COP 4610L: PHP – Part 2 Page 1 Mark Llewellyn ©COP 4610L: Applications in the EnterpriseSpring 2005Introduction to PHP – Part 2 COP 4610L: Applications in the EnterpriseSpring 2005Introduction to PHP – Part 2 School of Computer ScienceUniversity of Central FloridaInstructor : Mark [email protected] 242, 823-2790http://www.cs.ucf.edu/courses/cop4610L/spr2005COP 4610L: PHP – Part 2 Page 2 Mark Llewellyn ©Checking Your PHP Set-up• Once you get your web server (Apache) and PHP installed, the simplest way to test your installation is to create a PHP file and execute it. • Create a PHP file containing the following single line: <?php phpinfo() ?>• Save this file in the htdocs folder in Apache (there will already be some files in this folder).• Start the Apache server running and then access the PHP file through the browser with the following url:http://localhost:8080/info.phpCOP 4610L: PHP – Part 2 Page 3 Mark Llewellyn ©Execution should produce a long list of items that begins similar to the one shown.COP 4610L: PHP – Part 2 Page 4 Mark Llewellyn ©Verifying a Username and Password Using PHP• It is often the case that a private website is created which is accessible only to certain individuals. • Implementing privacy generally involves username and password verification. • In the next example, we’ll see an XHTML form that queries a user for a username and password. The fields USERNAME and PASSWORD are posted to the PHP script verify.php for verification.– For simplicity, data is not encrypted before sending it to the server.– For more information on PHP encryption functions visit: http://www.php.net/manual/en/ref.mcrypt.php.COP 4610L: PHP – Part 2 Page 5 Mark Llewellyn ©<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><!-- password.html --><!-- XHTML form sent to password.php for verification --><html xmlns = "http://www.w3.org/1999/xhtml"><head><title>Verifying a username and a password.</title><style type = "text/css">td { background-color: #DDDDDD }</style></head><body style = "font-family: arial"><p style = "font-size: 18pt"><font color=red><B> Welcome to the COP 4610 High Security WebPage </B></font><HR><p style = "font-size: 13pt">Type in your username and password below.<br /><span style = "color: #0000FF; font-size: 10pt;font-weight: bold">Note that password will be sent as plain text - encryption not used in this application</span></p> password.html – page 1COP 4610L: PHP – Part 2 Page 6 Mark Llewellyn ©<!-- post form data to password.php --><form action = "password.php" method = "post"><br /><table border = "3" cellspacing = "3" style = "height: 90px; width: 150px; font-size: 10pt" cellpadding = "1"><tr><td colspan = "3"> <strong>Username:</strong> </td></tr><tr><td colspan = "3"> <input size = "40" name = "USERNAME" style = "height: 22px; width: 115px" /> </td></tr><tr><td colspan = "3"> <strong>Password:</strong> </td></tr><tr><td colspan = "3"> <input size = "40" name = "PASSWORD" style = "height: 22px; width: 115px" type = "password" /> <br/></td></tr> <tr><td colspan = "1"><input type = "submit" name = "Enter" value = "Enter" style = "height: 23px; width: 47px" /> </td><td colspan = "2"> <input type = "submit" name = "NewUser" value = "New User" style = "height: 23px" /></td></tr></table> </form> <HR> </body> </html> password.html – page 2COP 4610L: PHP – Part 2 Page 7 Mark Llewellyn ©<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><!-- password.php --><!-- Searching a database for usernames and passwords. --><html xmlns = "http://www.w3.org/1999/xhtml"><head><?phpextract( $_POST );// check if user has left USERNAME or PASSWORD field blankif ( !$USERNAME || !$PASSWORD ) {fieldsBlank();die();}// check if the New User button was clickedif ( isset( $NewUser ) ) {// open password.txt for writing using append modeif ( !( $file = fopen( "password.txt", "a" ) ) ) {// print error message and terminate script // execution if file cannot be openedprint( "<title>Error</title></head><body>Could not open password file</body></html>" );die();} password.php – page 1COP 4610L: PHP – Part 2 Page 8 Mark Llewellyn ©// write username and password to file and call function userAddedfputs( $file, "$USERNAME,$PASSWORD\n" );userAdded( $USERNAME );}else {// if a new user is not being added, open file// for readingif ( !( $file = fopen( "password.txt", "r" ) ) ) {print( "<title>Error</title></head><body>Could not open password file</body></html>" );die();}$userVerified = 0;// read each line in file and check username and passwordwhile ( !feof( $file ) && !$userVerified ) {// read line from file$line = fgets( $file, 255 );// remove newline character from end of line$line = chop( $line );// split username and password using comma delimited string$field = split( ",", $line, 2 ); password.php – page 2COP 4610L: PHP – Part 2 Page 9 Mark Llewellyn ©// verify usernameif ( $USERNAME == $field[ 0 ] ) {$userVerified = 1;// call function checkPassword to verify user’s passwordif ( checkPassword( $PASSWORD, $field ) == true )accessGranted( $USERNAME );else wrongPassword();}}// close text filefclose( $file );// call function accessDenied if username has not been verifiedif ( !$userVerified )accessDenied();}// verify user password and return a booleanfunction checkPassword( $userpassword, $filedata ){if ( $userpassword == $filedata[ 1 ] )return true;elsereturn false;} password.php – page 3COP 4610L: PHP – Part 2 Page 10 Mark Llewellyn ©// print a message indicating the user has been addedfunction userAdded( $name ) {print( "<title>Thank You</title></head><body style = \"font-family: arial; font-size: 1em; color: blue\"> <strong>You have been added to the user list, $name. Please remember your password.<br />Enjoy the site.</strong>" );}// print a message indicating permission has been grantedfunction accessGranted( $name ) {print( "<title>Thank You</title></head><body style = \"font-family: arial;font-size: 1em; color: blue\"><strong>Permission has been granted, $name. <br />Enjoy the site.</strong>" );}// print a message indicating password is invalidfunction wrongPassword() {print( "<title>Access Denied</title></head><body style = \"font-family: arial;