140 likes | 301 Views
Error handling. Unit 27 Web Server Scripting Extended Diploma in ICT. Criteria M4 and D4. M4 implement an error log for a website using web server scripting. D2 create a web application to generate website statistics using web server scripting
E N D
Error handling Unit 27 Web Server Scripting Extended Diploma in ICT
Criteria M4 and D4 • M4 implement an error log for a website using web server scripting. • D2 create a web application to generate website statistics using web server scripting • We will create a function which will record errors in a log file • The function can be called when there is an error on logging in (M4) • We will record the IP address of who has logged in
Modify the logon script Create a customised error handler which will • Log the date and time of the error in a file • Log the type of error and a message • Show the error on the screen • Inform the user that the error has been logged The error handler will be called if there is an invalid username and password
logon.php 1 <?php $user = $_POST["username"]; $pass = $_POST["password"]; $validated = false; //error handler function customError($errno, $errstr) { echo "<b>Error:</b> [$errno] $errstr<br />"; echo "The error has been logged."; error_log(date (DATE_RSS)." Error: [$errno] $errstr".chr(13).chr(10),3, "invalidlogin.txt"); }
logon.php 2 //set error handler set_error_handler("customError",E_USER_WARNING); session_start(); $_SESSION['login'] = ""; if($user!="" && $pass!="") { $conn = @mysql_connect ("studentnn.computing.hct.ac.uk", "studentnn", "pasword") or die ("Sorry - unable to connect to MySQL database."); $rs = @mysql_select_db ("database", $conn) or die ("error"); $sql = "SELECT * FROM user WHERE username = '$user' AND password = '$pass'"; $rs = mysql_query($sql,$conn); $result = mysql_num_rows($rs);
logon.php 3 if ($result > 0) $validated = true; if($validated) { $_SESSION['login'] = "OK"; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; header('Location: protected1.php'); } else { $_SESSION['login'] = ""; trigger_error("Invalid username or password\n", E_USER_WARNING); } } else $_SESSION['login'] = ""; ?>
logon.php 4 <html> <body> <h1>Logon Page</h1> <p>Please enter your username and password:</p> <form action="logon.php" method="post"> <table> <tr> <td align="right">Username: </td> <td><input size=\"20\" type="text" size="20" maxlength="15" name="username"></td> </tr> <tr> <td align="right">Password: </td> <td><input size=\"20\" type="password" size="20" maxlength="15" name="password"></td> </tr>
logon.php 5 • <tr> • <td> </td> • <td colspan="2" align="left"><input type="submit" value="Login"></td> • </tr> • </table> • </form> • </body> • </html>
invalidlogin.txt Sun, 20 May 2012 22:58:01 +0100 Error: [512] Invalid username or password Tue, 29 May 2012 18:11:00 +0100 Error: [512] Invalid username or password
Logging the IP address • We need to capture the IP address and date • $ip = $_SERVER["REMOTE_ADDR"]; • $date = date(“d-m-Y H:i:s");
Appending to a file • $file = 'login.txt'; • // Open the file to get existing content • $current = file_get_contents($file); • // Append login information to the file • $current .= "$user logged in from IP Address of $ip on $date"."\r\n"; • // Write the contents back to the file • file_put_contents($file, $current);
Insert this code into login.php • if ($result > 0) $validated = true; • if($validated) • { • $_SESSION['login'] = "OK"; • $_SESSION['username'] = $user; • $_SESSION['password'] = $pass; • $ip = $_SERVER["REMOTE_ADDR"]; • $date = date(“d-m-Y H:i:s"); • $file = 'login.txt'; • // Open the file to get existing content • $current = file_get_contents($file); • // Append a new person to the file • $current .= "$user logged in from IP Address of $ip on $date"."\r\n"; • // Write the contents back to the file • file_put_contents($file, $current); • header('Location: protected1.php'); • }