List of HTML & PHP Questions.

[SBSP]

Hi i have a couple of questions, hopefully some of you can answer them.
i started a thread before i spam the forum with a million questions.
I will ask all futre questions regarding HTML and PHP in here.

1 Can a *.PHP file be downloaded from a webserver as is without the PHP engine processing the <?php ?> part, as you can download other files such a PDF or EXE ?
Reason i ask is cus this will be a security threat for what i want to do , especially when it comes to working with
MySQL, If a person can download the whole source php you can obtain the MySQL username and password also
then modify the PHP to inject junk or even delete tables or database ? I'm convinced a PHP file can be downloaded as is.

2 How do one go about saving the master MySQL Username and password of your database ? saving it to file on the server will be dumb?

3 Is it possible to create a script if a person tries to access lets say http://www.mydomain.com/afile.htm and if afile.htm doesnt exist
dynamicly redirect it to somewhere else ? or is this a server side error setting ?
E.G If /afile.htm then redirect to lets say http://www.afile.com or if /google.co.za forward to http://www.google.co.za

4.Is only .html .htm and .php ect ect permitted can you have a file on your server called billybob.co.za with HTM or php content ? If i do this some browsers will load the page as if its a HTML page and even process PHP if there is. and some pages just loads the page and show the contents of the file as if its a text file not recognizing the HTML tags such as <HEAD></HEAD> basically showing tags and everything on the page (Firefox/IE 7 does this) but IE6 doesnt.

5. Does anyone know if you get a joomla extention that is a customizable interface for you needs, integrating with the login part of joomla's interface cus then i dont have to concentrate on mysql security risks ?

I started learning PHP on my own and wanted to build any stupid website just for learning purposes and not to actually put it online. and now this dumb idea of a website turned out to be a very good idea. Who knows maybe i can end up here
http://www.retireat21.com/top-young-entrepreneurs/

Just a pitty my PHP knowledge sucks so much!
Its frustrating i know exactly what i want to do but dont know how!

[applezunepod]

1 Can a *.PHP file be downloaded from a webserver as is without the PHP engine processing the <?php ?> part, as you can download other files such a PDF or EXE ?
Reason i ask is cus this will be a security threat for what i want to do , especially when it comes to working with
MySQL, If a person can download the whole source php you can obtain the MySQL username and password also
then modify the PHP to inject junk or even delete tables or database ? I'm convinced a PHP file can be downloaded as is.

No. A php file gets run on the server. If you want people to download the php file you'll have to rename it (.txt) or put it in a Zip. If there is a security hole in your webserver or PHP code then people might be able to upload something that allows them to download the files. Generally though php files are safe. You can however if you want encode the PHP file using ioncube, or zend encoders, these encoders 'encrypt' the php file so it's unreadable. It however isn't 100%. Remember that people can uncompile .Net binaries so no code is safe.

2 How do one go about saving the master MySQL Username and password of your database ? saving it to file on the server will be dumb?

You can save it in a .php file something like this
<?php
$database_un = '1234';
$database_pw = '2345';
?>
and save it as a php file in some subdirectory. If people were to call that file (eg calling http://www.whatever.co.za/config/dbsettings.php) the server would return nothing because the server would process that code and return nothing (as nothing gets outputted). You can download wordpress, joomla, bbforum), you'll see from most of these systems the database details gets stored in a file in some directory. So it's 'usually' safe to do it that way. Again, you should be more worried about sql injection exploits and such 1st, as these don't need usernames and passwords for some script kiddie to trash your database.

3 Is it possible to create a script if a person tries to access lets say http://www.mydomain.com/afile.htm and if afile.htm doesnt exist
dynamicly redirect it to somewhere else ? or is this a server side error setting ?

E.G If /afile.htm then redirect to lets say http://www.afile.com or if /google.co.za forward to http://www.google.co.za

Yep, search for '.htaccess' on google. Or you can even do this in the apache config file. I suspect you might not have access to the apache config file to use '.htaccess'. '.htaccess' also allows you to password protect directories, so if you wanted you could put your database config file in there such that if the person called http://www.whatever.co.za/config/dbsettings.php they would be asked for a username & password.

4.Is only .html .htm and .php ect ect permitted can you have a file on your server called billybob.co.za with HTM or php content ? If i do this some browsers will load the page as if its a HTML page and even process PHP if there is. and some pages just loads the page and show the contents of the file as if its a text file not recognizing the HTML tags such as <HEAD></HEAD> basically showing tags and everything on the page (Firefox/IE 7 does this) but IE6 doesnt.

Use google.

5. Does anyone know if you get a joomla extention that is a customizable interface for you needs, integrating with the login part of joomla's interface cus then i dont have to concentrate on mysql security risks ?

I do custom joomla development I can quote on joomla customisation.

I say just download free ebooks (or buy some) and use google. Eveything you ask here has been answered elsewhere.

[SBSP]

Thanks for the answers.

The database settings is clever LOL