PHP and script.aculo.us Web 2.0 Application Interfaces- P3

PHP and script.aculo.us Web 2.0 Application Interfaces- P3: script.aculo.us là một thư viện JavaScript cung cấp các hiệu ứng thị giác năng động, điều khiển giao diện người dùng, và các tính năng mạnh mẽ AJAX. Đó là những gì phụ-client PHP là phía máy chủ - mạnh mẽ, đơn giản, vui vẻ hoàn tất, và trên tất cả, PHẢI một! Theo các nhà phát triển, chúng tôi tất cả ước mơ xây dựng các ứng dụng mà người sử dụng ngay lập tức có thể rơi vào tình yêu với và nhận được hiệu quả. Đơn giản và các...
Nội dung trích xuất từ tài liệu:
PHP and script.aculo.us Web 2.0 Application Interfaces- P3 Chapter 3 Secure.php The main purpose of this file is to clean up the data to prevent SQL injections, data validations, and so on. It is important to clean the data before entering or manipulating with the server. Server-side Techniques with PHP and MySQL For any web application, this module is the basic requirement. Rarely will you find interactive web applications that do not have authentication and authorization modules. The login management system is an essential feature that we will be integrating in all the projects covered in the chapters to come. Before we get into actual PHP coding, it would be a nice idea to familiarize ourselves with the database schema. CREATE TABLE `users` ( `userID` int(11) NOT NULL auto_increment, `Username` varchar(40) NOT NULL, `Password` varchar(40) NOT NULL, PRIMARY KEY (`userID`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1; Here we have a table called users. It has userID as an auto_increment along with Username and Password. In this, userID acts as the PRIMARY KEY for the table. Username would be varchar. Password would also be varchar, and in order to protect our passwords we would also apply Message Digest 5 (MD5) or Secure Hash Algorithm (SHA) encryption techniques. In our application, we are using MD5. Let's move on to the Signup page details. Signup.php This is pretty much a simple user interface layout in HTML. It builds a simple form with two fields: Username and Password. Remember the schema? A new user enters the username and password. If everything looks fine with the system, we add the user to the table and return the values. New User. Sign Up!!! New User? Sign-up!!!! [ 50 ] Chapter 3 Username: Now let's add the PHP power to our signup.php script with the following code: Server-side Techniques with PHP and MySQL $db_found = mysql_select_db($database, $db_handle); if ($db_found) { $secure = new Secure(); $uname = $secure->clean_data($uname, $db_handle); $pword = $secure->clean_data($pword, $db_handle); $SQL = INSERT INTO users (userID,Username,password) VALUES (NULL,$uname, md5($pword)); $result = mysql_query($SQL); mysql_close($db_handle); if($result) { // start a session for the new user session_start(); $_SESSION['login'] = 1; header (Location: index.php); } else { $errorMessage =Somethign went wrong; } } else { $errorMessage = Database Not Found; } } } ?> Let's break down the code into functionality, as this helps us to understand it better. • Include the common scripts such as DBConfig.php and Secure.php. require_once 'DBConfig.php'; require_once 'Secure.php'; • Check if the data has been posted. if ($_SERVER['REQUEST_METHOD'] == 'POST') • Read the DB settings to get dbhost,dbname, dbuser, and dbpassword. $settings = DBConfig::getSettings(); • Clean the user input. $secure = new Secure(); $uname = $secure->clean_data($uname, $db_handle); $pword = $secure->clean_data($pword, $db_handle); [ 52 ] Chapter 3 • Run the INSERT query to add users and get the results. $SQL = INSERT INTO users (userID,Username,password) VALUES (NULL,$uname, md5($pword)); • If a user is added successfully, set SESSION['login'] as 1, which will tell our system that the user is logged in. We can also prompt the user with errors that were caused during operations. • Prompt the errors. $errorMessage = Database Not Found; Finally, the sign-up page should be like the screenshot that follows: Now, let's move on to the login.php page details. We have added the user successfully to our user's table. It's probably a good idea to cross-check. Fire up the web browser, open phpMyAdmin, and navigate to the user table under the books database. Alternatively, we can also check through the login.php page. Login.php Again, we are creating a simple user interface using HTML to show the user a simple form where he or she will be required to enter a username and password. Login Here!!! [ 53 ] Server-side Techniques with PHP and MySQL Already Registered? Sign-in!!! Username: Let's add some spice with the PHP power. Add the following code to the login.php file that we just created: Chapter 3 $pword = $_POST['password']; $uname = htmlspecialchars($uname); $pword = htmlspecialchars($pword); //Can also use a DBclass instead of the code below. $settings = DBConfig::getSettings(); // Get the main settings from the array we just loaded $server = $settings['dbhost']; $database = $settings['dbname']; $user_name = $settings['dbusername']; $pass_word = $settings['dbpassword']; $db_handle = mysql_connect($server, $user_name, $pass_word); $db_found = mysql_select_db($database, $db_handle); if ($db_found) { $secure = new Secure(); $uname = $secure->clean_data($uname, $db_handle); $pwor ...