Configure File for Database Connection
- Register Group with Captcha
- View Group Profile
- Edit Group Profile
- MC (Microcommunity) Search and Match
- MC (Microcommunity) Search and Match — Security
- MC (Microcommunity) Search and Match — JavaScript
- MC (Microcommunity) Search and Match — Form
- MC (Microcommunity) Search and Match — PHP
- MC Questionnaire
- Microcommunity (MC) Registration Script — Enter Questionnaire Data in Database
- MC Search and Match Profile and Account Management
- Login to MC Search and Match Profile and Account Management
- Logout of MC Search and Match Profile and Account Management
- MC Questionnaire Login
- MC Questionnaire Info
- Delete Group Account
- Forgot User Name
- Forgot Password
- Form to Send Private Message
- Send Private Message
- Private Message Outbox
- Private Message Inbox
- Delete Private Message from Inbox
- Delete Private Message from Outbox
- Private Message Logout
- Private Message Session Monitoring
- MC (Microcommunity) Search and Match Session Monitoring
- Configure File for Database Connection
- Captcha Script for Registration and Login
This script is called config.php
We store the config.php file in an includes folder. We put a special htaccess file in that folder, which denies access to prying eyes but allows it to be used for connection purposes (the second file protected is irrelevant to the config.php file discussion as well as the rest of the files whose links are above, but it shows how to put multiple files in your htaccess file):
<Files "config.php">
order deny,allow
deny from all
</Files>
<Files "includefileonly.php">
order deny,allow
deny from all
</Files>
Options -Indexes
For the config.php file, first we use the defined() function to check whether a given named constant exists named '_NODIRECTACCESS'. If not, the user is booted out of the script. The reason we check for this named constant is that the various scripts that include the config.php file all use the define() function to define a named constant
named '_NODIRECTACCESS' just prior to including config.php. This protects against anyone using the config.php file without first naming that constant with the define() function—a wise security precaution.
Next we have the PHP make_salt() function (which is run from other scripts that include config.php) that makes a salt to use with passwords and hashes for better security. We use the PHP function array_merge() to merge 3 arrays, which we build using the range() function, which creates an array with a specified range of elements. In this case, we want A to Z, a to z, and 0 to 9. Then we use the mt_rand() function and the count() function to loop through 19 iterations, getting random characters from the array, concatenating them together into a new salt 19 characters long.
Next we have the hashing function z_____z() (which is run from other scripts that include config.php). It expects a salt in the $o variable and an entered password in the $P variable. We start by creating a hash() of the concatenation of the password and salt, using the sha512 hashing algorithm. Next we loop through 6979 iterations of hashing a concatenation of the just made hash and the password and the salt, so that we are getting hashes of hashes of hashes . . . etc. Then we use the substr() function to get the first 65 characters of the hashed hash. This is the value we return from the function.
The reason we do not combine the hash and salt functions into one function is simple. We use $o=$get_user_data['salt'];$h=z_____z(); in the login script, but $o=make_salt();$h=z_____z(); in the registration script. We need a new salt to register, but need to grab the old salt from the database to login.
Finally we define the MySQL db connection for connecting PHP scripts to the MySQL server, using the mysql_connect() function. We give password, username, database name and throw in the email address for good measure (optional). Users must edit this config.php file in order to make connections to their own MySQL database.
Note that we use weird variable names like $psbhostusername. We could just as easily have called it $u, as long as you call it $u in the mysql_connect() function too! We use a name that relates to the first configure file we ever made, and have been too lazy to change it since then. Leave it as is—or change it—whatever.
The script below is called: config.php
<?php
if(!defined('_NODIRECTACCESS')){exit("No access!");}
function make_salt(){
$aZ09 = array_merge(range('A', 'Z'), range('a', 'z'),range(0, 9));
$o='';
for($c=0;$c<19;$c++){$o.=$aZ09[mt_rand(0,count($aZ09)-1)];}
return $o;}
function z_____z(){
global $P;global $o;$s=$o;$p=$P;
$h = hash('sha512',$p.$s);
for ($i=0;$i<6979;$i++){$h=hash('sha512',$h.$p.$s);}
$h = substr($h,0,65);return $h;}
$psbhostemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$psbhostusername = "yourusername"; //EDIT ME
$psbhostpassword = "yourpassword"; //EDIT ME
$psbhostdatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$psbhostusername."","".$psbhostpassword."") or die(mysql_error());
mysql_select_db("".$psbhostdatabasename."") or die(mysql_error());
?>