J2Ee Hosting, Sun Java Developing, Domain Name Hosting Blog

859Chapter 45A User-Rating SystemLinking ratings with contentSo now we have a table representing possible ratings and a table representing the content tobe rated. How shall we associate them? We ve already made a decision of sorts by making two separate tables. If each piece of contentonly received one rating, we could have added the rating value as a column in the contenttable. Similarly, if each rating were applied to only one piece of content (as with finishing orderin a race), we could have made the content ID a column in the ratings table. As it is though, wehave multiple pieces of content, which different users will associate with different ratings. Thisis a many-to-many relationship, so we will need a third table to capture the associations. We want each row in this ratingstable to represent an instance of a content item receiving a rating. At a minimum, then, we need to identify both the content and the rating in each row. We ll do this by using the primary keys from each table. In addition, we ll throw in a fewcolumns that we have found to be useful, even if we won t be using them much in this chap- ter s code. create table ratings (ID int primary key auto_increment, rating int, rated_id int, rating_date timestamp, user_ip varchar(30), bogus_bit tinyint default 0); The first three columns are the minimum we need: our usual auto-incremented primary keyand the IDs from the two tables we are associating. The next two will be used to capture someinformation about the rating event: the time it happened, and the IP address of the user doingthe rating. (This last one we include not for any evil, privacy-invading purpose, but justbecause it turns out to be useful in combating mass ballot stuffing. If you receive a negativereview for an item once every two seconds, it can be useful to know that all those votes arecoming from the same place.) Finally, we include a bit we can flip if we conclude that largenumber of rows are bogus without deleting them, we can write code to screen them out ofvote totals and displays. Now we have designed our three tables and have populated only one of them (rating_ values). It seems wasteful to print sample quotes that make up the entries for the quotationstable (although we will include them in the database dump for this chapter found at www. troutworks.com/phpbook). Finally, we have not yet populated the ratings table, becausethat is something that our users should do. Collecting VotesTo let our users vote on our content, we need to display that content alongside some kind ofform that lets them express their feelings. In this section, we ll create a content page that displays one item and encourages the user to rate it. The code for this page is shown inListing 45-1. This is a high-level code file, which includes other function files, which in turn do most of the work.
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.

858Part VCase StudiesOur ratings code will inevitably be interwoven with the particular content site we choose, butwith minimal changes it ought to work with any content site that has these characteristics. Domain: A quotation siteFor our example domain, we ll create a site that displays amusing quotes from famous andnot-so-famous people. All we want to present to the user on each quotation page is a pithyquote and an attribution. To store these quotations, we ll make a MySQL database for ourentire project and then create a quotation table: create database user_ratings; use user_ratings; create table quotations (ID int primary key auto_increment, quotation varchar(255), attribution varchar(255)); This produces two pieces of text (the quotation itself and an attribution) per row, with anautomatically assigned identification number. Note that we plan for the quotes to be verypithy indeed no more than 255 characters. If you want longer quotes, you should make the quotationfield a larger type, say type text. Possible ratingsWorking from the other end, let s design another table that specifies the rating values thatusers can choose among when rating quotations. This is an equally simple MySQL schema: create table rating_values (ID int primary key auto_increment, rank int not null default 0, rating_text varchar(255)); As always, the IDfield is the unique identifier we rely on. The rankfield we intend for order- ing the rating values if you choose a scale of 1 to 10 style of rating, you want ten rows inthe table, with ranks ranging from 1 to 10. (You could make the IDfield do double duty hereand play the role of the rankfield, if you are careful with order of entry, but this seems likemore trouble than it s worth.) Finally, the textfield contains the explanation of the choicethat will be shown to the voter. While we re at it, let s populate this table with a particular rating scheme. insert into rating_values (rank, rating_text) values (5, 5 - Excellent ); insert into rating_values (rank, rating_text) values (4, 4 - Very good ); insert into rating_values (rank, rating_text) values (3, 3 - Good ); insert into rating_values (rank, rating_text) values (2, 5 - Mediocre ); insert into rating_values (rank, rating_text) values (1, 1 - Poor ); Note that the redundancy of including the rank in the text is necessary only if the rank willnot be displayed along with the text.
Check Tomcat Web Hosting services for best quality webspace to host your web application.

A User-RatingSystem In this chapter, we look at a very common use of database-drivenPHP code: presenting content to users and encouraging them togive it a quality rating. In the first edition s version of this chapter, we used sample user rat- ings code that we had extracted from a site of our own. Although real- isticin some sense, the resulting code samples could not be usefullyrun without the rest of that Web site s code base. This time around, we ve gone entirely in the other direction, creating a complete min- isite that places primary emphasis on the capability to rate content. Our hope is that it will be a straightforward task to adapt the ratingcode to your own site. The portions of the book we draw on most heavily for this case study are: .Part II: We build the code around a MySQL database. .Chapters 28 and 36: We communicate with the database usingthe PEAR database functions. In this chapter we demonstrate the use of the PEAR databaselayer to abstract away from the choice of the particular databasesystem, even though much of the rest of the book s code usesPHP/MySQL functions directly. The PEAR DB approach has thebenefit of making it possible for users to choose among differenttypes of data sources, but both approaches have their supporters. Initial DesignWe will design our minisite from the ground up, but bear in mind thatthe part we really care about is the code relevant to user ratings. In amoment, we will zero in on a particular example content site, but firstlet s lay out the site characteristics that our ratings code will assume. We assume that: .The site presents content items to users (books, movies, con- sumer goods, politicians anything that could conceivably berated). .The site presents one such item per dynamically generated page. .Each item is stored in a database table or set of tables with aunique database key. Note4545CHAPTER …In This ChapterDesigning a ratingsystemCollecting votesCounting anddisplaying resultsExtensions of the design …
We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.

855Chapter 44User Authentication EOLOGINFORM; echo $login_form; site_footer(); ?> Depending on your preference, and which version of PHP you re using, you might choose toincorporate exception handling or define a custom error handler to use in conjunction withthe $feedbackvariable in the preceding examples. See Chapter 31 for more information. SummaryUser data management is a core function of many Web sites. Unfortunately, often not enoughthought is given to security, scalability, and modularity in these important subsystems. Wedemonstrate a complete user management package here, and walk you through the designprinciples you should keep in mind as you implement your own. The main functions of a user management system include new user registration and confirma- tion, login and logout, forgotten password replacement, changing e-mail and passwords, changing other user data, and logging in as another user. … Cross- Reference50
Go visit our java server pages services for a reliable, lowcost webhost to satisfy all your needs.

854Part VCase StudiesListing 44-11(continued) } } if ($submit == Login ) { $feedback = user_impersonate(); if ($feedback == 1) { // On successful login, redirect to homepageheader( Location: index.php ); } else { $feedback_str =

$feedback

; } } else { $feedback_str = ; } // —————- // DISPLAY THE FORM// —————- include_once( includes/header_footer.php ); site_header( Login To OpenCortex ); // Superglobals don t work with heredoc$php_self = $_SERVER[ PHP_SELF ]; $login_form = <<< EOLOGINFORM

$feedback_str LOGIN Username Password Searching for affordable and proven webhost to host and run your servlet applications? Go to Linux Web Hosting services and you will find it. Posted in Domain | No Comments » 853Chapter 44User AuthenticationListing 44-11:Administrator impersonation script (impersonate.php) (Web server version) Tuesday, February 26th, 2008 853Chapter 44User AuthenticationListing 44-11:Administrator impersonation script (impersonate.php) We highly recommend you visit web and email hosting services if you need stable and cheap web hosting platform for your web applications. Posted in Domain | No Comments » 852Part VCase StudiesCookie-based authorization, (Ftp web hosting) as the name implies, Monday, February 25th, 2008 852Part VCase StudiesCookie-based authorization, as the name implies, relies upon special cookies to identifybrowser sessions belonging to trusted users. Often, the cookie must be set inside the firewall, so there is an element of IP authorization to this type of scheme also. The advantage ofcookie-based designs is that cookies are easy to implement and can be used by severalemployees at once. The disadvantage is that, by themselves, cookies are easy to spoof andhard to track because they embody authorization without authentication. If you have sixtrusted users in your organization that are empowered to take a certain action, with cookiesalone you won t know which of the six made a particular mistake. Database authorization relies on a more formal concept of permissions, either individual orgrouped into baskets. Individual permissions are stored in their own database tables, such aspermissionand user_permission. On each page load, the code checks to see whether thisparticular authenticated user has the particular permission necessary to use this particulartool. Baskets of permissions are often represented simply as a bit in the user table (is_adminor some such field). Database permissions are the most complicated to implement, but one ofthe safest designs. Furthermore, you can track individual actions with a database at a level ofgranularity not possible with the other schemes. Finally, IP-based permissions attempt to restrict use of certain tools to only those behind afirewall or on a particular subnet. You may, for example, allow only one development serverto connect to your live database on the other side of the firewall. IP-based plans should reallybe led by your IT staff or systems administrators because almost all the work and mainte- nance falls on them. If you, as the Web developer, do everything they tell you to do, but thenetwork is cracked anyway, the responsibility should fall on them. Obviously, IP-based autho- rization is non-authenticated unless you work in a locked room, it s very difficult to preventothers from sneaking up to your computer while you re away and using the browser-basedtool on your computer. Remember that any or all these basic methods can be combined for stronger security. Youcould have a system where all tools lived in a particular password-protected directory on aparticular server, for example, and would run only on that server, but permissions werestored on the live database in the field. This would combine basic auth, database, and IP- based authorization systems for a more secure result. Login as userLogging in as a particular user is not a tool per se. It may be something you must build it intothe structure of your entire site, depending on how you implement it and the particulars ofyour site architecture. For instance, you may have a special cookie that means, I m theadministrator, but I want to see this user s user page as if I were the user. If you used the registration and login code we laid out in the Registration and Login sec- tions of this chapter, you could easily write a tool to basically give a particular user s cookiesto the administrator of your site. Essentially, it would amount to using the login script with- out requiring a password or rather without requiring the password of the user whose pointof view you are taking. This would be an intrinsically insecure way to accomplish your task, and therefore should only be used in combination with one or more of the other securityschemes discussed in the Avoiding Common Security Problems section of this chapter. The impersonate.phpform in Listing 44-11 looks exactly like the normal login form, login.php. Instead of entering his or her own username and password, however, the autho- rized user will enter the username of the user he or she wishes to impersonate, plus a specialadministrator password. If the administrator cookie is not detected, the form will automati- cally redirect to the front page of the site. You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services. Posted in Domain | No Comments » Cpanel web hosting - 851Chapter 44User AuthenticationGender $gender_button_str Make user profile private? Monday, February 25th, 2008 851Chapter 44User AuthenticationGender $gender_button_str Make user profile private? $priv_profile_str

EOUSERFORMSTR; echo $userform_str; site_footer(); } ?> Administrator ToolsAdministrator tasks tend to be rather specific to particular sites, but there are a few generalprinciples to keep in mind in designing administrator tools. The main one, obviously, is toprotect these tools from being found and used by unauthorized users. Authorization: Basic auth, cookie, database, and IPAlthough a full discussion of authentication is beyond the scope of this chapter, you need tounderstand permissions to design tools that act on user data. First, we should clearly define the distinction between authentication and authorization. Authentication means we are trying to verify that you are who you say you are. Everything inthis chapter so far has been about authentication, strictly speaking. Merely by being a partic- ular user, certain abilities (such as the ability to change your own e-mail address) devolveupon you. Authorization is about determining whether you have permission to do what youwant to do. Often, an authorization step is built into authentication in a way that is transpar- ent to the user, but they are fundamentally two separate tasks. There are four main types of authorization: basic auth, cookie, database, and IP based. Basic auth is a Web server specific method of authorization and authentication. You can tellthe Web server to prompt for a password and check a list of authorized users before servinga page in a particular directory under your Web tree. Although, in a certain sense, the Webserver is doing this on every page load, the browser can transparently handle multiple pagesper session so that the user only has to enter a login and password once per browser session. A clear explanation of basic auth for Apache http server can be found at http://httpd. apache.org/docs/howto/auth.html.
Please visit our professional web hosting services to find out about cheap and reliable webhost service that will surely answer all your demands.

850Part VCase StudiesListing 44-10(continued)

USER PROFILE Change your emailaddress Change your password $status_message Photo URL (i.e. http://www.my.com/foto.jpg) Homepage URL (e.g. http://www.my.com/page.html) Favorite links Location (City, State) Country Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services. Posted in Domain | No Comments » 849Chapter 44User Authentication$photo_url = urldecode($user_array[ photo ]); (Web hosting bandwidth) $photo_url = stripslashes($photo_url); Saturday, February 23rd, 2008 849Chapter 44User Authentication$photo_url = urldecode($user_array[ photo ]); $photo_url = stripslashes($photo_url); $homepage_url = urldecode($user_array[ homepage ]); $homepage_url = stripslashes($homepage_url); $fav_link1 = urldecode($user_array[ link1 ]); $fav_link1 = stripslashes($fav_link1); $fav_link2 = urldecode($user_array[ link2 ]); $fav_link2 = stripslashes($fav_link2); $fav_link3 = urldecode($user_array[ link3 ]); $fav_link3 = stripslashes($fav_link3); $location = stripslashes($user_array[ location ]); $country = $user_array[ country ]; $gender = $user_array[ gender ]; // Construct the multiple field typesif ($gender == M ) { $gender_button_str = MF ; } elseif ($gender == F ) { $gender_button_str = MF ; } else { $gender_button_str = MF ; } $priv_profile = $user_array[ priv_profile ]; if ($priv_profile == 1) { $priv_profile_str = Yes No ; } elseif ($priv_profile == 0) { $priv_profile_str = YesNo ; } else { $priv_profile_str = YesNo ; } // ————– // Construct form// ————– site_header( User data edit page ); $userform_str = <<< EOUSERFORMSTRContinued50 You want to have a cheap webhost for your apache application, then check apache web hosting services. Posted in Domain | No Comments » « Previous Entries You are currently browsing the J2Ee Hosting, Sun Java Developing, Domain Name Hosting Blog weblog archives for February, 2008. Archives May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 May 2007 April 2007 Categories Domain (513) J2Ee Hosting, Sun Java Developing, Domain Name Hosting Blog is proudly powered by cheap hosting Entries (RSS) and Comments (RSS).