[Tutorial] UCP (PHP PDO) Experience Required [SHA1] - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Tutorials (https://sampforum.blast.hk/forumdisplay.php?fid=70)
+---- Thread: [Tutorial] UCP (PHP PDO) Experience Required [SHA1] (/showthread.php?tid=593027)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Tutorials (https://sampforum.blast.hk/forumdisplay.php?fid=70)
+---- Thread: [Tutorial] UCP (PHP PDO) Experience Required [SHA1] (/showthread.php?tid=593027)
UCP (PHP PDO) Experience Required [SHA1] - MD5 - 01.11.2015
If you don't know exactly how to make a protected SQL login/ucp panel, you've come to the right place. But before we get started, we must ensure you know PHP to the point where you're sufficient with snippets of code and how to implement them. DISCLAIMER: I did not create this script, this was originally created by Callum Carmicheal
Step 1.
First we're going to start off by creating a folder named dep, in that folder; we'll make a file called "common.php", put the following code in it below, and input your server(s) saving variables. Be sure to put your correct saving variables exactly where you're supposed to put them.
Код:
<?php
// Check if the user is logged in and if not redirect to login.
function checkLoginAndRedirect() {
if(empty($_SESSION['user'])) {
header('Location: login.php');
die("Redirecting: login.php");
}
}
// Check if user is logged in and redirect to dashboard if not login.
function checkLoginAndRedirectToDashboard() {
if(empty($_SESSION['user'])) {
header('Location: login.php');
die("Redirecting: login.php");
} else {
header('Location: dashboard.php');
die("Redirecting: dashboard.php");
}
}
// Get the username of signed in user
function getUsername() {
return htmlentities($_SESSION['user']['Your Player Name Variable Here'], ENT_QUOTES, 'UTF-8');
}
function getUser() {
return $_SESSION['user'];
}
// TEST IF USER AND PASS AND THEN RETURN THE RESULT AS A BOOLEAN
function validCreditentials($username, $password) {
/* ======== GLOBAL SETTINGS ======== */
global $dbHost; global $dbUsername; global $dbPassword; global $dbName;
global $dbOptions; global $dbTableBans; global $dbTableData; global $db;
global $websiteContactEmail;
/* ======== GLOBAL SETTINGS ======== */
$sql = "
SELECT player_NAME_VARIABLE, PLAYER_PASSWORD
FROM $dbTableData
WHERE player_NAME_VARIABLE = :username AND PLAYER_PASSWORD = :password
LIMIT 1";
try {
$query = $db->prepare($sql);
$query->bindValue(':username', $username);
$query->bindValue(':password', sha1($password));
$query->execute();
} catch(PDOException $ex) {
die("PDO ERROR on validCreditentials " . $ex->getMessage());
return false;
}
$row = $query->fetch(); // hmm
if($row) { // User and Pass is valid
return true;
}
return false;
}
function refreashUserInformation() {
$userInformation = getUserTable(getUsername);
if($userInformation == false) {
return false;
} else {
$session['user'] = $userInformation;
}
}
?>
Now you're going to make a page called session.php, also in the folder dep; this will establish a successful connection to your MySQL database, or withdraw an error if something goes wrong. (nothing needed to get changed here)
Код:
<?php
include("settings.php");
/* ======== GLOBAL SETTINGS ======== */
global $dbHost; global $dbUsername; global $dbPassword; global $dbName;
global $dbOptions; global $dbTableBans; global $dbTableData; global $db;
global $websiteContactEmail;
/* ======== GLOBAL SETTINGS ======== */
try {
$db = new PDO("mysql:host={$dbHost};dbname={$dbName};charset=utf8", $dbUsername, $dbPassword, $dbOptions);
} catch(PDOException $ex) {
die("Database is currently offline, please contact the admistrator at " . $websiteContactEmail);
}
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
function undo_magic_quotes_gpc(&$array) {
foreach($array as &$value) {
if(is_array($value)) {
undo_magic_quotes_gpc($value);
} else {
$value = stripcslashes($value);
}
}
}
undo_magic_quotes_gpc($_POST);
undo_magic_quotes_gpc($_GET);
undo_magic_quotes_gpc($_COOKIES);
}
header("Content-Type: text/html; charset=utf8");
session_start();
?>
Your MySQL connection details will go in this file called (settings.php) and this is also in the folder dep; also added in the define for a contact email for shits and giggles.
Код:
<?php /* ======== GLOBAL SETTINGS ======== */ global $dbHost; global $dbUsername; global $dbPassword; global $dbName; global $dbOptions; global $dbTableBans; global $dbTableData; global $db; global $websiteContactEmail; /* ======== GLOBAL SETTINGS ======== */ /* ======== DATABASE SETTINGS ======== */ $dbHost = "localhost"; $dbUsername = "user"; $dbPassword = "pass"; $dbName = "db_name"; $dbOptions = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); /* ======== DATABASE SETTINGS ======== */ /* ======== WEBSITE SETTINGS ======== */ $websiteContactEmail = "CONTACT@yourdomain.com"; /* ======== WEBSITE SETTINGS ======== */ ?>
Now you're going to make a file called (index.html) in the root of the folder, this will check if credentials are correct; and if so, redirect them to the dashboard and(or) login page again if incorrect.
Код:
<?php
require("dep/settings.php");
require("dep/session.php");
require("dep/common.php");
checkLoginAndRedirectToDashboard();
?>
Now we're making a page called (login.php), this is where all of the processing of _POST comes in.
Код:
<?php
require("dep/settings.php");
require("dep/session.php");
require("dep/common.php");
$loginError = false;
$loginErrorDesc = "";
if(!empty($_POST)) {
// Get user sent data
$username = $_POST['username'];
$password = $_POST['password'];
if(validCreditentials($username, $password)) {
$userAccount = getUserTable($username);
if($userAccount == false) {
$loginError = true;
$loginErrorDesc = "Could not retrieve account from Database, please try again later";
} else {
$_SESSION['user'] = $userAccount;
header('Location: dashboard.php');
die("Successfully logged in, redirecting to Dashboard.php");
}
} else {
$loginError = true;
$loginErrorDesc = "username or password is invalid";
}
}
?>
<!DOCTYPE html>
<head>
<?php
$Error_Message = '<strong>Error</strong> . $loginErrorDesc . ';
if(isset($_POST)) {
if($loginError) {
echo $Error_Message; #Concluded in $Error_Message variable.
}
}
?>
</head>
<body>
<form method="POST">
Username:
<input type="text" name="username"> <br />
Password:
<input type="password" name="password"><br />
<input type="submit" value="Submit">
</form>
</body>
Now we're going to make the (dashboard.php) that will also be in the root of your UCP. Add in your money variable and(or) other variables you want to display.
Код:
<?php
require("dep/settings.php");
require("dep/session.php");
require("dep/common.php");
checkLoginAndRedirect(); // This if you want to see if the user is logged in (it does not redirect to dashboard if logged in)
//checkLoginAndRedirectToDashboard(); Add this to pages that require a user to be logged in (only use on pages like index.php or auto redirects)
?>
<!DOCTYPE html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>UCP | Dashboard</title>
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
</head>
<body>
<h1>Welcome to UCP v1.00, <?php echo getUsername(); ?>!</h1>
<br />
<br><br>
getUser() is just the database results in a row so use getUser()['thecolumn'] to get the result required <br>
<a href="logout.php">Logout</a>
<br><br>
Main Stats
<br>
<pre>Current Money: $<?php getUser()['yourMoneyVariable']; ?> </pre>
</body>
</html>
Last page, we're naming this (logout.php) resets your login session; and will require you to login once again.
Код:
<?php
require("dep/settings.php");
require("dep/session.php");
require("dep/common.php");
unset($_SESSION['user']);
checkLoginAndRedirectToDashboard();
?>
Cheers!
Re: UCP (PHP PDO) Experience Required [SHA1] - Ritzy2K - 01.11.2015
Thanks a lot! Imma read it..and give a quickie feedback
+rep
Re: UCP (PHP PDO) Experience Required [SHA1] - MD5 - 01.11.2015
Quote:
|
Originally Posted by [ND]xXZeusXx.
 Thanks a lot! Imma read it..and give a quickie feedback
+rep |
Re: UCP (PHP PDO) Experience Required [SHA1] - Vince - 01.11.2015
There are most definitely better ways to do this. In any case the database credentials should definitely not be global, nor should they be repeated in every file. Database error messages should not be sent directly to the output (unless for debugging) as these can contain sensitive information that an attacker may exploit.
I would recommend using a framework. We use CodeIgniter in class and I quite like the way it works. Configure the database settings and autoload the database driver. Very, very simple.
PHP код:
$this->db->where('username', $username);
$query = $this->db->get('player');
$player = $query->row();
echo $player->username;
echo $player->money;
Re: UCP (PHP PDO) Experience Required [SHA1] - N0FeaR - 02.11.2015
Good job!
Re: UCP (PHP PDO) Experience Required [SHA1] - MD5 - 06.11.2015
Quote:
|
Originally Posted by Vince
There are most definitely better ways to do this. In any case the database credentials should definitely not be global, nor should they be repeated in every file. Database error messages should not be sent directly to the output (unless for debugging) as these can contain sensitive information that an attacker may exploit.
I would recommend using a framework. We use CodeIgniter in class and I quite like the way it works. Configure the database settings and autoload the database driver. Very, very simple. PHP код:
|
Re: UCP (PHP PDO) Experience Required [SHA1] - MD5 - 22.11.2015
Updated some of it, made it more secured.