Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Share tech news, updates, or what's on your mind.

Sign up to Post

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
5
 
LVL 6

Expert Comment

by:mmarth
Comment Utility
can a file be encrypted with OpenSSL as it is being streamed in so it is not first saved in plaintext form
0
Free Tool: Subnet Calculator
LVL 10
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logout, and Easy Access Control.
3
A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them more and more I decided to trial one so I could offer a better opinion.  The one I decided to trial was called 'LastPass'.  It came highly recommended from a couple of my Web Developer friends who now use it for every website that requires some form of login!

In addition to the recommendation I did some research on the program to give me a little more confidence and understanding – I suggest reading a few reviews prior to jumping into anything.



What is a Password Manager?
A password manager is a program that helps a user to better manage and organise their passwords for online accounts.  Most Password managers store your passwords and then encrypts them.  The programs then require the user to enter a Master Password to decrypt them before they can be access.

What is the benefit of having a Password Manager?:
If you’re anything like me you will have lots of online logins, then over time this can become difficult to manage.  I found myself trying multiple login credentials on sites before finding the one that works, eventually getting there but sometimes I would have to do a password reset.
Using a Password Manager takes away this problem.  All you have to do is remember the one password and the program …
4
Introduction and Prerequisites
This article describes methods for detecting whether a client browser accepts and returns HTTP cookies and whether the client browser runs JavaScript.  Most client browsers will, by default, be configured to use cookies and JavaScript, but some may not do that, and it may be important to your application design to be aware of these client-side factors as you build your web documents.  For example, most shopping carts rely on cookies to store a pointer to the contents of the cart.  If your client has cookies disabled, the shopping cart would not work.  Rather than simply fail, it would be a better design to be able to tell the client about the dependency.  Or you might have a gallery that used jQuery to provide an attractive client experience.  If you knew that JavaScript was disabled you would be able to adjust the gallery behavior. 

These concepts seems like common sense in application design, but the client/server relationship has a structure that hinders this common sense approach.  The order of request and response events is an important principle.  All communication is initiated by the client.  The client makes a request, the server-side scripts run, and the server-side scripts are complete before the response is sent to the browser.  As a result, any of the characteristics of the client browser that are not part of the request
1
A Change in PHP Behavior with Session Write Short Circuit (Winter 2014)**
With the release of PHP 5.6 the session handler changed in a way that many think should be considered a bug.  See the note at the end of this article.

A Foreword: PHP session_unregister() (Fall 2014)
Some obsolete code sets contain "Logout" examples that use the session_unregister() function.  PHP deprecated this function more than 5 years ago and removed it recently.  If you have a script that uses session_unregister(), you should replace the function name with unset(), using the same function call arguments.  Going forward, do not use session_unregister(), session_register(), or session_is_registered().  Instead check the PHP man pages for these functions.  There are solutions and explanations of the alternatives in the user-contributed notes.

And now, on to our Article: PHP Sessions -- Simpler Than You Think
This EE question ("I am looking for a solution for logout after inactivity.") got me thinking...
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_28169149.html#a39280833

Developers who are new to PHP session handling sometimes over-think the role and behavior of PHP sessions.  This article takes the process apart and reconstructs it to show how easy it can be to use the PHP session to your (and your clients') advantage.

Use the Built-In Features Whenever Possible
PHP already has a built-in solution
10
 
LVL 111

Author Comment

by:Ray Paseur
Comment Utility
Gladly, Keith :-)  What topics would you like to cover?
0
 
LVL 8

Expert Comment

by:Jim Riddles
Comment Utility
The same goes for me.  I have learned so much about the proper way to approach PHP programming.  I still have so much more to learn, but with Ray's articles, I know that I will get there.  Thanks so much, Ray for all of your time and efforts!  They are much appreciated.
0
Introduction
HyperText Transfer Protocol or "HTTP" is the underpinning of internet communication.  As a teacher of web development I have heard many questions, mostly from my younger students who have come to the WWW in the days after 2005 (and therefore after the advent of jQuery), that seem to evince a misunderstanding of the way the HTTP protocol works.  Since HTTP is the basic building block of web sites and web applications, a clear understanding of the protocol is required to understand how web sites really work.  And perhaps more importantly, it is necessary to understand the protocol so you can build a web site that works like another site you've seen and appreciated.  This article is intended to lift the cloud of confusion that has appeared in the years since the arrival of jQuery, CSS3, animation in web sites, and the phenomenon called Web 2.0.

The confusion has arisen in large measure because of the design movement of web interactivity away from the static page loads and into design paradigms that more closely mimic native applications.  If the hyperlink was the design element that launched the internet revolution, the event handler may be thought of as the design element that has most refined the client experience.  In all cases, at the foundation is the HTTP protocol.

HTTP is a Stateless Client/Server Protocol
Client/Server protocols are two-way communication mechanisms that allow humans to get information from web sites
19
 
LVL 15

Expert Comment

by:Eric AKA Netminder
Comment Utility
Ray,

A typically outstanding article. I've been fumbling through telling people this stuff for a long time, so it's nice to have a clear resource to which to send them.

Thanks!

ep
0
Foreword
In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of course nobody would store client passwords in clear-text, but many of the attempted solutions (message digests, encryption, etc) are little better than clear-text.  A companion article about password storage is available here: Password Hashing in PHP.  The discussion and article segment below, An Afterword: About Storing Passwords, is obsolete and should not be used as the basis for your applications.

Introduction
A frequent design pattern question for new PHP developers goes something like this, "How do I handle client registration and login?"  It's done in every framework and CMS, and all of them use a similar pattern.  This article builds the pattern step-by-step so you can see what is going on at each part of the code.

For this example, we rely on the PHP session handler to tell us if the client is logged in.  We also use cookies so that we can "remember" that a client is logged in, and we employ a data base table that contains our client information.  

Our implementation of this design pattern gives us the ability to password-protect a web page with a single line of PHP code like this:
access_control();

Open in new window

Furthermore, we can test for a client login (without actually requiring a login) with this:


Open in new window

59
 
LVL 1

Expert Comment

by:mlemos
Comment Utility
Thanks Kyle, would it be OK to republish articles published elsewhere?
0
 
LVL 17

Expert Comment

by:Kyle Santos
Comment Utility
Yes, that would be fine.  Just make sure you reference the original source so our Page Editors are aware.  This will let them know the content is not plagiarized.
1
Foreword
This article was written many years ago, in the days when PHP supported the MySQL extensionToday you would not use MySQL examples, instead choose MySQLi or PDO.  When you see mysql_function() examples here, or anywhere else, be aware that the examples are getting old, and should be considered with an historical understanding of the times, context, and modern alternatives.

Both Easy and Powerful
How easy is PHP? http://lmgtfy.com?q=how+easy+is+php  Very easy.  It has been described as "a programming language even my grandmother can use."

How powerful is PHP?  http://en.wikipedia.org/wiki/PHP  Very powerful.  But also very complex.  My grandmother is pretty smart, but I don't think she has been thinking about class abstraction or late static bindings very much.

At the confluence of easy, powerful, and complex, we find a lot of assumptions.  We assume certain things just happen automatically, like the contents of the URL GET arguments showing up in the $_GET array when we start our script.  $_GET is always there, always set, as dependable as gravity.  Unfortunately the contents of $_GET is not as dependable.  In fact, the exact same PHP script, with the exact same URL arguments can produce two different outputs.  How could this confusion have happened?  We tried to make PHP too easy.

Special Characters
8
 
LVL 70

Expert Comment

by:Jason C. Levine
Comment Utility
Ray,

Excellent description of the headache that has been magic quotes and nice resolution and sample code.
0
 
LVL 1

Expert Comment

by:Imaginx
Comment Utility
Ray - Great article.

I really like the foreach pointer to go through the super globals.

I've always used something like this that I typically just through into my database class:

 
<?php

class MySQLDatabase {
	
	private $magic_quotes_active;
	private $new_enough_string_exists;
	
	function __construct(){
		$this->magic_quotes_active = get_magic_quotes_gpc();
		$this->new_enough_string_exists = function_exists("mysql_real_escape_string");
	}
	public function escape_value($value){
		if($this->new_enough_string_exists){
				if($this->magic_quotes_active){$value=stripslashes($value);}
				$value=mysql_real_escape_string($value);
			}else{
				if(!$this->magic_quotes_active){$value=addslashes($value);}
		}
	  return $value;
	}
}

$db=new MySQLDatabase();

?>
<form method="post">
TYPE SOMETHING HERE:
<input type="text"   name="my_INPUT_Field"   value="<?php echo htmlentities($db->escape_value($_GET['name'])); ?>" />
<input type="submit" name="my_SUBMIT_Button" value="go" />
</form>

Open in new window

0
Introduction
This warning has to be one of the most commonly issued warnings in the history of PHP.  The article explains why this warning arises and what to do to mitigate the problem.

How this Happens
HTTP headers include many different kinds of information that can be exchanged between the browser and the server.  But as the name "header" implies, they must come only at the beginning of the server's response to the client request.  It is a law of the HTTP protocol that all headers must come first, have been sent, and completed before any browser output can be sent.  In PHP, the "Cannot Modify Header Information" always means that some browser output was sent, and then a PHP header() function was called.  To quote the PHP web site, "Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP.  It is a very common error to read code with include(), or require(), functions, or another file access function, and have spaces or empty lines that are output before header() is called.  The same problem exists when using a single PHP/HTML file."

All by itself, "whitespace" can cause this error.  Consider this code snippet.  The middle line apparently contains "nothing" but it actually contains a newline character and that single (invisible) character is sufficient to cause the warning.  
 

Open in new window

4
Introduction
One of the frequent application design questions goes something like this: "How can I confirm when a client registers on my web site?"

The registration might be for general use of a self-administered site like a forum, or for attendance at a specific event.  But the registration is a public page - anyone can register, and that means that any hacker or 'bot can attack your form.  When a client registers, you want to know that the registration is valid, so some kind of "handshake" makes sense.  One common method of getting this handshake is to send a confirmation email to the registrant, with a clickable link to a confirmation page.  When the client clicks the link to the confirmation page, the handshake can be completed.

Many sites use this register-and-confirm pattern, and all of them work the same way.  Once you see the moving parts of the application it is easy to understand and implement a similar design for your registration needs.  Once the registration table is set up in your data base, you can accomplish all of the pieces of the handshake within a single PHP script!

Common Basis for All Scripts
All of our scripts will need to connect to the data base, so we can begin by isolating this commonly used code into a separate "common" script.  We also have a specialized local function to validate an email address, so we will put that into the common script, too.  We will include the common script into our specialized scripts with …
12
 

Expert Comment

by:Luca Bonacina
Comment Utility
I greately appreciated these scripts, even if on my hosting probably it doesn't work due to a version problem (I'm using 5.6.28).

It seem failing all the occurrence of instance like this:  $num = $res->num_rows();

In example:  Fatal error: Call to undefined method mysqli_result::num_rows() in /RAY_register_and_confirm.php on line 162

Do you think it is a version problem?
0
 

Expert Comment

by:Dexter Marx
Comment Utility
@Luca Bonacina

I ran into the same problem. For everybody who is going to use this script with up to date PHP Versiions:

change num_rows() to num_rows
it's not a function anymore, but a variable

for instance, here:
    if ( $res->num_rows == 0 ){
        die("SORRY - YOUR ACTIVATION CODE WAS NOT FOUND");
    }

further you have to replace
    $row = mysql_fetch_assoc($res);
with
    $row = mysqli_fetch_assoc($res);
0
Introduction
A frequent question goes something like this, "How can I show an introductory page to my clients on the first site visit, but not show it again on every visit?"  The answer is by using a cookie.  This article shows the design pattern for a home page that is aware of the need or lack of need for an introductory "splash" page.  It also allows the client to see the splash page on demand.

Using Cookies to Preserve "Stateful" Information
In HTTP, cookies are sent from the browser to the server at the time of the page request.  PHP puts these cookies into the $_COOKIE associative array.  See: http://php.net/manual/en/reserved.variables.cookies.php.  There is an important characteristic to this data flow -- the cookies you set in your PHP script are NOT put into $_COOKIE by PHP.  This means that we can test the contents of $_COOKIE to see the historical record of the cookies, and that record will not change during the execution of our script.  Cookies we set in our current script are only presented to future scripts.

The setcookie() function is used to set cookies on the client browser.  See http://www.php.net/manual/en/function.setcookie.php for the details.  Cookies are part of the HTTP headers.  This means that you may only call setcookie() before any browser output has been sent, including whitespace.  There are no exceptions to this rule.

In this script we do the following things.

(1) Unconditionally set a cookie …
9
 
LVL 1

Expert Comment

by:trrsrr
Comment Utility
'voted' for this nice article, Ray ...


Regards...
0
 
LVL 9

Expert Comment

by:Rowby Goren
Comment Utility
I've heard about cookies but really never knew the technical side of it.

This article fills that gap!

...Rowby
0

HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Top Experts In
HTTP Protocol
<
Monthly
>