R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Configure File for Database Connection

This script is called config.php

We store the config.php file in an includes folder. We put a special htaccess file in that folder, which denies access to prying eyes but allows it to be used for connection purposes (the second file protected is irrelevant to the config.php file discussion as well as the rest of the files whose links are above, but it shows how to put multiple files in your htaccess file):

<Files "config.php">
order deny,allow
deny from all
</Files>
<Files "includefileonly.php">
order deny,allow
deny from all
</Files>
Options -Indexes

For the config.php file, first we use the defined() function to check whether a given named constant exists named '_NODIRECTACCESS'. If not, the user is booted out of the script. The reason we check for this named constant is that the various scripts that include the config.php file all use the define() function to define a named constant named '_NODIRECTACCESS' just prior to including config.php. This protects against anyone using the config.php file without first naming that constant with the define() function—a wise security precaution.

Next we have the PHP make_salt() function (which is run from other scripts that include config.php) that makes a salt to use with passwords and hashes for better security. We use the PHP function array_merge() to merge 3 arrays, which we build using the range() function, which creates an array with a specified range of elements. In this case, we want A to Z, a to z, and 0 to 9. Then we use the mt_rand() function and the count() function to loop through 19 iterations, getting random characters from the array, concatenating them together into a new salt 19 characters long.

Next we have the hashing function z_____z() (which is run from other scripts that include config.php). It expects a salt in the $o variable and an entered password in the $P variable. We start by creating a hash() of the concatenation of the password and salt, using the sha512 hashing algorithm. Next we loop through 6979 iterations of hashing a concatenation of the just made hash and the password and the salt, so that we are getting hashes of hashes of hashes . . . etc. Then we use the substr() function to get the first 65 characters of the hashed hash. This is the value we return from the function.

The reason we do not combine the hash and salt functions into one function is simple. We use $o=$get_user_data['salt'];$h=z_____z(); in the login script, but $o=make_salt();$h=z_____z(); in the registration script. We need a new salt to register, but need to grab the old salt from the database to login.

Finally we define the MySQL db connection for connecting PHP scripts to the MySQL server, using the mysql_connect() function. We give password, username, database name and throw in the email address for good measure (optional). Users must edit this config.php file in order to make connections to their own MySQL database.

Note that we use weird variable names like $psbhostusername. We could just as easily have called it $u, as long as you call it $u in the mysql_connect() function too! We use a name that relates to the first configure file we ever made, and have been too lazy to change it since then. Leave it as is—or change it—whatever.

The script below is called: config.php


<?php
if(!defined('_NODIRECTACCESS')){exit("No access!");}

function make_salt(){
$aZ09 = array_merge(range('A', 'Z'), range('a', 'z'),range(0, 9));
$o='';
for($c=0;$c<19;$c++){$o.=$aZ09[mt_rand(0,count($aZ09)-1)];}
return $o;}

function z_____z(){
global $P;global $o;$s=$o;$p=$P;
$h = hash('sha512',$p.$s);
for ($i=0;$i<6979;$i++){$h=hash('sha512',$h.$p.$s);}
$h = substr($h,0,65);return $h;}

$psbhostemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$psbhostusername = "yourusername"; //EDIT ME
$psbhostpassword = "yourpassword"; //EDIT ME
$psbhostdatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$psbhostusername."","".$psbhostpassword."") or die(mysql_error());
mysql_select_db("".$psbhostdatabasename."") or die(mysql_error());
?>