Chapter Secure.php The main purpose of this file is to clean up the data to prevent SQL injections, data validations, and so on It is important to clean the data before entering or manipulating with the server Now let's add the PHP power to our signup.php script with the following code: Let's break down the code into functionality, as this helps us to understand it better • Include the common scripts such as DBConfig.php and Secure.php require_once 'DBConfig.php'; require_once 'Secure.php'; • Check if the data has been posted if ($_SERVER['REQUEST_METHOD'] == 'POST') • Read the DB settings to get dbhost,dbname, dbuser, and dbpassword $settings = DBConfig::getSettings(); • Clean the user input $secure = new Secure(); $uname = $secure->clean_data($uname, $db_handle); $pword = $secure->clean_data($pword, $db_handle); [ 52 ] This material is copyright and is licensed for the sole use by Richard Ostheimer on 18th June 2009 Please purchase PDF Split-Merge hildawww.verypdf.com to remove this watermark 2205 on ave., , missoula, , 59801 Chapter • Run the INSERT query to add users and get the results $SQL = "INSERT INTO users (userID,Username,password) VALUES (NULL,$uname, md5($pword))"; • If a user is added successfully, set SESSION['login'] as 1, which will tell our system that the user is logged in We can also prompt the user with errors that were caused during operations • Prompt the errors $errorMessage = "Database Not Found"; Finally, the sign-up page should be like the screenshot that follows: Now, let's move on to the login.php page details We have added the user successfully to our user's table It's probably a good idea to cross-check Fire up the web browser, open phpMyAdmin, and navigate to the user table under the books database Alternatively, we can also check through the login.php page Login.php Again, we are creating a simple user interface using HTML to show the user a simple form where he or she will be required to enter a username and password Login Here!!! [ 53 ] This material is copyright and is licensed for the sole use by Richard Ostheimer on 18th June 2009 Please purchase PDF Split-Merge hildawww.verypdf.com to remove this watermark 2205 on ave., , missoula, , 59801 Server-side Techniques with PHP and MySQL Already Registered? Sign-in!!! Username: Let's add some spice with the PHP power Add the following code to the login.php file that we just created: [ 55 ] This material is copyright and is licensed for the sole use by Richard Ostheimer on 18th June 2009 Please purchase PDF Split-Merge hildawww.verypdf.com to remove this watermark 2205 on ave., , missoula, , 59801 Server-side Techniques with PHP and MySQL Let's break down the code into functionality once again: • Include the common scripts such as DBConfig.php and Secure.php require_once 'DBConfig.php'; require_once 'Secure.php'; • Check if the data has been posted if ($_SERVER['REQUEST_METHOD'] == 'POST'){ • Read the ������������������������� dbhost, dbname, dbusername, and database ���������������� settings to get dbpassword $settings = DBConfig::getSettings(); • Clean the user input $uname = $secure->clean_data($uname, $db_handle); $pword = $secure->clean_data($pword, $db_handle); • Run the SELECT query to check if the username and password entered by the user matches to the ones present in the database table, and get the results $SQL = "SELECT * FROM users WHERE username =$uname AND password= md5($pword)"; • If username and password matches, set SESSION['login'] as 1, which will tell our system the user is logged in; or else prompt him with errors that were caused during operations At the end of this part, we should be able to see the application as shown in the following screenshot� : [ 56 ] This material is copyright and is licensed for the sole use by Richard Ostheimer on 18th June 2009 Please purchase PDF Split-Merge hildawww.verypdf.com to remove this watermark 2205 on ave., , missoula, , 59801 Chapter Index.php Take a look at the index.php file This is pretty much a straightforward approach Only users who are logged in will be able to see this data Using SESSION, we check if the user is logged in or not Home Page Thank God.You logged In, system admin was rude with me!!!!
This is where all the protected contents come into picture
Log out Breaking this code down as per functionality, we the following: • Check if the SESSION variable login is set session_start(); if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) { header ("Location: login.php"); } • If set, show the user the page details • Else, redirect him to login.php [ 57 ] This material is copyright and is licensed for the sole use by Richard Ostheimer on 18th June 2009 Please purchase PDF Split-Merge hildawww.verypdf.com to remove this watermark 2205 on ave., , missoula, , 59801 Server-side Techniques with PHP and MySQL We should now have reached a level where our application will look like the following screenshot: Logout.php Finally, we come to our last script Logout.php The purpose of this script is to destroy the sessions that we have set, while logging the user inside the application Logout Okay, destroyed the sessions of the user Now try hitting the back button You should be able to see the login page :)
User Logged Out
Want to Login again? Login Here The logout interface is shown in the following screenshot: [ 58 ] This material is copyright and is licensed for the sole use by Richard Ostheimer on 18th June 2009 Please purchase PDF Split-Merge hildawww.verypdf.com to remove this watermark 2205 on ave., , missoula, , 59801 Server-side Techniques with PHP and MySQL Now that we have our database table tags ready, it's time to populate the table with some data The code to insert a tag in the table is given here: INSERT INTO `tags` ( `tagID` , `tagName` , `count` ) 'Prototype', '3' ); VALUES ( NULL , Feel free to add more tags to see a huge tag cloud Moving on, let's the coding part of the tag cloud
