UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
November
Su M Tu W Th F Sa
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#19390 - 10/09/05 10:29 AM to code or not to code. that is my question!
Testing Offline
UGN Member

Registered: 09/21/05
Posts: 102
Loc: Sacramento, CA
// Ok, So those that have followed and helped me so far understand im learning PHP via books and links. Here is my question.

I have been so far learning the fundamentals of php, IE. Arrays, variables, how to manipulate arrays, foreach else elseif etc....

I have yet to deal with sessions or cookies. I am wondering whether or not I should begin coding my own projects yet.

I have just basically gotten the basics down and havent finished my book. Each time I read a new chapter I get new awesome ideas. the examples in the book are lame but show the point there making nicely. So thats kinda the problem. im a bit tired of writing such boring stuff.

Think I should begin writing my own projects or continue learning the fundamentals as I have been so far? Keep in mind I haven't touched the topic of mysql.

Im thinking of just doing what I have been doing and getting through the entire book. This way I will be familiar with mysql and then my projects can really take off. However if I never start the damn things then all I learn is book work examples and I don't really get to apply the stuff I learn in my own stuff till later.

part of the problem is I only have time to either Learn via the book or work on a project and use the book as reference. Im leaning toward keeping on the path Im on.

I dunno, this questions comes after 2 darvaset and a beer so give me a bit of slack if im rambling without making sense!

Whatcha think?


?>


PS, just realized posted this in wrong forum.. Should prob be in offtopic. sorry.
_________________________
Flipping houses in Sacramento market has been fantastic. Curious about what it takes to flip houses? Follow me at http://sacramentoflips.com.

Top
Sponsored Links
      
#19391 - 10/10/05 01:09 AM Re: to code or not to code. that is my question!
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
I have experience with cookies. I haven't really delved into sessions yet, but I'll give you what I know about cookies.

First off, you will need to farmiliarize yourself with setcookie() .

For example, if I were to set a cookie to a user that authenticated to a script I wrote, i'd do this:

Code:
if(isset($user_variable) && isset($password_variable)) {
if(is_authenticated()) {
$cookie_data = $user_variable . "-" . md5(md5("$password_variable") . "$salt");
$server_path = $_SERVER['PATH_TRANSLATED'];
$server_name = $_SERVER['SERVER_NAME'];
setcookie("cookie_name", "$cookie_data", , "", "$document_root", "$name", FALSE);
} else {
not_authenticated()
}
To read from a cookie, let's say named cookie_name, I would do this:
Code:
$cookie = $_COOKIE['cookie_name'];
You can then deal with $cookie as the data for the cookie cookie_name

For example, if I were to want to verify that the password hash sent by a user's browser was valid, like I had done above, I would do this:
Code:
$cookie_exploded = explode("-", "$cookie");
$password_hash = $cookie_exploded[1];

if(md5(md5("$user_password") . "$salt")) {
is_authenticated();
} elese {
not_authenticated();
}
I know this is somewhat confusing seeing as how I made up functions, so I'll put it into context with a full fledged script:
Code:
<?php

$allowed_users =
array(
"Ghost" => hash("testing123")
);

$user = $_POST['user'];
$password = $_POST['password'];
$cookie = $_COOKIE['cookie_name'];
$server = $_SERVER['SERVER_NAME'];
$self = $_SERVER['PHP_SELF'];
$salt = "98u234ja";

$cookieexploded = explode("-", $cookie);
$user_cookie = $cookieexploded[0];
$password_cookie = $cookieexploded[1];

function hash($hash_password)
{

$hash = md5(md5("$hash_password") . "$salt");
return $hash;

}

function authenticated_function()
{

global $cookie;
global $user_cookie;
global $password_cookie;
$cookieexploded = explode("-", $cookie);
echo "You successfully authenticated!" . "
";
echo "User: " . $user_cookie . "
";
echo "Password Hash: " . $password_cookie . "
";
echo "Cookie Value: " . $cookie . "<br /";

}

function authenticated($cookie_user, $cookie_hash)
{

global $server;
$cookie_data = "$cookie_user" . "-" . "$cookie_hash";
setcookie("cookie_name", "$cookie_data",time() * 60 * 24 * 365, "/", "$server", FALSE);
header("Location: $self");

}

function not_authenticated()
{

echo "Not authenticated, foo.";

}

$allowed_user = $allowed_users[$user_cookie];
if(isset($allowed_user) && $allowed_user == $password_cookie) {

authenticated_function();

} elseif($allowed_users[$user_cookie] != $password_cookie) {

echo "You failed to authenticate with cookies" . "
";

} elseif(isset($user)) {

if($allowed_users[$user] == hash($password)) {

authenticated($user, hash($password));

} else {

not_authenticated();

}

} else {

?>
<html>
<head>
  <title>User Authentication Test</title>
</head>
<body>
  <form action="<?php echo $self; ?>" method="post">
   User:<input name="user" type="text" size="25">

   Password: <input name="password" type="password" size="25">

   <input type="submit">
  </form>
</body>
</html>
<?php

}
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#19392 - 10/10/05 02:04 AM Re: to code or not to code. that is my question!
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7193
Loc: Portland, OR; USA
I think you should code as much as you can, experiance is experiance, and the more youhave the better ...
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top
#19393 - 10/10/05 04:52 AM Re: to code or not to code. that is my question!
pergesu Offline
UGN Elite Poster

Registered: 03/14/02
Posts: 1136
Loc: Pimpin the Colorizzle
Dude projects are how you learn. I go, "Man I should do ____" and have absolutely no clue how to do it, so I just dive right in, and learn the pieces I need to to make it work. Then the project fails miserably because I didn't plan it very well, but all of a sudden I know a lot more about how I should actually architect a project in addition to all the plumbing I need to make it happen. That's fun shit.

Top
#19394 - 10/10/05 03:58 PM Re: to code or not to code. that is my question!
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
:nods:

First several projects are sooo frustrating. You fail like the titanic. Then you suceed. Now you are on top of the world. The feeling of finishing a well coded project.... I have had coke that doesn't compare to the high of geekphoria. Delusions of grandure and all that shit.

Strike out, code, code lots. Decide to make something easy and make it. I sugested the search engine before, but, maybe a news system, link management system. Anything, just code something and you will learn a lot. Make yourself add features to it. Do not shy away from something because you do not know how to do it. Decide, that is what you want to do, look up how to do it or someone who did something like it.
_________________________
My New site OpenEyes

Top

Moderator:  §intå×, Gremelin 
Featured Member
Registered: 03/02/02
Posts: 136
Forum Stats
2150 Members
46 Forums
35741 Topics
70911 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 28902
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
HushHush, golqm, Tim050, Gecko666, defghi795767
2150 Registered Users
Who's Online
0 registered (), 382 Guests and 332 Spiders online.
Key: Admin, Global Mod, Mod
Latest News
luxury goods sales at $405B by 2019
by golqm
10/28/14 05:19 AM


Donate
  Get Firefox!
Get FireFox!