PHP Session Assignment

PHP Session Assignment

This file is in: /usr/users3/grovesr/web/books2/authmain.php

<?
session_start();

if ($userid && $password)
{
  // if the user has just tried to log in

//
//  You will need to change the $database variable value to be your 
grace
//  user ID
//
  $database = "grovesr";
  $www_base = "http://grace.evergreen.edu/~grovesr/books/";
  $edit_it = "edit_results.php";

  include("protected/db.inc");
  $query = "select * from book_auth "
           ."where name='$userid' "
           ." and pass=password('$password')";
  $result = mysql_query($query, $db);
  if (mysql_num_rows($result) >0 )
  {
    // if they are in the database register the user id
    $valid_user = $userid;
    session_register("valid_user");
  }
}
?>
<html>
<body>
<h1>Home page</h1>
<? 
  if (session_is_registered("valid_user"))
  {
    echo "You are logged in as: $valid_user <br>";
    echo "<a href=\"logout.php\">Log out</a><br>";
  }
  else
  {
    if (isset($userid))
    {
      // if they've tried and failed to log in
      echo "Could not log you in";
    else 
    {
      // they have not tried to log in yet or have logged out
      echo "You are not logged in.<br>";
    }
    // provide form to log in 
    echo "<form method=post action=\"$_SERVER['PHP_SELF']\">";
    echo "<table>";
    echo "<tr><td>Userid:</td>";
    echo "<td><input type=text 
name=userid></td></tr>";
    echo "<tr><td>Password:</td>";
    echo "<td><input type=password 
name=password></td></tr>";
    echo "<tr><td colspan=2 align=center>";
    echo "<input type=submit value=\"Log 
in\"></td></tr>";
    echo "</table></form>";
  }
?>
<br>
<a href="members_only.php">Members section</a>
</body>
</html>

This file is in: /usr/users3/grovesr/web/books2/logout.php

<?
  session_start();

  $old_user = $valid_user;  // store  to test if they *were* logged 
in
  $result = session_unregister("valid_user");
  session_destroy();
?>
<html>
<body>
<h1>Log out</h1>
<? 
  if (!empty($old_user))
  {
    if ($result)
    { 
      // if they were logged in and are not logged out 
      echo "Logged out.<br>";
    }
    else
    {
     // they were logged in and could not be logged out
      echo "Could not log you out.<br>";
    } 
  }
  else
  {
    // if they weren't logged in but came to this page somehow
    echo "You were not logged in, and so have not been logged 
out.<br>"; 
  }
?> 
<a href="authmain.php">Back to main page</a>
</body>
</html>

This file is in: /usr/users3/grovesr/web/books2/members_only.php

<?
  session_start();

  echo "<h1>Members only</h1>";

  // check session variable

  if (session_is_registered("valid_user"))
  {
    echo "<p>You are logged in as $valid_user.</p>";
    echo "<p>Members only content goes here</p>";
    echo "<p>The session info should be below</p>";
    phpinfo();
  }
  else
  {
    echo "<p>You are not logged in.</p>";
    echo "<p>Only logged in members may see this 
page.</p>";
  }

  echo "<a href=\"authmain.php\">Back to main page</a>";
?>

The assignment: Copy these three files into your directory (you will need to have the ‘protected’ directory from the last assignment in this directory), and integrate the search and results functions from your search.php and results.php files (either the ones that search the book_book tables or the ones that search the book_customer tables) so that in order to access the search, the user has to log in with a valid password, and in order to see the results, they have to be logged in.