neoPHP MySQL support (Beta) - Page 3 - Forum

Forum Navigation
Climate strike banner
You need to log in to create posts and topics.

neoPHP MySQL support (Beta)

@noyzen we have disabled self user registration for security reasons.
It is possible to enable it but you should develop your own solution to avoid bots registering accounts automaticaly (perhaps a simple math question on the registration form or some kind of captcha).
Just edit neofunctions.php once your app is compiled. Go to line 377 under function adduser and change this:

if($_SESSION["userlevel"] !=0){
  print($errorMsg[0]);
}else{

For this:

if(true){

Note that, whenever you compile the app, the neofunctions.php file will be generated again and your changes lost, so keep a copy.

OH thats great!

Update: i did the change and now working, users can register themselves... i think this is the way it should be, even with security issues.

about spam registers i will try to secure it but i think is lot more easier for you to add a captcha to it in final release.

(thats why im VisualNEO user and you are its Author :p)

i remember there was a php code also to stop spam request to server (any request), you can simply add it to php code and it will be even more secure.

UPDATE: here it is

/* =================================== start of protection */

if (!isset($_SESSION)) {

    session_start();

}

// anti flood protection

if($_SESSION['last_session_request'] > time() - 2){

    // users will be redirected to this page if it makes requests faster than 2 seconds

    exit;

}

$_SESSION['last_session_request'] = time();

/* ================================ end of protection */

Sorry i don't know anything about php, but i think it help a bit.

==========

Just one important question, tell me can hackers use google chrome console to add java scripts or see variables and...?

For example i only allow register of level 2 users, and they change it to 0 and be admin

Because neoapp builder had this problem on some phpmysql plugin. (it use javascript and people can change it on client side)

==========

i have lot of suggestion and questions on this plugin but i want let you do your job first and see what will happen next

For example i only allow register of level 2 users, and they change it to 0 and be admin

Yes they can. That's the reason only admin can create new user accounts.
I think a captcha alone is not the solution. If self registration is allowed, then accounts should be inactive until admin activate them. Other possiblity is to add a php config variable to lock self user registrations to a specific level.
It's important to think about this carefully in order to keep security while giving us enough freedom.
Any suggestion is very much appreciated.

Quote from luishp on July 6, 2019, 11:44 pm

@bguk, you can use any SQL query.
neoTable can only add, edit and update data in a single table, although can show data from many tables.
neoTableConfigDB ask for the updatable table name and its unique primary field.

Let me know if you have any question.
Regards.

Thanks luishp, I have now successfully created a multi table app using SQLite.

I Can't use NeoPHP to connect to remote MySQL database, i created a database called "site_maindb" and a table called "test" using PHPmyAdmin then uploaded all files to server and made this configuration file:

<?php

$adminName="kajfh923h8365";
$adminPass="8723fg287trgf82r2863r7";

//App DB
$dbAlias[0]="mydb";
$dbNames[0]="site_maindb";
$dbServerNames[0]="localhost";
$dbUserNames[0]="site_dbadmin";
$dbPasswords[0]="test";

//SQL Queries
$sqlAlias[2]="insert";
$sqlQuerys[2]="INSERT INTO test (name) VALUES (testrecord)";
$sqlMaxUserLevel[2]=-1;
?>

"Database does not exists or not valid query"

Can you Help me please?

You should start with number 0 not 2 for SQL Queries:

$sqlAlias[0]="insert";
$sqlQuerys[0]="INSERT INTO test (name) VALUES ('testrecord')";
$sqlMaxUserLevel[0]=-1;

Next one will be 1, then 2...

Thanks for Answering, with 0 i have same problem...

@noyzen, as name is a string field you should use quotes in the value:

INSERT INTO test (name) VALUES ('testrecord')

Note that this is unnecesary if you are using parameters in your query:

INSERT INTO test (name) VALUES (?)

If you continue facing problems, you should check the database connection data.
Let me know if it works for you.

Hi Luis, i have tried that too (and did it again) no luck...

Now i'm going to test it on another server and i will tell you if worked.

UPDATE:

i installed a mysql server on my local computer and even made another clean app to test connection...

still not working, i have checked everything like million times.

it's wired... something is wrong with me lol

i can record a video for you if needed.

@noyzen, it's quite difficult for me to find out where is the problem from here.
If I can not reproduce the problem it's almost impossible for me to give you a possible solution.
Aparently everything is fine in your config.php file.

GOOD NEWS!

after i installed new version 19.7.20 my neophp started working.

everything is OK now and i can connect to mysql database.

Awesome!

And one Question,

i have this code on my config.php

$sqlAlias[0]="request";
$sqlQuerys[0]="INSERT INTO requests (userkey, command) VALUES (?,?)";
$sqlMaxUserLevel[0]=-1;

can you tell me exactly how and where to set values in VisualNeo Web? (the "?" symbols)

if you show an example code it would be great, thanks

Hi @noyzen,

can you tell me exactly how and where to set values in VisualNeo Web? (the "?" symbols)

neoPhpExecSql "mydatabase" "request" "[value1]::[value2]" "callbacksubroutine"

[value1] and [value2] corresponds to first and second ?
Just separate them with double semicolon ::
The callbacksubroutine is optional.

[value1] and [value2] corresponds to first and second ?
Just separate them with double semicolon ::
The callbacksubroutine is optional.

Yup! Working now. thanks for great support even on beta plugin :)

You are welcome @noyzen

Note that the plugin is no longer in beta.
By the way, now it's possible to allow users register by themselfes.
There are two new configuration options in config.php to allow not admin users to register and assign them a predefined access level.

Best regards.

1) Sorry but can you give some info about new options which allow users to register themselves but only as level 1 ?

i mean some example code or address of the help


2) one more thing, if i allow all users be admin they can use all commands in config.php

for example they can use all this commands:

$sqlAlias[0]="selectmovies";
$sqlQuerys[0]="SELECT * FROM movies ORDER by id DESC";
$sqlMaxUserLevel[0]=-1;

$sqlAlias[1]="deletemovie";
$sqlQuerys[1]="DELETE FROM movies WHERE id=?";
$sqlMaxUserLevel[1]=2;

it's ok in my case, but i want to know is there any other access and dangers?
they can SELECT and DELETE from table movies, can they INSERT too?

or they are just limited to predefined commands above?

@noyzen please open a new thread for each question with a descriptive subject.
I'm going to close this thread to avoid confussion.
Thank you!