Social Expirament

<p>Hello, all. I am experimenting with a low-level social network between those who I know and can get to sign up. I have an idea for the login that goes something like this (I will indicate the parts I need help with):<br>

1: create account<br>

go to "register" page<br>

type wanted username, password, and information into the form boxes<br>

the form submits <em>username~password</em>~<em>fName~lName~yyyymmdd(of birth) </em>to loginfo.txt, or similar, as a hash.<br>

2: The user logs in by putting username and password into login boxes<br>

(how do I) run search for md5($uName "~" $pWord) within the loginfo.txt file<br>

If search returns positive, then redirect to /Users/$pWord.php (how do I make it so that I can put a variable in the redirect). Else, redirect to /accessDenied.html, from which they can reattempt login</p>

<p>I am fairly certain I am going about this the wrong way, but I want to figure that out for my self (e.g., tell me I am wrong, but don't tell me right.).</p>

<p>You might want to save yourself a <em>lot</em> of trouble and for your <em>experiment</em> just use a ready-to-go (and free!) system like Drupal. All of that user account management plumbing is ready to go, and you can instead focus on which of thousands of modules (or those you write yourself) are best suited to the sort of content and interaction you want the users to experience. There's simply no reason to reinvent this particular wheel! Drupla handles per-user security, user content, commenting, social activities, ties to jillions of external services/tools, etc.<br /><br />If you do decide to roll your own, though, you might still follow the same model, and use a database on the back end, rather than a file-based user management mechanism.</p>

<p>Time is not the issue. I just want to put practical use to PHP, HTML, Javascript, and other web programming languages. Experiment is the key word here. I don't want guaranteed success; I want the end result to be my html and php coding, of my own idea, even if I do need pointed away from what will fail.</p>

<p>For the database: how do I assign write permissions to it from the "register" page?<br>

Also, I want to write a sort of PHP macros to create a users page when they register.</p>

There are thousands of tutorials online for connecting PHP code with varying read/write rights on different tables.

 

Don't make user page files, render user content out of values stored in the database, keyed to each user's credentials

and profile.

 

In case I wasn't clear enough, you can completely customize Drupal and write your own modules in PHP. The whole

idea is to avoid having to do all of that Programming 101 stuff on the basic user admin/housekeeping, which you'd be

hard pressed to do better than the thousands of programmers who contributed open source work to such projects. Use

a framework like that as a starting point, and concentrate your creative efforts on the stuff that will be unique to the

web site you have in mind.

<p>I am learning web programming. I have written my own homepage, from which I can keep a journal, and know what I want to do for everything but login. For my (single-user) homepage, I can reasonably use an If.. Else statement; on the other hand, for large amounts of users, I can do something such as described or write a massive case statement and an accompanying script to add new users.</p>

<p>The point is I want to do everything myself. Success is not the point here. Success achieved by my self is. I don't want any templates or prewritten database systems. Just myself, about 3 months of rainy days for all of the debugging and typing, notepad++, and PHP so that I can run my website locally before I upload it to a server.</p>

<p>By the way: I am working on a super-(franken)computer made from the working parts of the broken computers that my family has with compatible motherboards. I intend to use that as the server, among other things of little enough data requirements to be negligible, since it would have to be a (fixed IP) desktop, instead of a network-switching, low-ram, small HDD laptop. How do I allow it to work as a web server using Ubuntu server?</p>

<p>Just tell the Ubuntu install routine that you want it to work as a typical LAMP box (Linux, Apache, MySQL, and PHP). The MySQL part is what you seem to need to get your head around. Keep user data <em>in a database, </em>not in code or files. <br /><br />Your problem with running your own web server is that your ISP may prohibit you from running a public-facing server/service that accepts traffic on port 80. You may need to set up a business account for that (not just for the hard IP address, but so that they'll allow in public traffic). By the time you pay them for that level of service, you could end up paying a lot more than it would cost you just to have access to an entry level LAMP hosting account at a place like GoDaddy or their competition, and you'll have none of the worries about keeping it all going, and can still write all the software you want. You might as well develop it on a production-style server than take on the cost of opening up port 80 at home.<br /><br />Obviously you can run it in-house for only internal, non-routable traffic without getting yourself a fixed IP address facing the internet. Just assign the server an internal address, and then you'll just need to know that address when surfing to it from other machines on the LAN.<br /><br />On the do-it-yourself front ... why not at least look at the best practices that have been finely honed over the years, and which take all of the current public web site security considerations into account? Since it sounds like you've never done anything like this before, it's also possible that you're not thinking about dictionary attacks, SQL insertion attacks, etc. If you expose your code to public visitors, script kiddies' robots will visit it every several minutes from all over the world, and try thousands of very clever attacks on it.<br /><br />There is no defensive mechanism you can invent on your own that they haven't already built into the list of tricks that a 'bot army of hundreds of slaved machines won't be trying to use to take over your web server. At least <em>look</em> at how publicly available platforms like Drupal and Joomla etc handle all of the stuff you're not even thinking about. It's like saying you want to build a house yourself, and thinking that you should also make yourself an expert locksmith so that you can build the hardware, piece by piece, for the front door knob. When you're talking about making a web server, your application, and your users' data vulnerable through exposure to the web, you <em>do</em> want to leverage well-established techniques to manage user accounts.<br /><br />It's not cheating. And you can go over every line of code and hot-rod it yourself in any way you want. But if you don't, and you start allowing public traffic, you will be in for a very rude awakening. If you bypass that approach, be sure that your backup and restoration mechanism is solid and frequently put to use, since you will need it. Honestly. This is what I do for a living, I'm not just being pedantic.</p>

<p>I realize that I need to use a database. I've realized that for a while.</p>