Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

PHP and User Sessions

advertisement 
HOPE
User Sessions & The Include
Statement
Stewart Blakeway
FML 213
blakews@hope.ac.uk
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Last Week
• myPhpAdmin
HOPE
– Created a database
– Tables
– Fields
• Inserted Data
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Recap
1. Create a connection to the SQL Server
$conn = mysql_connect (“localhost”, “root”, “root”);
2. Select the database
HOPE
mysql_select_db (“database” , $conn);
3. Construct the SQL statement
$sql = (“what I want to do with the database”);
4. Execute the SQL
mysql_query ($sql,$conn);
www.hope.ac.uk
Faculty of Sciences and Social Sciences
To insert data
$sql = (“INSERT INTO table VALUES (‘value1’,
‘value2’,
‘value3’,…
))”;
HOPE
or
$sql = (“INSERT INTO table (fieldname1,
fieldname2,fieldname3,…) VALUES (
‘value1’,
‘value2’,
‘value3’,…
))”;
www.hope.ac.uk
Faculty of Sciences and Social Sciences
To get data
$sql = (“SELECT * FROM table”);
HOPE
or
$sql = (“SELECT * FROM table WHERE
fieldname = ‘value’”);
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Variations (Keywords)
Or
Top
Not Null
Unique
And
Order By
Update
Delete
Wildcards
Alias
Join
Inner Join
Primary Key
Foreign Key
Check
Default
Like
In
Between
Left Join
Right Join
Full Join
Create Index
Constraints
Union
HOPE
Distinct
Where
www.hope.ac.uk
Faculty of Sciences and Social Sciences
What will we cover today
HOPE
• The include statement
• Getting Data
• User Sessions
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Why
•
HOPE
•
To save coding! If you wish to change the
design of the corporate logo, motto,
navigation bar for example, it will save
changing all your pages
You need to authenticate the user before
allowing them to add records to your
database
www.hope.ac.uk
Faculty of Sciences and Social Sciences
The Include Statement
HOPE
• The include statement will include code into
your existing document
• This is an efficient way of scripting and
maintains consistency
• Why not just make a template? Because it is
as easy to use include!
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Example – head.php
<body>
<div id="apDiv1">
HOPE
<a href="home.php">home</a> |
<a href="about.php">about</a> |
<a href="courses.php">courses</a> |
<a href="tutors.php">tutors</a> |
<a href="contactUs.php">contact us</a>
<a href="register.php">register</a> |
<a href="login.php">log in</a>
</div>
<p>
<img src="../images/logo.gif" width="662" height="182" />
</p>
www.hope.ac.uk
Faculty of Sciences and Social Sciences
A file called Register.php
HOPE
<form id="form1" name="form1" method="post" action="doRegister.php">
<table>
<tr>
<td>Forename</td><td><input type="text" name="forename" id="forename" /></td>
</tr>
<tr>
<td>Surname</td><td><input type="text" name="surname" id="surname" /></td>
</tr>
<tr>
<td>Email Address</td><td><input type="text" name="email" id="email" /></td>
</tr>
<tr>
<td>Password</td><td><input type="password" name="password" id="password" /></td>
</tr>
<tr>
<td>Confirm Password</td><td><input type="password" name="cpassword" id="cpassword" /></td>
</tr>
</table>
<input type="submit" name="button" id="button" value="Submit" />
</form>
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Order of Precedence
1. Get the form working!
HOPE
its much easier to work with if the code is kept as
simple as possible, formatting code for images,
buttons, hyperlinks etc will only add code –
adding more work decoding
2. Apply the templates to make it look pretty
once all the hard coding – i.e. connection strings,
sql statements, passing of $POST variables are
done you can then make it look pretty!
www.hope.ac.uk
Faculty of Sciences and Social Sciences
ONE LINE!
• One line of code is all it takes
HOPE
include (“myfile.php”);
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Recap
HOPE
• You website will probably consist of 10 – 15
pages (possibly many more)
• If you change the design of the header,
footer, navigation bar on one page you
should change it on the rest! Consistency.
• Using include ensures that only one page
needs changing, the rest will update
automatically
include (“filename”);
www.hope.ac.uk
Faculty of Sciences and Social Sciences
User Sessions
HOPE
• You will have to authenticate the log in of the
user in order to allow the addition of records
into the database
• You have to follow certain steps in order to
ensure that the user is who they claim to be
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Authentication
HOPE
1. Display a login form
2. Get the user details
3. Match the user details against authorised
users that are stored in the database
4. Remember that the user is authenticated
when they move from one page to the next
– only if the details match
What would you do if the details did not match?
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Not authorised?
HOPE
1. Display a suitable message – username or
password incorrect.
and
2. Give the user another chance to login, they
could of pistyped – maybe at this point give
them a hint
or
2. Redirect the user to a Register page
www.hope.ac.uk
Faculty of Sciences and Social Sciences
The Login Page
start a session
if page not viewed
{
display the form to accept input
}
HOPE
else
{
1. get the details from the form
2. create an SQL statement that will match the
details obtained from the form against the
database
3. if details match, update the session to
reflect this
}
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Starting a session
HOPE
<?php
session_start();
?>
starting a session
MUST be the
first thing you do
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Checking
HOPE
You can check that the
session has started by
outputting the session id
echo session_id();
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Super Global Variables
HOPE
• A variable can be set inside a session
$_SESSION[‘variableName’] = “hello”;
Like $_POST
www.hope.ac.uk
the name
the value
Faculty of Sciences and Social Sciences
Stopping Sessions
HOPE
session_stop();
www.hope.ac.uk
Faculty of Sciences and Social Sciences
The SQL
$user = $_POST[‘username’];
$pw = $_POST[‘password’];
HOPE
$sql = "SELECT * FROM user WHERE username = '$user'
AND password = '$pw'";
What doesWhat
* mean
is user?
?
www.hope.ac.uk
Where is username?
Where is this from?
Faculty of Sciences and Social Sciences
Execute the SQL
HOPE
$result = mysql_query ($sql,$conn);
Put the data from the
database in here.
www.hope.ac.uk
Faculty of Sciences and Social Sciences
The Check
HOPE
$record = mysql_num_rows($result);
if ($record == 0)
{
echo "Incorrect Username or Password";
}
else
{
echo "LOGIN OK";
$_SESSION['authorised']='yes';
$_SESSION['user']=$user;
echo session_id();
}
www.hope.ac.uk
Faculty of Sciences and Social Sciences
What have we done?
HOPE
1. Started a session
2. Obtained user details from the login form
3. Matched them against authorised users in
the database
4. Created a global variable called authorised
and assigned the value yes
5. Created a global variable called user and
assigned the value username.
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Dynamic Web Pages
• Users should see appropriate information
– Should be able to view general information if not logged in
– Student (if logged in) should be able to view resources
• Lectures, Workshop Exercises, etc
HOPE
– Tutor (if logged in) should be able to add resources
• Lectures, Workshop Exercises, Quizzes, New Students, etc
– Administrator should be able to do anything
• Authorise new tutors, delete tutors, add courses, etc
• The fact that we started a session makes this very
easy
www.hope.ac.uk
Faculty of Sciences and Social Sciences
User trying to view course?
HOPE
if user not logged in
{
display login link
display register link
}
else
{
display course
}
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Checking if the user has logged in
HOPE
<?php
if (!isset($_SESSION['authorised']))
{
echo ("not authorised“);
echo ("<a href=\"login.php\">Login</a> |
<a href=\"register.php\">Register</a>“);
}
else
{
// display course
}
?>
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Functions
HOPE
if (!isset($_SESSION['authorised']))
{
notAuthorised();
}
else
{
displayCourse();
}
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Summary
HOPE
• Include Statement
• Sessions
–
–
–
–
starting
declaring variables
assignment to variables
retrieving variables
www.hope.ac.uk
Faculty of Sciences and Social Sciences
SQL QUIZ Q1
HOPE
tblPerson
•
Which is the correct to syntax to obtain all
records from tblPerson?
a)
b)
c)
d)
$result = mysql_connect (“tblPerson”, “*”,$conn);
$result = mysql_query (“SELECT * FROM tblPerson”,$conn);
$result = mysql_select_db (“*” FROM tblPerson,$conn);
$result = mysql (“SELECT all FROM tblPerson”,$conn);
www.hope.ac.uk
Faculty of Sciences and Social Sciences
SQL QUIZ Q2
HOPE
tblPerson
•
What is the purpose of DISTINCT ?
a)
b)
c)
d)
To only list unique values in columns
To only list the first row
To list the first row only if unique
To list all the rows and columns
www.hope.ac.uk
Faculty of Sciences and Social Sciences
SQL QUIZ Q3
HOPE
tblPerson
•
What is the correct syntax to add a new row ?
a)
b)
c)
d)
$sql = “INSERT INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’,
‘LIVERPOOL’ ,$conn)”
$sql = “ADD INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’,
‘LIVERPOOL’ ,$conn)”
$sql = “INSERT INTO tblPerson VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’,
‘LIVERPOOL’ ,$conn)”
$sql = “ADD INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’,
‘LIVERPOOL’ ,$conn”)
www.hope.ac.uk
Faculty of Sciences and Social Sciences
SQL QUIZ Q4
HOPE
tblPerson
•
What is the correct syntax to get the column
Lastname in ascending order ?
a)
$sql = “SELECT LastName FROM tblperson ORDER LastName ASC”;
b)
$sql = “GET LastName FROM tblperson ORDER LastName ASC”;
c)
$sql = “SELECT * FROM tblperson ORDER LastName ASC”;
d)
$sql = “SELECT LastName FROM tblperson ORDER BY LastName ASC”;
www.hope.ac.uk
Faculty of Sciences and Social Sciences
SQL QUIZ Q5
HOPE
tblPerson
•
What is the correct function to get a row from
$data returned from the database ?
a)
b)
c)
d)
mysql_get_line($data);
mysql_fetch_array($data);
mysql_obtain_row($data);
mysql_retrieve_row($data);
www.hope.ac.uk
Faculty of Sciences and Social Sciences
SQL QUIZ Q6
password
BLAKEWAY
hahaifidtellyou
HARTLEY
mypw
HUGHES
blahblah
HOPE
username
HUNTER
liverpool
LEARMOND
wolves
How
What
many
will rows
be
and
displayed
columnson
are
returned?
screen?
$conn = mysql_connect (“localhost”, “root”, “”);
mysql_select_db (“bookShop”);
$mysql = (“SELECT *
password
FROM user
user”);
FROM
WHERE
user”);
PASSWORD =
password
$result = mysql_query($sql,$conn);
‘liverpool’”);
$result = mysql_query($sql,$conn);
echo =
$row
$result;
$result[username];
mysql_fetch_array($result);
echowww.hope.ac.uk
$row[password];
Faculty of Sciences and Social Sciences
HOPE
Any Questions?
www.hope.ac.uk
Faculty of Sciences and Social Sciences
Related documents
Web Design and Database Course Outline and Content F27WD
Web Design and Database Course Outline and Content F27WD
Database Performance
Database Performance
sathyabama university - IndiaStudyChannel.com
sathyabama university - IndiaStudyChannel.com
DWHW_Assignment
DWHW_Assignment
Syntax Overview Example Creating file config.php
Syntax Overview Example Creating file config.php
Download
advertisement