Week 8 - More PHP

In this week's lecture, cookies and sessions in PHP have been introduced

An html page (login2.html) has been created which consists of a form where a user can enter the username and password in the fields.

1:  <form action="login.php" method=post>  

Action is used so that the submit button can send data to a server. Then the data is sent to the page specified, which is “login.php”. Methods “post” and “get” are used to specify how to send the data of the form. “Post” is more secure than “get”, because “get” adds the data to the URL.

The isset() function checks whether the variable given exists or not. The $_POST function will collect the form data. In lines 6 and 7, variables $user and $password have been declared.

6:  $user = $_POST["username"];  
7:  $pass = $_POST["password"];

An associative array has been created to store the values of the username and password. Line 13 will check whether the username and password that the user inputs are correct. If it is validated, that is, the username and password matches from the associative array, a welcome message with the username will be appeared.

12:  $pswd = array("Stephanie"=>"password1", "John"=>"password2", "Mary" =>"password3", "Joe"=>"password4", "Alesha"=>"password5");  
13:  if(isset($pswd[$user])) if($pswd[$user]==$pass) $validated = true;  

When the username and password do not match, the “login.php” page will be redirected to “login2.html”, using the below line of code.

26:  header("Location: login2.html");  

I wanted that an alert box will appear first which will say “Invalid User Name/Password Combination”. This could not be done when using header (“Location: login2.html”). This was achieved using JavaScript’s alert() function and window.location, as shown in lines 27-28

27:  echo "<script type=\"text/javascript\">alert('Invalid UserName/Password combination');".  
28:     "window.location = 'login2.html'</script>";   

Cookies

A cookie is used for user identification. It is used to store user preferences, which must be encrypted. To create a cookie, the setCookie() function is used, which consists of parameters 'name', 'value' and 'expire'.

Cookies have been created both for the username and password, where the expire time is set to 3600 (which will expire in one hour). To delete a cookie, instead of +3600, -3600 should be inserted.

16:  setcookie("username", $user, time()+3600);  
17:  setcookie("password", MD5($pass), time()+3600);   

For the password, a cryptographic Message Digest Algorithm (MD5) is used.

Without MD5

With MD5

To retrieve a cookie value, $_COOKIE is used:

2:  $user = $_COOKIE["username"];  
3:  $pass = $_COOKIE["password"];  
4:  echo "WELCOME $user";

cookie in phpinfo() report

Welcome $user

After 1 hour

Sessions

Sessions are used to maintain persistent data between pages throughout a Web site. To start up a session, the following function needs to be inserted before the html tag:

1:  <?php  
2:  session_start();  
3:  ?>  

For storage and retrieval of session variables, the $_SESSION variable is used

6:  $_SESSION["username"]= $user;  
7:  $_SESSION["password"]= $pass;  
8:  echo "Username=". $_SESSION["username"]."<br/>";   
9:  echo "Password=". $_SESSION["password"];   

To destroy a session, both the unset() function and session_destroy() function can be used.

13:  unset($_SESSION["username"]);  
14:  session_destroy();