Sessions & Redirection

Agenda
• Redirection
• Session
 PHP Redirection – Option 1

• Redirecting to a different page

Header(Location:success.php)

success.php
Success
Login :

Password :
processLogin.php
Login
Error
Invalid Login and Password !
Error.php

Header(Location:error.php)
 PHP Redirection – Option 2
(using parameters)

• Redirecting to the same page using parameters

Header(Location:welcome.php)

welcome.php
Success
Login : Success

Password :
processLogin.php
Login
Error
Invalid Login and Password !
Header(Location:login.php?login=no)
 PHP Redirection – Option 2
(processLogin.php explained)
<?php //processLogin.php

$user = $_POST["txt_user"]; // getting Form Input values from login.php

$pwd = $_POST["txt_pwd"];

if (($user == "admin")&&($pwd=="admin")) // checking login and password

{
session_start(); // starting a session
$_SESSION['user'] = $user;
header('Location:welcome.php'); // redirection to welcome.php

}
else {

header('Location:login.php?login=no'); // redirection with parameter

}

?>
 PHP Redirection – Option 2
(login.php explained)

…. HTML codes to display

<?php
if (isset($_GET["login"])){
if ($_GET["login"]=="no"){
echo "<br>Invalid Login and Password ! <br>";
}
Login :
}
Password :
?>
Login
…. HTML codes to display Invalid Login and Password !
 Introduction to sessions
• A normal HTML website does not pass data
from one page to another.
• All information is forgotten when a new page
is loaded.
• Quite a problem for shopping websites. E.g.
shopping cart requiring data to be
remembered from one page to the next ( user
selected product.
 Why use session
• A session solves this problem by allowing the
storage of user information on the server (i.e.
username, shopping cart items, etc)
• However, this session information is
temporary and is usually deleted after the
user has left the website that uses sessions
• If more permanent storage is required, then a
database can be used
 PHP Sessions
• Sessions work by creating a unique
identification(UID) number for each visitor
and storing variables based on this ID
• This helps to prevent two users' data from
getting confused with one another when
visiting the same webpage
 PHP Session
• A PHP session variable is used to store
information about, or change settings for a
user session
• Session variables hold information about one
single user, and are available to all pages in
one application
 Starting a PHP Session
• Before storing user information, you must first
start the session
• It must be at the very beginning of your code,
before any HTML or text is sent

<?php
session_start(); // start a php
session
?>
 Storing a session variable
• To store user data in a session use the $_SESSION
associative array.
• You can both store and retrieve session data.

<?php
session_start(); // start a $_SESSION
[‘views’] =1; /store session data
Echo “Pageviews =“ . $_SESSION
[‘views’]
?>
 ISSET funtion
• Before using a session variable it is necessary
that you check to see if it exists already !
• isset is a function that takes any variable you
want to use and checks to see if it has been
set
 Example 1
• Consider the example in session1.php, a
pageview counter can be created by using
isset to check if the pageview variable has
already been created
• If it has, the counter is incremented. If it does
not exist a pageview counter can be created
and set to one.
 Storing and Retrieving Data –
session1.php
<?php
session_start();
if(isset($_SESSION['views']))
$_SESSION['views'] = $_SESSION['views']+ 1;
else
$_SESSION['views'] = 1;
echo "views = ". $_SESSION['views'];
?>
 Example 2
• In the following example, a user has to visit
the first page and is then provided access to
the second page
• If user tries to access the second page directly,
he will be redirected to the first page
• Note the use of isset to check whether the
session id has been created – if it has not been
created, user is redirected to first page
 Example 2- firstpage.php
<?php
session_start();
$_SESSION['ID']=1234;
?>
<html>
<body>
Check Page – If the user is visiting this page first, then
he will be assigned an ID
<br><a href="secondpage.php">Second Page</a>
</body>
</html>
 Example 2- secondpage.php
<?php
session_start();
if(!isset($_SESSION['ID']))
{
header("Location:http://localhost/firstpage.php");
exit();
}
?>
<html>
<body>The user can only view this page if he has gone through the
first page, otherwise he will be redirected to the first page.
</body>
</html>
 Cleaning and destroying session
<?php
session_start();
if(isset($_SESSION['cart']))
unset($_SESSION['cart']);
?>

Or to completely destroy the session use session_destroy

<?php
session_start();
session_destroy();
?>
 Reading Materials – PHP Filter
What is a PHP Filter?
• A PHP filter is used to validate and filter data coming from insecure
sources.
• To test, validate and filter user input or custom data is an important
part of any web application.
• The PHP filter extension is designed to make data filtering easier
and quicker.
Functions and Filters
• To filter a variable, use one of the following filter functions:
– filter_var() - Filters a single variable with a specified filter
– filter_var_array() - Filter several variables with the same or
different filters
– filter_input - Get one input variable and filter it
– filter_input_array - Get several input variables and filter them
with the same or different filters
Reference: http://www.w3schools.com/php/php_filter.asp
 Ref
• http://www.tizag.com/phpT/phpsessions.php
• Previous web tech lecture slides