Gpizzle google database


SUBMITTED BY: Guest

DATE: Aug. 14, 2013, 4:08 a.m.

FORMAT: Text only

SIZE: 7.2 kB

HITS: 1074

  1. [b][size=large][u]Table of Contents[/u][/size][/b]
  2. [list=1]
  3. [*]Introduction
  4. [*]Database Setup
  5. [*]Connect?
  6. [*]Authentication Script
  7. [*]Conclusion
  8. [/list]
  9. [hr]
  10. [b][size=large][u]Introduction[/u][/size][/b]
  11. [list]
  12. Just imagine, a database that has 100% uptime, is not open to SQLi, and is incredibly fast? Sounds too good to be true, but it's not!
  13. This was an interesting topic that I looked into a few months ago when trying to create a secure authentication system. I figured, why not host a database on an already secure host, then not allow anyone to modify it unless they are logged into my google account!? Thus, this idea was created and used by myself in several authentication systems for a few months. After a while, I found a faster and more secure method that allows you to do more within the scripts, but this overall works just fine. So I figured, why not share it! Nobody else does this anyways! :D
  14. I'm sure you've all used Google Documents by now, so I'm not going to go into a lot of detail about what it is. I'll leave it at, "You can create a spreadsheet".
  15. In this tutorial, I'm going to show you how to create a [b]BASIC[/b] authentication system. I've also divided it into sections and sub-sections so it's easier to navigate between topics.
  16. [/list]
  17. [hr]
  18. [b][size=large][u]Database Setup[/u][/size][/b]
  19. [list]
  20. First things first, we have to create a spread sheet within our google documents account. You can do this by going to https://drive.google.com, logging in with your google account, then creating a spread sheet. It's VERY simple, so I'm not going to go into detail.
  21. You should end up at a screen like this:
  22. [spoiler=Image][img]http://dl.dropbox.com/u/7870266/Uploads/2013-01-19_23-03-09.png[/img][/spoiler]
  23. I'm going to delete every column and row in my spreadsheet, then, for this example, create 3 columns and 6 rows. You're going to want to delete any unused columns/rows to reduce the response size, thus increasing speed. You should end up with something like this:
  24. [spoiler=Image][img]http://dl.dropbox.com/u/7870266/Uploads/2013-01-19_23-06-17.png[/img][/spoiler]
  25. Now, this step is not needed, but I personally did it in the past so I can keep track of what column is what.
  26. Lets create some column headers so we know what we're doing. In this tutorial, I'm going to name them "ID","USER", and "PASS". Put these in the very top row.
  27. [spoiler=Image][img]http://dl.dropbox.com/u/7870266/Uploads/2013-01-19_23-08-31.png[/img][/spoiler]
  28. Just fill in the first column since this is an example. You can add more users if you want, but I'm only going to add one for this example.
  29. This is what it should look like:
  30. [spoiler=Image][img]http://dl.dropbox.com/u/7870266/Uploads/2013-01-20_00-09-34.png[/img][/spoiler]
  31. Last step, we need to make our document public so we can access it from our script.
  32. First, click "File", then select "Share".
  33. I'm sure you can figure out how to change the access level from Private to "Anyone with the link".
  34. Next, we need to publish our file to the web.
  35. You can do this by clicking "File", then selection "Publish To Web".
  36. Make sure to select "Sheet1" and check "Automatically respublish when changes are made. Then click "Start Publishing".
  37. After you click the "Start Publishing" button, we need the JSON link, but that's not documented anywhere, so we're going to have to get it ourselves.
  38. Under "Get a link to the published data", select "RSS", then "Cells", then copy the link.
  39. For example, my URL is [b]https://spreadsheets.google.com/feeds/cells/0ArqzqB_MMK5udGJXUWpwdlZyQmpQeU10QnJ2UlJfb3c/od6/public/basic?alt=rss[/b]
  40. To format it to json, we simply change the [b]alt=rss[/b] to [b]alt=json[/b].
  41. And now we have our json feed url!
  42. [/list]
  43. [hr]
  44. [b][size=large][u]Connect?[/u][/size][/b]
  45. [list]
  46. Well I'm sure you're wondering might we wondering how we get the data. Well it's very simple! We are just going to use a script that I used in the past.
  47. Make sure you have file_get_contents enabled on your host otherwise this will not work. You could always just use cURL, but I don't like cURL. ^.^
  48. [b]get_spreadsheet_data.php[/b]
  49. [php]<?php
  50. function fetchUserList($url,$cols) {
  51. // Converts the column integer input to a decimal for future use.
  52. $cols = number_format($cols,1);
  53. // Get our information, then parse it.
  54. $jsonData = json_decode(file_get_contents($url),true);
  55. // Store all entries in the $entries array.
  56. $entries = $jsonData['feed']['entry'];;
  57. // Create an array for future use to store the final data in.
  58. $info = array();
  59. $j=-1; // So we can have a 2D array starting at 0.
  60. // Loop through each of the elements in the $entries array so we can get the real data.
  61. for($i=0;$i<count($entries);$i++) {
  62. // If (Current Entry) % 3 is not 0, then place the entry into the current array
  63. if(fmod($i,$cols)!=0) {
  64. $info[$j][$i] = $entries[$i]['content']['$t'];
  65. } else {
  66. // Otherwise, increment J and input the data into the next array
  67. $j++;
  68. $info[$j][$i] = $entries[$i]['content']['$t'];
  69. }
  70. }
  71. // Return our array of information!
  72. return $info;
  73. }
  74. ?>[/php]
  75. [/list]
  76. [hr]
  77. [b][size=large][u]Authentication Script[/u][/size][/b]
  78. [list]
  79. Obviously you're going to need to change it to fit your needs, but here's the basic authentication script:
  80. [b]auth.php[/b]
  81. [php]
  82. <?php
  83. require_once("get_spreadsheet_data.php");
  84. // Make sure to change the URL to your own.
  85. // fetchUserList($url,$numberOfColumns);
  86. $users = fetchUserList("https://spreadsheets.google.com/feeds/cells/0ArqzqB_MMK5udGJXUWpwdlZyQmpQeU10QnJ2UlJfb3c/od6/public/basic?alt=json",3);
  87. $username = $_GET['username'];
  88. $password = $_GET['password'];
  89. for($i=1;$i<count($users);$i++) {
  90. $database_id = $users[$i][0];
  91. $database_username = $users[$i][1];
  92. $database_password = $users[$i][2];
  93. if($database_username == $username) {
  94. if($database_password == $password) {
  95. echo("Successful login!");
  96. } else {
  97. echo("Incorrect password!");
  98. }
  99. } else {
  100. echo("Incorrect username!");
  101. }
  102. }
  103. ?>
  104. [/php]
  105. [/list]
  106. [hr]
  107. [b][size=large][u]Conclusion[/u][/size][/b]
  108. [list]
  109. And there you have it! A database hosted on google that's not open to SQLi and has 100% uptime!
  110. Also, I should also mention that it is [b]NOT[/b] the best way to use this.
  111. There are ways using other libraries that allow you to have full control over the database. This means reading and writing to the database instead of just reading.
  112. Hint: Zend (Very horrible library, but that's the only one that I know of that will work).
  113. If I need to further explain anything, just let me know and I'll do my best.
  114. [/list]

comments powered by Disqus