[luau] PHP & MySQL Book Recommendations?

Patrick Kennedy patrickjkennedy at hotmail.com
Fri Mar 15 03:17:03 PST 2002


PHP is kind of like ASP to me...in fact I like ASP more than PHP.  But is 
any one doing Java Servlets?  I think more people on Linux should try Java.


>WARREN'S LAME ATTEMPT AT PHP ASSIGNMENTS
>------------
>
>1. SIMPLE COUNTER PHP APPLICATION
>* Implement a simple PHP counter that increments a displayed number upon
>every page visit.  Store the number in a plain text file.
>
>2. ADD FEATURES TO SCRIPT
>* In addition to the material contained in the book, familiarize yourself
>with the PHP API.
>http://www.php.net/manual/en/
>* Add a simple logger to your counter page that records the visitor's IP
>address along with the date & time into another text file.
>* Add a button to this page, when clicked it runs another PHP script that
>displays the contents of that log text file.  Something like this example:
>Thu Mar 14 20:59:05 HST 2002 VISIT from 192.168.244.42
>Thu Mar 14 20:59:15 HST 2002 VISIT from 10.42.46.14
>Thu Mar 14 20:59:45 HST 2002 VISIT from 172.164.42.46
>Thu Mar 14 20:59:56 HST 2002 VISIT from 192.168.64.32
>* Add another button to the counter page that resets the counter back to
>zero.
>* Add another button to the counter page that clears the visitor log file.
>
>3. IMPLEMENT LOGIN AND DATA SECURITY
>* Make the log view, reset counter and reset log so that it requires the
>user to enter a password to do those actions.  Store this password
>serverside in another plain text file, though encrypted with a one-way hash
>supported by PHP (CRYPT or MD5 are two hashes of many).  User will transmit
>the
>password plain-text over the Internet to the web server, which will hash
>that string and compare it to the encrypted string contained in the text
>file.  Based upon this comparison decide if the user is allowed access or
>not.
>* Make verification steps for the deletion options like "Are you sure you
>want to reset the counter?" and "Are you sure you want to clear the log?"
>* Log unsuccessful login attempts in the same log file.  Something like
>this:
>Thu Mar 14 20:59:05 HST 2002 LOGIN REJECTED from 192.168.244.42
>* Ban user from attempting to login if their IP address has three 
>occurances
>of LOGIN REJECTED for their IP address.
>* Protect viewing of the text data files from web visitors by putting it
>into a non-web viewable directory.  For example, if your web root is
>/home/username/public_html, put your data files into 
>/home/username/webdata.
>
>4. INTRODUCTION TO PHP & MYSQL
>* Implement the counter so that it looks and behaves exactly like the
>counter script in assignment #1, except the data is stored in a very simple
>MySQL database table.
>* Database Security considerations:
>** Your PHP script must not connect to MySQL as root.  Each PHP application
>should have its own MySQL user, granted the minimal permissions necessary 
>in
>order to use an appropriate database.  Thus you must learn about MySQL 
>grant
>and revoke permissions and think about which permissions will be needed by
>that application.
>** No MySQL users (root and others) may have a blank password.
>
>5. REIMPLEMENT APPLICATION w/ MYSQL
>* Modify the application from assignment #3 to store and retrieve all data
>from MySQL.  You should have learned enough about PHP & MySQL interaction 
>in
>assigment #4 to do this step.
>* Security Consideration: Seperate the SQL login information variables into
>a config.php file stored in /home/username/webdata.  Use the appropriate 
>PHP
>commands to include this file when it is needed.  This good coding practice
>to seperate configuration files from the application code, stored in a
>protected directory.  This way configuration options are logically 
>seperated
>from the code, making it easier to edit, while protecting it with higher
>security.
>
>6. REIMPLEMENT with PEAR DB library
>* You have used the MySQL specific method in PHP in connecting to the MySQL
>database.  There is another, more generalized way of talking to databases 
>in
>the PEAR PHP library.  PEAR DB allows you to code your PHP application to 
>be
>able to connect to and use any database.  While the benefits are not
>immediate for your code now, your future PHP applications will be much more
>flexible and robust when they will be able to connect to PostgreSQL, IBM
>DB2, or Oracle with only minor modifications.
>Read about the PEAR DB homepage:
>http://pear.php.net/
>PEAR DB API is here
>http://pear.php.net/manual/en/core.db.php
>* Read about PEAR, specificaly about PEAR DB.
>* Modify assignment #5 to use the PEAR DB library for all MySQL
>transactions.
>
>
>_______________________________________________
>LUAU mailing list
>LUAU at videl.ics.hawaii.edu
>http://videl.ics.hawaii.edu/mailman/listinfo/luau





/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Kennedy


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




More information about the LUAU mailing list