Jump to content

Recommended Posts

Hi,

I've recently started on php after html couldnt bear what I needed.

I need to know how to do some things. Here's a small explanation of my problems.

[b]Problem #1 - Sessions, Session IDs and Logins[/b]

Ok, I have a login page and a php script that processes it against the variables, and then confirms/declines the login onto a preview page.
Only problem is, when you click the link on the "login success/process!" screen i put in, I had it so you clicked a link to view the "Game overview.php". However, it doesnt show your variables, like username, planet etc. (I am coding an online game).
I need a basic description on how to store the login information into a session/session id, and send it across the other pages, so I can select specific variables on the database that are with the login information.
All I know at the moment is that you start a session with session_start() and end it with session_destroy(), and you do something with $_Session['Username/whatever'].

Putting it simple, I want a focused description on how to properly "login" and then pick up the users variables that exists in the database. I also want to store all this in a "Random Session Id" that can be shown in the URL.

Here are my two scripts at the moment:
The login form (login.php)
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<body bgcolor='#000033' text='#CCFFFF'>
<h1>Server 1 Login Page</h1>
<i>Notice: Logins are currently bugged and unfinished. A "Session Id" is still to be created to enable full dynamic use of your account.</br>
Thank you, and enjoy our login</i>
<form name="authenticate" method="post" action="loginprocess.php">
Username: <input name="Username" type="text" value="Username" size="20"/><br>
Password: <input name="Password" type="text" value="Password" size="20"/><br>
<input type="submit" name="submit" value="submit"/>
<input type="reset" name="reset" value="reset"/>
</form>[/quote]

The login process + preview page (loginprocess.php)
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<body bgcolor='#000033' text='#CCFFFF'>
<?
$username="Server1Main";
$password="nobodyloses";
$database="Server1";

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query="SELECT * FROM Users";
$result=mysql_query($query);

$Status=mysql_result($result,"Status");


$sql="SELECT * FROM Users WHERE Username='$Username' and Password='$Password'";
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print "Invalid Username/Password, Please try again.";
exit();
}
else{
print "Thank you for logging on, ".$Username.". ";
}
if($Status=="Banned"){
print "<br>You have been banned from the server for ".$BannedFor." by ".$BannedBy.".<br>";
print "Your ban will expire on ".$BannedUntil.".";
}
else{
print "Welcome to Adastra Extritium!";
}

?>[/quote]

(Also, it doesnt like the ban check)


[b]Problem #2 - SQL Injections[/b]

I am aware of major security holes with both Cookies and Sessions, but I chose to use sessions, for compatibility reasons.
Is there any way of closing the security hole to prevent people from Sql Injecting members Session Ids? Thanks for any help here.


[b]Problem #3 - Server Updating and Times[/b]

With this game, you need timers. I want to know how to set it so that when you click a "Build" button, it applies a timer delay. After that timer (it's also displayed to the user) reaches 0, the build is complete, and the build completion script runs. (ie. if ($Timer==00s) set $Woodmill=$Woodmill+1)

Also, I need to know how to set the server to refresh itself (so all the points update at the same time) on regular intervals, like every 4 hrs.



Thanks for any help,

~Dark dude~
Link to comment
https://forums.phpfreaks.com/topic/11258-newbie-problems/
Share on other sites

1. Something like this:

[code]$query = mysql_query("SELECT * FROM users ...");
while ($row = mysql_fetch_array($query)) {
   $_SESSION['planet'] = $row['planet'];
   $_SESSION['weapon'] = $row'[weapon']...
[/code]

2. SQL Injection may or may not involve the session ID's. It's basically execution of arbitrary SQL queries by using exploits. To avoid them, you must not trust user input, ever. And escape data before querying:

[a href=\"http://www.php.net/mysql_escape_string\" target=\"_blank\"]http://www.php.net/mysql_escape_string[/a]

3. You can use cron jobs for that.

And finally a reminder, games like this usually hog a lot of resources. Be careful to not take down the server.
Link to comment
https://forums.phpfreaks.com/topic/11258-newbie-problems/#findComment-42120
Share on other sites

1. Ok, so how do you convert the session id back? eg. Later on, you want to read the Session['Status'] to see if they should have access to a Moderator area?

2. Ooooh, ok, thanks for answering that for me =]

3. Cron jobs? You mean, like, somebody, say, a friend, goes onto the server database and refreshes the scores?


@Reminder: Yup, I am aware of that, it's text based, and the server I am using is rated one of the top 10 servers on the net. It's only a small game, but we will pay for bigger, better servers when needed.
And yeah, thanks for noting the dangers of it anyway :P
Link to comment
https://forums.phpfreaks.com/topic/11258-newbie-problems/#findComment-42127
Share on other sites

3. no. a cron job is a unix method of executing a script at regular intervals. you would setup a cron job through cpanel or from your server command line. the easier way is to do it through cpanel. you just enter in the path and name of the script you want to be executed and enter in the time interval you want it to be executed. the server will automatically run your script every x amount of time. the script itself would do the updating of your data, and the server will run it.
Link to comment
https://forums.phpfreaks.com/topic/11258-newbie-problems/#findComment-42139
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.