|
|
|
|
Thread title: PHP question - security |
|
|
Page 3 of 5 |
< |
1 |
2 |
3 |
4 |
5 |
> |
|
|
|
Thread tools
Search this thread
Display Modes
|
|
02-06-2007, 06:49 PM
|
#21
|
Status: Designer
Join date: Aug 2006
Location: Manchester
Expertise:
Software:
Posts: 1,132
|
exactly a hit counter idea =]
|
|
02-06-2007, 08:45 PM
|
#22
|
Status: Designer
Join date: Aug 2006
Location: Manchester
Expertise:
Software:
Posts: 1,132
|
is there a way of doing this with javascript?
Alex
|
|
02-07-2007, 10:02 AM
|
#23
|
Status: Member
Join date: Aug 2005
Location: Melbourne, Australia
Expertise:
Software:
Posts: 419
|
I think your best bet is to make an XML feed.
Is the SQL query going to change much or is it just 3 or 4 set queries that you want to run?
|
|
02-07-2007, 05:16 PM
|
#24
|
Status: Designer
Join date: Aug 2006
Location: Manchester
Expertise:
Software:
Posts: 1,132
|
just 3 or 4 set queries to be run, of which will be to their accoutn user ID.
Alex
|
|
02-08-2007, 03:18 AM
|
#25
|
Status: Member
Join date: Aug 2005
Location: Melbourne, Australia
Expertise:
Software:
Posts: 419
|
Well then you can make a nice little RSS feed.
Let the user type in something like;
Code:
yourdomain.com/feed.php?userId=c6eeeca29fe4c5f8182faf7035d130d6&query=1
Then make it spit out all the results, and when the query number changes then its will use a different mySQL query.
|
|
02-08-2007, 07:17 AM
|
#26
|
Status: Designer
Join date: Aug 2006
Location: Manchester
Expertise:
Software:
Posts: 1,132
|
I will try and lay this down as simple as I can, then I will put down the ways I am thinking of doing it. Please note I am looking for an efficient way to do it aswel as an easy one. The main objective is not getting my MySQL password.
The idea is:
- A user of my site takes a script from my site to put on theirs.
- The script will add 1 to the pageview count inside a MySQL table.
My plans:
PHP
There is a PHP file that uses $_POST['uid'] (THE USER ID) to a seperate script on my server. The script on my server will then GET the uid and add +! to the pageview count column in MySQL.
Again, If someone can explain how I can make a PHP script post to another one please tell me. Is this possible without making the user changing pages?
API system
I am not too keen on an API system, but if it works well and is relatively easy to set up an maintain, could someone please point me i the right direction?
Thankyou for your help so far.
Alex
|
|
02-08-2007, 01:34 PM
|
#27
|
Status: Community Archaeologist
Join date: Jul 2004
Location: Scotland
Expertise: Software Development
Software: vim, PHP
Posts: 3,820
|
It could simply be a matter of adding a single line of code, or a little more complex depending on how you want to do this.
PHP Code:
// Simple version -- fetch remote file
// Requires allow_url_open config setting to be On
file_get_contents('http://www.remoteserver.com/hit.php?uid=1234567890');
|
|
02-08-2007, 05:18 PM
|
#28
|
Status: Designer
Join date: Aug 2006
Location: Manchester
Expertise:
Software:
Posts: 1,132
|
Originally Posted by Salathe
It could simply be a matter of adding a single line of code, or a little more complex depending on how you want to do this.
PHP Code:
// Simple version -- fetch remote file
// Requires allow_url_open config setting to be On
file_get_contents('http://www.remoteserver.com/hit.php?uid=1234567890');
|
Is my idea possible?
So can I:
> Have a user script such as:
PHP Code:
<?php
$uid="456";
$_POST['$uid'];
?>
and
PHP Code:
<?php
include(mysql_connect.php);
$uid=$_GET['uid'];
$query="FROM `blah` where uid="$uid" INSERT "+1"";
mysql_query($query);
?>
??
Alex
|
|
02-08-2007, 07:41 PM
|
#29
|
Status: Sin Binner
Join date: Dec 2006
Location: Huddersfield, UK
Expertise:
Software:
Posts: 384
|
Now here is an idea:
Why not do this:
PHP Code:
$verify = <SHA1 ENCODED PASS>;
include("http://remote.com/dbinfo.php");
Then in your remote connection info
PHP Code:
class dbConnection{
var $dbprefix;
var $dbname;
private $dbpass;
private $dbuser;
private $dbhost;
function connectionInfo(){
$dbpass = "xx";
$dbuser = "xx";
$dbhost = "xx.xx.xx.xx";
$dbprefix = "prefix_";
}
function connect(){
$this->connectionInfo();
if($verify != sha1("password")){
die("Verification Error");
} else {
$conn = mysql_pconnect(CONNECT);
mysql_select_db(SELECT DB, $conn);
}
}
}
$connection = new dbConnection();
$connection->connect();
Then just use $connection->dbprefix; for your db prefix.
Just an idea, should technically work, while keeping your private vars private, also, you would need to be running PHP ver 5.
|
|
02-09-2007, 12:12 AM
|
#30
|
Status: Member
Join date: Aug 2005
Location: Melbourne, Australia
Expertise:
Software:
Posts: 419
|
This is all so complex. Are you just trying to add + 1 to a counter? And nothing needs to be returned to the user??
PHP Code:
<?php
/*
Clients Page
*/
//Curl script, run on clients page
function runpage($url) {
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_HEADER, 0);
ob_start();
curl_exec ($ch);
curl_close ($ch);
$string = ob_get_contents();
ob_end_clean();
return $string;
}
//Call this on the clients page
runpage('http://www.yourdomain.com/yoursite.php?uid='.$uid);
?>
Then on your page have the following
PHP Code:
<?php
/*
Site Address
http://www.yourdomain.com/yoursite.php
*/
include(mysql_connect.php);
$uid=$_GET['uid'];
$query="FROM `blah` where uid="$uid" INSERT "+1"";
mysql_query($query);
?>
And your done.
The curl script will call your page, and pass it the relevant uid. Then your page can do its work and your password will never be shared.
|
|
|
|
|
|
|
Page 3 of 5 |
< |
1 |
2 |
3 |
4 |
5 |
> |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
|