Jsp, Tomcat, J2Ee, Hibernate Programming, Http Web Server Blog

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY 2. You now need to add the script that runs when the logout button is clicked. Amend the code above the DOCTYPE declaration like this (the code is in menu02.php): This is the same code as in Destroying a session earlier in the chapter. The only differences are that it s enclosed in a conditional statement so that it runs only when the logout button is clicked, and it uses header() to redirect the user to login.php. 3. Save menu.php and test it by clicking Log out. You should be redirected to login.php. Any attempt to return to menu.php or secretpage.php will bring you back to login.php. 4. You can put the same code in every restricted page; but PHP is all about saving work, not making it. It makes sense to turn this into an include file. Create a new file called logout.inc.php in the includes folder. Cut and paste the new code from steps 1 and 2 into the new file like this (it s in logout.inc.php in the download files): Go visit our java server pages services for a reliable, lowcost webhost to satisfy all your needs.

PAGES THAT REMEMBER: SIMPLE LOGIN AND MULTIPAGE FORMS // if session variable not set, redirect to login page if (!isset($_SESSION[’authenticated’])) { header(’Location: http://localhost/phpsolutions/sessions/login.php’); exit; } ?> After starting the session, the script checks whether $_SESSION[’authenticated’] has been set. If it hasn t, it redirects the user to login.php and exits. That s all there is to it! The script doesn t need to know the value of $_SESSION[’authenticated’], although you could make doubly sure by amending line 4 like this: if (!isset($_SESSION[’authenticated’]) || $_SESSION[’authenticated’] . != ‘Jethro Tull’) { This now also rejects a visitor if $_SESSION[’authenticated’] has the wrong value. 3. Save menu.php and secretpage.php, and try to load either of them into a browser. You should always be redirected to login.php. 4. Enter a valid username and password in login.php, and click Log in. You should be redirected immediately to menu.php, and the link to secretpage.php should also work. All you need to do to protect any page on your site is add the eight lines of code in step 2 above the DOCTYPE declaration. As well as logging into a site, users should be able to log out. PHP Solution 9-5: Creating a reusable logout button Continue working with the files from the preceding section. The finished files are in menu03.php, logout.inc.php, and secretpage02.php in the download files for this chapter. 1. Create a logout button in the of menu.php by inserting the following form:

The page should look similar to the following screenshot: 245
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY 3. Add the following short code block just after the opening tag to display any error messages, and save login.php: $error

“; } ?>

PAGES THAT REMEMBER: SIMPLE LOGIN AND MULTIPAGE FORMS // if there’s a match, set a session variable $_SESSION[’authenticated’] = ‘Jethro Tull’; break; } } // if the session variable has been set, redirect if (isset($_SESSION[’authenticated’])) { header(’Location: http://localhost/phpsolutions/sessions/ . menu.php’); exit; } // if the session variable hasn’t been set, refuse entry else { $error = ‘Invalid username or password.’; } } // error message to display if text file not readable else { $error = ‘Login facility unavailable. Please try later.’; } } ?> PHP Solution 7-2 explains how the original script reads the external text file, so I ll concentrate on the new code. First, the entire script has been moved above the DOCTYPE declaration and is enveloped in a conditional statement. The name attribute of the submit button is login, so array_key_exists() checks whether it s in the $_POST array to ensure that the script runs only when the form is submitted. You need to initiate a session only if the form has been submitted, so the first command inside the conditional statement is session_start(). Although the user input is unlikely to contain quotes, it s wise to strip any backslashes from the $_POST array, so corefuncs.php is included and a call made to nukeMagicQuotes() (see Chapter 3). The next section of new code is inside the loop that extracts the name and password from each line. If the record matches username and pwd in the $_POST array, the script creates a variable called $_SESSION[’authenticated’] and assigns it the name of one of the great folk-rock bands of the 70s. There s nothing magic about either of these (apart from Jethro Tull s music); I ve chosen the name and value of the variable arbitrarily. All that matters is a session variable is created. Since you re looking for only one record, you can use break to exit the loop as soon as a match is found. The rest of the script checks whether the session variable has been created. If it has, the user is redirected to menu.php by the header() function (adjust the URL to match your setup, if necessary), and exit prevents the script from running any further. If the session variable hasn t been set, the username and/or password weren t found, and a suitable error message is prepared. The final else clause prepares a different error message in the event that the external file couldn t be read. 243
From our experience, we can recommend PHP5 Web Hosting services, if you need affordable webhost to host and run your web application.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY PHP Solution 9-3: Building the login page The finished code for this page is in login.php in the download files for this chapter. 1. Create a file called login.php in the sessions folder, and build a form with a text input field each for username and password, plus a submit button named login, like this:

Username:

Password

2. Now add the PHP code above the DOCTYPE declaration to process the login form. It s adapted from the main PHP code block in file.php in Chapter 7, so you can copy and paste most of it from the earlier file. All the changes are highlighted in bold. $tmp[0], ‘password’ => . rtrim($tmp[1])); // check for a matching record if ($users[$i][’name’] == $_POST[’username’] && . $users[$i][’password’] == $_POST[’pwd’]) {
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

PAGES THAT REMEMBER: SIMPLE LOGIN AND MULTIPAGE FORMS You need to get rid of the warning message in step 8, not only because it looks bad, but also because it means setcookie() can t invalidate the session cookie. Even though session_start() comes immediately after the opening PHP tag in session03.php, the warning message is triggered by the DOCTYPE declaration, the , and other XHTML being output before setcookie(). Although you could put setcookie() in the PHP block above the DOCTYPE declaration, you would also need to assign the value of $_SESSION[’name’] to an ordinary variable, because it ceases to exist after the session is destroyed. Rather than pull the whole script apart, the answer is to buffer the output with ob_start(). PHP Solution 9-2: Buffering the output with ob_start() Continue working with session03.php from the previous section. 1. Amend the PHP block above the DOCTYPE declaration like this: This turns on output buffering and prevents output being sent to the browser until the end of the script, or until you specifically flush the output with ob_end_flush(). 2. Flush the output immediately after invalidating the session cookie like this: // invalidate the session cookie if (isset($_COOKIE[session_name()])) { setcookie(session_name(), ‘’, time()-86400, ‘/’); } ob_end_flush(); 3. Save session03.php and test the sequence again. This time, there should be no warning. More importantly, the session cookie will no longer be valid. As you have just seen, the combination of session variables and conditional statements lets you present completely different pages to a visitor depending on whether a session vari able has been set. All you need to do is add a password checking system, and you have a basic user authentication system. Using file-based authentication In PHP Solution 7-2, I showed you how to use the file() function to read each line of a text file into an array. You can now adapt that script to create a simple login system using sessions. Each person s username and password is separated by a comma and recorded on a new line of a text file like this: david, codeslave chris, bigboss I ll use the same text file as before: filetest03.txt, which is in the private folder that was set up in Chapter 7. Refer back to Chapter 7 if you haven t already set up a folder for PHP to read and write files. 241
If you are looking for affordable and reliable webhost to host and run your business application visit our ftp web hosting services.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY If $_SESSION[’name’] has been set, the page displays it, then unsets it and invalidates the current session cookie. By placing session_destroy() at the end of the first code block, the session and its associated variables will cease to be available. 6. Load session01.php into a browser, and type your name in the text field. Click Submit. 7. You should see something like the following screenshot. At this stage there is no apparent difference between what happens here and in an ordinary form. 8. When you click Next, the power of sessions begins to show. The page remembers your name, even though the $_POST array is no longer available to it. There s a problem, though, with that headers already sent error message. We ll fix that later. 9. Click the link to Page 2 (just below the error message). The session has been destroyed, so this time session02.php has no idea who you are. 10. Type the address of session03.php in the browser address bar and load it. It, too, has no recollection of the session, and displays an appropriate message.
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

PAGES THAT REMEMBER: SIMPLE LOGIN AND MULTIPAGE FORMS if (isset($_SESSION[’name’])) { // if set, greet by name echo ‘Hi, ‘.$_SESSION[’name’].’. Next‘; } else { // if not set, send back to login echo ‘Who are you? Login‘; } ?> If $_SESSION[’name’] has been set, a welcome message is displayed along with a link to session03.php. Otherwise, the page tells the visitor that it doesn t recognize who s trying to gain access, and provides a link back to the first page. Take care when typing the following line: echo ‘Hi, ‘.$_SESSION[’name’].’. Next‘; The first two periods (surrounding $_SESSION[’name’]) are the PHP concatena- tion operator. The third period (immediately after a single quote) is an ordinary period that will be displayed as part of the string. 4. Create session03.php. Type the following above the DOCTYPE to initiate the session: 5. Insert the following code between the tags of session03.php: ‘; // unset session variable unset($_SESSION[’name’]); // invalidate the session cookie if (isset($_COOKIE[session_name()])) { setcookie(session_name(), ‘’, time()-86400, ‘/’); } // end session session_destroy(); echo ‘Page 2‘; } else { // display if not recognized echo ‘Sorry, I don’t know you.
‘; echo ‘Login‘; } ?> 239
Check Tomcat Web Hosting services for best quality webspace to host your web application.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY Using sessions to restrict access The first words that probably come to mind when thinking about restricting access to a website are username and password. Although these generally unlock entry to a site, neither is essential to a session. You can store any value as a session variable and use it to determine whether to grant access to a page. For instance, you could create a variable called $_SESSION[’status’] and give visitors access to different parts of the site depending on its value, or no access at all if it hasn t been set. A little demonstration should make everything clear, and show you how sessions work in practice. PHP Solution 9-1: A simple session example This should take only a few minutes to build, but you can also find the complete code in session01.php, session02.php, and session03.php, in the download files for this chapter. 1. Create a page called session01.php in a new folder called sessions in the phpsolutions site root. Insert a form with a text field called name and a submit button. Set the method to post and action to session02.php. The form should look like this:

2. In another page called session02.php, insert this above the DOCTYPE declaration: The inline comments explain what s going on. The session is started, and as long as $_POST[’name’] isn t empty, its value is assigned to $_SESSION[’name’]. 3. Insert the following code between the tags in session02.php: Searching for affordable and proven webhost to host and run your servlet applications? Go to Linux Web Hosting services and you will find it.

PAGES THAT REMEMBER: SIMPLE LOGIN AND MULTIPAGE FORMS Destroying a session By itself, unsetting all the session variables effectively prevents any of the information from being reused, but you should also invalidate the session cookie like this: if (isset($_COOKIE[session_name()])) { setcookie(session_name(), ‘’, time()-86400, ‘/’); } This uses the function session_name() to get the name of the session dynamically, and resets the session cookie to an empty string and to expire 24 hours ago (86400 is the number of seconds in a day). The final argument (’/') applies the cookie to the whole domain. Finally, destroy the session with the following command: session_destroy(); By destroying a session like this, there is no risk of an unauthorized person gaining access either to a restricted part of the site or to any information exchanged during the session. However, a visitor may forget to log out, so it s not always possible to guarantee that the session_destroy() command will be triggered, which is why it s so important not to store sensitive information in a session variable. You may find session_register() and session_unregister() in old scripts. These functions are deprecated. Use $_SESSION[’variable_name’] and unset($_SESSION[’variable_name’]) instead. The Headers already sent error Although using PHP sessions is very easy, there s one problem that causes beginners a great deal of head banging. Instead of everything working the way you expect, you see the following message: Warning: Cannot add header information - headers already sent I ve mentioned this problem several times before in conjunction with the header() func tion. It affects session_start() and setcookie() as well. In the case of session_start(), the solution is simple: make sure that you put it immediately after the opening PHP tag (or very soon thereafter), and check that there s no whitespace before the opening tag. Some Mac users say they get the problem even if there is no whitespace ahead of the PHP tag. This is usually caused by editing software inserting an invisible control character at the beginning of the script. If this happens to you, try a different script editor. When using setcookie() to destroy the session cookie, though, it s quite likely that you may need to send output to the browser before calling the function. In this case, PHP lets you save the output in a buffer using ob_start(). You then flush the buffer with ob_end_flush() after setcookie() has done its job. I ll show you how to do this in PHP Solution 9-2. 237
We recommend high quality webhost to host and run your jsp application: christian web host services.