LIS651 lecture 3 taming PHP Thomas Krichel

functions The PHP function reference is available on its web site It shows the impressive array of functions within PHP. But one of the strengths of PHP is that you can create your own functions as you please. If you recreate one of the built-in functions, your own function will have no effect.

example Stephanie Rubino was an English teacher and objects to sentences like You have ordered 1 bottles of Grosswald Pils. Let us define a function rubino_print(). It will take three arguments –a number to check for plural or singular –a word for the singular –a word for the plural

function and parameters use the keyword "function" and declare your parameters, as in: function rubino_print ($number, $singular,$plural) { if($number == 1) { print "one $singular"; } else { print "$number $plural"; }

default arguments Sometimes you want to allow a function to be called without giving all its arguments. You can do this by declaring a default value. For the previous example function thomas_need($thing='beer') { print "I need $thing\n"; } thomas_need(); // prints: I need beer thomas_need('sex'); // prints: I need sex

rubino_print using common plurals function rubino_print ($num, $sing,$plur=1) { if($num == 1) { print "one $sing"; } elseif($plur ==1) { print "$num $sing"."s"; } else { print "$num $plur"; }

return value Up until now we have just looked at the effect of a function. return is a special command that return a value. When return is used, the function is left.

rubino_print with return function rubino_print ($number, $singular,$plural) { if($number == 1) { return "one $singular"; } return "$number $plural"; } $order=rubino_print(2,"beer","beers"); print "you ordered $order\n"; // prints: you ordered 2 beers.

utility function from php.net function mysql_fetch_all($query) { if($err=mysql_error()) { return $err;} if(mysql_num_rows($r)) { while($row=mysql_fetch_array($r)) {$result[]=$row; } return $result;}} if(is_array($rows=mysql_fetch_all($query)) { // do something } else { if (! is_null($rows)) { die("Query failed!");} }

visibility of variables variables used inside a function are not visible from the outside. Example $beer="Karlsberg"; function yankeefy ($name='Sam Adams') { $beer=$name; } yankeefy(); print $beer;// prints: Karlsberg the variable inside the function is something different than the variables outside.

accessing global variables. There are two ways to change a global variable, i.e. one that is defined in the main script. One is just to call it as $GLOBAL['name'] where name is the name of the global variable. function yankeefy ($name="Sam Adams") { $GLOBAL['beer']="name"; }

brewer_quiz.php: introduction <?php $brewers=array('Großwald Brauerei','Homburger Brauhaus', 'Karlsberg Brauerei','Ponter Hausbrauerei', 'Saarfürst Merziger Brauhaus','Mettlacher Abtei-Bräu','Körpricher Landbräu','Brauerei G.A. Bruch','Neufang Brauerei','Zum Stiefel'); $form_top=" \n"; $form_submit=' '."\n"; $form_end=' ';

brewer_quiz.php: form building function build_form($answer,$comment) { print " Take the Saarland brewery challenge \n"; print $GLOBALS['form_top']; print " "; print $GLOBALS['form_submit']; print $GLOBALS['submit_check']; print $GLOBALS['form_end']; print $comment; }

brewer_quiz.php: form processing function process_form($answer,$brewers) { $r[]=$answer; foreach($brewers as $brew) { if($answer == "$brew") { $r[]=' Congradulation! This is correct! '; return $r; } $r[]=' This is a bad answer, try again! '; return $r; }

brewer_quiz.php main part if($_GET['submitted']) { $from_form=process_form($_GET['guess'],$brewers); } build_form($from_form[0],$from_form[1]) ; ?>

working with many source files Many times it is useful to split a PHP script into several files. PHP has two mechanisms. require(file) requires the to be included. If the file is not there, PHP exits with an error. include(file) includes the file.

require() and include() Both assume that you leave PHP. Thus within your included file you can write simple HTML. If you want to include PHP in your included file, you have to surround it by, just like in a PHP script. Here is an example to use include to build the basic web page.

top.html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" " $title

bottom.html <img style="border: 0pt" src=" alt="Valid XHTML 1.0!" height="31" width="88" />

validated.php <?php $title="my basic page\n"; include("top.html"); print " hello, world "; include("bottom.html"); ?>

trouble $title in the top.html is not understood as the title. It reads as $title, which means "idiot" for your web user. Even if you replace $title with $title is empty. The definition from the outer file is not seen in the included file. So you have to split into three files, and print the title in the main file. I leave that to you to figure out.

login.php & create_account.php Both require a database that has three fields –id which is an auto_increment int acting as a handle –username is the username of the account. it must be unique and this is enforced by mySQL –password is a varchar(41) because the sha1 of the password is stored. This is 40 chars long.

login.php function show_form($message) { print " $message Login Username <input type=\"text\" name=\"username\" maxlength=\"15\" value=\"$_POST[username]\" /> Password Not yet a member? Create an account ! "; }

function process_form() { $username=trim($_POST['username']); $pass=trim($_POST['pass']); $sha_pass=sha1($pass); $db=mysql_connect('localhost','krichel','laempel'); $query="SELECT * FROM beer_shop.users WHERE username='$username' AND password = '$sha_pass'"; $result=mysql_query($query); $error=mysql_error(); if($error) { return "Sorry: $query gives an error $error"; } $affected=mysql_affected_rows(); if(! ($affected)) {return "Invalid username or password";} }

login.php (end) if($_POST['submitted']) { $error=process_form(); if($error) { show_form($error); } else { $user=$_POST['username']; print " Welcome to $user "; } else { show_form(''); }

create_account.php function show_form($message) { print " $message Create Account Please complete the form below to create your account. <form action=\"$_SERVER[PHP_SELF] \" method=\"post\"> <input type=\"hidden\" name=\"submitted\" value=\"1\" /> It must be more than 5 characters and cannot be your username. ";

create_account.php Password Password <input type=\"password\" name=\"pass1\" value=\"$_POST[pass1]\"/>Confirm Password <input type=\"password\" name=\"pass2\" value=\"$_POST[pass2]\"/> The password you enter will be used to access your account. It must be more than 5 characters and cannot be your username. <input type=\"submit\" value=\"Create Account\" /> "; }

create_account.php function process_form() { $username=trim($_POST['username']); $pass1=trim($_POST['pass1']); $pass2=trim($_POST['pass2']); if(strlen($username)<6) { return "Username is too short."; } if(! ($pass1 == $pass2)) {return "Passwords do not match.";} $pass=$pass1; if($pass == $username) { return "Your username can not be your password.";

create_account.php if(strlen($pass)<6) {return "Password is too short.";} $sha_pass=sha1($pass); $db=mysql_connect('localhost','krichel','laempel'); $query="INSERT INTO beer_shop.users VALUES ('','$username','$sha_pass')"; $result=mysql_query($query); $error=mysql_error(); if($error == "Duplicate entry '$username' for key 2") { return "Sorry: Username $username is already taken, choose another."; } else {print " Thank you for registering with us! ";} } 1

create_account.php (end) if($_POST['submitted']) { $error=process_form(); if($error) { show_form($error); } else { show_form(''); }

sessions You will recall that HTTP is a stateless protocol. Each request/response is self-contained. Statefulness is crucial in Web applications. Otherwise users have to authenticate every time they access a new page. Traditionally, one way to create statefullness is to use cookies. PHP uses cookies to create a concept of its own, sessions, that makes it all very easy.

cookies A cookie is a piece of attribute/value data. A server can send cookies as value of a HTTP header Set-Cookie:. Multiple headers may be sent. When the client visits the web site again, it will send the cookie back to the server with a HTTP header Cookie:

Set-Cookie Set-Cookie: name=value; [expires= date;] [path=path;] [domain= domain] [secure] where –name= is the variable name set in the cookie –value= is the variable's value –date= is a date when the cookie expires –path= restricts the cookie to be sent only when requests to a path starting with path are made –domain= restricts the sending of the cookie to a certain domain –secure restricts transmission to https

Cookies: The browser compares the request it wants to make with the URL and the domain that sent the cookie. If the path is not set the cookie will only be sent to a request with the originating URL. If the cookie matches the request a request header of the form Cookie: name1=value1 ; name2=value2 is sent.

sessions Sessions are a feature of PHP. PHP remembers a session through a special cookie PHPSESSID. To activate the sessions, include session_start(); at the beginning of your script, before any printing has been done. One a session is active, you have a special super-global variable $_SESSION. Session data is stored in special files on wotan.

$_SESSION This is an array where you can read and set variables that you want to keep during the session. if($_SESSION[user_name]) { print "welcome $_SESSION[user_name]"; } else { // show users login form print login_form(); }

ending sessions At 9 and 39 past each hour, wotan deletes all session files that have not been changed for 24 minutes or more. If you want to remove a session yourself, you can call session_destroy() in your script.

visit.php <?php $top='<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" " <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> '; $bottom=' <img style="border: 0pt" src="/valid-xhtml10.png" alt="Valid XHTML 1.0!" height="31" width="88" /> ';

visit.php session_start(); $current=mktime(); // look at the current time if($_SESSION[last_click]) { $passed=$current-$_SESSION[last_click]; $to_print.="$passed seconds have passed since your last visit.\n"; $_SESSION[last_click]=$current; } else { $to_print="This is your first visit.\n"; $_SESSION[last_click]=$current; } print "$top\n$to_print\n$bottom"; ?>

Thank you for your attention! Please switch off machines b4 leaving!