Beginning PHP6, Apache, MySQL Web Development- P14 pps

THÔNG TIN TÀI LIỆU

Cấu trúc

cover.pdf
page_c1.pdf
page_r01.pdf
page_r02.pdf
page_r03.pdf
page_r04.pdf
page_r05.pdf
page_r06.pdf
page_r07.pdf
page_r08.pdf
page_r09.pdf
page_r10.pdf
page_r11.pdf
page_r12.pdf
page_r13.pdf
page_r14.pdf
page_r15.pdf
page_r16.pdf
page_r17.pdf
page_r18.pdf
page_r19.pdf
page_r20.pdf
page_r21.pdf
page_r22.pdf
page_r23.pdf
page_r24.pdf
page_r25.pdf
page_r26.pdf
page_r27.pdf
page_r28.pdf
page_z0001.pdf
page_z0002.pdf
page_z0003.pdf
page_z0004.pdf
page_z0005.pdf
page_z0006.pdf
page_z0007.pdf
page_z0008.pdf
page_z0009.pdf
page_z0010.pdf
page_z0011.pdf
page_z0012.pdf
page_z0013.pdf
page_z0014.pdf
page_z0015.pdf
page_z0016.pdf
page_z0017.pdf
page_z0018.pdf
page_z0019.pdf
page_z0020.pdf
page_z0021.pdf
page_z0022.pdf
page_z0023.pdf
page_z0024.pdf
page_z0025.pdf
page_z0026.pdf
page_z0027.pdf
page_z0028.pdf
page_z0029.pdf
page_z0030.pdf
page_z0031.pdf
page_z0032.pdf
page_z0033.pdf
page_z0034.pdf
page_z0035.pdf
page_z0036.pdf
page_z0037.pdf
page_z0038.pdf
page_z0039.pdf
page_z0040.pdf
page_z0041.pdf
page_z0042.pdf
page_z0043.pdf
page_z0044.pdf
page_z0045.pdf
page_z0046.pdf
page_z0047.pdf
page_z0048.pdf
page_z0049.pdf
page_z0050.pdf
page_z0051.pdf
page_z0052.pdf
page_z0053.pdf
page_z0054.pdf
page_z0055.pdf
page_z0056.pdf
page_z0057.pdf
page_z0058.pdf
page_z0059.pdf
page_z0060.pdf
page_z0061.pdf
page_z0062.pdf
page_z0063.pdf
page_z0064.pdf
page_z0065.pdf
page_z0066.pdf
page_z0067.pdf
page_z0068.pdf
page_z0069.pdf
page_z0070.pdf
page_z0071.pdf
page_z0072.pdf
page_z0073.pdf
page_z0074.pdf
page_z0075.pdf
page_z0076.pdf
page_z0077.pdf
page_z0078.pdf
page_z0079.pdf
page_z0080.pdf
page_z0081.pdf
page_z0082.pdf
page_z0083.pdf
page_z0084.pdf
page_z0085.pdf
page_z0086.pdf
page_z0087.pdf
page_z0088.pdf
page_z0089.pdf
page_z0090.pdf
page_z0091.pdf
page_z0092.pdf
page_z0093.pdf
page_z0094.pdf
page_z0095.pdf
page_z0096.pdf
page_z0097.pdf
page_z0098.pdf
page_z0099.pdf
page_z0100.pdf
page_z0101.pdf
page_z0102.pdf
page_z0103.pdf
page_z0104.pdf
page_z0105.pdf
page_z0106.pdf
page_z0107.pdf
page_z0108.pdf
page_z0109.pdf
page_z0110.pdf
page_z0111.pdf
page_z0112.pdf
page_z0113.pdf
page_z0114.pdf
page_z0115.pdf
page_z0116.pdf
page_z0117.pdf
page_z0118.pdf
page_z0119.pdf
page_z0120.pdf
page_z0121.pdf
page_z0122.pdf
page_z0123.pdf
page_z0124.pdf
page_z0125.pdf
page_z0126.pdf
page_z0127.pdf
page_z0128.pdf
page_z0129.pdf
page_z0130.pdf
page_z0131.pdf
page_z0132.pdf
page_z0133.pdf
page_z0134.pdf
page_z0135.pdf
page_z0136.pdf
page_z0137.pdf
page_z0138.pdf
page_z0139.pdf
page_z0140.pdf
page_z0141.pdf
page_z0142.pdf
page_z0143.pdf
page_z0144.pdf
page_z0145.pdf
page_z0146.pdf
page_z0147.pdf
page_z0148.pdf
page_z0149.pdf
page_z0150.pdf
page_z0151.pdf
page_z0152.pdf
page_z0153.pdf
page_z0154.pdf
page_z0155.pdf
page_z0156.pdf
page_z0157.pdf
page_z0158.pdf
page_z0159.pdf
page_z0160.pdf
page_z0161.pdf
page_z0162.pdf
page_z0163.pdf
page_z0164.pdf
page_z0165.pdf
page_z0166.pdf
page_z0167.pdf
page_z0168.pdf
page_z0169.pdf
page_z0170.pdf
page_z0171.pdf
page_z0172.pdf
page_z0173.pdf
page_z0174.pdf
page_z0175.pdf
page_z0176.pdf
page_z0177.pdf
page_z0178.pdf
page_z0179.pdf
page_z0180.pdf
page_z0181.pdf
page_z0182.pdf
page_z0183.pdf
page_z0184.pdf
page_z0185.pdf
page_z0186.pdf
page_z0187.pdf
page_z0188.pdf
page_z0189.pdf
page_z0190.pdf
page_z0191.pdf
page_z0192.pdf
page_z0193.pdf
page_z0194.pdf
page_z0195.pdf
page_z0196.pdf
page_z0197.pdf
page_z0198.pdf
page_z0199.pdf
page_z0200.pdf
page_z0201.pdf
page_z0202.pdf
page_z0203.pdf
page_z0204.pdf
page_z0205.pdf
page_z0206.pdf
page_z0207.pdf
page_z0208.pdf
page_z0209.pdf
page_z0210.pdf
page_z0211.pdf
page_z0212.pdf
page_z0213.pdf
page_z0214.pdf
page_z0215.pdf
page_z0216.pdf
page_z0217.pdf
page_z0218.pdf
page_z0219.pdf
page_z0220.pdf
page_z0221.pdf
page_z0222.pdf
page_z0223.pdf
page_z0224.pdf
page_z0225.pdf
page_z0226.pdf
page_z0227.pdf
page_z0228.pdf
page_z0229.pdf
page_z0230.pdf
page_z0231.pdf
page_z0232.pdf
page_z0233.pdf
page_z0234.pdf
page_z0235.pdf
page_z0236.pdf
page_z0237.pdf
page_z0238.pdf
page_z0239.pdf
page_z0240.pdf
page_z0241.pdf
page_z0242.pdf
page_z0243.pdf
page_z0244.pdf
page_z0245.pdf
page_z0246.pdf
page_z0247.pdf
page_z0248.pdf
page_z0249.pdf
page_z0250.pdf
page_z0251.pdf
page_z0252.pdf
page_z0253.pdf
page_z0254.pdf
page_z0255.pdf
page_z0256.pdf
page_z0257.pdf
page_z0258.pdf
page_z0259.pdf
page_z0260.pdf
page_z0261.pdf
page_z0262.pdf
page_z0263.pdf
page_z0264.pdf
page_z0265.pdf
page_z0266.pdf
page_z0267.pdf
page_z0268.pdf
page_z0269.pdf
page_z0270.pdf
page_z0271.pdf
page_z0272.pdf
page_z0273.pdf
page_z0274.pdf
page_z0275.pdf
page_z0276.pdf
page_z0277.pdf
page_z0278.pdf
page_z0279.pdf
page_z0280.pdf
page_z0281.pdf
page_z0282.pdf
page_z0283.pdf
page_z0284.pdf
page_z0285.pdf
page_z0286.pdf
page_z0287.pdf
page_z0288.pdf
page_z0289.pdf
page_z0290.pdf
page_z0291.pdf
page_z0292.pdf
page_z0293.pdf
page_z0294.pdf
page_z0295.pdf
page_z0296.pdf
page_z0297.pdf
page_z0298.pdf
page_z0299.pdf
page_z0300.pdf
page_z0301.pdf
page_z0302.pdf
page_z0303.pdf
page_z0304.pdf
page_z0305.pdf
page_z0306.pdf
page_z0307.pdf
page_z0308.pdf
page_z0309.pdf
page_z0310.pdf
page_z0311.pdf
page_z0312.pdf
page_z0313.pdf
page_z0314.pdf
page_z0315.pdf
page_z0316.pdf
page_z0317.pdf
page_z0318.pdf
page_z0319.pdf
page_z0320.pdf
page_z0321.pdf
page_z0322.pdf
page_z0323.pdf
page_z0324.pdf
page_z0325.pdf
page_z0326.pdf
page_z0327.pdf
page_z0328.pdf
page_z0329.pdf
page_z0330.pdf
page_z0331.pdf
page_z0332.pdf
page_z0333.pdf
page_z0334.pdf
page_z0335.pdf
page_z0336.pdf
page_z0337.pdf
page_z0338.pdf
page_z0339.pdf
page_z0340.pdf
page_z0341.pdf
page_z0342.pdf
page_z0343.pdf
page_z0344.pdf
page_z0345.pdf
page_z0346.pdf
page_z0347.pdf
page_z0348.pdf
page_z0349.pdf
page_z0350.pdf
page_z0351.pdf
page_z0352.pdf
page_z0353.pdf
page_z0354.pdf
page_z0355.pdf
page_z0356.pdf
page_z0357.pdf
page_z0358.pdf
page_z0359.pdf
page_z0360.pdf
page_z0361.pdf
page_z0362.pdf
page_z0363.pdf
page_z0364.pdf
page_z0365.pdf
page_z0366.pdf
page_z0367.pdf
page_z0368.pdf
page_z0369.pdf
page_z0370.pdf
page_z0371.pdf
page_z0372.pdf
page_z0373.pdf
page_z0374.pdf
page_z0375.pdf
page_z0376.pdf
page_z0377.pdf
page_z0378.pdf
page_z0379.pdf
page_z0380.pdf
page_z0381.pdf
page_z0382.pdf
page_z0383.pdf
page_z0384.pdf
page_z0385.pdf
page_z0386.pdf
page_z0387.pdf
page_z0388.pdf
page_z0389.pdf
page_z0390.pdf
page_z0391.pdf
page_z0392.pdf
page_z0393.pdf
page_z0394.pdf
page_z0395.pdf
page_z0396.pdf
page_z0397.pdf
page_z0398.pdf
page_z0399.pdf
page_z0400.pdf
page_z0401.pdf
page_z0402.pdf
page_z0403.pdf
page_z0404.pdf
page_z0405.pdf
page_z0406.pdf
page_z0407.pdf
page_z0408.pdf
page_z0409.pdf
page_z0410.pdf
page_z0411.pdf
page_z0412.pdf
page_z0413.pdf
page_z0414.pdf
page_z0415.pdf
page_z0416.pdf
page_z0417.pdf
page_z0418.pdf
page_z0419.pdf
page_z0420.pdf
page_z0421.pdf
page_z0422.pdf
page_z0423.pdf
page_z0424.pdf
page_z0425.pdf
page_z0426.pdf
page_z0427.pdf
page_z0428.pdf
page_z0429.pdf
page_z0430.pdf
page_z0431.pdf
page_z0432.pdf
page_z0433.pdf
page_z0434.pdf
page_z0435.pdf
page_z0436.pdf
page_z0437.pdf
page_z0438.pdf
page_z0439.pdf
page_z0440.pdf
page_z0441.pdf
page_z0442.pdf
page_z0443.pdf
page_z0444.pdf
page_z0445.pdf
page_z0446.pdf
page_z0447.pdf
page_z0448.pdf
page_z0449.pdf
page_z0450.pdf
page_z0451.pdf
page_z0452.pdf
page_z0453.pdf
page_z0454.pdf
page_z0455.pdf
page_z0456.pdf
page_z0457.pdf
page_z0458.pdf
page_z0459.pdf
page_z0460.pdf
page_z0461.pdf
page_z0462.pdf
page_z0463.pdf
page_z0464.pdf
page_z0465.pdf
page_z0466.pdf
page_z0467.pdf
page_z0468.pdf
page_z0469.pdf
page_z0470.pdf
page_z0471.pdf
page_z0472.pdf
page_z0473.pdf
page_z0474.pdf
page_z0475.pdf
page_z0476.pdf
page_z0477.pdf
page_z0478.pdf
page_z0479.pdf
page_z0480.pdf
page_z0481.pdf
page_z0482.pdf
page_z0483.pdf
page_z0484.pdf
page_z0485.pdf
page_z0486.pdf
page_z0487.pdf
page_z0488.pdf
page_z0489.pdf
page_z0490.pdf
page_z0491.pdf
page_z0492.pdf
page_z0493.pdf
page_z0494.pdf
page_z0495.pdf
page_z0496.pdf
page_z0497.pdf
page_z0498.pdf
page_z0499.pdf
page_z0500.pdf
page_z0501.pdf
page_z0502.pdf
page_z0503.pdf
page_z0504.pdf
page_z0505.pdf
page_z0506.pdf
page_z0507.pdf
page_z0508.pdf
page_z0509.pdf
page_z0510.pdf
page_z0511.pdf
page_z0512.pdf
page_z0513.pdf
page_z0514.pdf
page_z0515.pdf
page_z0516.pdf
page_z0517.pdf
page_z0518.pdf
page_z0519.pdf
page_z0520.pdf
page_z0521.pdf
page_z0522.pdf
page_z0523.pdf
page_z0524.pdf
page_z0525.pdf
page_z0526.pdf
page_z0527.pdf
page_z0528.pdf
page_z0529.pdf
page_z0530.pdf
page_z0531.pdf
page_z0532.pdf
page_z0533.pdf
page_z0534.pdf
page_z0535.pdf
page_z0536.pdf
page_z0537.pdf
page_z0538.pdf
page_z0539.pdf
page_z0540.pdf
page_z0541.pdf
page_z0542.pdf
page_z0543.pdf
page_z0544.pdf
page_z0545.pdf
page_z0546.pdf
page_z0547.pdf
page_z0548.pdf
page_z0549.pdf
page_z0550.pdf
page_z0551.pdf
page_z0552.pdf
page_z0553.pdf
page_z0554.pdf
page_z0555.pdf
page_z0556.pdf
page_z0557.pdf
page_z0558.pdf
page_z0559.pdf
page_z0560.pdf
page_z0561.pdf
page_z0562.pdf
page_z0563.pdf
page_z0564.pdf
page_z0565.pdf
page_z0566.pdf
page_z0567.pdf
page_z0568.pdf
page_z0569.pdf
page_z0570.pdf
page_z0571.pdf
page_z0572.pdf
page_z0573.pdf
page_z0574.pdf
page_z0575.pdf
page_z0576.pdf
page_z0577.pdf
page_z0578.pdf
page_z0579.pdf
page_z0580.pdf
page_z0581.pdf
page_z0582.pdf
page_z0583.pdf
page_z0584.pdf
page_z0585.pdf
page_z0586.pdf
page_z0587.pdf
page_z0588.pdf
page_z0589.pdf
page_z0590.pdf
page_z0591.pdf
page_z0592.pdf
page_z0593.pdf
page_z0594.pdf
page_z0595.pdf
page_z0596.pdf
page_z0597.pdf
page_z0598.pdf
page_z0599.pdf
page_z0600.pdf
page_z0601.pdf
page_z0602.pdf
page_z0603.pdf
page_z0604.pdf
page_z0605.pdf
page_z0606.pdf
page_z0607.pdf
page_z0608.pdf
page_z0609.pdf
page_z0610.pdf
page_z0611.pdf
page_z0612.pdf
page_z0613.pdf
page_z0614.pdf
page_z0615.pdf
page_z0616.pdf
page_z0617.pdf
page_z0618.pdf
page_z0619.pdf
page_z0620.pdf
page_z0621.pdf
page_z0622.pdf
page_z0623.pdf
page_z0624.pdf
page_z0625.pdf
page_z0626.pdf
page_z0627.pdf
page_z0628.pdf
page_z0629.pdf
page_z0630.pdf
page_z0631.pdf
page_z0632.pdf
page_z0633.pdf
page_z0634.pdf
page_z0635.pdf
page_z0636.pdf
page_z0637.pdf
page_z0638.pdf
page_z0639.pdf
page_z0640.pdf
page_z0641.pdf
page_z0642.pdf
page_z0643.pdf
page_z0644.pdf
page_z0645.pdf
page_z0646.pdf
page_z0647.pdf
page_z0648.pdf
page_z0649.pdf
page_z0650.pdf
page_z0651.pdf
page_z0652.pdf
page_z0653.pdf
page_z0654.pdf
page_z0655.pdf
page_z0656.pdf
page_z0657.pdf
page_z0658.pdf
page_z0659.pdf
page_z0660.pdf
page_z0661.pdf
page_z0662.pdf
page_z0663.pdf
page_z0664.pdf
page_z0665.pdf
page_z0666.pdf
page_z0667.pdf
page_z0668.pdf
page_z0669.pdf
page_z0670.pdf
page_z0671.pdf
page_z0672.pdf
page_z0673.pdf
page_z0674.pdf
page_z0675.pdf
page_z0676.pdf
page_z0677.pdf
page_z0678.pdf
page_z0679.pdf
page_z0680.pdf
page_z0681.pdf
page_z0682.pdf
page_z0683.pdf
page_z0684.pdf
page_z0685.pdf
page_z0686.pdf
page_z0687.pdf
page_z0688.pdf
page_z0689.pdf
page_z0690.pdf
page_z0691.pdf
page_z0692.pdf
page_z0693.pdf
page_z0694.pdf
page_z0695.pdf
page_z0696.pdf
page_z0697.pdf
page_z0698.pdf
page_z0699.pdf
page_z0700.pdf
page_z0701.pdf
page_z0702.pdf
page_z0703.pdf
page_z0704.pdf
page_z0705.pdf
page_z0706.pdf
page_z0707.pdf
page_z0708.pdf
page_z0709.pdf
page_z0710.pdf
page_z0711.pdf
page_z0712.pdf
page_z0713.pdf
page_z0714.pdf
page_z0715.pdf
page_z0716.pdf
page_z0717.pdf
page_z0718.pdf
page_z0719.pdf
page_z0720.pdf
page_z0721.pdf
page_z0722.pdf
page_z0723.pdf
page_z0724.pdf
page_z0725.pdf
page_z0726.pdf
page_z0727.pdf
page_z0728.pdf
page_z0729.pdf
page_z0730.pdf
page_z0731.pdf
page_z0732.pdf
page_z0733.pdf
page_z0734.pdf
page_z0735.pdf
page_z0736.pdf
page_z0737.pdf
page_z0738.pdf
page_z0739.pdf
page_z0740.pdf
page_z0741.pdf
page_z0742.pdf
page_z0743.pdf
page_z0744.pdf
page_z0745.pdf
page_z0746.pdf
page_z0747.pdf
page_z0748.pdf
page_z0749.pdf
page_z0750.pdf
page_z0751.pdf
page_z0752.pdf
page_z0753.pdf
page_z0754.pdf
page_z0755.pdf
page_z0756.pdf
page_z0757.pdf
page_z0758.pdf
page_z0759.pdf
page_z0760.pdf
page_z0761.pdf
page_z0762.pdf
page_z0763.pdf
page_z0764.pdf
page_z0765.pdf
page_z0766.pdf
page_z0767.pdf
page_z0768.pdf
page_z0769.pdf
page_z0770.pdf
page_z0771.pdf
page_z0772.pdf
page_z0773.pdf
page_z0774.pdf
page_z0775.pdf
page_z0776.pdf
page_z0777.pdf
page_z0778.pdf
page_z0779.pdf
page_z0780.pdf
page_z0781.pdf
page_z0782.pdf
page_z0783.pdf
page_z0784.pdf
page_z0785.pdf
page_z0786.pdf
page_z0787.pdf
page_z0788.pdf
page_z0789.pdf
page_z0790.pdf
page_z0791.pdf
page_z0792.pdf
page_z0793.pdf
page_z0794.pdf
page_z0795.pdf
page_z0796.pdf
page_z0797.pdf
page_z0798.pdf
page_z0799.pdf
page_z0800.pdf
page_z0801.pdf
page_z0802.pdf
page_z0803.pdf
page_z0804.pdf
page_z0805.pdf
page_z0806.pdf
page_z0807.pdf
page_z0808.pdf

Nội dung

Chapter 12: User Logins, Profi les, and Personalization 361 $_SESSION[‘username’] = $username; $_SESSION[‘logged’] = 1; header (‘Refresh: 5; URL=’ . $redirect); echo ‘ < p > You will be redirected to your original page request. < /p > ’; echo ‘ < p > If your browser doesn\’t redirect you properly ‘ . ‘automatically, < a href=”’ . $redirect . ‘” > click here < /a > . < /p > ’; die(); } else { // set these explicitly just to make sure $_SESSION[‘username’] = ‘’; $_SESSION[‘logged’] = 0; $error = ‘ < p > < strong > You have supplied an invalid username and/or ‘ . ‘password! < /strong > Please < a href=”register.php” > click here ‘ . ‘to register < /a > if you have not done so already. < /p > ’; } } } ? > < html > < head > < title > Login < /title > < /head > < body > < ?php if (isset($error)) { echo $error; } ? > < form action=”login.php” method=”post” > < table > < tr > < td > Username: < /td > < td > < input type=”text” name=”username” maxlength=”20” size=”20” value=” < ?php echo $username; ? > ”/ > < /td > < /tr > < tr > < td > Password: < /td > < td > < input type=”password” name=”password” maxlength=”20” size=”20” value=” < ?php echo $password; ? > ”/ > < /td > < /tr > < tr > < td > < /td > < td > < input type=”hidden” name=”redirect” value=” < ?php echo $redirect ? > ”/ > < input type=”submit” name=”submit” value=”Login”/ > < /tr > < /table > < /form > < /body > < /html > c12.indd 361c12.indd 361 12/10/08 6:07:23 PM12/10/08 6:07:23 PM 362 Part II: Comic Book Fan Site 4. Save the file as login.php . 5. Navigate to the secret.php page you created. Because you haven ’ t logged in yet, the auth.inc.php file you included redirects you to the login.php page, as shown in Figure 12 - 3 . Figure 12-3 6. Try using incorrect login information so you can see how the page works. You will see a screen similar to the one shown in Figure 12 - 4 . c12.indd 362c12.indd 362 12/10/08 6:07:23 PM12/10/08 6:07:23 PM Chapter 12: User Logins, Profi les, and Personalization 363 7. Now, input the correct information: wroxbooks for the username and aregreat for the password. You are redirected to the page you originally requested, because you supplied the correct information. You will see a screen similar to Figure 12 - 5 . Figure 12-4 c12.indd 363c12.indd 363 12/10/08 6:07:24 PM12/10/08 6:07:24 PM 364 Part II: Comic Book Fan Site How It Works The PHP pages you just created are used to authorize a user to view a certain page of your site. When you navigate to secret.php , the included auth.inc.php file checks to see if you have successfully started a session by logging in. If not, you are redirected to the login page. This is the magic line of code that does the checking: if (!isset($_SESSION[‘logged’]) || $_SESSION[‘logged’] != 1) { The $ _SESSION[ ‘ logged ’ ] is the variable you are checking for, and the value 1 is another way of checking for true. Right now, you have a username and password hard - coded into your page. If you want numerous users, you would have to edit your page accordingly and add those values for those users. if (!empty($_POST[‘username’]) & & $_POST[‘username’] == ‘wroxbooks’ & & !empty($_POST[‘password’]) & & $_POST[‘password’] == ‘aregreat’) { This is a very useful way to protect your PHP files to limit use to logged - in users and administrators. However, there is one major drawback that you will resolve later when you integrate the database - driven system: Hard - coded usernames and passwords are only manageable when the number of users Figure 12-5 c12.indd 364c12.indd 364 12/10/08 6:07:24 PM12/10/08 6:07:24 PM Chapter 12: User Logins, Profi les, and Personalization 365 with login information is small. As the number of users grows, the credentials will become more cumbersome and unwieldy to manage. In the next sections, you learn how you can use PHP in conjunction with MySQL to create user - driven login systems. You also learn how to allow for multiple administrators, multiple usernames and passwords, and privilege levels that can be managed with the MySQL database. Using Database - Driven Information Before you can use database - driven logins, you obviously need to have the appropriate tables set up. So first you will create the tables in your MySQL database. You will also add a few sample user accounts for testing purposes. Try It Out Creating the Database Tables 1. Create a new PHP script with the following code: < ?php require ‘db.inc.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); // create the user table $query = ‘CREATE TABLE IF NOT EXISTS site_user ( user_id INTEGER NOT NULL AUTO_INCREMENT, username VARCHAR(20) NOT NULL, password CHAR(41) NOT NULL, PRIMARY KEY (user_id) ) ENGINE=MyISAM’; mysql_query($query, $db) or die (mysql_error($db)); // create the user information table $query = ‘CREATE TABLE IF NOT EXISTS site_user_info ( user_id INTEGER NOT NULL, first_name VARCHAR(20) NOT NULL, last_name VARCHAR(20) NOT NULL, email VARCHAR(50) NOT NULL, city VARCHAR(20), state CHAR(2), hobbies VARCHAR(255), FOREIGN KEY (user_id) REFERENCES site_user(user_id) c12.indd 365c12.indd 365 12/10/08 6:07:25 PM12/10/08 6:07:25 PM 366 Part II: Comic Book Fan Site ) ENGINE=MyISAM’; mysql_query($query, $db) or die (mysql_error($db)); // populate the user table $query = ‘INSERT IGNORE INTO site_user (user_id, username, password) VALUES (1, “john”, PASSWORD(“secret”)), (2, “sally”, PASSWORD(“password”))’; mysql_query($query, $db) or die (mysql_error($db)); // populate the user information table $query = ‘INSERT IGNORE INTO site_user_info (user_id, first_name, last_name, email, city, state, hobbies) VALUES (1, “John”, “Doe”, “jdoe@example.com”, NULL, NULL, NULL), (2, “Sally”, “Smith”, “ssmith@example.com”, NULL, NULL, NULL)’; mysql_query($query, $db) or die (mysql_error($db)); echo ‘Success!’; ? > 2. Save the file as db_ch12 - 1.php . 3. Open db_ch12 - 1.php in your web browser. PHP will execute the code to create the tables in your database and then show you the success message if everything goes correctly. How It Works First, you created an administration table named site user . This is where you can keep track of the administrators managing your system. $query = ‘CREATE TABLE IF NOT EXISTS site_user ( user_id INTEGER NOT NULL AUTO_INCREMENT, username VARCHAR(20) NOT NULL, password CHAR(41) NOT NULL, PRIMARY KEY (user_id) ) ENGINE=MyISAM’; mysql_query($query, $db) or die (mysql_error($db)); Then, you created a second table named site_user_info to store additional information about your administrators, such as their names, where they are from, and their hobbies: $query = ‘CREATE TABLE IF NOT EXISTS site_user_info ( user_id INTEGER NOT NULL, first_name VARCHAR(20) NOT NULL, last_name VARCHAR(20) NOT NULL, email VARCHAR(50) NOT NULL, city VARCHAR(20), c12.indd 366c12.indd 366 12/10/08 6:07:25 PM12/10/08 6:07:25 PM Chapter 12: User Logins, Profi les, and Personalization 367 state CHAR(2), hobbies VARCHAR(255), FOREIGN KEY (user_id) REFERENCES site_user(user_id) ) ENGINE=MyISAM’; mysql_query($query, $db) or die (mysql_error($db)); You then added a couple of administrators in your tables, so you can begin to create the registration portion of your PHP code to allow users to register and log in, and update their information or delete their accounts if needed. $query = ‘INSERT IGNORE INTO site_user (user_id, username, password) VALUES (1, “john”, PASSWORD(“secret”)), (2, “sally”, PASSWORD(“password”))’; mysql_query($query, $db) or die (mysql_error($db)); $query = ‘INSERT IGNORE INTO site_user_info (user_id, first_name, last_name, email, city, state, hobbies) VALUES (1, “John”, “Doe”, “jdoe@example.com”, NULL, NULL, NULL), (2, “Sally”, “Smith”, “ssmith@example.com”, NULL, NULL, NULL)’; mysql_query($query, $db) or die (mysql_error($db)); If you looked at the records stored in site_user after running db_ch12 - 1.php , you will have noticed what looks like gibberish stored in the password column. You aren ’ t storing the user ’ s actual password. Rather, you are storing a hash representation of it, by using MySQL ’ s PASSWORD() function. You can think of hashing as a form of one - way encryption. The algorithms that perform the hashing for you are quite complex, and guarantee that every time you hash the same value you will get the same gibberish - looking string as a result. If the input values are off, even ever so slightly, then the result will be wildly different. For example, when you hash the word “ secret ” with the PASSWORD() function, you get * 14E65567ABDB5135D0CFD9A70B3032C179A49EE7 . But if you hash “ Secret ” you get * 0CD5E5F2DE02BE98C175EB67EB906B926F001B9B instead! So how will you verify the user when he or she logs in to your web site and provides a username and password? Simple. Remember, the hash will always be the same for the same value. So all you need to do is take a provided password and hash it with PASSWORD() . Then, if that value matches the value stored in the database, you know the user entered the correct password. You will see this in action shortly. It is a good idea to avoid storing the user ’ s actual password, if you can. This way, if your database were to be compromised, the attacker would be faced with quite a task trying to figure out the users ’ passwords from the hash values. Unlike encryption, hashing is a one - direction - only process. That is, you cannot take a hash value and convert it back to the original value. Once the user has been authenticated, you can again use sessions to track the user and provide access to sensitive sections of your web site. Let ’ s continue forward in building the user login system. c12.indd 367c12.indd 367 12/10/08 6:07:25 PM12/10/08 6:07:25 PM 368 Part II: Comic Book Fan Site Try It Out Session Tracking with PHP and My SQL In this exercise, you create a user login system that uses the database tables you created earlier. You will program it so that the user is required to input a username, password, first name, last name, and e - mail address. The other fields that will be stored in the site_user_info table will be optional. 1. First, create an index page that looks for login information, similar to the one in the previous example, but don ’ t include an authorization page, so that you can show different content based on whether or not the user is logged in. This allows the user the chance to log in, if he or she wishes to. Call this page main.php , and use the following code to create it: < ?php session_start(); ? > < html > < head > < title > Main Page < /title > < /head > < body > < h1 > Welcome to the home page! < /h1 > < ?php if (isset($_SESSION[‘logged’]) & & $_SESSION[‘logged’] == 1) { // user is logged in } else { // user is not logged in } ? > < /body > < /html > 2. Now, modify the main.php file as shown, so you can have different content show up, depending on whether or not a user is logged in. This first branch will be available when the user is logged in, and will contain links to the users ’ own personal area (which you create later), to allow them to update personal information or delete their account entirely. The second branch will simply contain some information about the benefits that registering provides and explain how to go about registering: < ?php session_start(); ? > < html > < head > < title > Main Page < /title > < /head > < body > < h1 > Welcome to the home page! < /h1 > < ?php if (isset($_SESSION[‘logged’]) & & $_SESSION[‘logged’] == 1) { // user is logged in c12.indd 368c12.indd 368 12/10/08 6:07:25 PM12/10/08 6:07:25 PM Chapter 12: User Logins, Profi les, and Personalization 369 ? > < p > Thank you for logging into our system, < b > < ?php echo $_SESSION[‘username’];? > . < /b > < /p > < p > You may now < a href=”user_personal.php” > click here < /a > to go to your own personal information area and update or remove your information should you wish to do so. < /p > < ?php } else { // user is not logged in ? > < p > You are currently not logged in to our system. Once you log in, you will have access to your personal area along with other user information. < /p > < p > If you have already registered, < a href=”login.php” > click here < /a > to log in. Or if you would like to create an account, < a href=”register.php” > click here < /a > to register. < /p > < ?php } ? > < /body > < /html > 3. Create the registration page, making sure you include the optional fields, and that the username chosen by the user registering isn ’ t the same as an existing username. Call it register.php . If users don ’ t fill out some required fields, or use an already registered username, you will notify them and keep what has already been entered in the appropriate fields, so they don ’ t have to reenter everything. < ?php session_start(); include ‘db.inc.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $hobbies_list = array(‘Computers’, ‘Dancing’, ‘Exercise’, ‘Flying’, ‘Golfing’, ‘Hunting’, ‘Internet’, ‘Reading’, ‘Traveling’, ‘Other than listed’); // filter incoming values $username = (isset($_POST[‘username’])) ? trim($_POST[‘username’]) : ‘’; $password = (isset($_POST[‘password’])) ? $_POST[‘password’] : ‘’; $first_name = (isset($_POST[‘first_name’])) ? trim($_POST[‘first_name’]) : ‘’; $last_name = (isset($_POST[‘last_name’])) ? trim($_POST[‘last_name’]) : ‘’; $email = (isset($_POST[‘email’])) ? trim($_POST[‘email’]) : ‘’; $city = (isset($_POST[‘city’])) ? trim($_POST[‘city’]) : ‘’; $state = (isset($_POST[‘state’])) ? trim($_POST[‘state’]) : ‘’; $hobbies = (isset($_POST[‘hobbies’]) & & is_array($_POST[‘hobbies’])) ? c12.indd 369c12.indd 369 12/10/08 6:07:26 PM12/10/08 6:07:26 PM 370 Part II: Comic Book Fan Site $_POST[‘hobbies’] : array(); if (isset($_POST[‘submit’]) & & $_POST[‘submit’] == ‘Register’) { $errors = array(); // make sure manditory fields have been entered if (empty($username)) { $errors[] = ‘Username cannot be blank.’; } // check if username already is registered $query = ‘SELECT username FROM site_user WHERE username = “’ . $username . ‘”’; $result = mysql_query($query, $db) or die(mysql_error()); if (mysql_num_rows($result) > 0) { $errors[] = ‘Username ‘ . $username . ‘ is already registered.’; $username = ‘’; } mysql_free_result($result); if (empty($password)) { $errors[] = ‘Password cannot be blank.’; } if (empty($first_name)) { $errors[] = ‘First name cannot be blank.’; } if (empty($last_name)) { $errors[] = ‘Last name cannot be blank.’; } if (empty($email)) { $errors[] = ‘Email address cannot be blank.’; } if (count($errors) > 0) { echo ‘ < p > < strong style=”color:#FF000;” > Unable to process your ‘ . ‘registration. < /strong > < /p > ’; echo ‘ < p > Please fix the following: < /p > ’; echo ‘ < ul > ’; foreach ($errors as $error) { echo ‘ < li > ’ . $error . ‘ < /li > ’; } echo ‘ < /ul > ’; } else { // No errors so enter the information into the database. $query = ‘INSERT INTO site_user (user_id, username, password) VALUES (NULL, “’ . mysql_real_escape_string($username, $db) . ‘”, ‘ . ‘PASSWORD(“’ . mysql_real_escape_string($password, $db) . ‘”))’; c12.indd 370c12.indd 370 12/10/08 6:07:26 PM12/10/08 6:07:26 PM [...]... = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); if (isset($_POST[‘submit’]) && $_POST[‘submit’] == ‘Yes’) { $query = ‘DELETE i FROM site_user u JOIN site_user_info i ON u.user_id = i.user_id WHERE u.username=”’ mysql_ real_escape_string($_SESSION[‘username’], $db) ‘”’; mysql_ query($query,... the username and password against usernames and passwords stored in the MySQL database The necessary changes are highlighted: Personal Info Welcome to your personal information area.... Create the first page, update_account.php, with the following code: . ‘db.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); . ‘db.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); . ‘db.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); ?

Ngày đăng: 03/07/2014, 07:20

Xem thêm