Home arrow PHP arrow Page 6 - Cracking The Vault (part 1)

Start Me Up - PHP

Electronic documents are all well and good - but when you work onthem collaboratively, they can end up being more difficult to handle thanordinary pieces of paper. Multiple versions, competing standards, accesspermissions and revision history tracking are just some of the issues thatarise in a paperless office. This article discusses building and deployinga document management system across your network - and also teachesbeginnners a little bit about designing Web-based applications with PHP andmySQL in the process.

  1. Cracking The Vault (part 1)
  2. Just Another Day At The Office
  3. An Evil Plan Is Born
  4. Setting The Ground Rules
  5. Design Time
  6. Start Me Up
  7. Entry Points
  8. Seeding The System
  9. Red And Green Clouds
  10. Digging Deeper
  11. Basic Maintenance
  12. The D Word
By: Vikram Vaswani, (c) Melonfire
Rating: starstarstarstarstar / 2
May 14, 2001

print this article


With the database design out of the way, it's time to actually start creating the scripts. We'll begin at the top, with the scripts which verify the user's password. Here's the initial login form, "start.html".

<table border="0" cellspacing="5" cellpadding="5"> <form action="login.php" method="post"> <tr> <td>Username</td> <td><input type="Text" name="frmuser" size="15"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="frmpass" size="15"></td> </tr> <tr> <td colspan="2" align="center"><input type="Submit" name="submit" value="Enter"></td> </tr> </form> </table>

Here's what it looks like:

Once the form is submitted, the data is processed by "login.php", which connects to the database to verify the username and password against the "user" table.

<? // includes include("config.php"); // check login and password // connect and execute query $connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!"); $query = "SELECT id, username, password from user WHERE username = '$frmuser' AND password = PASSWORD('$frmpass')"; $result = mysql_db_query($database, $query, $connection) or die ("Error in query: $query. " . mysql_error()); // if row exists - login/pass is correct if (mysql_num_rows($result) == 1) { // initiate a session session_start(); // register the user's ID session_register("SESSION_UID"); list($id, $username, $password) = mysql_fetch_row($result); $SESSION_UID = $id; // redirect to main page header("Location:out.php"); mysql_free_result ($result); // close connection mysql_close($connection); } else // login/pass check failed { mysql_free_result ($result); mysql_close($connection); // redirect to error page header("Location: error.php?ec=0"); exit; } ?>

Assuming the username and password is correct, the script initiates a session, and registers a session variable named $SESSION_UID, containing the user's ID; this variable will remain available throughout the session, and will be used in many of the subsequent scripts. The script then redirects the browser to "out.php", which forms the main interface to the system, via an HTTP header.

A login failure will redirect the browser to the generic error handler, "error.php", with an error code indicating the type of error. I'll be using this error handler extensively, to handle the different types of errors possible.

It is important to note that calls to header() and session_start() must take place before *any* output is sent to the browser. Even something as minor as whitespace or a carriage return outside the PHP tags can cause these calls to barf all over your script.

Finally, the include()d file, "config.php", contains some useful variables - the database name, user name and password, together with the location of the data storage area and a list of allowed file types.

<? // database parameters // alter this as per your configuration $database="db35378"; $user = "mark347"; $pass = "h23590f2"; $hostname = "localhost"; // location of file repository // this should ideally be outside the Web server root // make sure the server has permissions to read/write files! $dataDir = "/data/"; // list of allowed file types $allowedFileTypes = array("image/gif", "text/html", "text/plain", "image/jpeg", "image/pjpeg", "image/png"); } ?>

This article copyright Melonfire 2001. All rights reserved.

>>> More PHP Articles          >>> More By Vikram Vaswani, (c) Melonfire

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: