PHP Exercise 5

Cookies

 

  1. There are two options for keeping track of information. The first way is cookies. Cookies can hold data after a person has closed their browser, turned off their computer ,etc. The second way is sessions. Sessions are ended when a user closes their browser.
  2. All sessions and cookies MUST be set before any output to the screen has been done. For example, your document MUST begin with

 

<?php

setcookie("TestCookie","$value",time()+3600);

...

 

  1. This is standard protocol in php. The php function setcookie() has several parameters which you can set. In the above example I set a cookie called TestCookie and assigned it the value of $value. Here is the official parameters from the http://www.php.net/manual/en/function.setcookie.php website:

 

setcookie(string name, string value, int expire, string path, string domain, int secure)

 

  1. It is NOT a good idea to store sensitive information in cookies since they are stored on users hard drives. Also they are easily tampered with and users can choose not to accept cookies. For example, if you want to store a person's login_id in a cookie - that is OK, but I would not recommend storing their password in a cookie.
  2. Now let's take a look at an example of where I would have a user log in and store their login_id in a cookie. I saved this file (as always) in /var/www/html/ and named this file cookie_test.php:

 

<?php

// The isset() function returns true if a variable has a

// value

if (isset($_GET[test_info]))

{

// No output has occurred so it's OK to have setcookie()

// function here. The time()+3600 means that this cookie

// will expire in one hour (3600 secs = 1 hour)

setcookie ("TestCookie","$_GET[test_info]",time()+3600);

echo "Now test your cookie<br>";

echo "<a href=\"cookie_test2.php\">cookie_test2.php</a>";

}

else

{

// The action=\"$_SERVER[PHP_SELF]\" will call cookie_test.php again, but

// when it calls it again, $_Get[test_info] will have a value

// and this part will not be executed.

echo "Enter your username:<br>

<form action=\"$_SERVER[PHP_SELF]\" method=\"Get\">

<input type=\"text\" name=\"test_info\">

<input type=\"submit\" value=\"Submit\"></form>";

}

?>

 

·        test_info is just the name of the variable that I decided to make up. You can replace test_info with anything you like!

·        $_SERVER[PHP_SELF] will contain the value of cookie_test.php. So this page will be called again FROM THE TOP OF THE CODE. The second time your browser loads this page, $_GET[test_info] will have a value and the code under the IF statement will be executed. Also note this method DOES require you to test to see if the form has been seen by the user using an IF statement.

  1. Now we will be able to see what you entered in the box with the following php code (I named this file cookie_test2.php):

 

<?php

// Test to see if the cookie has been set correctly

if (isset($HTTP_COOKIE_VARS["TestCookie"]))

{

echo "The cookie is set<br>Here is the value: ";

// To get the value of our cookie we named TestCookie, we use

// the php global variable array $HTTP_COOKIE_VARS[]

// Notice the lack of "" around this echo statement!

echo $HTTP_COOKIE_VARS["TestCookie"];

echo "<br>Do you want to log out?<br>";

echo "<a href=\"cookie_test_logout.php\">Yes</a> | <a href=\"$_SERVER[PHP_SELF]\">No</a>";

}

else

{

echo "the cookie is not set";

echo "<br>Return to the <a href=\"cookie_test.php\">Login page</a>";

}

?>

 

  1. Now browse to http://localhost/cookie_test.php and enter in a user name (It doesn't matter what it is). Then hit the Submit button and click on the link to cookie_test2.php to make sure everything worked out OK.
  2. To make the logout page (cookie_test_logout.php), we will set this cookie to expire one hour ago with the following code:

 

<?php

// This cookie will expire 1 hour ago, effectively

// removing the cookie information

setcookie("TestCookie","",time()-3600);

echo "You are now logged out";

echo "<br>Return to the <a href=\"cookie_test.php\">Login page</a>";

echo "<br>Return to the <a href=\"cookie_test2.php\">cookie test page</a>";

?>

 

  1. In review, you set a cookie with a name and a value and then if you want to get the value of the information you stored in the cookie, use the global variable array $HTTP_COOKIE_VARS[] to later view the information.
  2. Another Global variable that accomplishes the same thing as $HTTP_COOKIE_VARS[] is $_COOKIE[].  $_COOKIE[] is only available in the current versions of PHP.  I suggest using $_COOKIE[] because it is the newest standard in PHP, but $_COOKIE[] will not work with some old computers that haven’t upgraded their PHP interpreters.  For more information, please see  http://www.php.net/manual/en/function.setcookie.php

11.    In an e-commerce website it would be VERY wise to match a users login name and password with information in a database before setting a cookie.

 

 

On Your Own Exercise 5

 

  1. Create a new table (name it anything you want) in your mySQL database that has two fields (both of type varchar and length 25).  One field should be called username and the other field should be called password.  Add at least one username/password combination so you can test a login.

 

  1. The following instructions will require you to create two .php files.  You MUST comment your code to receive full credit!

·        Create a page that first tests if the user has a cookie with the required information (username only).  If not, provide a link to the second file (which is the login page). If they do have a cookie with a value, then display the message "Welcome back username!" (Where username is the value stored in the cookie).

·        The second .php file is the actual login page.  The following is pseudocode.  You must turn this into the actual .php file.

 

<?php

IF(isset($_GET[username_from_form]))

{

           Connect to mysql database

           $query = Select * from customers where username=$_GET[username_from_form]

           . . . All the other stuff that goes with a DB query

           $db_result = mysql_fetch_row[$result]

 

           // $db_result[0] is the username field from the table

           // $db_result[1] is the password field from the table

           // This is true only if your first field in your database is the username

           // and the second is the password field. 

 

If ($_GET[password_from_form] == $db_result[1])

           {

                      setcookie with value=$_GET[username]

}

else

{

                      Display “Login was incorrect. Please try again”

                      Display HTML code for form

}

}

else

{

           Display HTML code for form.  Make sure action=$_SERVER[PHP_SELF] & method=POST

}

?>