Thursday, April 15, 2010

Secure PHP Session

I have been working on this class for a day or so, and would like to post it up to see if anyone can find fault with it. It uses mysql to store session information. Right now the information is unencrypted, that feature will be added eventually. Let me know what you think (haha if anyone ever even comes across this blog...)

- replace the connectDb() class with whatever it is you use to connect to the database.


class session();
{
public $sessionKey;
public $value;

function __construct()
{
session_start();
$time = time();
$expTime = $time - 1200;
$db = new connectDb(); //connect to da database.
$killOldData = "DELETE * FROM sessionData WHERE time < '$expTime'";
mysql_query($killOldData);
$this->changeKey();
}

private function changeKey()
{
$oldKey = $_SESSION['key'];
$newKey = $this->generateNewKey();
$checkQuery = "SELECT * FROM sessionData WHERE lock = '$newKey'";
while(!$dup)
{
//this might be slow. gonna see how it works out.
$check = mysql_query($check);

if(mysql_num_rows($check) > 0)
{
$newKey = $this->generateNewKey();
}
else
{
$_SESSION['key'] = $newKey;
$changeKey = "UPDATE sessionData SET lock = '$newKey' WHERE lock = '$oldKey'";
mysql_query($changeKey);
mysql_query("UPDATE sessionData SET time = '$time' WHERE lock = '$newKey'");
$dup = true;
}
}
}

function retreiveData()
{
$time = time();
$key = $_SESSION['key']
$getSessionData = mysql_query("SELECT * FROM sessionData WHERE lock = '$key' AND key = '$this->sessionKey'");
mysql_query("UPDATE sessionData SET time = '$time' WHERE lock = '$key'");
while($sessionData = mysql_fetch_assoc($getSessionData))
{
$data = $sessionData['value'];
}
}

function updateData()
{
$time = time();
$key = $_SESSION['key'];
$query = "UPDATE sessionData SET ".$this->sessionKey." = '".$this->value."' WHERE lock = '$key'";
mysql_query("UPDATE sessionData SET time = '$time' WHERE lock = '$key'");
mysql_query($query);
unset($this->value);
}

function addData()
{
$time = time();
$key = $_SESSION['key'];
$time = time();
$query = "INSERT INTO sessionData (lock, key, value, time) VALUES ('$key', '$this->sessionKey', '$this->value', '$time')";
mysql_query($query);
unset($this->value);
}

private function generateNewKey()
{
return sha1(uniqid(mt_rand(), true));
}
}

Wednesday, January 6, 2010

EASY csv to MySQL in PHP5

This is a class that turns a csv file to a mysql query. It assumes the first line contains the row names. Your database table must contain the same field names (don't need to be in the same order) as the csv file you are importing. The class is free for anyone to use.

The url property is the path to the csv file.
The tableName property is the name of the table you want to insert the csv to.

Sample Usage:


$csv = new csv2mysql();
$csv->tableName = "your mysql table name";
$csv->url = "the path to your csv file";
$csv->putInDb();

Here it is:


class csv2mysql
{
public $url;
public $tableName;

function putInDb()
{
$fh = fopen($this->url, "r");
$i = 0;
while (($data=fgetcsv($fh,1000,","))!==FALSE)
{
$rowValue = "";

foreach($data as $key=>$value)
{
if($i == 0)
{
$row1Value = $row1Value . $value . ",";
//if rows contain any illegal mysql characters now is the time to str_replace them.
}
else
{
$value = htmlspecialchars($value, ENT_QUOTES); //take out any quotes that might mess up the query
$rowValue = $rowValue . "'" . $value . "',"; //wrap row with single quotes for mysql.

}
}
$rowValues = substr($rowValue, 0, -1); //take out extra comma at the end.

$query = "INSERT INTO " . $this->tableName . " (" . substr($row1Value, 0, -1) . ") VALUES (" . $rowValues . ")";
if($i > 0)
{
//echo $query; //for debugging.
mysql_query($query) or die(mysql_error());
}
$i = $i + 1;

}

}
}


If you find errors please let me know in the comments.