next »

[Delusional]

ok alot of people have messaged me about how to make a ptc with php. and since my last topic on this was hijacked i figured i would write a new one. But this time i will provide some coding. but please note i will not provide everything for you just the basics. you will have to do the rest yourself.

Every php powered website(well most of them anyways) uses MySQL or some sort of database to store information about users, ads, settings, banned ip's etc etc. so here are some steps to start off with.

after you have purchased hosting (yes actually paid for hosting) you will want to login to your Cpanel and/or backend of your server. and you will want to create a database. First you must choose what your going to call it so for this tutorial we will be calling the database/db: ptc_demo. now most ppl do not make a database user which is foolish, why is it foolish? cause as long as someone knows your root password they can access your database info without knowing your root username. so we will create a database user call ptc_demo althought the database name and the database username is the same(do not do this on live systems).

Step #1 make db name db username with db password.

Step #2 connect your dbname with your db user and give all permissions (don't do this normally it is a huge security risk)

Step #3 make a configuration file so that your php script can connect to your database. example below.

Code:

<?php
/*=======================================*/
//     Database Configuration Below      //
/*=======================================*/
/* - Database Host - */
$DB_INFO['hostname'] = "localhost";
/* - Database Name - */
$DB_INFO['username'] = "dbusername";
/* - Database Username - */
$DB_INFO['password'] = "dbpassword";
/* - Database Password - */
$DB_INFO['database'] = "dbname";
/*=======================================*/
?>

Step #4 name this something like config.php or something like that.

Step #5 now that we have the config file we need to tell our script how to connect to our db we will do this by making a connection query. name this con.php, example below.

Code:

<?php
/*=======================================*/
//         Connection Functions          //
/*=======================================*/
include "conf.php";

class mysql {
    function connect()
    {
        global $DB_INFO;

        $connect = mysql_connect($DB_INFO['hostname'], $DB_INFO['username'], $DB_INFO['password']);

        if ( !$connect ) {
            die("Cannot connect to mySQL Host.");
        } else {
            $select = mysql_select_db($DB_INFO['database']);

            if ( !$select ) {
                die( "Cannot connect to DB." );
            } else {
                return $select;
            } 
        } 
    } 

    function query( $info )
    {
        return mysql_query( $info );
    } 

    function fetch( $info )
    {
        return @mysql_fetch_array( $info );
    } 

    function num( $info )
    {
        return mysql_num_rows( $info );
    } 
    function affected()
    {
        return mysql_affected_rows();
    } 
    function close()
    {
        return mysql_close();
    } 
} 

$db = new mysql;
$db->connect();
?>

Step #6.now that we have a way for the script to connect to the database and a way to run the queries we need a global file. This file will run functions needed to do actions or lookup info needed on parts of the site.

A. the first and most important function we need to create is a function that will delay(at least) MySQL Injections. we do this by grabbing a variable and cleaning it. example below.

Code:

function antisql()
  {
    $badchars = array(";", "'", "\"", "*", "DROP", "SELECT", "UPDATE", "DELETE", "-");
 
    foreach($_POST as $value)
    {
      if(in_array($value, $badchars))
      {
        die("SQL Injection Detected\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']);
      }
      else
      {
        $check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
        foreach($check as $char)
        {
          if(in_array($char, $badchars))
          {
            die("SQL Injection Detected\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']);
          }
        }
      }
   }
} 
   

B. you should add this function in first but don't forget to add before the function.

Code:

session_start();

C. Next function all sites should have is this one.(finds the REAL IP of the users)

Code:

function get_ip()
{
    if ($_SERVER['HTTP_X_FORWARDED_FOR'])
    {
        if (preg_match_all("#[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}#s", $_SERVER['HTTP_X_FORWARDED_FOR'], $ips))
        {
            while (list($key, $val) = @each($ips[0]))
            {
                if (!preg_match("#^(10|172.16|192.168).#", $val))
                {
                    $ip = $val;
                    break;
                }
            }
        }
    }
    else if ($_SERVER['HTTP_CLIENT_IP'])
    {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }
    else if ($_SERVER['HTTP_FROM'])
    {
        $ip = $_SERVER['HTTP_FROM'];
    }
    else
    {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    return $ip;

#7. Now we need a file that will control the design for the site. We will call this the header or header.php

Code:

<?
session_start();
include "global.php";
print <<<HEAD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<meta name="Description" content="minimal site desciption." />
<meta name="Keywords" content="your, keywords" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="Distribution" content="Global" />
<meta name="Robots" content="index,follow" />

<link rel="stylesheet" href="styles/1.css" type="text/css" />

<title>Your Sites Title</title>


</head>

<body>
<!-- wrap starts here -->
<div id="wrap">

<!--header -->
<div id="header">

<h1 id="logo-text">Your<span class="gray">PTC</span> Title</h1>
<h2 id="slogan">put your site slogan here...</h2>

<form class="search" method="post" action="#">
<p>
  <input class="textbox" type="text" name="search_query" value="" />
<input class="button" type="submit" name="Submit" value="Search" />
</p>
</form>

</div>

<!-- menu -->
<div  id="menu">
<ul>
<li id="current"><a href="">Home</a></li>
<li><a href="">View Ads</a></li>
<li><a href="">Register</a></li>
<li><a href="">Login</a></li>
                                <li><a href="">Advertise</a></li>
<li><a href="">Upgrade</a></li>
</ul>
</div>

<!-- content-wrap starts here -->
<div id="content-wrap">

<div id="sidebar">

<h1>Main Menu</h1>
<div class="left-box">
<ul class="sidemenu">
<li><a href="">Home</a></li>
<li><a href="">About</a></li>
<li><a href="">Advertise</a></li>
<li><a href="">Terms</a></li>
<li><a href="">Support</a></li>
</ul>
</div>

<h1>Featured Ads</h1>
<div class="left-box">
<ul class="sidemenu">
          <li><a href="">Text Link</a></li>
<li><a href="">Text Link</a></li>
<li><a href="">Text Link</a></li>
<li><a href="">Text Link</a></li>
<li><a href="">Text Link</a></li>
  </ul>
</div>
HEAD;
?>

more steps to be added daily. if you have any SERIOUS & ON TOPIC questions please post a reply.

[Delusional]

Steps Continued

#8. since the header is done we will want to add our footer design to the globe.php file and make it into a function called footer. this way when ever we end a page instead of loading a whole nother file that will most likely increase the server load it will just run a function from one of our files that we already have included (you can see how to create a function in step #5).

[Miguel]

oh helpful though I dont understand php, I still have time to learn it

[Blizzy]

you had a lot of owrk there, thanks mate, needed some of the things you posted!

[Delusional]

it's not that much work. just takes time to post it for noobs.