INTRODUCTION to PHP and Mysql LEE OFFICE SUPPLIES LOGIN SYSTEM

INTRODUCTION TO PHP AND MySQL – LEE OFFICE SUPPLIES –LOGIN SYSTEM

For this exercise, you will use the MySQL database already created for you on the Department’s web server. The MySQL database is called LeeOfficeSupplies.

Providing websites with login systems requiring usernames and passwords is a popular application of server-side scripting.

The starting point for this project is to create a simple MySQL table that can store user details. We will add this table to the LeeOfficeSupplies database – calling the table Users.

Here is some sample data:

Database: LeeOfficeSupplies Table: Users UserID FirstNa LastName Usernam Password Email me e UID00 Helen Troy HelenT Planet10 HT@somewhere. 1 com UID00 Shekha Chopra Shekhar 123Wate [email protected]. 2 r C r uk UID00 Mark Beach MBeach MB9999 [email protected] 3 m

You should access MySQL on the server using the MySQL console (or command line interface).

Select Start / Run… and enter the following: mysql -h www.XXXXX.co.uk -u XXXXX -p where XXXXX is tour MySQL username.

When prompted, enter your password:

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 1 of 14 At the mysql prompt, enter: use leeofficesupplies; where leeofficesupplies refers to the name of the database for which you have complete privileges.

Press the Enter/Return key.

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 2 of 14 To create the Users table it is necessary to provide the definition (or structure) of the table. This is achieved by specifying the field names, field types and field sizes.

We can also identify whether fields can be null (have no contents) and which field is to be set as the primary key (have unique values).

Here is the suggested definition for the Users table:

Field Name Field Type Field Size Can be Primary Null? Key UserID varchar 6 No Yes FirstName varchar 20 Yes LastName varchar 20 Yes Username varchar 10 No Password varchar 10 No Email varchar 20 No

To create the table, enter the following very carefully at the mysql prompt:

CREATE TABLE Users (UserID varchar(6) NOT NULL, FirstName varchar(20), LastName varchar(20), Username varchar(10) NOT NULL, Password varchar(10) NOT NULL, Email varchar(20) NOT NULL, PRIMARY KEY(UserID));

Press the Enter/Return key:

Remember that it is common to make keying errors at this point, and MySQL will respond with an error message. Simply use the up and down cursor keys to access a previous command in order to edit it. Then press Enter/Return again.

At the mysql prompt, enter

SHOW TABLES;

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 3 of 14 At the mysql prompt, enter

DESCRIBE Users;

Once the table has been defined, we will now populate it with new data:

INSERT INTO Users VALUES("UID001", "Helen", "Troy", "HelenT", "Planet10", "[email protected]");

INSERT INTO Users VALUES("UID002", "Shekhar", "Chopra", "ShekharC", "123Water", "[email protected]");

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 4 of 14 Press the Enter/Return key:

INSERT INTO Users VALUES("UID003", "Mark", "Beach", "MBeach", "MB9999", "[email protected]");

SELECT * FROM Users;

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 5 of 14 The login process works by presenting the user with a simple HTML form login.html that asks the user to enter his username and password.

The password field uses an input type known as password which replaces typed characters with asterisks (*) for added security.

When the user clicks the Login button, a PHP script LoginCheck.php is used to query the database table Users for an entry that matches the inputted combination of username and password. MySQL SELECT queries are not case sensitive by default. See later.

If no records are found, a “Sorry, wrong password” message is displayed together with the option to try again.

If a record is found, a second script is called LoginWelcome.php that welcomes the user by name (extracted from the table as part of the query) to the website.

The system relies on PHP’s ability to use session global variables – values that are effectively hidden but can be accessed while the web browser session is active (or the session is terminated by the user logging out).

If any subsequent web page loads and fails to find a session variable for the username, it can force the user back to the login page. Session variables are stored in a default folder as session text files.

Unlike cookies, session variables are not stored on the client system – they remain on the server for improved security.

The following diagram gives an overview of the login process:

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 6 of 14 1. Open a new HTML file, and enter the following code:

Lee Office Supplies – Customer Login

2. Save your HTML file as login.html.

3. Publish your file, and view the published file in a browser.

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 8 of 14 The next script is the most important part of the login system. The script receives the posted username and password and attempts to find a matching user in the LeeOfficeSupplies Users table.

The script is also responsible for creating the global session variables.

4. Open a new PHP file, and enter the following code:

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 9 of 14 { $firstname = mysql_result($result,$i,"FirstName"); session_start(); $_SESSION["firstname"] =$firstname; $_SESSION["username"] =$username; $_SESSION["password"] =$password; header("location:LoginWelcome.php"); } else { echo ""; echo "

5. Save your PHP file as LoginCheck.php.

6. Publish your file.

Note: The SELECT query on the Users table tries to find a record with matching username and password. Prefixing the Password field with binary forces a case-sensitive check.

If a match is found (at least one row is present in the results set), the FirstName field is extracted and stored. Then a session is started and three session variables are created – firstname, username and password – for future use.

The code then performs a redirect to LoginWelcome.php.

If no match is found, an error message is displayed together with a clickable button that will return the user to the previous page to try to login again.

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 10 of 14 The purpose of the next page LoginWelcome.php is to demonstrate how session variables can be checked and different outcomes can be performed depending on whether they do or do not exist on the web server.

Initially, the script is used to see whether a username session variable has been stored. Of course, this can only exist if the user has successfully entered a correct username and case-sensitive password.

If the session variable does not exist, the user is redirected to the login page login.html. This effectively prevents users who have not logged in from accessing the rest of the page.

A short PHP script is used to display the user’s first name as part of a friendly greeting. It does this by accessing the stored session variable firstname.

7. Open a new PHP file, and enter the following code:

Lee Office Supplies - Customer Login

Welcome back, !

8. Save your PHP file as LoginWelcome.php.

9. Publish your file, and view the published file login.html in a browser.

10. Test with a valid username HelenT and incorrect password 123Water:

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 12 of 14 11. Test with a valid username HelenT and correct password Planet10:

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 13 of 14 This time the password is accepted and LoginCheck.php redirects to LoginWelcome.php and greets the user by their first name.

Finally, we can remove all session variables using session_unset() and end the active session using session_destroy().

050f48d3ac8fc0dc3508fa94c89980a3.doc Version 1 Page 14 of 14