Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Parameter Passing & Session Tracking in PHP

12.757 visualizaciones

Publicado el

Parameter passing, File Upload, Session, Cookie, Url Rewriting in PHP

Publicado en: Tecnología
  • Sé el primero en comentar

Parameter Passing & Session Tracking in PHP

  1. 1. Passing parameters & Session Tracking in PHP Prof. Ami Tusharkant Choksi Assistant Professor, Computer Engg. Dept., C.K.Pithawalla College of Engg. & Tech., Surat, Gujarat State, India.
  2. 2. What is Parameter Passing & Session Tracking? -> Values of the text typed in user form is passed to other HTML and/or server side script is called parameter passing . -> A session refers to all the connections that a single client might make to a server in the course of viewing any pages associated with a given application.[1] -> Maintenance of user's state during session(e.g.login to logout) is called a Session Tracking .
  3. 3. Ways <ul><li>Visible form parameters </li></ul><ul><li>Hidden form parameters </li></ul><ul><li>Cookies </li></ul><ul><li>Session </li></ul><ul><li>URL Rewriting </li></ul>
  4. 4. Parameter Passing with <Form> <ul><li>Methods of passing parameters with <form> </li></ul><ul><ul><li>GET (smaller data i.e.1024 bytes) </li></ul></ul><ul><ul><li>POST(bigger data, as well as file upload) </li></ul></ul><ul><li>PHP uses predefined variables </li></ul><ul><ul><li>$_GET['varname'] </li></ul></ul><ul><ul><li>$_POST['varname'] </li></ul></ul>
  5. 5. Predefined Variables[2] <ul><li>PHP provides a large number of predefined variables represent everything from external variables to built-in environment variables, last error messages to last retrieved headers to all scripts. </li></ul><ul><li>Superglobals — Superglobals are built-in variables that are always available in all scopes </li></ul><ul><li>$GLOBALS — References all variables available in global scope </li></ul><ul><li>$_SERVER — Server and execution environment information </li></ul><ul><li>$_SERVER — Server and execution environment information </li></ul><ul><li>$_GET — HTTP GET variables </li></ul><ul><li>$_POST — HTTP POST variables </li></ul><ul><li>$_FILES — HTTP File Upload variables </li></ul>
  6. 6. List of predefined variables [2]... <ul><li>$_REQUEST — HTTP Request variables </li></ul><ul><li>$_SESSION — Session variables </li></ul><ul><li>$_ENV — Environment variables </li></ul><ul><li>$_COOKIE — HTTP Cookies </li></ul><ul><li>$php_errormsg — The previous error message </li></ul><ul><li>$HTTP_RAW_POST_DATA — Raw POST data </li></ul><ul><li>$http_response_header — HTTP response headers </li></ul><ul><li>$argc — The number of arguments passed to script </li></ul><ul><li>$argv — Array of arguments passed to script </li></ul>
  7. 7. The values of Predefined Variables <ul><li>Values of predefined variables can be seen with </li></ul><ul><li><?php </li></ul><ul><li>phpinfo() </li></ul><ul><li>?> </li></ul>
  8. 8. File Upload <ul><li>Writing client's file on the server is called File Upload. </li></ul><ul><li>In HTML code following is must be added: </li></ul><ul><li><form method=&quot;post&quot; enctype=&quot;multipart/form-data&quot; action=&quot;upload.php&quot;> </li></ul><ul><li>FileName <input type=&quot;file&quot; name=&quot;userfile&quot;> </li></ul><ul><li>Above code will display Browse/Choose button on the browser page with which one can select a file. </li></ul>
  9. 9. File Upload HTML page in Browser
  10. 10. Required Configuration in /etc/php.ini File <ul><li>;file_uploads must be On </li></ul><ul><li>file_uploads = On </li></ul><ul><li>; Temporary directory for HTTP uploaded files (will use system default if not specified). </li></ul><ul><li>upload_tmp_dir =/tmp </li></ul><ul><li>; Maximum allowed size for uploaded files. </li></ul><ul><li>upload_max_filesize = 2M </li></ul>
  11. 11. Retrieval of File at Server #/uploads must be having o+rwx permission $uploaddir = &quot;/uploads/&quot;; $uploadfile = $uploaddir . basename($_POST[&quot;filename&quot;]); if (move_uploaded_file($_FILES[&quot;filename&quot;][&quot;tmp_name&quot;], $uploadfile)) { echo &quot;File is valid, and was successfully uploaded. &quot;; } else { echo &quot;Possible file upload attack! &quot;; }
  12. 12. Session Tracking is done with <ul><li>As HTTP is stateless protocol Session Tracking must be maintained by programmers with following ways: </li></ul><ul><li>Hidden form parameters </li></ul><ul><li>Cookies </li></ul><ul><li>Session </li></ul><ul><li>URL Rewriting </li></ul>
  13. 13. Hidden Parameter Passing <ul><li>Parameter is passed from 1 page to other which is not visible from user. </li></ul><ul><li><input type=hidden name=”username” value=”amichoksi”> </li></ul><ul><li>Can be retrieved in PHP by </li></ul><ul><ul><li>$_GET[“username”] </li></ul></ul><ul><ul><li>$_POST[“username”] </li></ul></ul>
  14. 14. Cookies [2] <ul><li>Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users. </li></ul><ul><li>Set Cookie </li></ul><ul><ul><li>bool setcookie ( string $name string $value , int $expire=0 , string $path , string $domain , bool $secure=false , bool $httponly=false) </li></ul></ul><ul><ul><li>setcookie(“username”,”ami”,time()+300); </li></ul></ul><ul><li>Read Cookie </li></ul><ul><ul><li>$_COOKIE['name'] </li></ul></ul>
  15. 15. Session [2] <ul><li>A way to preserve certain data across subsequent accesses. </li></ul>
  16. 16. Session Functions [2] session_cache_expire — Return current cache expire session_cache_limiter — Get and/or set the current cache limiter session_commit — Alias of session_write_close session_decode — Decodes session data from a string session_destroy — Destroys all data registered to a session session_encode — Encodes the current session data as a string session_get_cookie_params — Get the session cookie parameters session_id — Get and/or set the current session id session_is_registered — Find out whether a global variable is registered in a session session_module_name — Get and/or set the current session module session_name — Get and/or set the current session name session_regenerate_id — Update the current session id with a newly generated one session_register — Register one or more global variables with the current session session_save_path — Get and/or set the current session save path session_set_cookie_params — Set the session cookie parameters session_set_save_handler — Sets user-level session storage functions session_start — Initialize session data session_unregister — Unregister a global variable from the current session session_unset — Free all session variables session_write_close — Write session data and end session
  17. 17. Examples <ul><li>File: Page1.php </li></ul><ul><li><?php </li></ul><ul><li>session_start(); </li></ul><ul><li>echo 'Welcome to page #1'; </li></ul><ul><li>$_SESSION['favcolor'] = 'green'; </li></ul><ul><li>$_SESSION['animal'] = 'cat'; </li></ul><ul><li>$_SESSION['time'] = time(); </li></ul><ul><li>session_set_cookie_params(10,&quot;/&quot;,&quot;;,true, false); </li></ul><ul><li>?> </li></ul>
  18. 18. Example... <ul><li>Filename Page2.php </li></ul><ul><li>session_start(); </li></ul><ul><li>echo 'Welcome to page #2<br />'; </li></ul><ul><li>echo $_SESSION['favcolor']; // green </li></ul><ul><li>echo $_SESSION['animal']; // cat </li></ul><ul><li>echo date('Y m d H:i:s', $_SESSION['time']);?> </li></ul><ul><li>session_unset ();//releasing session data </li></ul><ul><li>Echo $_SESSION['time'];//no output </li></ul>
  19. 19. URL Re-Writing <ul><li>The Apache server’s mod_rewrite module gives the ability to transparently redirect one URL to another by modifying URL (i.e. re-writing), without the user’s knowledge. </li></ul><ul><li>Used in situations:- </li></ul><ul><ul><li>Pass some information to other page </li></ul></ul><ul><ul><li>redirecting old URLs to new addresses </li></ul></ul><ul><li>Or </li></ul><ul><li>- cleaning up the ‘dirty’ URLs coming from a poor </li></ul><ul><li>publishing system </li></ul>
  20. 20. Required Configuration and Examples <ul><li>Following line must be uncommented available in /etc/httpd/conf/httpd.conf file </li></ul><ul><li>LoadModule rewrite_module modules/ </li></ul><ul><li>URL Rewriting examples </li></ul><ul><ul><li>http://localhost/ami/123 </li></ul></ul><ul><ul><li>http://localhost/~ami/UrlRewrite.php?name=amichoksi </li></ul></ul>
  21. 21. Retrieval of URL Rewriting Data <ul><li><?php </li></ul><ul><li>if(isset($_SERVER['PATH_INFO'])){ </li></ul><ul><li>echo $_SERVER['PATH_INFO'];} </li></ul><ul><li>else if(isset($_GET['username'])) { </li></ul><ul><li>echo $_GET['username']; </li></ul><ul><li>} </li></ul><ul><li>?> </li></ul>
  22. 22. References <ul><li> </li></ul><ul><li> </li></ul>