book

PHP & MySQL: The Missing Manual

Name: PHP & MySQL: The Missing Manual
Author: Brett McLaughlin
ISBN: 9780596515867

by Brett McLaughlin

November 2011

Intermediate to advanced

496 pages

13h 11m

English

O'Reilly Media, Inc.

Read now

Unlock full access

A Note Regarding Supplemental Files
The Missing Credits
About the AuthorAbout the Creative TeamAcknowledgmentsThe Missing Manual Series
Introduction
What Is PHP?PHP Is All About the WebJavaScript Is Loose, PHP Is…Less SoPHP Is InterpretedWhat Is MySQL?About This BookMacintosh and WindowsFTP: It’s CriticalAbout the OutlineAbout the Online ResourcesMissing CDRegistrationFeedbackErrataSafari® Books Online
1. PHP and MySQL Basics
1. PHP: What, Why, and Where?
Gathering Your ToolsPHP on the PCPHP on the MacGet Out Your Text EditorWriting Your First ProgramRunning Your First ProgramWriting Your Second ProgramStart with an HTML PageWrite a PHP ScriptVariables VaryUpload Your HTML, CSS, and PHPRunning Your Second Program
2. PHP Syntax: Weird and Wonderful
Get Information from a Web FormAccess Request Parameters DirectlyCreate Your Own VariablesWorking with Text in PHPCombining TextSearching Within TextChanging TextTrimming and Replacing TextRemove Extra White Space with trim()Replace Characters in Text with str_replace()The $_REQUEST VariableArrays Can Hold Multiple ValuesWorking with $_REQUEST as an ArrayWhat Do You Do with User Information?
3. MySQL and SQL: Database and Language
What Is a Database?Databases Are PersistentDatabases Are All About Structure(Good) Databases Are RelationalInstalling MySQLMySQL on WindowsMySQL on Mac OS XRunning Your First SQL QuerySQL Is a Language for Talking to DatabasesLogging In to Your Web Server’s DatabaseUSE a DatabaseMaking Tables with CREATEDeleting Tables with DROPINSERT a Few RowsSELECT for the Grand Finale
2. Dynamic Web Pages
4. Connecting PHP to MySQL
Writing a Simple PHP Connection ScriptConnecting to a MySQL DatabaseSelecting the Database to USESHOW Your Database’s TablesHandling Errors By Seeing If Your Results are NotPrinting Out Your SQL ResultsCleaning Up Your Code with Multiple FilesReplacing Hand-Typed Values with VariablesAbstracting Important Values into a Separate FileVariables Vary, But Constants Stay ConstantBuilding a Basic SQL Query RunnerCreating an HTML Form with a Big Empty BoxConnecting to Your Database (Again)Running Your User’s SQL Query (Again)Entering Your First Web-Based QueryHandling Queries That Don’t SELECT InformationDealing with HumansAvoid Changing User Input Whenever Possible
5. Better Searching with Regular Expressions
String Matching, Double-TimeA Simple String SearcherSearch for One String…Or AnotherGet into PositionDitching trim and strtoupperSearching for Sets of CharactersRegular Expressions: To Infinity and Beyond

6. Generating Dynamic Web Pages
Revisiting a User’s InformationPlanning Your Database TablesGood Database Tables Have id ColumnsAuto-Increment Is Your FriendIDs and Primary Keys are Good BedfellowsAdding Constraints to Your DatabaseSaving a User’s InformationBuilding Your SQL QueryInserting a UserA First Pass at ConfirmationUsers Are Users, Not ProgrammersShow Me the UserMocking Up a User Profile PageChanging a Table’s Structure with ALTERBuilding Your Script: First PassSELECT a User From Your DatabasePulling Values From a SQL Query ResultGetting a User ID into show_user.phpRedirection and Revisitation of Creating UsersUpdating Your User Signup FormUpdating Your User Creation ScriptRounding Things Out with Regular Expressions (Again)
3. From Web Pages to Web Applications
7. When Things Go Wrong (and They Will)
Planning Your Error PagesWhat Should Users See?Tell Your Users that a Problem has OccurredUse the Appropriate Tone for Your Error MessageKnow When to Say WhenFinding a Middle Ground for Error Pages with PHPCreating a PHP Error PageTesting out Your Faulty SolutionExpect the UnexpectedWelcome to Security and PhishingPhishing and Subtle RedirectionThe Dangers of Request ParametersAdd Debugging to Your ApplicationTurn on PHP Error ReportingSet Error Reporting GloballyTurn Off Error Reporting When You Go to ProductionMoving from require to require_onceNow You See Me, Now You Don’tRedirecting on ErrorUpdating Your Script to Use show_error.phpSimplify and Abstractredirect is Path-Insensitive
8. Handling Images and Complexity
Images Are Just FilesHTML Forms Can Set the StageUploading a User’s Image to Your ServerSetting Up Some Helper VariablesDid the File Upload with Any Errors?Is this Really an Uploaded File?Is the Uploaded File Really an Image?Moving the File to a Permanent LocationStoring the Image Location in the DatabaseCreating a New Database ColumnInserting the Image Path into Your TableChecking Your WorkImages Are For ViewingSELECT the Image and Display ItConverting File System Paths to URLsDisplaying Your User’s Image: Take TwoA Few Quick Revisions to app_config.phpAnd Now for Something Completely Different
9. Binary Objects and Image Loading
Storing Different Objects in Different TablesInserting a Raw Image into a Tablegetimagesize Doesn’t Return a File Sizefile_get_contents Does What You Think It DoesINSERT the ImageYour Binary Data Isn’t Safe to Insert…YetPrinting a String to a VariableGetting the Correct ID Before RedirectingConnecting Users and ImagesInserting an Image, then Inserting a UserJoining Tables with WHEREConnect Your Tables Through Common ColumnsAlias Your Tables (and Columns)Show Me the ImageDisplaying an ImageGame Plan Your ScriptGet the Image IDBuild and Run a Select QueryGet the Results, Get the Image, and Deal with Potential ErrorsTell the Browser What’s ComingSend the Image DataCatching and Handling ErrorsTest, Test, Always TestEmbedding an Image Is Just Viewing an ImageAll You Need is an Image IDA Script Can Be an Image srcSo Which Approach is Best?OK, If You Insist on an Answer…
10. Listing, Iterating, and Administrating
Some Things Never Change(User Interface) Brevity is Still the Soul of WitWish Lists are Good, TooListing All Your UsersSELECTing What You Need (Now)Building a Simple Admin PageIterating Over Your ArrayDeleting a UserSurveying the Individual ComponentsPutting It All TogetherDeleting Users Shouldn’t Be MagicalStart with a Little JavascriptFinish with a Change in LinkingTalking Back To Your Usersredirect Has Some LimitationsJavaScript alert ReduxAn All-Javascript ApproachYour PHP Controls Your Outputalert Is InterruptiveStandardizing on MessagingBuilding a New Utility Function for DisplayDuplicate Code is a Problem Waiting to HappenView and Display Code Belongs TogetherIntegrating Utilities, Views, and MessagesCalling Repeated Code from a View ScriptFlexible Functions are Better FunctionsUse Default Argument Values in Display_MessagesOutputting a Standard Header with HeredocUpdating Your Script(S) to Use Display_HeadStandardize and Consolidate Messaging in the ViewBuild a Function to Call Two FunctionsJust Pass that Information Along
4. Security and the Real World
11. Authentication and Authorization
Start with Basic AuthenticationBasic Authentication Using HTTP HeadersBasic Authentication is…Pretty BasicThe Worst Authentication EverGet Your User’s CredentialsCancel is Not a Valid Means of AuthenticationGet Your User’s Credentials (Really!)Abstracting What’s the SameAnother Utility Script: authorize.phpPasswords Don’t Belong in PHP ScriptsUpdating the users TableDeal with Newly Invalid DataYou Need to Get an Initial Username and PasswordInserting the User’s Username and PasswordConnect authorize.php to Your users TablePasswords Create Security, But Should Be SecureEncrypt Text with the crypt Functioncrypt is One-Way EncryptionEncryption Uses Salt
12. Cookies, Sign-ins, and Ditching Crummy Pop-ups
Going Beyond Basic AuthenticationStarting with a Landing PageTaking Control of User Sign-insFrom HTTP Authentication to CookiesWhat is a Cookie?Create and Retrieve CookiesLogging In with CookiesIs the User is Already Signed In?Is the User Trying to Sign In?Displaying the pageRedirecting as NeededLogging the User InBlank Pages and Expiring CookiesErrors Aren’t Always InterruptiveAn Option for Repeat AttemptsAdding Context-Specific MenusPutting a Menu Into PlaceFrom HTML to ScriptsAny HTML File Can Be Converted to PHPChallenge: Be Self-Referential with User CreationLog Users OutRequire the Cookie to Be Set
13. Authorization and Sessions
Modeling Groups in Your DatabaseAdding a Groups TableThe Many-to-Many RelationshipOne-to-One, One-to-Many, Many-to-ManyJoins are Best Done with IDsUsing a Join Table to Connect Users with GroupsTesting Out Group MembershipChecking for Group Membershipauthorize.php Needs a FunctionTaking in a List of GroupsIterating Over Each GroupAllow, Deny, RedirectGroup-Specific MenusEntering Browser SessionsSessions are Server-SideSessions Must Be StartedFrom $_COOKIE to $_SESSIONSessions Must be Restarted, Too$_REQUEST Doesn’t Include $_SESSIONMenu, Anyone?And Then Sign Out…Memory Lane: Remember that Phishing Problem?So Why Ever Use Cookies?
Index
About the Author
Copyright

Content preview from PHP & MySQL: The Missing Manual

Chapter 13. Authorization and Sessions

You have two big tasks left. Well, one and a half, as some of this work you’ve already done:

Two levels of authentication: one to get to the main application, and then admin-level authentication to get to a page like show_users.php and delete_user.php.
Some basic navigation—and that navigation should change based on a user’s login and the groups to which they belong.

You’ve already got blanket authentication on that first item. That’s handled through authorize.php. But now it’s time to go further: authorize.php needs to be improved. It should take in a group (or, better, a list of groups) and only allow access if the user is in the passed in groups.

And on the second item, you’ve also got some work done. You’ve got menus that changed based on whether a user is logged in or not. Again, though, there are some needed improvements: if a user is in certain groups, they should see an option to administrate users, and get a link to show_users.php (in addition to the standard link to show_user.php).

And then…there’s a problem with cookies. It’s not a huge problem, but there are some very real concerns over a high-end application using cookies and only cookies for authentication. So there’s that to consider.

Time’s a wasting. You’ve got problems to fix.

Modeling Groups in Your Database

First things first. Before you can look up the groups to which a user belongs, you’ve got to have some groups in your database. That, of course, means you need a table to store ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

PHP & MySQL: The Missing Manual, 2nd Edition

Publisher Resources

ISBN: 9781449318857Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

PHP & MySQL: The Missing Manual

by Brett McLaughlin

Chapter 13. Authorization and Sessions

Modeling Groups in Your Database

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.