Difference between revisions of "PHP114"

From mi-linux
Jump to navigationJump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Main Page]] >> [[CP2228|Interactive Systems Development]] >> [[PHP|Workbook]] >> xxx
+
[[Main Page]] >> [[CP2228|Web Application Development]] >> [[PHP|Workbook]] >> Sessions
  
 
As discussed in the [[PHP113|cookies]] chapter, achieving state in a web based system is critical to the functionality of most modern websites.  Cookies are an ideal way to store a small piece of information, but when greater quantities of data (or sensitive data) is required to be held "in state", a more appropriate method would be to use sessions.
 
As discussed in the [[PHP113|cookies]] chapter, achieving state in a web based system is critical to the functionality of most modern websites.  Cookies are an ideal way to store a small piece of information, but when greater quantities of data (or sensitive data) is required to be held "in state", a more appropriate method would be to use sessions.
Line 22: Line 22:
 
Create the following and name the file "page1.php"
 
Create the following and name the file "page1.php"
 
  <nowiki>
 
  <nowiki>
<? session_start(); ?>
+
<?php session_start(); ?>
 
  <html>
 
  <html>
 
   <head>
 
   <head>
Line 28: Line 28:
 
   </head>
 
   </head>
 
   <body>
 
   <body>
  <?
+
  <?php
   if (isset($_SESSION["firstName"]))
+
   if (isset($_SESSION["firstName"])) {
  {
 
 
     echo "<h1>Welcome ".$_SESSION["firstName"]." ".$_SESSION["lastName"]."</h1>";
 
     echo "<h1>Welcome ".$_SESSION["firstName"]." ".$_SESSION["lastName"]."</h1>";
   }
+
   } else {
  else
 
  {
 
 
     echo "<h1>Welcome Visitor - please sign in</h1>";
 
     echo "<h1>Welcome Visitor - please sign in</h1>";
 
   }
 
   }
Line 44: Line 41:
 
And create the registration page and name this "register.php"
 
And create the registration page and name this "register.php"
 
  <nowiki>
 
  <nowiki>
<? session_start(); ?>
+
<?php session_start(); ?>
 
  <html>
 
  <html>
 
   <head>
 
   <head>
Line 51: Line 48:
 
   <body>
 
   <body>
 
     <form method="post" action="<?= $_SERVER["PHP_SELF"]; ?>">
 
     <form method="post" action="<?= $_SERVER["PHP_SELF"]; ?>">
  <?
+
  <?php
   $firstName=""; $lastName="";
+
   $firstName = ""; $lastName = "";
  
   if (isset($_POST["updateDetails"])) // if a request to update the session has been received...
+
   if (isset($_POST["updateDetails"])) { // if a request to update the session has been received...
  {
+
     $_SESSION["firstName"] = $_POST["firstName"];
     $_SESSION["firstName"]=$_POST["firstName"];
+
     $_SESSION["lastName"] = $_POST["lastName"];
     $_SESSION["lastName"]=$_POST["lastName"];
 
 
     echo "<h1>UPDATED!</h1>";
 
     echo "<h1>UPDATED!</h1>";
 
   }
 
   }
  
   if (isset($_SESSION["firstName"])) // if the names are already set in the session...
+
   if (isset($_SESSION["firstName"])) { // if the names are already set in the session...
  {
+
     $firstName = $_SESSION["firstName"];
     $firstName=$_SESSION["firstName"];
+
     $lastName = $_SESSION["lastName"];
     $lastName =$_SESSION["lastName"];
 
 
   }
 
   }
 
  ?>
 
  ?>
Line 96: Line 91:
 
=== 1. &  2. - Our SESSION logged in indicator ===
 
=== 1. &  2. - Our SESSION logged in indicator ===
 
  <nowiki>
 
  <nowiki>
  if ($_SESSION["loggedIn"]==true)    // a user has logged in
+
  if ($_SESSION["loggedIn"] == true)    // a user has logged in
  
 
  if (!isset($_SESSION["loggedIn"]))  // a user has not logged in - the SESSION variable has not been set
 
  if (!isset($_SESSION["loggedIn"]))  // a user has not logged in - the SESSION variable has not been set
  
  $_SESSION["loggedIn"]=true;    // set when a user is authenticated</nowiki>
+
  $_SESSION["loggedIn"] = true;    // set when a user is authenticated</nowiki>
  
 
=== 2.1 & 2.2 - Making decisions based on the indicator ===
 
=== 2.1 & 2.2 - Making decisions based on the indicator ===
  
 
  <nowiki>
 
  <nowiki>
  if (!isset($_SESSION["loggedIn"]))
+
  if (!isset($_SESSION["loggedIn"])) {
{
 
 
   include ("loginPage.html");
 
   include ("loginPage.html");
 
   exit;
 
   exit;
Line 124: Line 118:
 
'''confirm.php'''
 
'''confirm.php'''
 
  <nowiki>
 
  <nowiki>
  <?
+
  <?php
   if (isset($_POST["username"]))
+
   if (isset($_POST["username"])) {
  {
+
     if (($_POST["username"] == "myUser") && ($_POST["password"] == "myPassword")) { // VALID LOGIN
     if (($_POST["username"]=="myUser") && ($_POST["password"]=="myPassword")) // VALID LOGIN
+
       $_SESSION["loggedIn"] = true;
    {
 
       $_SESSION["loggedIn"]=true;
 
 
       echo "Successful Login - <a href=\"index.php\">Return to the Homepage</a>";
 
       echo "Successful Login - <a href=\"index.php\">Return to the Homepage</a>";
     }
+
     } else { // INVALID LOGIN
    else // INVALID LOGIN
 
    {
 
 
       echo "wrong username and password - click back to try again";
 
       echo "wrong username and password - click back to try again";
 
     }
 
     }
   }
+
   } else { // NO USERNAME ENTERED
  else // NO USERNAME ENTERED
 
  {
 
 
     echo "username is blank - click back to try again";
 
     echo "username is blank - click back to try again";
 
   }
 
   }
?></nowiki>
+
?></nowiki>
  
 
== Put all the parts together ==
 
== Put all the parts together ==
Line 149: Line 137:
 
  <nowiki>
 
  <nowiki>
 
   session_start();
 
   session_start();
   if (!isset($_SESSION["loggedIn"]))
+
   if (!isset($_SESSION["loggedIn"])) {
  {
 
 
     include ("loginPage.html");
 
     include ("loginPage.html");
 
     exit;
 
     exit;
Line 156: Line 143:
  
 
==Ready to move on?==
 
==Ready to move on?==
[[PHP198|PHP198 - Final Thoughts on PHP introduction]]
+
Okay [[PHP115|next topic]]!

Latest revision as of 12:24, 6 September 2016

Main Page >> Web Application Development >> Workbook >> Sessions

As discussed in the cookies chapter, achieving state in a web based system is critical to the functionality of most modern websites. Cookies are an ideal way to store a small piece of information, but when greater quantities of data (or sensitive data) is required to be held "in state", a more appropriate method would be to use sessions.

Basics of Sessions

Sessions are in essence, the same as cookies in that a series of variables and their associated content can be stored and retrieved between pages. The primary difference is that session variables are stored on the server whereas cookies are stored on the client. A number of advantages can be gained from storing variables on the server:

  1. Secure information (such as passwords) need not be sent backwards and forwards repeatedly between client and server in viewable text format
  2. Using cookies, larger quantities of variables slow down the request/response transaction, as each one needs to be sent with every page move on a given site

So how does the server know which variables belong to which user?

In order to match variables with users, a unique session id is generated and is stored as either a cookie on the browser (if cookie support is enabled) or is sent as part of the URL. Storing as cookies is preferable, as the session id is less likely to be seen by other users.

IMPORTANT NOTE: In order to use sessions, each PHP file that uses sessions has to have the PHP command:

session_start();

at the top of the file

A form based example

Create the following and name the file "page1.php"

<?php session_start(); ?>
 <html>
   <head>
     <title>Sessions - Main Page</title>
   </head>
   <body>
 <?php
   if (isset($_SESSION["firstName"])) {
     echo "<h1>Welcome ".$_SESSION["firstName"]." ".$_SESSION["lastName"]."</h1>";
   } else {
     echo "<h1>Welcome Visitor - please sign in</h1>";
   }
 ?>
 <p>If you have not visited the <a href="register.php">Registration Page</a>, please do so now.</p>
 </body>
 </html>

And create the registration page and name this "register.php"

<?php session_start(); ?>
 <html>
   <head>
     <title>Sessions - Registration Page</title>
   </head>
   <body>
     <form method="post" action="<?= $_SERVER["PHP_SELF"]; ?>">
 <?php
   $firstName = ""; $lastName = "";

   if (isset($_POST["updateDetails"])) { // if a request to update the session has been received...
     $_SESSION["firstName"] = $_POST["firstName"];
     $_SESSION["lastName"] = $_POST["lastName"];
     echo "<h1>UPDATED!</h1>";
   }

   if (isset($_SESSION["firstName"])) { // if the names are already set in the session...
     $firstName = $_SESSION["firstName"];
     $lastName = $_SESSION["lastName"];
   }
 ?>
     <p>Enter First Name: <input type="text" name="firstName" value="<?= $firstName; ?>"></p>
     <p>Enter Last Name: <input type="text" name="lastName" value="<?= $lastName; ?>"></p>
     <p><input type="submit" name="updateDetails" value="Update"></p>
     </form>
     <p><a href="page1.php">Back to page 1</a></p>
   </body>
 </html>

EXERCISE: try and add some session variables in your site.

Authentication and Sessions Example

Using sessions, we can check at the top of each of our PHP pages, whether or not a user has logged in. If they have not, we can prompt them to login before seeing any content, in a similar fashion to the way the WIKI works.

Design Concepts

1. We need a SESSION variable that holds an indicator of whether or not a user has logged in

2. We need to check that SESSION variable at the top of every page

2.1 If the user has logged in, we can proceed to the rest of the page

2.2 If the user has not logged in, we must prompt them to login

3. We need a login form

4. We need a page that authenticates the user and password

1. & 2. - Our SESSION logged in indicator

 if ($_SESSION["loggedIn"] == true)     // a user has logged in

 if (!isset($_SESSION["loggedIn"]))  // a user has not logged in - the SESSION variable has not been set

 $_SESSION["loggedIn"] = true;     // set when a user is authenticated

2.1 & 2.2 - Making decisions based on the indicator

 if (!isset($_SESSION["loggedIn"])) {
   include ("loginPage.html");
   exit;
 }
 // else user is logged in, show rest of page

3. The Login Form

loginPage.html

 <form action="confirm.php" method="POST">
   <input type="text" name="username">
   <input type="password" name="password">
   <input type="submit" value="Login">
 </form>

4. The Authentication Script

confirm.php

 <?php
   if (isset($_POST["username"])) {
     if (($_POST["username"] == "myUser") && ($_POST["password"] == "myPassword")) { // VALID LOGIN
       $_SESSION["loggedIn"] = true;
       echo "Successful Login - <a href=\"index.php\">Return to the Homepage</a>";
     } else { // INVALID LOGIN
       echo "wrong username and password - click back to try again";
     }
   } else { // NO USERNAME ENTERED
     echo "username is blank - click back to try again";
   }
?>

Put all the parts together

Put the following code at the top of every one of your pages, to automatically prompt a user who is not logged in, to login regardless of the page they try to access

   session_start();
   if (!isset($_SESSION["loggedIn"])) {
     include ("loginPage.html");
     exit;
   }

Ready to move on?

Okay next topic!