Plugin which adds a random value to the database on each page load

foxhound	#40703 16.03.2015 21:33
Donator Поблагодарили: 5 раз	Thanks, that link was very usefull. I am now making my first real plugin :) Added 5 days later: Ok, here is the first plugin I have made and I am actually hoping anyone can take a look and tell me if I should change something or if things should be done differently. Due to me using this plugin for a specific feature on my website I will remove some stuff otherwise people could abuse it but the removed content wont cause issues to understand what it does I think. But, what it does is...create a random session (an md5 string) in the database which I will check and compare elewhere. <?php /* ==================== [BEGIN_SED] File=plugins/sessions/sessions.php Version=1.0 Updated=2015-march-21 Type=Plugin Author=Foxhound Description=Insert a unique session with each pageload on pages only [END_SED] [BEGIN_SED_EXTPLUGIN] Code=sessions Part= File=sessions Hooks=global Tags= Minlevel=0 Order=1 [END_SED_EXTPLUGIN] ============ */ if (!defined('SED_CODE')) { die('Wrong URL.'); } // here we check if we are working on the download system, if no all session stuff is set else we exit if ($cfg['plugin']['sessions']['workinprogress'] != 'Yes') { $ses_pageid = sed_import('id','G','INT'); $ses_userid = $usr['id']; $ses_username = $usr['name']; if ($ses_username == "") { $ses_username = "guest"; } $ses_userip = $usr['ip']; $ses_sql1 = sed_sql_query("SELECT online_ip, online_location, online_sessionid, online_randomer FROM $db_online WHERE online_ip='$ses_userip'"); while ($row = sed_sql_fetcharray($ses_sql1)) { $ses_userloc = $row['online_location']; $ses_usersessionid = $row['online_sessionid']; $ses_randomer = $row['online_randomer']; } if ($ses_userloc == "Pages") { $dwnldlink_sql1 = sed_sql_query("SELECT page_id, page_extra_url FROM $db_pages WHERE page_id='$ses_pageid'"); while ($row = sed_sql_fetcharray($dwnldlink_sql1)) { $ses_downloadurl = $row['page_extra_url']; } // create random string $ses_randomer = ""; $ses_str_length = xx; for($ses_i=0; $ses_i<$ses_str_length; $ses_i++){ $ses_rand_number = mt_rand(0,xx); $ses_string = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; $ses_randomer .= substr($ses_string, $ses_rand_number, 1); } $ses_usersessionid = md5($ses_xxxxx . md5($ses_randomer)); $ses_sql1 = sed_sql_query("UPDATE $db_online SET online_sessionid='$ses_usersessionid', online_randomer='$ses_randomer' WHERE online_ip='$ses_userip'"); } // this is required cause we never know if the visitor does actually click the downloadlink on the page he visitted! if (($ses_userloc != "Pages") && ((!empty($ses_usersessionid)) \|\| (!empty($ses_randomer)))) { $ses_sql_u1 = sed_sql_query("UPDATE $db_online SET online_sessionid='', online_randomer='' WHERE online_ip='$ses_userip'"); } } ?> Some things: - I know md5 is not the safest, yet the sessionID wont contain any sensetive data. Its just for me to check a users presence with a certain value (random). I use md5 just to make it unreadable in case someone decides to dig further. - I remove the sessionID string if not on pages to make sure it can not be abused (its actually only valid for one page view and/or action. - no, It did not take me all those days just to write this. In addition to this I made another plugin which works together with this (the workinprogress thing) and in addition another script in another location checks stuff. Any tips? Thoughts? Its my first real fully coded plugin, so if I did do real stupid stuff please be gentle :) <img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />
Отредактировано: foxhound (21.03.2015 22:53, 10 лет назад)

foxhound

#40703 16.03.2015 21:33

Thanks, that link was very usefull.
I am now making my first real plugin :)

Added 5 days later:

Ok, here is the first plugin I have made and I am actually hoping anyone can take a look and tell me if I should change something or if things should be done differently.
Due to me using this plugin for a specific feature on my website I will remove some stuff otherwise people could abuse it but the removed content wont cause issues to understand what it does I think.

But, what it does is...create a random session (an md5 string) in the database which I will check and compare elewhere.

<?php

/* ====================
[BEGIN_SED]
File=plugins/sessions/sessions.php
Version=1.0
Updated=2015-march-21
Type=Plugin
Author=Foxhound
Description=Insert a unique session with each pageload on pages only
[END_SED]

[BEGIN_SED_EXTPLUGIN]
Code=sessions
Part=
File=sessions
Hooks=global
Tags=
Minlevel=0
Order=1
[END_SED_EXTPLUGIN]

============ */


if (!defined('SED_CODE')) { die('Wrong URL.'); }

// here we check if we are working on the download system, if no all session stuff is set else we exit
if ($cfg['plugin']['sessions']['workinprogress'] != 'Yes')
	{
		$ses_pageid = sed_import('id','G','INT');
		$ses_userid = $usr['id'];
		$ses_username = $usr['name'];
			if ($ses_username == "") {
					$ses_username = "guest";
			}
		$ses_userip = $usr['ip'];
					
		$ses_sql1 = sed_sql_query("SELECT online_ip, online_location, online_sessionid, online_randomer FROM $db_online WHERE online_ip='$ses_userip'");	
			while ($row = sed_sql_fetcharray($ses_sql1)) {
				$ses_userloc = $row['online_location'];
				$ses_usersessionid = $row['online_sessionid'];
				$ses_randomer = $row['online_randomer'];
			}
		
		if ($ses_userloc == "Pages") {
			$dwnldlink_sql1 = sed_sql_query("SELECT page_id, page_extra_url FROM $db_pages WHERE page_id='$ses_pageid'");
				while ($row = sed_sql_fetcharray($dwnldlink_sql1)) {
					$ses_downloadurl = $row['page_extra_url'];
				}

			// create random string
			$ses_randomer = "";
			$ses_str_length = xx;
				for($ses_i=0; $ses_i<$ses_str_length; $ses_i++){
					$ses_rand_number = mt_rand(0,xx);
					$ses_string = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
					$ses_randomer .= substr($ses_string, $ses_rand_number, 1);
				}

			$ses_usersessionid = md5($ses_xxxxx . md5($ses_randomer));
				
			$ses_sql1 = sed_sql_query("UPDATE $db_online SET online_sessionid='$ses_usersessionid', online_randomer='$ses_randomer' WHERE online_ip='$ses_userip'");
		}
		
		// this is required cause we never know if the visitor does actually click the downloadlink on the page he visitted!
		if (($ses_userloc != "Pages") && ((!empty($ses_usersessionid)) || (!empty($ses_randomer)))) {
			$ses_sql_u1 = sed_sql_query("UPDATE $db_online SET online_sessionid='', online_randomer='' WHERE online_ip='$ses_userip'");
			
		}
	}
?>

Some things:
- I know md5 is not the safest, yet the sessionID wont contain any sensetive data. Its just for me to check a users presence with a certain value (random). I use md5 just to make it unreadable in case someone decides to dig further.
- I remove the sessionID string if not on pages to make sure it can not be abused (its actually only valid for one page view and/or action.
- no, It did not take me all those days just to write this. In addition to this I made another plugin which works together with this (the workinprogress thing) and in addition another script in another location checks stuff.

Any tips? Thoughts?
Its my first real fully coded plugin, so if I did do real stupid stuff please be gentle :)

Отредактировано: foxhound (21.03.2015 22:53, 10 лет назад)