www.hope.ac.uk faculty of sciences and social sciences hope user sessions & the include...

www.hope.ac.uk Faculty of Sciences and Social Sciences

HO

PE

User Sessions & The Include Statement

Stewart Blakeway

FML 213

[email protected]


HO

PE

Last Week

• myPhpAdmin– Created a database– Tables– Fields

• Inserted Data


HO

PE

Recap

1. Create a connection to the SQL Server$conn = mysql_connect (“localhost”, “root”, “root”);

2. Select the databasemysql_select_db (“database” , $conn);

3. Construct the SQL statement$sql = (“what I want to do with the database”);

4. Execute the SQLmysql_query ($sql,$conn);


HO

PE

To insert data$sql = (“INSERT INTO table VALUES (‘value1’,

‘value2’,‘value3’,…

))”;

or

$sql = (“INSERT INTO table (fieldname1, fieldname2,fieldname3,…) VALUES (

‘value1’,‘value2’,‘value3’,…

))”;


HO

PE

To get data

$sql = (“SELECT * FROM table”);

or

$sql = (“SELECT * FROM table WHERE

fieldname = ‘value’”);


HO

PE

Variations (Keywords)

Distinct Or Not Null

Where Top Unique

And Wildcards Primary Key

Order By Alias Foreign Key

Update Join Check

Delete Inner Join Default

Like Left Join Create Index

In Right Join Constraints

Between Full Join Union


HO

PE

What will we cover today

• The include statement• Getting Data• User Sessions


HO

PE

Why

• To save coding! If you wish to change the design of the corporate logo, motto, navigation bar for example, it will save changing all your pages

• You need to authenticate the user before allowing them to add records to your database


HO

PE

The Include Statement

• The include statement will include code into your existing document

• This is an efficient way of scripting and maintains consistency

• Why not just make a template? Because it is as easy to use include!


HO

PE

Example – head.php<body>

<div id="apDiv1">

<a href="home.php">home</a> | <a href="about.php">about</a> | <a href="courses.php">courses</a> | <a href="tutors.php">tutors</a> | <a href="contactUs.php">contact us</a><a href="register.php">register</a> | <a href="login.php">log in</a>

</div>

<p>

<img src="../images/logo.gif" width="662" height="182" />

</p>


HO

PE

A file called Register.php<form id="form1" name="form1" method="post" action="doRegister.php"> <table> <tr> <td>Forename</td><td><input type="text" name="forename" id="forename" /></td> </tr> <tr> <td>Surname</td><td><input type="text" name="surname" id="surname" /></td> </tr> <tr> <td>Email Address</td><td><input type="text" name="email" id="email" /></td> </tr> <tr> <td>Password</td><td><input type="password" name="password" id="password" /></td> </tr> <tr> <td>Confirm Password</td><td><input type="password" name="cpassword" id="cpassword" /></td> </tr> </table> <input type="submit" name="button" id="button" value="Submit" /></form>


HO

PE

Order of Precedence

1. Get the form working!its much easier to work with if the code is kept as

simple as possible, formatting code for images, buttons, hyperlinks etc will only add code – adding more work decoding

2. Apply the templates to make it look prettyonce all the hard coding – i.e. connection strings,

sql statements, passing of $POST variables are done you can then make it look pretty!


HO

PE

ONE LINE!

• One line of code is all it takes

include (“myfile.php”);


HO

PE

Recap

• You website will probably consist of 10 – 15 pages (possibly many more)

• If you change the design of the header, footer, navigation bar on one page you should change it on the rest! Consistency.

• Using include ensures that only one page needs changing, the rest will update automatically

include (“filename”);


HO

PE

User Sessions

• You will have to authenticate the log in of the user in order to allow the addition of records into the database

• You have to follow certain steps in order to ensure that the user is who they claim to be


HO

PE

Authentication

1. Display a login form2. Get the user details3. Match the user details against authorised

users that are stored in the database4. Remember that the user is authenticated

when they move from one page to the next – only if the details match

What would you do if the details did not match?


HO

PE

Not authorised?

1. Display a suitable message – username or password incorrect.

and

2. Give the user another chance to login, they could of pistyped – maybe at this point give them a hint

or

3. Redirect the user to a Register page


HO

PE

The Login Pagestart a session

if page not viewed

{

display the form to accept input

}

else

{

1. get the details from the form

2. create an SQL statement that will match the details obtained from the form against the database

3. if details match, update the session to reflect this

}


HO

PE

Starting a session

<?php

session_start();

?>

starting a session MUST be the

first thing you do


HO

PE

Checking

You can check that the session has started by outputting the session id

echo session_id();


HO

PE

Super Global Variables

• A variable can be set inside a session

$_SESSION[‘variableName’] = “hello”;

Like $_POST the name the value


HO

PE

Stopping Sessions

session_stop();


HO

PE

The SQL

$user = $_POST[‘username’];

$pw = $_POST[‘password’];

$sql = "SELECT * FROM user WHERE username = '$user' AND password = '$pw'";

What does * mean ?What is user? Where is username?Where is this from?


HO

PE

Execute the SQL

$result = mysql_query ($sql,$conn);

Put the data from the database in here.


HO

PE

The Check$record = mysql_num_rows($result);

if ($record == 0){echo "Incorrect Username or Password";}

else{echo "LOGIN OK";$_SESSION['authorised']='yes';$_SESSION['user']=$user;echo session_id();}


HO

PE

What have we done?

1. Started a session

2. Obtained user details from the login form

3. Matched them against authorised users in the database

4. Created a global variable called authorised and assigned the value yes

5. Created a global variable called user and assigned the value username.


HO

PE

Dynamic Web Pages• Users should see appropriate information

– Should be able to view general information if not logged in

– Student (if logged in) should be able to view resources• Lectures, Workshop Exercises, etc

– Tutor (if logged in) should be able to add resources• Lectures, Workshop Exercises, Quizzes, New Students, etc

– Administrator should be able to do anything• Authorise new tutors, delete tutors, add courses, etc

• The fact that we started a session makes this very easy


HO

PE

User trying to view course?

if user not logged in

{

display login link

display register link

}

else

{

display course

}


HO

PE

Checking if the user has logged in<?phpif (!isset($_SESSION['authorised']))

{echo ("not authorised“);echo ("<a href=\"login.php\">Login</a> |<a href=\"register.php\">Register</a>“);}

else{

// display course}

?>


HO

PE

Functionsif (!isset($_SESSION['authorised'])) { notAuthorised(); }else {

displayCourse();

}


HO

PE

Summary

• Include Statement• Sessions– starting– declaring variables– assignment to variables– retrieving variables


HO

PE

SQL QUIZ Q1

• Which is the correct to syntax to obtain all records from tblPerson?

a) $result = mysql_connect (“tblPerson”, “*”,$conn);

b) $result = mysql_query (“SELECT * FROM tblPerson”,$conn);

c) $result = mysql_select_db (“*” FROM tblPerson,$conn);

d) $result = mysql (“SELECT all FROM tblPerson”,$conn);

tblPerson


HO

PE

SQL QUIZ Q2

• What is the purpose of DISTINCT ?a) To only list unique values in columns

b) To only list the first row

c) To list the first row only if unique

d) To list all the rows and columns

tblPerson


HO

PE

SQL QUIZ Q3

• What is the correct syntax to add a new row ?a) $sql = “INSERT INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’,

‘LIVERPOOL’ ,$conn)”

b) $sql = “ADD INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’, ‘LIVERPOOL’ ,$conn)”

c) $sql = “INSERT INTO tblPerson VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’, ‘LIVERPOOL’ ,$conn)”

d) $sql = “ADD INTO tblPERSON VALUES (‘4’, ‘HUGHES’, ‘JAMIE’, ‘SOMEWHERE’, ‘LIVERPOOL’ ,$conn”)

tblPerson


HO

PE

SQL QUIZ Q4

• What is the correct syntax to get the column Lastname in ascending order ?

a) $sql = “SELECT LastName FROM tblperson ORDER LastName ASC”;

b) $sql = “GET LastName FROM tblperson ORDER LastName ASC”;

c) $sql = “SELECT * FROM tblperson ORDER LastName ASC”;

d) $sql = “SELECT LastName FROM tblperson ORDER BY LastName ASC”;

tblPerson


HO

PE

SQL QUIZ Q5

• What is the correct function to get a row from $data returned from the database ?a) mysql_get_line($data);

b) mysql_fetch_array($data);

c) mysql_obtain_row($data);

d) mysql_retrieve_row($data);

tblPerson


HO

PE

SQL QUIZ Q6

username password

BLAKEWAY hahaifidtellyou

HARTLEY mypw

HUGHES blahblah

HUNTER liverpool

LEARMOND wolves

How many rows and columns are

returned?

$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user”);$result = mysql_query($sql,$conn);

$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT password FROM user”);$result = mysql_query($sql,$conn);

$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE PASSWORD = ‘liverpool’”);$result = mysql_query($sql,$conn);

$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE password = ‘liverpool’”);$result = mysql_query($sql,$conn);

$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE password = ‘liverpool’”);$result = mysql_query($sql,$conn);echo $result;

$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE password = ‘liverpool’”);$result = mysql_query($sql,$conn);echo $result[username];

$conn = mysql_connect (“localhost”, “root”, “”);mysql_select_db (“bookShop”);$mysql = (“SELECT * FROM user WHERE password = ‘liverpool’”);$result = mysql_query($sql,$conn);$row = mysql_fetch_array($result);echo $row[password];

What will be displayed on

screen?


HO

PE

Any Questions?

www.hope.ac.uk faculty of sciences and social sciences hope user sessions & the include...

Documents