|
|
An empty auth_users table does you no good. In this section, you create a simple record addition form and script, similar to those you created in Chapter 13, "Inserting Data into the Table."
The HTML form will contain an input field for each column in the auth_users table.
Open a new file in your text editor and type the following HTML:
<HTML> <HEAD> <TITLE>Add a User</TITLE> </HEAD> <BODY> <H1>Adding a Record to auth_users</H1>
Begin your form. Assume that the method is POST and the action is a script called do_adduser.php:
<FORM METHOD="POST" ACTION="do_adduser.php">
Create an input field for the user's first name with a text label:
<P><STRONG>First Name:</STRONG><BR> <INPUT TYPE="text" NAME="f_name" SIZE=25 MAXLENGTH=50></p>
Create an input field for the user's last name with a text label:
<P><STRONG>Last Name:</STRONG><BR> <INPUT TYPE="text" NAME="l_name" SIZE=25 MAXLENGTH=50></p>
Create an input field for the username with a text label:
<P><STRONG>Username:</STRONG><BR> <INPUT TYPE="text" NAME="username" SIZE=25 MAXLENGTH=25></p>
Create an input field for the password with a text label:
| Note |
The MAXLENGTH of the password form field is 25, whereas the database field maximum length is 100. This discrepancy in length takes into consideration the encryption that will occur. A 25-character plain-text password, such as that entered in this form field, will be probably be longer than 25 characters when encrypted. Because only the encrypted password is stored in the database, the greater maximum length will handle the extra data. |
Add a submit button, and then close your form and add some more HTML so that the document is valid:
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Add User"></P> </FORM> </BODY> </HTML>
Save the file with the name show_adduser.html, and place this file in the document root of your web server.
Open your web browser and type http://127.0.0.1/show_adduser.html.
You will see a form for adding a user, with four fields for name and password information, as well as a submit button. Next, you will create the back-end script for the record-addition form.
Open a new file in your text editor and start a PHP block:
Check that values were actually entered for all four fields. If they weren't, direct the user back to the form and exit the script:
if ((!$_POST[f_name]) || (!$_POST[l_name]) ||
(!$_POST[username]) || (!$_POST[password])) {
header("Location: show_adduser.html");
exit;
}
Create a variable to hold the name of the database on which the table resides:
$db_name = "testDB";
Create a variable to hold the name of the table you're populating with this script:
$table_name = "auth_users";
Add the connection information as you have been:
$connection = @mysql_connect("localhost", "spike", "9sj7En4")
or die(mysql_error());
Select the database as you have learned:
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
Create the SQL statement. The first parenthetical statement gives the names of the fields to populate (in order), and the second parenthetical statement sends the actual strings:
$sql = "INSERT INTO $table_name (f_name, l_name, username, password)
VALUES ('$_POST[f_name]', '$_POST[l_name]', '$_POST[username]',
password('$_POST[password]'))";
| Note |
The PASSWORD() function inserts a hash of the password, not the password itself. This alleviates the security risk of having plain-text passwords sitting in your database, because all the script needs to do is match the two hashes. |
Create a variable to hold the result of the mysql_query() function, as you have learned:
$result = @mysql_query($sql,$connection) or die(mysql_error());
Close your PHP block, and then add HTML:
?> <HTML> <HEAD> <TITLE>Add a User</TITLE> </HEAD> <BODY> <H1>Added to auth_users:</H1>
Mingle HTML and PHP to show the values entered for each field, starting with the first-name field:
<P><STRONG>First Name:</STRONG><BR> <? echo "$_POST[f_name]"; ?></p> <P><STRONG>Last Name:</STRONG><BR> <? echo "$_POST[l_name]"; ?></p> <P><STRONG>Username:</STRONG><BR> <? echo "$_POST[username]"; ?></p> <P><STRONG>Password:</STRONG><BR> <? echo "$_POST[password]"; ?></p>
Add a link back to the original form:
<P><a href="show_adduser.html">Add Another</a></p>
Add some more HTML so that the document is valid:
</BODY> </HTML>
Save the file with the name do_adduser.php, and place this file in the document root of your web server.
Your code should look like this:
<? //check for required fields if ((!$_POST[f_name]) || (!$_POST[l_name]) || (!$_POST[username]) || (!$_POST[password])) { header("Location: show_adduser.html"); exit; } //set up the names of the database and table $db_name = "testDB"; $table_name = "auth_users"; //connect to the server and select the database $connection = @mysql_connect("localhost", "spike", "9sj7En4") or die(mysql_error()); $db = @mysql_select_db($db_name, $connection) or die(mysql_error()); //create and issue query $sql = "INSERT INTO $table_name (f_name, l_name, username, password) VALUES ('$_POST[f_name]', '$_POST[l_name]', '$_POST[username]', password('$_POST[password]'))"; $result = @mysql_query($sql,$connection) or die(mysql_error()); ?> <HTML> <HEAD> <TITLE>Add a User</TITLE> </HEAD> <BODY> <H1>Added to auth_users:</H1> <P><STRONG>First Name:</STRONG><BR> <? echo "$_POST[f_name]"; ?></p> <P><STRONG>Last Name:</STRONG><BR> <? echo "$_POST[l_name]"; ?></p> <P><STRONG>Username:</STRONG><BR> <? echo "$_POST[username]"; ?></p> <P><STRONG>Password:</STRONG><BR> <? echo "$_POST[password]"; ?></p> <P><a href="show_adduser.html">Add Another</a></p> </BODY> </HTML>
Next you test this code by adding some sample users to your table.
The next examples are based on fake users on my server. Your results will vary, depending on what you enter in your table. To get to the user addition form, open your web browser and type http://127.0.0.1/show_adduser.html.
In my user addition form, I typed information for a user named Joe Webby, with a username of joe and a password of ilikecheese. The completed form looks like the following figure.
After I clicked on the Add User button, the confirmation screen was displayed, as shown in the following figure.
To see an example of how the password hash is stored, use the command-line interface to the MySQL Monitor to view your record. You would see that the password entry says 127493710101bb5a, not ilikecheese.
Continue adding some users on your own, until you have a nice family of users.
|
|