Your HTML files can work as PHP scripts.

Take any HTML file you have and rename it to a PHP extension. (So for example, if your HTML file is named sales.html, rename it to sales.php).

Put sales.php on your web server and run it in your browser. You get the exact same result as you did with the HTML page. Now, for the good part.

Say you wanted to personalize one of your sales pages. Let’s call that sales.php. Now, if you had a newsletter or wanted to give this “personalized link” to someone, your visitor’s name could be added on-the-fly to your sales page.

Your link should look something like this:

http://www.your.host/sales.php?firstname=Big&lastname=Bird

Let’s try it out:

http://www.jumpx.com utorials/1/example.php?f=Myfirstname

Click that link and your name should be near the top of the page.)

In this example, yourdomain.com represents your domain name and sales.php your HTML file turned PHP script. This would be the link you could give Big Bird when you ask him to visit your sales page.

Now, edit sales.php and find where you want Big Bird’s name to appear. The first and last names are given to the script separately so you could have anything from “Hi Big Bird!” to “Dear Mr. Bird…” For simplicity let’s just stick with showing both the first and last names for now.

Insert this anywhere into your “script”:

Now try that sample link I gave you earlier on that sales page of yours. You should see the phrase “Big Bird” anywhere on your page.

Remember that you can stick this in anywhere on the page. So for example if you wanted it to say “Dear Big Bird,” you would just do this (with the comma at the end):

Dear ,

If you wanted to show only the first name, use
instead. The same applies to the last name.

If you want to go ahead and shorten the URL even further, you can even use the letters “F” and “L” instead of firstname and lastname.

For example, try this in your page:

And then use this URL (substituting with your correct URL, of course):

http://www.your.host/sales.php?f=Oscar&l=Grouch

The result is the same. I think we want our URLs to look a little better, though.

The format I used in that above example was:

http://www.your.host/sales.php?f=Big&l=Bird

Now, the problem with this is that this link looks really ugly. Another setback with this format is that anything to the right of the “?” won’t be indexed by some of the smaller search engines.

Here’s a way to change this:

http://www.your.host/sales.php?f=Firstname&l=Lastname

To this:

http://www.your.host/sales.php/f=Firstname/l=Lastname

It’s really easy. Just change your script to this:

$myvars = explode(”/”,$REQUEST_URI);
for ($i=0;$i
$holder = explode(”=”,$myvars[$i]);
${$holder[0]} = $holder[1];
}

echo “$f $l”;

?>

And in just a few lines of code, your personalized PHP script’s URL just looked a whole lot better.

I won’t bore you with the details of what that script does, but it basically chops up the URL you gave it and picks out the pieces it wants using array exploding and variable-variables.

This snippet can also be used on almost any PHP script as well. (I used this method when I coded Brian Garvin’s Lightning Track ad tracker… if you ever see a URL anywhere with “go.php/etc” in it, that’s my script.)

Hopefully we all learned something today. This mini-tutorial was brought to you by the letters “P-H-P.”

About the Author

Article by Robert Plank

Subscribe to the free opt-in newsletter “JumpX E-Magazine” for lots more PHP help.

http://www.jumpx.com/newsletter

Installment 1

Developing State-enabled Applications With PHP

When a user is browsing through a website and is surfing from one web page to another, sometimes the website needs to remember the actions (e.g. choices) performed by the user. For example, in a website that sells DVDs, the user typically browses through a list of DVDs and selects individual DVDs for check out at the end of the shopping session. The website needs to remember which DVDs the user has selected because the selected items needs to be presented again to the user when the user checks out. In other words, the website needs to remember the State - i.e. the selected items - of the user’s browsing activities.

However, HTTP is a Stateless protocol and is ill-equipped to handle States. A standard HTML website basically provides information to the user and a series of links that simply directs the user to other related web pages. This Stateless nature of HTTP allows the website to be replicated across many servers for load balancing purposes. A major drawback is that while browsing from one page to another, the website does not remember the State of the browsing session. This make interactivity almost impossible.

In order to increase interactivity, the developer can use the session handling features of PHP to augment the features of HTTP in order to remember the State of the browsing session. The are basically 2 ways PHP does this:
1. Using cookies
2. Using Sessions

The next installment discusses how to manage sessions using cookies…

Installment 2

Cookies

Cookies are used to store State-information in the browser. Browsers are allowed to keep up to 20 cookies for each domain and the values stored in the cookie cannot exceed 4 KB. If more than 20 cookies are created by the website, only the latest 20 are stored. Cookies are only suitable in instances that do not require complex session communications and are not favoured by some developers because of privacy issues. Furthermore, some users disable support for cookies at their browsers.

The following is a typical server-browser sequence of events that occur when a cookie is used:
1. The server knows that it needs to remember the State of browsing session
2. The server creates a cookie and uses the Set-Cookie header field in the HTTP response to pass the cookie to the browser
3. The browser reads the cookie field in the HTTP response and stores the cookie
4. This cookie information is passed along future browser-server communications and can be used in the PHP scripts as a variable

PHP provides a function called setcookie() to allow easy creation of cookies. The syntax for setcookie is:
int setcookie(string name, [string val], [int expiration_date], [string path], string domain, [int secure])

The parameters are:
1. name - this is a mandatory parameter and is used subsequently to identify the cookie
2. value - the value of the cookie - e.g. if the cookie is used to store the name of the user, the value parameter will store the actual name - e.g. John
3. expiration_date - the lifetime of the cookie. After this date, the cookie expires and is unusable
4. path - the path refers to the URL from which the cookie is valid and allowed
5. domain - the domain the created the cookie and is allowed to read the contents of the cookie
6. secure - specifies if the cookie can be sent only through a secure connection - e.g. SSL enable sessions

The following is an example that displays to the user how many times a specific web page has been displayed to the user. Copy the code below (both the php and the html) into a file with the .php extension and test it out.

[?php
//check if the $count variable has been associated with the count cookie
if (!isset($count)) {
$count = 0;
} else {
$count++;
}
setcookie("count", $count, time()+600, "/", "", 0);
?]

[html]
[head]
[title]Session Handling Using Cookies[/title]
[/head]
[body]
This page has been displayed: [?=$count ?] times.
[/body]
[/html]

The next installment discusses how to manage sessions using PHP session handling functions with cookies enabled…

Installment 3

PHP Session Handling - Cookies Enabled

Instead of storing session information at the browser through the use of cookies, the information can instead be stored at the server in session files. One session file is created and maintained for each user session. For example, if there are three concurrent users browsing the website, three session files will be created and maintained - one for each user. The session files are deleted if the session is explicitly closed by the PHP script or by a daemon garbage collection process provided by PHP. Good programming practice would call for sessions to be closed explicitly in the script.

The following is a typical server-browser sequence of events that occur when a PHP session handling is used:
1. The server knows that it needs to remember the State of browsing session
2. PHP generates a sssion ID and creates a session file to store future information as required by subsequent pages
3. A cookie is generated wih the session ID at the browser
4. This cookie that stores the session ID is transparently and automatically sent to the server for all subsequent requests to the server

The following PHP session-handling example accomplishes the same outcome as the previous cookie example. Copy the code below (both the php and the html) into a file with the .php extension and test it out.

[?php
//starts a session
session_start();

//informs PHP that count information needs to be remembered in the session file
if (!session_is_registered("count")) {
session_register("count");
$count = 0;
}
else {
$count++;
}

$session_id = session_id();
?]

[html]
[head]
[title]PHP Session Handling - Cookie-Enabled[/title]
[/head]
[body]
The current session id is: [?=$session_id ?]
This page has been displayed: [?=$count ?] times.
[/body]
[/html]

A summary of the functions that PHP provides for session handling are:
1. boolean start_session() - initializes a session
2. string session_id([string id]) - either returns the current session id or specify the session id to be used when the session is created
3. boolean session_register(mixed name [, mixed ...]) - registers variables to be stored in the session file. Each parameter passed in the function is a separate variable
4. boolean session_is_registered(string variable_name) - checks if a variable has been previously registered to be stored in the session file
5. session_unregister(string varriable_name) - unregisters a variable from the session file. Unregistered variables are no longer valid for reference in the session.
6. session_unset() - unsets all session variables. It is important to note that all the variables remain registered.
7. boolean session_destroy() - destroys the session. This is opposite of the start_session function.

The next installment discusses how to manage sessions using PHP session handling functions when cookies are disabled…

Installment 4

PHP Session Handling - Without Cookies

If cookies are disabled at the browser, the above example cannot work. This is because although the session file that stores all the variables is kept at the server, a cookie is still needed at the browser to store the session ID that is used to identify the session and its associated session file. The most common way around this would be to explicitly pass the session ID back to the server from the browser as a query parameter in the URL.

For example, the PHP script generates requests subsequent to the start_session call in the following format:
http://www.yourhost.com/yourphpfile.php?PHPSESSID=[actual session ID]

The following are excerpts that illustrate the discussion:

Manually building the URL:
$url = “http://www.yoursite.com/yourphppage.php?PHPSESSID=” . session_id();
[a href="[?=$url ?]“]Anchor Text[/a]

Building the URL using SID:
[a href="http://www.yoursite.com/yourphppage.php?[?=SID ?]“]Anchor Text[/a]

About the Author

This PHP scripting article is written by John L. John L is the Webmaster of The Ultimate BMW Blog! (http://www.bimmercenter.com).

The Ultimate BMW Blog!

Most interactive websites nowadays require data to be presented dynamically and interactively based on input from the user. For example, a customer may need to log into a retail website to check his purchasing history. In this instance, the website would have stored two types of data in order for the customer to perform the check – the customer’s personal login details; and the customer’s purchased items. This data can be stored in two types of storage – flat files or databases.

Flat files are only feasible in very low to low volume websites as flat files have 3 inherent weaknesses:
1.The inability to index the data. This makes it necessary to potentially read ALL the data sequentially. This is a major problem if there are a lot of records in the flat file because the time required to read the flat file is proportionate to the number of records in the flat file.
2.The inability to efficiently control access by users to the data
3.The inefficient storage of the data. In most cases, the data would not be encrypted or compressed as this would exacerbate the problem no. 1 above

The alternative which is, in my opinion, the only feasible method, is to store the data in a database. One of the most prevalent databases in use is MySQL. Data that is stored in a database can easily be indexed, managed and stored efficiently. Besides that, most databases also provide a suite of accompanying utilities that allow the database administrator to maintain the database – for example, backup and restore, etc.

Websites scripted using PHP are very well suited for the MySQL database as PHP has a custom and integrated MySQL module that communicates very efficiently with MySQL. PHP can also communicate with MySQL through the standard ODBC as MySQL is ODBC-compliant, However, this will not be as efficient as using the custom MySQL module for PHP.

The rest of this article is a tutorial on how to use PHP to:
1.Connect to a MySQL database
2.Execute standard SQL statements against the MySQL database

Starting a Session with MySQL

Before the PHP script can communicate with the database to query, insert or update the database, the PHP script will first need to connect to the MySQL server and specify which database in the MySQL server to operate on.

The mysql_connect() and mysql_select_db() functions are provided for this purpose. In order to connect to the MySQL server, the server name/address; a username; and a valid password is required. Once a connection is successful, the database needs to be specified.

The following 2 code excerpts illustrate how to perform the server connection and database selection:
@mysql_connect(”[servername]“, “[username]“, “[password]“) or die(”Cannot connect to DB!”);
@mysql_select_db(”[databasename]“) or die(”Cannot select DB!”);

The @ operator is used to suppress any error messages that mysql_connect() and mysql_select_db() functions may produce if an error occurred. The die() function is used to end the script execution and display a custom error message.

Executing SQL Statements against a MySQL database

Once the connection and database selection is successfully performed, the PHP script can now proceed to operate on the database using standard SQL statements. The mysql_query() function is used for executing standard SQL statements against the database. In the following example, the PHP script queries a table called tbl_login in the previously selected database to determine if a username/password pair provided by the user is valid.

Assumption:
The tbl_login table has 3 columns named login, password, last_logged_in. The last_logged_in column stores the time that the user last logged into the system.

// The $username and $passwd variable should rightly be set by the login form
// through the POST method. For the purpose of this example, we’re manually coding it.
$username = “john”;
$passwd = “mypassword”;

// We generate a SELECT SQL statement for execution.
$sql=”SELECT * FROM tbl_login WHERE login = ‘”.$username.”‘ AND password = ‘”.$passwd.”‘”;

// Execute the SQL statement against the currently selected database.
// The results will be stored in the $r variable.
$r = mysql_query($sql);

// After the mysql_query() command executes, the $r variable is examined to
// determine of the mysql_query() was successfully executed.
if(!$r) {
$err=mysql_error();
print $err;
exit();
}

// If everything went well, check if the query returned a result – i.e. if the username/password
// pair was found in the database. The mysql_affected_rows() function is used for this purpose.
// mysql_affected_rows() will return the number of rows in the database table that was affected
// by the last query
if(mysql_affected_rows()==0){
print “Username/password pair is invalid. Please try again.”;
}
else {

// If successful, read out the last logged in time into a $last variable for display to the user
$row=mysql_fetch_array($r);
$last=$row["last_logged_in"];
print “Login successful. You last logged in at ”.$last.”.”;

}

The above example demonstrated how a SELECT SQL statement is executed against the selected database. The same method is used to execute other SQL statements (e.g. UPDATE, INSERT, DELETE, etc.) against the database using the mysql_query() and mysql_affected_rows() functions.

About the Author

This PHP scripting article is written by John L. John L is the Webmaster of The Ultimate BMW Blog! (http://www.bimmercenter.com).

The Ultimate BMW Blog!

Developing a Login System with PHP and MySQL

Most interactive websites nowadays would require a user to log in into the website’s system in order to provide a customized experience for the user. Once the user has logged in, the website will be able to provide a presentation that is tailored to the user’s preferences.

A basic login system typically contains 3 components:
1. The component that allows a user to register his preferred login id and password
2. The component that allows the system to verify and authenticate the user when he subsequently logs in
3. The component that sends the user’s password to his registered email address if the user forgets his password

Such a system can be easily created using PHP and MySQL.

================================================================

Component 1 – Registration

Component 1 is typically implemented using a simple HTML form that contains 3 fields and 2 buttons:
1. A preferred login id field
2. A preferred password field
3. A valid email address field
4. A Submit button
5. A Reset button

Assume that such a form is coded into a file named register.html. The following HTML code excerpt is a typical example. When the user has filled in all the fields, the register.php page is called when the user clicks on the Submit button.

[form name="register" method="post" action="register.php"]
[input name="login id" type="text" value="loginid" size="20"/][br]
[input name="password" type="text" value="password" size="20"/][br]
[input name="email" type="text" value="email" size="50"/][br]
[input type="submit" name="submit" value="submit"/]
[input type="reset" name="reset" value="reset"/]
[/form]

The following code excerpt can be used as part of register.php to process the registration. It connects to the MySQL database and inserts a line of data into the table used to store the registration information.

@mysql_connect(”localhost”, “mysql_login”, “mysql_pwd”) or die(”Cannot connect to DB!”);
@mysql_select_db(”tbl_login”) or die(”Cannot select DB!”);
$sql=”INSERT INTO login_tbl (loginid, password and email) VALUES (”.$loginid.”,”.$password.”,”.$email.”)”;
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}

The code excerpt assumes that the MySQL table that is used to store the registration data is named tbl_login and contains 3 fields – the loginid, password and email fields. The values of the $loginid, $password and $email variables are passed in from the form in register.html using the post method.

================================================================

Component 2 – Verification and Authentication

A registered user will want to log into the system to access the functionality provided by the website. The user will have to provide his login id and password for the system to verify and authenticate.

This is typically done through a simple HTML form. This HTML form typically contains 2 fields and 2 buttons:
1. A login id field
2. A password field
3. A Submit button
4. A Reset button

Assume that such a form is coded into a file named authenticate.html. The following HTML code excerpt is a typical example. When the user has filled in all the fields, the authenticate.php page is called when the user clicks on the Submit button.

[form name="authenticate" method="post" action="authenticate.php"]
[input name="login id" type="text" value="loginid" size="20"/][br]
[input name="password" type="text" value="password" size="20"/][br]
[input type="submit" name="submit" value="submit"/]
[input type="reset" name="reset" value="reset"/]
[/form]

The following code excerpt can be used as part of authenticate.php to process the login request. It connects to the MySQL database and queries the table used to store the registration information.

@mysql_connect(”localhost”, “mysql_login”, “mysql_pwd”) or die(”Cannot connect to DB!”);
@mysql_select_db(”tbl_login”) or die(”Cannot select DB!”);
$sql=”SELECT loginid FROM login_tbl WHERE loginid=’”.$loginid.”’ and password=’”.$password.”’”;
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print “no such login in the system. please try again.”;
exit();
}
else{
print “successfully logged into system.”;
//proceed to perform website’s functionality – e.g. present information to the user
}

As in component 1, the code excerpt assumes that the MySQL table that is used to store the registration data is named tbl_login and contains 3 fields – the loginid, password and email fields. The values of the $loginid and $password variables are passed in from the form in authenticate.html using the post method.

================================================================

Component 3 – Forgot Password

A registered user may forget his password to log into the website’s system. In this case, the user will need to supply his loginid for the system to retrieve his password and send the password to the user’s registered email address.

This is typically done through a simple HTML form. This HTML form typically contains 1 field and 2 buttons:
1. A login id field
2. A Submit button
3. A Reset button

Assume that such a form is coded into a file named forgot.html. The following HTML code excerpt is a typical example. When the user has filled in all the fields, the forgot.php page is called when the user clicks on the Submit button.

[form name="forgot" method="post" action="forgot.php"]
[input name="login id" type="text" value="loginid" size="20"/][br]
[input type="submit" name="submit" value="submit"/]
[input type="reset" name="reset" value="reset"/]
[/form]

The following code excerpt can be used as part of forgot.php to process the login request. It connects to the MySQL database and queries the table used to store the registration information.

@mysql_connect(”localhost”, “mysql_login”, “mysql_pwd”) or die(”Cannot connect to DB!”);
@mysql_select_db(”tbl_login”) or die(”Cannot select DB!”);
$sql=”SELECT password, email FROM login_tbl WHERE loginid=’”.$loginid.”’”;
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print “no such login in the system. please try again.”;
exit();
}
else {
$row=mysql_fetch_array($r);
$password=$row["password"];
$email=$row["email"];

$subject=”your password”;
$header=”from:you@yourdomain.com”;
$content=”your password is “.$password;
mail($email, $subject, $row, $header);

print “An email containing the password has been sent to you”;
}

As in component 1, the code excerpt assumes that the MySQL table that is used to store the registration data is named tbl_login and contains 3 fields – the loginid, password and email fields. The value of the $loginid variable is passed from the form in forgot.html using the post method.

================================================================

Conclusion

The above example is to illustrate how a very basic login system can be implemented. The example can be enhanced to include password encryption and additional functionality – e.g. to allow users to edit their login information.

About the Author

Used with the author’s permission.
This article is written by daBoss. daBoss is the Webmaster of Designer Banners (http://www.designerbanners.com). daBoss can be contacted at sales (at) designerbanners (dot) com.

First off, if you read last week’s article by me (the one about site personalization in PHP), I have one addition to make to make your life a little easier. If you didn’t read last week’s article, read it. It’ll help you. You can find it here: http://jumpx.com utorials/1

Now, remember how we personalized a page for your visitor? This works fine, but what do we do if they didn’t use that special link, and just went to the page?

What I’m saying is, if you special personalized page was at http://www.your.host/sales.php/f=Oscar/l=Grouch but your visitor only went to http://www.your.host/sales.php. Instead of the name there would just be a blank spot! Last week I forgot to cover this.

All we have to do to fix it is to tell PHP that if they didn’t leave a name, to substitute one in for them. So let’s say that if they left their first name blank to make their first name “Friend”. This way instead of saying “Dear Oscar:” it would say “Dear Friend:”.

Put the following line of code JUST ABOVE THE LINE that says something similar to: echo “$f $l” :

if ($f == “”) { $f = “Friend”; }

That way, you can use your special personalized page as a normal page and no one will be the wiser.

Password protection is something you need every once in a while. Whether it’s a secret site you’re running or just the control panel of your favorite script.

Sometimes you don’t need a fancy solution like .htaccess if you’re only worrying about a single user (you). But JavaScript passwords can be worked around, and HTML-based passwords based on cookies, written in PHP are complicated and take time to write. Htaccess is nice but it’s a pain if you just want to use it for one person.

Here is a simple way to use HTTP authentication (the same you see used by htaccess) with just a few lines of code. Below are the sample contents of a file you can use.

$myusername = “myusername”;
$mypassword = “mypassword”;
$areaname = “My Protected Area”;

if ($PHP_AUTH_USER == “” || $PHP_AUTH_PW == “” || $PHP_AUTH_USER != $myusername || $PHP_AUTH_PW != $mypassword) {
header(”HTTP/1.0 401 Unauthorized”);
header(”WWW-Authenticate: Basic realm=”$areaname”");
echo ”

Authorization Required.

“;
die();
}

?>

my main text.

Last week we learned that PHP code can be integrated into your HTML. All you have to do is make sure the file ends in .php (for example, “firehydrant.php”) and it will work. Everything that comes in between this:

/* And this: */

?>

Is treated as PHP code. Everything outside of those tags is treated as plain HTML.

When copying this code over be SURE to include that last line where it says “my main text.” Note that “my main text” is located outside of the PHP code brackets. This means that where you see “my main text” can be your normal HTML file!

Take all of this code and Upload the script onto your web server and run it in the browser. You should be greeted by a password popup box similar to those you see with htaccess. Enter “myusername” as the username and “mypassword” as the password. You should be given a page that says “my main text” and nothing else.

Close your browser window (this is very important) and going back to that page. Try entering the wrong info. The box will come up again. You have three tries and then are given that dreadful “Authorization Required” message.

If you want to take the next step, go back to your code and change “myusername” and “mypassword” to a username and password of your choice. Upload it back to your web server and try again. Now go to that page again and you’ll see that you can only be let in using the username and password you chose for yourself.

Now change the part that says “My Protected Area” to something else, say “John Calder’s Bar and Grill.” Upload and try it. You’ll see when that password box comes up under “Realm” it’ll say “John Calder’s Bar and Grill.” You can change this to whatever you like.

But what if you want to password protect just a handful of files? Do you have to copy and paste this code onto PHP script after PHP script?

Hell no!

Take the code you just modified and take the last line out of it. You know, the one that said “my main text.” All you should have in there now is everything in between the PHP brackets ().

Save this file as “auth.php”. You can rename this later, on your own time.

Make a new file called “test.php” or just rename one of your normal HTML to this name. It doesn’t matter. At the very top of test.php (the VERY top, meaning the first line) copy and paste this line of code:

Upload auth.php and test.php to your web server and run test.php. Make sure both files are placed in the same folder. Now, try to go to test.php in your web browser. You’ll see that you can’t get to test.php without the right username and password. You can do this to any file with a “.php” extension just by adding that one line of code.

The catch to it is that this line of code has to be at the very top of the file. On the very first line. The reason for this is that when the script asks for a person’s username and password, these are sent using HTTP headers and *must* come before anything else.

Of course, this doesn’t take care of your secret sites or private members’ areas, where you have to deal with several logins, but that’s what htaccess is for.

While we’re on the subject of includes, one last thing before we finish up.

Includes are basically a way of absorbing other files into your script. As you saw when we included auth.php, the script read everything that was in auth.php and used it as if the contents of that file were actually there. This works with not only PHP scripts but also with other files as well.

Make a new file called “header.html”. Put anything you want in it, but I just put “This is my header
” when I did it.

Make a second file called “footer.html”. Again, go again and put anything you want in it, but I just put “This is my footer
” in.

Make a third file called “main.php.” Copy the following into it.

This is my main page

Upload all three into the same folder and run main.php. You should see the following:

This is my header
This is my main page
This is my footer

This is just a basic example of how includes can be used. But if you have a web site with several pages and the same layout… wouldn’t it be easier just to put everything above your main text in header.html and everything below that main text in footer.html? That way if you change your design you only have to edit 2 files instead of 100 or 200?

You’d think.

About the Author

Article by Robert Plank

Free PHP articles and advice.
http://www.jumpx.com/newsletter