Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

developerWorks Community:

  • Close [x]

Learning PHP, Part 3: Authentication, objects, exceptions, and streaming

Nicholas Chase is the founder and creator of NoTooMi. In addition to technical writing for large corporations, he has been involved in website development for companies such as Lucent Technologies, Sun Microsystems, Oracle, and the Tampa Bay Buccaneers. He has been a high school physics teacher, a low-level-radioactive waste facility manager, an online science fiction magazine editor, a multimedia engineer, an Oracle instructor, and the chief technology officer of an interactive communications company. He is the author of several books, including XML Primer Plus (Sams 2002).

Summary:  This tutorial is Part 3 of a three-part "Learning PHP" series teaching you how to use PHP through building a simple workflow application. In this tutorial, you will learn about using HTTP authentication, streaming files, and how to create objects and exceptions.

03 Jan 2013 - Nicholas Chase updated content throughout this tutorial to reflect current PHP technology.

View more content in this series

Date:  03 Jan 2013 (Published 12 Jul 2005)
Level:  Intermediate PDF:  A4 and Letter (792 KB | 36 pages)Get Adobe® Reader®

Comments:  

The story so far

In this section I review the progress you've made in this series, create a welcome page, and create some restrictions using PHP.

Where things stand right now

You've been building a simple workflow application through the course of these tutorials. The application enables users to upload files to the system and to see those files, as well as files approved by an administrator. So far, you've built:

  • A registration page that enables a user to use an HTML form to sign up for an account by entering a unique username, email address, and password. You built the PHP page that analyzes the submitted data, checks the database to make sure the username is unique, and saves the registration in the database.
  • A login page that takes a username and password, checks them against the database, and, if they're valid, creates a session on the server so the server knows which files to display.
  • Simple interface elements that detect whether the user is logged in to display appropriate choices.
  • An upload page that enables users to send a file to the server through a browser. You also built the page that takes this uploaded file and saves it to the server, then adds information about it to an XML file for later retrieval, using the Document Object Model (DOM).
  • A display function uses an alternative format, JavaScript Object Notation (JSON) to both save and display the data.

You can download the files that represent where the application left off in "Learning PHP, Part 2."


What you're going to do

Before you're through with this tutorial, you'll have a complete—though extremely simple—workflow application. In this tutorial, you will:

  • Add HTTP authentication, controlled by the web server. You'll also integrate your registration process so it adds new users to the web server.
  • Add links to the function that displays the available files so users can download them. You'll create a function that streams these files to the browser from a non-web-accessible location.
  • Ensure that users download files from the appropriate page. You'll use the fact that files must be streamed by the application, instead of simply served by the HTTP server, to enable control over the circumstances in which users download files.
  • Create a class that represents a document, and use object-oriented methods to access and download it.
  • Create and use custom exceptions to help pinpoint problems.
  • Manage the approval process.

To start, you'll put a public face on what you already have.


The welcome page

Up to now, you've concentrated on building the individual pieces of your application. Now it's time to start putting them together, so start with a simple welcome page you can use as a "landing strip" for visitors. Create a new file called index.php and add the code from Listing 1.


Listing 1. The index page
<?php

   session_start();

   include ("top.txt");
   include ("scripts.txt");

   display_files();

   include ("bottom.txt");

?> 

After starting the session so it is available later, the page's first include() function loads the top interface elements for the page, if applicable. The second loads all the scripts that you created so far, including the display_files() function you created in "Learning PHP, Part 2," which lists all the files uploaded by the current user or approved by an administrator. The final include is the bottom of the HTML page.

Save the file in the same directory as the other files that you created. For example, you might put the file in the document root of your server. Once you start the HTTP server, you can see the page by pointing your browser to http://localhost/index.php.

Figure 1 shows the simple page.


Figure 1. The basic listing page
Screen capture of the basic listing page

Restricting file access

In the next section, you learn to control who sees what with authentication. You first need to put some restrictions in place. At this point, all users can see all files, whether they're approved or not, and that's not what you want. Instead, you want display_files() to show users only files that are approved, unless a user is the one who uploaded it.

Open scripts.txt and make the additions in Listing 2.


Listing 2. Restricting access to files
    for ($i = 0; $i < count($workflow["fileInfo"]); $i++) {
        $thisFile = $workflow["fileInfo"][$i];
        if (
            ($thisFile["approvedBy"] != null) ||
            (
                    isset($_SESSION["username"]) &&
                    ($thisFile["submittedBy"] == $_SESSION["username"])
            )
        ) {

            echo "<tr>";
            echo "<td>" . $thisFile["fileName"] . "</td>";
            echo "<td>" . $thisFile["submittedBy"] . "</td>";
            echo "<td>" . $thisFile["size"] . "</td>";
            echo "<td>" . $thisFile["status"] . "<td>";
            echo "</tr>";
        } 
    }

In Listing 2, you combine three different conditions to determine whether to list a particular file. First, if a file is approved, then $thisFile["approvedBy"] will have a value, so that condition is true. The double-pipe (||) means "or," so if the first test comes up false, you get a second chance with the second half of the condition.

The second half of the condition also consists of two parts, but because you use the double ampersand (&&)—which means "and"—they both need to be true for the second half to be true. The first test is to see if the session knows about the username. If it does, the username has to match the $thisFile["submittedBy"] value.

If the overall condition evaluates to "true"—in other words, if the file is approved, or if the user is logged in and is the originator of the file—the system displays it. If not, it doesn't.

So if you're not logged in (you might have to restart your browser to test this) you should see an empty page, as in Figure 2.


Figure 2. The basic listing page, with restrictions
Screen capture of the basic listing page, with restrictions

If you just started your browser, you should see the Register and Login links because you're not logged in. In the next section, you'll look at another way to handle that process.

2 of 11 | Previous | Next

Comments



static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Open source, Linux, XML
ArticleID=133669
TutorialTitle=Learning PHP, Part 3: Authentication, objects, exceptions, and streaming
publish-date=01032013
author1-email=ibmquestions@nicholaschase.com
author1-email-cc=