$_SESSION[ user_password ] != )) { include logged_user.php ; } else { include unlogged_user.php ; } ?> 2. Create unlogged_user.php and logged_user.php so you can have different content show up depending on whether or not a user is logged in. This first page will be unlogged_user.php and will simply contain some information about the benefits that registering provides and how to go about registering:

Welcome to the home page!

You are currently not logged into our system.
Once logged in, you will have access to your personal area, along with other user information.
If you have already registered, click here to login, or if would like to create an account, click here to register.

3. Next, create the page that tells users they are logged in; then you can show links to the users own personal area (which you create later) to allow them to update personal information, or delete their account entirely. Call this one logged_user.php and use the following code:

Welcome to the home page!

Thank you for logging into our system .
You may now click here to go into your own personal information area, and update or remove your information should you wish to do so.

377 User Logins, Profiles, and Personalization
You want to have a cheap webhost for your apache application, then check apache web hosting services.

2. Create another table to store users and their information. Call this table user_info and create it with the following schema: CREATE TABLE user_info ( email varchar(50) NOT NULL, username varchar(50) NOT NULL, password varchar(255) NOT NULL, first_name varchar(50) NOT NULL, last_name varchar(50) NOT NULL, city varchar(50) default NULL, state varchar(50) default NULL, hobbies varchar(255) default NULL, id int(10) NOT NULL default 0 ); 3. Add a couple of administrators to your database, using your preferred method. (Two will be added here as an example, but you can add as many as you want.) This example uses John Doe and Jane Doe. Keep in mind that you will be using these in all the examples we create here: INSERT INTO admin (username, password, first_name, last_name, email, admin_level, id) VALUES ( johndoe , PASSWORD( jane ), John , Doe , john@johndoe.com , 1 , ); and INSERT INTO admin (username, password, first_name, last_name, email, admin_level, id) VALUES ( janedoe , PASSWORD( john ), Jane , Doe , jane@janedoe.com , 2 , ); You now have a couple of administrators set up in your admin table, so you can begin to create the registration portion of your PHP code to allow users to register and log in, and update their information or delete their accounts if needed. You will again be using sessions to track your users, and you will also be using some cookie information to keep persistent logins between sessions should the user want that option. Try It Out Session Tracking with PHP and MySQL In this exercise, you create a user login system. You will create it so that the user is required to input a username, password, first name, last name, and e-mail address. The other fields will be optional. 1. First, create an index page that looks for login information similar to the previous example, but don t include an authorization page so that you can show different content based on whether or not the user is logged in. This allows the user the chance to log in if he or she wishes to. Call this page index.php, and use the following code to create it: Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

This is a very useful way to protect your PHP files to limit use to logged-in users and administrators. However, there are a couple of minor drawbacks that you will solve later when you integrate the database-driven system: . This is manageable only for a few users with login information. . It s somewhat labor intensive when the need to move to a user-driven database system arises. This may seem to be a less-than-useful example, but it shows that you can protect pages so not just any Joe Shmoe can gain access to them. In fact, this example would work just fine if you needed to have just one or two users or administrators. You can have more, but that isn t easily managed, especially if you get numerous users. In the next section, you learn how you can use PHP in conjunction with MySQL to create user-driven login systems. You also learn how to allow multiple administrators, multiple usernames and passwords, and privilege levels that can be managed with the MySQL database. Using Database-Driven Information This section shows you what you can do with a database-driven Web site. Obviously, you will be using a MySQL database as your preferred database, but keep in mind that PHP can be used with many other databases as well. You will first set up a couple of tables in your database. For this, you will need a table schema (structured framework or plan). The next few steps are merely setup information so you have some usable data in the database that you can use with your PHP/MySQL pages. Call your database registration and your tables admin and user_info. You can go ahead and create the tables as necessary using one of the methods you learned in previous chapters. 1. First, create an administration table schema called admin. You won t be using this table information until the last section of the chapter, but because you are creating table schemas, you may as well do it now. This is where you can keep track of the administrators managing your system. CREATE TABLE admin ( username varchar(50) NOT NULL, password varchar(255) NOT NULL, first_name varchar(50) NOT NULL, last_name varchar(50) NOT NULL, email varchar(50) NOT NULL, admin_level int(2) NOT NULL, id int(10) NOT NULL auto_increment, PRIMARY KEY (id) ); 375 User Logins, Profiles, and Personalization
From our experience, we can recommend PHP Web Hosting services, if you need affordable webhost to host and run your web application.

Figure 12-5 How It Works The PHP pages you just created are used to authorize a user who is trying to view a certain section of your site. When you navigate to a page, the auth.inc.php page checks to see if you are or aren t already an authorized user, and then the page either sends you to the login page or displays the page you were requesting. Here is the part of the code that is actually doing the checking: if (isset($_SESSION[ logged ]) && $_SESSION[ logged ] == 1 The $_SESSION[ logged ] is the variable you are checking for, and the 1 is another way of checking for true. Right now, you only have a username and password hard-coded into your page. If you want numerous users, you would have to edit your page accordingly and add those values for those users. Sessions will look more useful when you are using database-driven information rather than the hard-coded values. 374 Chapter 12
You want to have a cheap webhost for your apache application, then check apache web hosting services.

Figure 12-4 7. Input the correct information: wroxbooks for the username and aregreat for the password. At this point, you are redirected to the page you originally requested because you supplied the correct information. You will see a screen similar to Figure 12-5. 373 User Logins, Profiles, and Personalization
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.

Invalid Username and/or Password

You must be logged in to view this page

6. Navigate to the template.php page you created. Because you haven t logged in, the auth.inc.php file you included redirects you to the login.php page that requires you to log in to view the initial page you requested. Try inputting the incorrect information so you can see how the login page works. You will see a screen similar to the one shown in Figure 12-4. 372 Chapter 12
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

This is the Template Page

This preceding template file is just an example of what you would do to protect a PHP page. In a real working situation, you can replace everything between the opening and closing tags to protect any PHP page that you feel necessary. 4. This takes us to the authorization file, which checks to see if the user has successfully started a session by logging in. If not, the user is redirected to the login page. Use the following code to create a page and save it as auth.inc.php: ; echo (If your browser doesn t support this, . click here) ; die(); } ?> 5. Now that you have the template page and the authorization page done, you can create the login page, login.php, that you use to create the sessions that allow you to gain access to your protected pages. Enter the following code, which actually does the login authorization and the creation of the session for the user once he or she has successfully provided the correct username and password: ; echo (If your browser doesn t support this, . click here) ; } else { ?> 371 User Logins, Profiles, and Personalization
We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.

There are some problems and drawbacks to using htaccess: . The dialog box that pops up is often ugly. . Your third-party hosting company may not allow the use of htaccess. . It s easier to use brute force attacks with htaccess than when you use program-driven login authorization. . It s not easy to customize on the fly for a dynamic, user-driven Web site. Those are just some of the drawbacks to htaccess. Luckily for you, you can use PHP to solve the access problem to your Web-based files. You are likely to still have to use htaccess to protect files such as downloadable images, PDFs, Zip files, and other files that can t contain PHP code. Friendlier Logins Using PHP s Session and Cookie Functions Sessions and cookies are used to distinguish users apart from one another and to allow or not allow certain users to access pages you want only certain users to see. A session is a variable that is kept alive on the server side when someone navigates to a site or page. You can then use this information when tracking a user throughout the site for logins, user preferences, privileges for pages, and much more. Cookies work in a similar fashion, although they are stored on a user s computer and allow the user to look at that file if he or she chooses to do so. Cookies are somewhat less secure in that they allow users to tamper with the file where the cookies are stored, but are by no means insecure. The purpose of this chapter is not just to help you restrict access to certain PHP files; PHP s session and cookie functions are used to require that users of your Web site be authorized before they are allowed to use the Web pages to their full functionality. Keep in mind that this is really useful only when you re protecting sections of Web pages, not for protecting all files and directories. (This will make more sense when you jump into the code.) You could use this form of authorization in an administration area of a Web site where the administrator can change content that is viewable by the public. Note that this can be used in conjunction with htaccess for higher security, if needed. Try It Out Using PHP for Logins In this exercise, you ll use some code within PHP itself to authorize the user s username and password: 1. Open your favorite text editor. 2. Create a new PHP file and save it as template.php. This file will be the template you ll use to illustrate how you protect a page. 3. Start off each Web page you want to protect with this code: 370 Chapter 12
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

Figure 12-3 How It Works When you request the page, Apache checks for .htaccess files in every folder from the Web site s document root all the way down to the file that you are requesting. Apache then opens the file and interprets it. It does this by reading which directory to protect, according to your file path, and then by reading to whom to allow access. You gave access to valid users only, as in the example of john, so no anonymous users will be allowed access. Anonymous users will see the screen shown in Figure 12-3. Because no usernames or passwords are submitted with your initial request, Apache sends a message back to the browser, requesting you to enter a username and password to access this section of the site. A dialog box is displayed, and you can submit the username and password by entering them there. Once these are accepted, you will be allowed to view the site. Also, your Web browser will remember to automatically submit this username and password when accessing the particular folder and throughout the directory tree for the rest of the browser session. 369 User Logins, Profiles, and Personalization
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.

Figure 12-2 6. If you enter the appropriate username and password, you will be allowed to view the page you are requesting, along with any file or folder that resides there. However, if you fail to enter the appropriate username and password three consecutive times, or press Cancel, you will see a screen similar to that shown in Figure 12-3. 368 Chapter 12
Please visit Domain Name Hosting services for high quality webhost to host and run your jsp applications.