Mysql (MariaDB) with PDO

From wikiluntti
Revision as of 10:47, 12 September 2023 by Mol (talk | contribs) (→‎Establishing connection to the server)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

Some of my database stuff is shown.

File structure is as follow:

> www.public.com
>> index.php
>> php_folder 
>>> class.php
>>> loadData.php
> passwords
>> public.com_passwords.txt

The folder www.public.com is connected to the internet, and passwords is not available from the internet. The password files contains the passwords and login credentials; this file is extremey simple. Only the password:

thisIsMySecretPassword

Establishing connection to the server

Store the password into a secure place, thus above the the www directory. Php can access that.

The file index.php includes the php file

<?php
include ('php/loadData.php');
$aa = $conn -> getData();
$bb = $conn -> getImages();
?>

First, it connects to the database and then reads some data. No logging in in this example.

The code, unfortunately in image format
The first part
The second part
The third part
The fourth part

The password is outside the internet, but be aware that if the hacker can upload a php file, it might be able to access the secret password.

The code is shown as images, but is also downloadable here as a text format. Add php code tags around it; see the images.

Log a user

SSL connection. Hash and salt. Php password hashing functions and mainly password_hash with password_verify.

Check the database if the username is exists. If it is, fetch the password hash and compare that against the user inputted hash.