In my previous post we explored the basics of what PHP is, how it works, and how it’s very useful skill that any web developer would take a lot of advantage of by having it on their curriculum. After knowing all of this, in today’s post we are going to create our own PHP web application to show all the different functionalities that we can have using PHP.
Set up for your PHP web application
Before starting to create our PHP web application, we are going to take a look at a few things that we should set up in order to run our PHP code.
XAMPP
According to its official web page, XAMPP is a PHP development environment that acts as a web server and interpreter for our PHP scripts. In order to use it, we just have to download it from their official web page, and open the XAMPP Control Panel, which we are going to use to host our Apache HTTP Web server and our MariaDB database.
Apache HTTP Web server
Quoting the Apache home page, Apache HTTP server (which is most commonly known just as Apache) is a open-source cross-platform web server that can support server-side programming languages. Because of this, we are going to use it so it as the interpreter for our PHP scripts.
It comes installed with XAMPP, and in order to use it we just need to go to the XAMPP Control panel, and click on the “Start” action of the Apache Module.
MariaDB
Summarizing what we can read in the MariaDB official page, MariaDB is a open source relational database created as alternative version of MySQL (whose original developers are the same who developed MariaDB). Because of this, it has a similar syntax and shares a lot of functionalities with MySQL. It works really well with PHP web applications, and it’s the default relational database that is used by XAMPP.
Just like the Apache HTTP server, MariaDB also comes installed with XAMPP. Once more, in order to use it we can simply go to the XAMPP Control panel, and click on the “Start” action of the MySQL module (that it is MariaDB in the background). Be aware that it uses port 3306 by default, so you can either change this port if it’s being used by another application, or close the connection of the other application before starting the MariaDB module so there are no errors at start up.
Our PHP web application
We are going to start with a index page. We want to create a simple index page where users of our application go when they first visit our application, and it will look like this for the users:
All of the frontend (what the users see) consists of simple HTML and CSS code. However, as we can see in the following code sample, we are using PHP code for the functionalities that this pages is going to have:
As stated before, we don’t see anything that is not HTML for the most part in the page. However, if we take a close look at the form where the user enter their username and their password, we see that the action (clicking the button submit) takes us to a page called login.php, which is actually just a script where were are performing all the actions that we need.
Said page is purely PHP script, so it does not have any interface that the user is going to be able to see. Instead, it will redirect to the appropiate php web page according to the credentials. Now, let’s take a look at login.php step by step.
As mentioned in my previous post, all PHP code should be written inside the <?php ?> tag. Therefore, for every PHP script that we have, we start the whole script with a line just containing “<?php”, and we close the script with “?>” (without the double quotation for both of them). Then, before starting to implement logic, the very first we do inside our PHP scripts is to use the information that we have in the db.php script by using the “include” command (or “require”, which has the same function). Said script looks like this:
And we are going to use them in order to establish a connection with the database. Another thing that we can see in db.php is how variables are declaed in PHP. To declare a variable, we simply nee to use the $ symbol followed by the name we want to give to the variable.
Then, we want to get the information of the session so we know if the user has previously logged in, so they don’t have to log in again. We will get the information from the session for every page that we have as well in order to retrieve data that we want to show in the page related to the specific user. In order to get this data, we simple need the following line of code:
Then, we start to implement our logic for logging in.
First of all, we need to establish a connection to the database in the following way:
We assign to the variable $dbh a new object of PDO which represents a connection between PHP and a database server, and it uses the variables that we go from the db.php page as arguments.
Now, we are going to use that $dbh variable to create our statement to retrieve the users from the database, and we are going to check the username that the user input on it.
We create a new variable $stmt to hold the statement that we are going to use with the $dbh connection to the database in order to retrieve the user. We called the prepare method of the $dbh variable by using the -> symbol after the variable name and followed by the specific method we want to call, in the case of the first line of code in this image, prepare (in order to prepare the query) and we pass as the argument a String with the query we want (‘SELECT * FROM users WHERE username = ?’ in this case). Then, we called the bindParam method from our statement in order to fill the first parameter that we see in the query (the “?”), and we are going to use the username that is stored in the $_POST array at index “username”. $_POST array holds all the parameters that have been sent through a form with method of POST (the one we see in our index.php page with the username and the password of the user), and it stores each parameter at a index identified by the name they had when they were past through the post method (“username” and “password” in this case).
After that, we execute the code with by calling the execute() method of $stmt object. From there, we will now check if we got any results and proceed accordingly:
The if statement in the first line is checking if the number os rows that were returned to the $stmt variable is greater than 0 (when the user is found in the database). In case it was found, we are going to use create another variable ($usr in this case) to store the actual result that was obtained from the $stmt executing. Each column result that was fetched is going to be stored in $usr (which is acting as an array) at a index with the name of the columns.
Then, we check if the password that was passed through the Post method matches the password that was fetch from the user. If they match, set the information of the user to the session (by adding them to the $_SESSION[] array).
Then we check if the user is an admin or not. If they are an admin, we use the header method to send the user to the PHP page that we want, in this case, the admin Management page by simply passing as argument the word location follow by a colon and the name of the PHP page want to send them (adminManagemnt.php). In case they are not an admin, we use again the header command to send them to the respective page for regular users (userInventory.php).
In case the password does not match with the one that is in the database, or if the row count of the statement in $stmt is 0, we send the user back to index.php using header again, and adding to the $_SESSION[] array the at index of LOGINERROR (that we are going to display in the index.php in case it’s not null) the error message telling the user that the combination of username and password was incorrect.
Now, let’s take a look at some extra code in index.php that was not shown in the first image:
As we see here, even before opening the html tags we havee some php code (delimited by the <?php ?> tags). In this code, we get the information that is stored in the session by calling the session_start() method. Then, we check if there is already a user in the session by calling the isset method with the argument of the $_SESSION at index USER in an if statement. “isset” method basically checks if the element is null or not. If isset detects that the session variable USER is not null, it will check whether the user is an admin or not, and send them (with the header method) to the respective page that they should be sent to.
Then, after the form and the link to register that we have at the end of the first image of index.php, we have the following line of code:
Where we check if the session variable LOGINERROR is exists (if isset is true for $_SESSION[“LOGINERROR”] is not null), and in case it exists, show the respective error message that was sent here.
Finally, we end our index.php page with the following code:
After closing the body and the html tags, we include a line of PHP code to “clear” the LOGINERROR session variable with the unset method, so once it have been displayed once, it gets null again and the same message won’t show in case the page is re-loaded.
This will be all the code we have in db.php, login.php and index.php. The pages adminManagement.php, userInventory.php and registration.php that we can see in the previous images have different functionalities depending on what they need, but all of them use the same PHP logic that has been shown above, but accordingly to what the function we are trying to accomplish for them.
