First off, if you read last week’s article by me (the one about site personalization in PHP), I have one addition to make to make your life a little easier. If you didn’t read last week’s article, read it. It’ll help you. You can find it here: http://jumpx.com utorials/1

Now, remember how we personalized a page for your visitor? This works fine, but what do we do if they didn’t use that special link, and just went to the page?

What I’m saying is, if you special personalized page was at http://www.your.host/sales.php/f=Oscar/l=Grouch but your visitor only went to http://www.your.host/sales.php. Instead of the name there would just be a blank spot! Last week I forgot to cover this.

All we have to do to fix it is to tell PHP that if they didn’t leave a name, to substitute one in for them. So let’s say that if they left their first name blank to make their first name “Friend”. This way instead of saying “Dear Oscar:” it would say “Dear Friend:”.

Put the following line of code JUST ABOVE THE LINE that says something similar to: echo “$f $l” :

if ($f == “”) { $f = “Friend”; }

That way, you can use your special personalized page as a normal page and no one will be the wiser.

Password protection is something you need every once in a while. Whether it’s a secret site you’re running or just the control panel of your favorite script.

Sometimes you don’t need a fancy solution like .htaccess if you’re only worrying about a single user (you). But JavaScript passwords can be worked around, and HTML-based passwords based on cookies, written in PHP are complicated and take time to write. Htaccess is nice but it’s a pain if you just want to use it for one person.

Here is a simple way to use HTTP authentication (the same you see used by htaccess) with just a few lines of code. Below are the sample contents of a file you can use.

$myusername = “myusername”;
$mypassword = “mypassword”;
$areaname = “My Protected Area”;

if ($PHP_AUTH_USER == “” || $PHP_AUTH_PW == “” || $PHP_AUTH_USER != $myusername || $PHP_AUTH_PW != $mypassword) {
header(”HTTP/1.0 401 Unauthorized”);
header(”WWW-Authenticate: Basic realm=”$areaname”");
echo ”

Authorization Required.

“;
die();
}

?>

my main text.

Last week we learned that PHP code can be integrated into your HTML. All you have to do is make sure the file ends in .php (for example, “firehydrant.php”) and it will work. Everything that comes in between this:

/* And this: */

?>

Is treated as PHP code. Everything outside of those tags is treated as plain HTML.

When copying this code over be SURE to include that last line where it says “my main text.” Note that “my main text” is located outside of the PHP code brackets. This means that where you see “my main text” can be your normal HTML file!

Take all of this code and Upload the script onto your web server and run it in the browser. You should be greeted by a password popup box similar to those you see with htaccess. Enter “myusername” as the username and “mypassword” as the password. You should be given a page that says “my main text” and nothing else.

Close your browser window (this is very important) and going back to that page. Try entering the wrong info. The box will come up again. You have three tries and then are given that dreadful “Authorization Required” message.

If you want to take the next step, go back to your code and change “myusername” and “mypassword” to a username and password of your choice. Upload it back to your web server and try again. Now go to that page again and you’ll see that you can only be let in using the username and password you chose for yourself.

Now change the part that says “My Protected Area” to something else, say “John Calder’s Bar and Grill.” Upload and try it. You’ll see when that password box comes up under “Realm” it’ll say “John Calder’s Bar and Grill.” You can change this to whatever you like.

But what if you want to password protect just a handful of files? Do you have to copy and paste this code onto PHP script after PHP script?

Hell no!

Take the code you just modified and take the last line out of it. You know, the one that said “my main text.” All you should have in there now is everything in between the PHP brackets ().

Save this file as “auth.php”. You can rename this later, on your own time.

Make a new file called “test.php” or just rename one of your normal HTML to this name. It doesn’t matter. At the very top of test.php (the VERY top, meaning the first line) copy and paste this line of code:

Upload auth.php and test.php to your web server and run test.php. Make sure both files are placed in the same folder. Now, try to go to test.php in your web browser. You’ll see that you can’t get to test.php without the right username and password. You can do this to any file with a “.php” extension just by adding that one line of code.

The catch to it is that this line of code has to be at the very top of the file. On the very first line. The reason for this is that when the script asks for a person’s username and password, these are sent using HTTP headers and *must* come before anything else.

Of course, this doesn’t take care of your secret sites or private members’ areas, where you have to deal with several logins, but that’s what htaccess is for.

While we’re on the subject of includes, one last thing before we finish up.

Includes are basically a way of absorbing other files into your script. As you saw when we included auth.php, the script read everything that was in auth.php and used it as if the contents of that file were actually there. This works with not only PHP scripts but also with other files as well.

Make a new file called “header.html”. Put anything you want in it, but I just put “This is my header
” when I did it.

Make a second file called “footer.html”. Again, go again and put anything you want in it, but I just put “This is my footer
” in.

Make a third file called “main.php.” Copy the following into it.

This is my main page

Upload all three into the same folder and run main.php. You should see the following:

This is my header
This is my main page
This is my footer

This is just a basic example of how includes can be used. But if you have a web site with several pages and the same layout… wouldn’t it be easier just to put everything above your main text in header.html and everything below that main text in footer.html? That way if you change your design you only have to edit 2 files instead of 100 or 200?

You’d think.

About the Author

Article by Robert Plank

Free PHP articles and advice.
http://www.jumpx.com/newsletter

There are many different traffic analysis tools, ranging from simple counters to complete traffic analyzers. Although there are some free ones, most of them come with a price tag. Why not do it yourself? With PHP, you can easily create a log file within minutes. In this article I will show you how!

Getting the information
The most important part is getting the information from your visitor. Thankfully, this is extremely easy to do in PHP (or any other scripting language for that matter). PHP has a special global variable called $_SERVER which contains several environment variables, including information about your visitor. To get all the information you want, simply use the following code:

// Getting the information
$ipaddress = $_SERVER['REMOTE_ADDR'];
$page = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}";
$page .= iif(!empty($_SERVER['QUERY_STRING']), "?{$_SERVER['QUERY_STRING']}", "");
$referrer = $_SERVER['HTTP_REFERER'];
$datetime = mktime();
$useragent = $_SERVER['HTTP_USER_AGENT'];
$remotehost = @getHostByAddr($ipaddress);

As you can see the majority of information comes from the $_SERVER variable. The mktime() (http://nl2.php.net/mktime) and getHostByAddr() (http://nl2.php.net/manual/en/function.gethostbyaddr.php) functions are used to get additional information about the visitor.

Note: I used a function in the above example called iif(). You can get this function at http://www.phpit.net/code/iif-function.

Logging the information
Now that you have all the information you need, it must be written to a log file so you can later look at it, and create useful graphs and charts. To do this you need a few simple PHP function, like fopen (http://www.php.net/fopen) and fwrite (http://www.php.net/fwrite).

The below code will first create a complete line out of all the information. Then it will open the log file in “Append” mode, and if it doesn’t exist yet, create it.

If no errors have occurred, it will write the new logline to the log file, at the bottom, and finally close the log file again.

// Create log line
$logline = $ipaddress . '|' . $referrer . '|' . $datetime . '|' . $useragent . '|' . $remotehost . '|' . $page . "
";

// Write to log file:
$logfile = '/some/path/to/your/logfile.txt';

// Open the log file in "Append" mode
if (!$handle = fopen($logfile, 'a+')) {
die("Failed to open log file");
}

// Write $logline to our logfile.
if (fwrite($handle, $logline) === FALSE) {
die("Failed to write to log file");
}

fclose($handle);

Now you’ve got a fully function logging module. To start tracking visitors on your website simply include the logging module into your pages with the include() function (http://www.php.net/include):

include ('log.php');

Okay, now I want to view my log file
After a while you’ll probably want to view your log file. You can easily do so by simply using a standard text editor (like Notepad on Windows) to open the log file, but this is far from desired, because it’s in a hard-to-read format.

Let’s use PHP to generate useful overviews for is. The first thing that needs to be done is get the contents from the log file in a variable, like so:

// Open log file
$logfile = "G:projectsphpitcontentrack your visitors using phplog.txt";

if (file_exists($logfile)) {

$handle = fopen($logfile, "r");
$log = fread($handle, filesize($logfile));
fclose($handle);
} else {
die ("The log file doesn't exist!");
}

Now that the log file is in a variable, it’s best if each logline is in a separate variable. We can do this using the explode() function (http://www.php.net/explode), like so:

// Seperate each logline
$log = explode("
", trim($log));

After that it may be useful to get each part of each logline in a separate variable. This can be done by looping through each logline, and using explode again:

// Seperate each part in each logline
for ($i = 0; $i < count($log); $i++) {
$log[$i] = trim($log[$i]);
$log[$i] = explode('|', $log[$i]);
}

Now the complete log file has been parsed, and we’re ready to start generating some interesting stuff.

The first thing that is very easy to do is getting the number of pageviews. Simply use count() (http://www.phpit.net/count) on the $log array, and there you have it;

echo count($log) . " people have visited this website.";

You can also generate a complete overview of your log file, using a simple foreach loop and tables. For example:

// Show a table of the logfile
echo '<table>';
echo '<th>IP Address</th>';
echo '<th>Referrer</th>';
echo '<th>Date</th>';
echo '<th>Useragent</th>';
echo '<th>Remote Host</th>';

foreach ($log as $logline) {
echo '<tr>';

echo '<td>' . $logline['0'] . '</td>';
echo '<td>' . urldecode($logline['1']) . '</td>';
echo '<td>' . date('d/m/Y', $logline['2']) . '</td>';
echo '<td>' . $logline['3'] . '</td>';
echo '<td>' . $logline['4'] . '</td>';

echo '</tr>';

}

echo '</table>';

You can also use custom functions to filter out search engines and crawlers. Or create graphs using PHP/SWF Charts (http://www.maani.us/charts/index.php). The possibilities are endless, and you can do all kinds of things!

In Conclusion…
In this article I have shown you have to create a logging module for your own PHP website, using nothing more than PHP and its built-in functions. To view the log file you need to parse it using PHP, and then display it in whatever way you like. It is up to you to create a kick-ass traffic analyzer.

If you still prefer to use a pre-built traffic analyzer, have a look at http://www.hotscripts.com.

About the Author

Dennis Pallett is a young tech writer, with much experience in ASP, PHP and other web technologies. He enjoys writing, and has written several articles and tutorials. To find more of his work, look at his websites: http://www.phpit.net, http://www.aspit.net and http://www.ezfaqs.com

Introduction
Cookies have long been used in PHP scripts, and are a very useful function. But what exactly are cookies? Maybe you have used then, but you still don’t know exactly what they are. Or you are completely new to cookies? It doesn’t matter, because in this tutorial I will show you exactly what cookies are, and what they are used for.

Cookies in a nutshell
Cookies are small pieces of information that is stored on the computer of your visitors. Each browser handles it differently, but most simply store the information in a small text file. Internet Explorer has a special folder, which can be found in your C:Windows or C:WindowsSystem32 folder. You can delete all your cookies, by going to the Options and ‘Clearing Cookies’ or deleting them by hand. I don’t recommend this though.

Almost every website uses cookies. If you go to Amazon.com, you will get several cookies. The same goes for CNN.com. Even Google uses cookies! They are extremely useful for (temporarily) storing information. For example, if you have a login system for your visitors, you could save their userid and password (very heavily encrypted!) so they are automatically logged in the next time they visit your website.

Or you could remember their last visit, and highlight everything that is new. And that’s just the beginning.

Using Cookies
Using cookies in PHP is extremely easy. In fact, there is nothing to it, because of PHP’s inbuilt setcookie() function. Have a look at the documentation, and then try the following example:

<?php

// Set a cookie
// Cookie name: name
// Cookie value: Dennis Pallett
// Cookie expire: in 24 hours

setcookie (’name’, ‘Dennis Pallett’, time() + (60*60*24));
?>

If you run the code above, then a cookie will be set. That’s all. The cookie name and value are pretty obvious. The cookie expire is when the cookie expires, or goes away. Simply use the time() function and add the number of seconds you want to have the cookie available to it. In the example I added 60*60*24=86400 seconds, or 24 hours.

If you have looked at the documentation, you probably noticed there are additional arguments. As the documentation says, the path is to limit a cookie to a specific path on your web server. This is often used when you run multiple instances of the same script in separate directories. You can safely omit this argument when it doesn’t matter if the cookie is available site-wide.

There is also the domain argument. This can be used to limit the cookie to a specific sub-domain, e.g. test.example.com. You can also safely ignore this argument, or set it to .example.com (note the beginning period, this is essential!).

Finally, there is also the secure argument. This argument is only used for cookies that are sent over a secure HTTPS connection (SSL). Just ignore this argument, unless you’re working with a secure connection.

One thing that should be mentioned is that cookies must be set, before you display any HTML/text. It’s probably best if you turn on output buffering by putting ob_start() at the top of your page.

Now that you have set a cookie, you probably want to retrieve the value as well. After all, that is the whole point of using cookies. Thankfully, as PHP is ever so easy, you can retrieve the same way as you retrieve a GET value. See the following example to retrieve the value of the previous example:

<?php
echo ‘Your name is ‘ . $_COOKIE['name'];
?>

This should print “Your name is Dennis Pallett”. There’s nothing more to it. It’s just that easy!

Finally, one thing you probably want to do as well is remove cookies. This is as easy as setting them. Simply change the value of the cookie to FALSE, and change the expire date to -3000 seconds. See the following example:

<?php
setcookie (’name’, FALSE, time()-1000);
?>

Checking if cookies are enabled
Before you start using cookies, you must make sure your visitor has cookies enabled. This can be done with a simply PHP checking script. Unfortunately, the PHP page needs to reload to check for cookies. But this can be done very transparently, and your visitor should hardly notice anything.

The following example will first set a test cookie, then reload the page, and finally check whether cookies are enabled.

<?php
error_reporting (E_ALL ^ E_WARNING ^ E_NOTICE);

// Check if cookie has been set or not
if ($_GET['set'] != ‘yes’) {
// Set cookie
setcookie (’test’, ‘test’, time() + 60);

// Reload page
header (”Location: checkcookies.php?set=yes”);
} else {
// Check if cookie exists
if (!empty($_COOKIE['test'])) {
echo “Cookies are enabled on your browser”;
} else {
echo “Cookies are <b>NOT</b> enabled on your browser”;
}
}
?>

Run the code above, and see what the output is. Check if cookies are enabled in your browser. If they’re not enabled, then you can enable them by going to your browser’s options. Unfortunately, this is different from each browser, so I can’t give you exact instructions. But Google can.

Storing Arrays
One feature of cookies that is often missed in articles is the ability to story arrays. Cookies can be used to store multi-dimensional arrays, which can be extremely useful to store data.

Consider the following code;

<?php
setcookie (”name[first]“, “Dennis”, time() + (60*60*24));
setcookie (”name[last]“, “Pallett”, time() + (60*60*24));
?>

You can then display these two cookies using the following code:

<?php
echo “First Name: ” . $_COOKIE['name']['first'];
echo “<br />Last Name: ” . $_COOKIE['name']['last'];
?>

The cookie ‘name’ is an array, and has multiple values. You can even go deeper and have multi-dimensional arrays, e.g. $_COOKIE['name']['test']['something']['value']. You could store whole arrays of data in cookies. But beware that you don’t store too much data, there are certain size limits to cookies.

In Conclusion…
Cookies are really versatile, and can be used for a lot of different purposes. Many websites use cookies, and cookies can really make your website more personalized. Using cookies in PHP isn’t hard at all, and you should be able to use them without any difficulty.

Before actively using cookies in your website, you must check whether the visitor has enabled them in their browser. If they don’t have cookies enabled, you must either redirect to a non-cookies version of your website, or you can make sure your website also works without cookies.

You can download a sample script at http://www.phpit.net/demo/php%20and%20cookies/logger.zip, where cookies are used in a (somewhat) practical way. In this example, there is a logging module, called log.php and a display module, called history.php. Basically, you include the log.php in other PHP pages, and then you can view history.php to lookup all the pages you have viewed and how often. The example uses arrays, and stores them in cookies.

The examples in this article can be downloaded at http://www.phpit.net/demo/php%20and%20cookies/examples.zip.

If you have a really unique practical way of using cookies, please let me know at dennis [AT] nocertainty [DOT] com. I’d really like to hear about interesting ways of using cookies.

About the Author

Dennis Pallett is a young tech writer, with much experience in ASP, PHP and other web technologies. He enjoys writing, and has written several articles and tutorials. To find more of his work, look at his websites at http://www.phpit.net, http://www.aspit.net and http://www.ezfaqs.com

by Dennis Pallett
What are Regular Expressions?
A regular expression is a pattern that can match various text strings. Using regular expressions you can find (and replace) certain text patterns, for example “all the words that begin with the letter A” or “find only telephone numbers”. Regular expressions are often used in validation classes, because they are a really powerful tool to verify e-mail addresses, telephone numbers, street addresses, zip codes, and more.

In this tutorial I will show you how regular expressions work in PHP, and give you a short introduction on writing your own regular expressions. I will also give you several example regular expressions that are often used.
Regular Expressions in PHP
Using regex (regular expressions) is really easy in PHP, and there are several functions that exist to do regex finding and replacing. Let’s start with a simple regex find.

Have a look at the documentation of the preg_match function. As you can see from the documentation, preg_match is used to perform a regular expression. In this case no replacing is done, only a simple find. Copy the code below to give it a try.

<?php

// Example string
$str = "Let's find the stuff <bla>in between</bla> these two previous brackets";

// Let's perform the regex
$do = preg_match("/<bla>(.*)</bla>/", $str, $matches);

// Check if regex was successful
if ($do = true) {
// Matched something, show the matched string
echo htmlentities($matches['0']);

// Also how the text in between the tags
echo '<br />' . $matches['1'];
} else {
// No Match
echo "Couldn't find a match";
}

?>

After having run the code, it’s probably a good idea if I do a quick run through the code. Basically, the whole core of the above code is the line that contains the preg_match. The first argument is your regex pattern. This is probably the most important. Later on in this tutorial, I will explain some basic regular expressions, but if you really want to learn regular expression then it’s best if you look on Google for specific regular expression examples.

The second argument is the subject string. I assume that needs no explaining. Finally, the third argument can be optional, but if you want to get the matched text, or the text in between something, it’s a good idea to use it (just like I used it in the example).
The preg_match function stops after it has found the first match. If you want to find ALL matches in a string, you need to use the preg_match_all function. That works pretty much the same, so there is no need to separately explain it.

Now that we’ve had finding, let’s do a find-and-replace, with the preg_replace function. The preg_replace function works pretty similar to the preg_match function, but instead there is another argument for the replacement string. Copy the code below, and run it.

<?php

// Example string
$str = "Let's replace the <bla>stuff between</bla> the bla brackets";

// Do the preg replace
$result = preg_replace ("/<bla>(.*)</bla>/", "<bla>new stuff</bla>", $str);

echo htmlentities($result);
?>

The result would then be the same string, except it would now say ‘new stuff’ between the bla tags. This is of course just a simple example, and more advanced replacements can be done.

You can also use keys in the replacement string. Say you still want the text between the brackets, and just add something? You use the $1, $2, etc keys for those. For example:

<?php

// Example string
$str = "Let's replace the <bla>stuff between</bla> the bla brackets";

// Do the preg replace
$result = preg_replace ("/<bla>(.*)</bla>/", "<bla>new stuff (the old: $1)</bla>", $str);

echo htmlentities($result);
?>

This would then print “Let’s replace the new stuff (the old: stuff between) the bla brackets”. $2 is for the second “catch-all”, $3 for the third, etc.

That’s about it for regular expressions. It seems very difficult, but once you grasp it is extremely easy yet one of the most powerful tools when programming in PHP. I can’t count the number of times regex has saved me from hours of coding difficult text functions.

An Example
What would a good tutorial be without some real examples? Let’s first have a look at a simple e-mail validation function. An e-mail address must start with letters or numbers, then have a @, then a domain, ending with an extension. The regex for that would be something like this: ^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$

Let me quickly explain that regex. Basically, the first part says that it must all be letters or numbers. Then we get the @, and after that there should be letters and/or numbers again (the domain). Finally we check for a period, and then for an extension. The code to use this regex looks like this:

<?php

// Good e-mail
$good = "john@example.com";

// Bad e-mail
$bad = "blabla@blabla";

// Let's check the good e-mail
if (preg_match("/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$/", $good)) {
echo "Valid e-mail";
} else {
echo "Invalid e-mail";
}

echo '<br />';

// And check the bad e-mail
if (preg_match("/^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$/", $bad)) {
echo "Valid e-mail";
} else {
echo "Invalid e-mail";
}

?>

The result of this would be “Valid E-mail. Invalid E-mail”, of course. We have just checked if an e-mail address is valid. If you wrap the above code in a function, you’ve got yourself a e-mail validation function. Keep in mind though that the regex isn’t perfect: after all, it doesn’t check whether the extension is too long, does it? Because I want to keep this tutorial short, I won’t give the full fledged regex, but you can find it easily via Google.

Another Example
Another great example would be a telephone number. Say you want to verify telephone numbers and make sure they were in the correct format. Let’s assume you want the numbers to be in the format of xxx-xxxxxxx. The code would look something like this:

<?php

// Good number
$good = "123-4567890";

// Bad number
$bad = "45-3423423";

// Let's check the good number
if (preg_match("/d{3}-d{7}/", $good)) {
echo "Valid number";
} else {
echo "Invalid number";
}

echo '<br />';

// And check the bad number
if (preg_match("/d{3}-d{7}/", $bad)) {
echo "Valid number";
} else {
echo "Invalid number";
}

?>

The regex is fairly simple, because we use d. This basically means “match any digit” with the length behind it. In this example it first looks for 3 digits, then a ‘-’ (hyphen) and finally 7 digits. Works perfectly, and does exactly what we want.

What exactly is possible with Regular Expressions?
Regular expressions are actually one of the most powerful tools in PHP, or any other language for that matter (you can use it in your mod_rewrite rules as well!). There is so much you can do with regex, and we’ve only scratched the surface in this tutorial with some very basic examples.

If you really want to dig into regex I suggest you search on Google for more tutorials, and try to learn the regex syntax. It isn’t easy, and there’s quite a steep learning curve (in my opinion), but the best way to learn is to go through a lot of examples, and try to translate them in plain English. It really helps you learn the syntax.

In the future I will dedicate a complete article to strictly examples, including more advanced ones, without any explanation. But for now, I can only give you links to other tutorials:
The 30 Minute Regex Tutorial
Regular-Expressions.info

About the Author

Dennis Pallett is a young tech writer, with much experience in ASP, PHP and other web technologies. He enjoys writing, and has written several articles and tutorials. To find more of his work, look at his websites at http://www.phpit.net, http://www.aspit.net and http://www.webdev-articles.com

using include files
Include files

This tutorial shows how to use the include() function.

The include() function can be used to call an external file from your server or even a different server.

Syntax

The general syntax for a basic include is as follows

<?php include(”otherfile.txt”); ?>

This includes a file called otherfile.txt from the same directory on your server.

You can also use it like this

<?php include(”http//www.myothersite/otherfile.txt”); ?>

This means you can share the same file on more than one site .

Advantages

Well the advantages are obvious if you are site is growing. Imagine you have a site with 50 pages and you have designed a nice
navigation area but you have forgotten a download link. This would require 50 changes to your site but using an template with an
include file you would change the include file content and all the other pages would be updated