PHP Developer’s Dictionary IT-SC book 35 <? $dirname = "."; if ( is_dir( $dirname ) ) print $dirname." is a directory"; else print $dirname." is not a directory"; ?> </body> </html> With the object-oriented look and feel of some of the functions in PHP, reading a directory is as simple as using the directory object and the read() method. The following example illustrates the use of the dir() function and the associated read() and close() methods: <HEAD> <TITLE>Reading a Directory</TITLE> </HEAD> <BODY> <? $dirname = "."; $dh = dir($dirname ); while ($filename = $dh->read()){ print "$filename<br>"; } $dh->close(); ?> </BODY> </HTML> These simple examples illustrate the use of some of the directory functions in PHP. Because of the nature of the filesystem, some of the functions that operate on directories also perform a similar operation on files. The following section discusses some of these functions. Filesystem Functions The method of working with directory handles described earlier holds true for filesystem functions. Some functions use file handles and others do not. Some of the functions that do not require file handles are is_readable() , is_writeable() , and filesize() . Examples of how to use these functions are described in the following code snippets. The following code snippet checks the file named samplefile.doc and returns a string indicating whether the file is readable: if ( is_readable( "samplefile.doc" ) ) print "The file IS readable"; else print "The file IS NOT readable"; PHP Developer’s Dictionary IT-SC book 36 The following snippet of code is similar to the preceding code except that it checks whether samplefile.doc is writeable and returns the appropriate string: if ( is_writeable( "samplefile.doc" ) ) print "The file IS writeable"; else print "The file IS NOT writeable"; You can also return other information about a file. For instance, our fictional file, samplefile.doc, has certain properties that can be displayed. These properties include the last access time, the last modified time, the last changed time, and the size of the file. The following sample code illustrates how to return the information about a file: <HTML> <HEAD> <TITLE>Returning information about a file</TITLE> </HEAD> <BODY> <? print "The size of the file is "; print filesize( "samplefile.doc" ); print "<br>"; $atime = fileatime( "samplefile.doc" ); print "This file accessed on "; print date("l, M d, Y g:i a", $atime); print "<br>"; $mtime = filemtime( "samplefile.doc" ); print "This file was modified on "; print date("l, M d, Y g:i a", $mtime); print "<br>"; $ctime = filectime( "samplefile.doc" ); print "This file was changed on "; print date("l, M d, Y g:i a", $ctime); ?> </BODY> </HTML> For the next example, you will need to create a file called tenfile.txt and place this file in the same directory as the PHP script. The file's contents should be 012345678901235678890123456789 This example will open a file in read-only mode using the fopen() function and assign the returned file pointer to $fp . The while loop will first check for an End-of- File (EOF) and if an EOF is not returned, ten characters are read using the fread() function. These characters are stored in the $tenchars variable. The $tenchars variable is then printed with an HTML break ( <br> ) following the variable. The following is a listing of the code: <HTML> <HEAD> PHP Developer’s Dictionary IT-SC book 37 <TITLE>Opening a File and Reading 10 Characters at a Time</TITLE> </HEAD> <BODY> <? $file = "tenfile.txt"; $fp = fopen( $file, "r" ); while ( ! feof( $fp ) ){ $tenchars = fread( $fp, 10 ); print "$tenchars<br>"; } ?> </BODY> </HTML> The output of this example looks like this: 0123456789 0123567889 0123456789 The previous two sections are closely related and the techniques that you learned can be easily transferred between the directory and the filesystem functions. HTTP Authentication One of the more sophisticated features in Web development is the topic of HTTP authentication. This involves authenticating to a restricted area of a Web site, usually with a username and password. This restriction can entice visitors to your Web site to register or pay fees. It can also be a means to restrict access to sensitive information on a company's intranet. Overview PHP provides HTTP authentication when it is running as an Apache module. This functionality is not available when running PHP as a CGI or an IIS filter. This is because the authentication mechanism in PHP uses the Header() function to send an "authentication required" message to the browser. This causes a username and password window to pop up in the browser. After the user has filled in a username and a password, the variables $PHP_AUTH_USER , $PHP_AUTH_PW , and $PHP_AUTH_TYPE are set to the username, password, and authentication type, respectively. An example of this is <?php if(!isset($PHP_AUTH_USER)) { Header("WWW-Authenticate: Basic realm=\ "Initial Realm\ ""); Header("HTTP/1.0 401 Unauthorized"); echo "The user hit the Cancel button\ n"; exit; } else { echo "Hello $PHP_AUTH_USER.<P>"; echo "You entered $PHP_AUTH_PW as your password.<P>"; } PHP Developer’s Dictionary IT-SC book 38 ?> In this example, instead of printing the $PHP_AUTH_USER and $PHP_AUTH_PW , you would probably want to check the username and password for validity, perhaps by sending a query to a database. Limitations In basic HTTP authentication, the password is passed over the network as uuencoded, plain text. The username and password are not encrypted in any way. Anyone capturing network traffic will not see the password as text, but the password will be easily decoded. This method of authentication is roughly as safe as Telnet-style username and password security. In other words, if you trust your machine to be on the Internet for telnet sessions, you have no reason not to trust this method of HTTP authentication. Other Authentication Methods This section provides an overview of alternative authentication methods. These methods often include setting a session variable that is then used by all secure pages to validate the user. Session variables are supported by PHP 4 and are the method of passing information to subsequent Web pages. When sessions are enabled, a user to your Web page is assigned a unique session identifier. This session ID is either saved in a cookie or is passed on the URL. The following example will display the session ID for the specific user: <? session_start(); ?> <HTML> <TITLE>Session IDs</TITLE> <HEAD> </HEAD> <BODY> <? echo "The session ID is ".session_id()."<br>"; ?> </BODY> </HTML> After a user session is established, you can register variables as session variables and make them available to the entire Web application. The following three sample pages will take some user input, namely a username and password, and register the variables in a user session. The first part of this example is a simple HTML form that calls the second PHP script in the FORM ACTION . <HTML> <HEAD> <TITLE>Session Variable Example</TITLE> PHP Developer’s Dictionary IT-SC book 39 </HEAD> <BODY> <H1>Input your LoginName and Password</H1> <FORM ACTION="page2.php" METHOD="POST"> Login Name: <input type="text" name="LoginName"><br> Password: <input type="password" name="Password"><br> <INPUT TYPE="submit" VALUE="Submit"><br> </FORM> </BODY> </HTML> These input fields are registered in the following example as session variables and then printed out in the body of the Web page: <? session_start(); ?> <HTML> <HEAD> <TITLE>Register the Session Variables</TITLE> </HEAD> <BODY> <? session_register( "LoginName" ); session_register( "Password" ); echo "Your LoginName and Password have been registered!<P>"; echo "<A HREF=page3.php>Check Session Variables</A><br>"; echo "LoginName: ".$LoginName."<br>"; echo "Password: ".$Password."<br>"; ?> </BODY> </HTML> To illustrate the functionality of session variables, notice that there is a hyperlink that directs you to another PHP script. This script source follows, and the only thing it does is print out $LoginName and $Password . No hidden variables are passed to this script and there is nothing in the query string to make these variables available to this script. The only way for this script to know about the $LoginName and $Password is for the values to be stored as session variables. <? session_start(); ?> <html> <head> <title>Check the Session Variables</title> </head> <body> <H1>These are you Registered Variables</H1> <? echo "LoginName: ".$LoginName."<br>"; . variables $PHP_ AUTH_USER , $PHP_ AUTH_PW , and $PHP_ AUTH_TYPE are set to the username, password, and authentication type, respectively. An example of this is < ?php if(!isset( $PHP_ AUTH_USER)). n"; exit; } else { echo "Hello $PHP_ AUTH_USER.<P>"; echo "You entered $PHP_ AUTH_PW as your password.<P>"; } PHP Developer’s Dictionary IT-SC book 38 ?>. the file is "; print filesize( "samplefile .doc& quot; ); print "<br>"; $atime = fileatime( "samplefile .doc& quot; ); print "This file accessed on ";