Making A More Secure Login

October 1, 2008

This article is a continuation of my previous article Writing A Simple Login. I came to the realization that our login that we created earlier was not at all secure, so I decided it was time that we tackle the most basic security measures.

So starting off where our last example left off, we’ve had the users enter their username and password and passed it on to our processlogin.php file. After we’ve declared the database connections we’ll want to make a simple function that will check the variables passed through via the post. The function will look something like this.

function make_safe($variable) {
$variable = mysql_real_escape_string(trim($variable));
return $variable;
}

What this function ensures us is that anything malicious the user will try to pass through to our processing page will simply be parsed up and run through the database like normal, thus preventing the user from entering anything malicious into our input fields.

In order to use this function we should call it like so.

$username = make_safe($_POST['username']);
$password = make_safe($_POST['password']);

Thus protecting us from a malicious attack. Hopefully this has helped you out in making your login page more secure with some simple php.

Writting A Simple Login

September 26, 2008

One of the things that I marvel at is how many first time php users clamor for a login function on their pages. What are they going to do once they get users? How are they going to keep them interested in their sites? Well regardless if you’re interested in developing a login function for your site, I can certainly help out with that.
So the first thing we’re going to want to do is create a form. You can put this form on your website or on a separate login page. This is what the html will look like.

<form name="form1" method="post" action="processlogin.php">
<label>
Username:
<input type="text" name="username" id="username">
</label>
<label>
Password
<input type="text" name="password" id="password">
</label>
<label>
<input type="submit" name="submit" id="submit" value="Submit">
</label>
</form>

So in order for the form to do anything we need to make a php page called processlogin.php. We also need to have a database already set up with a user in it, I’m going to leave that up to you for now.

As always we want to open up a php page:

<?

Next we need to define our database:

mysql_connect("localhost", "root", "password") or die(mysql_error());
mysql_select_db("mydb") or die(mysql_error());

Now we can start working. We’re going to check and see if the  user put in any information into username, if so we’ll take the information they gave us in the form and assign in to variables.

if($_POST['username'] != NULL){

$username = $_POST['username'];
$password = $_POST['password'];

Now we’re going to run a query checking the database for an entry that matches our username and password.

$result = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'");

Next we check to see if anything is returned, if there isn’t we display an error.

if($row['username'] == NULL){
echo "Your Username or Password is Incorrect!";
}else{
$_SESSION['name'] = $username;
header('location:/index.php');
}

We are now left with our final else statement that will only display if the user hasn’t entered anything into the form. This of course is a normal safety measure that would be done using javascript, but in this case we’ll add it in for our basic login.

}else{
echo "You must fillout the login form.";
}

And now we close the php document.

?>

And that is all there is to it. As I said this login is very flawed, there should be a lot of checking going on before the form is submitted, usually done with javascript, we also should be parsing out the user entered values to ensure that we won’t be victim to an SQL Injection,  but alas this is but a simple login form. So now that you have that under your belt you can continue working on your social networking site.

How To Use PHP Functions To Execute Your MYSQL Queries.

September 24, 2008

Welcome to my first PHP tutorial. In this one I’ll be going over an easy way to streamline your PHP code. The set of PHP functions I’m going to show you is really useful to keep your PHP code clean. In my day to programming I tend to write a TON of Mysql queries for my PHP. Well this tutorial strives to give you an easy way to execute a series of Mysql commands without having a ton of $sql variables.

So starting things out we have our opening PHP command.

<?php


We then establish our connection to our database, this is only useful if you’re going to be connected to one database for the run of this page.


mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("trial") or die(mysql_error());


Then we’re going to write our first PHP function, this is just a simple Mysql query.

function simple($table) {
$sql = "SELECT * FROM ".$table;
$result = mysql_query($sql);
return $result;
}

We’ll be taking in a variable called table, which identifies which table we should look into. Then we make an $sql variable to take the Mysql command, run the Mysql query, and then return the results of the query via the return function built into PHP.

Now if we just want to be running simple queries all day we can use this. In order to use it we need to write some more PHP.
First we should make a variable with the Mysql table name in it.

$table = 'userdata';

Then run the function. We’re setting $result to catch what ever the function sends back out with the return.

$result = simple($table);

Then we create an array with the Mysql data.

$row = mysql_fetch_array($result);

And use the data with our PHP code. In this case we’re simpling echoing user’s names.


echo $row['username'];

Now then, at the beginning of the page we can assign a few other PHP functions. These are 2 PHP functions that I use and thought you might find helpful

This first function will look at what ever Mysql table you give it and will randomize the results.

function random($table) {
$sql = "SELECT * FROM ".$table." ORDER BY RAND( )";
$result = mysql_query($sql);
return $result;
}

This function is taking in 2 terms, and demonstrates how you can look for a specific row within a Mysql table.

function double($table, $term) {
$sql = "SELECT ".$term." FROM ".$table;
$result = mysql_query($sql);
return $result;
}

And here’s the entire PHP page.

<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("trial") or die(mysql_error());

function simple($table) {
$sql = "SELECT * FROM ".$table;
$result = mysql_query($sql);
return $result;
}

function random($table) {
$sql = "SELECT * FROM ".$table." ORDER BY RAND( )";
$result = mysql_query($sql);
return $result;
}

function double($table, $term) {
$sql = "SELECT ".$term." FROM ".$table;
$result = mysql_query($sql);
return $result;
}

$table = 'userdata';
$result = simple($table);
$row = mysql_fetch_array($result);
echo $row['username'];
?>

Hopefully this has proven useful for you, if you have any questions be sure to leave them in the comments!

Ubuntu Eye Candy: Desktop Effects

August 23, 2008

So this is a tutorial about how to install some nifty desktop effects in ubuntu. Now under Preferences on the Menu there’s a tab for Advanced Desktop Effects Settings. In order to get this you need to install Compiz Manager. So open up a terminal window, and enter the following:

sudo apt-get install compizconfig-settings-manager

Once that’s been installed you can access the CompizConfig Settings Manager. You can go through and check off a bunch of different ones to give you some nifty eye candy.

Ubuntu Settings

When you go into one of the settings there will be a plethora of tabs for you to tweek the effects to the millimeter of how you want them to behave.

Effects Settings

CompizConfig Settings are an easy and quick way to install the Desktop Cube, Desktop wall, and the Expo which is identical to the Expo in Mac OS X.

Expo

There are also a plethora of effects for you to install.

Visual Effects

Hopefully this post is fairly helpful, it’s more indepth than most of the videos that I throw up on here, and I hope that everyone enjoys it.

Ubuntu Cube On Mac OS X

August 18, 2008

Lately it seems like a ton of my OS X running friends have been content with the new spaces visual effect that Leopard supplies. This is until I show them what a properly set up Ubuntu machine (and most other linux distros) can really do. Now I know that this isn’t a complete fix and it certainly isn’t as extensible as the visual effects that you can have installed on your linux box, but this is a quick fix for you OS X machine. The Service is called VirtueDesktops. Virtue Desktops is a free service that installs more visual effects on your machine. As seen in this video one of them is something very similar to the linux cubes.

I’ll try to upload a better video when I get home.

How To Install Ubuntu Cube

August 14, 2008

In the vein of ultimate things that Ubuntu can do I’ve decided to show you these 2 videos, the first is more Eye Candy showing off the ultimate power of Ubuntu, the second is a short video about how to get a cube desktop working on your own Ubuntu Machine.

Aurora and the Future of Paleo Future

August 5, 2008

So I took a moment today during my night class to take a peak at Adaptive Path & Mozilla’s video about their browser of the future called Aurora. The video is very interesting showing us briefly a glimpse at what tomorrow may be bringing us in terms of technology of tomorrow. Of course the key phrase there is “may be bringing”, now don’t get me wrong this video isn’t just fodder for an angry me in 10 years demanding the world that the video presented us, instead I’m an active acceptor of ideas of what the world will be in the future. The home of tomorrow at Disneyland is one of my favorite things as well as the blog Paleo Future is one of my favorite blogs to read. Anyways, this video seems to be something that we’ll be fondly looking at in the future. Case in point this example of Apple’s Time Capsule shot in 1997, but that’s just one example, there’s a plethora of others out there floating around in the paleo future world, some that are multi staged productions much like the Aurora videos.

Taking a more critical look at the Aurora there are certain things that will not doubt age the video as time goes on. One thing is the small frame from a South Park episode that can be seen on the screen repeatedly, no doubt in 10 years people will still be watching South Park but I seem to think that will begin to show the videos age as time goes on. Another thing is the “mouse” that the character uses to navigate this extremely complex computer system, indeed it’s not a mouse at all or at least in our conventional terms, it really isn’t the subject of the video so they don’t give it much screen time but it both confuses and fascinates me. the idea of a more physical navigation through a terminal seems very interesting but the inclusion of a standard keyboard I’m confused as to why a more practical led style key board seen in Iron Man isn’t shown in the video. The third object which is probably the most unrealistic, at least looking at where technology is today and where it is going, is the small credit card style video player, this is most obviously a conceptualization of the next iphone/ipod or at least the next one down the line. What makes me skeptical is this idea of the Internet being at the palm of your hands at all times. This may be the only thing that I’m cynical about, case in point I’ve been living in San Francisco for a while now and we had been promised city wide wifi for a long time… Of course nothing ever happened. Google, who was in cohorts with Earth Link to set this up has managed to get rid of plastic bags, and give the homeless a voice mail  account but have failed to spear head a city wide wifi. Now in the future Wi Max may be readily available or a 3G network that is much broader than the current one, but at the rate we’re going we will have personal devices that are capable of doing things far greater than what our Internet will allow them to do.

Mark Condon’s Personal Rules For Webdesign

March 9, 2008

If you were to take a poll of all of the jobs possible to mankind, and I mean ALL of them, certain jobs are going to be up there on the difficulty scale, like being a trapeze artist, or one of those guys who rides the motorcycle in the ball at the circus, or one of those people who assemble sky scrapers. Those are difficult jobs. Web designer isn’t really that difficult of a job. And yet for not being that difficult there certainly are a lot of ways to screw it up. Now I have to say right off the bat, my stuff isn’t that great. I’ve made a lot of these mistakes myself, but it’s only from making those mistakes that I learned. And trust me I’ve been doing this for a long time so there have been a lot of mistakes. I’ll limit this to 5 rules though.1) in your domain Content may or may not be king, but on the web style is god.
So I usually don’t like to think about this, because most of the time I don’t think about my design until afterwards, which of course leads to some problems. Most people who will come across your site aren’t going to be web designers; instead they’re going to be the lay people that spend most of their time myspacing, buying things, and well getting lost on the internet… Or whatever people who wander the internet do. When they come across a website that looks like it was made in 1999, they’re going to shudder for a second or two and click somewhere else; at least having a semi interesting style to your website is going to keep traffic on your site longer than having plain black text on a white screen. Take a look at a couple myspace pages, if that’s what people think is a good design for their own “page”, then at least having a little bit of color that goes together, which a few rollovers is going to keep anyone’s attention. Then when you know that they’re going to stick around, keep them there with some gripping content. Let’s be honest about this, as interesting as the things you have on your website are, I’m probably not going to take the time to look at them if you’re site is using a neon green text on a black background.

2) Useless Social Network Clutter
Alright, so I don’t want to be sending the wrong message, I like certain aspects of the web 2.0 craze, I like Digg, I like Flickr, I like Delicious and all the rest. What I don’t like is when everyone thinks that their articles are automatically Digg worthy because more than 5 people look at them, sure I will submit a blog page or two to something like Stumbleupon to drive a little bit of traffic my way, but it’s not ever post I make and I don’t ask my users to submit my pages to those type of services. Case in point, one of my favorite web comic websites has this on every blog post the person who runs the site makes.

|I really can only hope that other people find these things as annoying as I do. It’s pointless, half of these services I’ve never heard of!

3) Building sites for 1024 or larger
So I don’t see this that often but when I do it’s a little enraging. My macbook at home has a max resolution at something like 1024, or 1280 I can’t really remember off the top of my head. But when I find a website that exceeds these dimensions makes me a little angry, mainly because they don’t have the courtesy to be designing to me, they’re potential user. I always stay within the 800 x 600 dimensions if I think that anyone out there will be viewing my website with an older computer, even if there’s only a slight chance I generally do this, just so that they’re not being excluded because they have an older machine, or are running a specific type of smaller system, like the Asus Ee Pc or the OLPC.

4) Javascript, Ajax, Flash, oh my!
So if you’ve ever seen my website, it usually incorporates some sort of technology that not everyone has access to. Some people who are running Internet Explorer can’t view certain scripts I’ve written with javascript, some people don’t have the speeds to wait for a huge flash file to load. And because of that we shouldn’t make all of our content only available through these mediums, there always should be the low tech work around. Denying users content solely based on what they have is foolish, although it all too often happens.

5) Hidden Google Ads
I’m not really sure who came up with this first, but I must admit despite my hatred, and anger who ever the first person who thought to hide his Google ads into his normal navigation and content is a little bit of a creative genius, I just wish that he or she would have spent their time developing something good, as opposed to making something good. This is just one of those things that shouldn’t be allowed on the internet, like tables with no background, or animated gifs that sparkle. If you’ve ever considered doing this. You just shouldn’t, there’s never a reason to do it.

Hope this has been interesting and helpful!

Flock anyone?

February 10, 2008

Alright so at Macworld I got a chance to talk with the Flock guys,
not having used the browser before I was fairly interested in it after
seeing a piece on it on Mahalo Daily.
Despite these two events taking place I decided to drag my feet on
downloading the browser, but one lonely late night I took the plunge.

So here’s some things you should know ahead of time about Flock.

• It’s built completely off of Firefox
• It has it’s own set of add-ons
• It gives you quick access to your social networks
• It allows you to manage more things that you may have

Alright so what’s the big deal about Flock? Well there’s a couple of things, they give you a “myworld” page that allows you to manage all of your RSS feeds in one place a lot like Netvibes does, and it’s always open whenever you start the browser.

Flock allows you to be connected in a way that previously had been impossible.

The Image above is an example of your people, with a click of the mouse you can have access to all of your friends on any number of websites, in this case I’m viewing my friends accounts on Youtube.

But be warned this is not for the faint of mind, it’s very easy to get lost into Flock, and it’s even easier to kill an hour and a half just looking through youtube videos on your top media bar.

Switching out what the media bar is showing is super simple you just click on the Media Stream button and you have access to a wide variety of different things.

One of the best elements about Flock (besides the built in blog editor which I’m using to make this post).

(if you’re curious all of these pictures have been placed here from the web clipboard which allows me to drag my pics from the Media bar to the square and then just put the pics into this blog)
 

Is by far the picture uploader which allows you to choose a number of different places to put your photos, like your Facebook, Photobucket, or Flickr, just to name a few, and the interface is as easy as the Flickr uploader if not easier.

So who should use Flock? Well that’s a difficult thing to say, since it’s built off of Firefox it is just as stable, and it has a huge selection of things for you to do, even if all that you do is blog and cruise Youtube there’s a ton of things for you to explore. Flock’s interface can be a little daunting at first like but once you sit down with it, and start to do some work you find that it’s an essential part of your life, I look forward to seeing where the Flock Development Team takes this browser in the following months, especially with the release of the Firefox betas. Anyways I’ve chosen to end this post with a break down of the Flock Toolbar.
 

From Left to Right: My World, My People, My Media Bar, Open Feeds, Open Favorites (bookmarks), Open Accounts Manager, Open Web Clipboard, Open Blog Editor, Open Picture Uploader

Blogged with Flock

Tags: Flock, Firefox, Youtube, Facebook, Photobucket, Flickr, Linking into your social networks, Mahalo Daily

Dollar Theatres – A Cultural Mystery

February 4, 2008

I had no idea these were in other parts of the country! It often felt like Dollar Theatres were just part of the small town, lower income St. Cloud Minnesota story. But apparently they’re across the country. Suddenly the world seems a little bit smaller. If you didn’t grow up with a dollar theatre, then you certainly have missed out.

Here’s the wikipedia link