Error handling

advertisement
Error handling
Unit 27 Web Server Scripting
Extended Diploma in ICT
Criteria M4 and D4
• M4 implement an error log for a website using web
server scripting.
• D2 create a web application to generate website
statistics using web server scripting
• We will create a function which will record errors in a log
file
• The function can be called when there is an error on
logging in (M4)
• We will record the IP address of who has logged in
Modify the logon script
Create a customised error handler which will
•
Log the date and time of the error in a file
•
Log the type of error and a message
•
Show the error on the screen
•
Inform the user that the error has been logged
The error handler will be called if there is an invalid username and
password
logon.php 1
<?php
$user = $_POST["username"];
$pass = $_POST["password"];
$validated = false;
//error handler
function customError($errno, $errstr)
{
echo "<b>Error:</b> [$errno] $errstr<br />";
echo "The error has been logged.";
error_log(date (DATE_RSS)." Error: [$errno]
$errstr".chr(13).chr(10),3, "invalidlogin.txt");
}
logon.php 2
//set error handler
set_error_handler("customError",E_USER_WARNING);
session_start();
$_SESSION['login'] = "";
if($user!="" && $pass!="")
{
$conn = @mysql_connect ("studentnn.computing.hct.ac.uk",
"studentnn", "pasword") or die ("Sorry - unable to
connect to MySQL database.");
$rs = @mysql_select_db ("database", $conn) or die ("error");
$sql = "SELECT * FROM user WHERE username = '$user' AND
password = '$pass'";
$rs = mysql_query($sql,$conn);
$result = mysql_num_rows($rs);
logon.php 3
if ($result > 0) $validated = true;
if($validated)
{
$_SESSION['login'] = "OK";
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
header('Location: protected1.php');
}
else
{
$_SESSION['login'] = "";
trigger_error("Invalid username or password\n", E_USER_WARNING);
}
}
else $_SESSION['login'] = "";
?>
logon.php 4
<html>
<body>
<h1>Logon Page</h1>
<p>Please enter your username and password:</p>
<form action="logon.php" method="post">
<table>
<tr>
<td align="right">Username: </td>
<td><input size=\"20\" type="text" size="20" maxlength="15"
name="username"></td>
</tr>
<tr>
<td align="right">Password: </td>
<td><input size=\"20\" type="password" size="20" maxlength="15"
name="password"></td>
</tr>
logon.php 5
<tr>
<td> </td>
<td colspan="2" align="left"><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
invalidlogin.txt
Sun, 20 May 2012 22:58:01 +0100 Error: [512]
Invalid username or password
Tue, 29 May 2012 18:11:00 +0100 Error: [512]
Invalid username or password
Screen shot
Logging the IP address
We need to capture the IP address and date
$ip = $_SERVER["REMOTE_ADDR"];
$date = date(“d-m-Y H:i:s");
Appending to a file
$file = 'login.txt';
// Open the file to get existing content
$current = file_get_contents($file);
// Append login information to the file
$current .= "$user logged in from IP Address
of $ip on $date"."\r\n";
// Write the contents back to the file
file_put_contents($file, $current);
Insert this code into login.php
if ($result > 0) $validated = true;
if($validated)
{
$_SESSION['login'] = "OK";
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
$ip = $_SERVER["REMOTE_ADDR"];
$date = date(“d-m-Y H:i:s");
$file = 'login.txt';
// Open the file to get existing content
$current = file_get_contents($file);
// Append a new person to the file
$current .= "$user logged in from IP Address of $ip on $date"."\r\n";
// Write the contents back to the file
file_put_contents($file, $current);
header('Location: protected1.php');
}
login.txt
Download