PHPPHPHypertext PreProcessorHypertext PreProcessor

Documentation Documentation AvailableAvailable

www.php.netwww.php.net

www.w3schools.comwww.w3schools.com

SAMS booksSAMS books

O’Reilly BooksO’Reilly Books

Why PHP?Why PHP?

PHP is a scripting language, a server-side PHP is a scripting language, a server-side languagelanguage

Used to transmit form data from HTML to Used to transmit form data from HTML to databasedatabase

Has ability to place files on client machinesHas ability to place files on client machines

PHP VariablesPHP Variables

All variables in PHP begin with a $All variables in PHP begin with a $

PHP is PHP is VERYVERY case-sensitive for all things case-sensitive for all things

Types include:Types include:

Boolean, Integer, Float, String, Array, Boolean, Integer, Float, String, Array, Object…Object…

PHP DelimitersPHP Delimiters

<?php … ?> (most common method)<?php … ?> (most common method)

<? … ?> (lazy method)<? … ?> (lazy method)

PHP Super Global VariblesPHP Super Global Varibles

Always there for us to use with declarationAlways there for us to use with declaration

$_COOKIE, $_FILES, $_GET, $_POST, $_COOKIE, $_FILES, $_GET, $_POST, $_REQUEST, $_SERVER, $_SESSION$_REQUEST, $_SERVER, $_SESSION

PHP pages can contain only HTMLPHP pages can contain only HTML

All pages including ANY PHP must have a .php All pages including ANY PHP must have a .php extensionextension

Our Own Google…Our Own Google…

Create mygoogle.html page with simple input text Create mygoogle.html page with simple input text field and variable name = q and a submit buttonfield and variable name = q and a submit button

The action of mygoogle.html should be The action of mygoogle.html should be mygoogle.phpmygoogle.php

We are going to send the form data (via GET) to We are going to send the form data (via GET) to the php pagethe php page

Create mygoogle.php to gather and repeat q’s Create mygoogle.php to gather and repeat q’s value using a print or print_r with <pre></pre>value using a print or print_r with <pre></pre>

Change action to http://www.google.com/search so Change action to http://www.google.com/search so it’ll actually search Googleit’ll actually search Google

What Else Can PHP Do?What Else Can PHP Do?

Grab data from an HTML formGrab data from an HTML form

Grab data from a file on web server via Grab data from a file on web server via readfile(“…”) or file_get_contents(‘…’)readfile(“…”) or file_get_contents(‘…’)

A Single Search Page for ALL……A Single Search Page for ALL……

mysearchpage.html (includes JS ‘onclick’)mysearchpage.html (includes JS ‘onclick’)ie: ie: http://192.168.254.124/~instructor/CIS115-Spring2011/Lecture2/mysearch/http://192.168.254.124/~instructor/CIS115-Spring2011/Lecture2/mysearch/mysearchJAVA.htmlmysearchJAVA.html

mysearchpage.php (uses PHP case statements)mysearchpage.php (uses PHP case statements)ie: ie: http://192.168.254.124/~instructor/CIS115-Spring2011/Lecture2/mysearch/mysearchpagerevised.htmlhttp://192.168.254.124/~instructor/CIS115-Spring2011/Lecture2/mysearch/mysearchpagerevised.html

Which is better? For what reason?Which is better? For what reason?

PHP Registration FormPHP Registration Form

Use an HTML document (register.html) with form Use an HTML document (register.html) with form sending data to PHP document (register.php) for sending data to PHP document (register.php) for processing and confirmationprocessing and confirmation

Use POST method to prevent eavesdroppingUse POST method to prevent eavesdropping

Use PHP Form Validation (similar in nature to JS Use PHP Form Validation (similar in nature to JS validation)validation)

Send <pre> email to administrator and registrant Send <pre> email to administrator and registrant containing form data, then display “Successful” containing form data, then display “Successful” message or “Unsuccessful” message depending message or “Unsuccessful” message depending on email status (using if…else conditional)on email status (using if…else conditional)

PERL Regular Expression PERL Regular Expression MatchingMatching

preg_match in PHP for conditional validationpreg_match in PHP for conditional validation

if(!preg_match(“/^.*@.*sampsoncc\.edu$/”, if(!preg_match(“/^.*@.*sampsoncc\.edu$/”, $_POST[“email”]))$_POST[“email”])){{

…do something if it’s not a …do something if it’s not a *@*sampsoncc.edu *@*sampsoncc.edu email addressemail address} else {} else {

…do something if it is…do something if it is}}

Cookies, Sessions, SSLCookies, Sessions, SSL

Cookie: temporary data stored on the client side Cookie: temporary data stored on the client side which is sent to the server to remind the server which is sent to the server to remind the server what data is associated with a particular userwhat data is associated with a particular user

Programmers have control over the type of Programmers have control over the type of cookie, the lifetime of the cookie, and the cookie, the lifetime of the cookie, and the function of the cookiefunction of the cookie

Session Cookies: valid while the browser is open / Session Cookies: valid while the browser is open / pseudo-random string of numbers and letterspseudo-random string of numbers and letters

Persistent Cookie: valid for the period of time set Persistent Cookie: valid for the period of time set by the programmer / can contain any databy the programmer / can contain any data

Session CookiesSession Cookies

$_SESSION is a PHP variable that can store $_SESSION is a PHP variable that can store whatever information you wantwhatever information you want

To use sessions, we need to call the To use sessions, we need to call the “session_start()” function at the top of our PHP “session_start()” function at the top of our PHP code.code.

When you call this function, the default When you call this function, the default cookie name is PHPSESSID containing a cookie name is PHPSESSID containing a pseudo-random stringpseudo-random string

Session Cookie Demo Session Cookie Demo PagesPages

home.phphome.php – uses session cookies – uses session cookies

login1.phplogin1.php – uses session cookies, hard-coded – uses session cookies, hard-coded UN/PW, form submits to itself via UN/PW, form submits to itself via $_SERVER[“PHP_SELF”]$_SERVER[“PHP_SELF”]

login2.phplogin2.php – similar to login1.php but tells user – similar to login1.php but tells user login is invalid, pre-fills username with last login is invalid, pre-fills username with last value for conveniencevalue for convenience

Persistent CookiesPersistent Cookies

Way of storing information as a file on the Way of storing information as a file on the user’s machine for longer terms of timeuser’s machine for longer terms of time

Uses “session_start()” at the top of the PHP Uses “session_start()” at the top of the PHP code, as well as “setcookie” to set the cookie, code, as well as “setcookie” to set the cookie, the information it contains, and the time it will the information it contains, and the time it will be active on the client’s machinebe active on the client’s machine

Persistent Cookie Demo Persistent Cookie Demo PagesPages

login3.phplogin3.php – looks for a persistent cookie for – looks for a persistent cookie for automatic login, adds persistent cookie for automatic login, adds persistent cookie for username, pre-fills username from cookie if login username, pre-fills username from cookie if login requiredrequired

login4.phplogin4.php – sets cookie for username, allows – sets cookie for username, allows you to choose to include password in cookie, can you to choose to include password in cookie, can add spyware using cookie, autologin if UN/PW in add spyware using cookie, autologin if UN/PW in cookie are valid, grabs UN/PW entered and adds cookie are valid, grabs UN/PW entered and adds it to a new cookieit to a new cookie

logout.phplogout.php – deletes cookies from machine, logs – deletes cookies from machine, logs the user outthe user out

SSL or HTTPS LoginsSSL or HTTPS Logins

Login pages should incorporate SSL or HTTPS Login pages should incorporate SSL or HTTPS where login information is sent encryptedwhere login information is sent encrypted

Use RewriteEngine in Apache to redirect usersUse RewriteEngine in Apache to redirect users

RewriteEngine onRewriteEngine on

RewriteCond %{HTTP_HOST} !^www\.mypage\.com [NC]RewriteCond %{HTTP_HOST} !^www\.mypage\.com [NC]RewriteRule (.*) http://www.mypage.com/$1 [R=301,L]RewriteRule (.*) http://www.mypage.com/$1 [R=301,L]

RewriteCond %{REQUEST_URI} ^/login/RewriteCond %{REQUEST_URI} ^/login/RewriteCond %{HTTPS} != onRewriteCond %{HTTPS} != onRewriteRule (.*) https://www.mypage.com/$1 [R=301,L]RewriteRule (.*) https://www.mypage.com/$1 [R=301,L]

User SurveyUser Survey

We want to create a user survey that will ask We want to create a user survey that will ask the user questions, and when submitted, email the user questions, and when submitted, email the responses to ourselves and the user. Then the responses to ourselves and the user. Then give a confirmation message to the give a confirmation message to the user … all with user … all with PHP and HTML!PHP and HTML!