Using MySQL
Lorren
from within modules. Is this correct? If so, how is this done? Is
there documentation in the APE wiki?
Thanks! :)
Maxence
I'm new here, but Iyou can see this page for more information
http://www.ape-project.org/docs/server/mysql/
Lorren Biffin
Lorren Biffin
(425) 522-2673
http://twitter.com/lorrenbiffin
--
You received this message because you are subscribed to the Google
Groups "APE Project" group.
To post to this group, send email to ape-p...@googlegroups.com
To unsubscribe from this group, send email to
ape-project...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/ape-project?hl=en
---
APE Project (Ajax Push Engine)
Official website : http://www.ape-project.org/
Git Hub : http://github.com/APE-Project/
davidynamic
trouble
On Dec 21 2009, 2:52 pm, Lorren Biffin <lorren.bif...@gmail.com>
wrote:
> Wow, right there under my nose. Thanks! :D
>
> Lorren Biffin
> (425) 522-2673http://twitter.com/lorrenbiffin
>
> On Mon, Dec 21, 2009 at 11:49 AM, Maxence <dga...@gmail.com> wrote:
> > Hello Lorren,
>
> > I'm new here, but Iyou can see this page for more information
> >http://www.ape-project.org/docs/server/mysql/
>
> > On Dec 21, 8:34 pm, Lorren <lorren.bif...@gmail.com> wrote:
> > > It's my understanding that APE has the ability to connect to MySQL
> > > from within modules. Is this correct? If so, how is this done? Is
> > > there documentation in the APE wiki?
>
> > > Thanks! :)
>
> > --
> > You received this message because you are subscribed to the Google
> > Groups "APE Project" group.
> > To post to this group, send email to ape-p...@googlegroups.com
> > To unsubscribe from this group, send email to
> > ape-project...@googlegroups.com<ape-project%2Bunsu...@googlegroups.com>
flipkick
Because we're using asynchronous mysql communication, the user has to
wait for the sql result and authorization.
The client shouldn't join a channel on startup, but after receiving the
AUTHORIZED command from the server. (remove the channel-property from
the html and add a handler for AUTHORIZED).
feel free to use it.
sql injection with this module is easy, you should check the variables
var userlist = new $H;
var authChatServer = new Class({
sess_user: new Hash(),
initialize: function(){
Ape.log('[authChat Module] starting initialization..');
this.registerAuthorization();
this.registerJoinHandler();
this.registerAddDeleteUser();
Ape.log('[authChat Module] ..done');
},
registerAddDeleteUser: function() {
Ape.addEvent('adduser', function(user) {
userlist.set(user.getProperty('name').toLowerCase(), true);
}.bind(this));
Ape.addEvent('deluser', function(user) {
userlist.erase(user.getProperty('name').toLowerCase());
if (this.sess_user.has(user.getProperty('sessid'))) {
this.sess_user.erase(user.getProperty('sessid'));
}
}.bind(this));
},
registerJoinHandler: function() {
Ape.registerHookCmd("join", this.authorizedJoin.bind(this));
},
registerAuthorization: function(){
Ape.registerHookCmd("connect", this.authorization.bind(this));
},
authorizedJoin: function(params, cmd) {
auth_ok = (
this.sess_user.has(cmd.user.getProperty('sessid')) &&
this.sess_user.get(cmd.user.getProperty('sessid')).has('authorized') &&
this.sess_user.get(cmd.user.getProperty('sessid')).get('authorized') == true
);
if (auth_ok)
return 1;
else
return ["100", "NO_AUTH"];
},
sendAuthorizationConfirmation: function(pipe) {
pipe.sendRaw('AUTHORIZED', {});
},
sendChatMsg: function(from_pipe, to_pipe, msg) {
to_pipe.sendRaw('DATA', {'msg':msg, 'pipe': from_pipe.toObject()});
},
authDbResult: function(cmd, res, errorNo){
if (!res) {
Ape.log('authResult db error', cmd);
return;
}
else if (res.length<1) {
Ape.log('user not found', cmd);
return;
}
// auth done here
if (
res[0].name.toLowerCase() ==
cmd.user.getProperty('name').toLowerCase() && // nick matches db?
res[0].password == cmd.user.password // check password
){
this.sess_user[cmd.user.getProperty('sessid')] = new Hash({
authorized: true,
user_id: res[0].id,
nick: res[0].name
});
// todo: choose another from-pipe
this.sendAuthorizationConfirmation(cmd.user.pipe);
}
else {
this.sess_user[cmd.user.getProperty('sessid')] = new
Hash({authorized: false});
this.sendChatMsg(cmd.user.pipe, cmd.user.pipe, 'Sicherheitsfehler');
}
},
authorization: function(params, cmd){
if (!$defined(params.name)) return 0;
if (!$defined(params.user_id)) return 0;
if (userlist.has(params.name.toLowerCase())) return ["007",
"NICK_USED"];
if (params.name.length > 16 || params.name.test('[^a-zA-Z0-9]',
'i')) return ["006", "BAD_NICK"];
cmd.user.setProperty('name', params.name);
cmd.user.setProperty('user_id', params.user_id);
cmd.user.password = params.password;
// begin auth
sql.query("SELECT * FROM users WHERE id = " +
Number(params.user_id), function(res, errorNo) {
this.authDbResult(cmd, res, errorNo);
}.bind(this));
return 1;
}
});
var sql = new Ape.MySQL("127.0.0.1:3306", "dbuser", "dbpassword",
"database");
// wait for sql connection, then start
sql.onConnect = function() {
Ape.log('MySQL connection established');
new authChatServer();
}
sql.onError = function(errorNo) {
Ape.log('Connection Error : ' + errorNo + ' : '+ this.errorString());
flip
Number(..), so it's safe.
another thing in this example is:
the mysql connection is established when starting ape. the default
timeout for this connection in mysql is 3 hours or something, so for
production environment you better also add a interval function for
keep this connection alive. (like sending an easy sql command every
hour)
flipkick
app with restful_autentication, MySQL and APE for a web chat.
User authentication is also done in APE, so only registered users are
able to chat with their login names.
http://flip.netzbeben.de/2010/01/howto-create-a-web-chat-with-ape-rails-and-mysql/
comments welcome ;)
cheers,
flip
Am 03.01.2010 22:05, schrieb davidynamic:
Nicolas Trani
thanks for your bloc article, i just added it to the tutorial page on
the APE wiki :
http://www.ape-project.org/wiki/index.php/Category:Tutorial
Cheers.
flipkick a �crit :