Mysql (MariaDB) with PDO: Difference between revisions
| (13 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
Some of my database stuff is shown. | Some of my database stuff is shown. | ||
File structure is as follow: | |||
<pre> | |||
> www.public.com | |||
>> index.php | |||
>> php_folder | |||
>>> class.php | |||
>>> loadData.php | |||
> passwords | |||
>> public.com_passwords.txt | |||
</pre> | |||
The folder www.public.com is connected to the internet, and passwords is not available from the internet. The password files contains the passwords and login credentials; this file is extremey simple. Only the password: | |||
<pre> | |||
thisIsMySecretPassword | |||
</pre> | |||
== Establishing connection to the server == | |||
Store the password into a secure place, thus above the the www directory. Php can access that. | |||
The file index.php includes the php file | |||
<syntaxhighlight lang="xml"> | |||
<?php | |||
include ('php/loadData.php'); | |||
$aa = $conn -> getData(); | |||
$bb = $conn -> getImages(); | |||
?> | |||
</syntaxhighlight> | |||
First, it connects to the database and then reads some data. No logging in in this example. | |||
[[File:Php mysql readThePassword.png|thumb|The code, unfortunately in image format]] | |||
[[File:Php mysql class1.png|thumb|The first part]] | |||
[[File:Php mysql class2.png|thumb|The second part]] | |||
[[File:Php mysql class3.png|thumb|The third part]] | |||
[[File:Php mysql class4.png|thumb|The fourth part]] | |||
The password is outside the internet, but be aware that if the hacker can upload a php file, it might be able to access the secret password. | |||
The code is shown as images, but is also downloadable here as a [https://wiki.luntti.net/images/e/ea/Class.txt text] format. Add php code tags around it; see the images. | |||
== Log a user == | == Log a user == | ||
SSL connection. Php | SSL connection. Hash and salt. Php [https://www.php.net/manual/en/ref.password.php password hashing functions] and mainly <syntaxhighlight inline>password_hash</syntaxhighlight> with <syntaxhighlight inline>password_verify</syntaxhighlight>. | ||
Check the database if the username is exists. If it is, fetch the password hash and compare that against the user inputted hash. | |||
Latest revision as of 11:47, 12 September 2023
Introduction
Some of my database stuff is shown.
File structure is as follow:
> www.public.com >> index.php >> php_folder >>> class.php >>> loadData.php > passwords >> public.com_passwords.txt
The folder www.public.com is connected to the internet, and passwords is not available from the internet. The password files contains the passwords and login credentials; this file is extremey simple. Only the password:
thisIsMySecretPassword
Establishing connection to the server
Store the password into a secure place, thus above the the www directory. Php can access that.
The file index.php includes the php file
<?php
include ('php/loadData.php');
$aa = $conn -> getData();
$bb = $conn -> getImages();
?>
First, it connects to the database and then reads some data. No logging in in this example.
The password is outside the internet, but be aware that if the hacker can upload a php file, it might be able to access the secret password.
The code is shown as images, but is also downloadable here as a text format. Add php code tags around it; see the images.
Log a user
SSL connection. Hash and salt. Php password hashing functions and mainly password_hash with password_verify.
Check the database if the username is exists. If it is, fetch the password hash and compare that against the user inputted hash.
