Presentation is loading. Please wait.

Presentation is loading. Please wait.

V 1.0 OE NIK 2013 PHP+SQL 6. Forum 1. V 1.0 Hashing – this semester Storing passwords in cleartext form is FORBIDDEN Textual user database is enough user|hash.

Published byTy Worrick Modified over 9 years ago

Similar presentations

Presentation on theme: "V 1.0 OE NIK 2013 PHP+SQL 6. Forum 1. V 1.0 Hashing – this semester Storing passwords in cleartext form is FORBIDDEN Textual user database is enough user|hash."— Presentation transcript:

1 V 1.0 OE NIK 2013 PHP+SQL 6. Forum 1

2 V 1.0 Hashing – this semester Storing passwords in cleartext form is FORBIDDEN Textual user database is enough user|hash pairs, it is enough to use the basic sha1() e.g. http://bit.ly/9vM3cA or simply echo sha1("almafa") After this, read the file using file($path, FILE_IGNORE_NEW_LINES) then explode("|", $row) OE NIK 2013 2

3 V 1.0 SESSION variables Data storage on the server: key, value Initializing a session: session_start() Session identification: SID (Session ID), the browser sends it with every HTTP Request ($_COOKIE or $_GET) Accessing values: The browser sends the SID, the session_start() loads the data associated with the given SID into the $_SESSION array The client only stores the SID, the associated data are on the server  more secure Session hijacking? OE NIK 2013 3

4 V 1.0 MyForum Not logged in users can't access anything Topic titles are one-liners, we store them in the topics.txt file Messages are one-liners, we store them in the msgs_{$topicnumber}.txt file (format: user|time|message ) PHP scripts: index.php, pwgen.php 4 OE NIK 2013

5 V 1.0 INDEX.PHP – ACTION PLAN (login required for all actions) TOPICLIST List topics  read topics.txt, transform every lines into a link towards index.php?action=MSGLIST&topicid={$id} TOPICFORM Display form to add new topic  form must contain 1 text input field + 1 submit button TOPICADD Actually add the topic  Add entry from $_POST to the topics.txt file, then redirect MSGLIST List messages from the msgs_{$topicid}.txt file. Extra parameter: $_GET['topicid'] MSGFORM Display form to add new message  form must contain 1 textarea field + 1 submit button. Extra parameter: $_GET['topicid'] MSGADD Actually add the message to the msgs_{$topicid}.txt file. Extra parameter: $_GET['topicid'] 5 OE NIK 2013

6 V 1.0 HOMEWORK FOR EXTRA POINTS (deadline: 31st of March, midnight) TOPICDEL Delete topic (ATTENTION! What if I have topicA + topicB + topicC in topics.txt, so msgs_0.txt, msgs_1.txt and msgs_2.txt files are present. If I delete topicB from the topics.txt file, then topicC will change from msgs_2.txt to msgs_1.txt … Solution: introduce order- independent topic ID, or rename files) REGISTERRegistration (form + actual registration) PWMODPassword change (form + actual modification) MSGADD / MSGLIST / MSGFORM Somehow change these actions to allow multi-line messages (hint: use escape characters or some kind of string replacement – usage of database is not allowed!) 6 OE NIK 2013

7 V 1.0 OE NIK 2013 7

8 8

Download ppt "V 1.0 OE NIK 2013 PHP+SQL 6. Forum 1. V 1.0 Hashing – this semester Storing passwords in cleartext form is FORBIDDEN Textual user database is enough user|hash."

Similar presentations

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
V 1.0 OE NIK 2013 PHP+SQL 4. File handling basics File-based database File-based guestbook 1.

V 1.0 OE NIK 2013 PHP+SQL 4. File handling basics File-based "database" File-based guestbook 1.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Supplement Creating Forms. Objectives Show how forms are used How to create the Form element HTML elements used for creating input fields.

Supplement Creating Forms. Objectives Show how forms are used How to create the Form element HTML elements used for creating input fields.
V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.

V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
Forms. Form An HTML form is a section of a document containing normal content, special elements called controls (checkboxes, radio buttons, buttons, etc.),

Forms. Form An HTML form is a section of a document containing normal content, special elements called controls (checkboxes, radio buttons, buttons, etc.),
Unit 7 – Working with Forms 1. Creating a form 2. Accessing the submitted data 3. Common operations on forms.

Unit 7 – Working with Forms 1. Creating a form 2. Accessing the submitted data 3. Common operations on forms.
Advance Database Management Systems Lab no. 5 PHP Web Pages.

Advance Database Management Systems Lab no. 5 PHP Web Pages.
Web forms in PHP Forms Recap  Way of allowing user interaction  Allows users to input data that can then be processed by a program / stored in a back-end.

Web forms in PHP Forms Recap  Way of allowing user interaction  Allows users to input data that can then be processed by a program / stored in a back-end.
INTERNET APPLICATION DEVELOPMENT For More visit:

INTERNET APPLICATION DEVELOPMENT For More visit:
1Computer Sciences Department Princess Nourah bint Abdulrahman University.

1Computer Sciences Department Princess Nourah bint Abdulrahman University.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
PHP Hypertext PreProcessor. Documentation Available www.php.netwww.w3schools.com SAMS books O’Reilly Books.

PHP Hypertext PreProcessor. Documentation Available SAMS books O’Reilly Books.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Similar presentations

Ads by Google