Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

Published byJoanna Walton Modified over 8 years ago

Similar presentations

Presentation on theme: "12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features."— Presentation transcript:

1 12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features

2 2 Learning Objectives Track sessions Use cookies Secure a MySQL/PHP application Example 12/3/2012ISC329 Isabelle Bichindaritz

3  HTTP is a stateless protocol – it cannot maintain the state between two transactions.  When a user requests a page following another one, HTTP does not track whether both pages come from the same user (they are independent).  Session tracking allows to track a user during a transaction spannign several pages.  Ex: login  choose products  checkout in a shopping cart application. Tracking Sessions 12/3/2012ISC329 Isabelle Bichindaritz3

4  A PHP session has:  A unique session ID  A cryptographically random number.  Session variables associated with it.  The session ID is generated by PHP and stored on the client side during all the lifetime of a session.  The session ID can either be stored on the client computer in a cookie or passed through URLs.  A session ends:  When the user closes it or the browser client is closed.  After a predefined time specified in php.ini file. Tracking Sessions 12/3/2012ISC329 Isabelle Bichindaritz4

5  Implementing a session:  Start a session session_start(); (sessions can also be started automatically if PHP sets-up that way)  Register session variables $_SESSION[‘var_name’] = 42;  Use session variables if (isset($_SESSION[‘var_name’] )) …  Deregister variables unset($_SESSION[‘var_name’] ); $_SESSION = array()(;  Destroy the session session_destroy(); Tracking Sessions 12/3/2012ISC329 Isabelle Bichindaritz5

6 <?php session_start(); $_SESSION['sess_var'] = "Hello world!"; echo 'The content of $_SESSION[\'sess_var\'] is '.$_SESSION['sess_var'].' '; ?> Next page Tracking Sessions 12/3/2012ISC329 Isabelle Bichindaritz6

7 <?php session_start(); echo 'The content of $_SESSION[\'sess_var\'] is '.$_SESSION['sess_var'].' '; unset($_SESSION['sess_var']); ?> Next page Tracking Sessions 12/3/2012ISC329 Isabelle Bichindaritz7

8 <?php session_start(); echo 'The content of $_SESSION[\'sess_var\'] is '.$_SESSION['sess_var'].' '; session_destroy(); ?> Tracking Sessions 12/3/2012ISC329 Isabelle Bichindaritz8

9  A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about the client during and between browsing sessions.  A server can access only the cookies that it has placed on the client.  Function setcookie takes the name of the cookie to be set as the first argument, followed by the value to be stored in the cookie.  The optional third argument indicates the expiration date of the cookie.  If no expiration date is specified, the cookie lasts only until the end of the current session—that is, when the user closes the browser. This type of cookie is known as a session cookie, while one with an expiration date is a persistent cookie. Using Cookies 12/3/2012ISC329 Isabelle Bichindaritz9

10 If only the name argument is passed to function setcookie, the cookie is deleted from the client’s computer. Cookies defined in function setcookie are sent to the client at the same time as the information in the HTTP header; therefore, setcookie needs to be called before any other output PHP creates the superglobal array $_COOKIE, which contains all the cookie values indexed by their names, similar to the values stored in array $_POST when an HTML5 form is posted Using Cookies 12/3/2012ISC329 Isabelle Bichindaritz10

11 12/3/2012ISC329 Isabelle Bichindaritz11

12 ISC329 Isabelle Bichindaritz 12/3/201212

13 12/3/2012ISC329 Isabelle Bichindaritz13

14 12/3/2012ISC329 Isabelle Bichindaritz14

15 12/3/2012ISC329 Isabelle Bichindaritz15

16 12/3/2012ISC329 Isabelle Bichindaritz16

17 12/3/2012ISC329 Isabelle Bichindaritz17

18 ©1992-2012 by Pearson Education, Inc. All Rights Reserved.

19

20  Authentication  Authentication / access control with session control. Start a session with a login screen and pass on the authorized user in SESSION variables.  Apache’s basic authentication mod_auth checks against name-password pairs on a server file (.htaccess)  MySQL authentication mod-auth_mysql checks against name-password pairs in a MySQL database Security Features 12/3/2012ISC329 Isabelle Bichindaritz20

21  Encryption  Password encryption crypt($password) MD5($password) sha-1($password) (Secure Hash with 40 characters)  Secure Sockets Layers (SSL) to secure communications between servers and browsers over the Internet PGP GPG (http://www.gnupgp.org) Security Features 12/3/2012ISC329 Isabelle Bichindaritz21

22  Code security  Value checking  SQL injection prevention – escape strings sent to database server mysql_escape_string, mysqli::real_escape_string, mysqli_real_escape_string Security Features 12/3/2012ISC329 Isabelle Bichindaritz22

23  The Dreamhome Staff Management application lets users:  List the staff working at a branch  Add staff  Update staff information  Delete staff.  http://moxie.cs.oswego.edu/~bichinda/drea mhome/login.php (username: Brand, password: SG5) http://moxie.cs.oswego.edu/~bichinda/drea mhome/login.php Dreamhome Staff Management 12/3/2012ISC329 Isabelle Bichindaritz23

24  Files:  login.php (login)  dreamhome.php (general menu)  branch.php (list of staff per branch)  add.php (add staff interface)  add-staff.php (add staff to the database)  delete.php (delete staff interface)  delete-staff.php (delete staff from the database)  update.php (update staff interface)  update-staff.php (update staff from the database)  logout.php (logout)  functions.php (all functions called by the other pages) Dreamhome Staff Management 12/3/2012ISC329 Isabelle Bichindaritz24

25 Dreamhome Staff Management 12/3/2012ISC329 Isabelle Bichindaritz25 login.phpdreamhome.phpbranch.phpadd.php add- staff.php update.php update- staff.php delete.php delete- staff.php

26  Two types of applications  Applications allowing users to search through a database without requiring them to login  dhBranchStaff.html (or dhBranch.php) and dhBranchStaff.php  Applications requiring users to login and/or allowing them to search / add / delete / update the database  Dreamhome staff management system (dreamhome.zip from Angel) by selecting the features useful for the application. Templates 12/3/2012ISC329 Isabelle Bichindaritz26

Download ppt "12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features."

Similar presentations

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
THREE KINGS MANAGEMENT SYSTEM Kelvin Canela Care Bear Inc.

THREE KINGS MANAGEMENT SYSTEM Kelvin Canela Care Bear Inc.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
©2009 Justin C. Klein Keane PHP Code Auditing Session 7 Sessions and Cookies Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 7 Sessions and Cookies Justin C. Klein Keane
Chapter 10 Managing State Information PHP Programming with MySQL.

Chapter 10 Managing State Information PHP Programming with MySQL.
Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.

Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Objectives Learn about state information

Objectives Learn about state information
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
PHP Hypertext PreProcessor. Documentation Available www.php.netwww.w3schools.com SAMS books O’Reilly Books.

PHP Hypertext PreProcessor. Documentation Available SAMS books O’Reilly Books.
JavaScript, Fourth Edition

JavaScript, Fourth Edition
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.

Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.

Similar presentations

Ads by Google