Wednesday, June 6, 2012

PHP: Session


PHP: Session

The first time a user accesses to a our pages some connections and disconnections took place. During this process the server and the client will interchange information to identify each other. Due to this exchange of information our server will be able to identify a specific user and this information may be use to assign specific information to each specific client. This relationship between computers is call a session. During the time a session is active, it is possible to assign information to a specific client by using Session related commands. After a few minutes, the session will expire, so that information will be lost.

We will use two examples to explain sessions:

Showing number of times we have visit a page during a session
Password protection using sessions


Showing number of times we have visit a page during a session

counter.php
<?
session_start();
$counter++;
print "You have visited this page $counter times during this session";
session_register("counter");
?>
1
2
3
4
5
6

In the example above each time we visit the page "counter.php" during a session we will show the message:

You have visited this page XXX times during this session

Where XXX is the number of time we have visited the page (reload to increase the number by one).

In line 2 of the script we have start a session, we have definned a variable named $counter  and its value has been increased by one (in line 3; $counter++ is equivalent to  $counter= $counter+1), we have print a text (including the variable $counter) and finally we have register the session (we have included the name of our variable without "$" when using the latter command). Each time we visit this page the value for $counter will be increased by one. 

This example will count the number of visits of each visitor; the value of the counter will be specific for each visitor.

In this example we have create a variable names $counter, but we may create additonal variables to save information  from our visitors (p.e. $the_color, $the_age, etc) and we will need to register all of them (p.e. session_register("the_color"),  session_register("The_age"), etc).

We  may include the code above in several pages (p.e in page1.php, pahe2.php, etc), so that we will get the number of pages we have visit on that site during the active session.


Password protection using sessions

Let's suppose we want to allow specific user to access the information on our site. We will create a page named "index.php" to allow visitors to identify themselves, and additional pages (page1.php, page2.php...) which restricted access.

In this example we will consider two users (with usernames Joe or Peter) and the corresponding passwords(hi or hello).

index.php
<?php if ($_POST["username"]=="") { ?>

    <html>
    <title>Our private pages</title>
    <body>
    In order to access this pages fill the form below:<BR>
    <form method="post" action="index.php">
    Username: <input type="text" name="username" size="20"><BR>
    Password: <input type="password" name="password" size="15"><BR>
    <input type="Submit" value="Submit">
    </form>
    </body>
    </html>

<?php }else
    $username=$_POST["username"];
    $password=$_POST["password"];

    session_start();
   if ($username=="Joe" AND $password=="hi"){ $permission="yes";}
   if ($username=="Peter" AND $password=="hello"){ $permission="yes";}

   $username=$_POST["username"];
    session_register("permission");   
    session_register("username"); 

    if ($permission=="yes"){
   ?>

        <html>
        <title>Our private pages</title>
        <body>  
        Hi, you are allow to see these pages: <BR>
        <A HREF="page1.php">Page 1</A><BR>
        <A HREF="page2.php">Page 2</A>  
        </body>
        </html>

    <?php }else{ ?>

    Error in username or password

    <?php } ?>
<?php } ?>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43


Let's explain how this page works:

In line 1 it is checked whether information is submitted throw a form. If the answer is negative ($_POST["username"]==""), a form is displayed asking for username and password.

After filling the form and submitting it, as $_POST["username"] is not "", the script will jump to line 15. In line 16 and 17 user entered values for "username" and "password" are saved to variables $username and $pasword.

In lines 19 and 20 it is checked whether the username and password provided is one of the authorized ones. If so, variable $permission  is set up as "yes". We may add several lines as the ones in lines 19 and 20 to add authorized usernames and passwords. then commands bellow are executed (lines 20-25) 

As shown in the the example "Showing number of times we have visit a page during a session" upper in this page, between lines 18 and 24 we will set up session related variables after session_start() and we will register these variables (so that we will be able to keep that information in the server during the time the session is active).

Finally, if username and password are correct, a response page with links is send to the visitor (lines 29-37). In this example, if the username or password are incorrect the response page will include the text in line 40.

Now, let's suppose the user clicks in the link "Page 1" (page1.php). The code of page1.php will be the following one:
 

page1.php
<?php
session_start();
if ($permission=="yes") {
?>

    <html>
    <title>Page 1</title>
    <body>
   
    Hi, welcome to Page 1 <BR>
    This page is empty at the moment, but it will be very interesting in the next future

    </body>
    </html>

<?php }else{ ?>

    You are not allowed to access this page

<?php } ?>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

In lines 1-4 it is check whether the value for "$permission" is "yes". If the answer is positive a page with information is send to the client. If the answer is negative, the text in line 17 is send.

NOTES:

  • Using session to keep information from visitors is suitable for sites with a limited number of visitors. For sites with a bigger number of visitors it is preferable to keep the information in the clients computer (by using cookies).

No comments:

Post a Comment