High Level Languages

1
High Level Languages

• Lecture 3
• PHP

jog_at_cs.nott.ac.uk
2
Last lecture

• PHP Variable and Array Functions
• File IO in PHP
• A Web Counter Example
• Form Handling
• HTML data Handling for the lazy
• Protecting from hackers
• Date and Time

3
Today Useful PHP

• In the first PHP lecture we considered the
  basics
• Spy on your Users!
• Cookies Sessions
• Making a Web Mail system
• Ripping other peoples Web Pages
• How to code PHP sites with style
• Introduction to Web Databases

4
Spy On Your User

• Knowing who uses your site is essential
  information, whether it be for the purposes
  tailoring your site to your audience or simple
  interest.
• For example you might want to know their
• location
• screen size
• colour depth
• operating system
• browsing patterns
• where theyve linked from

5
Finding User Details

• So how can you find these details? There a couple
  of ways. The simplest is using PHPs environment
  variables.
• The browser that a visitor is using sends a lot
  of information as part of the http request sent
  to where your php script is stored.
• PHP automatically stores this information and
  puts into into a set of variables accessible
  globally anywhere inside your php script, often
  denoted in code by capitals these are
  ENVIRONMENT VARIABLES.
• There are loads of them only a few will be
  useful for you.

6
Environment Variables Again

• lt?
• //name of the server host and the script being
  run  x  SERVER_NAME x  PHP_SELF
• //variables to do with info sent by a form
  x  REQUEST_METHOD x  HTTP_GET_VARS"Varnam
  e" x  HTTP_POST_VARS"Varname"
• //The users IP address, browser
• x  REMOTE_ADDR  x  HTTP_USER_AGENT
• ?gt

7
phpinfo()

• PHP includes a special command that will display
  all of these variables to screen and a lot more.
• phpinfo() shows you everything about the server
  you are running, how php is set up, as well as
  client side information details of where you
  are browsing the page from.
• !/usr/local/bin/php
• lt?
• phpinfo()
• ?gt
• This example can be seen here
• http//www.cs.nott.ac.uk/CFJ-cgi/HLL/environment
  .php

8
Simple User Info Script

• !/usr/local/bin/php
• lt?
• IP REMOTE_ADDR
• browser HTTP_USER_AGENT
• refer HTTP_REFERER
• print "You are using browserltBRgt
• print "Your IP address is IPltBRgt
• print You Came from refer"
• ?gt

9
IP Addresses

• Why would you want to know someones IP address?
• Security
• Geographical personalisation
• You can identify the same user over and over
• !/usr/local/bin/php
• lt?
• IP REMOTE_ADDR
• IPArray explode(.,IP)
• if (IP_array0 62)
• print Welcome. How is Nottingham?
• ?gt

10
Tracking your users

• Time() -- gives you the current UNIX timestamp
• Date() formats it so you can understand it
• To follow your users progress in a site you can
  hence keep a log of
• the time a user activated the script
• what page they are viewing
• their ip address
• and where they browsed here from.
• This way you can profile your users browsing
  habits. Combine this information with the file IO
  we looked at last week and we can have good user
  logging.

11
Bringing it together

• The next few slides are going to show you the
  code to bring this file IO user tracking
  together.
• We will start off with simple code for one page
• Then we will functionalise it
• We will then separate our functions into a
  different script, and include them using the
  require() statement
• require() is like include() but will stop the
  script if it cant find the specified file)

12
Step 1 Basic Code

• !/usr/local/bin/php
• lt?
• ip REMOTE_ADDR
• page "Log Page"
• now date("F j, Y, gi a")
• str "now - User at (ip) browsed page
  (page)\n"
• fp fopen("log.txt", "a")
• fwrite(fp, str)
• fclose(fp)
• print "lt/HTMLgtlt/BODYgt"
• print "ltBgtWELCOME TO PAGE -
  (page)lt/BgtltBRgtltBRgt"
• print "your visit here has been logged in a
  text file ltBRgt"
• print "lt/BODYgtlt/HTMLgt"
• ?gt

13
Step 2 - Making it into a function

• !/usr/local/bin/php
• lt?
• function log_user(page, ip)
• now date("F j, Y, gi a")
• str "now - User at (ip) browsed page
  (page)\n"
• fp fopen("log.txt", "a")
• fwrite(fp, str)
• fclose(fp)
• log_user("Log Page, REMOTE_ADDR)
• ?gt
• ltBgtWELCOME- your visit here has been logged in a
  text filelt/Bgt

14
Step 3 Moving that Function
tracking.fns

• lt?
• function log_user(page)
• ip REMOTE_ADDR
• now date("F j, Y, gi a")
• str "now - User at (ip) browsed page
  (page)"
• fp fopen("log.txt", "a")
• fwrite(fp, str)
• fclose(fp)
• ?gt

15
Step 4 Job done
welcome_page.php

• lt?
• require(tracking.fns")
• log_user(Welcome Page")
• print "ltBgtThis is the Welcome Page visit
  loggedlt/Bgt"
• ?gt

search_page.php

• lt?
• require(tracking.fns")
• log_user(Search Page")
• print "ltBgtThis is the Search Page visit
  loggedlt/Bgt"
• ?gt

16
Passing Variables Between Scripts

• There are 3 ways to do this some are good, some
  are bad.The simplest way is to add the variables
  to the url
• www.cs.nott.ac.uk/jog/myscript.php?variablevalue
  
• You can chain these variables using an ampersand.
• myscript.php?variable1value1variable2value2
• As per normal you dont need to collect these
  variables. So long as the setting is active in
  php as it normally is these variables will
  magically be created so they can be used in your
  script.

17
URL encoding

• However this can lead to problems as you cant
  have certain characters in urls spaces for
  example, more ampersands, colons and so on.
• To deal with this php has the urlencode()
  function.This converts all those problem
  characters into their url friendly counterparts.
  E.g.
• lt?
• str urlencode(script.php?nameT.
  J.lastnameOReilly)
• print ltA HREFstrgtlinklt/Agt
• ?gt
• ltA HREFscript.php3Fname3DT.J.26lastname3DO2
  7Reillygtlinklt/Agt

18
Completing the spy tools

• The reason Im telling you this is because were
  going to use this way of passing variables to
  finish our user profiling.
• While PHP has a lot of user environment variables
  there are things it cant get for you. Some
  things you just cant access server side.
• Only the client can know its width and height,
  colour depth and such like. So we need a client
  side language to tell PHP these things.
• Here we use Javascript.

19
Javascript 101

• Javascript is a client side language.
• JSP is its server side counterpart.
• Its pretty simple but also pretty bad.
• We taught it last year and It really is poor.
• It uses a lot of OO the DOM.
• However it can tell you via two objects a lot
  about the users system the navigator and window
  objects.

20
Javascript Code Example

• ltscript language"javascript"gt
• color window.screen.colorDepth
• width window.screen.width
• height window.screen.height
• availWidth window.screen.availWidth
• availHeight window.screen.availHeight
• platform navigator.platform
• document.write(You are using platform)
• lt/scriptgt

21
Combining with PHP

• The key to really good web-systems is using all
  the available technologies fluidly and together.
• This takes a HELL of a lot of planning.
• In the next example we will combine Javascript
  embedded in HTML, actually into our PHP script.

22
HTML Code (information.html)

• ltHTMLgt
• ltBODY onLoad"redirect()"gt
• ltscript language"javascript"gt
• function redirect()
• url www.cs.nott.ac.uk/CFJ-cgi/HLL/
  information.php"
• url "?colour"
  window.screen.colorDepth
• url "width"
  window.screen.width
• url "height"
  window.screen.height
• url "availWidth"
  window.screen.availWidth
• url "availHeight"
  window.screen.availHeight
• url "platform"
  navigator.platform
• top.window.location.href url
• lt/scriptgt
• lt/BODYgt
• lt/HTMLgt

23
PHP Code (information.html)

• !/usr/local/bin/php
• lt?
• print "ltHTMLgtltBODYgt"
• print "You're using ltBgt
  HTTP_USER_AGENT lt/BgtltBRgt"
• print "Your IP address is ltBgt REMOTE_ADDR
  lt/BgtltBRgt"
• print "Your colour depth is ltBgt colour
  lt/BgtltBRgt"
• print "Your screen size is ltBgt width x height
  lt/BgtltBRgt"
• print "Avail screen size is
• print ltBgt availWidth x availHeight lt/BgtltBRgt"
• print "Your platform is ltBgt platform
  lt/BgtltBRgt"
• print "lt/HTMLgtlt/BODYgt"
• ?gt

24
The Combined Code (1)

• lt?
• if (empty(colour))
• ?gt
• ltHTMLgt
• ltBODY onLoad"redirect()"gt
• ltscript language"javascript"gt
• function redirect()
• url "lt?PHP_SELF?gt"
• url "?colour"
  window.screen.colorDepth
• url "width"
  window.screen.width
• url "height"
  window.screen.height
• url "availWidth"
  window.screen.availWidth
• url "availHeight"
  window.screen.availHeight
• url "platform"
  navigator.platform
• top.window.location.href url
• lt/scriptgt
• lt/BODYgt

25
Combined Code (2)

• lt?
• else
• print "ltHTMLgtltBODYgt"
• print "You're using ltBgt
  HTTP_USER_AGENT lt/BgtltBRgt"
• print "Your IP address is ltBgt
  REMOTE_ADDR lt/BgtltBRgt"
• print "Your colour depth is ltBgt colour
  lt/BgtltBRgt"
• print "Your screen size is ltBgt width x
  height lt/BgtltBRgt"
• print "Avail screen size is
• print ltBgt availWidth x availHeight
  lt/BgtltBRgt"
• print "Your platform is ltBgt
  platform lt/BgtltBRgt"
• print "lt/HTMLgtlt/BODYgt"
• ?gt

26
2. Cookies

• According to Chris - setting and playing around
  with cookies can be a fun and useful way to save
  data on a user's hard drive.
• It can successfully store valuable information
  which may be helpful the next time they come to
  the site.
• Its fairly simple to set up, and even easier to
  read. To use it, you have to remember some
  guidelines

27
Guidelines

• You have to put the cookie code before you print
  out any other HTML in your script.
• The cookie will not be evident on the page until
  its refreshed, or the user visits the page again
  (It is sent with the current page data)
• Here's the code to set a variable
  lt?  setcookie (loginName", Jimbo")  ?gt

VARIABLE NAME
VALUE
28
Cookie Expiration

• Now, the next time someone visits this page, or
  any other PHP page in the same or sub-directory
  that cookie variable will be available.
• However by default this cookie will expire when
  the user turns his browser off.
• To extend the time to expire, set in seconds as
  the next field. For example lt?  setcookie (lo
  ginName", jimbo", time()3600)  ?gt

EXPIRES IN 1 HOUR
29
Time Conversion table

• 1 minute - 60s
• 1 hour - 3600s
• 1 day - 86400s
• 1 week - 604800s
• 1 fortnight - 1209600s
• 1 month - 2419200s
• 3 month - 7257600s
• 1 year - 29030400s

30
Multiple Cookies

• It is not a problem to have multiple cookies -
  save it, here is a code example
• lt?  setcookie (loginName", jimbo") setcookie
   (password", bosh") setcookie (hits", 3")
  print cookieone.ltBRgt 
• print cookietwo.ltBRgt
• print cookiethree.ltBRgt?gt

31
Deleting Cookies Reading

• There are two ways of deleting cookies. The
  traditional way
• lt?  setcookie ("cookie", "", time()-86400)  ?gt
  Or simply by setting the cookie as nothing
• lt?  setcookie ("cookie")  ?gt

32
Dont use multiple cookies

• There is a limit to the number of cookies you can
  set on someones pc for the same web domain.
• As such it is viewed as bad coding to use more
  than one cookie, and so people tend to store all
  variables they need in ONE cookie.
• This is easy in PHP because of the explode() and
  implode() commands.

33
Reading Cookie Information

• The cookies for the web domain your page is in
  will be automatically loaded into PHP.
• You can get at them via two arrays
• HTTP_COOKIE_VARS"cookie"
• or
• _COOKIE'cookie'
• So to display the cookie data in full on screen
  all you need is
• lt?
• print _COOKIE'cookie'
• ?gt

34
Formatting Cookies

• If you use sprintf to set cookies you can use the
  exact same format in a sscanf to get them out.
• And you can take them out as follows
• name Jimbo
• pass bosh
• cookie sprintf(names passs", name,
  pass)
• setcookie ("myCookie", cookie, time()86400)
• And you can take them out as follows
• cookie _COOKIEmyCookie
• sscanf(cookie, names passs", name,
  pass)

35
Exploding Cookies

• As I said before you can also use implode and
  explode.
• info0 Jimbo
• info1 bosh
• cookie implode(cookie, -)
• setcookie (myCookie", cookie, time()86400)
• And you can take them out as follows
• cookie _COOKIEmyCookie'
• info explode(cookie, -)
• Of course you need to remember that element 0 of
  the info array is the username and element 1 is
  the password. But this way you can build up huge
  cookies.

36
PHP Maintaining state

• We now have two ways of maintaining state of
  keeping variables common between scripts.
• Adding variables to the url
• Storing variables in cookies
• Neither are satisfactory. One is incredibly
  clumsy the other out of synch. Your cookie is
  always one step behind because you send it out
  with each page.
• So whats the answer? Sessions!

37
Sessions

• More slides than you can shake a stick at round
  here so.
• Well be looking at it next lecture.
• Suffice to say you MUST use sessions

38
3. Web Mail Systems

• Its easy to send emails in php too.
• Mail() function uses SMTP (Simple Mail Transfer
  Protocol) to send emails automatically from
  inside your scripts.
• To receive and process mail PHP can use the IMAP
  protocols (we wont go into this).
• PHP comes with the IMAP library and this can be
  used for POP and NNTP (news) connections.

39
Sending a mail

• lt?
• email cqc_at_cs.nott.ac.uk"
• title More SPAM!
• message This is my first\n PHP mail
  message
• from "From support_at_chexi.com\n"
• mail(email, title, message, from)
• ?gt

40
4. Ripping Web Pages

• In PHP it is easy to analyse other peoples pages,
  whether it be for data mining or web Searching
• The file() command can loads whole page of HTML
  into a variable. It is as simple as
• lt?
• page file("http//www.avfc.com")
• or die("problem analysing web site")
• ?gt
• From then its up to you to analyse this raw HTML
  data, using regular expressions, string searching
  and such like to mine the data that you need.

41
Next Lecture

• In the first PHP lecture we considered the
  basics
• Session
• Introduction to Databases
• Setting up MySQL
• Simple commands
• Connecting via PHP
• This is the important stuff. Dont miss it.