Second Life Forums Archive - Implementing "Global Blacklist" w/ PHP

Cyphr Bellic

Registered User

Join date: 23 Jul 2008

Posts: 5

11-18-2008 18:22

Hi guys!
I'm new to the forums, somewhat new to PHP, and really new to doing anything with LSL and the outside web.

I'm looking to implement a basic "global blacklist" using LSL and PHP. I basically want a LSL script to poll a PHP script connected to a MySQL DB for its owner's name, and if the owner's name IS located in the database, then it would disable the object.

In theory, this seems like I would work, however I have no knowledge of using LSL and PHP together. I have basic PHP and MySQL knowledge, but I'm nowhere near "advanced". Anyway, I would appreciate some guidance on getting the LSL (and maybe some of the PHP) side of things setup and working. Let me know if you think this would be possible to implement. Also, and another thing; what are the chances that the name of script/object's owner could be spoofed? Would it be more secure to use the owner's key? Any other basic security considerations?

This won't be going into production use in the near future, right now it's kind of a proof of concept idea.

Thanks!!!

Hewee Zetkin

Registered User

Join date: 20 Jul 2006

Posts: 2,702

11-18-2008 20:38

Very possible. The object owner's key and/or name can't be spoofed. You might want to search this forum for keywords like MySQL and PHP.

Bar Farella

Registered User

Join date: 14 Oct 2007

Posts: 5

11-19-2008 16:04

The blacklisted person could always deed the objects to a group or use an alt.

Wouter Hobble

Registered User

Join date: 25 Mar 2008

Posts: 21

11-20-2008 03:48

Suggested design:

Make the item non-transfer to prevent deeding or transmitting or register the object key and check for that as well, but if it is copy/trans one could easily create a new object so make it non-copy in that case.

Have a php script with a few functions to use individually with HTTP requests and filter based on header and some password so that only your scripts can access the functions. You would do this from your script for instance:

Add to banlist:
llHTTPRequest("http://mysite.com/banlist.php", ['HTTP_METHOD', 'POST', 'HTTP_MIMETYPE', 'application/x-www-form-urlencoded'], "password=s3cr3t&addToBan="+llEscapeURL(name))

is banned?
llHTTPRequest("http://mysite.com/banlist.php", ['HTTP_METHOD', 'POST', 'HTTP_MIMETYPE', 'application/x-www-form-urlencoded'], "password=s3cr3t&isBanned="+llEscapeURL(name))

and in PHP implement a simple function that checks the headers for information then uses the $_POST['password'] and checks which function to call.

in the function you just insert into and select from as per SQL. All you need is one table in a DB. Alternatively you could experiment with www.w-hat.com's httpdb

Hope this helps.

Implementing "Global Blacklist" w/ PHP
Cyphr Bellic Registered User Join date: 23 Jul 2008 Posts: 5	11-18-2008 18:22 Hi guys! I'm new to the forums, somewhat new to PHP, and really new to doing anything with LSL and the outside web. I'm looking to implement a basic "global blacklist" using LSL and PHP. I basically want a LSL script to poll a PHP script connected to a MySQL DB for its owner's name, and if the owner's name IS located in the database, then it would disable the object. In theory, this seems like I would work, however I have no knowledge of using LSL and PHP together. I have basic PHP and MySQL knowledge, but I'm nowhere near "advanced". Anyway, I would appreciate some guidance on getting the LSL (and maybe some of the PHP) side of things setup and working. Let me know if you think this would be possible to implement. Also, and another thing; what are the chances that the name of script/object's owner could be spoofed? Would it be more secure to use the owner's key? Any other basic security considerations? This won't be going into production use in the near future, right now it's kind of a proof of concept idea. Thanks!!!
Hewee Zetkin Registered User Join date: 20 Jul 2006 Posts: 2,702	11-18-2008 20:38 Very possible. The object owner's key and/or name can't be spoofed. You might want to search this forum for keywords like MySQL and PHP.
Bar Farella Registered User Join date: 14 Oct 2007 Posts: 5	11-19-2008 16:04 The blacklisted person could always deed the objects to a group or use an alt.
Wouter Hobble Registered User Join date: 25 Mar 2008 Posts: 21	11-20-2008 03:48 Suggested design: Make the item non-transfer to prevent deeding or transmitting or register the object key and check for that as well, but if it is copy/trans one could easily create a new object so make it non-copy in that case. Have a php script with a few functions to use individually with HTTP requests and filter based on header and some password so that only your scripts can access the functions. You would do this from your script for instance: Add to banlist: llHTTPRequest("http://mysite.com/banlist.php", ['HTTP_METHOD', 'POST', 'HTTP_MIMETYPE', 'application/x-www-form-urlencoded'], "password=s3cr3t&addToBan="+llEscapeURL(name)) is banned? llHTTPRequest("http://mysite.com/banlist.php", ['HTTP_METHOD', 'POST', 'HTTP_MIMETYPE', 'application/x-www-form-urlencoded'], "password=s3cr3t&isBanned="+llEscapeURL(name)) and in PHP implement a simple function that checks the headers for information then uses the $_POST['password'] and checks which function to call. in the function you just insert into and select from as per SQL. All you need is one table in a DB. Alternatively you could experiment with www.w-hat.com's httpdb Hope this helps.

Welcome to the Second Life Forums Archive

Implementing "Global Blacklist" w/ PHP