Solved

php/OCI signon credentials

Posted on 2011-09-09
8
639 Views
Last Modified: 2012-06-21
PHP5/OCI8 newbie here.  I am looking for suggestions on best practices on how to store username/password/database information from a signon form.  I have a simple web site with a main navigation page, a logon page, and some database update pages.  All of these pages have the proper OCI connection string but I am not sure how to retain the logon information to use on each individual pages.  Currently all of my pages can connect to the Oracle database but the connections strings are hardcoded.  Does anyone have examples?
0
Comment
Question by:tnowacoski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 7

Expert Comment

by:boon86
ID: 36512844
<?php

// Connects to the XE service (i.e. database) on the "localhost" machine
$conn = oci_connect('hr', 'welcome', 'localhost/XE');
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}

$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
    echo "<tr>\n";
    foreach ($row as $item) {
        echo "    <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : "&nbsp;") . "</td>\n";
    }
    echo "</tr>\n";
}
echo "</table>\n";

?>

Open in new window


<?php

$conn = oci_connect('hr', 'welcome', 'localhost/XE', 'AL32UTF8');
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}

$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
    echo "<tr>\n";
    foreach ($row as $item) {
        echo "    <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : "&nbsp;") . "</td>\n";
    }
    echo "</tr>\n";
}
echo "</table>\n";

?>

Open in new window


read more at:
http://www.php.net/manual/en/function.oci-connect.php
http://www.oracle-base.com/articles/misc/WebScriptingForOracle.php
0
 

Author Comment

by:tnowacoski
ID: 36512939
I have a handle on the OCI8 connection logic.

$conn = oci_connect('hr', 'welcome', 'localhost/XE');

Open in new window


How do I get the Username, Password, Database information from a Logon form to the connection logic on another page?  Session Storage Variables?  None of the examples that I can find are dynamic.  They all have a static connection string like the examples above.
0
 
LVL 7

Expert Comment

by:boon86
ID: 36513055
you could use post from your form and store the logon detail to session

<?php
session_start();
session_register("user");
session_register("pass");
session_register("host");


if(isset($_POST['save']))
{

$user = $_POST['user'];
$pass = $_POST['pass'];
$host = $_POST['host'];

$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
$_SESSION['host'] = $host;

}

?>

and use them later by:
<?php
session_start();
echo $_SESSION['user'];
echo $_SESSION['pass'];
echo $_SESSION['host'];

//or assign it to variable:

$user =  $_SESSION['user'];
?>

you can use session on unlimted page as long as your browser is opened after posted form
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 110

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 36516171
Please do not use session_register().  Please see the large red warning label here:
http://us3.php.net/manual/en/function.session-register.php

A good practice when dealing with external variables is to know the key names you expect in the POST array and filter the input variables.  However in this case, the ultimate filter will be the connection attempt, so you can just copy the contents of the POST into the session with something like this.
http://www.laprbass.com/RAY_temp_tnowacoski.php

Then in your scripts you can refer to the $_SESSION values for the OCI signon credentials.

Best regards, ~Ray
<?php // RAY_temp_tnowacoski.php
error_reporting(E_ALL);


// ALWAYS START THE SESSION AT THE TOP OF EVERY SCRIPT
session_start();


// THE VARIABLES WE EXPECT
$vars = array
( 'name'
, 'pass'
, 'host'
)
;


// IF THE DATA HAS BEEN POSTED
if (!empty($_POST))
{
    // COPY THE THINGS WE WANT INTO THE SESSION ARRAY
    foreach ($vars as $key)
    {
        $_SESSION[$key] = $_POST[$key];
    }
} 
// AT THIS POINT THE SESSION ARRAY HAS THE CREDENTIALS THAT WERE SUBMITTED BY THE CLIENT
// SO THE LOGON AND VALIDATION TAKES PLACE USING THE VALUES IN $_SESSION
// THE SESSION WILL PERSIST ACROSS REQUESTS, SO NEW PAGE LOADS CAN CONTINUE TO USE $_SESSION



// SHOW THE POST AND SESSION ARRAYS
echo "<pre>";
echo "SESSION: ";
var_dump($_SESSION);
echo PHP_EOL;
echo "POST: ";
var_dump($_POST);
echo PHP_EOL;



// CREATE THE FORM FOR THE CLIENT INPUT
$form = '<form method="post">';
foreach ($vars as $key)
{
    $form .= PHP_EOL . $key . '<input name="' . $key . '" />';
}
$form .= PHP_EOL . '<input type="submit" />';
$form .= PHP_EOL . '</form>';

// WRITE THE FORM TO THE BROWSER STREAM
echo $form;

Open in new window

0
 

Author Comment

by:tnowacoski
ID: 36522380
Ray: I am following what you are saying, can you look to see what is wrong with this code based on your recommendations?
I am getting an internal server error.

<?php 

// Start session
session_start();

// Fill Session Variables
// THE VARIABLES WE EXPECT
$vars = array( 'username', 'password', 'database');

if ($_POST['database'] == 'IFSTEST' )
  $database='172.22.9.246/IFSTEST';
else
  $database='172.22.9.111/IFS75';
  
// Try connecting to the database 
echo '<b>Trying to Connect to Oracle</b> with:<br>';

echo "$_POST['username'] @ $database <br>";
$conn = oci_connect($_POST['username'], $_POST['password'], $database);

if (!$conn)
{ 
      $e = oci_error();   // For oci_connect errors pass no handle 
      echo '<b><font color="red">FAILED</font></b> : ' . htmlentities($e['message']); 
}
else
{ 
	$_SESSION['username'] = $_POST['username'];
	$_SESSION['password'] = $_POST['password'];
	$_SESSION['database'] = $database;
	
	/*
    foreach ($vars as $key)
    {
        $_SESSION[$key] = $_POST[$key];
    }
	*/
}
    oci_close($conn); 
    echo 'Oracle connection closed<br>';
?> 

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 36523561
That looks right to me.
0
 

Author Comment

by:tnowacoski
ID: 36523651
yah, had a syntax error but that is fixed and working now!  Thanks
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 36523705
Great!  Thanks for the points, ~Ray
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question