SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    Community Advisor ULTiMATE's Avatar
    Join Date
    Aug 2003
    Location
    Bristol, United Kingdom
    Posts
    2,160
    Mentioned
    46 Post(s)
    Tagged
    0 Thread(s)

    Dynamic Website in a Month with little PHP knowledge: Doable?

    I'm working on an Advanced Project for my Computing course at College. I will be creating a dynamic website where users can create listings to sell items to others, just like on eBay. So far, all I have in my requirements is two registered types of account (Buyers and Sellers). Sellers are able to create listings on the website, and buyers are able to buy those listings. Once this is done the users are given each others email addresses and are able to contact each other to organise the sale.

    The concept is very easy, however I have no real experience with coding a full website. All my PHP 'experience' has come from editing vBulletin modifications and simple scripts. I have purchased a few PHP books (one being Sitepoint's very own Build Your Own Database Driven Website Using PHP & MySQL) and have bought some PHP/MySQL training videos. MySQL doesn't worry me that much, even though the only real SQL training I've had has been from vBulletin and using MS Access (I know, pity me). I've written some sample tables and if anyone could tell me if I have them right it would be fantastic. I had written them based off of reading a few pages on the MySQL documentation.

    Code:
    CREATE TABLE buyer
    (
    	buyer_id smallint(5) NOT NULL,
    	conf int(1), /* To confirm user registration */
    	username varchar(15),
    	firstname varchar(30),
    	surname varchar(30),
    	password varchar(12), /* I presume password is held like this? */
    	address varchar(30),
    	city varchar(25),
    	postcode char(8),
    	country varchar(30),
    	tel char(14),
    	dob char(10),
    	email varchar(50),
    	buyer_rating int(1), /* Gives the user a rating from 1 to 5 */
    	PRIMARY KEY (buyer_id)
    )	ENGINE = MyISAM;
    I have the structure of the tables sorted and checked out, but the only problem I have is with getting the code right and putting what I want into SQL.

    So yeah, I'm ready to put PHP into my coded web pages. Do you think it's possible to do it within a month?

    Also I thought it'd be important to know I'm not that bad a programmer as far as C goes.

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,805
    Mentioned
    157 Post(s)
    Tagged
    3 Thread(s)
    couple of small suggestions:

    change:
    Code:
    conf int(1)
    to
    Code:
    conf char(1) not null default 0
    for portability

    Code:
    password varchar(12)
    to
    Code:
    password varchar(32)
    so you can use an MD5 hash encryption for the password

    Code:
    dob char(10)
    to
    Code:
    dob DATE
    because it is a date


    Certainly do-able in a month but not easy if you are just starting out

    Spike
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    Made with a Mac! philm's Avatar
    Join Date
    Sep 2001
    Location
    Portsmouth, UK
    Posts
    735
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Whether you can do this in a month from where you are now, I really don't know... so much to consider.

    But regarding your schema, one thing springs to mind first of all, the password field.

    You want to increase it to (32) and encrypt it with the PHP function md5().
    eg. "fc8de8ee2c43a9ae2f9023f205d960d6". You can still restrict it to a 12 char. password though via your user form validation.

    With a quick search, here's the first result to appear on how to do this
    http://biorust.com/index.php?page=tu...etail&tutid=99

    Also, depending on how your User Ratings are going to work you might want to consider a 'ratings' table.

    Last but now least... a mountain of coffee!

  4. #4
    I meant that to happen silver trophybronze trophy Raffles's Avatar
    Join Date
    Sep 2005
    Location
    Tanzania
    Posts
    4,662
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Incidentally, I looked up MD5 in wikipedia the other day and it says there are 'rainbow tables' to compare an MD5 hash to its corresponding value, plus some security vulnerabilities.

    Why do people still use MD5 and not SHA-1 or one of the many other hashing algorithms PHP supports? I know nothing about this stuff, but it sounds like MD5 isn't very bulletproof.

  5. #5
    Maniacally depressed robot poncho's Avatar
    Join Date
    Dec 2004
    Location
    Belfast, N.Ireland
    Posts
    452
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey man. It's totally doable as long as you start with a solid plan and stick to it.

    I have found it a lot easier to manage this sort of thing with a class for each table to deal with add, edit, update & delete operations. I would suggest looking into an MVC framework like CakePHP but since this is a college project it's probably best to code it yourself. I'm using PEAR DB here but your could easily swap it out for your own DB class.

    Consider this class:
    PHP Code:
     /**
      * Buyer Management
      * Includes methods for managing buyer accounts
      * Heavily influenced by HarryF's PHP Anthology
      **/
     
    class Buyers {
         
    /**
          * Database connection
          **/
         
    var $db;
     
         
    /**
          * Buyer constructor
          * @param object instance of database connection
          * @access public
          **/
         
    function Buyers (&$db) {
             
    $this->db =& $db;
         }
     
         
    /**
          * Gets all buyers
          * @return array buyer details
          * @access public
          **/
         
    function fetchAll() {
             
    $sql="SELECT * FROM buyers";
             
    $buyers $this->db->getAll($sql);
             return 
    $buyers;
         }
         
         
    /**
          * Gets buyer details
          * @param int buyer id
          * @return array buyer details
          * @access public
          **/
         
    function fetchRow($id) {
             
    $sql="SELECT * FROM buyers WHERE id=".$id;
             
    $result $this->db->query($sql);
             if ( 
    $result->numRows() == ) {
                 return 
    $result->fetchRow();
             } else {
                 return 
    false;
             }
         }
         
         
    /**
          * Creates buyer
          * @param array buyer details
          * @return bool
          * @access public
          **/
         
    function add($buyer) {
             
    $sql="INSERT INTO buyers SET
                 username='"
    .$buyer['username']."',
                 firstname='"
    .$buyer['firstname']."',
                 surname='"
    .$buyer['surname']."',
                 password='"
    .md5($buyer['password'])."',
                 address='"
    .$buyer['address']."',
                 city='"
    .$buyer['city']."',
                 postcode='"
    .str_replace(' '''strtoupper($buyer['postcode']))."',
                 country='"
    .$buyer['country']."',
                 tel='"
    .str_replace(' '''$buyer['tel'])."',
                 dob='"
    .$buyer['dob']."',
                 email='"
    .$buyer['email']."'";
             
             
    $result $this->db->query($sql);
             if ( !
    PEAR::isError($result) ) {
                 return 
    true;
             } else {
                 return 
    false;
             }
         }
         
         
    /**
          * Updates buyer
          * @param array buyer details
          * @return bool
          * @access public
          **/
         
    function update($buyer) {
             
    $sql="UPDATE buyers SET
                 username='"
    .$buyer['username']."',
                 firstname='"
    .$buyer['firstname']."',
                 surname='"
    .$buyer['surname']."',
                 password='"
    .md5($buyer['password'])."',
                 address='"
    .$buyer['address']."',
                 city='"
    .$buyer['city']."',
                 postcode='"
    .str_replace(' '''strtoupper($buyer['postcode']))."',
                 country='"
    .$buyer['country']."',
                 tel='"
    .str_replace(' '''$buyer['tel'])."',
                 dob='"
    .$buyer['dob']."',
                 email='"
    .$buyer['email']."'
             WHERE
                 buyer_id ='"
    .$buyer['id']."'";
             
             
    $result $this->db->query($sql);
             if ( !
    PEAR::isError($result) ) {
                 return 
    true;
             } else {
                 return 
    false;
             }
         }
         
         
    /**
          * Deletes buyer
          * @param int buyer id
          * @return bool
          * @access public
          **/
         
    function delete($id) {
             
    $sql="DELETE FROM buyers WHERE buyer_id=".$id;
             
    $result $this->db->query($sql);
             if ( !
    PEAR::isError($result) ) {
                 return 
    true;
             } else {
                 return 
    false;
             }
         }
     } 
    I would include a master config file with database connection details and the like:
    PHP Code:
    define('CLASS_DIR''/path/to/my/classes/');

    // Include PEAR::DB
    require_once('DB.php');

    $dbconfig = array(
        
    'phptype'  => 'mysql',
        
    'hostspec' => 'localhost',
        
    'database' => 'my_db',
        
    'username' => 'my_username',
        
    'password' => 'my_password'
    );

    // Connect to the database
    $db = &DB::connect($dbconfig);
    $db->setFetchMode(DB_FETCHMODE_ASSOC);

    if (
    PEAR::isError($db)) {
        die(
    $db->getMessage());

    For the 'Buyers' section of your website I would then instantiate the Buyers class:
    PHP Code:
    // Include Buyers class
    require_once(CLASS_DIR.'buyers.class.php');

    // Instantiate Buyers class
    $buyers =& new Buyers($db); 
    You can then do some pretty straightforward stuff in the front-end php file to have your Buyer details saved, updated, deleted etc.

    PHP Code:
    if(isset($_POST)) {
        if(
    $buyers->add($_POST)) {
            echo 
    'Buyer saved!';
        } else {
            echo 
    'Oops! Buyer was not saved!';
        }

    Obviously I haven't taken security into consideration here so you would need to make sure you sanitize any data before it gets anywhere near the database.

    I hope this helps in your quest

    Cheers;
    Poncho
    Perfecting the art of breaking stuff.
    Check 'em: CakePHP | TextMate

  6. #6
    Community Advisor ULTiMATE's Avatar
    Join Date
    Aug 2003
    Location
    Bristol, United Kingdom
    Posts
    2,160
    Mentioned
    46 Post(s)
    Tagged
    0 Thread(s)
    @spikeZ: Thanks for the help with the SQL. I've implemented the changes and it all looks good in the database so far.

    @philm: Thanks for pointing out MD5 for me, and thanks again for the link. This should definitely help me in more than one area of my course. The idea for ratings is so that if a user is satisfied by the transaction with another user they can rate them from 1 to 5. A user can only rate someone once per transaction and this is enforced by the fact that a user can only visit the page to vote for them once anyway, and ratings increase on how many times the user has been rated, so two ratings of 5 would equal a rating of 10. I presume I'll be able to pull the value up from the database, use a variable to get the users rating and add them together and put it right back into the database?

    @Raffles: I've seen loads of sites that offer 'MD5 decryption' scripts where you enter the hashed value and it spits out a password. From what I've tested myself it works on very basic alphanumeric passwords, but can cause problems to those who use symbols, numbers and letters, etc (e.g. ngols543525 (Which isn't my password )).

    As far as this project goes I'm a bit stuck on help. PHP isn't taught on my course and few lecturers only have a grasp on ASP, and whilst everyone else is using ASP for their web pages I seen it as a great opportunity to show universities my ability to learn a server-side scripting language and apply it in a professional setting within a short time (as I would have to undertake the task of learning quite a lot of basic Java before I move onto my final year at another university).

    From what I gather, this Advanced Project isn't supposed to be bulletproof from a commercial standpoint, but research into that would be beneficial for documentation (following the PRINCE2 PM methodology for this project). The website design took me about two days to finish, and now all I need to do is write the PHP code to get it all working. Much of it seems pretty easy so far and I can only really see a problem with the administration part of it. PHP seems to be a lot like C, and all the basics of programming are pretty natural to me.

    Oh, and thanks for the Coffee advice. I'll be sure to buy myself a new Coffee Pot.

    EDIT: @Poncho: WOW! Thank you for the help there! Surprisingly enough a lot of that makes sense to me, even the OOP (Definitely a weak spot, since I'll be taught it in Databases after I should have finished the development stage of my Project). The framework idea is good, but we were all told that ALL the code must be your own work (but asking for outside help is allowed, as long as you can justify your knowledge of the code and learn from the experience of writing it out yourself). Anyways, thanks again for the help, you've saved me at least a few nights of screaming at my computer.

  7. #7
    Maniacally depressed robot poncho's Avatar
    Join Date
    Dec 2004
    Location
    Belfast, N.Ireland
    Posts
    452
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No probs, PM me if you need any help

    Incidentally, you should check out Harry Fuecks' PHP Anthology here on Sitepoint, I found it to be an invaluable resource when I really started getting into the nitty-gritty of PHP.
    Last edited by poncho; Feb 12, 2007 at 17:54.
    Perfecting the art of breaking stuff.
    Check 'em: CakePHP | TextMate

  8. #8
    SitePoint Wizard bronze trophy bigalreturns's Avatar
    Join Date
    Mar 2006
    Location
    The Wirral, England
    Posts
    1,294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's doable, I did it with my first dynamic website. Do be prepared to look back on your code a few months down the line and be reduced to tears at how much better and quicker you could have done it though!
    "The proper function of man is to live - not to exist."
    Get a Free TomTom


  9. #9
    Community Advisor ULTiMATE's Avatar
    Join Date
    Aug 2003
    Location
    Bristol, United Kingdom
    Posts
    2,160
    Mentioned
    46 Post(s)
    Tagged
    0 Thread(s)
    Well I've started, and it's surprisingly simple. It's very similar to what I expected, and the C and ASP knowledge helps a ton with this. I'm probably going to spend the next week finishing the website now.

    Thanks for the help guys, and I'll be sure to keep you posted on my progress.

  10. #10
    Maniacally depressed robot poncho's Avatar
    Join Date
    Dec 2004
    Location
    Belfast, N.Ireland
    Posts
    452
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Excellent, glad to hear it's going well for you. Please do come back with a progress post, I'm interested to see how you get on.

    Cheers;
    Poncho
    Perfecting the art of breaking stuff.
    Check 'em: CakePHP | TextMate

  11. #11
    Community Advisor ULTiMATE's Avatar
    Join Date
    Aug 2003
    Location
    Bristol, United Kingdom
    Posts
    2,160
    Mentioned
    46 Post(s)
    Tagged
    0 Thread(s)
    As I promised I'd come back with a follow-up post, I'm here again to show my progress.

    Practically everything is done, apart from two things. One that seems fairly easy to do, and one that I'm fairly lost with.

    - Search for tickets
    - Login Script based off my Buyer and Seller tables

    The search won't be too hard since SQL is pretty natural to me now, but I'm totally lost with creating a login script that'll allow for two different types of user. I've tried many that are already out there (all of which use PEAR) but they always come up with hundreds of errors, so I'm just looking at something simple and insecure that works that I can build upon.

    Anyway, thank you again for the help you provided. I think I can say with some safety that I have the confidence in my PHP to actually create dynamic websites whenever I want.

  12. #12
    SitePoint Wizard
    Join Date
    Oct 2005
    Location
    London
    Posts
    1,678
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    HI,

    Glad to hear its going well for you...

    Theres a really simple login script i posted here:

    http://www.sitepoint.com/forums/showthread.php?t=454528

    Someone pointed out a security issue with one part of it so you may want to put the fix in for that if you use it in any way.

    How are you storing the users? Seperate tables for sellers and buyers? If so a simple solution springs to mind .When the user submits their username/password, query the buyers db first and use mysql_num_rows on the result from the db...if no rows are returned ( ie: username and password were not matched) then go ahead and query the second db....if there is no result here ( ie: no rows are returned ) deny the user access. If there is a match and rows are returned then grant access.

    **If a row is returned from the first db you can redirect and exit at this point to stop the second query from running

    Its just an idea....someone will proabably post a solution thats better than this as in theory you could end up calling to the db twice when you only really need to once....but what the heck it would work
    Last edited by elduderino; Mar 20, 2007 at 11:47.

  13. #13
    Community Advisor ULTiMATE's Avatar
    Join Date
    Aug 2003
    Location
    Bristol, United Kingdom
    Posts
    2,160
    Mentioned
    46 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by elduderino View Post
    HI,

    Glad to hear its going well for you...

    Theres a really simple login script i posted here:

    http://www.sitepoint.com/forums/showthread.php?t=454528

    Someone pointed out a security issue with one part of it so you may want to put the fix in for that if you use it in any way.

    How are you storing the users? Seperate tables for sellers and buyers? If so a simple solution springs to mind .When the user submits their username/password, query the buyers db first and use mysql_num_rows on the result from the db...if no rows are returned ( ie: username and password were not matched) then go ahead and query the second db....if there is no result here ( ie: no rows are returned ) deny the user access. If there is a match and rows are returned then grant access.

    **If a row is returned from the first db you can redirect and exit at this point to stop the second query from running

    Its just an idea....someone will proabably post a solution thats better than this as in theory you could end up calling to the db twice when you only really need to once....but what the heck it would work
    I had a look over the code but I couldn't get it to work within my site.

    To answer your question, I am using two tables for 'buyer' and 'seller', and having them log in through my index.php file.

  14. #14
    SitePoint Wizard
    Join Date
    Oct 2005
    Location
    London
    Posts
    1,678
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    HI,

    well theres no reason it shouldnt work as i have that script working in my system....theres no problems. You just need to make the necessary changes to it to fit with your code...you'll need to change the query and also notice that my username and password fields are named 'username' and 'password'.

    Maybe if you pst your relevant code i could help slot the login script in.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •