HTML Form Creator—Configure File for Database Connection CMS
This script is called config.php
The HTML Form Creator—Configure File for Database Connection CMS script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.
- HTML Form Creator
- Edit Options in HTML Form Creator Form
- Administrator Page for HTML Form Creator
End-User HTML Form Creator Scripts
- HTML Form Creator—Register with Captcha
- HTML Form Creator—View Profile
- HTML Form Creator—Edit Profile
- HTML Form Creator—Search and Match
- HTML Form Creator—Search and Match — Security
- HTML Form Creator—Search and Match — JavaScript
- HTML Form Creator—Search and Match — Form
- HTML Form Creator—Search and Match — PHP
- HTML Form Creator—Enter Record in Form
- HTML Form Creator—View Record in Form
- HTML Form Creator—Profile and Account Management
- HTML Form Creator—Login to Profile and Account Management
- HTML Form Creator—Logout of Profile and Account Management
- HTML Form Creator—Delete Group Account
- HTML Form Creator—Forgot User Name
- HTML Form Creator—Forgot Password
- HTML Form Creator—Form to Send Private Message
- HTML Form Creator—Send Private Message
- HTML Form Creator—Private Message Outbox
- HTML Form Creator—Private Message Inbox
- HTML Form Creator—Delete Private Message from Inbox
- HTML Form Creator—Delete Private Message from Outbox
- HTML Form Creator—Private Message Logout
- HTML Form Creator—Search and Match Session Monitoring
- HTML Form Creator—Configure File for Database Connection
- HTML Form Creator—Captcha Script for Registration and Login
Administrative HTML Form Creator Scripts
The purpose of this script is to provide a way in which the user can connect to the database successfully.
We store the config.php file in an includes folder. We put a special htaccess file in that folder, which denies access to prying eyes but allows it to be used for connection purposes (the second file protected is irrelevant to the config.php file discussion as well as the rest of the files whose links are above, but it shows how to put multiple files in your htaccess file):
<Files "config.php">
order deny,allow
deny from all
</Files>
<Files "includefileonly.php">
order deny,allow
deny from all
</Files>
Options -Indexes
For the config.php file, first we use the defined() function to check whether a given named constant exists named '_NODIRECTACCESS'. If not, the user is booted out of the script. The reason we check for this named constant is that the various scripts that include the config.php file all use the define() function to define a named constant
named '_NODIRECTACCESS' just prior to including config.php. This protects against anyone using the config.php file without first naming that constant with the define() function—a wise security precaution.
Next we have the PHP make_salt() function (which is run from other scripts that include config.php) that makes a salt to use with passwords and hashes for better security. We use the PHP function array_merge() to merge 3 arrays, which we build using the range() function, which creates an array with a specified range of elements. In this case, we want A to Z, a to z, and 0 to 9. Then we use the mt_rand() function and the count() function to loop through 19 iterations, getting random characters from the array, concatenating them together into a new salt 19 characters long.
Next we have the hashing function z_____z() (which is run from other scripts that include config.php). It expects a salt in the $o variable and an entered password in the $P variable. We start by creating a hash() of the concatenation of the password and salt, using the sha512 hashing algorithm. Next we loop through 6979 iterations of hashing a concatenation of the just made hash and the password and the salt, so that we are getting hashes of hashes of hashes . . . etc. Then we use the substr() function to get the first 65 characters of the hashed hash. This is the value we return from the function.
The reason we do not combine the hash and salt functions into one function is simple. We use $o=$get_user_data['salt'];$h=z_____z(); in the login script, but $o=make_salt();$h=z_____z(); in the registration script. We need a new salt to register, but need to grab the old salt from the database to login.
Finally we define the MySQL db connection for connecting PHP scripts to the MySQL server, using the mysql_connect() function. We give password, username, database name and throw in the email address for good measure (optional). Users must edit this config.php file in order to make connections to their own MySQL database.
Note that we use weird variable names like $psbhostusername. We could just as easily have called it $u, as long as you call it $u in the mysql_connect() function too! We use a name that relates to the first configure file we ever made, and have been too lazy to change it since then. Leave it as is—or change it—whatever.
The script below is called: config.php
<?php
if(!defined('_NODIRECTACCESS')){exit("No access!");}
function make_salt(){
$aZ09 = array_merge(range('A', 'Z'), range('a', 'z'),range(0, 9));
$o='';
for($c=0;$c<19;$c++){$o.=$aZ09[mt_rand(0,count($aZ09)-1)];}
return $o;}
function z_____z(){
global $P;global $o;$s=$o;$p=$P;
$h = hash('sha512',$p.$s);
for ($i=0;$i<6979;$i++){$h=hash('sha512',$h.$p.$s);}
$h = substr($h,0,65);return $h;}
$psbhostemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$psbhostusername = "yourusername"; //EDIT ME
$psbhostpassword = "yourpassword"; //EDIT ME
$psbhostdatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$psbhostusername."","".$psbhostpassword."") or die(mysql_error());
mysql_select_db("".$psbhostdatabasename."") or die(mysql_error());
?>