1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with HTML and PHP. How to persist client’s states over requests. How to persist client’s states over requests. How to authenticate a client by using cookies or PHP sessions. How to authenticate a client by using cookies or PHP sessions. Complete Assignment 6, part 1. Complete Assignment 6, part 1. Be ready to implement your Course Project. Be ready to implement your Course Project. PHP Support for HTML and HTTP

2 PHP HTTP Parameters submitted from an HTML form can be easily retrieved. Parameters submitted from an HTML form can be easily retrieved. Different HTTP requests from the same client can be interrelated with a cookie. Different HTTP requests from the same client can be interrelated with a cookie. Session variables allow data to persist during a session, which is a succession of requests from the same client. Session variables allow data to persist during a session, which is a succession of requests from the same client. PHP Support for HTML and HTTP

3 PHP HTTP HTML Form

4 PHP HTTP HTML Form HTML Form <html> Sample HTML Form Sample HTML Form <FORM ACTION="submit_form.php" METHOD="POST" <FORM ACTION="submit_form.php" METHOD="POST" NAME = "TestForm"> NAME = "TestForm"> First Name: First Name: <INPUT TYPE="TEXT" NAME = "first_name" SIZE = "30" <INPUT TYPE="TEXT" NAME = "first_name" SIZE = "30" MAXLENGTH = "30"> MAXLENGTH = "30"> Last Name: Last Name: <INPUT TYPE="TEXT" NAME = "last_name" SIZE = "30" <INPUT TYPE="TEXT" NAME = "last_name" SIZE = "30" MAXLENGTH = "30"> MAXLENGTH = "30"> </html>

5 PHP HTTP Form Attributes ACTION = URL_of_script ACTION = URL_of_script The script specified is activated when the form is submitted. METHOD = method_for_passing_data METHOD = method_for_passing_data "GET" "GET" "POST" "POST"

6 PHP HTTP Passing HTML Parameters with Method GET The form parameters are passed as part of the URL. The form parameters are passed as part of the URL /submit_form.php?first_name=Tuan&last _name=Pham 275/submit_form.php?first_name=Tuan&last _name=Pham 275/submit_form.php?first_name=Tuan&last _name=Pham 275/submit_form.php?first_name=Tuan&last _name=Pham The length of the URL is limited (imposed by web browser and server software). The length of the URL is limited (imposed by web browser and server software). The user can see and modify the parameters. The user can see and modify the parameters.

7 PHP HTTP Passing HTML Parameters with Method POST The form parameters are passed as the HTTP Request body. The form parameters are passed as the HTTP Request body. URL: cs275/submit_form.php URL: cs275/submit_form.php cs275/submit_form.php cs275/submit_form.php HTTP Request Body: first_name=tuan&last_name=pham& HTTP Request Body: first_name=tuan&last_name=pham& Submit=search Submit=search The size of the HTTP body can be large. The size of the HTTP body can be large. The user cannot see the parameters. The user cannot see the parameters.

8 PHP HTTP Attributes of an INPUT Element ( no closing tag ) ( no closing tag ) TYPE = TYPE = "TEXT", "PASSWORD" "RADIO", "CHECKBOX" "SUBMIT", "RESET" "IMAGE", "HIDDEN" NAME = form_parameter_name NAME = form_parameter_name VALUE = initial_value VALUE = initial_value SIZE, MAXLENGTH, CHECKED SIZE, MAXLENGTH, CHECKED

9 PHP HTTP Retrieving Form Parameters $_GET or $_POST arrays can be used: $_GET or $_POST arrays can be used: <?php... $first_name = $_GET[‘first_name']; $last_name = $_GET[‘last_name'];...?> <?php... $first_name = $_POST[‘first_name']; $last_name = $_POST[‘last_name'];...?>

10 PHP HTTP Retrieving HTTP and HTML Parameters Six superglobal arrays in PHP Six superglobal arrays in PHP $_GET, $_POST - GET, POST parameters $_GET, $_POST - GET, POST parameters $_COOKIE - cookie value $_COOKIE - cookie value $_FILES - information about uploaded files $_FILES - information about uploaded files $_SERVER - information about the web server $_SERVER - information about the web server $_ENV - environment variables $_ENV - environment variables

11 PHP HTTP ACTION FILE // submit_form.php <HTML> FORM SUBMISSION FORM SUBMISSION Result of Form Submission Result of Form Submission <?php $first_name = $_POST['first_name']; $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $last_name = $_POST['last_name']; $remote_addr = $_SERVER['REMOTE_ADDR']; $remote_addr = $_SERVER['REMOTE_ADDR']; echo "First Name = $first_name "; echo "First Name = $first_name "; echo "Last Name = $last_name "; echo "Last Name = $last_name "; echo "Client IP Address = $remote_addr "; echo "Client IP Address = $remote_addr "; echo "BYE "; echo "BYE ";?> </HTML>

12 PHP HTTP ACTION FILE

13 PHP HTTP Purpose of a Cookie HTTP protocol is stateless. That is, each request is independent. HTTP protocol is stateless. That is, each request is independent. One way to interrelate HTTP requests from the same client is to use a cookie. One way to interrelate HTTP requests from the same client is to use a cookie. A cookie is a piece of information sent to a browser by a Web Server. The browser then returns that information to the Web server in the following requests. A cookie is a piece of information sent to a browser by a Web Server. The browser then returns that information to the Web server in the following requests.

14 PHP HTTP Purpose of a Cookie Cookie is one way for the web sites to “remember” the users Cookie is one way for the web sites to “remember” the users For example: A client ID, generated by the server, can be attached to the reply to the first request -> stored in a cookie A client ID, generated by the server, can be attached to the reply to the first request -> stored in a cookie The client can submit this client ID to the subsequent requests. The client can submit this client ID to the subsequent requests. The client ID may be saved in the database. The client ID may be saved in the database.

15 PHP HTTP #1234 web browser web server first request first reply subsequent request1 #1234 Passing a Cookie #1234 subsequent request2 #1234

16 PHP HTTP Some Details on a Cookie A cookie contains information about a visit to a website: A cookie contains information about a visit to a website: Cookie name and value, Cookie name and value, Expiration time in seconds, Expiration time in seconds, Server domain name and application path, and Server domain name and application path, and Whether secure HTTP (HTTPS) should be used or not. Whether secure HTTP (HTTPS) should be used or not. Cookies are stored on client machines. Cookies are stored on client machines. A cookie is normally sent automatically to the server when the client revisits the application. A cookie is normally sent automatically to the server when the client revisits the application.

17 PHP HTTP Setting cookies with PHP <?php setcookie(“client_id", “12345", time()+ 60 * 60 * 24 * 100); time()+ 60 * 60 * 24 * 100);?> setcookie() should be executed before any HTML content is sent to the browser as it is stored in the HTTP response header. setcookie() should be executed before any HTML content is sent to the browser as it is stored in the HTTP response header. In the above example, the cookie will expire after 100 days. In the above example, the cookie will expire after 100 days.

18 PHP HTTP Identifying a Client with a Cookie A client ID is generated for each new client and sent to the client with a cookie. A client ID is generated for each new client and sent to the client with a cookie. A cookie is stored on the client machine. A cookie is stored on the client machine. An existing client submits the client ID with a cookie. An existing client submits the client ID with a cookie.

19 PHP HTTP Getting a Client ID from a Cookie <?php if ($client_id = $_COOKIE[‘client_id’]) { $client_name = $client_name = get_client_name($client_id); get_client_name($client_id); print “Welcome back, $client_name"; print “Welcome back, $client_name";} else { print “Welcome, New Client"; print “Welcome, New Client";}?>

20 PHP HTTP Setting Data in a Cookie <?php $client_id = generate_client_id(); setcookie(‘client_id', $client_id, time() ); setcookie(‘client_id', $client_id, time() );?>

21 PHP HTTP Removing a cookie <?php setcookie("cookiename", "", time()-60); ?><HTML>...</HTML>

22 PHP HTTP Sessions PHP has built-in support for sessions. PHP has built-in support for sessions. A session supports persistent variables accessible by different scripts and across multiple visits to the site. A session supports persistent variables accessible by different scripts and across multiple visits to the site. Sessions are a combination of a server-side cookie and a client-side cookie, where the client-side cookie is simply a reference id to the information stored in the server-side cookie. Sessions are a combination of a server-side cookie and a client-side cookie, where the client-side cookie is simply a reference id to the information stored in the server-side cookie. A session is also closed when a browser which started the session is closed. A session is also closed when a browser which started the session is closed.

23 PHP HTTP Starting and Continuing a Session Start/resume a session Start/resume a sessionsession_start(); Session variables are in array $_SESSION. Session variables are in array $_SESSION. <?phpsession_start();.... $_SESSION[‘user_id'] = get_user_id($user_name, $password); get_user_id($user_name, $password);?><HTML>......</HTML>

24 PHP HTTP Login page using session login.php page_1 page_N session session Register session global variables for each session $ _SESSION['USER_ID'] $_SESSION['USER_NAME'] $_SESSION['USER_ROLE'] calling session_start() call session_destroy() or close the browser Check session variables

25 PHP HTTP <?session_start(); $user_id = get_user_id($_POST['login_name], $user_id = get_user_id($_POST['login_name], $_POST['password']); $_POST['password']); if ($user_id) { if ($user_id) { // the user is registered. // the user is registered. $_SESSION[‘USER_ID'] = $user_id; $_SESSION[‘USER_ID'] = $user_id; $_SESSION['USER_NAME'] = get_name($user_id); $_SESSION['USER_NAME'] = get_name($user_id); $_SESSION['USER_ROLE'] = get_role($user_id); $_SESSION['USER_ROLE'] = get_role($user_id); echo “Welcome $_SESSION['USER_NAME']”; echo “Welcome $_SESSION['USER_NAME']”; } else { } else { // If the user is not registered, // If the user is not registered, // direct her/him to the registration page. // direct her/him to the registration page. header(“Location: register_new_user.php”); header(“Location: register_new_user.php”); }?> Login Page Using a Session Variable

26 PHP HTTP <?session_start(); if ($_SESSION[‘USER_ID']) { if ($_SESSION[‘USER_ID']) { // the user is logged in. // the user is logged in } else { } else { // If the user is not logged in, // If the user is not logged in, // direct her/him to the login page. // direct her/him to the login page. header(“Location: login_user.php”); header(“Location: login_user.php”); }?> Checking Logged-In User

27 PHP HTTP Additional session functions unset($_SESSION[‘var_name’]) unset($_SESSION[‘var_name’]) Unset a session variable. isset($_SESSION[‘var_name’]) isset($_SESSION[‘var_name’]) Find out whether a session variable is set. session_id() session_id() Get and /or set current session id session_destroy() session_destroy() Destroy all data registered to a session