• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Simple PHP - fill in ('localhost' , 'username , 'password' , 'database_name')

Explorer ,
Oct 02, 2015 Oct 02, 2015

Copy link to clipboard

Copied

First, thanks goes out to both Nancy O. & osgood_ in helping me figure 1.jpgout how PHP's and MySQLi work but I still have a long way to go. As of now I'm working on a simple PHP script I attainted through Nancy O. at http://stackoverflow.com/questions/24397969/simple-but-secure-user-registration-with-php-and-mysqli

So far it is working well and I made a few changes to give it the type of look I want....

    

However, one little problem arises: WHERE exactly do I insert my ('localhost' , 'username , 'password' , 'database_name') at? I tried to find a "$con = mysqli_connect" followed by but couldn't find exactly that anywhere. Well below I put a copy of the beginning of the script where I assume it will go and if anyone know where I should put that I would love to know. Thanks.

<html>
<head>
<meta charset="utf-8">
<title>Login & Registration System Page</title>
</head>


<?php
include('config.php');  // Database connection and settings

error_reporting(E_ALL);
ini_set('display_errors', 1);


if(isset($_POST['register'])){

$name = trim(mysqli_escape_string($conn,$_POST['username']));                                                                   <-here?
$first_name = trim(mysqli_escape_string($conn,$_POST['first_name']));                                                           <-here?
$last_name = trim(mysqli_escape_string($conn,$_POST['last_name']));                                                            <-here?
$display_name = trim(mysqli_escape_string($conn,$_POST['display_name']));                                                 <-here?
$email = trim(mysqli_escape_string($conn,$_POST['email']));                                                                            <-here?  
$passwords = trim(mysqli_escape_string($conn,$_POST['password']));                                                             <-here?
$password = md5($passwords);

$query_verify_email = "SELECT * FROM users WHERE email ='$email'";
$verified_email = mysqli_query($conn,$query_verify_email) or die("Error: ".mysqli_error($conn));                   <-here?
if (!$verified_email) {
echo ' System Error';
}
if (mysqli_num_rows($verified_email) == 0) {                                                                                                         <-here?
// Generate a unique code:
$hash = md5(uniqid(rand(), true));
$query_create_user = "INSERT INTO users (username, email, password, hash,first_name,last_name,display_name,pic,gender,isactive)
VALUES ( '$name', '$email', '$password', '$hash','$first_name','$last_name','$display_name','','',0)";                    <-here
$created_user = mysqli_query($conn,$query_create_user) or die("Error: ".mysqli_error($conn));                          <-here
if (!$created_user) {
echo 'Query Failed ';
}

if (mysqli_affected_rows($conn) == 1) { //If the Insert Query was successfull.

$subject = 'Activate Your Email';

$headers = "From: admin@infotuts.com \r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$url= 'verify.php?email=' . urlencode($email) . "&key=$hash";

$message ='<p>To activate your account please click on Activate buttton</p>';
$message.='<table cellspacing="0" cellpadding="0"> <tr>';
$message .= '<td align="center" width="300" height="40" bgcolor="#000091" style="-webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px;

color: #ffffff; display: block;">';

$message .= '<a href="'.$url.'" style="color: #ffffff; font-size:16px; font-weight: bold; font-family: Helvetica, Arial, sans-serif; text-decoration: none;

line-height:40px; width:100%; display:inline-block">Click to Activate</a>';
$message .= '</td> </tr> </table>';

mail($email, $subject, $message, $headers);

echo '<div class="alert alert-success">A confirmation email
has been sent to <b>'. $email.' </b> Please click on the Activate Button to Activate your account </div>';
} else { // If it did not run OK.
echo '<div class="alert alert-info">You could not be registered due to a system
error. We apologize for any
inconvenience.</div>';
die(mysqli_error($conn));
}
}
else{
echo '<div class="alert alert-danger">Email already registered</div>';}
}
?>

(the rest of the script would be below and if anyone wants to see the rest of it feel free to let me know)

Views

2.6K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 02, 2015 Oct 02, 2015

Copy link to clipboard

Copied

The first line of your php script has the following. As the comment for that line implies, config.php is most likely where you'd enter the database connection and settings.

include('config.php');  // Database connection and settings

best,

Shocker

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 02, 2015 Oct 02, 2015

Copy link to clipboard

Copied

What the_shocker said.

config.php is a separate file that connects to your MySQL database.

For security reasons, I like to put my db connection files inside an obscurely named folder that has .htaccess protection from would-be hackers with Deny from all

Nancy O.

Nancy O'Shea— Product User, Community Expert & Moderator

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Oct 13, 2015 Oct 13, 2015

Copy link to clipboard

Copied

Hi Nancy O.

I did create an "obscurely named folder" for all the information that will be collected but can you link me to exactly how to apply .htaccess protection from would-be hackers along with how to "Deny from all"? I completely understand how that will be very, very important due to the information that will be collected through  the site.

I understand it's a great way to allow just me (i.e. just my IP address) to access all the data collected but want to figure out exactly where and how it is applied to the script in order to protect it.

Thanks,

John

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 13, 2015 Oct 13, 2015

Copy link to clipboard

Copied

obscurely_named_folder

   config.php (your db connect file)

   .htaccess


Apache directives inside your .htaccess file: 

order deny,allow
deny from all

Nancy O.

Nancy O'Shea— Product User, Community Expert & Moderator

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Oct 13, 2015 Oct 13, 2015

Copy link to clipboard

Copied

Re: new php file named config.php

I made it and got Failed to connect to MySQL: Failed to connect to MySQL: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

Here's a jpeg of it: 1-1.jpg

Re:  .htaccess protection

Where exactly on my php script should I place that (i.e. the entire second message I assume) and is "your db connect file" the same folder you told me to make with a generic name which would be difficult  for hackers track?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 13, 2015 Oct 13, 2015

Copy link to clipboard

Copied

Are you trying to connect to a local testing server database from DW?

.htaccess = a separate plain text file.  It's not PHP.

Note the dot prefix.

Nancy O'Shea— Product User, Community Expert & Moderator

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Oct 13, 2015 Oct 13, 2015

Copy link to clipboard

Copied

Hi the_shocker. So I would be turning this (original first line directly below php script):

include('config.php');  // Database connection and settings

into this (my personal php lead):

$con = mysqli_connect("localhost","John","mypassword","database1");

as the second line applies the terms which relate to the folder name, password, etc. Does that look right?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 13, 2015 Oct 13, 2015

Copy link to clipboard

Copied

You never want to put your database connection string inside the log-in script.

Always put db connections into a separate php file.  It's one more layer of security.

Create a new php file with code below and name it config.php

<?php

$con = mysqli_connect("localhost","your_user","your_password","your_db");

// Check connection

if (mysqli_connect_errno())

   {

   echo "Failed to connect to MySQL: " . mysqli_connect_error();

   }

?>

Nancy O.

Nancy O'Shea— Product User, Community Expert & Moderator

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Oct 14, 2015 Oct 14, 2015

Copy link to clipboard

Copied

Hi Nancy O.

 

I'm not 100% sure what you're referring to in reference to a local testing server database but the database I've created is through my host, FatCow's MySQL (see pictures). I have no reason to do any testing and didn't know DW had that...but it's interesting lol. Below are the pics. of the database I made through FatCow:

1-2.jpg1-3.jpg

 

I'm simply trying to make php web pages for regular traffic and/or web "members" to have the option to create an  account/login/logout/hello & goodbye pages. That's why I created a database along with a separate folder with a generic name to store the data as you suggested for privacy...although nothing is on it yet because the site is not hasn't been promoted yet.

As for the .htaccess privacy....is this all I need, at the bottom and OUTSIDE of the PHP scripts: 

 

obscurely_named_folder

 

config.php (here being my db connect folder you told me to make with oblivious name)

 

.htaccess

 

Apache directives inside your .htaccess file: 

 

order deny,allow
deny from all

 

I'd be surprised because with the reading I did I thought my own IP address was needed to allow just me to have access to the data...but my "research" source could be outdated of course.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 14, 2015 Oct 14, 2015

Copy link to clipboard

Copied

I don't add my IP address to my .htaccess files.  I see no need for it.  In fact, adding an IP might make you more vulnerable to IP copycats.

Nancy O.

Nancy O'Shea— Product User, Community Expert & Moderator

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Oct 26, 2015 Oct 26, 2015

Copy link to clipboard

Copied

Hi Nancy,

Ok obviously you can see I haven't been working on the site 24-7 but I'm looking to start working on it more it lol

OK here are the login/open account pages I created with the general script "plan" you provided for me. I like them a lot and if you want to see any of the actual codes I'd be more then happy to share with you (or anybody else who's interested). In order it's:

Create account page ---->  Login & Registration System Page

Basic Sign in page ------->  Login Page

Password Wrong Page --> Login Page - Another Attept

Previous Use Page -------> Login & Registration System Page Again because of Email or Name Repeat

So now that the pages are made and look ok for me, is the next step connecting the incoming data to the MySQL account I made (pictured above in previous message) at my host? I "assume" 1.) folders will need to be opened for the MySQL account I made at my host and 2.)  some more adjustments are going to have to be made to my the PHP pages to "link" the two of them together (?). I know I could be wrong though and I may have trouble doing both so if you know where videos are showing/explaining how I'm all eyes and ears   

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Nov 04, 2015 Nov 04, 2015

Copy link to clipboard

Copied

LATEST

I added a Thank You for Registration page to open right AFTER the Login & Registration page so that once all a visitors name, email, etc. is collected/inserted they can login with it. The only thing I would need is directions on how to get all the data directly submitted to my host account (a MySQL I opened?) but I'll continue to wait for that...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines