Course Name: Advanced Web Based Application Development

Topic: Managing State Information Using PHP

Instructor: Dr. Obuhuma James
Activity: Homework Marking Guide

Consider a login application that checks a user's name and password, which are provided upon
login, with variable names 'user' and 'password'. If the username and password are recognized
in the database, the application starts a session and sets a session variable called 'user' for the
login name of the user accessing the system, then redirects the user to file called 'home.php'.
Otherwise, it redirects the user back to the login page, 'login.htm'.

Assumptions:
 The allowable usernames, passwords exist in a mysql database called “login” with table
called “users”.

 The users table has four fields, namely, username, password, fname and lname.

Task:

a) Develop the login interface using HTML5. Ensure that a check for an existing session is
made. If it is found to be existing, then redirect the user to home.php. [6 Marks]

The code for the login script should be as follows:

<?php
//open login page if session is not set otherwise redirect to the homepage
session_start();
if (isset($_SESSION['user'])){
header('location: home.php');
}else{
?>

<!doctype html>
<html>
<head>
<title>Login Form</title>
</head>
<body>

<form method="POST" action="validate.php">

Username<input type="text" name="username" /><br />
Password<input type="password" name="password" /><br />
<input type="submit" value="Login" />
 </form>

</body>
</html>

<?php
}
?>

b) Develop the appropriate PHP scripts and the database that will implement the login process
described in the case. Be sure to include some message in the home.php showing the full
name (FName & LName) of the user that has successfully logged in. [10 Marks]

The code for the script that processes the form data and the login process should be as follows:

<?php
//establish connection to the database server
$connect = mysqli_connect("localhost","root","");

if(!$connect){
echo "Connection to the database engine failed";
}

//select a database called University for use within the script

mysqli_select_db($connect,"University");

//receive login data from the login form then store in variables
$user=$_POST['username'];
$pass=md5($_POST['password']);

//generate a resultset for matching username and password

$results=mysqli_query($connect,"select * from Users where Username='$user' and Password='$pass'");

//retrive the name of the user from the resultset

while($row=mysqli_fetch_array($results, MYSQLI_ASSOC)){
$name=$row['FName'] . " " . $row['LName'];
}

//start a session then redirect to the homepage otherwise redirect back to the login page for invalid
credentials
$count = mysqli_num_rows($results);
if($count ==1){
session_start();
$_SESSION['user']=$name;
header('location: home.php');

}else{
header('location: login.php');
}

//close connection to the database server

mysqli_close($connect);
?>
 The code for the home.php script should be as follows:

<?php
//check if session is set then read the session variables otherwise redirect back to login page
session_start();
if (!isset($_SESSION['user'])){
header('location: login.php');
}else{
echo "You are logged in as " . $_SESSION['user']
. " with session id " . session_id() . "<br />";
}
echo "<a href=logout.php>Logout</a>";
?>

c) Incorporate a logout mechanism that destroys sessions and redirects users to the login
page. Let the link to the logout script be provided in the home.php page. [4 Marks]

The code for the logout.php script should be as follows:

<?php
//gather all session variables in an array
session_start();
$_SESSION = array();

//destroy all session variables then redirect to the login page

session_destroy();
header('location: login.php');
?>