Jump to content

Recommended Posts

I am unsuccessfully able to do the following:

  User creates an account

  After login, checks server if user has their own folder created

  If doesn't exist, create it

  Copy files from source_code to this new folder

 

My code does create a folder, but no files appear inside it.

Been trying to find an example with google search for the past 3 days with no luck.

 

I am running LAMP on Linux Mint OS to run my PHP webpages.

 

Can anyone tell me if issues with this section of coding?

<?php
 
function wait_time($seconds)

{

    $seconds = abs($seconds);

    if ($seconds < 1):

       usleep($seconds*1000000);

    else:

       sleep($seconds);

    endif;   

}
 
$file1 = "blank.html";

$file2 = "channel_video.php";

$file3 = "clear_playlist.php";

$file4 = "confirm.html";

$file5 = "index.html";
set_time_limit(0); //prevent script from timing out
 
$account = $_POST["account_name"];
$src = "source_code/";
$dst = $account."/";
 
echo 'Setting up your account page ->.';
mkdir($account, 0777, true); echo '.'; //create folder with full write permissions
wait_time(2000); //wait 2 seconds before copying files over
copy($src.$file1, $dst.$file1); echo '.';
wait_time(2000); //wait 2 seconds before copying files over
copy($src.$file2, $dst.$file2); echo '.';
wait_time(2000); //wait 2 seconds before copying files over
copy($src.$file3, $dst.$file3); echo '.';
wait_time(2000); //wait 2 seconds before copying files over
copy($src.$file4, $dst.$file4); echo '.';
wait_time(2000); //wait 2 seconds before copying files over
copy($src.$file5, $dst.$file5); echo '.<- setup finished<br>';
 
?>

Thanks for any input you can provide.

dynamically produced web sites don't actually have folders and files for everything or for each user. they use logical folders and pages that map (using url rewriting) to one actual file that retrieves the correct content from a database and displays it in response to the url that was used to request the page.

 

are you sure want to try to copy and then manage a bunch of actual folders and files? also, how are you going to restrict access  for making changes to the proper user?

Guess need to rethink my site layout then. A single page generating content would be easier on the hard drive space.

 

The way I've been verifying accounts is when use first logs in it tracks the client's IP address update the MySQL database.

If anyone ever connects to a page where account IP does not match prevent the php code from loading.

 

Example: User signs in to page as user123.

Then they manually type in http://myipaddress/anotheruser/ nothing will show up.

Unless it was from the same IP address as the last time account anotheruser signed in.

Edited by SmexyPantsGnome

a persons ip address can change at any time and all the people connecting from one nat based network will share the same ip address. using the ip for anything other than just informational purposes will result in problems of locking someone out or of allowing someone access just because the connected from the same network.

 

you must limit access based on the logged in user's id and what content he has permission to view or change.

Once the user logs in store their user info in $_SESSION. On the page that displays the user profile, check that the name entered in the url is the same as the name they logged in with. If it's not, display an error. If it is, show the page.

 

Are you only relying on a username and last IP address? No password?

Can't believe I wasted so much coding time doing it this way.

Storing saved variables in MySQL for account details is alot easier.

 

This connects to a IRC server that requires name and password.

Login page loads variables to accounts table with columns (Nick, Pass, Channel)

If someone give the wrong pass it will fail to load the Irc info.

 

I will also look up examples on using $_SESSION.

Edited by SmexyPantsGnome

Yes thats true :)

This is just a hobby project that I'm working on for fun.

 

But I got requested from multiple poeple wanting to try it out now.

So now I'm looking into adding account login controls on top of what I already have.

Don't want to accidentally have one user load settings that another user setup.

Edited by SmexyPantsGnome

I have created this for account checking.

This connects an auto-response bot to the irc channel:

  Responds to % prefix commands that someone types in the channel.

 

I added $_SOCKETS now to see if account is valid.

Plan to install https for added security on my webserver too.

 

New code now uses $_SESSION:

 

<!DOCTYPE html>
<?php session_start(); ?> <!load the existing session from previous page>
<html>
<head>
<link rel="stylesheet" href="style.css">
</head>
<?php
//forces webbrowser to clear buffer to show text, also adds a delay for loop
function irc_clearbuffer() {
    if (ob_get_level() == 0) obstart();
    for($i=0;$i<70;$i++) {
        print str_pad('',4096)."\n";
        ob_flush();
        flush();
        usleep(1);
    }
}
$server = $_SESSION['server'];
$name = $_SESSION['account_name'];
$pass = $_SESSION['account_pass'];


//connect to main server
if ($server == "main") {
    $server = "irc.main.com";
    $socket = fsockopen($server, 6667);
    stream_set_blocking($socket, 0);
    fputs($socket, "USER ".$name."\n");
    fputs($socket, "PASS ".$pass."\n");
    fputs($socket, "NICK ".$name."\n");
    echo "Attempting to connect to ".$server."<br>";

}
//connect to alt server
elseif ($server == "alt") {
    $server = "irc.alt.com";
    $socket = fsockopen($server, 6667);
    stream_set_blocking($socket, 0);
    fputs($socket, "PASS ".$pass."\n");
    fputs($socket, "NICK ".$name."\n");
    fputs($socket, "USER ".$name." ".$name." ".$server." :".$name."\n");
    echo "Attempting to connect to ".$server."<br>";
    irc_clearbuffer();
    fputs($socket, "JOIN #".$name."\n");
}
else { die("You forgot to select a server. Please login again."); }

for ($i=0;$i<100;$i++) {
    //display new data that irc server sends
    while ($data = fgets($socket, 1024)) { //reads up to 1024 characters from the irc server
        
        if ($server == "irc.main.com") {        
            $trim_data = substr(nl2br($data),25,18);
            if ($trim_data == "Login unsuccessful") {
                session_destroy();
                echo "Retry login<br>";
                die($trim_data);
            }
        }
        if ($server == "irc.alt.com") {
            $trim_data = substr(nl2br($data),22,23);
            if ($trim_data == "You have not registered") {
                echo "Retry login<br>";
                session_destroy();
                die($trim_data);
            }
        }
    }
irc_clearbuffer();
}

fclose($socket);
?>

Apache as mac_gyver already mentioned is not designed for this and administrating accounts on it can be a challenge. However, apache have a list of lot of projects these days you can check in their website. Anyway.....good luck :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.