Presentation is loading. Please wait.

Presentation is loading. Please wait.

V 1.0 OE NIK 2013 PHP+SQL 6. Forum 1. V 1.0 Hashing – this semester Storing passwords in cleartext form is FORBIDDEN Textual user database is enough user|hash.

Similar presentations


Presentation on theme: "V 1.0 OE NIK 2013 PHP+SQL 6. Forum 1. V 1.0 Hashing – this semester Storing passwords in cleartext form is FORBIDDEN Textual user database is enough user|hash."— Presentation transcript:

1 V 1.0 OE NIK 2013 PHP+SQL 6. Forum 1

2 V 1.0 Hashing – this semester Storing passwords in cleartext form is FORBIDDEN Textual user database is enough user|hash pairs, it is enough to use the basic sha1() e.g. or simply echo sha1("almafa") After this, read the file using file($path, FILE_IGNORE_NEW_LINES) then explode("|", $row) OE NIK

3 V 1.0 SESSION variables Data storage on the server: key, value Initializing a session: session_start() Session identification: SID (Session ID), the browser sends it with every HTTP Request ($_COOKIE or $_GET) Accessing values: The browser sends the SID, the session_start() loads the data associated with the given SID into the $_SESSION array The client only stores the SID, the associated data are on the server  more secure Session hijacking? OE NIK

4 V 1.0 MyForum Not logged in users can't access anything Topic titles are one-liners, we store them in the topics.txt file Messages are one-liners, we store them in the msgs_{$topicnumber}.txt file (format: user|time|message ) PHP scripts: index.php, pwgen.php 4 OE NIK 2013

5 V 1.0 INDEX.PHP – ACTION PLAN (login required for all actions) TOPICLIST List topics  read topics.txt, transform every lines into a link towards index.php?action=MSGLIST&topicid={$id} TOPICFORM Display form to add new topic  form must contain 1 text input field + 1 submit button TOPICADD Actually add the topic  Add entry from $_POST to the topics.txt file, then redirect MSGLIST List messages from the msgs_{$topicid}.txt file. Extra parameter: $_GET['topicid'] MSGFORM Display form to add new message  form must contain 1 textarea field + 1 submit button. Extra parameter: $_GET['topicid'] MSGADD Actually add the message to the msgs_{$topicid}.txt file. Extra parameter: $_GET['topicid'] 5 OE NIK 2013

6 V 1.0 HOMEWORK FOR EXTRA POINTS (deadline: 31st of March, midnight) TOPICDEL Delete topic (ATTENTION! What if I have topicA + topicB + topicC in topics.txt, so msgs_0.txt, msgs_1.txt and msgs_2.txt files are present. If I delete topicB from the topics.txt file, then topicC will change from msgs_2.txt to msgs_1.txt … Solution: introduce order- independent topic ID, or rename files) REGISTERRegistration (form + actual registration) PWMODPassword change (form + actual modification) MSGADD / MSGLIST / MSGFORM Somehow change these actions to allow multi-line messages (hint: use escape characters or some kind of string replacement – usage of database is not allowed!) 6 OE NIK 2013

7 V 1.0 OE NIK

8 8


Download ppt "V 1.0 OE NIK 2013 PHP+SQL 6. Forum 1. V 1.0 Hashing – this semester Storing passwords in cleartext form is FORBIDDEN Textual user database is enough user|hash."

Similar presentations


Ads by Google