PHP file needed to GET url variables, process, INSRT 2 MySQL

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ClevelandSlim
Forum Newbie
Posts: 4
Joined: Mon Jul 14, 2008 4:51 pm

PHP file needed to GET url variables, process, INSRT 2 MySQL

Post by ClevelandSlim »

Hello,

This is my first time posting here. I need a php file that when called to via GET url with variables, the php file will have to encrypt a password, whichj will be one of the variables. Then I need the resulting info written to a specific MySQL database table.

So far this is what I have.

php GET variables and write to database code...

Code: Select all

<?php 
$db=mysql_connect("localhost", "usrnm", "pswd") or die("Could not connect to localhost."); mysql_select_db("visitors", $db) or die("Could not find visitors."); 
 
// The above lines establishes a connection with the // database. Keep localhost as is unless something different // is mentioned by your sql host. usrnm is user name and pswd is // password. What I want to say is, copy these lines as they are // and just replace the required fields and it should connect. 
 
$querySQL = "insert into visinfo (d_name, d_email, 
d_city) values ($name, $email, $city)"; 
if(!$querySQL) error_message(sql_error()); 
 
// The above statement generates an error if you have setup the table in such a way that there should not be a duplicate entry. 
?> 
 
I can see how that will work. But what I don't see in the above code is how to clarify which table the data will be written to. I NEED TO SPECIFY TABLE.

Here is a bit of the code from the help file that encrypts the password with the correct encryption...

Code: Select all

   /**
     * Formats a password using the current encryption.
     *
     * @access    public
     * @param    string    $plaintext    The plaintext password to encrypt.
     * @param    string    $salt        The salt to use to encrypt the password. []
     *                                 If not present, a new salt will be
     *                                 generated.
     * @param    string    $encryption    The kind of pasword encryption to use.
     *                                 Defaults to md5-hex.
     * @param    boolean    $show_encrypt  Some password systems prepend the kind of
     *                                 encryption to the crypted password ({SHA},
     *                                 etc). Defaults to false.
     *
     * @return string  The encrypted password.
     */
    function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false)
    {
        // Get the salt to use.
        $salt = JUserHelper::getSalt($encryption, $salt, $plaintext);
 
        // Encrypt the password.
        switch ($encryption)
        {
            case 'plain' :
                return $plaintext;
 
            case 'sha' :
                $encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext));
                return ($show_encrypt) ? '{SHA}'.$encrypted : $encrypted;
 
            case 'crypt' :
            case 'crypt-des' :
            case 'crypt-md5' :
            case 'crypt-blowfish' :
                return ($show_encrypt ? '{crypt}' : '').crypt($plaintext, $salt);
 
            case 'md5-base64' :
                $encrypted = base64_encode(mhash(MHASH_MD5, $plaintext));
                return ($show_encrypt) ? '{MD5}'.$encrypted : $encrypted;
 
            case 'ssha' :
                $encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext.$salt).$salt);
                return ($show_encrypt) ? '{SSHA}'.$encrypted : $encrypted;
 
            case 'smd5' :
                $encrypted = base64_encode(mhash(MHASH_MD5, $plaintext.$salt).$salt);
                return ($show_encrypt) ? '{SMD5}'.$encrypted : $encrypted;
 
            case 'aprmd5' :
                $length = strlen($plaintext);
                $context = $plaintext.'$apr1$'.$salt;
                $binary = JUserHelper::_bin(md5($plaintext.$salt.$plaintext));
 
                for ($i = $length; $i > 0; $i -= 16) {
                    $context .= substr($binary, 0, ($i > 16 ? 16 : $i));
                }
                for ($i = $length; $i > 0; $i >>= 1) {
                    $context .= ($i & 1) ? chr(0) : $plaintext[0];
                }
 
                $binary = JUserHelper::_bin(md5($context));
 
                for ($i = 0; $i < 1000; $i ++) {
                    $new = ($i & 1) ? $plaintext : substr($binary, 0, 16);
                    if ($i % 3) {
                        $new .= $salt;
                    }
                    if ($i % 7) {
                        $new .= $plaintext;
                    }
                    $new .= ($i & 1) ? substr($binary, 0, 16) : $plaintext;
                    $binary = JUserHelper::_bin(md5($new));
                }
 
                $p = array ();
                for ($i = 0; $i < 5; $i ++) {
                    $k = $i +6;
                    $j = $i +12;
                    if ($j == 16) {
                        $j = 5;
                    }
                    $p[] = JUserHelper::_toAPRMD5((ord($binary[$i]) << 16) | (ord($binary[$k]) << 8) | (ord($binary[$j])), 5);
                }
 
                return '$apr1$'.$salt.'$'.implode('', $p).JUserHelper::_toAPRMD5(ord($binary[11]), 3);
 
            case 'md5-hex' :
            default :
                $encrypted = ($salt) ? md5($plaintext.$salt) : md5($plaintext);
                return ($show_encrypt) ? '{MD5}'.$encrypted : $encrypted;
        }
    }
 
 
So that's that. I am at a point where I could use the first piece of code posted above, except I can't figure how to specify the table. And as far as the encrypting of the password... I am totally lost.

Please help.

All the best,
~Slim~
8O
WebbieDave
Forum Contributor
Posts: 213
Joined: Sun Jul 15, 2007 7:07 am

Re: PHP file needed to GET url variables, process, INSRT 2 MySQL

Post by WebbieDave »

ClevelandSlim wrote:I can't figure how to specify the table
INSERT INTO tablename
Check out the INSERT syntax here:
http://dev.mysql.com/doc/refman/5.0/en/insert.html
ClevelandSlim wrote:And as far as the encrypting of the password...
You posted a function for encryption.

Code: Select all

mysql_query("INSERT INTO userTable (username, password) VALUES ('" . mysql_real_escape_string($username) . "', '"  . mysql_real_escape_string(getCryptedPassword($password, $salt)) . "')";
Dynamis
Forum Contributor
Posts: 122
Joined: Thu Jul 10, 2008 3:15 pm
Location: Indiana, US

Re: PHP file needed to GET url variables, process, INSRT 2 MySQL

Post by Dynamis »

an easy way to encrypt a password that is very secure, is to call the md5 function on it, and save the result to the DB. Then when you want to verify a users password, you encrypt what they put it and see if it matches with the encrypted password in DB.

to encrypt:

Code: Select all

<?php
$encrypted_pass = md5($original_password);
?>
ClevelandSlim
Forum Newbie
Posts: 4
Joined: Mon Jul 14, 2008 4:51 pm

Re: PHP file needed to GET url variables, process, INSRT 2 MySQL

Post by ClevelandSlim »

OK. Thanks for the replies! This is where I am at now, but I still have questions below the updated code that I have now which is...

Ok, so I am going to give it a shot. Thanks to Brad's reply... this is what I have now.

Code: Select all

<?php 
$db=mysql_connect("localhost", "usrnm", "pswd") or die("Could not connect to localhost."); mysql_select_db("sha0818911585312", $db) or die("Could not find visitors."); 
 
$encrypted_pass = md5($password);
 
$querySQL = "insert into jos_users (id,name,email,username,password,usertype,registerDate) values (--,--,$email,$username,$password,--,$start_date)"; 
if(!$querySQL) error_message(sql_error()); 
 
?> 
 
I am understanding that the VALUES (values (--,--,$email,$username,$password,--,$start_date) came from the GET url that's going to call the PHP file.

Here is another spin on things...

1. The id variable won't be coming from the GET url string, so I will have to set that variable via the PHP file AND I will need it set at auto_incrememnts and it can't be a duplicate on the database. Maybe I could go in and add that to the database before hand, say at like 300 - 500 ready id's?

2. I left the value for name blank as well, because coming from the GET url I will have two varibles for name (customer_fname "first name" and customer_lname "last name") so I will need to know how to combine the two and make them into the one value.

3. I left the usertype value blank. All entries to the database thru this file will all be one type of user. the default for this value is going to be registered

4. Finally, the password. I understand the $encrypted_pass = md5($password); and that takes the original variable string piece password and encrypts it with the md5. The original password will be coming in the GET url string already encrypted in .htpasswd. Is there an easy code I can put in there just as quick that will decrypt it out of .htpasswd?

If I can figure out these last 4 steps, I can go ahead and start testing this!

All the best,
~Slim~
sureshmaharana
Forum Commoner
Posts: 30
Joined: Thu Jul 03, 2008 4:20 am
Contact:

Re: PHP file needed to GET url variables, process, INSRT 2 MySQL

Post by sureshmaharana »

$querySQL = "insert into jos_users (name,email,username,password,registerDate) values ('$customer_fname $customer_lname','$email','$username','$password','$start_date')";

Modify ID field as unique key or primary key and auto increment in database.
Set default value of USERTYPE to customer or whatever you want in database.
ClevelandSlim
Forum Newbie
Posts: 4
Joined: Mon Jul 14, 2008 4:51 pm

Re: PHP file needed to GET url variables, process, INSRT 2 MySQL

Post by ClevelandSlim »

Okay... this is what I am going to test with.

Code: Select all

 
<?php 
$db=mysql_connect("localhost", "usrnm", "pswd") or die("Could not connect to localhost."); mysql_select_db("sha0818911585312", $db) or die("Could not find visitors."); 
 
$encrypted_pass = md5($password);
$usertype = Registered;
$username = $customer_fname.' '.$customer_lname;
 
$querySQL = "insert into jos_users (name,email,username,password,registerDate) values ($name,$email,$username,$encrypted_pass,$start_date)"; 
if(!$querySQL) error_message(sql_error()); 
 
?> 
 
Come to find out, the password will be pased as plain text. So that means I don't have to worry about decrypting it, just adding the md5 spin on it. As is .htpasswd encryption can't be decrypted. It's a one way algorithm.

If you see ANYTHING that may keep my test from being succesful, please let me know.

Thanks for your replies.

All the best,
~Slim~
ClevelandSlim
Forum Newbie
Posts: 4
Joined: Mon Jul 14, 2008 4:51 pm

Re: PHP file needed to GET url variables, process, INSRT 2 MySQL

Post by ClevelandSlim »

This is the code I have tested, and it's not working.

Code: Select all

<?php 
$db=mysql_connect("myhostname", "myusername", "password") or die("Could not connect to localhost"); 
 
$encrypted_pass = md5($password);
$username = "$customer_fname.' '.$customer_lname";
 
$querySQL = "insert into jos_users (name,email,username,password,registerDate) values ($name,$email,$username,$encrypted_pass,$start_date)"; 
if(!$querySQL) error_message(sql_error()); 
 
?>
I have to figure out why and I don't know where to start.

All the best,
~Slim~
Post Reply