To gain access to the members' area the member has to enter a secret password on the Erewhon Society home page and press a button labelled 'Submit'. We will tem-porarily assume that the home page is named erewhon.htm. We will also assume that the home page begins like this, with information for the general public lower down.
Most readers will probably have seen webforms like this (frequently several boxes not just one) on websites they have used for purchasing goods, booking holi-days etc.
The HTML needed to create the simple form above (everything below the line
"Members' Area") is as follows
• The <FORM> tag signifi es the start of the webform and specifi es that the desti-nation page for the form is memarea1.php. This does not begin with http:// or https:// which indicates that the destination page is a fi le with the name memarea1.
php relative to the calling page (the one on which the webform is located).
• The fi rst <INPUT> tag specifi es that a text fi eld named verifi er, 20 characters wide, should be displayed.
• This should be followed by three spaces and then the text 'Enter your password and click on Submit' (without the quotes). 1
• The second <INPUT> tag signifi es that a Submit button should be displayed.
• The </FORM> tag signifi es the end of the form.
1 The combination (six characters) indicates a space. If we had simply entered three spaces by using the space bar three times the web browser would display all three of them as just a single space.
11 PHP in Action: Managing a Members' Area
When the user enters a value, say mypass, in the password box and presses Submit the variable/value pair 'verifi er=mypass' is sent to the destination page memarea1.php.
In the destination page we generally start by telling the PHP interpreter that we wish to use the values sent to it from the webform. In this case there is only one value, i.e. the password entered in the text box named 'verifi er'. We can access this value by using the PHP statement
Having done this the destination page script can refer to a variable $verifi er which has the value entered by the user in the webform. (Note that the PHP variable does not have to be named $verifi er. Any valid PHP variable name can be used.)
If we simply wanted to print the value entered by the user, the complete contents of fi le memarea1.php might be as follows.
This would output to the user's web browser the one line
We can make a small improvement to the webform before going further. When the user types the password into the text box on the webform the characters typed are visible to anyone going past, coming into the room etc. This is not a big prob-lem, but it is customary to arrange for the entry of passwords to be a little more secure. If the line
in the HTML of the webform is replaced by
when the user enters a password each character typed is displayed as a black dot, thus making the password unreadable by any unwanted observer.
So far all our PHP script does is to output the password entered by the user from a webform. Of course we do not really want to output the value entered by the user.
We want to compare the value he or she entered with the true value of the password and take action accordingly.
178
Let us assume that the correct password is butler (all lower case letters), in hom-age to the English author Samuel Butler who wrote the novel Erewhon . This is a poor choice of password (it is short, completely alphabetic and not too hard to guess), but it will suffi ce for the present purpose.
The PHP script below shows a simple 'if' statement used to check whether or not the password entered is correct.
Of course, this is of very little use. If the user enters the correct password we want to display the contents of the members' area in his or her browser, not just confi rm that the password is correct. Before going on to this we will fi rst consider the possibility that the user enters a password similar to the correct one, such as Butler or BUTLER. We may decide that any use of upper and lower case letters in the spelling of butler will be accepted. If so, we can achieve this by taking the user's input and replacing all upper case letters by the corresponding lower case ones, a process known as forcing the user's input into lower case . To do this we use the strtolower function, introduced in Chap. 5 .
Another possibility is that the member inadvertently types one or more spaces before the password butler, or possibly after it, or even both. We may wish to treat this as just demonstrating a lack of familiarity with using webforms and accept it as valid. We can achieve this by 'trimming' the user's input to remove any leading or trailing spaces using the trim function described in Chap. 5 . The trim function takes a string as its argument and returns the same string with any initial or fi nal spaces, tabs, 'newline' and 'carriage return' characters removed. We add the following as the fourth line of the fi le.
We now need to replace the statement
11 PHP in Action: Managing a Members' Area
by a statement group that gives the information for members which is the reason for the page existing.
The revised form of the PHP fi le would be something like this.