Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Secure Internet File-Sharing with PHP, MySQL, and JavaScript : Page 3

Use PHP to create a secure Internet file-sharing application that employs a database abstraction layer and separates HTML design from PHP programming.


advertisement
Let's Dive into the Code
PHP code is the glue of this example. Under the application root directory in the source code, there are four PHP files. The main one is file_sharing.php, and I chose to name all the others included by it as inc.*.php.

I put all the global variables specific to my local installation in inc.config.php. This means that after you extract the zip file in the downloadable source code, you can adapt it to your environment by appropriately setting the variables in this file.

The inc.vars.php file contains a PHP session-starting mechanism (used here only to pass through tag- and file-sorting method properties), some other global variables for convenience, and global assignments that are valid for all Smarty templates.



The inc.util.php file contains some utility functions, which are mostly a way to reduce the number of code lines. Some routines implement database access and are noteworthy as examples of using a database abstraction layer. These functions use the PEAR MDB2 API to access MySQL. (The next section offers a more detailed description of the advantages of this approach, with some examples of implementation.)

The file_sharing.php file is the core file that processes all HTTP requests and parses the variables passed by GET or POST methods. After parsing the action, the program retrieves all the data needed to manage the event, assigns that data to the Smarty structure, and then displays it.

Database Abstraction with PEAR
PEAR is a large repository of PHP libraries (called packages) that can speed up PHP development. In this program, the main PEAR package is the MDB2 library, which is the latest solution for database abstraction. Although I use the MySQL database in this example, you can run this solution in other environments (for example, in enterprises where Oracle is the database) by making only a few changes to the code. To use another database after installing the relative PEAR component for MySQL, all you need to do is change the value of the $dsn variable in inc.config.php. This variable must contain a valid Data Source Name (DSN) according to the rules described in the DSN documentation.

The DSN I used for MySQL is:

$dsn = 'mysql://user:password@mysql_server/mysql_db_name

This means all the calls to the database are perfectly transparent with regard to the underlying database.

Note that if you want to use another database in place of MySQL you have to create the same database schema. Of course, the file file_sharing.sql would not be valid anymore, but it would contain the SQL statements you have to translate in order to configure the database using another RDBMS.

Encrypting Files for Security
The file-sharing example allows the user to save files optionally in encrypted form, using the 128-bit-key AES (Advanced Encryption Standard) algorithm and saving passphrases in encrypted form (using SHA1 160-bit checksums as described in the RFC 3174 Secure Hash Algorithm). All the operations on encrypted files require these passphrases, so remember these important guidelines:

  • If you lose a passphrase, you can no longer download the file and you have to delete it with MySQL commands. Moreover, the data and passphrase travel through the Internet in clear form. A helpful upgrade would be to encrypt data and hash passwords locally with JavaScript functions before sending them over the Net.
  • If you want to use another database in place of MySQL, you have to replace the MySQL functions used for encrypting and hashing in the PHP code with equivalent ones.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap