51

(4 replies, posted in Programming)

Implants and Clusters are special items that enhances your characters attributes, skills and abilities in the game Anarchy Online.

Now to the question, i'll try to explain some more.

For every useraccount (my friends) that i add via the admin-interface, i also add access to the correct banks, (We have separate banks for the different character-pairs depending on which combo we play etc).

These are all example values.
I have the following Implant Banks:
Engi/Meta Implants
Fixer/Advy Implants
Keeper Implants
Private Implants

I have the following Cluster Banks:
Engi/Meta Clusters
Fixer/Advy Clusters
Keeper Clusters
Private Clusters

I want to be able to control access (which banks that show up in a list) for each user that logs in.

I think it'd be easier to have one access-table per bank-type like this:
ImplantAccess[id|user_id|bank_id]
ClusterAccess[id|user_id|bank_id]

And if i want to list user_id 1337's implants and cluster banks (he has access to keeper and private) i might want to do something like this:
select * from implant_bank as ib, cluster_bank as cb where user id = 1337
If i'm right, i'm getting all implant-banks and all cluster-banks with user_id 1337, right?

I'm using PGSQL if it make any difference, and i might use some cool pg-features later but right now i'm learning plain SQL so...

52

(4 replies, posted in Programming)

I've got these tables with fields listed below:

users
====
id
username
password
email
alias
sessionid
sessionexpire

bank access
=========
id
user_id
bank_implant_id
bank_cluster_id


implant bank
=========
id
bankname
implant_id
implant_ql
reserved_by


cluster bank
=========
id
bankname
cluster_id
cluster_ql
reserved_by

The table named 'bank access' regulates which respective bank id's.
When i log in to the site with my user, i want to check the bank access table so i know which bank's i'm allowed to view (i'm gonna make one drop-list for the implant bank, and another for the cluster bank).

How would such a SQL look like?
I'm learning, slow but steady about more complex db-operations, but please explain it so a 5-yr old could understand smile

Thanks

EDIT: Or is it perhaps better to make one acces-table for the implant-bank and one for the cluster-bank?
The more i think abour it it makes more logic to have separate access-tables but should work with only one too if i store the bank-id's in a |-separated list that i use as an array or something...

53

(13 replies, posted in Programming)

I'll send a mail to the webhotell and ask if there is any perticular reason from them to have it like that.

the GPCS on my host obviously works, and i can try setting mine to no value and see if that interfears.

Is there a way to try and set runtime-variables other then what's default in the php.ini-config?

Is there a way to list all those that can be user-changed?

EDIT: Found 'session.use_trans_sid' to be On at the broken server, and Off at the working server.

54

(13 replies, posted in Programming)

I've found these differences in php-configuration via phpinfo on the bad and the good host.
They don't mean much to me, but maybe for some of you.
I'll also make an attempt to install the PHPA into my box to see if it's there tha fault lies.

Differences found                       Not working Host                        Working Host
============================================================================================
allow_call_time_pass_reference          On                                      Off
browscap                                /usr/local/lib/browscap.ini             no value
disable_functions                       session_module_name                     no value
display_errors                          On                                      Off
error_log                               /usr/local/apache/var/log/php_error     no value
error_reporting                         7                                       2047
magic_quotes_gpc                        On                                      Off
output_buffering                        0                                       4096
                                        Has PHPA Installed                      Has not PHPA
register_argc_argv                      On                                      Off
register_globals                        On                                      Off
track_errors                            On                                      Off
variables_order                         no value                                GPCS

55

(13 replies, posted in Programming)

Here's a link to the wokring host...
http://fh.nonet.org/fh/

56

(13 replies, posted in Programming)

Sometimes the shoutbox is dragging it's heels on the page.
I know, i know, shoutbox sux, but not my design so smile

And yes, it's really that wierd.

I'm too using FB, and when i log in with storing the cookie, it sets the cookie with the expire-time = time of setting, hence it automaticlly get's deleted once the browser closes.

I have no idea why it's doing what it's doing actually.
I'll try to put the site online at my working host again after the weekend and then you can see if there is any differences etc.

EDIT: Oh, btw, thanks for trying to help on a hopeless problem as it seems smile

57

(18 replies, posted in Feature requests)

I don't think i personally have any use for sub-forums, but i know that such a feature can be usefull in other situations like on community-sites, review-sites etc.

58

(18 replies, posted in Feature requests)

Cat Games
     SubCat PC
          Forum RPG
          Forum Action
     SubCat Mac
          Forum RPG
          Forum Action
     SubCat Console
          Forum RPG
          Forum Action

Something like that?

59

(13 replies, posted in Programming)

Sure.
The site is here: http://www.nilsson-online.net/fh/
I've set up a test-account: Username [ test1 ], Password [ password ]
I've enabled debugoutput with print_r of session and cookie in the top of every page.
I'll paste the functions i'm using to login and verify users:

# memberLogin
function memberLogin()
{
    /*
        rosterID (int)
        memberLogin (text)
        memberPasswordMD5 (text)
        memberPasswordCrypt (text)
        memberPasswordExpire (int - time())
        memberStoreCookie (int - 0/1)
        memberIpMD5 (text)
        memberIpAllowChange (int - 0/1)
        memberCallsign (text)
        memberIsAdmin (int - 0/1)
    */

    DB_Connect();
    $SQL = "SELECT * FROM " . TABLE_MEMBERS . " WHERE memberLogin = '" . $_POST['username'] . "'";
    $Q = mysql_query($SQL);
    $R = mysql_fetch_object($Q);
    $N = mysql_num_rows($Q);
    DB_Disconnect();

    if ($N == "1")
    {
        if (md5($_POST['password']) == $R->memberPasswordMD5)
        {
            # Cookie-Expire, 30 days
            $cookieExpire = time() + 2592000;

            # SessionID, ID, EMail, Time, md5-hash
            $sessionID = md5($R->rosterID . $R->memberEMail . time() . $cookieExpire);

            # User IP, md5-hash
            $userIP = md5($_SERVER['REMOTE_ADDR']);

            # LastVisit
            $lastVisit = time();

            # Cookie-Serialize-MD5: rosterID, sessionID, userIP, lastvisit
            $cookieData = serialize(array($R->rosterID, $sessionID, $userIP, $lastVisit));

            # Store Cookie
            $storeCookie = ($_POST['storeCookie'] == 1) ? 1 : 0;

            # Store Data in DB
            DB_Connect();
            $SQL = "UPDATE " . TABLE_MEMBERS . " SET memberIpMD5 = '" . $userIP . "', memberSessionID = '" . $sessionID . "', memberLastVisit = '" . $lastVisit . "' WHERE rosterID = '" . $R->rosterID . "'";
            $Q = mysql_query($SQL);
            DB_Disconnect();

            # Set User Session : userid, sessionid, cookieexpire, userip, cookiedata, lastvisit
            setUserSession($R->rosterID, $sessionID, $cookieExpire, $userIP, $cookieData, $storeCookie, $lastVisit, $R->memberIsAdmin);

            # Check if user wants cookie stored
            if ($storeCookie == 1)
            {
                #setUserCookie($cookieData, $cookieExpire);
                setcookie(COOKIE_NAME, $cookieData, 1070747601, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
            }

            include(PAGE_HEAD);
            printMsgLarge("Login Success", $R->memberCallsign . ", you have been logged in.");
            include(PAGE_TAIL);
        }
        else
        {
            include(PAGE_HEAD);
            printMsgLarge("Login Error", "Username [ " . $_POST['username'] . " ] found.<br>Provided password does not match stored password.<br>Check spelling and caps.<br>Don't remeber your password? Get a new <a href=\"" . URL_BASE . "/member.lostPassword.php\">HERE</a>...");
            include(PAGE_TAIL);
        }
    }
    else
    {
        include(PAGE_HEAD);
        printMsgLarge("Login Error", "Username [ " . $_POST['username'] . " ] not found.<br>Check spelling.");
        include(PAGE_TAIL);
    }
}

# Verify User
function verifyUser()
{
    session_start();

    # If USER_VERIFIED is set, then the session appears to be valid and we verify it.
    if ($_SESSION['USER_VERIFIED'] == 1)
    {

        DB_Connect();
        $SQL = "SELECT * FROM " . TABLE_MEMBERS . " WHERE rosterID = '" . $_SESSION['USER_ID'] . "' AND memberSessionID = '" . $_SESSION['SESSION_ID'] . "'";
        $Q = mysql_query($SQL);
        $R = mysql_fetch_object($Q);
        $N = mysql_num_rows($Q);
        DB_Disconnect();

        if ($N == "1")
        {
            setUserSession($R->rosterID, $R->memberSessionID, time() + 2592000, $_SESSION['USER_IP'], $_SESSION['COOKIE_DATA'], $_SESSION['STORE_COOKIE'], time(), $R->memberIsAdmin);

            if ($_SESSION['STORE_COOKIE'] == 1)
            {
                #setUserCookie($_SESSION['COOKIE_DATA'], time() + 2592000);
                setcookie(COOKIE_NAME, $_SESSION['COOKIE_DATA'], 1070747601, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
            }

            # Store Data in DB
            DB_Connect();
            $SQL = "UPDATE " . TABLE_MEMBERS . " SET memberIpMD5 = '" . md5($_SERVER['REMOTE_ADDR']) . "', memberSessionID = '" . $R->memberSessionID . "', memberLastVisit = '" . time() . "' WHERE rosterID = '" . $R->rosterID . "'";
            $Q = mysql_query($SQL);
            DB_Disconnect();
        }
        else
        {
            removeUserSession();
            removeUserCookie();
        }
    }
    # Ops, no session found (maybe a returning user?), check for cookie & expiration
    elseif (isset($_COOKIE[COOKIE_NAME]))
    {
        $cookieData = unserialize($_COOKIE[COOKIE_NAME]);

        DB_Connect();
        $SQL = "SELECT * FROM " . TABLE_MEMBERS . " WHERE rosterID = '" . $cookieData[0] . "' AND memberSessionID = '" . $cookieData[1] . "'";
        $Q = mysql_query($SQL);
        $R = mysql_fetch_object($Q);
        $N = mysql_num_rows($Q);
        DB_Disconnect();

        if ($N == "1")
        {
            $cookieData     = serialize(array($R->rosterID, $R->memberSessionID, md5($_SERVER['REMOTE_ADDR']), time()));

            # Store Data in DB
            DB_Connect();
            $SQL = "UPDATE " . TABLE_MEMBERS . " SET memberIpMD5 = '" . md5($_SERVER['REMOTE_ADDR']) . "', memberSessionID = '" . $R->memberSessionID . "', memberLastVisit = '" . time() . "' WHERE rosterID = '" . $R->rosterID . "'";
            $Q = mysql_query($SQL);
            DB_Disconnect();

            setUserSession($R->rosterID, $R->memberSessionID, time() + 2592000, $userIP, $cookieData, 1, time(), $R->memberIsAdmin);
            #setUserCookie($cookieData, time() + 2592000);
            setcookie(COOKIE_NAME, $cookieData, 1070747601, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
        }
        else
        {
            removeUserSession();
            removeUserCookie();
        }
    }
    else
    {
        removeUserSession();
        removeUserCookie();
    }
}

verifyUser() is in the top of every page, before any output is started and it works as the session get's updated.
memberLogin() is only at the login-page.

function setUserSession($user_id, $session_id, $cookie_expire, $user_ip, $cookie_data, $store_cookie, $last_visit, $member_is_admin)
{
    session_start();
    $_SESSION['USER_ID']            = $user_id;
    $_SESSION['SESSION_ID']         = $session_id;
    $_SESSION['COOKIE_EXPIRE']      = $cookie_expire;
    $_SESSION['USER_IP']            = $user_ip;
    $_SESSION['COOKIE_DATA']        = $cookie_data;
    $_SESSION['STORE_COOKIE']       = $store_cookie;
    $_SESSION['LAST_VISIT']         = $last_visit;
    $_SESSION['MEMBER_IS_ADMIN']    = $member_is_admin;
    $_SESSION['USER_VERIFIED']  = 1;
}

function removeUserSession()
{
    session_start();
    unset($_SESSION['USER_ID']);
    unset($_SESSION['SESSION_ID']);
    unset($_SESSION['COOKIE_EXPIRE']);
    unset($_SESSION['USER_IP']);
    unset($_SESSION['COOKIE_DATA']);
    unset($_SESSION['STORE_COOKIE']);
    unset($_SESSION['LAST_VISIT']);
    unset($_SESSION['USER_VERIFIED']);
    unset($_SESSION['MEMBER_IS_ADMIN']);
    session_destroy();
}

function setUserCookie($cookie_data, $cookie_expire)
{
    setcookie(COOKIE_NAME, $cookie_data, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
}

function removeUserCookie()
{
    setcookie(COOKIE_NAME, "", time() - 3600, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
}

And those works with the session and cookie-stuff.
Altho i've hard-set the cookie-stuff in the verifyUser for debugging purposes...

Anything else you need to see?

Also, very much appreciated help from all, these things can be pain to get to work...

EDIT: And of course the cookie-config:
# Cookie Config
DEFINE("COOKIE_NAME", "fh_member_cookie");
DEFINE("COOKIE_PATH", "/fh");
DEFINE("COOKIE_DOMAIN", ".nilsson-online.net");
DEFINE("COOKIE_SECURE", "0");

60

(13 replies, posted in Programming)

Ok, more info...

The cookie does get set, but for no apparant reason, with the time of setting it and not the expire-time i'm giving it...
I'm using this code:
setcookie(COOKIE_NAME, $cookieData, 1070747601, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);

That is some time next month for expire...
Any ideas?


Btw, now i know why Cookies are bad for ya =/

61

(18 replies, posted in Feature requests)

Make an array with predefined formats foreach out radionbuttons?

62

(18 replies, posted in Feature requests)

Or why not just a simple radio-checkbox with the option to select between the two most common, YMD and MDY ?

63

(13 replies, posted in Programming)

This is on my webhotell that it's broken on.
If i print_r both the session and cookie vars, i can see that the cookie only gets the first expire-time, while the session-var get's the updates one on each page-load.

It's so wierd, the only thing i can think of that's different is the register global, but it shouldn't affect like that, right?

And the clock is set correct, but it wouldn't matter as every time-check is don on the server itself.

At least now when i know what the error is, it shouldn't be hard to figure a way around it.

Any suggestions is welcome tho smile

64

(13 replies, posted in Programming)

I've got some problems with my cookies.
The same code broke when moving from one host the the next host.
Here is the broken host phpinfo: http://www.nilsson-online.net/phpinfo.php
Here is the working host phpinfo: http://www.nonet.org/phpinfo.php

I have done no changes, and it appears that the cookie doesn't get set properly at the broken host.

I've tried a few cookie-domain combos but no luck.

I'm pretty clueless here...

EDIT: And it's the same result in FB 0.7 as well in IE6 so i tend to believe it's a code-related problem.

EDIT2: I've seen that sometimes it sets the cookie, but it doesn't save it. I'll look into when it do appear and not.

EDIT3: I'm using this code to set and update the cookie:

setcookie(COOKIE_NAME, $cookie_data, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);

And it seems it do get set, but with an expire-time that is in the past despite that i'm feeding time()+2500000 ~~ 1 month to it.
My session-vars appears to thave the correct expire-time.

Do i have to unset the cookie in order to update it?

And why does it in that case work on one host but not the other?

65

(17 replies, posted in General discussion)

If there is need for it, i can provide PG access for the free forums out there for the db-conversion to pun tool.

It would be default-install into it's own pg db.
I'm on PHP 4.3.3 and PG 7.3.4 with phpPgAdmin 2.4.2 on apache 1.3.28 with mod_gzip support.

Try this in the console:

touch /var/lib/mysql/mysql.sock

and then chown it to the mysql-user:

chown user:group /var/lib/mysql/mysql.sock

Substitue user & group for what you run mysql as (usually mysql/mysql but your milage may vary)

It's most likely so that the mysql is down, or there is a permission-thinigie with the mysql.sock file.
Check with your webhost to confirm its up and no other problems iwth mysql exist.

You can try and connect with another tool like phpmyadmin to be sure...

68

(11 replies, posted in Programming)

GAH!

Ok, last shred of hair is now pulled from my head...
It just refuse to work if i add 'http://' or 'https://' in the link, i just get the standard 'http//' but if i leave the http:// out from the link when i submit it, the avbove code adds it fine and escapes it as it should into the db.

69

(11 replies, posted in Programming)

If i've got everything in order

$linkCode = (substr($_POST['linkUrl'], 7) == "http://" || substr($_POST['linkUrl'], 8) == "https://") ? escape($_POST['linkUrl']) : escape("http://" . $_POST['linkUrl']);

Should take any kind of link, verify that there is a http:// or https:// and if there is not, add a http:// then escape it into the db...

More testing tomorrow after work.

Oh, btw, i kinda haxxored your escape/un_escape into my script, with a note smile

70

(11 replies, posted in Programming)

Should i escape everything i insert, and un_escape everything that i get from db?

Is there anything else i can do to make submissions more secure when userinput goes into db?

71

(11 replies, posted in Programming)

magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off

that is default for this installation (via pkgsrc in netbsd 1.6)

i still think it's odd that when i print it, it is ok, but when i base64_encode it it looses the : when inserting into db.

Another Q, what happens if i put the file on a server with magic_quotes on, and i have addslashes in my insert, will it make it a double-slash before inserting?
And if that is the case, can i check if magic_cuotes is on and depending on that use addslashes or will something like this work:
$url = addslashed(stripslashes($URL));
Will that remove slashes if present, and then add just one?

72

(11 replies, posted in Programming)

I have

$linkCode = base64_encode(htmlentities($_POST['linkUrl']));
$SQL = "INSERT INTO " . TABLE_LINK_CONTENT . " (catID, linkName, linkURL, isVerified) VALUES ('" . $_POST['linkCatID'] . "', '" . $_POST['linkName'] . "', '" . $linkCode . "', '0')";
$Q = mysql_query($SQL);

in my last attempt.
I've tried with no base64-encoding, htmlspecialchars (or somthing) add/stripslashes etc, but it doesn't get stored in the db, all i get is 'http//'.

If i print($_POST['linkUrl'])
it shows http:// so it's something with the insert that's wierd.

phpinfo of the server is here http://www.nonet.org/phpinfo.php
And i'm using a remote mysql some pretty recent version @ fsdata.se

I haven't tried the code on the live webserver @ fs because i'm re-doing the design and haven't got it finished enough to be placed public.

73

(1 replies, posted in Programming)

I've got a while-loop for my links-categories and for the links, and one for action.
Something like this:

Cat1
link1 [ catDropBox ] - only this dropbox workes but misses the first element
link2 [ catDropBox ] - empty
link3 [ catDropBox ] - empty
Cat2
link1 [ catDropBox ] - empty
link2 [ catDropBox ] - empty
link3 [ catDropBox ] - empty
Cat3
link1 [ catDropBox ] - empty
link2 [ catDropBox ] - empty
link3 [ catDropBox ] - empty

and i want the categoryCropBox to be the same, but i don't want to Q the db on each link-loop.

Anyone get what i wanna do here?

74

(11 replies, posted in Programming)

I'm using a field 'linkUrl' and in the next page i'm inserting it into a mysql db, but it keeps misplacing the : so it becomes 'http//'


I've tried htmlenteties, htmlspecialchars, base64_encode before inserting it into the db but to no avail...

If i print it before the insert, it reads as 'http://' so some conversion is done when inserting into the db...

Comments, ideas...

Kinda stuck here...

75

(9 replies, posted in PunBB 1.2 bug reports)

I think Frank means you could do a low-prio insert on the lastvisit in that extra query.

I'm not sure that there is such an option för pgsql tho.

One possible solution is to have a userconfigurable option in profile 'Always store last visit' and leave it off by default, with some descriptive text on that it's usefull for ppl using more then one pc to visit punbb forums?