597 Logging In and Out Logging In and Out When a user loads the page index.php, he will see the output shown in Figure 27.2. Figure 27.2 The login screen for Warm Mail asks for your username and password. This is the default behavior for the application.With no $action chosen yet, and no login details supplied, we will execute the following parts of the code. In the preprocessing stage we first execute the following code: include ('include_fns.php'); session_start(); These lines start the session that will be used to keep track of the $auth_user and $selected_account session variables, which we’ll come to later on. As in our other applications, we create short variable names.We have done this in every form related script since chapter one, so it barely needs mention except for the variable action. Depending on where in the application this comes from, it might be either a GET or POST variable.We test for the existence of $HTTP_POST_VARS['action'] and if it is not set we use the GET version.The relevant code is these four lines: if(isset($HTTP_POST_VARS['action'])) $action = $HTTP_POST_VARS['action']; else $action = $HTTP_GET_VARS['action']; 33 525x ch27 1/24/03 2:56 PM Page 597 598 Chapter 27 Building a Web-Based Email Service We have to do the same thing with the account variable, as it is usually accessed via GET, but is accessed via POST when deleting an account. If you are using PHP 4.1 or newer you can avoid these issues by accessing the form variables via the $_REQUEST superglobal. (We have not used it here for backward com- patibility.) To save work when customizing the user interface, the buttons that appear on the toolbar are controlled by an array.We declare an empty array, $buttons = array(); and set the buttons that we want on the page: $buttons[0] = 'view-mailbox'; $buttons[1] = 'new-message'; $buttons[2] = 'account-setup'; For the header stage, we print a plain vanilla header: do_html_header($HTTP_SESSION_VARS['auth_user'], 'Warm Mail', $HTTP_SESSION_VARS['selected_account']); display_toolbar($buttons); This code prints the title and header bar and then the toolbar of buttons you can see in Figure 27.2.These functions can be found in the output_fns.php function library, but as you can easily see their effect in the figure, we won’t go through them here. Now we come to the body of the code: if(!check_auth_user()) { echo '<p>You need to log in'; if($action&&$action!='log-out') echo ' to go to '.format_action($action); echo '.</p><br /><br />'; display_login_form($action); } The check_auth_user() function is from the user_auth_fns.php library.We have used very similar code in some of the previous projects—it checks if the user is logged in. If he is not, which is the case here, we will show him a login form, which you can see in Figure 27.2.We draw this form in the display_login_form() function from output_fns.php. If the user fills in the form correctly and presses the Log In button, he will see the output shown in Figure 27.3. 33 525x ch27 1/24/03 2:56 PM Page 598 599 Logging In and Out Figure 27.3 After successful login, the user can begin using the application. On this execution of the script, we will activate different sections of code.The login form has two fields, $username and $password. If these have been filled in, the following segment of preprocessing code will be activated: if($username||$password) { if(login($username, $passwd)) { $status .= '<p>Logged in successfully.</p><br /><br /><br /><br /> <br /><br />'; $HTTP_SESSION_VARS['auth_user'] = $username; if(number_of_accounts($HTTP_SESSION_VARS['auth_user'])==1) { $accounts = get_account_list($HTTP_SESSION_VARS['auth_user']); $HTTP_SESSION_VARS['selected_account'] = $accounts[0]; } } else { $status .= '<p>Sorry, we could not log you in with that username and password.</p><br /><br /><br /><br /><br /><br />'; } } 33 525x ch27 1/24/03 2:56 PM Page 599 600 Chapter 27 Building a Web-Based Email Service As you can see, the code calls the login() function, which is similar to the one used in Chapters 24 and 25. If all goes well, we register the username in the session variable auth_user. In addition to setting up the buttons we saw while not logged in, we add another button to allow the user to log out again, as follows: if(check_auth_user()) { $buttons[4] = 'log-out'; } You can see this Log Out button in Figure 27.3. In the header stage, we again display the header and the buttons. In the body, we dis- play the status message we set up earlier: echo $status; After that, it’s just a case of printing the footer and waiting to see what the user will do next. Setting Up Accounts When a user first starts using the Warm Mail system, he will need to set up some email accounts. If the user clicks on the Account Setup button, this will set the action variable to account-setup and recall the index.php script.The user will then see the output shown in Figure 27.4. Figure 27.4 A user needs to set up his email account details before he can read his email. 33 525x ch27 1/24/03 2:56 PM Page 600 601 Setting Up Accounts Look back at the script in Listing 27.2.This time around because of the value of $action,we get different behavior. We get a slightly different header, as follows: do_html_header($HTTP_SESSION_VARS['auth_user'], 'Warm Mail - '. format_action($action), $HTTP_SESSION_VARS['selected_account']); More importantly, we get a different body, as follows: case 'store-settings' : case 'account-setup' : case 'delete-account' : { display_account_setup($HTTP_SESSION_VARS['auth_user']); break; } This is the typical pattern: Each command calls a function. In this case, we call the display_account_setup() function.The code for this function is shown in Listing 27.3. Listing 27.3 display_account_setup() Function from output_fns.php—Function to Get and Display Account Details function display_account_setup($auth_user) { //display empty 'new account' form display_account_form($auth_user); $list = get_accounts($auth_user); $accounts = sizeof($list); // display each stored account foreach($list as $key => $account) { // display form for each accounts details. // note that we are going to send the password for all accounts in the HTML // this is not really a very good idea display_account_form($auth_user, $account['accountid'], $account['server'], $account['remoteuser'], $account['remotepassword'], $account['type'], $account['port']); } } When we call this function, it displays a blank form to add a new account, followed by editable forms containing each of the user’s current email accounts.The display_account_form() function will display the form that we can see in Figure 27.4. You can see that we use it in two different ways here:We use it with no parameters to display an empty form, and we use it with a full set of parameters to display an 33 525x ch27 1/24/03 2:56 PM Page 601 . 597 Logging In and Out Logging In and Out When a user loads the page index .php, he will see the output shown in Figure 27.2. Figure 27.2 The login screen for Warm Mail asks for your username and password. This. Building a Web- Based Email Service We have to do the same thing with the account variable, as it is usually accessed via GET, but is accessed via POST when deleting an account. If you are using PHP. buttons that we want on the page: $buttons[0] = 'view-mailbox'; $buttons[1] = 'new-message'; $buttons[2] = 'account-setup'; For the header stage, we print a plain vanilla