• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 678
  • Last Modified:

php/OCI signon credentials

PHP5/OCI8 newbie here.  I am looking for suggestions on best practices on how to store username/password/database information from a signon form.  I have a simple web site with a main navigation page, a logon page, and some database update pages.  All of these pages have the proper OCI connection string but I am not sure how to retain the logon information to use on each individual pages.  Currently all of my pages can connect to the Oracle database but the connections strings are hardcoded.  Does anyone have examples?
0
tnowacoski
Asked:
tnowacoski
  • 3
  • 3
  • 2
1 Solution
 
boon86Commented:
<?php

// Connects to the XE service (i.e. database) on the "localhost" machine
$conn = oci_connect('hr', 'welcome', 'localhost/XE');
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}

$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
    echo "<tr>\n";
    foreach ($row as $item) {
        echo "    <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : "&nbsp;") . "</td>\n";
    }
    echo "</tr>\n";
}
echo "</table>\n";

?>

Open in new window


<?php

$conn = oci_connect('hr', 'welcome', 'localhost/XE', 'AL32UTF8');
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}

$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
    echo "<tr>\n";
    foreach ($row as $item) {
        echo "    <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : "&nbsp;") . "</td>\n";
    }
    echo "</tr>\n";
}
echo "</table>\n";

?>

Open in new window


read more at:
http://www.php.net/manual/en/function.oci-connect.php
http://www.oracle-base.com/articles/misc/WebScriptingForOracle.php
0
 
tnowacoskiAuthor Commented:
I have a handle on the OCI8 connection logic.

$conn = oci_connect('hr', 'welcome', 'localhost/XE');

Open in new window


How do I get the Username, Password, Database information from a Logon form to the connection logic on another page?  Session Storage Variables?  None of the examples that I can find are dynamic.  They all have a static connection string like the examples above.
0
 
boon86Commented:
you could use post from your form and store the logon detail to session

<?php
session_start();
session_register("user");
session_register("pass");
session_register("host");


if(isset($_POST['save']))
{

$user = $_POST['user'];
$pass = $_POST['pass'];
$host = $_POST['host'];

$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
$_SESSION['host'] = $host;

}

?>

and use them later by:
<?php
session_start();
echo $_SESSION['user'];
echo $_SESSION['pass'];
echo $_SESSION['host'];

//or assign it to variable:

$user =  $_SESSION['user'];
?>

you can use session on unlimted page as long as your browser is opened after posted form
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Ray PaseurCommented:
Please do not use session_register().  Please see the large red warning label here:
http://us3.php.net/manual/en/function.session-register.php

A good practice when dealing with external variables is to know the key names you expect in the POST array and filter the input variables.  However in this case, the ultimate filter will be the connection attempt, so you can just copy the contents of the POST into the session with something like this.
http://www.laprbass.com/RAY_temp_tnowacoski.php

Then in your scripts you can refer to the $_SESSION values for the OCI signon credentials.

Best regards, ~Ray
<?php // RAY_temp_tnowacoski.php
error_reporting(E_ALL);


// ALWAYS START THE SESSION AT THE TOP OF EVERY SCRIPT
session_start();


// THE VARIABLES WE EXPECT
$vars = array
( 'name'
, 'pass'
, 'host'
)
;


// IF THE DATA HAS BEEN POSTED
if (!empty($_POST))
{
    // COPY THE THINGS WE WANT INTO THE SESSION ARRAY
    foreach ($vars as $key)
    {
        $_SESSION[$key] = $_POST[$key];
    }
} 
// AT THIS POINT THE SESSION ARRAY HAS THE CREDENTIALS THAT WERE SUBMITTED BY THE CLIENT
// SO THE LOGON AND VALIDATION TAKES PLACE USING THE VALUES IN $_SESSION
// THE SESSION WILL PERSIST ACROSS REQUESTS, SO NEW PAGE LOADS CAN CONTINUE TO USE $_SESSION



// SHOW THE POST AND SESSION ARRAYS
echo "<pre>";
echo "SESSION: ";
var_dump($_SESSION);
echo PHP_EOL;
echo "POST: ";
var_dump($_POST);
echo PHP_EOL;



// CREATE THE FORM FOR THE CLIENT INPUT
$form = '<form method="post">';
foreach ($vars as $key)
{
    $form .= PHP_EOL . $key . '<input name="' . $key . '" />';
}
$form .= PHP_EOL . '<input type="submit" />';
$form .= PHP_EOL . '</form>';

// WRITE THE FORM TO THE BROWSER STREAM
echo $form;

Open in new window

0
 
tnowacoskiAuthor Commented:
Ray: I am following what you are saying, can you look to see what is wrong with this code based on your recommendations?
I am getting an internal server error.

<?php 

// Start session
session_start();

// Fill Session Variables
// THE VARIABLES WE EXPECT
$vars = array( 'username', 'password', 'database');

if ($_POST['database'] == 'IFSTEST' )
  $database='172.22.9.246/IFSTEST';
else
  $database='172.22.9.111/IFS75';
  
// Try connecting to the database 
echo '<b>Trying to Connect to Oracle</b> with:<br>';

echo "$_POST['username'] @ $database <br>";
$conn = oci_connect($_POST['username'], $_POST['password'], $database);

if (!$conn)
{ 
      $e = oci_error();   // For oci_connect errors pass no handle 
      echo '<b><font color="red">FAILED</font></b> : ' . htmlentities($e['message']); 
}
else
{ 
	$_SESSION['username'] = $_POST['username'];
	$_SESSION['password'] = $_POST['password'];
	$_SESSION['database'] = $database;
	
	/*
    foreach ($vars as $key)
    {
        $_SESSION[$key] = $_POST[$key];
    }
	*/
}
    oci_close($conn); 
    echo 'Oracle connection closed<br>';
?> 

Open in new window

0
 
Ray PaseurCommented:
That looks right to me.
0
 
tnowacoskiAuthor Commented:
yah, had a syntax error but that is fixed and working now!  Thanks
0
 
Ray PaseurCommented:
Great!  Thanks for the points, ~Ray
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now