neoPHP MySQL support (Beta)
Quote from luishp on July 7, 2019, 10:08 am@noyzen we have disabled self user registration for security reasons.
It is possible to enable it but you should develop your own solution to avoid bots registering accounts automaticaly (perhaps a simple math question on the registration form or some kind of captcha).
Just edit neofunctions.php once your app is compiled. Go to line 377 under function adduser and change this:if($_SESSION["userlevel"] !=0){ print($errorMsg[0]); }else{For this:
if(true){Note that, whenever you compile the app, the neofunctions.php file will be generated again and your changes lost, so keep a copy.
@noyzen we have disabled self user registration for security reasons.
It is possible to enable it but you should develop your own solution to avoid bots registering accounts automaticaly (perhaps a simple math question on the registration form or some kind of captcha).
Just edit neofunctions.php once your app is compiled. Go to line 377 under function adduser and change this:
if($_SESSION["userlevel"] !=0){
print($errorMsg[0]);
}else{
For this:
if(true){
Note that, whenever you compile the app, the neofunctions.php file will be generated again and your changes lost, so keep a copy.
Quote from noyzen on July 7, 2019, 3:54 pmOH thats great!
Update: i did the change and now working, users can register themselves... i think this is the way it should be, even with security issues.
about spam registers i will try to secure it but i think is lot more easier for you to add a captcha to it in final release.
(thats why im VisualNEO user and you are its Author :p)
i remember there was a php code also to stop spam request to server (any request), you can simply add it to php code and it will be even more secure.
UPDATE: here it is
/* =================================== start of protection */ if (!isset($_SESSION)) { session_start(); } // anti flood protection if($_SESSION['last_session_request'] > time() - 2){ // users will be redirected to this page if it makes requests faster than 2 seconds exit; } $_SESSION['last_session_request'] = time(); /* ================================ end of protection */Sorry i don't know anything about php, but i think it help a bit.
==========
Just one important question, tell me can hackers use google chrome console to add java scripts or see variables and...?
For example i only allow register of level 2 users, and they change it to 0 and be admin
Because neoapp builder had this problem on some phpmysql plugin. (it use javascript and people can change it on client side)
==========
i have lot of suggestion and questions on this plugin but i want let you do your job first and see what will happen next
OH thats great!
Update: i did the change and now working, users can register themselves... i think this is the way it should be, even with security issues.
about spam registers i will try to secure it but i think is lot more easier for you to add a captcha to it in final release.
(thats why im VisualNEO user and you are its Author :p)
i remember there was a php code also to stop spam request to server (any request), you can simply add it to php code and it will be even more secure.
UPDATE: here it is
/* =================================== start of protection */
if (!isset($_SESSION)) {
session_start();
}
// anti flood protection
if($_SESSION['last_session_request'] > time() - 2){
// users will be redirected to this page if it makes requests faster than 2 seconds
exit;
}
$_SESSION['last_session_request'] = time();
/* ================================ end of protection */
Sorry i don't know anything about php, but i think it help a bit.
==========
Just one important question, tell me can hackers use google chrome console to add java scripts or see variables and...?
For example i only allow register of level 2 users, and they change it to 0 and be admin
Because neoapp builder had this problem on some phpmysql plugin. (it use javascript and people can change it on client side)
==========
i have lot of suggestion and questions on this plugin but i want let you do your job first and see what will happen next
Quote from luishp on July 7, 2019, 8:18 pmFor example i only allow register of level 2 users, and they change it to 0 and be admin
Yes they can. That's the reason only admin can create new user accounts.
I think a captcha alone is not the solution. If self registration is allowed, then accounts should be inactive until admin activate them. Other possiblity is to add a php config variable to lock self user registrations to a specific level.
It's important to think about this carefully in order to keep security while giving us enough freedom.
Any suggestion is very much appreciated.
For example i only allow register of level 2 users, and they change it to 0 and be admin
Yes they can. That's the reason only admin can create new user accounts.
I think a captcha alone is not the solution. If self registration is allowed, then accounts should be inactive until admin activate them. Other possiblity is to add a php config variable to lock self user registrations to a specific level.
It's important to think about this carefully in order to keep security while giving us enough freedom.
Any suggestion is very much appreciated.
Quote from BGUK on July 9, 2019, 7:35 pmQuote from luishp on July 6, 2019, 11:44 pm@bguk, you can use any SQL query.
neoTable can only add, edit and update data in a single table, although can show data from many tables.
neoTableConfigDB ask for the updatable table name and its unique primary field.Let me know if you have any question.
Regards.Thanks luishp, I have now successfully created a multi table app using SQLite.
Quote from luishp on July 6, 2019, 11:44 pm@bguk, you can use any SQL query.
neoTable can only add, edit and update data in a single table, although can show data from many tables.
neoTableConfigDB ask for the updatable table name and its unique primary field.Let me know if you have any question.
Regards.
Thanks luishp, I have now successfully created a multi table app using SQLite.
Quote from noyzen on July 16, 2019, 4:09 pmI Can't use NeoPHP to connect to remote MySQL database, i created a database called "site_maindb" and a table called "test" using PHPmyAdmin then uploaded all files to server and made this configuration file:
<?php $adminName="kajfh923h8365"; $adminPass="8723fg287trgf82r2863r7"; //App DB $dbAlias[0]="mydb"; $dbNames[0]="site_maindb"; $dbServerNames[0]="localhost"; $dbUserNames[0]="site_dbadmin"; $dbPasswords[0]="test"; //SQL Queries $sqlAlias[2]="insert"; $sqlQuerys[2]="INSERT INTO test (name) VALUES (testrecord)"; $sqlMaxUserLevel[2]=-1; ?>"Database does not exists or not valid query"
Can you Help me please?
I Can't use NeoPHP to connect to remote MySQL database, i created a database called "site_maindb" and a table called "test" using PHPmyAdmin then uploaded all files to server and made this configuration file:
<?php $adminName="kajfh923h8365"; $adminPass="8723fg287trgf82r2863r7"; //App DB $dbAlias[0]="mydb"; $dbNames[0]="site_maindb"; $dbServerNames[0]="localhost"; $dbUserNames[0]="site_dbadmin"; $dbPasswords[0]="test"; //SQL Queries $sqlAlias[2]="insert"; $sqlQuerys[2]="INSERT INTO test (name) VALUES (testrecord)"; $sqlMaxUserLevel[2]=-1; ?>
"Database does not exists or not valid query"
Can you Help me please?
Quote from luishp on July 16, 2019, 7:17 pmYou should start with number 0 not 2 for SQL Queries:
$sqlAlias[0]="insert"; $sqlQuerys[0]="INSERT INTO test (name) VALUES ('testrecord')"; $sqlMaxUserLevel[0]=-1;Next one will be 1, then 2...
You should start with number 0 not 2 for SQL Queries:
$sqlAlias[0]="insert";
$sqlQuerys[0]="INSERT INTO test (name) VALUES ('testrecord')";
$sqlMaxUserLevel[0]=-1;
Next one will be 1, then 2...
Quote from luishp on July 17, 2019, 6:17 am@noyzen, as name is a string field you should use quotes in the value:
INSERT INTO test (name) VALUES ('testrecord')Note that this is unnecesary if you are using parameters in your query:
INSERT INTO test (name) VALUES (?)If you continue facing problems, you should check the database connection data.
Let me know if it works for you.
@noyzen, as name is a string field you should use quotes in the value:
INSERT INTO test (name) VALUES ('testrecord')
Note that this is unnecesary if you are using parameters in your query:
INSERT INTO test (name) VALUES (?)
If you continue facing problems, you should check the database connection data.
Let me know if it works for you.
Quote from noyzen on July 17, 2019, 9:51 amHi Luis, i have tried that too (and did it again) no luck...
Now i'm going to test it on another server and i will tell you if worked.
UPDATE:
i installed a mysql server on my local computer and even made another clean app to test connection...
still not working, i have checked everything like million times.
it's wired... something is wrong with me lol
i can record a video for you if needed.
Hi Luis, i have tried that too (and did it again) no luck...
Now i'm going to test it on another server and i will tell you if worked.
UPDATE:
i installed a mysql server on my local computer and even made another clean app to test connection...
still not working, i have checked everything like million times.
it's wired... something is wrong with me lol
i can record a video for you if needed.
Quote from luishp on July 17, 2019, 11:00 am@noyzen, it's quite difficult for me to find out where is the problem from here.
If I can not reproduce the problem it's almost impossible for me to give you a possible solution.
Aparently everything is fine in your config.php file.
@noyzen, it's quite difficult for me to find out where is the problem from here.
If I can not reproduce the problem it's almost impossible for me to give you a possible solution.
Aparently everything is fine in your config.php file.
Quote from noyzen on July 26, 2019, 11:23 amGOOD NEWS!
after i installed new version 19.7.20 my neophp started working.
everything is OK now and i can connect to mysql database.
Awesome!
GOOD NEWS!
after i installed new version 19.7.20 my neophp started working.
everything is OK now and i can connect to mysql database.
Awesome!
Quote from noyzen on July 26, 2019, 1:00 pmAnd one Question,
i have this code on my config.php
$sqlAlias[0]="request"; $sqlQuerys[0]="INSERT INTO requests (userkey, command) VALUES (?,?)"; $sqlMaxUserLevel[0]=-1;can you tell me exactly how and where to set values in VisualNeo Web? (the "?" symbols)
if you show an example code it would be great, thanks
And one Question,
i have this code on my config.php
$sqlAlias[0]="request"; $sqlQuerys[0]="INSERT INTO requests (userkey, command) VALUES (?,?)"; $sqlMaxUserLevel[0]=-1;
can you tell me exactly how and where to set values in VisualNeo Web? (the "?" symbols)
if you show an example code it would be great, thanks
Quote from luishp on July 26, 2019, 1:41 pmHi @noyzen,
can you tell me exactly how and where to set values in VisualNeo Web? (the "?" symbols)
neoPhpExecSql "mydatabase" "request" "[value1]::[value2]" "callbacksubroutine"[value1] and [value2] corresponds to first and second ?
Just separate them with double semicolon ::
The callbacksubroutine is optional.
Hi @noyzen,
can you tell me exactly how and where to set values in VisualNeo Web? (the "?" symbols)
neoPhpExecSql "mydatabase" "request" "[value1]::[value2]" "callbacksubroutine"
[value1] and [value2] corresponds to first and second ?
Just separate them with double semicolon ::
The callbacksubroutine is optional.
Quote from noyzen on July 26, 2019, 3:56 pm[value1] and [value2] corresponds to first and second ?
Just separate them with double semicolon ::
The callbacksubroutine is optional.Yup! Working now. thanks for great support even on beta plugin :)
[value1] and [value2] corresponds to first and second ?
Just separate them with double semicolon ::
The callbacksubroutine is optional.
Yup! Working now. thanks for great support even on beta plugin :)
Quote from luishp on July 26, 2019, 4:36 pmYou are welcome @noyzen
Note that the plugin is no longer in beta.
By the way, now it's possible to allow users register by themselfes.
There are two new configuration options in config.php to allow not admin users to register and assign them a predefined access level.Best regards.
You are welcome @noyzen
Note that the plugin is no longer in beta.
By the way, now it's possible to allow users register by themselfes.
There are two new configuration options in config.php to allow not admin users to register and assign them a predefined access level.
Best regards.
Quote from noyzen on September 9, 2019, 8:07 pm1) Sorry but can you give some info about new options which allow users to register themselves but only as level 1 ?
i mean some example code or address of the help
2) one more thing, if i allow all users be admin they can use all commands in config.php
for example they can use all this commands:
$sqlAlias[0]="selectmovies"; $sqlQuerys[0]="SELECT * FROM movies ORDER by id DESC"; $sqlMaxUserLevel[0]=-1; $sqlAlias[1]="deletemovie"; $sqlQuerys[1]="DELETE FROM movies WHERE id=?"; $sqlMaxUserLevel[1]=2;it's ok in my case, but i want to know is there any other access and dangers?
they can SELECT and DELETE from table movies, can they INSERT too?or they are just limited to predefined commands above?
1) Sorry but can you give some info about new options which allow users to register themselves but only as level 1 ?
i mean some example code or address of the help
2) one more thing, if i allow all users be admin they can use all commands in config.php
for example they can use all this commands:
$sqlAlias[0]="selectmovies"; $sqlQuerys[0]="SELECT * FROM movies ORDER by id DESC"; $sqlMaxUserLevel[0]=-1; $sqlAlias[1]="deletemovie"; $sqlQuerys[1]="DELETE FROM movies WHERE id=?"; $sqlMaxUserLevel[1]=2;
it's ok in my case, but i want to know is there any other access and dangers?
they can SELECT and DELETE from table movies, can they INSERT too?
or they are just limited to predefined commands above?
Quote from luishp on September 10, 2019, 8:51 pm@noyzen please open a new thread for each question with a descriptive subject.
I'm going to close this thread to avoid confussion.
Thank you!
@noyzen please open a new thread for each question with a descriptive subject.
I'm going to close this thread to avoid confussion.
Thank you!