322791 Advanced userdatabase

進行中 投稿 May 26, 2009 着払い
進行中 着払い

Hi

I have a mySQL database where a user has a username and a password. I need an API that does the following:

Webmaster places 1 file on the root of the server. After that, in every form on the server that has a username and a password in same form, this will happen:

There will be a list that consists all the possible form names for a formname for 'username' and all the possible form names for a password form field. Whenever the user visits the site, whereto the webmaster has moved the file that installs the API, it will connect to my own database on a completely different server and extract and type in username in the username field and password in the password field. After this the user clicks 'login' and is now logged in, if the userdata from my mySQL database is correct. That means, the user logs into another site on the Internet using my MySQL database. After the user is logged into the other system the same thing will happen with every form field like 'first name'. Whenever the script that checks the list with possible form names finds a form called one of these names, it will take the first name for the user that is logged in, and paste it so it is typed into the form field.

It is important that this API is very easy to install on the server. It doesnt have to be any specific, but there are two requirements: almost all users have to be able to upload it no matter what version of PHP/MySQL they use. The second one is that it cannot take more than 5 minutes for a webmaster without any IT knowledge to install the API on his server, so it has to be easy for everyone.

here is how i plan top do this:

when the webmaster triggers a php through a browser just like "[url removed, login to view]" it will read every file in the server, finds those which has the words username password and "type=submit" inside , then it will override php script inside it putting a script and savving the file again. the script will contain a code just before the usual "if(isset($_POST['submit'])){" phrase that opens your mysqld database and do the authentication.

The other form names like "first name " will be done in the same way .

it'll be no more than some seconds to take the webmaster install this on the server, simple as putting the php file in the server and acessing it from the browser.

in the same way the script would read and resaving everyform that contains any of the name in a list of form-names, supose the list has 3 names: first-name, middle-name and sur-name then when the scripts is triggered from the browser it will read every file looking also for keywords like name='first-name' name='middle-name' and name='sur-name' then it will be replaced for a php script so name='first-name' would turn into name=<?php echo $firstnamevalue; ?> and so with the two others. Before that in the code line the instalation script would add some lines the would load the information from your database and passing it to the variables like this one $firstnamevalue. That would guarantee the script would automatically type the information on user's browser.

But there are some issues before we start, and if the user uses different form-field names than the usual? Like use first#name instead of first_name ? or sur_name instead of sur-name? maybe we could use a wide list with some variations of the same form-field name, like for first name for example could be:

1-firstname

2-first-name

3-first#name

4-...

and so on...

But even doing that there are chances to find an server with form fields that not match the list... Because as a programmer he could has already a form field named donaldduck instead of username and mickey instead of password, his swebsite would work fine but my script wouldn't.

I will make the list of all possibilities.

For each form name (first name, last name, username, password, age, height etc etc) there will be a list with around 1000 different possibilities. If a webmaster used another name, I will instruct him in changing his form fields. And users will be able to log into ALL sites that this script is installed on.

well i figured out a new trick to work out this cookie issue: the scripts reads the entire files and in the files it founds fields username and passwords it list all the cookies and sessions on it. then displays it on the new script instalattion page asks to the webmaster to choose it and press the install button. After that you will instruct him to make a self test opening a page he knows there is the fields username and password and make it by using a standard username password you will provide to him in the instructions manual example:(password=yourpassword and username=yourusername; ) So if the log in occur with succes the webmaster will know its everything ok. If it doesnt get success then he will return to the instalattion page that will be still open and simply change using the radio buttons to another cookie, look there will be not a huge amount of cookies to choose from, a maximum of 3 i think and a minimum of 1 of course. So in the worst cases he will not have to attempt more than 3 times. I think 99% of the webmasters will choose the right one on the first time. Because usually the name of the cookie or the session will be something close to "login" like "boollogin" or "isloggedin" or something like that.

What is important is that we operate with opensource solutions at least. That it works on all the major open source solutions. If we find out these open source solutions work we will have made a good step:

Magento, oscommerce, Wordpress, Joomla, Drupal, PrestaShop, wp-oscommerce, Zen Cart, opensourceCMS, openCMS, CMSimple, PHPnuke, typo3, Textpattern, DokuWiki, SMF, PhpBB2, PHPbb, Nucleur CMS, vBulletin, ecime - smarty shopping cart, Heikos.

The next thing is when the user is logged in. He should surf around on the site as he was a normal user. Everything he does on the site is saved in the sites own database, but with the username from my database.

I would suggest we do like this:

A user logs in to a site, lets say scriptlance. He creates a project, and that project is saved in scriptlances database. After a week he logs in again and sees the project under 'my projects'. That means as soon as the user is logged in, the rest is saved on the sites' server.

This script should be able to run with the webmasters own login script on his site.

AJAX JavaScript MySQL Odd Jobs PHP ウェブセキュリティ

プロジェクトID: #2068597

プロジェクトについて

リモートプロジェクト アクティブ Jul 11, 2012