Solved

php/OCI signon credentials

Posted on 2011-09-09
8
626 Views
Last Modified: 2012-06-21
PHP5/OCI8 newbie here.  I am looking for suggestions on best practices on how to store username/password/database information from a signon form.  I have a simple web site with a main navigation page, a logon page, and some database update pages.  All of these pages have the proper OCI connection string but I am not sure how to retain the logon information to use on each individual pages.  Currently all of my pages can connect to the Oracle database but the connections strings are hardcoded.  Does anyone have examples?
0
Comment
Question by:tnowacoski
  • 3
  • 3
  • 2
8 Comments
 
LVL 7

Expert Comment

by:boon86
ID: 36512844
<?php

// Connects to the XE service (i.e. database) on the "localhost" machine
$conn = oci_connect('hr', 'welcome', 'localhost/XE');
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}

$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
    echo "<tr>\n";
    foreach ($row as $item) {
        echo "    <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : "&nbsp;") . "</td>\n";
    }
    echo "</tr>\n";
}
echo "</table>\n";

?>

Open in new window


<?php

$conn = oci_connect('hr', 'welcome', 'localhost/XE', 'AL32UTF8');
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}

$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
    echo "<tr>\n";
    foreach ($row as $item) {
        echo "    <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : "&nbsp;") . "</td>\n";
    }
    echo "</tr>\n";
}
echo "</table>\n";

?>

Open in new window


read more at:
http://www.php.net/manual/en/function.oci-connect.php
http://www.oracle-base.com/articles/misc/WebScriptingForOracle.php
0
 

Author Comment

by:tnowacoski
ID: 36512939
I have a handle on the OCI8 connection logic.

$conn = oci_connect('hr', 'welcome', 'localhost/XE');

Open in new window


How do I get the Username, Password, Database information from a Logon form to the connection logic on another page?  Session Storage Variables?  None of the examples that I can find are dynamic.  They all have a static connection string like the examples above.
0
 
LVL 7

Expert Comment

by:boon86
ID: 36513055
you could use post from your form and store the logon detail to session

<?php
session_start();
session_register("user");
session_register("pass");
session_register("host");


if(isset($_POST['save']))
{

$user = $_POST['user'];
$pass = $_POST['pass'];
$host = $_POST['host'];

$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
$_SESSION['host'] = $host;

}

?>

and use them later by:
<?php
session_start();
echo $_SESSION['user'];
echo $_SESSION['pass'];
echo $_SESSION['host'];

//or assign it to variable:

$user =  $_SESSION['user'];
?>

you can use session on unlimted page as long as your browser is opened after posted form
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 36516171
Please do not use session_register().  Please see the large red warning label here:
http://us3.php.net/manual/en/function.session-register.php

A good practice when dealing with external variables is to know the key names you expect in the POST array and filter the input variables.  However in this case, the ultimate filter will be the connection attempt, so you can just copy the contents of the POST into the session with something like this.
http://www.laprbass.com/RAY_temp_tnowacoski.php

Then in your scripts you can refer to the $_SESSION values for the OCI signon credentials.

Best regards, ~Ray
<?php // RAY_temp_tnowacoski.php
error_reporting(E_ALL);


// ALWAYS START THE SESSION AT THE TOP OF EVERY SCRIPT
session_start();


// THE VARIABLES WE EXPECT
$vars = array
( 'name'
, 'pass'
, 'host'
)
;


// IF THE DATA HAS BEEN POSTED
if (!empty($_POST))
{
    // COPY THE THINGS WE WANT INTO THE SESSION ARRAY
    foreach ($vars as $key)
    {
        $_SESSION[$key] = $_POST[$key];
    }
} 
// AT THIS POINT THE SESSION ARRAY HAS THE CREDENTIALS THAT WERE SUBMITTED BY THE CLIENT
// SO THE LOGON AND VALIDATION TAKES PLACE USING THE VALUES IN $_SESSION
// THE SESSION WILL PERSIST ACROSS REQUESTS, SO NEW PAGE LOADS CAN CONTINUE TO USE $_SESSION



// SHOW THE POST AND SESSION ARRAYS
echo "<pre>";
echo "SESSION: ";
var_dump($_SESSION);
echo PHP_EOL;
echo "POST: ";
var_dump($_POST);
echo PHP_EOL;



// CREATE THE FORM FOR THE CLIENT INPUT
$form = '<form method="post">';
foreach ($vars as $key)
{
    $form .= PHP_EOL . $key . '<input name="' . $key . '" />';
}
$form .= PHP_EOL . '<input type="submit" />';
$form .= PHP_EOL . '</form>';

// WRITE THE FORM TO THE BROWSER STREAM
echo $form;

Open in new window

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:tnowacoski
ID: 36522380
Ray: I am following what you are saying, can you look to see what is wrong with this code based on your recommendations?
I am getting an internal server error.

<?php 

// Start session
session_start();

// Fill Session Variables
// THE VARIABLES WE EXPECT
$vars = array( 'username', 'password', 'database');

if ($_POST['database'] == 'IFSTEST' )
  $database='172.22.9.246/IFSTEST';
else
  $database='172.22.9.111/IFS75';
  
// Try connecting to the database 
echo '<b>Trying to Connect to Oracle</b> with:<br>';

echo "$_POST['username'] @ $database <br>";
$conn = oci_connect($_POST['username'], $_POST['password'], $database);

if (!$conn)
{ 
      $e = oci_error();   // For oci_connect errors pass no handle 
      echo '<b><font color="red">FAILED</font></b> : ' . htmlentities($e['message']); 
}
else
{ 
	$_SESSION['username'] = $_POST['username'];
	$_SESSION['password'] = $_POST['password'];
	$_SESSION['database'] = $database;
	
	/*
    foreach ($vars as $key)
    {
        $_SESSION[$key] = $_POST[$key];
    }
	*/
}
    oci_close($conn); 
    echo 'Oracle connection closed<br>';
?> 

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36523561
That looks right to me.
0
 

Author Comment

by:tnowacoski
ID: 36523651
yah, had a syntax error but that is fixed and working now!  Thanks
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36523705
Great!  Thanks for the points, ~Ray
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
spacing 5 30
Oracle DATE Column Space 11 45
using hash in login 34 20
How can I do a Select All on this page? 8 12
This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now