INTERNET APPLICATION DEVELOPMENT Practical on Sessions

During this session, we will write a script for logging a user to passwored protected system. We will create the appropriate tables to store users’ data permanently. We will use php session to store the information which is needed temporarily.

First, we should think about the table. Create the needed table. For example the following table would be sufficient for this situation: The above table can be created through php as follow: User_namePasswordName

<?php $con = mysql_connect("localhost","moh","1414"); if (!$con) { die('Could not connect: '. mysql_error()); } // Create database if you dont have one if (mysql_query("CREATE DATABASE se_DB",$con)) { echo "Database created"; } else { echo "Error creating database: ". mysql_error(); } mysql_select_db(« se_DB", $con); $sql = "CREATE TABLE users( user_name varchar(25), password varchar(15))"; name varchar(15), // Execute query mysql_query($sql,$con); mysql_query("INSERT INTO users(user_name, password, name) VALUES (‘ssss', ‘0000‘,’khalid’)"); mysql_close($con); ?>

After creating the table and insertting some data, we will start thinking about the web page which will allow the user to type his credential details. This could be as the following page: Note: we have used the form tag to pass the user name and password to the next page as stated in the action attribute. user name: password:

The log in web page The above page will send the user name and password to login.php web page. So,this page should check the submitted data. if the user name and password are correct, the user should be directed to the home page. <?php // getting the user name and password from the first page $usern= $_POST["fname"]; $pass= $_POST["fpass"]; $con = mysql_connect("localhost","moh","1414"); if (!$con) { die('Could not connect: '. mysql_error()); } mysql_select_db("project_DB", $con); // now we will select the rows from the table which have the same username and password $sql="SELECT * FROM users WHERE user_name='$usern' and password='$pass'"; $result=mysql_query($sql);

Note: if the user is legal user, we will create a session and store his name in the session to retreive it later from different page without connecting to the database again. // mysql_num_row is used to count the number of rows in the result $count=mysql_num_rows($result); // If result matched $myusern and $pass, the resultset must be 1 row if($count==1){ session_start(); // find the name of user from the result that you got from the database // we use the mysql_fetch_array() function to return the first row from the recordset as an array. $row = mysql_fetch_array($result); // store the name in the session array $_SESSION['full_name']=$row['name']; // create a key regitered in the session array to track the registered user later $_SESSION['registered']="yes"; // direct the user to the protected page. header("location:home.php"); } else { header("location:first.php"); } ?>

The protected page Now, we will create the protected web page. This page should check whether there is a session or not. If there is a session, it means that the user has registered in and it will display the page. If not it will direct the user to the first page to log in. Next practical, how to destroy the session and where? <?php session_start(); if(isset($_SESSION['registered'])) { echo « you are in protected page« ; } else header("location:first.php") ?>