Solved

php/OCI signon credentials

Posted on 2011-09-09
8
642 Views
Last Modified: 2012-06-21
PHP5/OCI8 newbie here.  I am looking for suggestions on best practices on how to store username/password/database information from a signon form.  I have a simple web site with a main navigation page, a logon page, and some database update pages.  All of these pages have the proper OCI connection string but I am not sure how to retain the logon information to use on each individual pages.  Currently all of my pages can connect to the Oracle database but the connections strings are hardcoded.  Does anyone have examples?
0
Comment
Question by:tnowacoski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 7

Expert Comment

by:boon86
ID: 36512844
<?php

// Connects to the XE service (i.e. database) on the "localhost" machine
$conn = oci_connect('hr', 'welcome', 'localhost/XE');
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}

$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
    echo "<tr>\n";
    foreach ($row as $item) {
        echo "    <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : "&nbsp;") . "</td>\n";
    }
    echo "</tr>\n";
}
echo "</table>\n";

?>

Open in new window


<?php

$conn = oci_connect('hr', 'welcome', 'localhost/XE', 'AL32UTF8');
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}

$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
    echo "<tr>\n";
    foreach ($row as $item) {
        echo "    <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : "&nbsp;") . "</td>\n";
    }
    echo "</tr>\n";
}
echo "</table>\n";

?>

Open in new window


read more at:
http://www.php.net/manual/en/function.oci-connect.php
http://www.oracle-base.com/articles/misc/WebScriptingForOracle.php
0
 

Author Comment

by:tnowacoski
ID: 36512939
I have a handle on the OCI8 connection logic.

$conn = oci_connect('hr', 'welcome', 'localhost/XE');

Open in new window


How do I get the Username, Password, Database information from a Logon form to the connection logic on another page?  Session Storage Variables?  None of the examples that I can find are dynamic.  They all have a static connection string like the examples above.
0
 
LVL 7

Expert Comment

by:boon86
ID: 36513055
you could use post from your form and store the logon detail to session

<?php
session_start();
session_register("user");
session_register("pass");
session_register("host");


if(isset($_POST['save']))
{

$user = $_POST['user'];
$pass = $_POST['pass'];
$host = $_POST['host'];

$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
$_SESSION['host'] = $host;

}

?>

and use them later by:
<?php
session_start();
echo $_SESSION['user'];
echo $_SESSION['pass'];
echo $_SESSION['host'];

//or assign it to variable:

$user =  $_SESSION['user'];
?>

you can use session on unlimted page as long as your browser is opened after posted form
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 110

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 36516171
Please do not use session_register().  Please see the large red warning label here:
http://us3.php.net/manual/en/function.session-register.php

A good practice when dealing with external variables is to know the key names you expect in the POST array and filter the input variables.  However in this case, the ultimate filter will be the connection attempt, so you can just copy the contents of the POST into the session with something like this.
http://www.laprbass.com/RAY_temp_tnowacoski.php

Then in your scripts you can refer to the $_SESSION values for the OCI signon credentials.

Best regards, ~Ray
<?php // RAY_temp_tnowacoski.php
error_reporting(E_ALL);


// ALWAYS START THE SESSION AT THE TOP OF EVERY SCRIPT
session_start();


// THE VARIABLES WE EXPECT
$vars = array
( 'name'
, 'pass'
, 'host'
)
;


// IF THE DATA HAS BEEN POSTED
if (!empty($_POST))
{
    // COPY THE THINGS WE WANT INTO THE SESSION ARRAY
    foreach ($vars as $key)
    {
        $_SESSION[$key] = $_POST[$key];
    }
} 
// AT THIS POINT THE SESSION ARRAY HAS THE CREDENTIALS THAT WERE SUBMITTED BY THE CLIENT
// SO THE LOGON AND VALIDATION TAKES PLACE USING THE VALUES IN $_SESSION
// THE SESSION WILL PERSIST ACROSS REQUESTS, SO NEW PAGE LOADS CAN CONTINUE TO USE $_SESSION



// SHOW THE POST AND SESSION ARRAYS
echo "<pre>";
echo "SESSION: ";
var_dump($_SESSION);
echo PHP_EOL;
echo "POST: ";
var_dump($_POST);
echo PHP_EOL;



// CREATE THE FORM FOR THE CLIENT INPUT
$form = '<form method="post">';
foreach ($vars as $key)
{
    $form .= PHP_EOL . $key . '<input name="' . $key . '" />';
}
$form .= PHP_EOL . '<input type="submit" />';
$form .= PHP_EOL . '</form>';

// WRITE THE FORM TO THE BROWSER STREAM
echo $form;

Open in new window

0
 

Author Comment

by:tnowacoski
ID: 36522380
Ray: I am following what you are saying, can you look to see what is wrong with this code based on your recommendations?
I am getting an internal server error.

<?php 

// Start session
session_start();

// Fill Session Variables
// THE VARIABLES WE EXPECT
$vars = array( 'username', 'password', 'database');

if ($_POST['database'] == 'IFSTEST' )
  $database='172.22.9.246/IFSTEST';
else
  $database='172.22.9.111/IFS75';
  
// Try connecting to the database 
echo '<b>Trying to Connect to Oracle</b> with:<br>';

echo "$_POST['username'] @ $database <br>";
$conn = oci_connect($_POST['username'], $_POST['password'], $database);

if (!$conn)
{ 
      $e = oci_error();   // For oci_connect errors pass no handle 
      echo '<b><font color="red">FAILED</font></b> : ' . htmlentities($e['message']); 
}
else
{ 
	$_SESSION['username'] = $_POST['username'];
	$_SESSION['password'] = $_POST['password'];
	$_SESSION['database'] = $database;
	
	/*
    foreach ($vars as $key)
    {
        $_SESSION[$key] = $_POST[$key];
    }
	*/
}
    oci_close($conn); 
    echo 'Oracle connection closed<br>';
?> 

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 36523561
That looks right to me.
0
 

Author Comment

by:tnowacoski
ID: 36523651
yah, had a syntax error but that is fixed and working now!  Thanks
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 36523705
Great!  Thanks for the points, ~Ray
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question