Page 3 of 7

Re: Mixing php and html

Posted: Wed Mar 21, 2012 9:47 pm
by Pavilion
Celauran wrote:
Pavilion wrote:About the $_SESSION variable, after submitting my last post I did figure out it is possible to declare an array with the $_SESSION variable. This makes sense, because if one has to consistently access the same table (UserTbl), then assigning a $_SESSION variable array to this table makes sense. But, if I assign an array to $_SESSION, is there a way to also assign a global variable to $row['user_id']?
I wasn't so much talking about assigning an array to the $_SESSION variable as I was pointing out that the $_SESSION variable is an array. Storing a user's ID in the $_SESSION array is common practice and a good way to keep track of your logged-in users.
So... in the sample login script when they used this line:

Code: Select all

 $_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);
What exactly is happening? I'm assuming $_SESSION contains all that the MySQL Fetch array contains. If that is the case, then it would be possible to access data from the UserTbl through the global $_SESSION?

In the end... is it better to assign an array of data to $_SESSION, or just one field (like "user_ID")? That is why I am curious about assigning a global variable to both the fetch_array and to one $row[user_id]. Or do you have to choose just one global variable to put in the <head>?

Pavilion wrote:Also, if I assign an array to $_SESSION, then can I also query another table and set other arrays within page actions? For instance, if I want users to insert data into another table, can I write INSERT or SELECT queries on this other table and get arrays from those queries?
I'm not quite sure what you mean here. Can you provide a more specific/detailed example?
Well - this question goes to my classical database experience. In classical databases the one-to-many relationship is so much more flexible. In one form, I can give users the ability to add and edit data in multiple tables, Moving to php - html environment has been a challenge to me on many levels, but the biggest challenge is the way I think about one-to-many relationships in building forms.

So... if it is possible to store an array of data in the global $_SESSION variable, is it also possible to use that variable for input?

In addition - can I create input MySQL statements on other tables within the same php document as well?

For the application I'm thinking of, my users (employees) will be requesting flex times from their employer. Since one employee can request multiple flex times, then the requests have to be stored in their own table. Of course, if $_SESSION is $row[user_id], then I'll be able to pass that value to the insert statement. But, if the employee has priority blocks of times stored in another table, then I may also have to access this data during the "request" process. So... for one request. I may have to pull data from the UserTbl, a PriorityTime Table, and AvailableTime table - all to create one request.

I can picture how to do this in a classical database, in fact it is already up and running in a classical database and has been for years. They just want to move the capability to the web (and they are willing to work with me as I learn php/html/css).

But... I cannot yet picture how I am going to pull all these different pieces of the puzzle together in a web environment.

Hope this explanation helps you understand my original question.
Actually XHTML is not what should be used. If you're not sending xml headers along with that doctype the browser is really just interpreting it as tag soup. If you do send the xml headers IE will treat it as proper xml/xhtml and kill the entire page IF there's even the slightest syntax error in your markup.

Use the HTML5 doctype: <!DOCTYPE html>
Yes IE 6,7,8 & 9 lack many features from HTML5 and its related technologies (javascript, css3, etc) But they do switch to their most standards compliant rendering mode when they encounter the HTML5 doctype and that's really what the doctype is used for.
ThinSoldier - Thank you for your advice. I have taken it to heart. Since I am a newbie at all of this, I must accommodate for "even the slightest syntax error". :)

Thanks to both of you - your advice is appreciated.

Pavilion

Re: Mixing php and html

Posted: Thu Mar 22, 2012 5:16 am
by Celauran
Pavilion wrote:

Code: Select all

 $_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);
What exactly is happening? I'm assuming $_SESSION contains all that the MySQL Fetch array contains. If that is the case, then it would be possible to access data from the UserTbl through the global $_SESSION?
That's right. That's exactly what they're doing. Since they used SELECT * (a no-no) they're storing the entire row -- including the password (in plain text!) -- in the session.
Pavilion wrote:In the end... is it better to assign an array of data to $_SESSION, or just one field (like "user_ID")?
Depends on your needs, really. Store what you need and only what you need.

Pavilion wrote:Well - this question goes to my classical database experience. In classical databases the one-to-many relationship is so much more flexible. In one form, I can give users the ability to add and edit data in multiple tables, Moving to php - html environment has been a challenge to me on many levels, but the biggest challenge is the way I think about one-to-many relationships in building forms.

So... if it is possible to store an array of data in the global $_SESSION variable, is it also possible to use that variable for input?

In addition - can I create input MySQL statements on other tables within the same php document as well?

For the application I'm thinking of, my users (employees) will be requesting flex times from their employer. Since one employee can request multiple flex times, then the requests have to be stored in their own table. Of course, if $_SESSION is $row[user_id], then I'll be able to pass that value to the insert statement. But, if the employee has priority blocks of times stored in another table, then I may also have to access this data during the "request" process. So... for one request. I may have to pull data from the UserTbl, a PriorityTime Table, and AvailableTime table - all to create one request.

I can picture how to do this in a classical database, in fact it is already up and running in a classical database and has been for years. They just want to move the capability to the web (and they are willing to work with me as I learn php/html/css).

But... I cannot yet picture how I am going to pull all these different pieces of the puzzle together in a web environment.
You can absolutely use anything stored in session data in a query. In fact, that's largely the point. I'm not really sure how the one-to-many relationship differs here. MySQL is just another RDBMS. Use JOINs to fetch data from multiple tables in a single query, store it either in a local variable or in session data (or some in each) depending on what's needed when and where. You may also want to look into an ORM.

Re: Mixing php and html

Posted: Thu Mar 22, 2012 7:34 am
by Pavilion
That's right. That's exactly what they're doing. Since they used SELECT * (a no-no) they're storing the entire row -- including the password (in plain text!) -- in the session.
NOW ... SEE... it's information like this that shows why it is so necessary to ask questions while learning. :D Thank you!
I'm not really sure how the one-to-many relationship differs here. MySQL is just another RDBMS. Use JOINs to fetch data from multiple tables in a single query, store it either in a local variable or in session data (or some in each) depending on what's needed when and where. You may also want to look into an ORM.
Well ... (as far as I can tell anyway) the one-to-many relationship differs in presentation. In a classical database I can use subforms to display-edit data from multiple tables in one form. This is huge, and I've not found anything like it in php/html. I could be wrong, and if I am please enlighten me.

But.. very often in the classical database world... we do not present data from multiple tables with joins. We use subforms. In one form a user can add/edit/delete (if all the properties are set accordingly) from/to multiple tables. Below is a very simple diagram:
Subforms.jpg
In this basic (and it is very basic) diagram, if a user wanted to edit user name, edit their priority times, choose from available times and add a new record to requested times, they could do so.

In addition - and this is also a major part of the development process - behind every single control, (whether an input control, a command button, or a form, or a subform) I can create "events". Events are basically code driving the action in a form. So... for instance... if an employee decides to change his/her "priority times" in an "after-update" event I can compare priority times to available times and give a message to the user if there is any kind of a match. In an average form there can be multiple "after-update events" or "on-click events" or "before-update events". In a complex form there can be dozens.

I guess what I've been trying to get at is this capability. Are there more specific ways to tie php actions to individual controls? Can php accommodate something akin to a subform?

Thank you - Pavilion

Re: Mixing php and html

Posted: Thu Mar 22, 2012 7:39 am
by Celauran
MySQL has no forms, as such. There is no front-end to speak of; you need to create one for your application. Based on what you just mentioned, though, I'd definitely take a look at an ORM (Propel, Doctrine, or something else entirely) and maybe read up on MySQL triggers.

Re: Mixing php and html

Posted: Thu Mar 22, 2012 8:01 am
by Pavilion
MySQL has no forms, as such. There is no front-end to speak of; you need to create one for your application. Based on what you just mentioned, though, I'd definitely take a look at an ORM (Propel, Doctrine, or something else entirely) and maybe read up on MySQL triggers.
Thanks Celauran. I did a quick search for ORM and found the Propel Site. I will take time to review it. I wish these open-source projects would provide links to sites built using their product though.

To be honest, right now my head is swimming learning the basics of php/html/css. So... I may hold off jumping into ORM until I've got the basics down, at this point I'm not sure I could handle another learning curve.

This flextime project is pretty simple, simple enough that it provides me the opportunity to learn something new and still build a quality application for my client. As time goes on, I'll want to create more complex projects though and then something like ORM will come in handy.

One other question. Is it possible to create an include file that does the following:
  1. Includes multiple MySQL queries and arrays
  2. defines variables for fields in the multiple arrays
  3. Then "include" this file with php files, so data can easily be called/accessed from any form or php code?
Pavilion

Re: Mixing php and html

Posted: Thu Mar 22, 2012 3:17 pm
by Pavilion
OK - I've been working with the login.php and I've a few questions:

You can find the whole of login.php here

What are these lines of code doing:

in the <html> block:

Code: Select all

<input type="hidden" name="formsubmitted" value="TRUE" />
in the php block:

Code: Select all

// Initialize a session:
if (isset($_POST['formsubmitted'])) {
session_start();
It appears that the <input> is defaulting to True and that default is being used to start a session. If this is the case, what is the need for a hidden default field? Why not just start the session?
____________________________________________

After CheckPassword() hashing there is this line:

Code: Select all

unset($hasher);
Again - is this a necessary line?
________________________________________

Lastly, after some discussion on $_SESSION I decided to try and create an array instead of assigning only UserTbl.user_id to $_SESSION

Code: Select all


$table_userid = $row['user_id']; // assign variable to user id for session variable.
$table_fname = $row['FName']; // assign variable to FName for session variable.
$table_lname = $row['LName']; // assign variable to LName for Session variable.

......... 

if ($check==1)
{			
$session_array = array(
$table_userid,
$table_fname,
$table_lname,
);
Now... what is the syntax for assigning this array to $_SESSION?

And ...

what is the syntax for calling up one element of the array from $_SESSION?

Thank you so much for your assistance:

Pavilion

Re: Mixing php and html

Posted: Thu Mar 22, 2012 3:29 pm
by Celauran
Pavilion wrote:What are these lines of code doing:

in the <html> block:

Code: Select all

<input type="hidden" name="formsubmitted" value="TRUE" />
in the php block:

Code: Select all

// Initialize a session:
if (isset($_POST['formsubmitted'])) {
session_start();
It appears that the <input> is defaulting to True and that default is being used to start a session. If this is the case, what is the need for a hidden default field? Why not just start the session?
There's no real need for that IMO. The isset bit is probably used to make sure the form has been submitted, but

Code: Select all

if (!empty($_POST))
works every bit as well without the need for the hidden field. I can't think of any advantages to starting the session only once the form has been submitted, though that doesn't mean there aren't any.
Pavilion wrote:After CheckPassword() hashing there is this line:

Code: Select all

unset($hasher);
Again - is this a necessary line?
Not really; the object will die with the page anyway.
Pavilion wrote:Lastly, after some discussion on $_SESSION I decided to try and create an array instead of assigning only UserTbl.user_id to $_SESSION

Code: Select all


$table_userid = $row['user_id']; // assign variable to user id for session variable.
$table_fname = $row['FName']; // assign variable to FName for session variable.
$table_lname = $row['LName']; // assign variable to LName for Session variable.

......... 

if ($check==1)
{			
$session_array = array(
$table_userid,
$table_fname,
$table_lname,
);
Now... what is the syntax for assigning this array to $_SESSION?

And ...

what is the syntax for calling up one element of the array from $_SESSION?
There's possibly some context missing from this snippet of code, but rather than assigning these values to an array and then assigning that array to a $_SESSION value, why not assign them directly?

Code: Select all

$_SESSION['user_id'] = $table_userid;
$_SESSION['fname'] = $table_fname;
etc...

Re: Mixing php and html

Posted: Thu Mar 22, 2012 3:42 pm
by Pavilion
Celauran wrote:There's possibly some context missing from this snippet of code, but rather than assigning these values to an array and then assigning that array to a $_SESSION value, why not assign them directly?

Code: Select all

$_SESSION['user_id'] = $table_userid;
$_SESSION['fname'] = $table_fname;
etc...
Firstly - thank you for clearing up the queries about unnecessary syntax. It is appreciated.

Secondly - your assistance with $_SESSION syntax is helpful as well. Am I correct in assuming that

Code: Select all

$_SESSION['fname'] = $table_fname;
is doing the following:
  • ['fname'] is the title/name of the $_SESSION variable?
  • "=$table_fname;" is being assigned to the variable?
At the end of the day $_SESSION is NOT READING 'fname' from the MySQL query?

I hope I'm reading this correctly.

Pavilion

Re: Mixing php and html

Posted: Thu Mar 22, 2012 3:56 pm
by Celauran
Pavilion wrote:Am I correct in assuming that

Code: Select all

$_SESSION['fname'] = $table_fname;
is doing the following:
  • ['fname'] is the title/name of the $_SESSION variable?
  • "=$table_fname;" is being assigned to the variable?
At the end of the day $_SESSION is NOT READING 'fname' from the MySQL query?

I hope I'm reading this correctly.
That's the gist of it, yes. Strictly speaking, fname is the array key and $table_fname is the value stored at that key.

Re: Mixing php and html

Posted: Thu Mar 22, 2012 4:01 pm
by Pavilion
Thank you Celauran :D

Re: Mixing php and html

Posted: Thu Mar 22, 2012 4:35 pm
by Pavilion
OK - now that login.php is formatted and the code is cleaned up, onto the next task.

After assigning $_SESSION variables the next line of code is as follows:

Code: Select all

header("Location: page.php"); // redirect user to new page.
Again ... going back to the example, I created page.php with the following (very basic) syntax:

Code: Select all

[syntax=php]<?php
ob_start();
session_start();
if(!isset($_SESSION['user_id'])){
header("Location: login.php");
}
 
?>
<html>
<div class="success">Welcome, <?php echo $_SESSION['fname'];?></div>
</html>
[/syntax]

This script will not allow a user on this page unless they are logged in.

So... now for my questions:

How can I do the following:
  • Not allow logged in users to access the register.php or the login.php? I tried reworking the above script, but realized afterwards that it's a bit circular to query for issest($_SESSION['user_id']) before $_SESSION['user_id'] is defined. At the end of the day, I had no luck in keeping logged in users off register.php and login.php.
  • How do I hide menu options on my menu bar when users are logged in (they don't need to see Register Here or Login. Following is the script for my menu.html.

Code: Select all

<style type="text/css">
	* {margin: 0; padding: 0;}
	#menu {width: 100%; height: 30px; border: 2px solid #754f31;}
	#menu ul {visibility: hidden; position: absolute; top: 100%; left: 0;}
	#menu li {list-style: none; z-index: 1;}
	#menu li {float: left; padding-right: 3px; position: relative;}
	#menu li li a {width: 110%;}
	#menu li li {float: none; padding-top: 1px; width: 110%;}
	#menu li:hover ul {visibility: visible; z-index: 1;}
	#menu a, #menu li:hover li a, #menu li span {display: block; font: bold 12px/30px Arial, sans-serif; text-decoration: none; padding: 0 13px; color: #363426;}
	#menu, #menu li li, #menu a, #menu li:hover li:hover a {background-color: #c2bdb0;}
	#menu li span {cursor: default;}
	#menu li a.first, #menu li a.first:hover, #menu li:hover li a, #menu li:hover a, #menu li:hover span {border-bottom: 2px solid #754f31; border-right: 2px solid #754f31; background-color: #f7f5e4;}
</style>

	<ul id="menu">
        <li><a class="first" href="http://####/schedule/register.php" title="home">Register Here</a></li>
        <li><a class="first" href="http://####/schedule/login.php" title="home">Login</a></li>
		<li><span>My Stuff</span>
			<ul>
			<li><a href="http://####/schedule/blocktime.php">Block Time</a></li>
			<li><a href="http://####/schedule/requesttime.php">Request Time</a></li>
			<li><a href="http://####/schedule/profile.php">Profile</a></li>
			<li><a href="http://####/schedule/addressbk.php">Address Book</a></li>
			</ul>
		</li>
		<li><span>Schedule</span>
			<ul>
			<li><a href="http://####">About</a></li>
			<li><a href="http://####">Help</a></li>
			</ul>
		</li>
	</ul>
Thank you in advance:

Pavilion

Re: Mixing php and html

Posted: Thu Mar 22, 2012 5:41 pm
by Pavilion
I figured out how to hide menu items when I user is logged in (or out) and how to keep users off the register.php and login.php. :D

Mostly I just used a combination of a concept Celauran introduced me to in register.php

Code: Select all

<?php if (isset($errors['fname'])): ?>
<li><?php echo $errors['fname']; ?></li>
<?php endif; ?>
And checking to see if $_SESSION was set

Code: Select all

session_start();
if(isset($_SESSION['user_id'])){
header("Location: page.php");
It feels so good... as the little children say... "I did it all by my big boy/girl self".

Re: Mixing php and html

Posted: Thu Mar 22, 2012 7:19 pm
by Celauran
Only just got the chance to look at this. Glad you managed to get it resolved.

Re: Mixing php and html

Posted: Thu Mar 22, 2012 8:41 pm
by Pavilion
Celauran wrote:Only just got the chance to look at this. Glad you managed to get it resolved.
Yes - it felt good to figure something out on my own. Not only that, I've started constructing a profile page. I've successfully captured $_SESSION variables and used them as defaults for input controls. Following is just a quick sample of the script:

Code: Select all

<?php
ob_start();
session_start();
if(!isset($_SESSION['user_id'])){
header("Location: login.php");
}
// include database connection file, if connection doesn't work the include file will throw an error message
include '../schedule/include/db_connect.php';
?>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8" />
        <title>Contact Form</title>
        <link rel="stylesheet" type="text/css" href="../schedule/include/formats.css"/>
    </head>
    <body>
	<div class="shadow"><div class="header"></div></div>
        <div class="shadow">
        <?php
        include '../schedule/include/menu.php';
        ?>
        </div>
	<h1>You're in .... <?php echo $_SESSION['fname'];?>, This is your profile information:</h1><br />
	<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
		<fieldset id="standardForm">
			<div id="standFormLeft">               
				<label>First Name</label>
				<input tabindex="1" type="text" name="fname" <?php if (isset($_SESSION['fname'])){?> value= <?php echo $_SESSION['fname'];}?> /><br />
				<label>Last Name</label>
				<input tabindex="2" type="text" name="lname" <?php if (isset($_SESSION['lname'])){?>  value= <?php echo $_SESSION['lname'];}?> /><br />
				<label>Email Address</label>
				<input tabindex="3" type="email" name="email" <?php if (isset($_SESSION['email'])){?>  value= <?php echo $_SESSION['email'];}?> /><br />
			</div>
			<div id="standFormRight">               
				<label>Desk Phone</label>
				<input tabindex="4" type="tel" name="dphone" <?php if (isset($_SESSION['deskphone'])){?> value= <?php echo $_SESSION['deskphone'];}?> /><br />
				<label>Ext</label>
				<input tabindex="5" type="text" name="ext" <?php if (isset($_SESSION['ext'])){?> value= <?php echo $_SESSION['ext'];}?> /><br />
				<label>Cell Phone</label>
				<input tabindex="6" type="tel" name="cell" <?php if (isset($_SESSION['cell'])){?> value= <?php echo $_SESSION['cell'];}?> /><br />
			</div>
		</fieldset>
	</form>
	</body>
</html>
I've not yet started to construct the submit actions in php. But... I figure it won't be too far off what is happening in register.php. Except for using an INSERT query, I'll be using an update query.

I do have one question though. It is necessary to validate fields in registration. Fields need to be required and validated for type (email).

But in a profile page it's a bit different. I am assuming the following in the way of validation:
  1. Email field has to be required and verified for email type
  2. I've found <input type="tel">, but don't see that this really does anything during data edit. What are you're thoughts about this input type? I'm used to something called "input masks" in classical databases. I can actually construct them and force data to be entered in a specific way. This is really handy for things like phone numbers, dates, etc.. But this <input type="tel"> doesn't force a standardized phone number.
  3. Other than my email field, I see no reason to require other fields. I may require FName and LName simply for communication sake.
One other question about using update queries. Is there anyway to block an input control from editing until a user checks a box (or something akin to that)? The way things stand now, 6 different fields will be updated in one query. I don't want to leave things too "open" for the user to unintentionally overwrite a field value. For instance, a user can unintentionally delete a non-required field (like phone number) and then when the update query runs, the null value will replace what is stored in the table.

Just mussing through things before writing script. Your thoughts are welcome.

Pavilion

Re: Mixing php and html

Posted: Thu Mar 22, 2012 8:54 pm
by Celauran
The trouble lies in differentiating between a mistakenly cleared field and an intentionally cleared one. You could add some sort of checkbox system; either uncheck to make the field editable or check to denote "update this field", but both hinder user experience IMO.

Validating phone numbers can be tricky depending on the scope of your audience. If you know you will only be dealing with North American numbers, then it's considerably simpler. Strip anything non-numeric (at least for validation, you can keep the formatting if you choose) then check that string length is either 7, 10, or 11. You can add additional rules to make this more robust (ie. if strlen is 11, first digit must be 1) as desired. Here's an example of phone number validation that I use regularly.