www.hope.ac.uk faculty of sciences and social sciences hope user sessions & the include...
Post on 19-Dec-2015
217 views
TRANSCRIPT
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
User Sessions & The Include Statement
Stewart Blakeway
FML 213
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Last Week
• myPhpAdmin– Created a database– Tables– Fields
• Inserted Data
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Recap
1. Create a connection to the SQL Server$conn = mysql_connect (“localhost”, “root”, “root”);
2. Select the databasemysql_select_db (“database” , $conn);
3. Construct the SQL statement$sql = (“what I want to do with the database”);
4. Execute the SQLmysql_query ($sql,$conn);
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
To insert data$sql = (“INSERT INTO table VALUES (‘value1’,
‘value2’,‘value3’,…
))”;
or
$sql = (“INSERT INTO table (fieldname1, fieldname2,fieldname3,…) VALUES (
‘value1’,‘value2’,‘value3’,…
))”;
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
To get data
$sql = (“SELECT * FROM table”);
or
$sql = (“SELECT * FROM table WHERE
fieldname = ‘value’”);
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Variations (Keywords)
Distinct Or Not Null
Where Top Unique
And Wildcards Primary Key
Order By Alias Foreign Key
Update Join Check
Delete Inner Join Default
Like Left Join Create Index
In Right Join Constraints
Between Full Join Union
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What will we cover today
• The include statement• Getting Data• User Sessions
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Why
• To save coding! If you wish to change the design of the corporate logo, motto, navigation bar for example, it will save changing all your pages
• You need to authenticate the user before allowing them to add records to your database
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
The Include Statement
• The include statement will include code into your existing document
• This is an efficient way of scripting and maintains consistency
• Why not just make a template? Because it is as easy to use include!
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Example – head.php<body>
<div id="apDiv1">
<a href="home.php">home</a> | <a href="about.php">about</a> | <a href="courses.php">courses</a> | <a href="tutors.php">tutors</a> | <a href="contactUs.php">contact us</a><a href="register.php">register</a> | <a href="login.php">log in</a>
</div>
<p>
<img src="../images/logo.gif" width="662" height="182" />
</p>
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
A file called Register.php<form id="form1" name="form1" method="post" action="doRegister.php"> <table> <tr> <td>Forename</td><td><input type="text" name="forename" id="forename" /></td> </tr> <tr> <td>Surname</td><td><input type="text" name="surname" id="surname" /></td> </tr> <tr> <td>Email Address</td><td><input type="text" name="email" id="email" /></td> </tr> <tr> <td>Password</td><td><input type="password" name="password" id="password" /></td> </tr> <tr> <td>Confirm Password</td><td><input type="password" name="cpassword" id="cpassword" /></td> </tr> </table> <input type="submit" name="button" id="button" value="Submit" /></form>
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Order of Precedence
1. Get the form working!its much easier to work with if the code is kept as
simple as possible, formatting code for images, buttons, hyperlinks etc will only add code – adding more work decoding
2. Apply the templates to make it look prettyonce all the hard coding – i.e. connection strings,
sql statements, passing of $POST variables are done you can then make it look pretty!
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
ONE LINE!
• One line of code is all it takes
include (“myfile.php”);
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Recap
• You website will probably consist of 10 – 15 pages (possibly many more)
• If you change the design of the header, footer, navigation bar on one page you should change it on the rest! Consistency.
• Using include ensures that only one page needs changing, the rest will update automatically
include (“filename”);
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
User Sessions
• You will have to authenticate the log in of the user in order to allow the addition of records into the database
• You have to follow certain steps in order to ensure that the user is who they claim to be
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Authentication
1. Display a login form2. Get the user details3. Match the user details against authorised
users that are stored in the database4. Remember that the user is authenticated
when they move from one page to the next – only if the details match
What would you do if the details did not match?
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Not authorised?
1. Display a suitable message – username or password incorrect.
and
2. Give the user another chance to login, they could of pistyped – maybe at this point give them a hint
or
3. Redirect the user to a Register page
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
The Login Pagestart a session
if page not viewed
{
display the form to accept input
}
else
{
1. get the details from the form
2. create an SQL statement that will match the details obtained from the form against the database
3. if details match, update the session to reflect this
}
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Starting a session
<?php
session_start();
?>
starting a session MUST be the
first thing you do
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Checking
You can check that the session has started by outputting the session id
echo session_id();
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Super Global Variables
• A variable can be set inside a session
$_SESSION[‘variableName’] = “hello”;
Like $_POST the name the value
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Stopping Sessions
session_stop();
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
The SQL
$user = $_POST[‘username’];
$pw = $_POST[‘password’];
$sql = "SELECT * FROM user WHERE username = '$user' AND password = '$pw'";
What does * mean ?What is user? Where is username?Where is this from?
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Execute the SQL
$result = mysql_query ($sql,$conn);
Put the data from the database in here.
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
The Check$record = mysql_num_rows($result);
if ($record == 0){echo "Incorrect Username or Password";}
else{echo "LOGIN OK";$_SESSION['authorised']='yes';$_SESSION['user']=$user;echo session_id();}
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
What have we done?
1. Started a session
2. Obtained user details from the login form
3. Matched them against authorised users in the database
4. Created a global variable called authorised and assigned the value yes
5. Created a global variable called user and assigned the value username.
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Dynamic Web Pages• Users should see appropriate information
– Should be able to view general information if not logged in
– Student (if logged in) should be able to view resources• Lectures, Workshop Exercises, etc
– Tutor (if logged in) should be able to add resources• Lectures, Workshop Exercises, Quizzes, New Students, etc
– Administrator should be able to do anything• Authorise new tutors, delete tutors, add courses, etc
• The fact that we started a session makes this very easy
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
User trying to view course?
if user not logged in
{
display login link
display register link
}
else
{
display course
}
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Checking if the user has logged in<?phpif (!isset($_SESSION['authorised']))
{echo ("not authorised“);echo ("<a href=\"login.php\">Login</a> |<a href=\"register.php\">Register</a>“);}
else{
// display course}
?>
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Functionsif (!isset($_SESSION['authorised'])) { notAuthorised(); }else {
displayCourse();
}
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Summary
• Include Statement• Sessions– starting– declaring variables– assignment to variables– retrieving variables
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
SQL QUIZ Q1
• Which is the correct to syntax to obtain all records from tblPerson?
a) $result = mysql_connect (“tblPerson”, “*”,$conn);
b) $result = mysql_query (“SELECT * FROM tblPerson”,$conn);
c) $result = mysql_select_db (“*” FROM tblPerson,$conn);
d) $result = mysql (“SELECT all FROM tblPerson”,$conn);
tblPerson
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
SQL QUIZ Q2
• What is the purpose of DISTINCT ?a) To only list unique values in columns
b) To only list the first row
c) To list the first row only if unique
d) To list all the rows and columns
tblPerson
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
SQL QUIZ Q3
• What is the correct syntax to add a new row ?a) $sql = “INSERT INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’,
‘LIVERPOOL’ ,$conn)”
b) $sql = “ADD INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’, ‘LIVERPOOL’ ,$conn)”
c) $sql = “INSERT INTO tblPerson VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’, ‘LIVERPOOL’ ,$conn)”
d) $sql = “ADD INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’, ‘LIVERPOOL’ ,$conn”)
tblPerson
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
SQL QUIZ Q4
• What is the correct syntax to get the column Lastname in ascending order ?
a) $sql = “SELECT LastName FROM tblperson ORDER LastName ASC”;
b) $sql = “GET LastName FROM tblperson ORDER LastName ASC”;
c) $sql = “SELECT * FROM tblperson ORDER LastName ASC”;
d) $sql = “SELECT LastName FROM tblperson ORDER BY LastName ASC”;
tblPerson
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
SQL QUIZ Q5
• What is the correct function to get a row from $data returned from the database ?a) mysql_get_line($data);
b) mysql_fetch_array($data);
c) mysql_obtain_row($data);
d) mysql_retrieve_row($data);
tblPerson
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
SQL QUIZ Q6
username password
BLAKEWAY hahaifidtellyou
HARTLEY mypw
HUGHES blahblah
HUNTER liverpool
LEARMOND wolves
How many rows and columns are
returned?
$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user”);$result = mysql_query($sql,$conn);
$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT password FROM user”);$result = mysql_query($sql,$conn);
$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE PASSWORD = ‘liverpool’”);$result = mysql_query($sql,$conn);
$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE password = ‘liverpool’”);$result = mysql_query($sql,$conn);
$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE password = ‘liverpool’”);$result = mysql_query($sql,$conn);echo $result;
$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE password = ‘liverpool’”);$result = mysql_query($sql,$conn);echo $result[username];
$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE password = ‘liverpool’”);$result = mysql_query($sql,$conn);$row = mysql_fetch_array($result);echo $row[password];
What will be displayed on
screen?
www.hope.ac.uk Faculty of Sciences and Social Sciences
HO
PE
Any Questions?