I'm making a bank....

[Kaiser Mors V]

I'm making a bank for shireroth again, using PHP.... though this has meant I learn I have to teach myself PHP(C syntax makes it insanely easy...) and MySQL stuff.. which I kinda got figured out.. now I just need to make a GUI for it all... and some password encryption...

[benkern]

Whatever happened to the old one? I read about a Shirerithian bank coded with PHP I think.

[Neike Taika-Tessaro]

If you need help with PHP's MySQL function libraries, I reckon this is about everything you'll need:

Code: Select all

$db_link = mysql_pconnect("database server","username","password");
mysql_select_db("database",$db_link);
$result_source = mysql_query("SQL SELECT statement");
if (mysql_num_rows($result_source)) {
  echo "<table>";
  while ($row = mysql_fetch_assoc($result_source)) {
    echo "<tr><td>".$row['column name']."</td><td>".$row['another column name']."</td><tr>";
  }
  echo "</table>";
}

Lemme know if that's enough to get you started.

Also interesting if you're hoping to allow interaction:

$_REQUEST, $_GET and $_POST, htmlspecialchars(), stripslashes() (in case of magic quotes), and the all-important mysql_real_escape_string().

I'd tell you more, but right now I'm just hoping to let you skip past the "exasperated searching for what I need" phase, providing you're even suffering something like that. :P

Edit - I can advise about encryption, too, if you want me to, along with an introduction to session variables?

[Nick Foghorn Leghorn]

Bah to your sessions. In-URL variable passing is where it's at!

The old PHP bank system, along with the Antican CyberCasino, used a MD5 hash of the password that it compared to the stored hash in the database.

Code: Select all

$passcheck = md5($userpass);

if ($passcheck == $result['pass'])
{include('bank.php);}

else {echo "No means no!";}

[Liam conToketi]

Sorry, but I could only help you if you needed Assembly code...

[Ari Rahikkala]

* looks at Nick's post *

Don't forget to salt the passwords!

(also, don't forget that salt really isn't a complex matter at all. For instance, MediaWiki just uses the numeric userID of a user for salt. I wouldn't be telling you about it at this stage if it weren't simple.)

[Neike Taika-Tessaro]

Bah to your sessions. In-URL variable passing is where it's at!

...er? Sessions can be passed in URLs (though this is often Quite A Bad Idea). Unless you're honestly suggesting passing "logged in=true" in the URL, in which case, words fail me right about now.

MD5 is fine, but like Ari said, salt it.

[Kaiser Mors V]

it was in Perl/CGI the old bank was... it used MD5 encryption and salted(?) with the username...

Problem is.. the old bank stopped working at somepoint, for some reason, and I don't get enough useful error info to debug it...and I gave up on it long ago...

I'm using PHP now so that if we want it'll be in the same language as the forum is... (I think...) and we could integrate them....

I already have gone through the annoying looing what what I need phase.. I just went straight to the PHP documents online.. and some MySQL ones I found.... I think I have some idea of what I'm doing... I'm just not familiar with SQL at all... PHP is just like Perl to me.. so there is NO learning curve for it... plus I've taken enough CS classes to proly be able to make this... the GUI part has me a bit confused... but I'll get there... as I'm just writing the functions to manipulate the database at the moment..

I wish I didn't need to do this with SLQ... I used Berkely DBM's last time... they are simple.. yes.. maybe a lil clunky... but they did what I needed simply... I just had 2 hashes basically... one for username/userpass pairs.. and another for username/funds pairs.. (later I had a txt file for logging.. and another db for emails...

I don't really like web programming I don't think...to by honest... but it matters little..

[Kaiser Mors V]

It would appear I also need to refresh on HTML and forms...


btw... as I make stuff... it'll be here http://www.shireroth.org/bank/shirebank.php . Right now all it does it tell me things as I tinker and play and learn what I'm doing...

[Kaiser Mors V]

Code: Select all

$existence = mysql_query('SELECT username FROM shirebank WHERE username='.$username, $server);

What exactly am I going to get back... I theorize that if there is no entry with a username field equal to the $username variable I get FALSE back (documenation tells me this.. I think) other wise I'll just get the name back (which being a none 0 value will be the same as getting TRUE back) username will be unique... as I won't allow the creation or two entries with the same username... (duh) So... I should just get a string back or bool.. which ever.. not a whole resource... but I guess that's what my question is.. when I sent it through sql_result or whatever it was I got erorrs saying it was not a valid resource...

this is what I get for not programming in over a year.. and then trying to make a program from a language and database I don't know... on top of not knowing databases.. like.. at all... let alone SQL.

[Neike Taika-Tessaro]

Code: Select all

$existence = mysql_query('SELECT username FROM shirebank WHERE username='.$username, $server);

What exactly am I going to get back...

Either FALSE if there was a MySQL error, or a result source to work with using mysql_num_rows() and co..

I theorize that if there is no entry with a username field equal to the $username variable I get FALSE back (documenation tells me this.. I think)

No, you get a result source. mysql_num_rows() on this result set, however, will yield "0", telling you there is no such username.

Also, you probably want to use mysql_real_escape_string() on the username if you haven't already... lest you end up with things like this:

[from http://xkcd.com/327/]

[Neike Taika-Tessaro]

It would appear I also need to refresh on HTML and forms...

What do you need?

Code: Select all

<form action="script.php" method="post">
<input type="text" name="textrow" value="preliminary value" />
<select name="dropdown">
  <option value="0">Nothing</option>
  <option value="1" selected="selected">One</option><!-- pre-selected on page-load -->
  <option value="2">Two</option>
  <option value="3">Three</option>
</select>
<select name="multiple[]" multiple="multiple">
  <option value="This">This</option>
  <option value="And">And</option>
  <option value="That">That</option>
</select>
<textarea name="lotsoftext">A minor essay...</textarea>
<input type="hidden" name="hiddenvalue" value="Secrets! Well, sort of." />
<input type="submit" value="Send this form!" />
</form>

...will let you read the data in script.php as...

Code: Select all

$_POST = Array(
  'textrow' => "preliminary value", // if the user didn't change the field
  'dropdown' => 1, // if "One" was selected
  'multiple' => Array( 'This' , 'And' , 'That' ), // if all elements were selected
  'lotsoftext' => "A minor essay...", // if the user didn't change the field
  'hiddenvalue' => "Secrets! Well, sort of." // always (unless hacked)
)

Be aware that regardless of your form, people can enter whatever the hell they like as variables (FireFox makes this especially easy, in fact, but even without its convenience, trust me, it doesn't take much). To guard against relying on anything, I tend to suggest using $_REQUEST instead of $_POST, as this (1) makes your script easier to test, as it does not only accept POST-form variables, but you can enter them into the URL directly, too ("GET" variables, accessible via $_GET, too), (2) makes you more aware that you're not safe from bad user input from any vector, pretty much leading to safer code.

(Yes, there are significant exceptions to this "rule", but I don't want to get into those yet, unless someone's actually interested in the theories behind internet security.)

(Also, I apologise if any of the above breaks, I'm trying to type everything I put here off-hand, since I'm doing a lot of things in parallel right now, and cannot be arsed to check my syntax... sorry )

[Kaiser Mors V]

I'll get to the form stuff later... as I'm still trying to get some functions to do database manipulation...

Code: Select all

function find_account($username, $server)
//Checks to see if an account exists.
//returns false if they don't exist.
//otherwise will return the username back
{
$existence = 0;
$orders = "SELECT username FROM shirebank WHERE username=$username";  //.$username;
$result = mysql_query($orders, $server); //pull up results for all username that match.. username.
$existence = mysql_fetch_array($result, MYSQL_ASSOC); //make an array from what we got.

mysql_free_result($result); //Hello...Housekeeping!
return $existence['username'];
}

What's wrong with that? I keep getting:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/u4/shireroth/html/bank/shirebank.php on line 59

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/u4/shireroth/html/bank/shirebank.php on line 64

$username is just a string that IS in the database 'kaiser' as I pulled it up once..
$server is a link to the well.. server.. and it works.. I test it.. and even was able to pull up some info once.. then forgot what exactly I did...


For reference...

Code: Select all

//Server Connection stuff..
print ("Connecting to ShireBank Server<br>");

$server = mysql_connect ("localhost", "shireroth-1", "CA802945"); //connect to server
if (!$server)
print ("Could not connect to ShireBank Server for reason: " . $access . "<br>");
else
print ("Connected successfully to ShireBank Server.<br>");

$database = mysql_select_db ("shireroth-1", $server); //Select bank database
if (!$database)
print ("Could not select ShireBank Database for reason: " . $acess . "<br>");
else
print ("Successfully selected ShireBank Database.<br>");

if (find_account('kaiser',$server) != 0)
print ("Victory monkey! The Kaiser lives!<br>");
else
print ("Be a sad panda, there is no account for the Kaiser...<br>");

[Kaiser Mors V]

Just incase your wondering.. I started programming in Perl.. then spent a few years with C++.. I like to make use of functions.. a lot.. everything gets a function! And function do everything.. like lil gods... they go around and make things happen.. they only care about what they are told, what they do.. and what they have to respond with.. they care nothing for other concerns... problem is... Perl allowed for global variables.. (I recall them almost being default...) and I like to localize my variables.. though I do recycle names heavily..

small functions come together as bigger ones.. and so on... Kinda like Counties Baronies, Duchies and the Empire...

[Kaiser Mors V]

Also, you probably want to use mysql_real_escape_string() on the username if you haven't already... lest you end up with things like this:

*adds it to his todo list..*

[Neike Taika-Tessaro]

Code: Select all

$orders = "SELECT username FROM shirebank WHERE username=$username";  //.$username;

Should be...

Code: Select all

$orders = "SELECT username FROM shirebank WHERE username='".$username."'";

You need the quotation marks around the content of $username or your SQL will look something like username=Kaiser Mors V instead of username='Kaiser Mors V', which breaks syntax most hideously.

Also, if you're just looking for existence, try mysql_num_rows(), which should be faster. (...also, call me silly, but I prefer mysql_fetch_assoc() to mysql_fetch_array(..., MYSQL_ASSOC), and so I have no experience with latter, and whether it could break under certain circumstances.)

Also, if you have no rows returned, you will get PHP errors with that code. You should check for existence with mysql_num_rows(), then therein address the rows one by one (or in this case, the only row). Your code assumes there is at least one row (though you're semantically trying to find out if there is one). If you're too lazy to use mysql_num_rows() (and that's not meant as an accusation, I'm lazy a lot, too), it will tell you "unknown key" in the return row, so at least throw an isset() in there...

Just incase your wondering.. I started programming in Perl.. then spent a few years with C++.. I like to make use of functions.. a lot.. everything gets a function!

Functions are good.

Editted for brief, annoying idiocy on my part.

[Kaiser Mors V]

I've replaced the old one with this after reading and starting to understand a lil better...

Code: Select all

function find_account($username, $server)
//Checks to see if an account exists.
//returns false if they don't exist.
//otherwise will return the username back
{
$orders = "SELECT username FROM shirebank WHERE username=$username";  //.$username;
$result = mysql_query($orders, $server); //pull up results for all username that match.. username.
$existence = mysql_num_rows($result);

mysql_free_result($result); //Hello...Housekeeping!
return existence;
}

I'll fix the quote issue momentarily..

[Kaiser Mors V]

I made that change...but it still comes up with nothing, despite there being something...grr...

but the error messages are gone!

[Neike Taika-Tessaro]

If you're going for a partial username match, you'll want to do a LIKE comparison:

Code: Select all

"SELECT username FROM shirebank WHERE username='".$username."'";

...becomes...

Code: Select all

"SELECT username FROM shirebank WHERE username LIKE '%".$username."%'";

(% is the wildcard in MySQL.)

Also very useful: echo mysql_error() when a MySQL error occurs. MySQL has very insightful error messages, most of the time. Though if the errors are gone now, mysql_error() likely won't help you much.

[Kaiser Mors V]

the find_account() function is basicly used to see if someone is in the database wholesale. I don't care about partial matches.. though if I make a search feature later.. I might.. but unlikely..

I'm gonna put aside that function for a time, and make one for adding account info so I can be sure of what I'm adding...

[Andreas the Wise]

A wild thought ... we're on a php forum, yes? One which you can easily install existing cash/bank mods on? If it's easier, that's all. I know some nations are against post based economies.

[Neike Taika-Tessaro]

I think the problem with that would be less that the typical phpBB cash mods are designed to be post-based and more that they were designed for phpBB2 (that I know of), which, as far as I'm aware, is grossly incompatible with phpBB3. I know "the cash mod", running on phpBB2, can be configured to give no money out post-based-ly, but allows donating to-and-fro, though it would leave the entire monetary system at hands of the admins for tweaking at utter whim. (Which needn't be a bad thing, mind you.)

...now I'm curious if it's phpBB3 compatible yet.

[Kaiser Mors V]

and I like the idea of having one WE made ourselves...

Okey.. so my insert function works perfectly from what I can see. I can add accounts.. (which reminds me.. I need to incorperate the encryptian I made.. anyhoo...) I can see in my database I have what I want.. however... I can't seem to prove to myself that it's there...hehehe

Code: Select all

function add_account($username, $userpass, $funds, $server) //functional
//creates a user account and sets a password assumes initial funds are 0.
{
$orders = sprintf("INSERT INTO shirebank (username, userpass, funds ) VALUES ('%s','%s','%f')",
            mysql_real_escape_string($username),
            mysql_real_escape_string($userpass),
						mysql_real_escape_string($funds)); //a sanitary query
$orders = "INSERT INTO shirebank (username, userpass, funds ) VALUES ('".$username."', '".$userpass."', '".$funds."')";
$result = mysql_query($orders, $server);

if (!$result)
	 {
	 print ("Could not add account for reason: ");
	 echo mysql_error();
	 }
}

Code: Select all

function find_account($username, $server)
//Checks to see if an account exists.
//returns false if they don't exist.
//otherwise will return the username back
{
$orders = sprintf("SELECT username FROM shirebank WHERE username='%s'",mysql_real_escape_string($username));  
$result = mysql_query($orders, $server); //pull up results for all username that match.. username.
$existence = mysql_num_rows($result); //check how many rows we got. 0 means we got no person of that name otherwise..we got something...

mysql_free_result($result); //Hello...Housekeeping!
return existence;
}

Those are the two functions that I'm focused on at the moment...

And yes.. I'm sure this shouldn't be so hard for someone of my programming experience.. but I have been having to start this having no idea about SQL or PHP...

[Neike Taika-Tessaro]

Make sure to have the return line read "return $existence;" and not "return existence;". Latter will try to return the constant "existence", and PHP, if a constant isn't found, implicitely creates it containing a string with its name. So you're returning "existence", the string, which, when compared to a number, evaluates to 0.

For things like that, error_reporting(E_ALL); is your friend.

[Braden Indianensis]

So, the Ministry of Finance will (finally) actually be useful?

[Kaiser Mors V]

GOD DAMN IT MOTHER FUCKING>>>AFSDG Ag aSFga
fsd......BLOODY BUGGERED MOTHER>...s.dfasdFARFsad......COCK SUCKINGASD>>>aERONIUS>>>> MOUSE MATHING>>>>>..dsfad.f...d.e...d. Donkey.asd.f...... PIECE OF SHIT PILE OF CRAP MONKEYS!........asdfsdf.. Not guilty......sadfa4ewSDASERVaSFD sEr
43qW$#...Explitive deleted....ser@#$FASESD POOR IMPULSE CONTROL>>> MOTHINGASDRWE... MASH PIT FUCKER!>>.... SLIME BOTTOMED PIECE OF CONTINUOUSLY CONSTANTYLY OUTRAGED FECAL MATTER MATTED DOOR JABBED>>>ASDAFDFASDE.....

......Son of whore....

[Ari Rahikkala]

So... um... what happened?

[Kaiser Mors V]

And Yes.. the Ministry of Trade will be in a position to at least have a tool for an economy...

wait.. I could make a stock market....

[Nick Foghorn Leghorn]

And Yes.. the Ministry of Trade will be in a position to at least have a tool for an economy...

wait.. I could make a stock market....

Stop right there.

Last time I tried to do something like that it ended in tears and a pile of Mountain Dew cans three sleepless nights later.

Save yourself the trouble brother.

[Kaiser Mors V]

Oh yeah.. it works now.....

What? Once I get this done I'll have a fair knowledge of what I'm doing.. and just have to create how to calc stock prices...

Then it's easy from there... then again once I get the database functions done.. I have to figure out how to do the web programming... something I've never really done...