[luau] PHP & MySQL Book Recommendations?

Fri Mar 15 01:57:22 PST 2002

----- Original Message -----
From: "Ronnie T Livingston" <rlivings at hawaii.edu>
To: "LUAU" <luau at videl.ics.hawaii.edu>
Cc: "usclug-chat" <usclug-chat at zig.usc.edu>
Sent: Wednesday, March 13, 2002 9:02 PM
Subject: Re: [luau] PHP & MySQL Book Recommendations?

> Im borrowing "PHP fast & easy web development" by primatech publishing
> from a friend .  He says that its pretty good (I havent had much time to
> look at it).  The price is fairly reasonable too, 24.99.
>

http://www.amazon.com/exec/obidos/ASIN/0672317842/102-7289086-2357715
I ended up buying "PHP and MySQL Web Development" by Luke Welling and Laura
Thomson.  This book seems to be an excellent balance of very complete
information in both PHP and MySQL stuff, while still being newbie friendly
in its presentation.  I myself am not very familiar with PHP, but I've
written out a few "assignments" for my friends in order for them to quickly
learn the PHP & MySQL combo.

I think the expectations are accurate, but I'd like corrections and
suggestions of the below:

WARREN'S LAME ATTEMPT AT PHP ASSIGNMENTS
------------

1. SIMPLE COUNTER PHP APPLICATION
* Implement a simple PHP counter that increments a displayed number upon
every page visit.  Store the number in a plain text file.

2. ADD FEATURES TO SCRIPT
* In addition to the material contained in the book, familiarize yourself
with the PHP API.
http://www.php.net/manual/en/
* Add a simple logger to your counter page that records the visitor's IP
address along with the date & time into another text file.
* Add a button to this page, when clicked it runs another PHP script that
displays the contents of that log text file.  Something like this example:
Thu Mar 14 20:59:05 HST 2002 VISIT from 192.168.244.42
Thu Mar 14 20:59:15 HST 2002 VISIT from 10.42.46.14
Thu Mar 14 20:59:45 HST 2002 VISIT from 172.164.42.46
Thu Mar 14 20:59:56 HST 2002 VISIT from 192.168.64.32
* Add another button to the counter page that resets the counter back to
zero.
* Add another button to the counter page that clears the visitor log file.

3. IMPLEMENT LOGIN AND DATA SECURITY
* Make the log view, reset counter and reset log so that it requires the
user to enter a password to do those actions.  Store this password
serverside in another plain text file, though encrypted with a one-way hash
supported by PHP (CRYPT or MD5 are two hashes of many).  User will transmit
the
password plain-text over the Internet to the web server, which will hash
that string and compare it to the encrypted string contained in the text
file.  Based upon this comparison decide if the user is allowed access or
not.
* Make verification steps for the deletion options like "Are you sure you
want to reset the counter?" and "Are you sure you want to clear the log?"
* Log unsuccessful login attempts in the same log file.  Something like
this:
Thu Mar 14 20:59:05 HST 2002 LOGIN REJECTED from 192.168.244.42
* Ban user from attempting to login if their IP address has three occurances
of LOGIN REJECTED for their IP address.
* Protect viewing of the text data files from web visitors by putting it
into a non-web viewable directory.  For example, if your web root is
/home/username/public_html, put your data files into /home/username/webdata.

4. INTRODUCTION TO PHP & MYSQL
* Implement the counter so that it looks and behaves exactly like the
counter script in assignment #1, except the data is stored in a very simple
MySQL database table.
* Database Security considerations:
** Your PHP script must not connect to MySQL as root.  Each PHP application
should have its own MySQL user, granted the minimal permissions necessary in
order to use an appropriate database.  Thus you must learn about MySQL grant
and revoke permissions and think about which permissions will be needed by
that application.
** No MySQL users (root and others) may have a blank password.

5. REIMPLEMENT APPLICATION w/ MYSQL
* Modify the application from assignment #3 to store and retrieve all data
from MySQL.  You should have learned enough about PHP & MySQL interaction in
assigment #4 to do this step.
* Security Consideration: Seperate the SQL login information variables into
a config.php file stored in /home/username/webdata.  Use the appropriate PHP
commands to include this file when it is needed.  This good coding practice
to seperate configuration files from the application code, stored in a
protected directory.  This way configuration options are logically seperated
from the code, making it easier to edit, while protecting it with higher
security.

6. REIMPLEMENT with PEAR DB library
* You have used the MySQL specific method in PHP in connecting to the MySQL
database.  There is another, more generalized way of talking to databases in
the PEAR PHP library.  PEAR DB allows you to code your PHP application to be
able to connect to and use any database.  While the benefits are not
immediate for your code now, your future PHP applications will be much more
flexible and robust when they will be able to connect to PostgreSQL, IBM
DB2, or Oracle with only minor modifications.
Read about the PEAR DB homepage:
http://pear.php.net/
PEAR DB API is here
http://pear.php.net/manual/en/core.db.php
* Read about PEAR, specificaly about PEAR DB.
* Modify assignment #5 to use the PEAR DB library for all MySQL
transactions.