1PHP HTTPPHP HTTP

After this lecture, you should be able to After this lecture, you should be able to know:know:

How to create and process How to create and process web formsweb forms with with HTML and PHP.HTML and PHP.

How to How to persist client’s statespersist client’s states over requests. over requests. How to How to authenticate a clientauthenticate a client by using by using

cookies or PHP sessions.cookies or PHP sessions. Complete Complete Assignment 6, part 1Assignment 6, part 1.. Be ready to implement your Be ready to implement your Course ProjectCourse Project..

PHP Support for HTML and HTTPPHP Support for HTML and HTTP

2PHP HTTPPHP HTTP

Parameters submitted from an HTML Parameters submitted from an HTML form can be easily retrieved.form can be easily retrieved.

Different HTTP requests from the Different HTTP requests from the same client can be interrelated with a same client can be interrelated with a cookiecookie..

Session variablesSession variables allow data to allow data to persist during a session, which is a persist during a session, which is a succession of requests from the same succession of requests from the same client. client.

PHP Support for HTML and HTTPPHP Support for HTML and HTTP

3PHP HTTPPHP HTTP

HTML FormHTML Formhttp://web.engr.oregonstate.edu/~pham/cs275/test_form.html

4PHP HTTPPHP HTTP

HTML FormHTML Form<html><html> <head><head> <title>Sample HTML Form</title><title>Sample HTML Form</title> </head></head> <body><body> <FORM <FORM ACTION="submit_form.php" METHOD="POST"ACTION="submit_form.php" METHOD="POST" NAME = "TestForm">NAME = "TestForm"> First Name:First Name: <INPUT TYPE="TEXT" NAME = "first_name" SIZE = "30" <INPUT TYPE="TEXT" NAME = "first_name" SIZE = "30" MAXLENGTH = "30"><BR><BR>MAXLENGTH = "30"><BR><BR> Last Name:Last Name: <INPUT TYPE="TEXT" NAME = "last_name" SIZE = "30" <INPUT TYPE="TEXT" NAME = "last_name" SIZE = "30" MAXLENGTH = "30"><BR><BR>MAXLENGTH = "30"><BR><BR> <INPUT TYPE="SUBMIT" NAME = "Submit" VALUE = "Search"><INPUT TYPE="SUBMIT" NAME = "Submit" VALUE = "Search"> </FORM></FORM> </body></body></html></html>

5PHP HTTPPHP HTTP

Form AttributesForm Attributes

ACTION =ACTION = URL_of_scriptURL_of_scriptThe script specified is activated when the The script specified is activated when the

formformis submitted.is submitted.

METHOD =METHOD = method_for_passing_data method_for_passing_data "GET""GET" "POST""POST"

6PHP HTTPPHP HTTP

Passing HTML Parameters with Method Passing HTML Parameters with Method GETGET

<FORM ACTION="submit_form.php" <FORM ACTION="submit_form.php" METHOD=“GET”>METHOD=“GET”>

The form parameters are passed The form parameters are passed as part of the URLas part of the URL.. http://web.engr.oregonstate.edu/~pham/cs275/submit_form.php?first_name=Tuan&last_name=Pham

The length of the URL is limited The length of the URL is limited (imposed by web browser and server software)(imposed by web browser and server software)..

The user can see and modify The user can see and modify the parameters.the parameters.

7PHP HTTPPHP HTTP

Passing HTML Parameters with Method Passing HTML Parameters with Method POSTPOST

<FORM ACTION="submit_form.php" <FORM ACTION="submit_form.php" METHOD=“POST”>METHOD=“POST”>

The form parameters are passed as The form parameters are passed as the HTTP Request body.the HTTP Request body.

URL: URL: http://web.engr.oregonstate.edu/~pham/cs275/submit_form.php

HTTP Request Body: HTTP Request Body: first_name=tuan&last_name=pham&first_name=tuan&last_name=pham&

Submit=searchSubmit=search The size of the HTTP body can be The size of the HTTP body can be

large.large. The user cannot see the parameters.The user cannot see the parameters.

8PHP HTTPPHP HTTP

Attributes of an INPUT ElementAttributes of an INPUT Element

<INPUT … > (<INPUT … > (no closing tagno closing tag)) TYPE = TYPE = "TEXT", "PASSWORD""TEXT", "PASSWORD""RADIO", "CHECKBOX""RADIO", "CHECKBOX""SUBMIT", "RESET""SUBMIT", "RESET""IMAGE", "HIDDEN""IMAGE", "HIDDEN"

NAME = NAME = form_parameter_nameform_parameter_name VALUE = VALUE = initial_valueinitial_value SIZE, MAXLENGTH, CHECKEDSIZE, MAXLENGTH, CHECKED

9PHP HTTPPHP HTTP

Retrieving Form ParametersRetrieving Form Parameters $_GET$_GET or or $_POST$_POST arrays can be used: arrays can be used:

<?php<?php......$first_name = $_GET[‘first_name'];$first_name = $_GET[‘first_name'];$last_name = $_GET[‘last_name'];$last_name = $_GET[‘last_name'];......

?> ?>

<?php<?php......$first_name = $_POST[‘first_name'];$first_name = $_POST[‘first_name'];$last_name = $_POST[‘last_name'];$last_name = $_POST[‘last_name'];......

?> ?>

10PHP HTTPPHP HTTP

Retrieving HTTP and HTML Retrieving HTTP and HTML ParametersParameters

Six superglobal arrays in PHPSix superglobal arrays in PHP $_GET$_GET, , $_POST$_POST - GET, POST parameters - GET, POST parameters $_COOKIE$_COOKIE - cookie value - cookie value $_FILES$_FILES - information about uploaded files - information about uploaded files $_SERVER$_SERVER - information about the web server - information about the web server $_ENV$_ENV - environment variables - environment variables

11PHP HTTPPHP HTTP

ACTION FILEACTION FILE// submit_form.php // submit_form.php <HTML> <HTML> <HEAD><HEAD> <TITLE> FORM SUBMISSION </TITLE><TITLE> FORM SUBMISSION </TITLE> </HEAD></HEAD> <body><body> <h1> Result of Form Submission </h1><h1> Result of Form Submission </h1> <hr /><hr /><?php<?php $first_name = $_POST['first_name'];$first_name = $_POST['first_name']; $last_name = $_POST['last_name'];$last_name = $_POST['last_name']; $remote_addr = $_SERVER['REMOTE_ADDR'];$remote_addr = $_SERVER['REMOTE_ADDR']; echo "First Name = $first_name<br />";echo "First Name = $first_name<br />"; echo "Last Name = $last_name<br />";echo "Last Name = $last_name<br />"; echo "Client IP Address = $remote_addr<br />";echo "Client IP Address = $remote_addr<br />"; echo "BYE <br />";echo "BYE <br />";?>?> <hr /><hr /> </body></body></HTML></HTML>

12PHP HTTPPHP HTTP

ACTION FILEACTION FILE

13PHP HTTPPHP HTTP

Purpose of a CookiePurpose of a Cookie HTTP protocol is HTTP protocol is statelessstateless. That is, . That is,

each request is independent. each request is independent. One way to interrelate HTTP requests One way to interrelate HTTP requests

from the same client is to use from the same client is to use a a cookiecookie..

A cookieA cookie is a piece of information is a piece of information sent to a browser by a Web Server. sent to a browser by a Web Server. The browser then returns that The browser then returns that information to the Web server in the information to the Web server in the following requests.following requests.

14PHP HTTPPHP HTTP

Purpose of a CookiePurpose of a Cookie Cookie is one way for the web sites Cookie is one way for the web sites

to to “remember”“remember” the users the usersFor example:For example: A client ID, generated by the server, A client ID, generated by the server,

can be attached to the reply to the can be attached to the reply to the first request -> stored in a cookie first request -> stored in a cookie

The client can submit this client ID to The client can submit this client ID to the subsequent requests.the subsequent requests.

The client ID may be saved in the The client ID may be saved in the database.database.

15PHP HTTPPHP HTTP

#1234

webbrowser

webserverfirst request

first reply

subsequent request1

#1234

Passing a CookiePassing a Cookie

#1234subsequent request2

#1234

16PHP HTTPPHP HTTP

Some Details on a CookieSome Details on a Cookie A cookie contains information about a visit to A cookie contains information about a visit to

a website:a website: Cookie name and value,Cookie name and value, Expiration time in seconds,Expiration time in seconds, Server domain name and application path, Server domain name and application path,

andand Whether secure HTTP (HTTPS) should be Whether secure HTTP (HTTPS) should be

used or not.used or not. Cookies are stored on Cookies are stored on client machinesclient machines.. A cookie is normally sent A cookie is normally sent automaticallyautomatically to the to the

server when the client revisits the application.server when the client revisits the application.

17PHP HTTPPHP HTTP

Setting cookies with PHPSetting cookies with PHP<?php<?phpsetcookie(“client_id", “12345", setcookie(“client_id", “12345",

time()+ 60 * 60 * 24 * 100);time()+ 60 * 60 * 24 * 100);?>?>

setcookie()setcookie() should be executed should be executed before any HTML content is sent to before any HTML content is sent to the browser as it is stored in the HTTP the browser as it is stored in the HTTP response header.response header.

In the above example, the cookie will In the above example, the cookie will expire after 100 days.expire after 100 days.

18PHP HTTPPHP HTTP

Identifying a Client with a CookieIdentifying a Client with a Cookie A client ID is generated for each A client ID is generated for each

new client and sent to the client new client and sent to the client with a cookie.with a cookie.

A cookie is stored on the client A cookie is stored on the client machine.machine.

An existing client submits the An existing client submits the client ID with a cookie.client ID with a cookie.

19PHP HTTPPHP HTTP

Getting a Client ID from a CookieGetting a Client ID from a Cookie<?php<?php

if ($client_id = $_COOKIE[‘client_id’]) {if ($client_id = $_COOKIE[‘client_id’]) { $client_name =$client_name = get_client_name($client_id);get_client_name($client_id); print “Welcome back, $client_name";print “Welcome back, $client_name";}}else {else { print “Welcome, New Client";print “Welcome, New Client";}}

?>?>

20PHP HTTPPHP HTTP

Setting Data in a CookieSetting Data in a Cookie

<?php<?php$client_id = generate_client_id();$client_id = generate_client_id(); setcookie(‘client_id', setcookie(‘client_id', $client_id, time() + 3600);$client_id, time() + 3600);

?>?>

21PHP HTTPPHP HTTP

Removing a cookieRemoving a cookie

<?php<?phpsetcookie("cookiename", "", setcookie("cookiename", "", time()-60);time()-60);

?>?><HTML><HTML>......

</HTML></HTML>

22PHP HTTPPHP HTTP

SessionsSessions PHP has PHP has built-in supportbuilt-in support for sessions. for sessions. A session supports persistent variables A session supports persistent variables

accessible by different scripts and accessible by different scripts and across multiple visitsacross multiple visits to the site. to the site.

Sessions are Sessions are a combination of a server-a combination of a server-side cookieside cookie andand a client-side cookiea client-side cookie, , where the client-side cookie is simply a where the client-side cookie is simply a reference id to the information stored reference id to the information stored in the server-side cookie.in the server-side cookie.

A session is also closed when a A session is also closed when a browser which started the session is browser which started the session is closed.closed.

23PHP HTTPPHP HTTP

Starting and Continuing a SessionStarting and Continuing a Session Start/resume a sessionStart/resume a session

session_start();session_start(); Session variables are in array Session variables are in array $_SESSION$_SESSION..<?php<?php

session_start();session_start();........$_SESSION[‘user_id'] = $_SESSION[‘user_id'] = get_user_id($user_name, $password);get_user_id($user_name, $password);?>?><HTML><HTML> . . .. . .</HTML></HTML>

24PHP HTTPPHP HTTP

Login page using sessionLogin page using session

login.php

page_1

page_N

sessionsession

Register session global Register session global variables for each variables for each sessionsession

$$_SESSION['USER_ID']_SESSION['USER_ID']$_SESSION['USER_NAME']$_SESSION['USER_NAME']$_SESSION['USER_ROLE']$_SESSION['USER_ROLE']

calling calling session_start()session_start()

call call session_destroy()session_destroy()or close the browseror close the browser

Check sessionCheck sessionvariablesvariables

25PHP HTTPPHP HTTP

<?<?session_start();session_start();

$user_id = get_user_id($_POST['login_name],$user_id = get_user_id($_POST['login_name], $_POST['password']);$_POST['password']); if ($user_id) {if ($user_id) { // the user is registered.// the user is registered. $_SESSION[‘USER_ID'] = $user_id;$_SESSION[‘USER_ID'] = $user_id; $_SESSION['USER_NAME'] = get_name($user_id);$_SESSION['USER_NAME'] = get_name($user_id); $_SESSION['USER_ROLE'] = get_role($user_id);$_SESSION['USER_ROLE'] = get_role($user_id); echo “Welcome $_SESSION['USER_NAME']”;echo “Welcome $_SESSION['USER_NAME']”; } else {} else { // If the user is not registered,// If the user is not registered, // direct her/him to the registration page.// direct her/him to the registration page. header(“Location: register_new_user.php”);header(“Location: register_new_user.php”); }}?>?>

Login Page Using a Session Login Page Using a Session VariableVariable

26PHP HTTPPHP HTTP

<?<?session_start();session_start();

if ($_SESSION[‘USER_ID']) {if ($_SESSION[‘USER_ID']) { // the user is logged in.// the user is logged in. . . .. . .

} else {} else { // If the user is not logged in,// If the user is not logged in, // direct her/him to the login page.// direct her/him to the login page. header(“Location: login_user.php”);header(“Location: login_user.php”); }}?>?>

Checking Logged-In UserChecking Logged-In User

27PHP HTTPPHP HTTP

Additional session functionsAdditional session functions unset($_SESSIONunset($_SESSION[‘var_name’])[‘var_name’])

Unset a session variableUnset a session variable.. isset(isset($_SESSION$_SESSION[‘var_name’])[‘var_name’])

Find out whether a session variable is set.Find out whether a session variable is set. session_id()session_id()

Get and /or set current session idGet and /or set current session id session_destroy()session_destroy()

Destroy all data registered to a sessionDestroy all data registered to a session