php mysql help
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
php mysql help
Hi all,
I have been playing around with php webservice for livecode, but need some help/explation as i am stuck.
I want t try the login but i guess its something wrong with my code.
php code*****
// make connection to database
mysql_connect($hostName, $userName, $password) or die("Unable to connect to host $hostName");
mysql_select_db($dbName) or die( "Unable to select database $dbName");
// echo "Connected to MySQL";
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
//header("location:login_success.php");
echo "Connection sucess";
}
else {
echo "Wrong Username or Password";
}
?>
livecode***
on mouseUp
put field "uname" into tNam
put field "pword" into tWord
--put tWord && tNam into field "lf"
put tNam into myusername
put tWord into mypassword
put myusername && mypassword into myparameter
put "myparameter="&urlencode(myParameter) into leMessage
post leMessage to url "http://jaasnetworks.se/dbconnect.php"
put it into myResults
answer myResults
end mouseUp
please am i coding wrongly?
Your kind help will be appreciated
Happy coding to all
/Malin
I have been playing around with php webservice for livecode, but need some help/explation as i am stuck.
I want t try the login but i guess its something wrong with my code.
php code*****
// make connection to database
mysql_connect($hostName, $userName, $password) or die("Unable to connect to host $hostName");
mysql_select_db($dbName) or die( "Unable to select database $dbName");
// echo "Connected to MySQL";
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
//header("location:login_success.php");
echo "Connection sucess";
}
else {
echo "Wrong Username or Password";
}
?>
livecode***
on mouseUp
put field "uname" into tNam
put field "pword" into tWord
--put tWord && tNam into field "lf"
put tNam into myusername
put tWord into mypassword
put myusername && mypassword into myparameter
put "myparameter="&urlencode(myParameter) into leMessage
post leMessage to url "http://jaasnetworks.se/dbconnect.php"
put it into myResults
answer myResults
end mouseUp
please am i coding wrongly?
Your kind help will be appreciated
Happy coding to all
/Malin
Re: php mysql help
Hi,
I may be wrong, but I read in your PhP:
> mysql_connect($hostName, $userName, $password) or die("Unable to connect to host $hostName");
> mysql_select_db($dbName) or die( "Unable to select database $dbName");
and in your LC:
> put myusername && mypassword into myparameter
Possible that you need to provide $hostName and/or $dbName, too?
Additionally, you're delimiting with double-spaces. Is this correct?
I'm no PhP coder, so this is just a guess.
Good luck!
I may be wrong, but I read in your PhP:
> mysql_connect($hostName, $userName, $password) or die("Unable to connect to host $hostName");
> mysql_select_db($dbName) or die( "Unable to select database $dbName");
and in your LC:
> put myusername && mypassword into myparameter
Possible that you need to provide $hostName and/or $dbName, too?
Additionally, you're delimiting with double-spaces. Is this correct?
I'm no PhP coder, so this is just a guess.
Good luck!
All code published by me here was created with Community Editions of LC (thus is GPLv3).
If you use it in closed source projects, or for the Apple AppStore, or with XCode
you'll violate some license terms - read your relevant EULAs & Licenses!
If you use it in closed source projects, or for the Apple AppStore, or with XCode
you'll violate some license terms - read your relevant EULAs & Licenses!
Re: php mysql help
hello,
thank you for your reply, i have provided the host name and other info for connection.
i tried without the double space but still the same.
can you kindly give an example of your you would have script on livecode (for my educational purpose)
thanks
thank you for your reply, i have provided the host name and other info for connection.
i tried without the double space but still the same.
can you kindly give an example of your you would have script on livecode (for my educational purpose)
thanks
Re: php mysql help
Hi,
I had another look in your code and tried to rewrite it, maybe this helps:
Ah, here I see a mistake!
Shouldn't this be: "myparameter%3DsNam++sWord"?
I guess the whole leMessage should be URLEncoded for a post, right?
So let's try again:
That's what I guess would be correct. But I'm no PhP coder, can only judge the LC part :/
And I rarely use "post", when I have to talk to PhP I usually use sockets.
Another thing:
It's widely regarded as not clever to store passwords on a server, and to send them over the internet, as long as they are in plain text.
You'll want to store/ send the passwords in a more secure form. Example:
If your PhP works alike, you're rather safe - all that is stored and transmitted is a username and a salted hash.
For sure there's something still lacking - the SHA1 hash generation:
In PhP it should look like this:
$hash = sha1($myusername . $mypassword);
I don't know if this helps, at least you should have some food for thought now
Have a good time!
PS: The code above is not tested, it may contain typos!
malin wrote:[...]
i tried without the double space but still the same.
I had another look in your code and tried to rewrite it, maybe this helps:
Code: Select all
on mouseUp
put field "uname" into tNam -- this be the string "sNam"
put field "pword" into tWord -- this be the string "sWord"
-- no need to juggles the variables from one to the other
put "myparameter="&urlencode(tNam && tWord) into leMessage
-- leMessage: "myparameter=sNam++sWord"
Shouldn't this be: "myparameter%3DsNam++sWord"?
I guess the whole leMessage should be URLEncoded for a post, right?
So let's try again:
Code: Select all
on mouseUp
put field "uname" into tNam -- this be the string "sNam"
put field "pword" into tWord -- this be the string "sWord"
put urlencode("myparameter="& tNam && tWord) into leMessage
-- leMessage: "myparameter%3DsNam++sWord"
post leMessage to url "http://jaasnetworks.se/dbconnect.php"
-- should work now. But we need to check for errors:
put it && "/" && the result into myResults
-- the result contains possible error messages!
answer myResults
end mouseUp
And I rarely use "post", when I have to talk to PhP I usually use sockets.
Another thing:
It's widely regarded as not clever to store passwords on a server, and to send them over the internet, as long as they are in plain text.
You'll want to store/ send the passwords in a more secure form. Example:
Code: Select all
-- we replace this:
-- put urlencode("myparameter="& tNam && tWord) into leMessage
-- with those 2 lines:
put SHAencode(tNam & tWord) into tHash
-- tHash: "296011f0c6048f6df1a04e6f576a83b95e8d2e1d"
-- tNam is used as a "salt" here, to make it more difficult to break the password
-- Let's go on:
put urlencode("myparameter="& tNam && tHash) into leMessage
-- leMessage is now:
--"myparameter%3DsNam++296011f0c6048f6df1a04e6f576a83b95e8d2e1d"
For sure there's something still lacking - the SHA1 hash generation:
Code: Select all
------- SHA1 Hash function---------------
function SHAencode tString
get sha1digest(tString)
put empty into tVar
get binarydecode("H*",it,tVar) -- so that it becomes readable ...
return tVar
end SHAencode
$hash = sha1($myusername . $mypassword);
I don't know if this helps, at least you should have some food for thought now
Have a good time!
PS: The code above is not tested, it may contain typos!
All code published by me here was created with Community Editions of LC (thus is GPLv3).
If you use it in closed source projects, or for the Apple AppStore, or with XCode
you'll violate some license terms - read your relevant EULAs & Licenses!
If you use it in closed source projects, or for the Apple AppStore, or with XCode
you'll violate some license terms - read your relevant EULAs & Licenses!
Re: php mysql help
Thanks Axwald,
Been fighting with it since. But would reply this tread if I have any luck.
Thanks for helping out
Been fighting with it since. But would reply this tread if I have any luck.
Thanks for helping out
Re: php mysql help
hi,
got it figured out.. it was quite straight forward though.
here is the code that worked
on mouseUp
put urlEncode(fld "uname") into tName
put urlencode(fld "pword") into tWord
put ("myusername=" & tName & "&mypassword=" & tWord) into leMessage
post leMessage to URL "http://jaasnetworks.se/checklogin.php"
put it into tFormResults
answer tFormResults
end mouseUp
thank you Axwald
got it figured out.. it was quite straight forward though.
here is the code that worked
on mouseUp
put urlEncode(fld "uname") into tName
put urlencode(fld "pword") into tWord
put ("myusername=" & tName & "&mypassword=" & tWord) into leMessage
post leMessage to URL "http://jaasnetworks.se/checklogin.php"
put it into tFormResults
answer tFormResults
end mouseUp
thank you Axwald