saving me some time, it's appreciated! (I do not ask for it tho)
  5. Kraxzy can you give an example of how to secure basedirs and basepaths?
  6. wjohn

    A login method

    The only thing, I consider right now is to use htmlentities() on the outputs at the ban data, as if some "admin" would freak out and try to XSS inject.
  7. wjohn

    A login method

    function login(&$msg) { //Database injection fix $_POST = $this->db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password']); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "'"; $result = mysql_query($query); if(mysql_num_rows($result) == 0) { $msg = 'Fel användarnamn eller lösenord!'; return false; } $user_data = mysql_fetch_assoc( $result ); if ($this->IsUserBanned($user_data["id"])) { $query = "SELECT * FROM bans WHERE uid = '" . $user_data['id'] . "'"; $result = mysql_query($query); $ban_data = mysql_fetch_assoc( $result ); $msg = '<strong>AVSTÄNGD</strong><br /> ANLEDNING: ' . $ban_data["reason"] . '<br /> BEVIS: ' . $ban_data["evidence"] . '<br /> TID: ' . $ban_data["time"] . '<br /> AV: ' . $ban_data["administrator"]; return false; } return true; } I came up with this, anything I can improve, security such. This is the db_escape function: function db_escape ($post) { if (is_string($post)) { if (get_magic_quotes_gpc()) { $post = stripslashes($post); } return mysql_real_escape_string($post); } foreach ($post as $key => $val) { $post[$key] = $this->db_escape($val); } return $post; }
  8. Would you like it to stand like 2007-2011? And next year 2007-2012? <?php echo "2007-" . date("Y"); ?> Would display like above.
  9. wjohn

    A login method

    I don't really use MVC model, but I guess I could put away the CONSTRUCTOR and put it in just a plain login file, and then call if the data is valid. <?php if (isset($_POST['submit'])) { //validate data then call login() } ?>
  10. wjohn

    A login method

    What would you recommend? Is my method of login class even good? I want to optimise as much as I can, and by the way thanks a lot for the help! It's very appreciated.
  11. wjohn

    A login method

    Well, What about there was 2 options, you can get logged in, but what if you're banned, that is a second check, before Im going to set the sessions. As I clearly want to state if they login was fail because of username and password or banned.
  12. wjohn

    A login method

    Hi I'm working on a login method to my class and so far it look like this function login() { //Database injection fix $_POST = db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password'] . $this->salt); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "')"; $result = mysql_query( $query ); $user_data = mysql_fetch_assoc( $result ); if( mysql_num_rows( $result ) == 1 ) { } The login method is triggered from my constructor function Auth() { if (isset($_POST['username']) && isset($_POST['password'])) { $this->login(); } else if (isset($_GET['logout'])) { $this->logout(); } } Now I wonder how I should return the data, Let's say Im on the login.php and the users doesn't exists or is banned, Something like this: function login() { //Database injection fix $_POST = db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password'] . $this->salt); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "')"; $result = mysql_query( $query ); $user_data = mysql_fetch_assoc( $result ); if( mysql_num_rows( $result ) == 0 ) { //Oh noes the user doesn't exists I want to print this out to the user, What should I return ? and how I print it out? } Thanks in advance.
  13. Hi I refer to my old topic http://www.killersites.com/community/index.php?/topic/4265-mysql-database-design/page__p__21707__fromsearch__1#entry21707 which was about my mysql database design. Now, I wonder how I am going to trigger an EVENT for a certain time, For example, let's say I want to add a new building, it's going to take about 20 minutes until it's "builded". If i want to upgrade it to "level 2" it will take a certain time, before it's updated, For example another 20 minutes. And when you upgrade, let's say you lose som resources like 200, 300, and so on. How do I trigger actions after a few time?
  14. wjohn

    Session "security"

    Thanks for the rather informative post :] I will look more at google.
  15. wjohn

    Session "security"

    I've been hearing about stealing seasions and stuff like that, How do I prevent session and make it safe?
  16. wjohn

    MySQL Database Design

    Lastly, Just so I get hang of it, If I would to set a certain level of buildings, ex you can upgrade it, would I put the column "Level" in buildings then? And finally, If I would to put restrictions, you need Building A to build Building B, `should I just do that with plain PHP?
  17. wjohn

    MySQL Database Design

    Could you show in an example the Building Statuses table?
  18. users id username VARCHAR 16 password VARCHAR 40 userlevel (standard 0 = not verified e-mail) TINYINT 1 email VARCHAR ?? world id uid = User ID x Coordinat y Coordinat This is my simple mysql database design I'm on so far and we can summarize this simply that you can log in with username, password and can then create a "Base" that coordinates will be saved in the "world" table. The thing is that the base should be able to save buildings that have a certain level. How is the best way to make this? I would assume it's to make a new table and then call it like "buildings" And have some columns like these: id uid name description level Now let's say that I would like to see that you don't cross 16 buildings per base, but you should be able to add more bases in future, so I guess I need to add the x, and y coordinat to KNOW what base you are upgrading, right? "BUILDS TABLE" id uid level x y slot (WHAT SLOT IT IS, WHEN IM DRAWING THE BASE IN PHP) "BUILDINGS TABLE" id name description Now I would like to add features on the buildings, let's say you can store resources in a building, that you get every hour (Cron job) How would I add that in to my database design?
  19. I am not very experienced in JavaScript so bare with me If I'm out completely wrong, but as you put the next record in myArray that you later pass into the test variable before you do that check with a if-statement if the current myArray value contain in the test variable. if (check if (not)the current myArray value contain in the test variable) { test += myArray + "<br />"; }
  20. May I ask what the result is so far?
  21. Well looking at your other divs, you seem to have forgot to add "px" after width and height #content-wrapper { float: none; width: 868px; height: 680px; margin-left: auto; margin-right: auto; background-color: #C96; background-repeat: no-repeat; }
×
×
  • Create New...