You are on page 1of 9

lectures/4/src/login/home.

php
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.

<?
/**
* home.php
*
* A simple home page for these login demos.
*
* David J. Malan
* Computer Science S-75
* Harvard Summer School
*/
// enable sessions
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Home</title>
</head>
<body>
<h1>Home</h1>
<h3>
<? if (isset($_SESSION["authenticated"])) { ?>
You are logged in!
<br />
<a href="logout.php">log out</a>
<? } else { ?>
You are not logged in!
<? } ?>
</h3>
<br>
<b>Login Demos</b>
<ul>
<li><a href="login5.php">version 5</a></li>
<li><a href="login6.php">version 6</a></li>
<li><a href="login7.php">version 7</a></li>
<li><a href="login8.php">version 8</a></li>
</ul>
</body>
</html>

lectures/4/src/login/login5.php
1. <?
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.

/**
* login5.php
*
* A simple login module that checks a username and password
* against a MySQL table with no encryption.
*
* David J. Malan
* Computer Science S-75
* Harvard Summer School
*/
// enable sessions
session_start();
// connect to database
if (($connection = mysql_connect("", "", "")) === false)
die("Could not connect to database");
// select database
if (mysql_select_db("", $connection) === false)
die("Could not select database");
// if username and password were submitted, check them
if (isset($_POST["user"]) && isset($_POST["pass"]))
{
// prepare SQL
$sql = sprintf("SELECT * FROM users WHERE user='%s'",
mysql_real_escape_string($_POST["user"]));
// execute query
$result = mysql_query($sql);
if ($result === false)
die("Could not query database");
// check whether we found a row
if (mysql_num_rows($result) == 1)
{
// fetch row
$row = mysql_fetch_assoc($result);
// check password
if ($row["pass"] == $_POST["pass"])
{
// remember that user's logged in
$_SESSION["authenticated"] = true;
// redirect user to home page, using absolute path, per

lectures/4/src/login/login5.php
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.

// http://us2.php.net/manual/en/function.header.php
$host = $_SERVER["HTTP_HOST"];
$path = rtrim(dirname($_SERVER["PHP_SELF"]), "/\\");
header("Location: http://$host$path/home.php");
exit;
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Log In</title>
</head>
<body>
<form action="<?= $_SERVER["PHP_SELF"] ?>" method="post">
<table>
<tr>
<td>Username:</td>
<td>
<input name="user" type="text"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="pass" type="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Log In"></td>
</tr>
</table>
</form>
</body>
</html>

lectures/4/src/login/login6.php
1. <?
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.

/**
* login6.php
*
* A simple login module that checks a username and password
* against a MySQL table with no encryption by asking for a binary answer.
*
* David J. Malan
* Computer Science S-75
* Harvard Summer School
*/
// enable sessions
session_start();
// connect to database
if (($connection = mysql_connect("", "", "")) === false)
die("Could not connect to database");
// select database
if (mysql_select_db("", $connection) === false)
die("Could not select database");
// if username and password were submitted, check them
if (isset($_POST["user"]) && isset($_POST["pass"]))
{
// prepare SQL
$sql = sprintf("SELECT 1 FROM users WHERE user='%s' AND pass='%s'",
mysql_real_escape_string($_POST["user"]),
mysql_real_escape_string($_POST["pass"]));
// execute query
$result = mysql_query($sql);
if ($result === false)
die("Could not query database");
// check whether we found a row
if (mysql_num_rows($result) == 1)
{
// remember that user's logged in
$_SESSION["authenticated"] = true;
// redirect user to home page, using absolute path, per
// http://us2.php.net/manual/en/function.header.php
$host = $_SERVER["HTTP_HOST"];
$path = rtrim(dirname($_SERVER["PHP_SELF"]), "/\\");
header("Location: http://$host$path/home.php");
exit;

lectures/4/src/login/login6.php
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.

}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Log In</title>
</head>
<body>
<form action="<?= $_SERVER["PHP_SELF"] ?>" method="post">
<table>
<tr>
<td>Username:</td>
<td>
<input name="user" type="text"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="pass" type="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Log In"></td>
</tr>
</table>
</form>
</body>
</html>

lectures/4/src/login/login7.php
1. <?
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.

/**
* login7.php
*
* A simple login module that checks a username and password
* against a MySQL table with weak encryption (well, a weak hash).
*
* David J. Malan
* Computer Science S-75
* Harvard Summer School
*/
// enable sessions
session_start();
// connect to database
if (($connection = mysql_connect("", "", "")) === false)
die("Could not connect to database");
// select database
if (mysql_select_db("", $connection) === false)
die("Could not select database");
// if username and password were submitted, check them
if (isset($_POST["user"]) && isset($_POST["pass"]))
{
// prepare SQL
$sql = sprintf("SELECT 1 FROM users WHERE user='%s' AND pass=PASSWORD('%s')",
mysql_real_escape_string($_POST["user"]),
mysql_real_escape_string($_POST["pass"]));
// execute query
$result = mysql_query($sql);
if ($result === false)
die("Could not query database");
// check whether we found a row
if (mysql_num_rows($result) == 1)
{
// remember that user's logged in
$_SESSION["authenticated"] = true;
// redirect user to home page, using absolute path, per
// http://us2.php.net/manual/en/function.header.php
$host = $_SERVER["HTTP_HOST"];
$path = rtrim(dirname($_SERVER["PHP_SELF"]), "/\\");
header("Location: http://$host$path/home.php");
exit;

lectures/4/src/login/login7.php
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.

}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Log In</title>
</head>
<body>
<form action="<?= $_SERVER["PHP_SELF"] ?>" method="post">
<table>
<tr>
<td>Username:</td>
<td>
<input name="user" type="text"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="pass" type="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Log In"></td>
</tr>
</table>
</form>
</body>
</html>

lectures/4/src/login/logout.php
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.

<?
/**
* logout.php
*
* A simple logout module for all of our login modules.
*
* David J. Malan
* Computer Science S-75
* Harvard Summer School
*/
// enable sessions
session_start();
// delete cookies, if any
setcookie("user", "", time() - 3600);
setcookie("pass", "", time() - 3600);
// log user out
setcookie(session_name(), "", time() - 3600);
session_destroy();
?>
<!DOCTYPE html>
<html>
<head>
<title>Log Out</title>
</head>
<body>
<h1>You are logged out!</h1>
<h3><a href="home.php">home</a></h3>
</body>
</html>

lectures/4/src/lolcat/lolcat.php
1.
2. <!DOCTYPE html PUBLIC
3.
"-//W3C//DTD XHTML 1.0 Transitional//EN"
4.
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5.
6. <html xmlns="http://www.w3.org/1999/xhtml">
7.
<head>
8.
<title>Lolcat of teh Day</title>
9.
</head>
10.
<body>
11.
<div align="center" style="padding: 20px;">
12.
<h1>Lolcat of teh Day</h1>
13.
<?
14.
15.
$xml = new SimpleXMLElement(file_get_contents("http://feedproxy.google.com/ICanHasCheezburger?format=xml"));
16.
$item = $xml->channel->item[0];
17.
preg_match("/^.* - (.*)</", $item->description, $matches);
18.
$alt = htmlspecialchars($matches[1], ENT_QUOTES);
19.
$link = $item->link;
20.
foreach ($item->children("http://search.yahoo.com/mrss/") as $content)
21.
{
22.
$attributes = $content->attributes();
23.
$src = $attributes["url"];
24.
}
25.
print("<a href='{$link}'><img alt='{$alt}' border='0' src='{$src}' /></a>");
26.
27.
?>
28.
</div>
29.
</body>
30. </html>