Completing a Configuration for Chrome and a Server - PHP Serving XUL

(Page 2 of 5 )

We will modify our code to read username and password information from the user, and if we have a valid user, we will render our XUL success screen. The first step to that process is to build an HTML interface to read our entries, and modify the PHP login script to return the XUL source rather than the simple text response.

The PHP interpreter processes any text between the PHP tags (<?php... ?>). All other text outside of the PHP tags is returned directly to the browser. PHP scripts build an HTML interface when a designer builds an HTML page and places PHP scripts where conditional processing will change the text returned to the browser.

Our first step to cut over to a served XUL file is to modify our original PHP script to output a standardFORMto read in the username and password. ThePOSTaction will send the data to the same script file (we will add logic to check for input values that will help flag different entry points to the script).

Once the script obtains the username and password, we will use the same logic to determine success or failure. Although our finished version will then serve a XUL interface, for now we will simply send our previous return code string to the browser.

The changes from the previous doCommand.php file to a doCommandXUL.php file are summarized as follows:

1. The variables that were obtained through$_GETvariables are now obtained through$_POSTvariables (we will be using an HTML form that uses thePOSTmethod for input).
   
2. A check will be added to read the username and password variables. If they are blank, we will issue a login screen; if they are not blank, we will check the input information to see whether the user is authorized.
   
3. The login screen is designed to be a simple HTML table with input fields.
   
4. If the user is authorized, the script echoes the return code to the browser for display.

The PHP script file doCommandXUL.php now looks like this:

  <?php

  $uName = trim($_POST['un']);
  $uPass = trim($_POST['pd']);

  if (empty($uName) || empty($uPass))

  { // build our HTML login stuff

  ?>

  <h1>REGISTERED NEWSSEARCH USERS ONLY!</h1>
  <form method="post" action="doCommandXUL.php">
  <table>
   <tr>
    <td>User name:</td>
    <td> <input type="text" name="un"/></td>
   </tr>
   <tr>
    <td>Password:</td>
    <td> <input type="password" name="pd"/></td>
   </tr>
    <tr>
    <td colspan="2" align="center"> <input type="submit" value="LOG IN"/></td>
   </tr>
  </table>
  </form>

  <?php
  }

  else {
    echo check_user($uName,$uPass);
   }

  ?>

  <?php

  // Check user will make certain the user exists, and return
  // true with the last login date in the command string
  //
  // Error conditions return false with a 'message' parameter
  // set to the string returned by mysql
  //
  function check_user($name,$pass) {

    $database = new mysqli('localhost','newssearch_guest','nsgst', 'newssearch');
    if (mysqli_connect_errno()) { // failing case
       $retString = 'retcode=false,message='.mysqli_connect_error();
       return $retString;
       } // failing case

    $encryptPass = sha1($pass);

    $query = "select status,last_session from
      account where username = '$name' and
         password = '$encryptPass'";

    if ($theResult = $database->query("$query")) {
     // we have some kind of result

    if ($theResult->num_rows == 1) { // we have our user

       $theRow = $theResult->fetch_assoc();
       // get the only row that exists
       $lastLogin = $theRow["last_session"];

       if ($theRow['status'] == 'active') { // all OK 
        $retString='retcode=true,last_login ='.$theRow['last_session'];
    //    update the session info
        $theResult->close();
        $curTime = date('c');
        $update = "update account set last_session =
          '$curTime' where username = '$name'";
        $theResult = $database->query("$update");
        } // account is active

        else { // account not active 
        $theResult->close();
        $retString = 'retcode=false,message=user account not active';
        } // account not active

      } // we have our user
      else { // user not found
       $theResult->close();
       $retString = 'retcode=false,message=user not found';
       } // user not found

      } // we have some kind of result

      else { // no result returned
       $retString = 'retcode=false,message=invalid query';
      } // no results returned

    $database->close();
    return $retString;

  }
 ?>

When we enter the URL for this file into a Firefox browser, and enter a valid username and password into the fields, we get a browser’s rendering of the return code generated by thecheck_userfunction, as shown in Figure 4-9.

Figure 4-9.  PHP-served return code as HTML text

The remaining step to this transition is to serve the XUL source to the user. By renaming our startupScreen.xul file to startupScreen.php, we can merge PHP
statements into the XUL source to accomplish the required tasks to report the last login time for a registered user.

Next: Using PHP require() >>
 

More Web Standards Articles
More By O'Reilly Media

Comments On: Completing a Configuration for Chrome and a Server

· This article is an excerpt from the book "Programming Firefox," published by...   >>> Post your comment now!

Buy this book...

This article is excerpted from chapter four of Programming Firefox, written by Kenneth C. Feldt (O'Reilly, 2007; ISBN: 0596102437). Check it out today at your favorite bookstore. Buy this book now.