# TPU and Help me OUT! (Webmastering)



## 3870x2 (Aug 8, 2009)

alright, im making a website for my wife, http://www.ashleysphotography.biz for her photography business.  In the future, I want people to be able to log in to see their images, and maybe even purchase images online.
I am a very good web designer, however I am lacking in the programming/database aspect.  What I want from this thread is for my users to be able to log in to see their particular images through their phography session, with a username and password.  I have basic web SQL to work with, but no knowledge of how to put it all together, or where to start.  Help me out, or bump me up and you will be thanked!!!

Wow, ops change title to TPU Come and Help me out!!


----------



## 3870x2 (Aug 8, 2009)

Halp!


----------



## Bot (Aug 8, 2009)

i doubt i will help you much here but some more info would be good.
1. do you host remotely or at home?
2. linux, windows, mac?
3. apache, iis, etc?

besides html, are you good with java, flash, if so which do you prefer or dislike, etc


----------



## SystemViper (Aug 8, 2009)

If your going to be managing clients you need to create a database,
then add the tables that hold info that will help to manage your clients and their info.


prob the best place to start is to find out how to create a database on your server/hosting provider, then while your going down that path, you need to build a spec for the site which will define all the goals of what you are doing and start allowing you to match those goals with real world solutions.

The spec will start to be the roadmap for building all the functionality into the site.


Also remember that before you can have people loggin in, they have to sign up, which means having a database
and creating a sign up process.

so my advice to start is to figure out how to create a database.
then put some bogus data in there and learn how to access it and display it,
then learn how to poke data into the database.

once you have done that it will start to be much clearer what you need to do and how unique it is to
your site and customers


----------



## 3870x2 (Aug 8, 2009)

I prefer flash, am good with it mostly, have flash studio 8, dreamweaver 8.
also,
1. Remotely
2. Windows
3. I believe apache, though not sure.


----------



## 3870x2 (Aug 8, 2009)

SystemViper said:


> If your going to be managing clients you need to create a database,
> then add the tables that hold info that will help to manage your clients and their info.
> 
> 
> ...


Wow.  Thank you for your input.  However:
I have already produced the algorithm of how the account is created, produced, and pretty much emcompasses everything you said above.  Things like buying pictures with paypal will come later on.

Of course this is a photography business, I will be setting up their accounts myself, which eliminates the process of creating their own accounts, and I will be adding their pictures themselves.  I thank you for your response but I'm light years ahead of everything said above
Also, as I already said previously, the host of which the site I use have an online version of Light SQL for this sort of thing.  It would probably be easiest to use javascript than flash.

This is probably my fault, maybe I should have added this:
The gaps in my knowledge are as follows:

1.  Scripting the form for the login using javascript (username and password)
2.  Having the Javascript in (1) interract with the SQL database to authenticate the user login credentials.
3.  Matching the user content with their login (in this scenario, their pictures, and maybe some information about their session.)

Thank you for your help for everyone that has posted, and im all ears for any suggestions!


----------



## Bot (Aug 8, 2009)

as recommended, i would also start with some flow charts  and map out the entire process before starting. it'll give you a good idea what you really facing.

remote servers are not as flexible as local, check what is included in the package and what options you have. many include some form database and management, most likely MySQL

if it is on windows, most likely it will do IIS 6.0. with that on a local server you could use sharepoint services which has templates for user/ client management and sales, etc
i am not sure how that works on a remote site

i am more into java and am not all to good at it and use ms expression web .. with that said i leave the real help to the pro's here. i hope i could help a little


----------



## Bot (Aug 8, 2009)

Yea, that sounds a lot more defind. 
Are you looking to code it from the ground up or take snippets a put them together?


----------



## 3870x2 (Aug 8, 2009)

thanks for the response, BOT! but really, as was mentioned previously, all the planning is done, now I just need to carry out the programming required.  Apache is used on a remote server, and I have a web based, code and GUI based SQL to work with.  Just need to know how to do 1. 2. and 3.

Ground up or snippits.  Ive programmed before, so im used to it, but web programming, you might as well count me into the supreme newbie group (know HTML, very little javascript, and a bit of flash)


----------



## SystemViper (Aug 8, 2009)

3870x2 said:


> Wow.  Thank you for your input.  However:
> *I have already produced the algorithm of how the account is created, produced, and pretty much emcompasses everything you said above.*  Things like buying pictures with paypal will come later on.
> 
> Of course this is a photography business, I will be setting up their accounts myself, which eliminates the process of creating their own accounts, and I will be adding their pictures themselves.  I thank you for your response but I'm light years ahead of everything said above
> ...



I think to answer this corectly I would need to understand your algorithm.

1.  Scripting the form for the login using javascript (username and password)

this is a 2 step process, you need the form and then you need the handler..

the form captures the username and password and using a post hands off them to the handler which captures the info, checks it against the database and if it matches, starts a session. Once you have validated the log on info, there are many ways to 
assoiate the person with their pictures, prob the easiest is by file name. Which is another table in the database (images) that has a relationship to each user name.


2.  Having the Javascript in (1) interract with the SQL database to authenticate the user login credentials.

There is plenty of code everywhere to do this, but again it all goes back to your database and your SQL calles to access the data.

3.  Matching the user content with their login (in this scenario, their pictures, and maybe some information about their session.)

again this is just basic sql calls to the database, but you need to have the database built and know how to connect to it. That info should be in yoru admin panal faq or light sql faq.




Have you created the database yet?
Do you know how to connect to it from your webpage?

I think that is good place ot start.


----------



## Bot (Aug 8, 2009)

cool, yea my post came in after i saw your reply, didn't mean to be redundant.
anyway, a few sites i go to for inspirations are
http://www.java2s.com
http://www.javadb.com
and of course
http://code.google.com

here would be something that would apply to "1."
http://www.javadb.com/read-input-from-user-and-write-to-file

this could be used to retrieve user data like login name, first name, last name for database creation, etc

connect the database "2."
http://www.javadb.com/connecting-to-a-database-step-by-step

manipulating the data "3."
Connect to database and call stored procedure
http://www.javadb.com/connect-to-database-and-call-stored-procedure
Connect to a database and read from table
http://www.javadb.com/connect-to-a-database-and-read-from-table

there is more in javadb


----------



## 3870x2 (Aug 8, 2009)

SystemViper said:


> Have you created the database yet?
> Do you know how to connect to it from your webpage?
> 
> I think that is good place ot start.



There we go, no and no.  This is where we need to start, probably from scratch if it helps you all out.
To clarify, here are the knowns:

1. User will be given a username and password by me, I will create it in the database myself.
2. User will login using a USERNAME and PASSWORD field
3. The user needs to be able to uniquely see their pictures (which I will post myself)

So pretty much the user just needs to login to see the pictures I posted from their specific section.
Thank you for helping my thread viper
Same goes for Bot.

If it really is as complicated as you are making it sound, you might have to start from scratch (lol) but your help will be immensely appreciated.  This is knowledge I would like to carry in my career, so if you could explain in detail, it would be great also, I love making webpages, but some of it is fairly difficult, especially with my limited time.


----------



## SystemViper (Aug 8, 2009)

Hi, the most important thing you are going to do is create the database structure. That will have ramifications for you and you site as it begins to grow.

So before you can have anybody log in, or even before you can enter data you need to create the DB.

so step one, go into the DB Gui and create a database, name it what ever you want, I usually use the site name,

once you create the DB, then add your first table, this will be the "members" table, 
in that members table you need to all all the fields that pertain to each member that you want to store, like

memberID
firstname
lastname
adddress
city 
state
zipcode
phone

you see my logic.

when you have this done we can go to step 2,,,,,


hope that helps, you also might want to read up on relational databases, keep it simple but a good primer would help you a lot at this point.


----------



## 3870x2 (Aug 8, 2009)

Heres a good question, I enter this to delete a test user I made:
DELETE FROM `user` WHERE CONVERT( `user`.`Host` USING utf8 ) = CAST( 0x00 AS BINARY ) AND CONVERT( `user`.`User` USING utf8 ) = CAST( 0x54657374 AS BINARY ) LIMIT 1

and get this error:

#1044 - Access denied for user 'jacobharris66725'@'localhost' to database 'mysql'

Of course I cant be the root user because it is hosted remotely, but I do have the same permissive status as root.


----------



## 3870x2 (Aug 8, 2009)

To tell the truth, im getting access denied everwhere, this was entered also:

SQL query: 

CREATE TABLE `mysql`.`Users` (
`memberid` VARCHAR( 10 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL COMMENT 'Unique to user',
`username` VARCHAR( 20 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL ,
`password` VARCHAR( 16 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL ,
`address` VARCHAR( 256 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL ,
`phone` VARCHAR( 10 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL ,
`first` VARCHAR( 20 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL ,
`last` VARCHAR( 20 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL ,
`others` VARCHAR( 256 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL COMMENT 'Other peopel in picture',
`information` VARCHAR( 1024 ) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL COMMENT 'ETC',
UNIQUE (
`memberid` 
)
) ENGINE = MYISAM 


MySQL said:  
#1044 - Access denied for user 'jacobharris66725'@'localhost' to database 'mysql'

Looks like I have to set up "Grant" tables, maybe.  Ill try that out.




It looks like ive been able to reflush permissions, verifying. . . . . . . .

Looks like its good.  Alright, Systemviper, i see you at the bottom, the following fields were created:

MemberID: Incremental, unique
Username: Unique
Password
address
phone
first
last
persons: (other persons in the photo session)
information (etcetera information)

Alright, what now?


----------



## Kreij (Aug 9, 2009)

Given your lack of experience with programming and database administration, 3870, your best bet is to find yourself an inexpensive e-commerce package that will fulfill your needs. You will then be able to just install it, configure it and go.

There are many, many things to consider given what you are trying to do. For instance, you definitely do not want to store the users' passwords in the database in plain text format. If someone gets access to the database they will have every password on the system. You will want to run them through a hash encryption algorith (eg. MD5 or something) and store the resulting hash strings. You are also going to have to protect anyone's personal information (address, phone, etc.).  Remember, if your database gets compromised, you may be liable for any damages that result from the intrusion.

Also, you have to make sure that you sanitize all input to prevent an SQL injection attack. What if in one of the fields I type in "DROP Database YourDatabaseName"? You entire database will be deleted if you do not protect against things like that.

... and we are still just talking about the users' login. What are the security implication when you get to monetary transaction? Like buying/selling photos?  See what I mean?

I do applaude you for having the motivation to make the site, but I think that until you are well versed in coding web services you will want to get a pre-made one for your own (legal) safety (and sanity  )


----------



## 3870x2 (Aug 9, 2009)

Kreij said:


> Given your lack of experience with programming and database administration, 3870, your best bet is to find yourself an inexpensive e-commerce package that will fulfill your needs. You will then be able to just install it, configure it and go.
> 
> There are many, many things to consider given what you are trying to do. For instance, you definitely do not want to store the users' passwords in the database in plain text format. If someone gets access to the database they will have every password on the system. You will want to run them through a hash encryption algorith (eg. MD5 or something) and store the resulting hash strings. You are also going to have to protect anyone's personal information (address, phone, etc.).  Remember, if your database gets compromised, you may be liable for any damages that result from the intrusion.
> 
> ...



Points are very valid.  A few things to remember though:
The passwords will be encrypted (im not computer retarded, I am a+, n+, s+ certified, working towards my degree, MCA, CCNA, and currently have 6 years on-the-job experience with networks, echange server, sharepoint server, cisco, etc...)

I do have a vast knowledge already, and am ready to take on webdesign, and this is my next conquest.
Keep in mind that this will be a mostly private site, and the only thing people will get while breaking into a website are.... pictures, which due to the contract in which they are required to sign before their session are understood to be public domain, privately owned by ashleys pretty n pink photography, until the rights are purchased by the session holders.

I do realize there is an unfortunate large bit to be filled in what I am asking, but as an amateur programmer, I already understood that.
Thank you for posting, kreij, I respect you much if you are actually willing to help,


----------



## Kreij (Aug 9, 2009)

LOL ... I'm sorry, 3870. I never meant to imply that you were "computer retarded".
After reading through the posts, it came across that you were jumping from no coding experience to writing a full e-commerce web service.

As I said, I applaud your motivation to do it yourself. I will keep an eye on this thread and help in anyway that I am able. 

I also complete agree with Bot when he stated the following ...


> i would also start with some flow charts and map out the entire process before starting. it'll give you a good idea what you really facing


----------



## W1zzard (Aug 9, 2009)

install phpmyadmin, that will make your db admin life a lot easier.

mysql "databases" are structured into databases and tables.
a database is like a directory inside which reside tables that are the actual data storage units (think excel table files using the directory analogy)


----------

