110 likes | 230 Views
Lecture 12 Sessions and Authentication. MIS 3501, 2014 Spring Jeremy Shafer Department of MIS Fox School of Business Temple University April 10, 2014. Agenda for today. Review homework assignment The mysqli_real_escape_string () function Authentication and Sessions.
E N D
Lecture 12Sessions and Authentication MIS 3501, 2014 Spring Jeremy Shafer Department of MIS Fox School of Business Temple University April 10, 2014
Agenda for today • Review homework assignment • The mysqli_real_escape_string() function • Authentication and Sessions
mysqli_real_escape_string Please see: http://www.w3schools.com/php/func_mysqli_real_escape_string.asp PHP Programming with MySQL, 2nd Edition
Authentication • Use a one-way encryption function. For example: md5() • The thinking goes like this: • Never store the decrypted password • Store a one-way encrypted password instead • When a user attempts to login in, encrypt their input • Compare the two encrypted passwords to see if the match PHP Programming with MySQL, 2nd Edition
Sessions • A session refers to a period of activity when a PHP script stores state information on a Web server PHP Programming with MySQL, 2nd Edition
Using Sessions to Save State Information • Sessions allow you to maintain state information even when clients disable cookies in their Web browsers PHP Programming with MySQL, 2nd Edition
Starting a Session • The session_start() function starts a new session or continues an existing one • The session_start() function generates a unique session ID to identify the session • A session ID is a random alphanumeric string that looks something like: 7f39d7dd020773f115d753c71290e11f • The session_start() function creates a text file on the Web server. PHP Programming with MySQL, 2nd Edition
Starting a Session (continued) • The session_start() function does not accept any arguments, nor does it return a value that you can use in your script <?php session_start(); ... • You must call the session_start() function before you send the Web browser any output PHP Programming with MySQL, 2nd Edition
Working with Session Variables • Session state information is stored in the $_SESSIONautoglobal • When the session_start() function is called, PHP either initializes a new $_SESSIONautoglobal or retrieves any variables for the current session (based on the session ID) into the $_SESSIONautoglobal PHP Programming with MySQL, 2nd Edition
What are they good for? • Session variables are good for storing data that needs to shared between separate pages in your application. PHP Programming with MySQL, 2nd Edition
For example: index.php form.php handler.php For Customers We can use a $_SESSION variable to indicate if a user is currently logged in or not. login.php report.php For Employees