CS 330 Class 13

1
CS 330 Class 13

• PHP and Databases
• Review of the possibilities
• Mail
• Cookies

2
Flat Files versus Databases

• Advantages of flat files
• free
• ASCII format
• Limitations of flat files
• data is stored in contorted forms
  (cheesemushroom ...)
• complex programming
• no relational capability
• Databases
• require database software and expertise
• support relational queries, usually in SQL

3
Databases and PHP

• MySQL
• freeware
• supported on UNIX and Windows
• stable but evolving
• Example Wells premed
• Students enter and maintain their data (password
  protected)
• Advisors view student data and add comments
  (password protected)
• Example DRC program management
• Users identified by name, password, role. Actions
  restricted by role
• Other tables to maintain project data

4
Wells Premed Site

• Student options
• register
• update registration
• Database tables
• tblstudent student registration data and
  password
• tbladvisor advisor name and password for
  login
• tblcomments by an advisor wrt a student

• Advisor options
• view student data by individual, state, year...
• add comments

5
Wells Premed Site
6
Student Data
Entered and maintained by the student Viewed by
advisors
7
Advisor login
Validated against advisor table
8
Comments Table
Advisor options
9
Student table
Comments table
When an advisor retrieves a record, corresponding
comments are also retrieved
10
Digicomp Program Management

• Needed
• program documentation visibility
• reviews and audits tracked and documented
• Approach
• web frontend for viewing and updating
• users with different levels of access

11

• login.php
• The form posts results posted to login.php.
• How?!
• Code is executed in order
• if post variable 'name' is set
• if the user table (tbluser) contains the
  user/password pair
• redirect to main.php
• else
• redirect to login.php
• else
• fall through to the HTML form

12

• users.php (maintain the list of authorized
  users)
• Another approach pages are called with get
  variables.
• E.g. hyperlink for edit
• lta href"edituser.php?namelt?php echo
  row_rsusers'name' gt"gteditlt/agt
• calls edituser.php edituser.php?name"carol"
• Other features
• Access restricted to users with admin
  priviledges
• if (_SESSION'MM_UserAuthorization''adm
  in')
• using a session variable that is set when the
  user logs in
• The entire usertable is retrieved and displayed
• lt?php do ?gt
• ....
• lt?php while (row_rsUsers
  mysql_fetch_assoc(rsUsers)) ?gt

13
Unix Mail

• Unix mail generated by sendmail program in
  /usr/sbin/sendmail
• Perl can run this program
• !/usr/bin/perl
• Sending mail from perl. Note the fields could
  come from a form
• to "cshilepsky\_at_wells\.edu"
• from "cs330"
• subject "Hello"
• contents "Have a nice day."
• open MAIL, " /usr/sbin/sendmail" die "Could
  not open sendmail\n"
• print MAIL "To to\n"
• print MAIL "From from\n"
• print MAIL "Subject subject\n"
• print MAIL "Contents contents\n"
• close MAIL

14
PHP Version

• Uses a PHP function mail()
• lt?php
• to "cshilepsky_at_wells.edu"
• subject "Hi!"
• contents "Hi,\n\nHow are you?"
• headers "From cs330"
• if (mail(to, subject, contents))
• echo("ltpgtMessage sent!lt/pgt")
• else
• echo("ltpgtMessage delivery failed...lt/pgt")
• ?gt

15
Cookies

• Persistent state client-side cookies allow a
  server to store client-specific information on
  the client machine.
• Mechanism
• Each client maintains a list of cookies
• A CGI program can add a Set-Cookie line to the
  returned header
• The client stores the cookie and returns it in
  HTTP_COOKIE on subsequent visits to the URL
• Typical cookies items requested/ordered, dates
  of access, survey information

16
Setting a Cookie--scripts/setcook.cgi

• Call it via scripts/setcook.cgi?namevalue
• Separate cookie name and value
• Return cookie via Set-Cookie header
• setcook.cgi
• _at_pairs split (//,ENV'QUERY_STRING')
• foreach pair (_at_pairs)
• (field_name, field_value) split(//,pair)
• formfield_namefield_value
• add the cookie
• print "Set-Cookieform'name'form'value'\n"

17
Retrieving Cookies

• All cookies for that path are returned in
  environment variable HTTP_COOKIE
• The namevalue pairs are separated by and must
  be split to retrieve them
• See scripts/cookie.cgi

18

• scripts/cookie.cgi
• !/usr/bin/perl
• print "Content-type text/html\n\n"
• print "lthtmlgt\nltheadgtlttitlegtCookieslt/titlegtlt/headgt
  \n"
• print "ltbodygt\n"
• print "HTTP_COOKIE ", ENV'HTTP_COOKIE',"ltbrgtltb
  rgt\n"
• parse HTTP_COOKIE
• _at_pairs split (//,ENV'HTTP_COOKIE')
• foreach pair (_at_pairs)
• (key, value) split(//,pair)
• cookiekeyvalue
• return to the client
• print "You have the following cookies ",
  "ltbrgt\n"
• foreach key (keys(cookie))
• print key, " ", cookiekey,"ltbrgt\n"
• print "lt/bodygtlt/htmlgt\n"

19
Encryption

• Encryption applies a math function to the
  digitized message.
• e.g (msg)1 mod 2 (1 and 2 often
  prime factors of a lg number)
• Single Key
• The same key is used to encrypt and decrypt
• Both ends of a link have a copy
• Problems
• difficulty of key distribution
• ease of cryptanalysis
• Public Key
• Each user has
• A secret key (SK) known only to her
• A public key (PK) known to everyone
• SK cannot be derived from PK

20
Public Key Encryption cont.

• SK and PK are cryptographic inverses of each
  other
• PK(SK(msg)) SK(PK(msg)) msg
• To send a secret message, sender encrypts with
  recipients PK
• PKrecipient(msg)
• (only the recipient can decrypt it)
• To authenticate who sent the message, sender
  encrypts her SK
• SKsender(msg)
• (everyone can decrypt it, but only one person
  could have sent it)
• For both secrecy and authenticity encrypt with
  senders SK and recipients PK
• SKsender(PKrecipient(msg))