Sessions/Login Class Notes: 5-23-11

Cookies know the exact path; on the machine, there’s a place where they are stored
            they store the string that looks like the server address

   NOTE: multiple browsers have their own mechanism for their cookies

• cookies are associated to the browser, (if you shut the window down, it doesn’t change what’s going on in the server…. When you hit a button on the site, it then connects to the server and then logs a user off)

Sessions requires:

1)     Cookie matching data on the server (if the cookie stays on the machine

2)     Log on status (log in/out)

Sessions are stored file-based, stored outside of the web root (safest place it could be)

·        you don’t want hackers to see sessions information, don’t want that accessible to anyone else

What can be hacked:

-         Number that is part of the session (unique self-incremented by server)

-         Time: uniqueness of the session 

Concept of “back ups”:

School makes these “tapes”: daily backed up, in case there are old worms (buried deep from back when)

Encrypting the password:

– passes the data onto the sessions page

session_start( ): high annoyance, every one of them may or may not need this
  gets a nasty error msg (to tell you that you’re already started)
  some use @ in front of session_start( )

if(!isset($_SESSION)){session_start();}  // superglobal here, if session hasn't start, start here

$sCustomerID = trim($row['CustomerID']); //Grab the Customer's unique ID, from a database
$_SESSION["sCustomerID"] = $sCustomerID; //Enter variable into session variable
$_SESSION["FirstName"] = $FirstName;
$_SESSION["Email"] = $Email;

echo $_SESSION["Email"]; // to see what comes in

session_data: when you store it here, it is accessible

cookie_data: 

config file: loads the constants (gets called every time and cannot be changed)
 everything that the pages use are now totally wiped cleaned

Application level:

To banish/lock someone from a web page: (NOTE: this goes in the private page, not in public)

if(!isset($_SESSION)){session_start();}
if(!isset($_SESSION['sCustomerID'])) // do they have a customerID, do they exist?
{ //no session var
    myRedirect("login.php?msg=5"); //send user back to login page, as session has timed out
}     // puts a msg back to the log in page, gotta be a “doorstep”

session would have a time-out, so that it rules out hackers… makes it private

 

NOTE: rounded ones are NOT pages (they are doorstep “process” prompts)

All orange (are protected, yellow is log-in protected)

  HOW to LOG IN:

1)     Username: usually an email (guaranteed uniqueness, domain, contactable to send msg test)
                     developer@example.com

2)     password: asdfasdf

Folder for application:

One table & one folder: easy to get rid/move or install somewhere else
root should be reserved to client’s actual pages

Prefix “admin” indictor for which files can make it locked out (with the “if” statement)
 

One-way encryption: put data in, no one can get it back (password “SHA” will jumble it up)

            Password gets asked, then compared with mangled version to allow access

 

admin_login:

Application root:

NOTES:
ENUM - Privilege ENUM('admin','superadmin','developer') DEFAULT 'admin',

Note: superadmin: client

            admin: you the developer

           

In-class DIRECTIONS:

·        Drag admin folder into the application folder

·        Copy admin_only_inc.php into “inc_700” folder

·        Look at nmAdmin.sql > 

·        inc_700 implies that there is ONLY 1 folder that contains these sets of info
line 41 in config_inc is commented out since we don’t want to keep it permanently

Assignments 4-6

Currently my Construction page should have Assignment 1-3 up to date. Assignment 4 is currently being re-demolished to match my theme.

----------------------------------------

RECAPTCHA for A4 currently takes the theme used for A2.  I tweaked with the stylesheet so that it would fit like how it should. Recaptcha site

TROUBLES with A4:
The only problems that I run into is setting the position to "fixed" and not being able to access the links on my sidebar menu. When I don't set the position to be fixed, pieces of the table align too far to the left and covers the side bar. File Description here.

A6:
I have db_test but not sure how to create the database in mySQL very well. Seeking tutor ATM

RECENT UPDATES:
Just recently got my username and password set up with dreamhost. To make my life a little easier, my log in information should match whatever horsey01 I am using for my email. Cyberduck finally took my password after several frustrating attempts.

------------------------------------------------------ HW Construction page
Link to Assignment 6 is here!
There was some confusion with the database that showed up. Only the first name of the database showed up. I need to relook at the the database contents.

ITC 280 Classes/ Paging Class Notes 5-18-11

Review: assignment folders end on A7, everything is in your application folder (funky_fresh_test)

List/View: A8 is done indicator (link to your developing         Noun_List.php (plural)/noun_view.php (singular)
  Ex: Records_List.php

Demo folder – is the demolished version of the file (DO NOT put all your files in this folder)

Roots: Lowest Level of (horsey01, is the physical root server root)

public_html: web root on zephyr

Application root: web root (so index.php)

Class is a “blue print of an object”, represent an entire new world of how to program
            powerful applications use this, out of flow

(“property” is like a quality) – must caps the first letter of the class
  ex:
    class Car
{
  public $color; //the color of the car
  public $mph; //the maximum speed (integer)
  public $price; //the price of the car, in dollars (float)
  public $model; //the model of the car

  function go($hours) (METHODS)
  {
    return ($this->mph * $hours); //returns miles traveled given time
  }
}

    Functions & Classes: both out of flow of the code
   Constructor Function: constructor allows us to set the ground rules for the creation of an object
     requires __ (two underscores)
      EX: function __construct($model,$color,$price,$mph) //constructor function, w/o $ sign, it thinks it is a constant

   {

      $this->model = $model; //assigning data to properties via the constructor
      $this->color = $color;
      $this->price= $price;
      $this->mph= $mph;

   }

}
constructor is the parentheses of the class (how the stuff gets put into the class)
  in other classes (in C#, class name is class, can have only 1 constructor per class)

Object is an example of a class [in action”], but sometimes a class can be used separately from an object.
NOTE: name of the object needs to be generic, nothing specific
  $myCar = new Car();
  $myCar->color = "red";  In every other language, there is a period here (“My car ‘dot’ color”), period is concatenation
  $myCar->price = 60000;
  $myCar->model = "Ferrari";
  $myCar->mph = 140;

  echo "My " . $myCar->model . " can go " . $myCar->go(.5) . " in half an hour!";

  NOTE: in objects (assigning it to the property), use “->”
                 in class (declaring properties), use “$”

Paging: trick at the bottom of the page, to be able to go through multiple records
    Pager: # icon at the bottom the list page, that lets users navigate between the list pages
            designed for the “list” page, not the “view” page
         ex: $myPager = new Pager(10);  --- how many number of records on a page
 $myPager = new Pager(20,'','<img src="images/arrow_prev.gif" border="0" />','<img src="images/arrow_next.gif" border="0" />','');
 ORDER: 1^st, previous, next, last

Methods: Function within a class, used to manipulate the class properties and produce results, things that manipulate data… ( a term called, not a term used in the actual programming php language)

Properties: things that store pieces of data

Instantiation: is “creation”

Child Classes: born from the original, creating something sort of new but incorporates some of previous class

Encapsulation: “hiding” complex code in the class

autoload: will look for any number of pages for a particular name of a file

Trouble with Assignment 5

Working on the phpMinAdmin but was not able to log on.... I apparently do not have sufficient credentials?

I'm not sure if it's because I need to have phpMinAdmin.php to be above a folder (in where the public_html)...


**********
I realize that the the host: "localhost", user & password is what i would use with MySQL