COMP284 Scripting Languages – Handouts

COMP284 Scripting Languages
Lecture 12: PHP (Part 4)

Handouts

Ullrich Hustadt

Department of Computer Science
School of Electrical Engineering, Electronics, and Computer Science

University of Liverpool

Contents
1 Web applications

Overview
HTML forms

2 Available information and Input
Overview
PHP environment
Server variables
Form data

3 PHP sessions
Start a PHP session
Maintain session data
End a PHP session
Session management
Example

4 Authentication
Overview
Example

COMP284 Scripting Languages Lecture 12 Slide L12 – 1

Web applications Overview

Web applications using PHP

IBM: Build Ajax-based Web sites with PHP, 2 Sep 2008.
https://www.ibm.com/developerworks/library/wa-aj-php/ [accessed 6 Mar 2013]

COMP284 Scripting Languages Lecture 12 Slide L12 – 2

https://www.ibm.com/developerworks/library/wa-aj-php/

Web applications HTML forms

HTML forms

When considering Perl CGI programming we have used HTML forms that
generated a client request that was handled by a Perl CGI program:

…

Now we will use a PHP script instead:

…

• The PHP script file must be stored in a directory accessible by the web
server, for example $HOME/public_html, and be readable by the web
server

• The PHP script file name must have the extension .php, e.g. demo.php

COMP284 Scripting Languages Lecture 12 Slide L12 – 3

Available information and Input Overview

Information available to PHP scripts

• Information about the PHP environment

• Information about the web server and client request

• Information stored in files and datbases
• Form data

• Cookie/Session data

• Miscellaneous
• string date(format)

returns the current date/time presented according to format
for example, date(’H:i l, j F Y’)

results in 12:20 Thursday, 8 March 2012
(See http://www.php.net/manual/en/function.date.php)

• int time()
returns the current time measured in the number of seconds
since January 1 1970 00:00:00 GMT

COMP284 Scripting Languages Lecture 12 Slide L12 – 4

http://www.php.net/manual/en/function.date.php

Available information and Input PHP environment

PHP environment

• phpinfo() displays information about the PHP installation and
EGPCS data (Environment, GET, POST, Cookie, and Server data)
for the current client request

• phpinfo(part) displays selected information

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/phpinfo.php

INFO_GENERAL The configuration, php.ini location, build date,
web server

INFO_CONFIGURATION Local and master values for PHP directives
INFO_MODULES Loaded modules
INFO_VARIABLES All EGPCS data

COMP284 Scripting Languages Lecture 12 Slide L12 – 5

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/phpinfo.php

Available information and Input PHP environment

Manipulating the PHP configuration

The following functions can be used to access and change the
configuation of PHP from within a PHP script:

• array ini_get_all()
• returns all the registered configuration options

• string ini_get(option)
• returns the value of the configuration option on success

• string ini_set(option, value)
• sets the value of the given configuration option to a new value
• the configuration option will keep this new value during the script’s

execution and will be restored afterwards

• void ini_restore(option)
• restores a given configuration option to its original value

COMP284 Scripting Languages Lecture 12 Slide L12 – 6

Available information and Input Server variables

Server variables

The $_SERVER array stores information about the web server
and the client request

; Similar to %ENV for Perl CGI programs

’;

echo ’Remote address: ’,$_SERVER[’REMOTE_ADDR ’], ’
’;

echo ’Client browser: ’,$_SERVER[’HTTP_USER_AGENT ’],’
’;

echo ’Request method: ’,$_SERVER[’REQUEST_METHOD ’];

?>

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/server.php

Server software: Apache /2.2.22 (Fedora)

Remote address: 10.128.0.215

Client browser: Mozilla /5.0 … Chrome /41.0.2272.53 …

Request method:

See http://php.net/manual/en/reserved.variables.server.php
for a list of keys

COMP284 Scripting Languages Lecture 12 Slide L12 – 7

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/server.php
http://php.net/manual/en/reserved.variables.server.php

Available information and Input Form data

Form data

• Form data is passed to a PHP script via the three arrays:
$_POST Data from POST client requests
$_GET Data from GET client requests
$_REQUEST Combined data from POST and GET client requests

(derived from $_POST and $_GET)

; Accessing $_REQUEST is the equivalent in PHP to
using the param routine in Perl

Enter your user name:

Enter your full name:

$_REQUEST[’username’] Value entered into field with name ‘username’
$_REQUEST[’fullname’] Value entered into field with name ‘fullname’

COMP284 Scripting Languages Lecture 12 Slide L12 – 8

Available information and Input Form data

Forms in PHP: Example (1)

• Create a web-based system that asks the user to enter the URL of a file
containing bibliographic information

• Bibliographic informatiom will have the following form:
@entry{

name={Jonas Lehner},

name={ Andreas Schoknecht},

title={You only live twice },

}

@entry{

name={ Andreas Schoknecht},

name={Eva Eggeling},

title={No End in Sight?},

}

• The system should extract the names, count them, and create a table of
names and their frequency, ordered from most frequent to least frequent

COMP284 Scripting Languages Lecture 12 Slide L12 – 9

Available information and Input Form data

Forms in PHP: Example (1)

extract_names.php

The names occurring in
“,htmlspecialchars($_REQUEST[’url’]),

“
are

$extracted_names\n”;

} else {

echo <<

Enter a URL:

FORM;

}

?>

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/extract_names.php

COMP284 Scripting Languages Lecture 12 Slide L12 – 10

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/extract_names.php

Available information and Input Form data

Forms in PHP: Example (1)

extraction.php

$number) {

$table .= “

$name $number “;

}

$table = “

“.$table.”

Name	No of occur”. “rences

“;

return $table;

} }

?>
http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/extraction.php

COMP284 Scripting Languages Lecture 12 Slide L12 – 11

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/extraction.php

Available information and Input Form data

Web Applications Revisited

Select
Item

Enter
Address

Enter
Payment

Confirm
Order

App

App

App

App

App

Request

Resp
onse

Request

Resp
onse

Request

Resp
onse

Request

Resp
onse

Request

• An interaction between a user
and a server-side web application
often requires a sequence of
requests and responses

• For each request, the application
starts from scratch

• it does not maintain a state
between consecutive requests

• it does not know whether the
requests come from the same user
or different users

;
data needs to be
transferred from one execution
of the application to the next

COMP284 Scripting Languages Lecture 12 Slide L12 – 12

Available information and Input Form data

Transfer of Data: Example

• Assume for a sequence of requests we do not care whether they come
from the same user or different users

• Then hidden inputs can be used for the transfer of data from one
request / page to the next

form1.php

Name:

form2.php

Address:

“;

echo “Session name: “,session_name (),”
“;

session_regenerate_id ();

echo “Session id: “,session_id (),”
“; // changed

echo “Session name: “,session_name (),”
“; // unchanged

?>

COMP284 Scripting Languages Lecture 12 Slide L12 – 19

PHP sessions Maintain session data

Maintain session data

• bool session_start()

• resumes the current session based on a session identifier
passed via a GET or POST request, or passed via a cookie

• restores session variables and session data into $_SESSION

• the function must be executed before any other header calls
or output is produced

• $_SESSION array
• an associative array containing session variables and session data
• you are responsible for choosing keys (session variables)

and maintaining the associated values (session data)

• bool isset($_SESSION[key])
returns TRUE iff $_SESSION[key] has already been assigned a value

COMP284 Scripting Languages Lecture 12 Slide L12 – 20

PHP sessions Maintain session data

Maintain session data

• bool session_start()
• $_SESSION array
• bool isset($_SESSION[key])

\n”;

?>

COMP284 Scripting Languages Lecture 12 Slide L12 – 21

PHP sessions End a PHP session

End a PHP session

• bool session_destroy()
• destroys all of the data associated with the current session
• it does not unset any of the global variables associated with the session,

or unset the session cookie

• void session_unset()
• frees all session variables currently registered

• bool setcookie(name, value, expires, path)
• defines a cookie to be sent along with the rest of the HTTP headers
• must be sent before any output from the script
• the first argument is the name of the cookie
• the second argument is the value of the cookie
• the third argument is time the cookie expires (as a Unix timestamp), and
• the fourth argument is the parth on the server in which the cookie will be

available

COMP284 Scripting Languages Lecture 12 Slide L12 – 22

PHP sessions End a PHP session

End a PHP session

• bool session_destroy()
• destroys all of the data associated with the current session

• void session_unset()
• frees all session variables currently registered

• bool setcookie(name, value, expires, path)
• defines a cookie to be sent along with the rest of the HTTP headers

Note: Closing your web browser will also end a session
COMP284 Scripting Languages Lecture 12 Slide L12 – 23

PHP sessions Session management

More on session management

The following code tracks whether a session is active and ends the session
if there has been no activity for more then 30 minutes
if (isset($_SESSION[’LAST_ACTIVITY ’]) &&

(time() – $_SESSION[’LAST_ACTIVITY ’] > 1800)) {

// last request was more than 30 minates ago

session_destroy (); // destroy session data in storage

session_unset (); // unset session variables

if (session_id () != “” || isset($_COOKIE[session_name ()]))

setcookie(session_name (), session_id (),time () -2592000 ,’/’);

} else {

// update last activity time stamp

$_SESSION[’LAST_ACTIVITY ’] = time ();

}

The following code generates a new session identifier every 30 minutes

if (! isset($_SESSION[’CREATED ’])) {

$_SESSION[’CREATED ’] = time ();

} else if (time() – $_SESSION[’CREATED ’] > 1800) {

// session started more than 30 minates ago

session_regenerate_id(true);

$_SESSION[’CREATED ’] = time ();

}

http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes

COMP284 Scripting Languages Lecture 12 Slide L12 – 24

http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes

PHP sessions Example

PHP sessions: Example

mylibrary.php:

COMP284 Scripting Languages Lecture 12 Slide L12 – 25

PHP sessions Example

PHP sessions: Example

page1.php:

\n”;

echo “Hello visitor!
This is your page request no “;

echo count_requests ().” from this site.
\n”;

echo ’Continue |

Finish ’;

?>

finish.php:

\n”;

echo “Goodbye visitor!
\n”;

echo ’Start again ’;

?>

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/page1.php

COMP284 Scripting Languages Lecture 12 Slide L12 – 26

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/page1.php

PHP sessions Example

PHP and Cookies

Cookies can survive a session and transfer information from one session to
the next
cmylibrary.php:

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/cpage1.php
COMP284 Scripting Languages Lecture 12 Slide L12 – 27

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/cpage1.php

Authentication Overview

PHP Sessions and Authentication

• Sessions are the mechanism that is typically used to allow or deny
access to web pages based on a user having been authenticated

• Outline solution:
• We want to protect a page content.php from unauthorised use
• Before being allowed to access content.php, users must first authenticate

themselves by providing a username and password on the page login.php

• The system maintains a list of valid usernames and passwords in a database
and checks usernames and passwords entered by the user against that
database
If the check succeeds, a session variable is set

• The page content.php checks whether this session variable is set
If the session variable is set, the user will see the content of the page
If the session variable is not set, the user is redirected to login.php

• The system also provides a logout.php page to allow the user to log out again

COMP284 Scripting Languages Lecture 12 Slide L12 – 28

Authentication Example

PHP Sessions and Authentication: Example

Second part of login.php:

Login

Username:

Password:

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/login.php
COMP284 Scripting Languages Lecture 12 Slide L12 – 29

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/login.php

Authentication Example

PHP Sessions and Authentication: Example

First part of login.php:

COMP284 Scripting Languages Lecture 12 Slide L12 – 30

Authentication Example

PHP Sessions and Authentication: Example

content.php:

Protected Content

Welcome

Log Out

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/content.php

COMP284 Scripting Languages Lecture 12 Slide L12 – 31

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/content.php

Authentication Example

PHP Sessions and Authentication: Example

logout.php:

Logout

Goodbye

Login

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/logout.php

COMP284 Scripting Languages Lecture 12 Slide L12 – 32

http://cgi.csc.liv.ac.uk/~ullrich/COMP284/examples/logout.php

Authentication Example

Revision

Read

• Chapter 10: Accessing MySQL Using PHP
• Chapter 11: Form Handling
• Chapter 13: Cookies, Sessions, and Authentication
of

R. Nixon:
Learning PHP, MySQL, and JavaScript.
O’Reilly, 2009.

COMP284 Scripting Languages Lecture 12 Slide L12 – 33

Lecture 12
Web applications
Overview
HTML forms

Available information and Input
Overview
PHP environment
Server variables
Form data

PHP sessions
Start a PHP session
Maintain session data
End a PHP session
Session management
Example

Authentication
Overview
Example