Differences

This shows you the differences between two versions of the page.

--- en:web_development:sessions:sessions [2022/02/01 16:49]
mag created
+++ en:web_development:sessions:sessions [2023/08/16 09:33] (current)
@@ Line 5: / Line 5: @@
 ==== Setup ====
-  * We'll continue to use 'login.php' and 'header.php' so here they are again in case you need them.
+  * We'll continue to use 'login.php', 'header.php' and 'menu.php' so here they are again in case you need them.
 **login.php**
@@ Line 142: / Line 142: @@
         <h1>Tech School Web Development Course</h1>
     </header></code>
+**menu.php**
+<code><nav>
+    <ul>
+        <li><a href="lists.php">Lists</a></li>
+        <li><a href="tables.php">Tables</a></li>
+        <li><a href="layout.php">Layout</a></li>
+        <li><a href="media.php">Media</a></li>
+        <li><a href="mysql.php">Databases</a></li>
+        <li><a href="form.php">Forms</a></li>
+        <li><a href="login.php">Login</a></li>
+        <li><a href="logout.php">Logout</a></li>
+    </ul>
+</nav></code>
 ==== Create Session ====
@@ Line 184: / Line 198: @@
   * Save, upload and load the page.
   * Your logs should include the new line with the details of your login.
-  *
+  * Let's display this in the sidebar menu. Add this code before the list in 'menu.php'.
+<code>    <h2><?php echo $_SESSION['profile']['name']; ?></h2></code>
+  * Save, upload and load 'form.php' again.
+  * You should see your user name at the top left of the menu.
+  * We can align it better by adding some padding to the left. Add this code (and any other styling you like) to 'style.css'.
+<code>h2 {
+  padding-left: 40px;
+}</code>
+==== Ending Sessions ====
+  * What happens if a user tries to load the form without having logged in?
+  * To test that, we first need to log out.
+  * Create a file called 'logout.php' and add the following code.
+<code><?php
+    session_start();
+    unset($_SESSION['profile']);
+    header("Location: login.php");
+?></code>
+  * <html>session_start()</html> starts the session so we have access to the session data.
+  * <html>unset</html> deletes the session data so it won't be there when other pages try to access it.
+  * The third line sends the user back to the login page.
+  * Add 'login.php' and 'logout.php' to the menu.
+<code><nav>
+    <h2><?php echo $_SESSION['profile']['name']; ?></h2>
+    <ul>
+        <li><a href="lists.php">Lists</a></li>
+        <li><a href="tables.php">Tables</a></li>
+        <li><a href="layout.php">Layout</a></li>
+        <li><a href="media.php">Media</a></li>
+        <li><a href="mysql.php">Databases</a></li>
+        <li><a href="form.php">Forms</a></li>
+        <li><a href="login.php">Login</a></li>
+        <li><a href="logout.php">Logout</a></li>
+    </ul>
+</nav></code>
+  * Save and upload all the changed files.
+  * Click on 'Log out' and check that you are returned to the login page.
+  * Now, without logging in, change the filename in the url to 'form.php' and press enter.
+  * You should see the form, but your user name is missing from the top of the menu because you aren't logged in.
+==== Getting Current Filename ====
+  * Now we want to redirect any user that hasn't logged in back to the login page automatically.
+  * Add the following code at the end of the PHP block in 'header.php'.
+<code>    if (!isset($_SESSION['profile'])) {
+        header("Location:login.php");
+    }</code>
+  * Save and upload the code, then refresh 'form.php'.
+  * You should get an error saying that the page is in a redirect loop that will never end.
+  * This is because 'login.php' also includes 'header.php' and because the user isn't logged in when the page loads, it will keep being redirected to itself.
+  * To avoid this, we can hard code the HTML from 'header.php' into 'login.php', but this means updating any changes to the header twice.
+  * Instead, we can check which file is being viewed and if it's 'login.php' we disable the redirect.
+  * Add this code after <html>session_start();</html> in 'header.php'.
+<code>    $filename = basename($_SERVER['REQUEST_URI'], '?' . $_SERVER['QUERY_STRING']);
+    error_log("MURRAY: " . $filename);</code>
+  * <html>$_SERVER['REQUEST_URI']</html> is the full string entered into the address bar of the browser.
+  * <html>$_SERVER['QUERY_STRING']</html> is everything in the address bar after '?'.
+  * <html>basename</html> takes a URL and returns everything from the filename on. By adding <html>'?' . $_SERVER['QUERY_STRING']</html> as a parameter, we're telling it to exclude the '?' and everything afterwards.
+  * Change my name for yours in the <html>error_log</html>.
+  * Save and upload the code and try loading 'login.php' again.
+  * You'll still get the error, but now you can look at the PHP logs and see the filename ending in '.php'.
+  * Now we can add a condition before our redirect. We want to redirect only if the we're not on 'login.php' AND the user is not logged in.
+  * Update the code accordingly.
+<code>    if (($filename != 'login.php') && !isset($_SESSION['profile'])) {
+        header("Location:login.php");
+    }</code>
+  * Save and upload the code, then make sure it all works correctly.
+    * If you're not logged in, you should be redirected to 'login.php' no matter which page you open.
+    * If you are logged in, you should be able to open 'form.php' (or any other page except 'login.php') and see your user name above the menu.
+    * If you navigate to 'logout.php' you should be redirected to 'login.php'.
+[[en:web_development:sessions:exercises|Next: Exercises]]

Tech School

User Tools

Site Tools

Differences

Page Tools