| An HTTP (HyperText Transfer Protocol) header is used to send information back and forth between the server and the client (the Web browser). Normally this information is in the form of HTML, which is why the address for Web pages begins with http://. But HTTP headers are a complicated enough subject to warrant a little more attention. There are actually dozens upon dozens of uses for HTTP headers, all of which you can take advantage of using PHP's header() function.. Here I'll demonstrate the most frequently used purposeredirecting the user from one page to anotheralthough the World Wide Web consortium's specifications on the subject are vast (http://www.w3.org/Protocols/rfc2616/rfc2616). To redirect the user's browser with PHP, you would code: header("Location: page.php"); You can also use the header function to send cookies, which is a good backup to the setcookie() function which sometimes has inconsistent results from one browser to the next . header ("Set-cookie: name=value; expires=expiration"); The most important thing to understand about using header() is that it must be called before anything else is sent to the Web browser, just as you have to be careful when using the setcookie() function. To demonstrate redirection, let's create a simple login script that sends a user to one page if they use the correct username and password or to another if they don't. To use the header() function: -
Create a new PHP document in your text editor (Script 13.6): <?php Script 13.6. You might not ordinarily think to do so, but including the error message capacity in the login script makes sense because you'd most likely want to redirect your user back there if they are not authenticated.  -
Assign the page title and include the header file. $PageTitle = "Login Page"; require ("header.php"); -
Create a conditional that will print a message if the user is not successfully logged in. if ($Message == "Invalid") { print ("<B><CENTER><FONT COLOR= RED>The username and password you entered do not match what is on file. Please try again!</FONT> </CENTER></B>\n"); } If the user-submitted name and password do not match those on file, the user will be sent back to this page with $Message equal to Invalid , prompting an error message. -
Create an HTML form that takes a user name and a password. print ("<FORM ACTION= \"HandleLogin.php\" METHOD=POST>\n"); print ("Username: <INPUT TYPE=TEXT NAME=UserName><BR>\n"); print ("Password: <INPUT TYPE=PASSWORD NAME=Password><BR>\n"); print ("<INPUT TYPE=SUBMIT NAME=SUBMIT VALUE=\"Submit!\">\n"); -
Include the footer file and then close the PHP page. require ("footer.php"); ?> -
Save the script as login.php and upload it to the server. Now you'll need to create the page that will process login.php. -
Create a new PHP document in your text editor (Script 13.7): <?php Script 13.7. This script will validate the user and password using predetermined values, and redirect the user accordingly . There should be no extraneous spaces outside of the PHP in this script or else the header() calls will not work.  -
Create the conditional that will check for the proper match of UserName and Password. if (($UserName == "Larry") && ($Password == "LarryPass")) { This conditional checks to make sure that both the username and the password match those on file. You could also write the script so that it checks a database to find the Password for the UserName, which will allow for many different combinations. Normally, for security reasons, you would not explicitly write these values in your script but rather retrieve them from a database or text file. For demonstration purposes here, you'll establish these values within the PHP though. -
If the authentication works, redirect the user to the main page. header ("Location: index.php? UserName=$UserName"); exit; This line of code will send the user out of this page and to index.php. It will also pass along the UserName to that page. The exit; statement tells the PHP to stop executing any line of code on this page, which you want to do now that they have been redirected. -
Finish the conditional and redirect the user back to the login page. }else{ header ("Location: login.php? Message=Invalid"); exit; } If the submitted values do not match, the user will be given another chance to log in by sending them back to login.php. The ?Message=Invalid appended to the URL will tell login.php to print the error message as it was programmed to do in Script 13.6. -
Close the PHP page. ?> -
Save the script as HandleLogin.php and upload it to the server. Now you'll modify the original index.php page to greet the user. -
Open index.php in your text editor (Script 13.3): -
Change line 4 to read (Script 13.8): print ("Greetings, $UserName!\n"); Script 13.8. I've added the user-specific greeting to this page to make it more dynamic and personalized. The $UserName value is being passed by the header() function in Script 13.7.  -
Save the script as index.php, upload it to the server, and test all the pages, beginning with login.php, in your Web browser (Figures 13.8, 13.9, and 13.10). Figure 13.8. This is the simple login page that takes a username and password.  Figure 13.9. Upon successfully logging in, the user will be redirected to the index.php page where they will be greeted by username.  Figure 13.10. If either the username or the password does not match that on file, the user will be redirected back to the login.php page where they will see this error message.  |
