1 00:00:00,506 --> 00:00:08,556 [ Silence ] 2 00:00:09,056 --> 00:00:09,756 >> All right. 3 00:00:09,756 --> 00:00:11,276 So welcome back to S-75. 4 00:00:11,276 --> 00:00:12,916 This is Lecture 2, PHP, Continued. 5 00:00:12,966 --> 00:00:14,996 We're actually on break on Wednesday, 6 00:00:14,996 --> 00:00:16,286 so this is an abbreviated week 7 00:00:16,286 --> 00:00:18,976 but we'll do is get you mentally prepared for the first 8 00:00:18,976 --> 00:00:20,606 of the projects, which for syllabus goes 9 00:00:20,606 --> 00:00:21,636 out the door on Monday. 10 00:00:21,636 --> 00:00:23,736 And also on Monday we'll continue our discussion of PHP, 11 00:00:23,736 --> 00:00:27,856 and also a topic of XML and exactly what you can with it 12 00:00:28,066 --> 00:00:30,596 and why you might use it as an alternative, for instance, 13 00:00:30,596 --> 00:00:33,386 to something like MySQL or Oracle or the like, 14 00:00:33,546 --> 00:00:35,936 when you actually want to read and/or write data 15 00:00:36,146 --> 00:00:37,986 with relatively small quantities of it. 16 00:00:37,986 --> 00:00:39,646 And then we'll actually come full circle later 17 00:00:39,646 --> 00:00:43,066 in the semester looking at XML again in the context of AJAX. 18 00:00:43,116 --> 00:00:47,226 This technique whereby webpages can go back and back and back 19 00:00:47,226 --> 00:00:48,566 to the server for additional data, 20 00:00:49,016 --> 00:00:52,076 in order to update interfaces dynamically, 21 00:00:52,126 --> 00:00:53,216 something like Facebook, 22 00:00:53,216 --> 00:00:54,756 something like Google Maps, and the like. 23 00:00:54,756 --> 00:00:56,096 So you'll see us come full circle 24 00:00:56,096 --> 00:00:57,296 with that particular topic. 25 00:00:57,586 --> 00:01:00,036 But for today, let's take a quick look back 26 00:01:00,356 --> 00:01:02,616 at where we left off last time. 27 00:01:02,616 --> 00:01:05,186 So last time, we introduced the very beginnings of PHP. 28 00:01:05,186 --> 00:01:06,916 And we made this distinction 29 00:01:06,916 --> 00:01:08,756 that PHP is an interpreted language. 30 00:01:09,136 --> 00:01:11,006 What is that mean in layman's terms? 31 00:01:12,106 --> 00:01:13,356 What is an interpreted language? 32 00:01:13,356 --> 00:01:13,466 Yeah? 33 00:01:14,106 --> 00:01:17,446 >> Well, it's read line by line and it's not compiled. 34 00:01:17,566 --> 00:01:19,056 >> Good. So, it's a programming language 35 00:01:19,056 --> 00:01:20,906 that something called an interpreter, 36 00:01:20,906 --> 00:01:23,746 which is just a program, reads top to bottom, left to right, 37 00:01:23,746 --> 00:01:26,926 and every time it encounters a line of code it interprets it 38 00:01:26,926 --> 00:01:29,396 and performs whatever operation is specified. 39 00:01:29,396 --> 00:01:32,236 So if that statement is print, the interpreter is going 40 00:01:32,236 --> 00:01:35,806 to literally print out whatever is between the parentheses 41 00:01:35,806 --> 00:01:36,886 for that function call. 42 00:01:37,116 --> 00:01:38,156 So it's not compiled. 43 00:01:38,156 --> 00:01:40,466 So not compiled means you don't actually run it manually 44 00:01:40,466 --> 00:01:42,976 through a compiler like GCC or Visual Studio, 45 00:01:42,976 --> 00:01:45,506 the output of which is generally something called object code, 46 00:01:45,906 --> 00:01:48,016 you instead just run it. 47 00:01:48,016 --> 00:01:50,106 And even though we'll see PHP both 48 00:01:50,106 --> 00:01:51,976 at the command line whereby you can use it 49 00:01:51,976 --> 00:01:54,366 to write things called shell scripts, right, little programs 50 00:01:54,366 --> 00:01:56,246 at the command line, at your blinking prompt. 51 00:01:56,426 --> 00:01:58,916 It's predominantly used in the web context 52 00:01:58,976 --> 00:02:00,896 to generate dynamic websites. 53 00:02:00,896 --> 00:02:03,566 And so that's, will be ultimately our focus. 54 00:02:04,006 --> 00:02:07,076 So what is an advantage of PHP or any interpreted language 55 00:02:07,106 --> 00:02:09,806 of being interpreted as supposed to compile? 56 00:02:10,446 --> 00:02:12,276 Why is this even an interesting distinction? 57 00:02:12,806 --> 00:02:16,126 What do you got? 58 00:02:16,896 --> 00:02:21,526 >> If it's interpreted, it doesn't have to be [inaudible] 59 00:02:21,526 --> 00:02:26,606 to be edited as this and it can be interpreted I guess 60 00:02:26,606 --> 00:02:28,086 on flyers something along those lines? 61 00:02:28,086 --> 00:02:28,556 >> OK, good. 62 00:02:28,556 --> 00:02:31,496 So because it's interpreted and you skip this middle step 63 00:02:31,496 --> 00:02:33,126 of compiling it, it just speeds 64 00:02:33,126 --> 00:02:34,616 up development time a little bit. 65 00:02:34,616 --> 00:02:36,866 You can make a change, test it, make a change, test it, 66 00:02:36,866 --> 00:02:38,226 without just that middle step. 67 00:02:38,486 --> 00:02:39,856 And certainly for large projects, 68 00:02:39,856 --> 00:02:42,706 if you did had a compile whole program, you know, in the worst 69 00:02:42,706 --> 00:02:45,236 of case, very large CL software projects 70 00:02:45,236 --> 00:02:47,396 that can take few seconds, even a couple of minutes. 71 00:02:47,986 --> 00:02:48,266 Yeah? 72 00:02:48,426 --> 00:02:50,946 >> And you'll be thinking you're running different operating 73 00:02:51,216 --> 00:02:54,106 systems and they don't have to allow different versions. 74 00:02:54,326 --> 00:02:54,926 >> Excellent. 75 00:02:54,926 --> 00:02:58,716 So one of the key realities of a compiled language is 76 00:02:58,716 --> 00:03:01,936 that when you compile it down to object code, that is 0s and 1s, 77 00:03:01,936 --> 00:03:05,186 those 0s and 1s are laid out in a pattern that's specific 78 00:03:05,186 --> 00:03:08,646 to a particular CPU, and it's a companied by 0s and 1s 79 00:03:08,646 --> 00:03:09,476 that are specific 80 00:03:09,476 --> 00:03:11,486 to a particular operating system typically. 81 00:03:11,726 --> 00:03:14,916 So, if you compile a program in C or C++ or the 82 00:03:14,916 --> 00:03:18,786 like on your Mac, odds are it is not going to run on your PC, 83 00:03:18,786 --> 00:03:20,766 at least not without some effort. 84 00:03:20,916 --> 00:03:23,236 And if you run it to compile it on a new-- 85 00:03:23,236 --> 00:03:25,706 the latest and greatest Mac which is, let call it, 86 00:03:25,706 --> 00:03:28,356 64-bit and then try to run it on an older Mac, 87 00:03:28,356 --> 00:03:31,166 even that might not work because the size 88 00:03:31,226 --> 00:03:33,186 of the numbers you're using in that program 89 00:03:33,186 --> 00:03:35,166 on a 64-bit machine are twice as big 90 00:03:35,166 --> 00:03:36,956 as they would be on an older machine. 91 00:03:36,956 --> 00:03:38,356 So in short, there're some pluses 92 00:03:38,356 --> 00:03:39,696 and minuses in both directions. 93 00:03:39,696 --> 00:03:41,766 And the minus in the interpreted direction is 94 00:03:41,766 --> 00:03:43,886 that you can pay a bit of a performance penalty. 95 00:03:44,106 --> 00:03:46,716 If you're not actually doing this upfront expenditure 96 00:03:46,716 --> 00:03:49,466 of converting something from source code to object code, 97 00:03:49,686 --> 00:03:51,936 you're going to have to do that again, and again, and again, 98 00:03:51,936 --> 00:03:54,586 effectively when the program is interpreter. 99 00:03:54,586 --> 00:03:56,136 You're going to have to incur some costs then. 100 00:03:56,136 --> 00:03:58,126 However, as we'll talk about toward the end of the semester 101 00:03:58,126 --> 00:04:00,286 when we talk about scalability, there are tools 102 00:04:00,286 --> 00:04:02,066 that you can install on a server to mitigate this 103 00:04:02,226 --> 00:04:03,986 that will actually cache the results 104 00:04:03,986 --> 00:04:06,766 of the interpreter's first execution so that second 105 00:04:06,766 --> 00:04:09,546 and third times are actually much faster. 106 00:04:09,936 --> 00:04:12,826 So, we also talked last week about PHP: 107 00:04:12,826 --> 00:04:15,096 The language, on Wednesday. 108 00:04:15,096 --> 00:04:18,156 And we talked about some of its basic features and for now know 109 00:04:18,156 --> 00:04:20,556 that it's synthetically very similar to languages 110 00:04:20,556 --> 00:04:23,776 like JavaScript, C, C++, Java, and the like. 111 00:04:23,776 --> 00:04:25,606 And it has for loops and while loops. 112 00:04:25,606 --> 00:04:26,906 And all the things you would expect 113 00:04:26,906 --> 00:04:28,846 in what's generally called the procedural 114 00:04:28,896 --> 00:04:29,976 or imperative language. 115 00:04:30,386 --> 00:04:33,146 But it also has, particularly for the sake of the web, 116 00:04:33,446 --> 00:04:36,136 some special superglobal variables. 117 00:04:36,136 --> 00:04:38,266 Now, superglobal variable, 118 00:04:38,546 --> 00:04:40,666 an example of one was what, from Wednesday? 119 00:04:41,286 --> 00:04:41,386 Yeah? 120 00:04:42,196 --> 00:04:43,776 >> Well, session, post,-- 121 00:04:44,116 --> 00:04:44,316 >> Good. 122 00:04:44,316 --> 00:04:44,686 >> -- get. 123 00:04:45,766 --> 00:04:47,506 >> Session, post, get, cookie. 124 00:04:47,506 --> 00:04:49,686 There's a few other but those are four of the biggies, 125 00:04:49,686 --> 00:04:51,716 almost of which we'll actually look tonight, 126 00:04:51,716 --> 00:04:53,276 maybe in fact, all of them. 127 00:04:53,276 --> 00:04:55,856 And these superglobals are available to your program, 128 00:04:55,856 --> 00:04:58,416 whatever file the user has visited with the web browser 129 00:04:58,636 --> 00:05:01,066 so that you can access the parameters that they passed 130 00:05:01,066 --> 00:05:02,806 in via the URL, the parameters 131 00:05:02,806 --> 00:05:06,606 that they posted via form cookies that you have planted 132 00:05:06,606 --> 00:05:08,686 on their computer previously, and session-- 133 00:05:09,156 --> 00:05:10,496 well, did session refer to? 134 00:05:10,526 --> 00:05:10,716 Yeah? 135 00:05:11,676 --> 00:05:15,596 >> There was superglobal that was president 136 00:05:15,746 --> 00:05:16,776 in the entire session. 137 00:05:17,166 --> 00:05:20,166 So if you have, for example, PHP vowels, 138 00:05:20,166 --> 00:05:21,856 you can start the same session on both of them, 139 00:05:21,856 --> 00:05:24,016 and then you can pass variables between them. 140 00:05:24,236 --> 00:05:24,496 >> OK. 141 00:05:24,496 --> 00:05:27,826 >> Both user's usernames, but you can use that. 142 00:05:27,826 --> 00:05:28,256 >> Excellent. 143 00:05:28,256 --> 00:05:33,046 So this $_sessionsuperglobal, is like this container that you get 144 00:05:33,046 --> 00:05:35,336 for each one of the users that visits your website. 145 00:05:35,426 --> 00:05:37,936 And if you put something in there like the user's username, 146 00:05:38,166 --> 00:05:40,826 you are essentially guaranteed to be able to get 147 00:05:40,826 --> 00:05:44,236 that value back the next time the user visits your webpage, 148 00:05:44,236 --> 00:05:45,726 whether it's a split second later 149 00:05:45,906 --> 00:05:48,266 or maybe even an hour later, and the only gotcha is 150 00:05:48,266 --> 00:05:51,326 that if the session has an expiration, which is usually 151 00:05:51,326 --> 00:05:54,066 as long as the browser is running or that window is open, 152 00:05:54,066 --> 00:05:55,586 or maybe even shorter if you specify 153 00:05:55,586 --> 00:05:56,676 that there should be only be a legitimate 154 00:05:56,676 --> 00:05:59,246 for like five minutes, you will always get back 155 00:05:59,246 --> 00:06:00,176 to those same values. 156 00:06:00,176 --> 00:06:02,236 So the session object as we'll see firsthand today 157 00:06:02,236 --> 00:06:04,496 with some code, is a great way of remembering things 158 00:06:04,496 --> 00:06:06,576 like this user has already logged in. 159 00:06:06,696 --> 00:06:08,606 Show them their private information, 160 00:06:08,736 --> 00:06:11,166 otherwise show them the login screens, so we'll be able 161 00:06:11,166 --> 00:06:13,216 to do some basic checks like that. 162 00:06:13,616 --> 00:06:13,986 All right. 163 00:06:14,026 --> 00:06:15,856 So let's dive in with an example. 164 00:06:15,856 --> 00:06:19,096 So, I'm here in Linux environment and I happen 165 00:06:19,096 --> 00:06:23,306 to be running the CS50 Appliance on Monday when the specification 166 00:06:23,606 --> 00:06:26,276 for the first project goes out we'll provide you 167 00:06:26,276 --> 00:06:28,086 with instructions for downloading the version 168 00:06:28,086 --> 00:06:30,036 of the appliance that you need and navigating your way 169 00:06:30,036 --> 00:06:31,886 around as well as in section on Monday, 170 00:06:32,066 --> 00:06:34,326 we'll provide some guidance with the project in particular. 171 00:06:34,326 --> 00:06:36,976 So realize that there's good deal of support structure 172 00:06:36,976 --> 00:06:38,106 on the horizon for you. 173 00:06:38,346 --> 00:06:40,156 And for tonight's purposes, we'll dive into some 174 00:06:40,156 --> 00:06:42,046 of the concepts that you'll need to understand 175 00:06:42,046 --> 00:06:43,946 and to give you the mental model with which to dive 176 00:06:43,946 --> 00:06:46,936 into what will be realized a fairly large projects 177 00:06:46,936 --> 00:06:47,876 starting Monday. 178 00:06:47,876 --> 00:06:49,416 So recall from the very first lecture, 179 00:06:49,636 --> 00:06:52,636 each of the projects is intended to take some 30-plus hours. 180 00:06:52,636 --> 00:06:54,206 You have about nine days for each of them 181 00:06:54,486 --> 00:06:55,906 so just realize setting aside 182 00:06:55,906 --> 00:06:57,136 that time is going to be crucial. 183 00:06:57,136 --> 00:06:59,466 These are not projects that you can do the night before. 184 00:06:59,466 --> 00:07:02,276 So just be mindful of such. 185 00:07:02,696 --> 00:07:03,066 All right. 186 00:07:03,226 --> 00:07:06,246 So, I've got a bunch of prefabricated code here 187 00:07:06,246 --> 00:07:07,236 for the sake of discussion. 188 00:07:07,236 --> 00:07:09,666 And I'm going to go into this directory, Frosh IMs, 189 00:07:09,666 --> 00:07:12,726 which for those unfamiliar, Frosh IMs at Harvard 190 00:07:12,726 --> 00:07:15,066 at least refers to freshman intramural sports. 191 00:07:15,066 --> 00:07:16,546 So, kind of a true story, 192 00:07:16,546 --> 00:07:19,446 back when I was an undergraduate students would sign 193 00:07:19,446 --> 00:07:22,006 up for intramural sports, really the old fashion way. 194 00:07:22,006 --> 00:07:23,746 If you wanted to play soccer some semester, 195 00:07:23,746 --> 00:07:25,786 you would literally write your name on a piece of paper, 196 00:07:25,986 --> 00:07:28,376 you would walk halfway across the campus in Harvard yard, 197 00:07:28,506 --> 00:07:31,116 and then you would slide this piece of paper under the door 198 00:07:31,116 --> 00:07:34,416 of a resident adviser who would actually physically sign you 199 00:07:34,416 --> 00:07:36,726 up for that sport, and then finally start emailing you. 200 00:07:36,996 --> 00:07:40,246 So I think I was sophomore or so at the time and this was sort 201 00:07:40,246 --> 00:07:43,896 of an opportunity ripe for digitization, 202 00:07:43,896 --> 00:07:45,696 so we could actually put this online. 203 00:07:45,696 --> 00:07:47,366 And so the problem at hand I had, 204 00:07:47,616 --> 00:07:50,486 one of the very times I myself started doing web programming 205 00:07:50,486 --> 00:07:53,486 was, I really just want to convert this piece of paper form 206 00:07:53,786 --> 00:07:56,546 to an online web form so that the information would be stored 207 00:07:56,626 --> 00:07:59,676 either on a database or maybe mailed to that resident adviser 208 00:07:59,676 --> 00:08:01,356 so that he or she could actually know 209 00:08:01,616 --> 00:08:03,036 that I've expressed an interest. 210 00:08:03,636 --> 00:08:06,636 So, I, at the time, did not learn PHP. 211 00:08:06,636 --> 00:08:09,846 It hadn't really come in to its own, I instead did this in Perl 212 00:08:09,846 --> 00:08:11,286 but the story is ultimately the same. 213 00:08:11,286 --> 00:08:14,246 And in fact, it's much, much easier to do what I did now 214 00:08:14,246 --> 00:08:16,496 than it was some years ago in a different language, 215 00:08:16,496 --> 00:08:20,316 because indeed PHP like some of its cousins these days, 216 00:08:20,316 --> 00:08:24,066 Python and Ruby have been made all the more friendly 217 00:08:24,066 --> 00:08:25,436 when it comes to web development. 218 00:08:25,436 --> 00:08:28,186 So let's see how we might recreate this piece of paper. 219 00:08:28,186 --> 00:08:29,576 So, here I have some HTML. 220 00:08:29,576 --> 00:08:32,856 I'm going to go into example number zero and just, again, 221 00:08:32,856 --> 00:08:34,766 for reference, anytime we would do code in class I'll make 222 00:08:34,766 --> 00:08:37,096 to post the actual code in a PDF online 223 00:08:37,096 --> 00:08:39,326 so that afterward you can play around if would like. 224 00:08:39,686 --> 00:08:40,956 So here's a very simple form. 225 00:08:40,956 --> 00:08:43,976 I mean, this is truly like 1990-style quality of webpages. 226 00:08:43,976 --> 00:08:46,296 But that's OK, because we have some basic form mechanisms 227 00:08:46,486 --> 00:08:48,316 that we're going to use to get input from the user. 228 00:08:48,526 --> 00:08:51,606 Now, ultimately, the goal is to do something with this data 229 00:08:51,606 --> 00:08:54,626 like save it to a file or put it in a database, 230 00:08:54,626 --> 00:08:57,216 or create a spreadsheet or email it even to the RA. 231 00:08:57,356 --> 00:08:59,676 Anything that gets this information 232 00:08:59,676 --> 00:09:01,006 to the array is the goal. 233 00:09:01,276 --> 00:09:04,166 So, what-- how have I probably laid this out? 234 00:09:04,166 --> 00:09:06,166 Well, let's take a quick look at the code. 235 00:09:06,436 --> 00:09:09,936 I'm going to go ahead and view source here. 236 00:09:10,546 --> 00:09:12,706 And we should see some fairly familiar stuff. 237 00:09:12,706 --> 00:09:13,616 I'm going to zoom in. 238 00:09:13,886 --> 00:09:15,266 And this isn't all that interesting. 239 00:09:15,266 --> 00:09:17,906 Again, HTML, we'll assume everyone's comfortable with. 240 00:09:18,206 --> 00:09:20,406 So we've got some divs and H1s and BRs, 241 00:09:20,406 --> 00:09:22,576 the form is where things get interesting. 242 00:09:22,576 --> 00:09:26,116 Form action register0.php. 243 00:09:26,116 --> 00:09:29,136 So, what does it mean when it says register0.php 244 00:09:29,136 --> 00:09:31,346 as the action? 245 00:09:31,346 --> 00:09:32,506 What is the action of a form? 246 00:09:33,366 --> 00:09:36,586 Someone from this half or-- oh, we've not hear from you yet. 247 00:09:36,886 --> 00:09:39,576 >> Submit to register0.php. 248 00:09:39,576 --> 00:09:41,336 >> Submit to register0.php. 249 00:09:41,336 --> 00:09:42,056 What's your name? 250 00:09:42,346 --> 00:09:42,986 >> Hiro Pang [assumed spelling]. 251 00:09:42,986 --> 00:09:43,146 >> Hiro? 252 00:09:43,146 --> 00:09:43,826 >> Hiro Pang. 253 00:09:43,826 --> 00:09:44,306 >> Hiro Pang. 254 00:09:44,516 --> 00:09:44,626 >> Yeah. 255 00:09:44,626 --> 00:09:46,636 >> OK. I'm going to try to get better at knowing names now. 256 00:09:46,636 --> 00:09:48,506 So, don't be uncomfortable if I'm asking your name. 257 00:09:48,866 --> 00:09:50,066 I'll do my best to remember. 258 00:09:50,066 --> 00:09:53,956 So, action means that because the value is register0.php, 259 00:09:53,956 --> 00:09:55,156 when I click Submit on this form, 260 00:09:55,396 --> 00:09:57,516 it's going to go to that file. 261 00:09:57,516 --> 00:10:01,386 Now, Monday of last week, completely cheated. 262 00:10:01,466 --> 00:10:04,256 It means that had the action line originally be google.com 263 00:10:04,256 --> 00:10:06,186 and we just sent a GET request to Google. 264 00:10:06,446 --> 00:10:07,846 So now we're going to start sending things 265 00:10:07,846 --> 00:10:10,616 to our own server, and the fact that there's no HTTP 266 00:10:10,616 --> 00:10:14,816 or domain name there means that register0.php lives where? 267 00:10:15,756 --> 00:10:15,866 Yeah? 268 00:10:16,066 --> 00:10:17,926 >> The same directory as that file. 269 00:10:17,926 --> 00:10:18,566 >> Exactly. 270 00:10:18,566 --> 00:10:20,616 In the same server and the same directory 271 00:10:20,616 --> 00:10:22,016 as the file we're looking at. 272 00:10:22,016 --> 00:10:23,876 So it's a relative URL, so to speak. 273 00:10:24,136 --> 00:10:25,576 All right, method equals post. 274 00:10:25,846 --> 00:10:27,386 Quick sanity check, why do we-- 275 00:10:27,496 --> 00:10:30,176 why would you want to send things via POST versus GET? 276 00:10:31,646 --> 00:10:34,096 Someone from over here? 277 00:10:34,096 --> 00:10:37,076 If this were a quiz show, these guys would be winning. 278 00:10:37,156 --> 00:10:37,306 Yeah? 279 00:10:38,376 --> 00:10:40,376 [ Inaudible Remark ] 280 00:10:40,736 --> 00:10:42,486 Good. Excellent. 281 00:10:42,486 --> 00:10:43,676 So one of the key characteristics 282 00:10:43,676 --> 00:10:46,016 of GET request is that they're parameters, 283 00:10:46,016 --> 00:10:48,396 the key value pairs separated with ampersands, 284 00:10:48,396 --> 00:10:49,816 recall, end up in the URL. 285 00:10:50,056 --> 00:10:52,406 Now, maybe for boring information like your name 286 00:10:52,406 --> 00:10:54,326 and dorm, not such a big deal 287 00:10:54,326 --> 00:10:57,346 but if there's anything slightly private or anything large 288 00:10:57,346 --> 00:11:00,086 like files, anything sensitive like passwords, 289 00:11:00,086 --> 00:11:02,976 credit card numbers, definitely belongs via POST 290 00:11:02,976 --> 00:11:03,766 as supposed to GET. 291 00:11:03,766 --> 00:11:05,556 So it doesn't end up in the browser's cache 292 00:11:05,556 --> 00:11:06,576 and then the autocomplete. 293 00:11:06,906 --> 00:11:07,896 So now, what's next here? 294 00:11:07,896 --> 00:11:10,506 I just used the simple table to lay out some form fields 295 00:11:10,506 --> 00:11:13,076 but the interesting parts for us tonight are the inputs 296 00:11:13,076 --> 00:11:15,476 of which I've given a name of name to the first one. 297 00:11:15,476 --> 00:11:17,316 It's typed text. 298 00:11:17,316 --> 00:11:20,406 Captain is of type checkbox, signifying, 299 00:11:20,406 --> 00:11:22,586 do you want to be captain for some team, for instance? 300 00:11:22,586 --> 00:11:26,016 If I scroll down further, gender is going to be a radio button, 301 00:11:26,216 --> 00:11:29,856 either F or M. Dorm meanwhile is going to be a select menu. 302 00:11:30,016 --> 00:11:31,776 And so we have a nice little sampling 303 00:11:31,776 --> 00:11:33,756 of the various HTML form types here. 304 00:11:33,756 --> 00:11:36,926 And that's interesting because we'll see now server side how 305 00:11:36,926 --> 00:11:41,356 those form fields get translated to variables inside 306 00:11:41,356 --> 00:11:44,626 of those superglobals called POST or GET depending 307 00:11:44,626 --> 00:11:46,196 on the mechanism that we used to submit. 308 00:11:46,566 --> 00:11:47,926 So let's go ahead and fill up this form. 309 00:11:47,926 --> 00:11:49,306 Let me zoom back up. 310 00:11:49,396 --> 00:11:53,086 Close the source code, and go ahead and just type in David. 311 00:11:53,566 --> 00:11:56,176 I'll say I'm a captain, male. 312 00:11:56,506 --> 00:12:00,726 From the dropdown here, from the dropdown here-- 313 00:12:00,726 --> 00:12:01,926 oops, let me zoom out. 314 00:12:02,106 --> 00:12:04,396 From the dropdown here, we'll choose Mathews. 315 00:12:04,546 --> 00:12:06,996 Register. Interesting. 316 00:12:07,086 --> 00:12:09,996 So, this is not a useful registration tool 317 00:12:10,326 --> 00:12:11,976 but it's interesting diagnostically. 318 00:12:11,976 --> 00:12:13,736 And we did something very similar briefly. 319 00:12:13,736 --> 00:12:15,456 I think on Wednesday we're going to just look 320 00:12:15,646 --> 00:12:17,756 at what was being sent to the server 321 00:12:17,756 --> 00:12:20,706 with a function recall called print_r, print recursive. 322 00:12:20,956 --> 00:12:22,646 So this is not sort of production code. 323 00:12:22,646 --> 00:12:27,216 So just taking a look inside of what variable do you think? 324 00:12:27,906 --> 00:12:29,466 What did I just print recursively? 325 00:12:30,676 --> 00:12:31,106 >> POST. 326 00:12:31,106 --> 00:12:32,426 >> POST. $_POST. 327 00:12:32,426 --> 00:12:35,256 The superglobal that should contain all of this stuff. 328 00:12:35,256 --> 00:12:37,276 And again, to be clear with something like PHP, 329 00:12:37,276 --> 00:12:39,856 what's nice about this superglobals is you hand it 330 00:12:39,856 --> 00:12:43,136 everything the user passed in including files, 331 00:12:43,136 --> 00:12:45,586 $_FILES is another superglobal 332 00:12:45,586 --> 00:12:48,156 that would contain uploaded files which is super convenient. 333 00:12:48,486 --> 00:12:49,296 So what did I get? 334 00:12:49,446 --> 00:12:51,186 Name David, Captain on. 335 00:12:51,186 --> 00:12:52,846 So it's interesting that it's O-N, 336 00:12:52,846 --> 00:12:55,966 it's some non-null value, so it's not 1 or 0. 337 00:12:55,966 --> 00:12:57,026 It's on in this case. 338 00:12:57,376 --> 00:13:00,746 Gender is male, dorm is Mathews. 339 00:13:00,746 --> 00:13:01,036 All right. 340 00:13:01,276 --> 00:13:03,246 So, interesting perhaps, 341 00:13:03,496 --> 00:13:05,446 but let's see what I did on the server. 342 00:13:05,926 --> 00:13:07,996 If I go into this actual file, 343 00:13:08,346 --> 00:13:10,936 let me go into my public_html directory, 344 00:13:10,936 --> 00:13:11,996 which recall is typically 345 00:13:11,996 --> 00:13:14,246 where files are stored in a user's account. 346 00:13:14,516 --> 00:13:16,256 We'll see other techniques before long. 347 00:13:16,256 --> 00:13:18,906 I'm going to go into, let's say, 348 00:13:19,016 --> 00:13:26,486 froshims1-- rather register1.php. 349 00:13:26,536 --> 00:13:29,896 And here we have the contents of this file-- 350 00:13:30,366 --> 00:13:31,786 oops, sorry, I cheated. 351 00:13:32,076 --> 00:13:39,066 Not register1, gedit frosh-- register0, there we go. 352 00:13:39,866 --> 00:13:41,476 So what is inside of this file? 353 00:13:41,886 --> 00:13:43,346 Well, not all that much. 354 00:13:43,346 --> 00:13:46,546 I have some HTML, head tag, title tag, et cetera. 355 00:13:46,716 --> 00:13:49,526 And then I have a pre-tag and I recursively print POST. 356 00:13:49,526 --> 00:13:51,666 So this is not a dynamic website per se, 357 00:13:51,866 --> 00:13:53,556 it's really just a stepping stone. 358 00:13:54,346 --> 00:13:57,496 So any questions, though, before we forge ahead on the mechanics 359 00:13:57,496 --> 00:13:59,136 of how form gets to server? 360 00:13:59,286 --> 00:13:59,396 Yeah. 361 00:13:59,556 --> 00:14:10,326 >> When you separate this text here that's all hidden, 362 00:14:10,406 --> 00:14:11,236 that serves that right. 363 00:14:11,236 --> 00:14:12,316 If you hit view source [inaudible]. 364 00:14:12,316 --> 00:14:12,716 >> Exactly. 365 00:14:12,716 --> 00:14:16,546 So key distinction, because PHP is an interpreted language 366 00:14:16,546 --> 00:14:20,386 and because the CS50 Appliance, which in this case just think 367 00:14:20,386 --> 00:14:23,256 of as web server then I will keep calling it an appliance. 368 00:14:23,256 --> 00:14:25,236 Just a web server that supports PHP. 369 00:14:25,236 --> 00:14:31,706 Interpreted language like PHP will indeed get interpreted 370 00:14:32,026 --> 00:14:33,166 on the server side. 371 00:14:33,166 --> 00:14:36,946 And what happens is when a request comes 372 00:14:36,946 --> 00:14:41,576 in from a user whether GET or POST, and it's for a file, 373 00:14:41,576 --> 00:14:44,456 in this case called register0.php, 374 00:14:44,456 --> 00:14:46,886 the web server Apache notices "Oh, 375 00:14:47,046 --> 00:14:49,166 you're requesting a dot PHP file. 376 00:14:49,166 --> 00:14:56,486 Let me not just send that to you, let me instead interpret it 377 00:14:56,486 --> 00:15:00,616 for you and then send the results of that interpretation. 378 00:15:00,906 --> 00:15:03,896 With PHP's interpreter which is literally a program 379 00:15:03,896 --> 00:15:07,326 on the computer called like php.exe or something equivalent, 380 00:15:07,326 --> 00:15:14,486 literally reads this file, top to bottom, left to right. 381 00:15:14,486 --> 00:15:17,176 And anytime it sees open bracket question mark, 382 00:15:17,266 --> 00:15:19,496 or open bracket question mark php, 383 00:15:19,496 --> 00:15:22,856 which is the more verbose origin, it enters PHP mode, 384 00:15:22,856 --> 00:15:27,536 so to speak, and then starts executing PHP instructions line 385 00:15:27,536 --> 00:15:28,176 by line. 386 00:15:28,546 --> 00:15:32,116 Now in this file, totally uninteresting up there, why? 387 00:15:32,116 --> 00:15:33,496 What's the blue text? 388 00:15:33,496 --> 00:15:34,986 Easy question. 389 00:15:34,986 --> 00:15:35,366 Yeah? 390 00:15:35,366 --> 00:15:36,336 >> The comments. 391 00:15:36,336 --> 00:15:37,606 >> Just comments, right? 392 00:15:37,606 --> 00:15:38,626 Meaningless stuffs. 393 00:15:39,216 --> 00:15:41,636 So nothing actually happens there. 394 00:15:41,826 --> 00:15:46,306 Then we close the tag there, question mark, close bracket. 395 00:15:46,306 --> 00:15:49,966 And then after that, what do we encounter? 396 00:15:49,966 --> 00:15:51,996 Well, it looks like it's just some HTML, HTML, HTML, oh, 397 00:15:51,996 --> 00:15:54,656 PHP mode again executes this line, 398 00:15:54,876 --> 00:15:57,276 printing recursively that variable. 399 00:15:58,176 --> 00:16:14,056 So what happens then is anything that's not PHP, just gets dumped 400 00:16:14,056 --> 00:16:18,196 to the browser raw, without being mutated at all. 401 00:16:18,476 --> 00:16:21,826 Anything that's inside of this open bracket question mark tags 402 00:16:22,636 --> 00:16:24,966 will instead be interpreted. 403 00:16:24,966 --> 00:16:27,906 So, to be clear and directly answer, 404 00:16:27,906 --> 00:16:29,986 here's what we see on the server. 405 00:16:30,046 --> 00:16:33,496 If I, instead, go back here on the client and view source 406 00:16:33,776 --> 00:16:36,296 in chrome, what I see 407 00:16:36,296 --> 00:16:39,426 on the browser is everything except what was once before 408 00:16:39,426 --> 00:16:44,706 in between open bracket question mark. 409 00:16:44,976 --> 00:16:45,216 Yeah? 410 00:16:45,216 --> 00:16:48,286 >> So, in that case, I guess the other thing I was wondering, 411 00:16:48,466 --> 00:16:51,466 for example, say it just plain text you added, 412 00:16:51,466 --> 00:16:54,186 something important, let say, like a password. 413 00:16:54,276 --> 00:16:54,666 >> OK. 414 00:16:54,666 --> 00:16:57,066 >> -- in PHP code, is that safe or [inaudible]? 415 00:16:57,446 --> 00:16:58,206 >> Good question. 416 00:16:58,206 --> 00:17:02,966 What if you have something sensitive like a password 417 00:17:02,966 --> 00:17:04,106 in your PHP code, is it safe? 418 00:17:04,106 --> 00:17:05,416 The short answer, no. 419 00:17:05,416 --> 00:17:09,446 If you put a password in this file and this file is 420 00:17:09,736 --> 00:17:15,136 in your public_html directory, that is bad, because-- 421 00:17:15,136 --> 00:17:18,016 actually, normally it's fine, right? 422 00:17:18,016 --> 00:17:20,926 Because if the file is interpreted and the PHP code, 423 00:17:20,926 --> 00:17:25,736 as we just said, is not actually sensitive to the server, 424 00:17:25,736 --> 00:17:27,866 no one in the in world is going to see your password, 425 00:17:28,636 --> 00:17:30,916 unless you screw up, or PHP breaks 426 00:17:30,916 --> 00:17:33,996 when you do a system update, or some random corner case 427 00:17:33,996 --> 00:17:37,136 that might happen 1% at a time, but that's 1% of that time 428 00:17:37,136 --> 00:17:39,586 when PHP or your web server are misbehaving 429 00:17:39,586 --> 00:17:43,836 and a user visits register0.php and "wallah" sees your password, 430 00:17:43,836 --> 00:17:46,286 that's all it takes to be compromised. 431 00:17:46,286 --> 00:17:47,856 So instead, what would become 432 00:17:47,856 --> 00:17:52,216 and we'll see this before long is anything, like password, 433 00:17:52,616 --> 00:17:55,586 you can still put in PHP files, but you would them, 434 00:17:55,706 --> 00:17:58,366 for instance, in the parent directory, anywhere other 435 00:17:58,466 --> 00:18:01,726 than public_html or anywhere other 436 00:18:01,726 --> 00:18:04,086 than a special director generally called document root. 437 00:18:04,086 --> 00:18:07,826 In other words, you do not put sensitive stuff inside 438 00:18:07,826 --> 00:18:10,346 of any folder that's accessible on the web. 439 00:18:10,346 --> 00:18:13,506 Because by contrast, in your PHP code, 440 00:18:13,506 --> 00:18:16,836 you can have file reference like dot-dot slash dot-dot slash. 441 00:18:16,836 --> 00:18:22,136 You can go up in the directory, but users on the web cannot do 442 00:18:22,206 --> 00:18:25,056 that by adding dots in the URL. 443 00:18:25,056 --> 00:18:30,876 And this is because of web server configuration details 444 00:18:30,876 --> 00:18:33,996 that we'll look at in more detail. 445 00:18:34,316 --> 00:18:41,156 >> So what is the difference between the doc root 446 00:18:41,156 --> 00:18:43,166 and HTML-- or public_html? 447 00:18:43,246 --> 00:18:44,606 >> Really good question. 448 00:18:44,606 --> 00:18:47,556 What's the difference between document root 449 00:18:47,556 --> 00:18:51,416 which was a variable of sorts that we saw briefly 450 00:18:51,416 --> 00:18:54,276 in that configuration file called httpd.conf, 451 00:18:54,276 --> 00:18:55,866 which was Apache's default config file? 452 00:18:55,866 --> 00:18:58,126 Document root is where the contents 453 00:18:58,126 --> 00:18:59,706 of the main web server go. 454 00:18:59,706 --> 00:19:01,856 So, if you go food.com slash, 455 00:19:01,856 --> 00:19:03,876 that is the so-called document root, 456 00:19:04,286 --> 00:19:06,556 and it's usually a directory somewhere else 457 00:19:06,556 --> 00:19:06,946 in the hard drive. 458 00:19:06,946 --> 00:19:11,176 If, however, you go to food.com/ tilde David, that refers not 459 00:19:11,176 --> 00:19:15,706 to document root, but to David's personal public_html directory. 460 00:19:15,706 --> 00:19:17,016 So in this sense, users on a computer server, 461 00:19:17,046 --> 00:19:18,126 if you have a thousand users on your server, 462 00:19:18,156 --> 00:19:19,386 all of them have their own public_html directories, 463 00:19:19,416 --> 00:19:21,096 so you can kind of think that as a thousand different document 464 00:19:21,126 --> 00:19:22,176 roots, but the official document root is 465 00:19:22,206 --> 00:19:23,196 when there's no tilde involved in the URL, 466 00:19:23,226 --> 00:19:23,856 when you're just that slash. 467 00:19:23,886 --> 00:19:25,386 >> So the document-- the content and the document of root-- 468 00:19:25,416 --> 00:19:26,736 I mean, document.root, usable to every user, right? 469 00:19:26,766 --> 00:19:27,336 >> Every user on the web. 470 00:19:27,366 --> 00:19:27,456 >> Yes. 471 00:19:27,486 --> 00:19:27,576 >> Yes. 472 00:19:27,606 --> 00:19:28,656 >> But under the public_html is only used-- 473 00:19:28,686 --> 00:19:29,676 only usable for a particular user? 474 00:19:29,706 --> 00:19:29,856 >> Correct. 475 00:19:29,886 --> 00:19:30,516 Public_html is per user. 476 00:19:30,546 --> 00:19:31,476 And I can make this more explicit. 477 00:19:31,506 --> 00:19:32,766 Right now, again in the appliance, we just so happen 478 00:19:32,796 --> 00:19:34,266 to have a username called jharvard for everyone to use, 479 00:19:34,296 --> 00:19:35,556 just so that there's a user account without you have 480 00:19:35,586 --> 00:19:36,996 to creating your own accounts manually, and we're inside 481 00:19:37,026 --> 00:19:37,956 of jharvard's public_html directory. 482 00:19:37,986 --> 00:19:38,796 Let me temporarily become root, 483 00:19:38,826 --> 00:19:39,696 which is the administrative account. 484 00:19:39,726 --> 00:19:41,376 And I'm going to go into a directory called etc/httpd/conf. 485 00:19:41,406 --> 00:19:42,456 And then, I'm going to open a file gedit, 486 00:19:42,486 --> 00:19:43,326 which is text editor, httpd.conf. 487 00:19:43,356 --> 00:19:44,616 And now we get our little text editor program. 488 00:19:44,646 --> 00:19:46,086 This is that same file we discussed last week, httpd.conf. 489 00:19:46,116 --> 00:19:47,556 And if I scroll down, scroll down, scroll down, scroll down, 490 00:19:47,586 --> 00:19:48,966 scroll down and search for document root, here we have 491 00:19:48,996 --> 00:19:50,736 on line 294, it's good that I didn't keep scrolling, 492 00:19:50,766 --> 00:19:52,416 of this config file, a variable of sorts and Apache directive 493 00:19:52,446 --> 00:19:53,166 that says, "The document root 494 00:19:53,196 --> 00:19:54,516 for the server is in /var/www/htlm. 495 00:19:54,546 --> 00:19:55,086 So what does that mean? 496 00:19:55,116 --> 00:19:55,806 Well, let's take a quick look. 497 00:19:55,836 --> 00:19:56,616 Let me go to Chrome, my browser. 498 00:19:56,646 --> 00:19:57,906 Let me go just to httpd://localhost, 499 00:19:57,936 --> 00:19:59,016 which again refers to my local server, enter, 500 00:19:59,046 --> 00:19:59,916 and this is what I see by default, 501 00:19:59,946 --> 00:20:00,816 and we saw this last week, briefly. 502 00:20:00,846 --> 00:20:02,046 But now, let me go back to my terminal window. 503 00:20:02,076 --> 00:20:03,516 And again, for those unfamiliar in section, we'll play more 504 00:20:03,546 --> 00:20:04,746 over this and you'll have a chance on the project 505 00:20:04,776 --> 00:20:05,976 to get your hands dirtier with the command line. 506 00:20:06,066 --> 00:20:08,446 I'm going to go into var/www.html. 507 00:20:08,446 --> 00:20:11,836 I'm going to do LS for list, and notice there's nothing there. 508 00:20:11,836 --> 00:20:14,556 That's why we saw that default test message. 509 00:20:14,906 --> 00:20:18,786 Let me do something like this, gedit index.html, 510 00:20:19,206 --> 00:20:19,896 and I'm just going 511 00:20:19,896 --> 00:20:22,876 to say something random that's not even HTML, "Hello World." 512 00:20:23,256 --> 00:20:24,136 OK. Save it. 513 00:20:24,136 --> 00:20:26,456 Let me go back to my terminal window. 514 00:20:27,546 --> 00:20:30,436 And now, notice it is already readable 515 00:20:30,436 --> 00:20:32,206 by everyone, by default. 516 00:20:33,076 --> 00:20:36,786 So, now notice if I go back to my browser and reload here 517 00:20:37,226 --> 00:20:38,546 that is document root. 518 00:20:38,996 --> 00:20:42,526 So, documentary root is when you're actually a web master 519 00:20:42,526 --> 00:20:45,376 for a website and you don't have want this silly tildes 520 00:20:45,376 --> 00:20:48,176 in the username-- in the URLs, which is only used 521 00:20:48,176 --> 00:20:49,746 by like universities or companies 522 00:20:49,746 --> 00:20:51,046 when you want personal home pages, 523 00:20:51,416 --> 00:20:54,366 document root really refers to the root of the web server, 524 00:20:54,366 --> 00:20:57,616 food.com/, no tildes involved. 525 00:20:58,166 --> 00:21:00,256 So why use the jharvard in public_html? 526 00:21:00,256 --> 00:21:02,076 We won't use it for projects per se. 527 00:21:02,186 --> 00:21:04,726 It is just when you just want to play around with codes. 528 00:21:04,726 --> 00:21:07,406 It's the quickest place to put some code in the users account, 529 00:21:07,596 --> 00:21:11,956 so that the user can play with files on the web. 530 00:21:12,076 --> 00:21:12,426 All right. 531 00:21:12,946 --> 00:21:15,886 So Frosh IMs feel like we can do better here. 532 00:21:15,886 --> 00:21:20,216 So let me go back to register my websites here. 533 00:21:20,446 --> 00:21:24,356 And let's go to, say, version 1 of this, froshims1. 534 00:21:24,566 --> 00:21:27,056 So this time, I'm going to ahead and type in David. 535 00:21:27,106 --> 00:21:29,256 But I'm one of those users who doesn't like to cooperate, 536 00:21:29,256 --> 00:21:30,876 I'm going to skip the rest of the form fields 537 00:21:30,876 --> 00:21:32,696 and I'm just going to click Register. 538 00:21:33,506 --> 00:21:34,096 What happens? 539 00:21:34,696 --> 00:21:37,816 Well, it feels like it just deleted the form field. 540 00:21:37,816 --> 00:21:39,286 So, not the best user experience. 541 00:21:39,286 --> 00:21:40,836 I'm a little confused as to what went on. 542 00:21:41,326 --> 00:21:43,736 But this suggests that the server has, somehow, 543 00:21:43,736 --> 00:21:45,146 validated the user's input. 544 00:21:45,386 --> 00:21:46,936 Did the user fill out the whole form? 545 00:21:47,046 --> 00:21:48,956 Well, let's see how this question was answered. 546 00:21:48,956 --> 00:21:50,926 Let me go back to my source code. 547 00:21:51,316 --> 00:21:53,446 This time, I want to look 548 00:21:53,446 --> 00:21:58,056 at the public_html directories, froshims1.php. 549 00:21:58,466 --> 00:22:01,826 And this file is a little different from before. 550 00:22:01,826 --> 00:22:04,506 Notice that-- oops, not froshims1. 551 00:22:04,506 --> 00:22:06,666 That's just what we looked at. 552 00:22:06,666 --> 00:22:12,946 Let me go to register1, which is this file here. 553 00:22:14,206 --> 00:22:17,896 So, what line number-- in what line number do we check 554 00:22:17,896 --> 00:22:20,446 if the user provided all the form fields we care about? 555 00:22:20,716 --> 00:22:20,786 Yeah? 556 00:22:21,126 --> 00:22:21,276 >> 13. 557 00:22:21,836 --> 00:22:22,956 >> Yeah, so 13. 558 00:22:22,956 --> 00:22:26,396 So line 13 has if empty name or empty gender 559 00:22:26,396 --> 00:22:28,546 or empty dorm, what do we do? 560 00:22:28,546 --> 00:22:32,846 That's a little arcane, but I'm calling a header function 561 00:22:33,146 --> 00:22:36,126 passing in this very long URL, and then exiting. 562 00:22:36,316 --> 00:22:38,956 Now, there are cleaner ways to do this, but I want it to do 563 00:22:38,956 --> 00:22:40,686 as explicitly as possible for now. 564 00:22:40,946 --> 00:22:44,476 So take a guess, in layman's term, what is line 15 doing? 565 00:22:44,886 --> 00:22:45,016 Yeah? 566 00:22:45,366 --> 00:22:45,946 >> Sending back? 567 00:22:46,376 --> 00:22:46,726 >> Perfect. 568 00:22:46,726 --> 00:22:48,836 It's sending the user back to the previous URL. 569 00:22:49,176 --> 00:22:51,966 Now, I say this is overly verbose, because you shouldn't-- 570 00:22:51,966 --> 00:22:53,806 I shouldn't have to hard code the whole URL like this. 571 00:22:53,806 --> 00:22:55,536 This is clearly going to break as soon as I move it 572 00:22:55,536 --> 00:22:57,746 to another server with a different name, but I just want 573 00:22:57,746 --> 00:22:59,796 to be super clear as to what was going on. 574 00:23:00,036 --> 00:23:04,366 And I call exit specifically, so that no more code happens. 575 00:23:04,366 --> 00:23:06,396 I want the user to be bounced right away. 576 00:23:06,656 --> 00:23:08,786 Now, what does it mean to say location colon? 577 00:23:08,786 --> 00:23:09,916 Where have we seen that before? 578 00:23:10,476 --> 00:23:10,543 Yeah? 579 00:23:10,543 --> 00:23:15,356 >> It's seen in the headers or packet. 580 00:23:15,526 --> 00:23:16,766 >> Good, the headers of a packet, 581 00:23:16,766 --> 00:23:21,386 the headers of an HTTP request and response, specifically. 582 00:23:21,656 --> 00:23:22,856 So let's actually take a look. 583 00:23:22,856 --> 00:23:25,876 Chrome again is a handy little tool to see things going on, 584 00:23:26,116 --> 00:23:29,386 and you can do the same with similar tools in IE and Firefox. 585 00:23:29,726 --> 00:23:33,176 Let me go ahead and open up Inspect Elements here. 586 00:23:33,176 --> 00:23:34,686 This is the developer toolbar. 587 00:23:34,896 --> 00:23:36,926 I'm going to the network tab here. 588 00:23:37,066 --> 00:23:38,176 And let me try that again. 589 00:23:38,176 --> 00:23:40,126 So I'm going to say David but nothing else. 590 00:23:40,186 --> 00:23:42,966 Register. Now, notice what happens down here. 591 00:23:42,966 --> 00:23:44,126 I've a couple of rows. 592 00:23:44,516 --> 00:23:47,786 This first row means a request was made to register1.php. 593 00:23:47,786 --> 00:23:50,106 The second row means a second request was made 594 00:23:50,106 --> 00:23:51,876 to froshims1.php. 595 00:23:51,976 --> 00:23:54,406 That is consistent with the story you just proposed, 596 00:23:54,806 --> 00:23:56,196 whereby we're getting redirected. 597 00:23:56,196 --> 00:23:57,256 Well, let's see what's happening. 598 00:23:57,256 --> 00:24:00,056 If I click on this first row and look at the headers, 599 00:24:00,516 --> 00:24:02,706 notice what status code came back 600 00:24:02,706 --> 00:24:06,986 when I request the register1.php, 302. 601 00:24:07,166 --> 00:24:09,866 Now, in my code, there's no mention of 302, and that's just 602 00:24:09,866 --> 00:24:12,316 because PHP's header function is a little smart. 603 00:24:12,496 --> 00:24:16,036 If it sees that you have said literally location colon, 604 00:24:16,286 --> 00:24:19,356 as the string you're passing to the function, it realizes, "Oh, 605 00:24:19,356 --> 00:24:20,776 you want to redirect the user." 606 00:24:20,776 --> 00:24:23,846 It will infer for you 302-- 301 is the other option 607 00:24:23,846 --> 00:24:27,186 but it does 302 by default, and then it sends where-- 608 00:24:27,186 --> 00:24:29,026 where should I see the location header? 609 00:24:29,026 --> 00:24:32,936 Do I have-- want to scroll up or down here? 610 00:24:33,156 --> 00:24:34,866 Actually, I'll just scroll down. 611 00:24:35,166 --> 00:24:36,476 Response. We want the response. 612 00:24:36,916 --> 00:24:38,466 I didn't remember where it was either. 613 00:24:38,466 --> 00:24:41,916 So, location, that's how this magic just happened. 614 00:24:42,956 --> 00:24:43,796 OK. So that's all. 615 00:24:43,796 --> 00:24:46,016 We tied it now together to the lecture zero. 616 00:24:46,156 --> 00:24:48,606 Let's go back to the code here and look 617 00:24:48,606 --> 00:24:51,496 at how this line 13 is executing. 618 00:24:51,766 --> 00:24:53,856 So you can probably guess what the empty function does. 619 00:24:53,906 --> 00:24:54,936 There's a bunch of function 620 00:24:54,936 --> 00:24:57,436 with which you can check the validity of strings here. 621 00:24:57,716 --> 00:25:02,496 But $_POST angle bracket quote and quote name, is doing what? 622 00:25:02,496 --> 00:25:05,526 Can someone translate that into less technical English? 623 00:25:06,026 --> 00:25:09,856 >> Well, the POST is an array so it looks 624 00:25:10,256 --> 00:25:11,926 for the key name inside the array 625 00:25:12,196 --> 00:25:15,826 and the empty function probably checks if it's empty. 626 00:25:15,826 --> 00:25:16,216 >> Excellent. 627 00:25:16,216 --> 00:25:17,786 So POST, again is an array. 628 00:25:17,956 --> 00:25:19,166 It's not a numeric array 629 00:25:19,166 --> 00:25:20,636 with which you might be most familiar. 630 00:25:20,636 --> 00:25:22,086 It's an associative array, 631 00:25:22,236 --> 00:25:26,266 which is conceptually similar except your keys are no longer 632 00:25:26,266 --> 00:25:27,646 numbers, like 0, 1, and 2. 633 00:25:27,786 --> 00:25:30,216 They're instead anything you want, like strings, foo, bar, 634 00:25:30,216 --> 00:25:31,636 and baz, or in this case name. 635 00:25:31,946 --> 00:25:35,186 So, if there is not-- if there is-- this is checking. 636 00:25:35,646 --> 00:25:38,316 If the value of the name key 637 00:25:38,616 --> 00:25:41,756 in the POST superglobal array is empty, 638 00:25:42,086 --> 00:25:44,636 and empty just means nothing is there to quote and quote, 639 00:25:44,746 --> 00:25:48,526 it's nothing interesting, then that evaluates to true. 640 00:25:48,686 --> 00:25:50,626 And because we're doing or, or, 641 00:25:50,626 --> 00:25:52,346 again like you would syntactically 642 00:25:52,346 --> 00:25:54,316 with two vertical bars, like in many languages, 643 00:25:54,536 --> 00:25:55,796 we're just saying if anyone 644 00:25:55,796 --> 00:25:57,946 of these things is empty, redirect the user. 645 00:25:58,256 --> 00:25:59,426 Now, not very user-friendly 646 00:25:59,426 --> 00:26:01,756 and I'm not even telling the user what he or she did wrong, 647 00:26:01,756 --> 00:26:03,756 but it's at least the steppingstone toward that. 648 00:26:03,756 --> 00:26:04,616 What comes next? 649 00:26:04,726 --> 00:26:06,416 Then, I've just got my HTML at the bottom. 650 00:26:06,416 --> 00:26:08,356 So there are different ways to do this in PHP, 651 00:26:08,356 --> 00:26:10,506 but notice the paradigm we've adopted for now. 652 00:26:10,686 --> 00:26:12,706 We're putting our logic at the top of the file. 653 00:26:12,806 --> 00:26:15,686 We're doing whatever kind of ifs or elses that we want up there 654 00:26:15,686 --> 00:26:17,836 and then when we're ready to show the users something, 655 00:26:18,106 --> 00:26:20,846 we dump it and we dump the raw HTML at the bottom 656 00:26:20,846 --> 00:26:22,656 of the file, and that's it. 657 00:26:22,816 --> 00:26:25,186 So, if I scroll down further, there's nothing really 658 00:26:25,186 --> 00:26:28,886 of interest down there anymore because it's just going 659 00:26:28,886 --> 00:26:31,196 to say, "You are registered. 660 00:26:31,196 --> 00:26:31,946 Well, not really." 661 00:26:31,946 --> 00:26:32,606 Let's see that. 662 00:26:32,776 --> 00:26:35,336 How do I get a web page that literally-- 663 00:26:35,336 --> 00:26:37,046 that really says, "You are registered. 664 00:26:37,046 --> 00:26:37,726 Well, not really?" 665 00:26:38,536 --> 00:26:43,156 How do I get to this point if my form, again, is this? 666 00:26:43,376 --> 00:26:45,526 What fields do I have to fill out? 667 00:26:49,876 --> 00:26:51,796 >> All of them. 668 00:26:52,086 --> 00:26:53,586 >> Close. Yeah. 669 00:26:53,686 --> 00:26:55,166 Gender is true, but one more. 670 00:26:55,576 --> 00:26:56,146 >> Dorm. 671 00:26:56,146 --> 00:26:56,646 >> And dorm. 672 00:26:56,646 --> 00:26:57,176 All right. 673 00:26:57,176 --> 00:26:58,856 So it's not technically all of them, 674 00:26:58,976 --> 00:27:01,046 because I don't require that someone be what? 675 00:27:01,096 --> 00:27:04,226 A captain, just because that would be a little weird 676 00:27:04,226 --> 00:27:07,236 to require that check box, but I've check for these three. 677 00:27:07,236 --> 00:27:10,136 So now I'll click Register and "wallah" you are registered. 678 00:27:10,306 --> 00:27:11,016 Well, not really. 679 00:27:11,016 --> 00:27:12,596 Well, not really because I haven't done anything 680 00:27:12,596 --> 00:27:13,046 with the data. 681 00:27:13,046 --> 00:27:14,246 All I've did was done-- 682 00:27:14,246 --> 00:27:15,536 just tells the user you're registered, 683 00:27:15,676 --> 00:27:18,206 but I haven't told resident advisor or anything like that. 684 00:27:18,736 --> 00:27:22,396 So, let's see if we can improve upon this a little more. 685 00:27:22,396 --> 00:27:25,816 So, let me go into froshims2 this time. 686 00:27:25,816 --> 00:27:28,516 Let me pull up the source code and my editor. 687 00:27:29,396 --> 00:27:34,646 So this will be froshims2 in here. 688 00:27:35,456 --> 00:27:39,796 And in this version, notice that my form is pretty much the same. 689 00:27:39,796 --> 00:27:43,176 It is the same actually, but it submitting instead to register2. 690 00:27:43,436 --> 00:27:45,686 So that then begs the question what is register2. 691 00:27:45,686 --> 00:27:47,446 Let's do that, register2. 692 00:27:47,876 --> 00:27:52,436 And now what is this doing, this is doing a similar check, 693 00:27:52,816 --> 00:27:54,346 but where is it going to-- 694 00:27:54,346 --> 00:27:56,986 how is it going to handle the error differently this time? 695 00:27:56,986 --> 00:27:58,206 It's not going to redirect the user. 696 00:27:58,206 --> 00:27:58,776 It's going to do what? 697 00:27:59,086 --> 00:28:02,726 >> Well, if one of those required fields was empty it's 698 00:28:02,726 --> 00:28:06,696 going to go dump-- it's not going to echo but it's going 699 00:28:06,696 --> 00:28:10,106 to dump some raw HTML and say you must provide your name, 700 00:28:10,106 --> 00:28:10,796 genre, and dorm. 701 00:28:10,956 --> 00:28:11,396 >> Excellent. 702 00:28:11,506 --> 00:28:13,916 >> Otherwise it's going to dump if you're registered. 703 00:28:14,046 --> 00:28:14,476 >> Excellent. 704 00:28:14,476 --> 00:28:17,236 So last time, it was kind of lame attempted error checking 705 00:28:17,236 --> 00:28:19,416 to just redirect the user back to the original form 706 00:28:19,416 --> 00:28:20,976 without giving them any kind of feedback, 707 00:28:21,296 --> 00:28:22,256 so I'm doing exactly that. 708 00:28:22,256 --> 00:28:25,196 Now, I'm using the same logic, if empty, if empty, if empty. 709 00:28:25,516 --> 00:28:26,816 But this time, rather than redirect, 710 00:28:26,816 --> 00:28:29,166 I'm going to conditionally output some text. 711 00:28:29,386 --> 00:28:31,056 So notice some slightly different syntax. 712 00:28:31,056 --> 00:28:34,446 They'll have my open bracket question mark, some PHP code, 713 00:28:34,446 --> 00:28:38,636 but notice what's over here, the colon then the close PHP tag. 714 00:28:38,966 --> 00:28:42,196 So this means, if that expression is true, proceed to-- 715 00:28:42,466 --> 00:28:47,196 dump whatever it follows that colon, until you see an endif. 716 00:28:47,846 --> 00:28:49,716 So, it's a little strange here, but it's kind 717 00:28:49,786 --> 00:28:52,046 of a nice one-line way of laying things out. 718 00:28:52,206 --> 00:28:54,276 So, if any of those three fields is empty, it's going to say, 719 00:28:54,276 --> 00:28:55,936 "You must provide your name, gender, and dorm." 720 00:28:56,146 --> 00:28:57,656 Oh, and this is nice, a little hyperlink back 721 00:28:57,656 --> 00:28:59,526 to the previous files, slightly user friendly, 722 00:28:59,876 --> 00:29:01,746 else colon, "You are registered. 723 00:29:01,746 --> 00:29:02,376 Well, not really." 724 00:29:02,576 --> 00:29:04,506 So still, not ready for prime time, 725 00:29:04,726 --> 00:29:06,146 but a step in the right direction. 726 00:29:06,146 --> 00:29:06,966 So let's try this. 727 00:29:06,966 --> 00:29:10,866 Let me go to my browser and type in David, and that's it. 728 00:29:10,866 --> 00:29:12,266 I'll be a difficult user again. 729 00:29:12,266 --> 00:29:14,576 Register. And now notice here-- 730 00:29:14,576 --> 00:29:15,896 oops, I'm still on the previous one. 731 00:29:16,086 --> 00:29:17,376 We want froshims2. 732 00:29:17,866 --> 00:29:20,316 Looks the same, but I've typed David and register. 733 00:29:20,926 --> 00:29:22,426 And now, I have a parse error. 734 00:29:22,936 --> 00:29:26,936 So, this is good teaching moment. 735 00:29:27,466 --> 00:29:29,086 Line 20, what's wrong here? 736 00:29:29,086 --> 00:29:29,756 Let's take a look. 737 00:29:29,816 --> 00:29:31,556 Let's go back to my text editor. 738 00:29:32,086 --> 00:29:39,276 Line 20. And what am I missing here? 739 00:29:39,876 --> 00:29:40,606 Oh, this is subtle. 740 00:29:40,606 --> 00:29:41,086 This is good. 741 00:29:41,616 --> 00:29:42,196 David screwed up. 742 00:29:42,786 --> 00:29:42,876 Yeah. 743 00:29:43,031 --> 00:29:45,031 [ Inaudible Remark ] 744 00:29:45,046 --> 00:29:48,326 No. So the colon is actually necessary. 745 00:29:49,476 --> 00:29:50,786 I am missing something. 746 00:29:51,506 --> 00:29:52,866 Good opportunity for error? 747 00:29:52,966 --> 00:29:53,296 >> Yeah. 748 00:29:53,656 --> 00:29:53,856 >> Yeah. 749 00:29:54,666 --> 00:29:57,146 >> I think you're missing an extra parenthesis. 750 00:29:57,346 --> 00:29:59,016 >> Yeah. I accidentally left off a parenthesis. 751 00:29:59,016 --> 00:29:59,356 It's all right. 752 00:29:59,356 --> 00:29:59,976 So a stupid newbie mistake. 753 00:30:00,086 --> 00:30:02,736 Let's assume this was deliberate for the sake of teaching. 754 00:30:03,186 --> 00:30:05,036 So, I'm missing a parenthesis, right? 755 00:30:05,036 --> 00:30:07,476 This is just sort of CS101 stuff. 756 00:30:07,476 --> 00:30:08,416 There was one over here. 757 00:30:08,416 --> 00:30:09,296 I need one on the end. 758 00:30:09,296 --> 00:30:12,626 So let's me save this and reload. 759 00:30:13,896 --> 00:30:15,606 And notice here, we talked about this last week. 760 00:30:15,606 --> 00:30:18,946 I've just reloaded the page but it was a POST not a GET. 761 00:30:19,256 --> 00:30:21,526 So users with some browsers will warn you 762 00:30:21,526 --> 00:30:23,306 when resubmitting a form in this fashion. 763 00:30:23,306 --> 00:30:24,436 So that's what we're seeing here. 764 00:30:24,706 --> 00:30:27,556 And now-- Uh-oh, we're getting that warning message. 765 00:30:27,636 --> 00:30:28,176 Yeah, Connor [assumed spelling] 766 00:30:30,516 --> 00:30:38,846 [ Inaudible Remark ] 767 00:30:39,346 --> 00:30:40,376 It does not. 768 00:30:40,376 --> 00:30:44,116 You do not need a colon after the endif, because think of this 769 00:30:44,116 --> 00:30:47,256 as continuing a sentence, "If this is true then," 770 00:30:47,396 --> 00:30:48,776 so think of the colon as then. 771 00:30:49,246 --> 00:30:52,466 Else then-- and an endif is just-- that's it. 772 00:30:52,646 --> 00:30:54,516 There's no more part of the story. 773 00:30:54,846 --> 00:30:56,806 So, just so you've seen another approach, 774 00:30:56,806 --> 00:30:58,576 even though it's a little weirder, 775 00:30:58,896 --> 00:31:00,956 you can avoid using the colons. 776 00:31:01,166 --> 00:31:03,126 You can, instead, use an open curly brace 777 00:31:03,126 --> 00:31:04,576 with which you might be more familiar. 778 00:31:04,576 --> 00:31:07,716 But if you do that, you then need to close it there 779 00:31:08,076 --> 00:31:11,556 and open another one here, and then close it here. 780 00:31:11,556 --> 00:31:13,636 So this is perfectly legitimate, syntactically. 781 00:31:13,636 --> 00:31:15,156 If you prefer it this way, that's fine, 782 00:31:15,436 --> 00:31:18,216 just realize it's a little strange maybe, 783 00:31:18,216 --> 00:31:20,816 to have these curly braces sort of a no man's land there. 784 00:31:20,816 --> 00:31:21,916 Just a style decision. 785 00:31:21,916 --> 00:31:24,566 Just go with whatever you prefer, but be consistent. 786 00:31:25,296 --> 00:31:25,716 All right. 787 00:31:26,086 --> 00:31:27,376 So, what about version 3? 788 00:31:27,376 --> 00:31:31,006 Can we take this a little closer to something even cleaner? 789 00:31:31,296 --> 00:31:33,336 So, this version, register3-- 790 00:31:33,336 --> 00:31:35,386 froshims3 is going to submit to register3. 791 00:31:35,696 --> 00:31:38,736 So, again, I've just copied and pasted the same Frosh IMs file, 792 00:31:38,906 --> 00:31:41,656 just so that they redirect elsewhere-- submit elsewhere, 793 00:31:41,656 --> 00:31:45,016 so that we can demonstrate them one at a time. 794 00:31:45,366 --> 00:31:48,246 So register3, now it's getting kind of fancy. 795 00:31:48,606 --> 00:31:52,046 What does this version apparently do based 796 00:31:52,046 --> 00:31:58,686 on the PHP code up here? 797 00:31:59,326 --> 00:32:00,776 Yeah. Yeah, so this one sends an email. 798 00:32:00,776 --> 00:32:03,626 So, finally, we have something that not only is useful 799 00:32:03,626 --> 00:32:06,586 for the users, it's finally useful for the RA, because he 800 00:32:06,586 --> 00:32:07,976 or she is finally going to get an email. 801 00:32:08,296 --> 00:32:10,256 Now, not as good as a database, but my God, 802 00:32:10,256 --> 00:32:12,016 it's better at least than nothing. 803 00:32:12,016 --> 00:32:13,376 So, how does this work? 804 00:32:13,546 --> 00:32:17,516 Well, again, I'm doing the empty checks, but this time backwards. 805 00:32:17,516 --> 00:32:19,006 Notice, I've switched my logic around. 806 00:32:19,286 --> 00:32:22,246 So, if name is not empty and gender is not empty 807 00:32:22,246 --> 00:32:25,136 and the dorm is not empty, then do the following. 808 00:32:25,566 --> 00:32:28,846 And I have a few new pieces of syntax here. 809 00:32:28,846 --> 00:32:30,036 There's different ways of doing this, 810 00:32:30,336 --> 00:32:33,066 but notice that $to is just a local variable. 811 00:32:33,146 --> 00:32:35,316 Recall that, Wednesday, we said that all variables start 812 00:32:35,316 --> 00:32:39,396 with dollar signs in PHP, "malan@cs50.net", which is one 813 00:32:39,396 --> 00:32:40,686 of course email addresses. 814 00:32:40,686 --> 00:32:43,686 It's just a string followed by a semicolon. 815 00:32:43,806 --> 00:32:47,206 Subject is registration, body is this backslash N, 816 00:32:47,206 --> 00:32:48,806 recall is a new line character. 817 00:32:48,806 --> 00:32:50,586 Take a guess as to what the dot character is. 818 00:32:51,686 --> 00:32:52,656 What's the dot symbol mean? 819 00:32:53,016 --> 00:32:54,756 [ Inaudible Remark ] 820 00:32:54,756 --> 00:32:56,846 Not end of line per se. 821 00:32:56,976 --> 00:33:00,766 >> If you have two [inaudible] you want to combine them. 822 00:33:00,896 --> 00:33:01,146 >> Good. 823 00:33:01,256 --> 00:33:05,306 >> Also strings so you can a variable dot and then something. 824 00:33:05,706 --> 00:33:06,076 >> Perfect. 825 00:33:06,076 --> 00:33:08,036 So it combines two strings. 826 00:33:08,036 --> 00:33:10,316 And the buzz word for this is the something, 827 00:33:10,316 --> 00:33:10,876 something operator. 828 00:33:11,121 --> 00:33:13,121 [ Inaudible Remark ] 829 00:33:13,226 --> 00:33:14,726 Concatenation operator. 830 00:33:14,726 --> 00:33:17,196 So the concatenation operator, in this case, is dot. 831 00:33:17,496 --> 00:33:20,086 In some languages, like JavaScript, it's plus. 832 00:33:20,086 --> 00:33:21,126 Java it's plus. 833 00:33:21,546 --> 00:33:23,216 Some languages don't even have it. 834 00:33:23,216 --> 00:33:24,746 But this is just building up a string. 835 00:33:24,746 --> 00:33:25,896 Why did I do with this way? 836 00:33:26,216 --> 00:33:27,136 Well, it's just because I want 837 00:33:27,136 --> 00:33:31,136 to format things a little more user friendly on the screen. 838 00:33:31,336 --> 00:33:32,876 So, I wanted to put things on separate lines, 839 00:33:32,876 --> 00:33:35,386 rather than having a crazy long line of code. 840 00:33:35,726 --> 00:33:37,486 Now, notice how I'm doing these two. 841 00:33:37,756 --> 00:33:44,136 I have dot, POST, "name" POST-- "captain" followed by new lines. 842 00:33:44,406 --> 00:33:46,746 So in short, I essentially want the array to get an email, 843 00:33:47,186 --> 00:33:48,796 where it says name, colon, gender-- 844 00:33:48,796 --> 00:33:51,766 captain colon, gender colon, dorm colon. 845 00:33:51,766 --> 00:33:54,366 So, it's a quick and dirty email that just shows him or her, 846 00:33:54,576 --> 00:33:55,706 what the user submitted. 847 00:33:55,886 --> 00:33:58,106 And then, this line is necessary. 848 00:33:58,106 --> 00:34:00,006 And I know this just from reading the documentation. 849 00:34:00,006 --> 00:34:02,146 The headers line needs to have my from address. 850 00:34:02,626 --> 00:34:05,186 It has to have a backslash R backslash N, 851 00:34:05,186 --> 00:34:07,956 which is a carriage return new line, sort of a windows thing, 852 00:34:07,956 --> 00:34:10,446 but also used in other context as well, like mail here. 853 00:34:10,786 --> 00:34:13,846 And then the mail function that comes with PHP is as simple 854 00:34:13,846 --> 00:34:16,326 as to, the subject line, body, and headers, 855 00:34:16,326 --> 00:34:18,436 so we have a new PHP function there. 856 00:34:18,736 --> 00:34:19,756 So, I got you. 857 00:34:20,326 --> 00:34:24,856 This mail function doesn't often work, because it totally depends 858 00:34:24,856 --> 00:34:25,996 on your own local network. 859 00:34:25,996 --> 00:34:28,956 Many ISPs, like Comcast and Verizon and the like, 860 00:34:29,446 --> 00:34:33,586 do not let you run your own mail server, much like ISPs tend not 861 00:34:33,586 --> 00:34:35,926 to let you run your own web server on port 80. 862 00:34:36,206 --> 00:34:40,006 So what many ISPs do is they actually block inbound port 80 863 00:34:40,006 --> 00:34:41,856 traffic as we discussed last week. 864 00:34:42,046 --> 00:34:47,916 They also blocked outbound port 25 traffic, which is for SMTP, 865 00:34:47,916 --> 00:34:53,486 simple mail transfer protocol, which is used for outgoing mail. 866 00:34:53,486 --> 00:34:55,376 The reason being they assumed, 867 00:34:55,376 --> 00:34:58,696 that if your personally computer is sending mail directly 868 00:34:58,696 --> 00:35:00,746 out of the internet, you're probably inspected 869 00:35:00,746 --> 00:35:02,616 with some botnet or something like that, 870 00:35:02,616 --> 00:35:04,586 that's spamming people from your machine. 871 00:35:04,836 --> 00:35:07,156 By contrast, when you set up your mail-- 872 00:35:07,156 --> 00:35:10,146 a mail client behind-- in your home using an ISP, 873 00:35:10,366 --> 00:35:13,586 you're typically told use smtp.comcast.net, 874 00:35:13,586 --> 00:35:16,356 use smtp.verizon.com or something like that, 875 00:35:16,586 --> 00:35:19,206 so that all mail is going through their server. 876 00:35:19,426 --> 00:35:22,086 So I mentioned this because even though sending mail is 877 00:35:22,086 --> 00:35:24,796 in theory, as simple as this one line of code, ultimately, 878 00:35:24,796 --> 00:35:27,296 it will often not work from your own machine 879 00:35:27,296 --> 00:35:29,996 or in this case the appliance, because your ISP will block it. 880 00:35:30,336 --> 00:35:32,696 So, typically, something like this will work on campus here 881 00:35:32,696 --> 00:35:34,906 at Harvard, but not as soon as you get home. 882 00:35:34,906 --> 00:35:37,956 So, for more robust environments, you typically need 883 00:35:37,956 --> 00:35:41,176 to use a different function, in fact the different library 884 00:35:41,176 --> 00:35:45,216 of code that lets you talk to an SMTP server, like Comcast 885 00:35:45,216 --> 00:35:46,466 or Verizon or the like. 886 00:35:46,746 --> 00:35:49,816 So, just FYI for now, that this will not always work. 887 00:35:49,816 --> 00:35:51,796 It really depends on your network. 888 00:35:52,086 --> 00:35:55,666 What happens if the user does not actually give us all three 889 00:35:55,666 --> 00:35:56,416 of those fields? 890 00:35:56,676 --> 00:35:57,796 Same stuff as before. 891 00:35:57,796 --> 00:35:58,866 We redirect them. 892 00:35:59,326 --> 00:36:01,976 But if we do get down here, we tell them 893 00:36:01,976 --> 00:36:03,686 that they are registered, really. 894 00:36:03,956 --> 00:36:05,166 So notice the logic here. 895 00:36:05,476 --> 00:36:08,076 Under what circumstance am I exiting 896 00:36:08,306 --> 00:36:11,096 and redirecting the user, just to be clear? 897 00:36:11,476 --> 00:36:11,543 Yeah? 898 00:36:11,676 --> 00:36:18,736 >> If all the required fields aren't completely filled in. 899 00:36:18,946 --> 00:36:21,126 >> Good. If all the required fields aren't completely filled 900 00:36:21,126 --> 00:36:23,576 in, then we get to this line of code. 901 00:36:23,576 --> 00:36:26,156 And because of the exit, we never get down here. 902 00:36:26,326 --> 00:36:29,806 By contrast, we will get down here after we send the mail, 903 00:36:29,996 --> 00:36:32,496 because there is no exit line after mail in this case. 904 00:36:32,706 --> 00:36:33,146 What's your name? 905 00:36:33,676 --> 00:36:33,836 >> Axel [assumed spelling]. 906 00:36:34,236 --> 00:36:34,986 >> Axel. OK. 907 00:36:35,016 --> 00:36:36,596 All right. 908 00:36:36,956 --> 00:36:37,696 Any questions? 909 00:36:38,036 --> 00:36:38,136 Yeah. 910 00:36:38,656 --> 00:36:42,276 >> What would happen if you left the header blank? 911 00:36:42,276 --> 00:36:45,116 >> What would happen if you left the header blank? 912 00:36:45,116 --> 00:36:46,666 "Nothing." 913 00:36:46,666 --> 00:36:49,656 It's a good question. 914 00:36:49,656 --> 00:36:50,436 Let us try. 915 00:36:50,576 --> 00:36:52,126 So, register3. 916 00:36:52,556 --> 00:36:55,386 Let me go to froshims3 here. 917 00:36:55,916 --> 00:37:03,336 Let's type in David but nothing else, so that we get that. 918 00:37:04,496 --> 00:37:05,046 This happens. 919 00:37:05,496 --> 00:37:08,646 So, just kind of errors out, and let's see what's comes back. 920 00:37:08,646 --> 00:37:14,216 Register3, it got sent David in the response headers, where-- 921 00:37:14,216 --> 00:37:15,946 so it just sends nothing back in this case. 922 00:37:15,946 --> 00:37:18,676 So it's like sending an empty header, and then exiting. 923 00:37:20,186 --> 00:37:20,676 Good question. 924 00:37:21,606 --> 00:37:22,656 All right. 925 00:37:22,656 --> 00:37:25,376 So, let's take things one step further. 926 00:37:25,376 --> 00:37:28,896 Let me go ahead and close this, which was version 3. 927 00:37:29,236 --> 00:37:34,556 And let's open up version 4 here. 928 00:37:35,076 --> 00:37:37,366 So, let's start cleaning up our code a little bit. 929 00:37:37,706 --> 00:37:39,956 So, now, notice this is not accompanied 930 00:37:39,956 --> 00:37:41,356 by another register file. 931 00:37:41,356 --> 00:37:42,726 This is register-- froshims4. 932 00:37:42,726 --> 00:37:47,506 And what is the action value of this file? 933 00:37:47,896 --> 00:37:48,116 Yeah. 934 00:37:51,716 --> 00:37:52,096 >> Me? 935 00:37:52,776 --> 00:37:53,706 >> Sure, Axel. 936 00:37:53,886 --> 00:37:55,406 >> Froshims4. 937 00:37:56,156 --> 00:37:56,726 >> Froshims4. 938 00:37:56,836 --> 00:37:59,586 So that's interesting. 939 00:37:59,586 --> 00:38:02,556 This PHP file is going to render a form on the page, 940 00:38:02,556 --> 00:38:05,686 and that form is going to be submitted back to itself. 941 00:38:06,036 --> 00:38:07,856 So, this is kind of interesting. 942 00:38:07,856 --> 00:38:09,656 And what problem are we solving here? 943 00:38:09,886 --> 00:38:10,846 Well-- Yeah, go ahead. 944 00:38:10,846 --> 00:38:12,216 >> Now you're able to do stuff directly on the page 945 00:38:12,216 --> 00:38:15,966 when someone does something wrong. 946 00:38:15,966 --> 00:38:16,436 >> Exactly. 947 00:38:16,436 --> 00:38:18,586 When someone does something wrong, because we're submitting 948 00:38:18,586 --> 00:38:22,256 to this very same file and in that file is the original form, 949 00:38:22,396 --> 00:38:25,406 we now have the opportunity to not kind of cut corners and say, 950 00:38:25,406 --> 00:38:26,346 "Oh, something happened. 951 00:38:26,346 --> 00:38:29,596 Hit your back button," rather we can show them the form again 952 00:38:29,596 --> 00:38:32,236 and maybe yell at them on that same page. 953 00:38:32,236 --> 00:38:34,586 We just have to have some conditional logic in this file 954 00:38:34,586 --> 00:38:37,756 that says, if an error happened, show the error and the form, 955 00:38:38,056 --> 00:38:39,756 else just the form, right? 956 00:38:40,036 --> 00:38:41,906 Because what's one of the most frustrating things 957 00:38:41,906 --> 00:38:44,096 about really poorly done websites, 958 00:38:44,096 --> 00:38:46,286 whereby you see an error message on the page, 959 00:38:46,286 --> 00:38:47,686 and then you do have to hit the back button. 960 00:38:48,036 --> 00:38:48,946 Worst case, what happens? 961 00:38:49,006 --> 00:38:49,836 >> Everything goes worse. 962 00:38:49,946 --> 00:38:52,006 >> The whole form goes-- everything goes away. 963 00:38:52,006 --> 00:38:53,416 The whole form gets erased 964 00:38:53,416 --> 00:38:55,566 because the browser hasn't cached your answers. 965 00:38:55,566 --> 00:38:57,566 And so, it's just a pain in the neck for the user, 966 00:38:57,566 --> 00:38:58,926 not a good user experience. 967 00:38:59,226 --> 00:39:00,656 So showing them the error messages 968 00:39:00,656 --> 00:39:03,656 on the same page is definitely ideal. 969 00:39:03,956 --> 00:39:06,476 So, let's see what's going on in this file. 970 00:39:06,676 --> 00:39:09,436 Let me scroll up to the very top, and we'll see 971 00:39:09,436 --> 00:39:12,666 that if isset POST action. 972 00:39:12,666 --> 00:39:14,316 So many different ways to do this, 973 00:39:14,736 --> 00:39:17,136 but I chose a fairly explicit way, 974 00:39:17,666 --> 00:39:22,496 if a key called action isset in POST. 975 00:39:22,496 --> 00:39:25,096 So this is just another way of asking the empty check, 976 00:39:25,326 --> 00:39:26,796 but sort of in the opposite direction. 977 00:39:27,086 --> 00:39:30,606 So if it isset, that means that a form is submitter. 978 00:39:30,606 --> 00:39:31,196 Why is that? 979 00:39:31,386 --> 00:39:34,846 Well, if we scroll down below in my actual HTML form, 980 00:39:35,236 --> 00:39:38,206 what is the-- what type of value is action? 981 00:39:39,286 --> 00:39:41,596 Rather, what type of input is the action parameter? 982 00:39:42,056 --> 00:39:42,123 Yeah? 983 00:39:42,123 --> 00:39:44,516 >> It's the submit button. 984 00:39:44,616 --> 00:39:44,696 >> Yeah. 985 00:39:44,826 --> 00:39:50,436 >> Yeah, when you submit it, you're going to have action. 986 00:39:50,606 --> 00:39:53,026 >> So I chose this word, somewhat arbitrarily, action. 987 00:39:53,026 --> 00:39:54,216 I could've literally written foo. 988 00:39:54,216 --> 00:39:57,846 The only point is that, when the user submits this form 989 00:39:57,846 --> 00:39:59,686 by hitting Enter or clicking the Submit button, 990 00:39:59,896 --> 00:40:03,076 I want to make sure that there is at least one HTTP parameter 991 00:40:03,286 --> 00:40:04,546 that gets sent to the server 992 00:40:04,676 --> 00:40:07,236 that I can check whether it isset or not, 993 00:40:07,426 --> 00:40:09,696 because if it isset what is the implication logically? 994 00:40:12,296 --> 00:40:15,256 That they submitted the form because no user, 995 00:40:15,256 --> 00:40:18,026 unless they're crazy, is going to manually type in the URL, 996 00:40:18,066 --> 00:40:21,276 question, action equals true, or something like that. 997 00:40:21,486 --> 00:40:23,796 So in other words, we can infer with pretty high probability 998 00:40:23,796 --> 00:40:25,086 that if that parameter is there, 999 00:40:25,276 --> 00:40:26,726 it means the user submitted the form. 1000 00:40:26,726 --> 00:40:28,956 And that's all I need, a way of distinguishing form 1001 00:40:28,956 --> 00:40:30,166 from no-form submission. 1002 00:40:30,496 --> 00:40:31,926 So now let's scroll back up to the top, 1003 00:40:31,926 --> 00:40:35,146 because almost all the HTML is boring and identical to before. 1004 00:40:35,446 --> 00:40:38,306 So, if that value isset, then I'm going 1005 00:40:38,306 --> 00:40:41,616 to do my same boring check, if it's empty or empty or empty, 1006 00:40:41,806 --> 00:40:44,596 this time now I'm going to set a variable, error equals true. 1007 00:40:44,836 --> 00:40:48,486 Now here is one of the messy things about PHP, scope, 1008 00:40:48,676 --> 00:40:50,366 kind of goes up to window in a file. 1009 00:40:50,366 --> 00:40:53,486 If you declare a variable anywhere, everyone else 1010 00:40:53,486 --> 00:40:54,656 in the file can see it. 1011 00:40:54,906 --> 00:40:57,426 So, whereas in some languages like C or Java, 1012 00:40:57,426 --> 00:41:00,476 if you declare effectively a variable inside of curly braces, 1013 00:41:00,716 --> 00:41:03,256 the scope of that variable is only on those curly braces. 1014 00:41:03,256 --> 00:41:05,066 You can't use it or see it outside 1015 00:41:05,066 --> 00:41:07,586 of the curly braces, not true in PHP. 1016 00:41:07,586 --> 00:41:10,456 Not the best design but that's the way we have it here. 1017 00:41:10,456 --> 00:41:14,586 So, if error isset to true, that variable now exist 1018 00:41:14,586 --> 00:41:15,576 for the rest of the file. 1019 00:41:15,996 --> 00:41:16,836 There's an exception. 1020 00:41:16,966 --> 00:41:19,966 If you declare your own function as we'll eventually do, 1021 00:41:20,436 --> 00:41:24,066 and that function is in this file, even if it's [inaudible] 1022 00:41:24,066 --> 00:41:28,576 around lower in the file, when you're inside of that function, 1023 00:41:28,576 --> 00:41:29,796 you can't access error. 1024 00:41:30,356 --> 00:41:34,986 So, variables are global in the sense but not quite global, 1025 00:41:34,986 --> 00:41:36,256 because when you're inside of a function, 1026 00:41:36,256 --> 00:41:37,336 you can't see the variable. 1027 00:41:37,546 --> 00:41:39,196 There's a way around that, but this is kind 1028 00:41:39,196 --> 00:41:41,796 of another nuance of PHP's design. 1029 00:41:42,456 --> 00:41:44,656 OK. So, now we've done our error-checking. 1030 00:41:44,656 --> 00:41:47,696 Let's see what's different later on in the HTML. 1031 00:41:48,836 --> 00:41:51,706 Can someone explain and insert in English, 1032 00:41:52,216 --> 00:41:54,256 how I'm now using this variable. 1033 00:41:54,786 --> 00:41:57,126 What's going on here? 1034 00:41:57,856 --> 00:41:57,956 Yeah? 1035 00:41:58,516 --> 00:42:02,756 [ Inaudible Remark ] 1036 00:42:03,256 --> 00:42:07,246 Exactly. So when I get to the very top of this webpage, 1037 00:42:07,246 --> 00:42:08,656 the H1 tag gets spit out. 1038 00:42:08,806 --> 00:42:11,196 But then I have a quick little PHP check, if error. 1039 00:42:11,196 --> 00:42:14,946 So if it's true, if it's said, if it's non-null, go ahead 1040 00:42:14,946 --> 00:42:18,406 and add this other div in red, you must fill up the form. 1041 00:42:18,406 --> 00:42:20,996 So, it's a way of just yelling at the user in the same page 1042 00:42:21,186 --> 00:42:23,326 and then everything else here is the same. 1043 00:42:23,616 --> 00:42:24,976 So let's take a look at this behavior. 1044 00:42:24,976 --> 00:42:25,996 This is version 4. 1045 00:42:26,366 --> 00:42:30,986 So let me go back to my browser and go to froshims4. 1046 00:42:30,986 --> 00:42:32,086 I'm going to type in, oops, 1047 00:42:32,316 --> 00:42:34,646 undefined variable error-- sorry. 1048 00:42:35,026 --> 00:42:39,236 I was tinkering right before class. 1049 00:42:39,516 --> 00:42:40,266 Let's see. 1050 00:42:40,266 --> 00:42:43,926 Froshims4, line 28. 1051 00:42:44,656 --> 00:42:48,786 OK. So, what we're seeing here is the following. 1052 00:42:48,786 --> 00:42:50,446 So this two is a web server feature. 1053 00:42:51,206 --> 00:42:51,846 This is a notice. 1054 00:42:52,096 --> 00:42:55,396 In PHP, there's different levels of error reporting. 1055 00:42:55,396 --> 00:42:57,876 There's notices which is like a slap on the wrist, like, 1056 00:42:58,156 --> 00:43:00,966 you kind of did something stupid but not a big deal we're going 1057 00:43:00,966 --> 00:43:01,876 to forge ahead anyway. 1058 00:43:02,296 --> 00:43:04,806 There's warnings, which means you really did something wrong. 1059 00:43:04,806 --> 00:43:06,036 It's not a deal breaker. 1060 00:43:06,036 --> 00:43:07,926 I'm going to let the rest of the code execute 1061 00:43:07,926 --> 00:43:09,046 but you really should fix that. 1062 00:43:09,046 --> 00:43:10,766 So that's like a harder slap on the wrist. 1063 00:43:11,156 --> 00:43:12,946 Errors means you get punched in then face, 1064 00:43:13,006 --> 00:43:16,326 like the code will stop executing if you have an error. 1065 00:43:16,546 --> 00:43:18,476 And that's if you really do something stupid, 1066 00:43:18,476 --> 00:43:21,006 like your password is wrong for the database 1067 00:43:21,006 --> 00:43:23,206 and so it just doesn't work, or there's a syntax error 1068 00:43:23,206 --> 00:43:24,146 and it just doesn't work. 1069 00:43:24,356 --> 00:43:26,916 And you can actually change things in such a way 1070 00:43:26,916 --> 00:43:29,866 that PHP will show you notices or not, show you warnings 1071 00:43:29,866 --> 00:43:32,616 or not, errors you kind of have to know about eventually, 1072 00:43:32,616 --> 00:43:33,816 even if it's just in the logs. 1073 00:43:34,126 --> 00:43:35,406 So there's this different levels. 1074 00:43:35,566 --> 00:43:38,736 Now, what's this notice all about? 1075 00:43:38,736 --> 00:43:40,976 Well, in the previous example, I was very careful 1076 00:43:40,976 --> 00:43:43,276 to say, if isset is empty. 1077 00:43:43,586 --> 00:43:45,426 But this time I kind of cut a corner. 1078 00:43:45,656 --> 00:43:49,306 And how did I check if error was true? 1079 00:43:49,606 --> 00:43:51,116 What did I do? 1080 00:43:52,516 --> 00:43:54,596 [ Inaudible Remark ] 1081 00:43:55,096 --> 00:43:59,876 Exactly. So because I only set error to true, 1082 00:44:00,186 --> 00:44:03,166 if there's actually an error, there are circumstances 1083 00:44:03,166 --> 00:44:05,606 in which error has no value at all. 1084 00:44:05,986 --> 00:44:08,736 Under what circumstances does this error value not even get 1085 00:44:08,886 --> 00:44:09,586 assigned value? 1086 00:44:10,166 --> 00:44:13,356 >> Well, if there is no-- if you filled out all the forms, 1087 00:44:13,356 --> 00:44:14,636 it's never going to pass through-- 1088 00:44:14,956 --> 00:44:16,576 it's never going to define error 1089 00:44:16,576 --> 00:44:18,736 so it's just going to be nothing. 1090 00:44:18,736 --> 00:44:19,986 It's not going to be true or false. 1091 00:44:19,986 --> 00:44:20,526 >> Exactly. 1092 00:44:20,526 --> 00:44:24,836 So if we have-- actually, if haven't filled out the form 1093 00:44:24,836 --> 00:44:27,746 or I've submitted it entirely correctly, 1094 00:44:27,886 --> 00:44:29,236 I'm not going to set that variable. 1095 00:44:29,236 --> 00:44:30,566 I only set it if there's an error. 1096 00:44:30,816 --> 00:44:32,876 So in other words, I'm kind of de-referencing here, 1097 00:44:32,876 --> 00:44:34,036 a variable that doesn't exist. 1098 00:44:34,426 --> 00:44:35,896 So there a couple ways I could fix this. 1099 00:44:35,896 --> 00:44:38,106 I could go back up to the top of my code and make sure 1100 00:44:38,106 --> 00:44:40,256 that error is initialized for instance to false, 1101 00:44:40,256 --> 00:44:43,646 and then only set to true inside of those if conditions, 1102 00:44:43,906 --> 00:44:45,656 or I can do something else that we've seen. 1103 00:44:45,906 --> 00:44:48,136 >> You can see if error exists [inaudible]. 1104 00:44:49,036 --> 00:44:50,046 >> Exactly. 1105 00:44:50,046 --> 00:44:53,166 So I could just do if error isset, 1106 00:44:53,356 --> 00:44:55,006 which is the way I did this earlier. 1107 00:44:55,236 --> 00:44:57,676 Then, the only circumstances in which I said it, 1108 00:44:57,676 --> 00:44:59,926 as we've seen logically, is when there's an error. 1109 00:45:00,146 --> 00:45:02,426 So this would now make PHP happier. 1110 00:45:02,426 --> 00:45:04,626 So, this sort of-- this is the right way to do it. 1111 00:45:04,896 --> 00:45:05,836 But you will see-- 1112 00:45:06,166 --> 00:45:08,606 even occasionally in lecture examples, because I've tend 1113 00:45:08,606 --> 00:45:11,126 to be in this habit but I've gotten better to not being 1114 00:45:11,126 --> 00:45:14,086 in this habit or in various open source libraries 1115 00:45:14,086 --> 00:45:14,896 that you might choose. 1116 00:45:14,896 --> 00:45:17,106 Sometimes users will just check parenthetically 1117 00:45:17,106 --> 00:45:19,116 for Boolean values like I did there, 1118 00:45:19,426 --> 00:45:20,556 but it's not the best practice. 1119 00:45:20,556 --> 00:45:23,086 And that's because PHP is a little loose when it comes 1120 00:45:23,126 --> 00:45:25,066 to declaring variables that can be set 1121 00:45:25,416 --> 00:45:27,486 or not set depending on your logic. 1122 00:45:27,486 --> 00:45:30,536 So, what I've just done here is in fact better 1123 00:45:30,536 --> 00:45:31,946 and the recommended approach. 1124 00:45:32,256 --> 00:45:35,526 There is one other way, just so you've seen it, but this is "do 1125 00:45:35,526 --> 00:45:37,236 as I say, not as I do." 1126 00:45:37,426 --> 00:45:40,496 You can suppress notices and warnings by doing this. 1127 00:45:41,056 --> 00:45:43,706 So, if you put "at" symbol before a line of code 1128 00:45:43,706 --> 00:45:47,636 or variable that you think might not be perfectly correct the 1129 00:45:47,636 --> 00:45:49,426 "at" sign will suppress the notice. 1130 00:45:49,606 --> 00:45:51,256 However, this is not good practice 1131 00:45:51,256 --> 00:45:53,366 because this really just like sweeping under the rug, 1132 00:45:53,366 --> 00:45:54,906 you're failing as a programer. 1133 00:45:54,906 --> 00:45:57,176 All right, you should really be fixing this the right way 1134 00:45:57,486 --> 00:46:02,716 but realize that there are some cases-- and this is not ideal. 1135 00:46:02,836 --> 00:46:04,976 But if you're using someone else's function 1136 00:46:05,136 --> 00:46:06,626 and it might trigger a notice 1137 00:46:06,626 --> 00:46:08,826 because they weren't the best programmer or warning 1138 00:46:08,826 --> 00:46:10,546 and you don't necessarily want to go and try 1139 00:46:10,546 --> 00:46:13,386 to correct their code, if you know it's OK to suppress 1140 00:46:13,486 --> 00:46:16,496 that notice, you can do it with this particular mechanism. 1141 00:46:16,496 --> 00:46:18,226 But don't get into this habit, in general. 1142 00:46:18,226 --> 00:46:20,196 Certainly not for your own code where you have the power 1143 00:46:20,416 --> 00:46:23,466 to fix it properly, as we did with isset. 1144 00:46:24,116 --> 00:46:24,766 All right. 1145 00:46:24,766 --> 00:46:27,026 So this form, so let's go back to this. 1146 00:46:27,026 --> 00:46:28,246 Let me go back to isset. 1147 00:46:29,556 --> 00:46:30,956 And now let me pull up the page 1148 00:46:30,956 --> 00:46:32,586 and let's see that red box up here. 1149 00:46:32,586 --> 00:46:36,476 So let me close the inspector and do just David. 1150 00:46:36,476 --> 00:46:38,926 Register. OK, so pretty slick. 1151 00:46:38,926 --> 00:46:41,706 It moves everything down, gives me the red div and yells at me, 1152 00:46:41,706 --> 00:46:45,646 but kind of annoys me as a user because we did not do what? 1153 00:46:45,896 --> 00:46:46,786 >> You typed in David. 1154 00:46:47,126 --> 00:46:47,626 >> Exactly. 1155 00:46:47,726 --> 00:46:48,626 I typed in David. 1156 00:46:48,626 --> 00:46:49,536 David was fine. 1157 00:46:49,536 --> 00:46:52,936 That was not an invalid value, why did they get rid of it. 1158 00:46:53,116 --> 00:46:54,966 So I need some way of putting it back there. 1159 00:46:54,966 --> 00:46:57,356 So, OK, I'm going to kind of be a little silly here. 1160 00:46:57,536 --> 00:46:58,276 I'm going to say, "OK. 1161 00:46:58,276 --> 00:47:01,516 Well, we can fix that, value equals "David", right? 1162 00:47:01,516 --> 00:47:02,586 That's an HTML form. 1163 00:47:02,936 --> 00:47:03,596 Go back here. 1164 00:47:04,336 --> 00:47:05,136 Reload the form. 1165 00:47:05,186 --> 00:47:07,426 David. Fixed, but obviously not. 1166 00:47:07,426 --> 00:47:07,906 Why? Yeah? 1167 00:47:08,516 --> 00:47:14,576 [ Inaudible Remark ] 1168 00:47:15,076 --> 00:47:16,566 OK, good. So I've hard-coded David, 1169 00:47:16,566 --> 00:47:17,776 which is just can of idiotic. 1170 00:47:17,776 --> 00:47:21,626 So, it only works now for a subset of humans named David. 1171 00:47:21,986 --> 00:47:23,766 So, we've-- but we can infer from this, 1172 00:47:24,116 --> 00:47:25,206 how to generalize this. 1173 00:47:25,206 --> 00:47:27,556 Really, we want to put something there, just not the AVID. 1174 00:47:27,556 --> 00:47:30,046 What do we want to put there instead? 1175 00:47:30,156 --> 00:47:34,276 >> So, if you have the PHP isset, sets that value 1176 00:47:34,276 --> 00:47:36,406 for name exists, put a value for name [inaudible]. 1177 00:47:36,806 --> 00:47:39,656 >> Good. So we can put the user's actual name there. 1178 00:47:39,656 --> 00:47:42,286 So, that they have submitted via the forms. 1179 00:47:42,286 --> 00:47:44,506 So let's take a look at how we might this logically. 1180 00:47:44,506 --> 00:47:45,926 I'll stay on version 4 here. 1181 00:47:46,346 --> 00:47:47,976 And let me go ahead and do this. 1182 00:47:47,976 --> 00:47:49,726 And tell me what's good or bad about this. 1183 00:47:49,726 --> 00:47:52,446 Open bracket question mark, then I'm going to say, 1184 00:47:52,446 --> 00:47:59,836 echo$_POST"name" close quote semi colon close PHP mode. 1185 00:48:00,756 --> 00:48:02,426 So, good or bad, this approach? 1186 00:48:03,526 --> 00:48:03,646 Yeah. 1187 00:48:05,356 --> 00:48:07,516 >> You said before that you will probably want 1188 00:48:07,516 --> 00:48:10,566 to check if it's set also. 1189 00:48:10,646 --> 00:48:11,346 >> Good. Why though? 1190 00:48:12,106 --> 00:48:13,446 What's going to happens if I don't check? 1191 00:48:14,056 --> 00:48:16,056 [ Inaudible Remark ] 1192 00:48:16,096 --> 00:48:20,076 Yeah, actually we saw it before, that notice massage. 1193 00:48:20,076 --> 00:48:23,336 Like if try to access a variable that's not actually 1194 00:48:23,336 --> 00:48:24,766 in existence, I'm going to get a notice. 1195 00:48:24,826 --> 00:48:25,726 Now whether or not I see, 1196 00:48:25,726 --> 00:48:27,366 depends on the server's configuration. 1197 00:48:27,736 --> 00:48:30,526 But in this case, name is not going to exist 1198 00:48:30,526 --> 00:48:32,006 when you first visit the form 1199 00:48:32,136 --> 00:48:33,776 and haven't clicked the Submit button, right, 1200 00:48:33,776 --> 00:48:35,986 because it only exists if you click the Submit button. 1201 00:48:36,186 --> 00:48:39,056 So I feel like I broken my code now right out of the gate. 1202 00:48:39,356 --> 00:48:41,686 So I can add conditional check there. 1203 00:48:41,906 --> 00:48:43,966 It's a little messy and that this line is going 1204 00:48:43,996 --> 00:48:46,126 to get a bit long, but I could do something 1205 00:48:46,126 --> 00:48:50,636 like this, if isset POST name. 1206 00:48:50,806 --> 00:48:55,886 Then go ahead and say, echo POST name. 1207 00:48:56,076 --> 00:48:58,836 So that's a little better, semicolon. 1208 00:48:59,996 --> 00:49:03,276 So, does this ameliorate our concerns? 1209 00:49:04,746 --> 00:49:05,936 The coloring is a little weird 1210 00:49:05,936 --> 00:49:07,516 because the text editor is not smart enough 1211 00:49:07,516 --> 00:49:12,786 to understand this syntax but it looks OK. 1212 00:49:12,786 --> 00:49:13,396 Still flawed. 1213 00:49:13,556 --> 00:49:15,866 Find further fault in my code. 1214 00:49:18,436 --> 00:49:19,766 Someone over here? 1215 00:49:21,596 --> 00:49:22,966 No? OK? 1216 00:49:22,966 --> 00:49:25,896 >> There are no brackets [inaudible]. 1217 00:49:27,616 --> 00:49:30,236 >> There are no-- that's OK. 1218 00:49:30,326 --> 00:49:32,306 We don't need the curly brace if it's just one line 1219 00:49:32,306 --> 00:49:33,466 of code, but a good thought. 1220 00:49:33,786 --> 00:49:35,826 This is like C in Java where you can skip 1221 00:49:35,826 --> 00:49:37,196 on the curly braces for single lines. 1222 00:49:37,196 --> 00:49:38,076 What's your name? 1223 00:49:38,376 --> 00:49:39,266 >> Isaac. 1224 00:49:39,266 --> 00:49:39,896 >> Isaac. OK. 1225 00:49:40,246 --> 00:49:44,156 So good thought but not necessarily. 1226 00:49:44,156 --> 00:49:44,306 >> Endif 1227 00:49:44,306 --> 00:49:45,676 >> Endif, good thought. 1228 00:49:45,856 --> 00:49:47,696 Endif is not necessary here. 1229 00:49:47,696 --> 00:49:50,766 Endif is only necessary when we that colon type syntax, 1230 00:49:51,046 --> 00:49:54,216 to get in and out of PHP mode. 1231 00:49:54,436 --> 00:49:55,526 It's not a syntax book. 1232 00:49:55,576 --> 00:49:58,766 This is more of a design failure on my part. 1233 00:49:59,076 --> 00:50:01,976 And I made the same mistake on Wednesday, if that helps. 1234 00:50:06,156 --> 00:50:08,886 What was the sort of hacker attack I waged 1235 00:50:08,886 --> 00:50:09,986 on myself on Wednesday? 1236 00:50:10,566 --> 00:50:11,976 Oh, well, now that I tell you, yeah, OK. 1237 00:50:12,666 --> 00:50:16,136 >> You would want to do HTML special chars or strip tags 1238 00:50:16,356 --> 00:50:17,616 to get rid of any additional-- 1239 00:50:17,616 --> 00:50:18,296 >> Exactly. 1240 00:50:18,296 --> 00:50:19,656 So stupidly named function, 1241 00:50:19,746 --> 00:50:21,766 HTML special chars is probably the better of the two 1242 00:50:21,766 --> 00:50:24,176 in this case but that is a function that makes sure 1243 00:50:24,406 --> 00:50:25,906 that if the user is trying to mess with you 1244 00:50:25,906 --> 00:50:28,806 by typing an open bracket or any characters 1245 00:50:28,806 --> 00:50:31,486 that have special meaning in HTML like ampersands, 1246 00:50:31,766 --> 00:50:34,766 they will be shown literally as open brackets or ampersands 1247 00:50:34,766 --> 00:50:38,186 and not misinterpreted as HTML tags. 1248 00:50:38,396 --> 00:50:41,726 So what I really need to do here is not just echo the variable's 1249 00:50:41,726 --> 00:50:44,156 value, I instead want to do something 1250 00:50:44,156 --> 00:50:47,846 like HTML special chars and pass that value 1251 00:50:47,846 --> 00:50:51,386 to the function thereby not trusting what the user has 1252 00:50:51,386 --> 00:50:51,906 given me. 1253 00:50:52,316 --> 00:50:55,906 Do I need to call HTML special chars on the value when it's 1254 00:50:55,906 --> 00:50:57,656 in the parenthesis in the condition? 1255 00:50:58,406 --> 00:50:59,316 No? Why not? 1256 00:51:00,316 --> 00:51:00,383 Yeah. 1257 00:51:00,416 --> 00:51:04,396 >> Because you're just testing in its existence not its value. 1258 00:51:04,396 --> 00:51:04,726 >> Exactly. 1259 00:51:04,726 --> 00:51:05,946 We're just type-- well, we're testing its existence 1260 00:51:05,946 --> 00:51:07,866 and we're not displaying its value. 1261 00:51:07,866 --> 00:51:09,006 So we don't need to escape it. 1262 00:51:09,006 --> 00:51:10,346 And what's your name? 1263 00:51:10,756 --> 00:51:11,056 >> I'm Jack [assumed spelling]. 1264 00:51:11,056 --> 00:51:11,556 >> Jack? 1265 00:51:11,556 --> 00:51:11,966 >> Jack. 1266 00:51:11,966 --> 00:51:12,736 >> Jack. OK. 1267 00:51:12,986 --> 00:51:15,676 So good. So we need to-- that again, the rule of thumb 1268 00:51:15,676 --> 00:51:19,106 from Wednesday, always, always, always, escape user's input 1269 00:51:19,106 --> 00:51:21,466 when showing it back to them using this function here. 1270 00:51:21,836 --> 00:51:26,256 As you mentioned, there is an alternative strip tags 1271 00:51:26,256 --> 00:51:29,806 which does exactly that, it strips HTML tags from a string. 1272 00:51:30,236 --> 00:51:33,316 But you-- the user might not in this case, but in general, 1273 00:51:33,316 --> 00:51:36,716 the user might want to input HTML like tags for instance 1274 00:51:36,716 --> 00:51:39,696 if it's discussion forum post but you wanted 1275 00:51:39,696 --> 00:51:40,676 to display it literally. 1276 00:51:40,676 --> 00:51:42,556 So stripping tags probably isn't best 1277 00:51:42,736 --> 00:51:45,256 but escaping it is indeed the better approach. 1278 00:51:45,996 --> 00:51:46,696 All right. 1279 00:51:47,196 --> 00:51:50,496 So good, that's some progress here. 1280 00:51:50,496 --> 00:51:53,226 So that will now display my output. 1281 00:51:53,226 --> 00:51:54,276 So let's try this again. 1282 00:51:54,656 --> 00:51:58,826 Let's do Chris so that it's obvious that it's not just me. 1283 00:51:59,936 --> 00:52:03,206 And now it's submitted, and Chris stays the same. 1284 00:52:03,546 --> 00:52:06,046 So it gets a little trickier for the other form fields 1285 00:52:06,046 --> 00:52:07,366 and I will leave this as sort 1286 00:52:07,366 --> 00:52:10,026 of a at-home project exercise, potentially. 1287 00:52:10,426 --> 00:52:14,476 But something like this for captain, for a checkbox, 1288 00:52:14,766 --> 00:52:17,316 how do you make a checkbox checked by default? 1289 00:52:17,576 --> 00:52:17,676 Yeah? 1290 00:52:18,136 --> 00:52:20,306 >> You type checked=checked. 1291 00:52:20,616 --> 00:52:24,036 >> Good. So and actually in HTML5, you're allowed to regress 1292 00:52:24,036 --> 00:52:27,396 and go back to just the atomic model of this. 1293 00:52:27,396 --> 00:52:29,316 In XHTML, you would say, checked= checked. 1294 00:52:29,716 --> 00:52:31,856 But in HTML5, it is OK these days to do this, 1295 00:52:31,856 --> 00:52:34,246 which is a little more succinct. 1296 00:52:34,726 --> 00:52:36,996 But now, I've, of course, just hard-coded checked 1297 00:52:36,996 --> 00:52:39,136 so now the captain box is always checked. 1298 00:52:39,136 --> 00:52:41,626 But what if I only want to check it 1299 00:52:41,626 --> 00:52:45,006 if the user has checked the box to begin with? 1300 00:52:45,066 --> 00:52:46,276 They've just screwed up elsewhere? 1301 00:52:46,816 --> 00:52:48,556 I want to conditionally output this. 1302 00:52:49,236 --> 00:52:50,336 So how could I go about doing this? 1303 00:52:50,496 --> 00:52:50,636 Jack? 1304 00:52:50,936 --> 00:52:54,336 >> We go through the same sets of steps before doing an isset 1305 00:52:54,466 --> 00:52:59,696 for captain and then if it is then put check in that. 1306 00:52:59,696 --> 00:53:00,206 >> Exactly. 1307 00:53:00,206 --> 00:53:04,006 So same kind of checked if isset then echo checked, 1308 00:53:04,006 --> 00:53:06,266 else don't echo anything would be one approach. 1309 00:53:06,266 --> 00:53:06,726 >> I have a question. 1310 00:53:06,956 --> 00:53:11,806 Would isset work because if we post a non-checked version, 1311 00:53:11,806 --> 00:53:12,966 wouldn't that just be off? 1312 00:53:13,276 --> 00:53:17,496 The variable would still be set, right, just set to off? 1313 00:53:17,496 --> 00:53:19,006 >> Good-- yes, good refinement. 1314 00:53:19,006 --> 00:53:20,186 So we don't want to just check if isset, 1315 00:53:20,186 --> 00:53:24,076 this time we should be probably use empty or some other function 1316 00:53:24,076 --> 00:53:26,456 that actually checks not just the presence of a value 1317 00:53:26,456 --> 00:53:29,826 but what the value is because indeed when you submit the form, 1318 00:53:30,396 --> 00:53:34,876 if it is checked, it will be set-- actually in this case, 1319 00:53:36,226 --> 00:53:38,266 this case, there's actually-- 1320 00:53:39,096 --> 00:53:40,706 there's a way out of this discussion 1321 00:53:40,706 --> 00:53:43,466 because most browsers, if you don't check a checkbox, 1322 00:53:43,466 --> 00:53:45,296 won't send that HDB parameter. 1323 00:53:45,706 --> 00:53:47,636 But that's not necessarily a safe reliance 1324 00:53:47,636 --> 00:53:48,856 so your approach is better. 1325 00:53:48,856 --> 00:53:51,796 Actually checking for "on" or whether 1326 00:53:51,796 --> 00:53:53,206 or not it's empty or not. 1327 00:53:53,566 --> 00:53:55,456 So frankly, this starts to get a little messy. 1328 00:53:55,456 --> 00:53:58,476 If I take-- there's an allegiance arguably to the fact 1329 00:53:58,476 --> 00:54:01,206 that inside of my value-- next to my value, 1330 00:54:01,206 --> 00:54:02,166 I have the quote unquote. 1331 00:54:02,256 --> 00:54:04,876 And then I have my PHP code inside of the quote unquote. 1332 00:54:05,086 --> 00:54:06,426 But what's the analogue here? 1333 00:54:06,426 --> 00:54:09,516 I could kind of copy and paste code like that and smack it 1334 00:54:09,516 --> 00:54:11,106 in the middle of the input tag. 1335 00:54:11,466 --> 00:54:14,016 But this just start rubbing you the wrong way stylistically 1336 00:54:14,016 --> 00:54:15,666 if nothing else, right, like all of a sudden, 1337 00:54:15,666 --> 00:54:17,376 you're in the middle of an HTML tag then you jump 1338 00:54:17,376 --> 00:54:19,276 into PHP mode just to spit out a word. 1339 00:54:19,536 --> 00:54:21,106 There's probably a better way to do this. 1340 00:54:21,106 --> 00:54:23,126 And in fact, there's many different ways we can do this. 1341 00:54:23,426 --> 00:54:26,756 But arguably a slightly cleaner approach just 1342 00:54:26,756 --> 00:54:30,526 to get you thinking about design options might be first, 1343 00:54:30,526 --> 00:54:32,196 let me just clean up the statics there. 1344 00:54:32,486 --> 00:54:38,186 And why I don't do something like this? 1345 00:54:38,356 --> 00:54:44,466 So if empty$_POST "captain":. 1346 00:54:45,156 --> 00:54:50,336 So if that s empty, go ahead and spit this out. 1347 00:54:50,336 --> 00:54:52,886 And you can probably guess where this is going. 1348 00:54:53,386 --> 00:54:57,586 Else, spit this out. 1349 00:54:57,586 --> 00:55:00,566 And then what do I need down here? 1350 00:55:02,276 --> 00:55:03,696 This is where I need the endif 1351 00:55:03,866 --> 00:55:05,526 because I'm using that colon approach. 1352 00:55:05,826 --> 00:55:08,496 So it's a little-- oops, it's a little redundant 1353 00:55:09,126 --> 00:55:12,456 but I'd argue this is so much more readable than putting-- 1354 00:55:12,456 --> 00:55:16,546 clapping a big line of PHP code in the middle of an HTML tag. 1355 00:55:16,836 --> 00:55:18,316 So this is probably a little bit better. 1356 00:55:18,316 --> 00:55:20,796 However, before long, we'll get past even this. 1357 00:55:21,116 --> 00:55:23,666 And you'll find that in PHP, there's actually libraries 1358 00:55:23,666 --> 00:55:25,976 and frameworks that actually makes this much simpler. 1359 00:55:25,976 --> 00:55:28,706 There are libraries that will actually regenerate your forms 1360 00:55:28,706 --> 00:55:31,106 for you based on what the user typed in, 1361 00:55:31,106 --> 00:55:33,926 because frankly once you start making your second dynamic 1362 00:55:33,926 --> 00:55:37,116 website, 3rd, 4th, 10th, this kind of stuff, 1363 00:55:37,166 --> 00:55:39,866 this error checking, this repopulation of form fields, 1364 00:55:40,036 --> 00:55:41,096 it just gets very tedious. 1365 00:55:41,376 --> 00:55:43,736 So realize right now, we're doing things fairly hands on, 1366 00:55:43,736 --> 00:55:45,576 very manual, very deliberately 1367 00:55:45,826 --> 00:55:48,576 but realize there do exist libraries for PHP 1368 00:55:48,576 --> 00:55:52,056 and other languages that just take what will become am-notness 1369 00:55:52,166 --> 00:55:54,126 about this process out of it for you. 1370 00:55:54,296 --> 00:55:55,056 So just realize that. 1371 00:55:55,236 --> 00:55:56,456 But they're really just doing something 1372 00:55:56,456 --> 00:55:58,386 like this underneath the hood. 1373 00:55:58,386 --> 00:55:58,736 All right. 1374 00:55:59,396 --> 00:56:02,196 But let me open up version 5 here and see 1375 00:56:02,196 --> 00:56:07,276 where we can take this a little better, actually not 5, 1376 00:56:07,306 --> 00:56:10,596 we just implemented 5 ourselves by changing 4. 1377 00:56:10,946 --> 00:56:12,606 So this is an improvement too. 1378 00:56:13,036 --> 00:56:16,706 Notice at this time, for the dorms, I decided it's kind 1379 00:56:16,706 --> 00:56:19,896 of lame that I'm hard-coding all of the dormitories at Harvard 1380 00:56:19,896 --> 00:56:22,836 in Harvard Yard in this big select menu. 1381 00:56:22,836 --> 00:56:24,836 It feels like those should come from a database 1382 00:56:24,836 --> 00:56:25,626 or something like that. 1383 00:56:25,626 --> 00:56:27,876 Now, I'm not going to introduce databases yet tonight 1384 00:56:28,186 --> 00:56:30,536 but I can still mimic the idea by at least putting them 1385 00:56:30,536 --> 00:56:33,736 in a global variable so that maybe the list of dorms is saved 1386 00:56:33,736 --> 00:56:35,886 on a server somewhere in a configuration file, 1387 00:56:35,886 --> 00:56:37,316 a separate dot PHP file 1388 00:56:37,596 --> 00:56:40,476 that this one includes somehow an access us. 1389 00:56:40,806 --> 00:56:44,866 But then, I can simplify my options to just a single one. 1390 00:56:45,076 --> 00:56:47,816 So notice in line 76 here, I have a new construct 1391 00:56:47,816 --> 00:56:49,916 and you might see this similar in other languages. 1392 00:56:50,216 --> 00:56:51,016 This is what's called-- 1393 00:56:51,016 --> 00:56:53,406 generally called fast enumeration whereby 1394 00:56:53,526 --> 00:56:55,526 for each dorms as dorm. 1395 00:56:55,796 --> 00:56:59,716 So let's infer from this, what is $dorms apparently? 1396 00:57:00,316 --> 00:57:00,436 Yeah? 1397 00:57:00,746 --> 00:57:01,636 >> The array of all your dorms. 1398 00:57:01,806 --> 00:57:03,436 >> It's apparently the array of all dorms. 1399 00:57:03,436 --> 00:57:05,826 Haven't really seen it unless you look really quickly before 1400 00:57:05,826 --> 00:57:06,386 I scrolled. 1401 00:57:06,596 --> 00:57:08,206 But there's probably an array somewhere 1402 00:57:08,206 --> 00:57:10,826 in this file called DORMS, all caps, that's kind of acting 1403 00:57:10,826 --> 00:57:12,246 like our global constant array. 1404 00:57:12,346 --> 00:57:14,736 But it's not technically constant. 1405 00:57:15,086 --> 00:57:17,986 As dorms. So $dorm, lower case, 1406 00:57:18,236 --> 00:57:20,596 this is effectively local variable 1407 00:57:20,596 --> 00:57:26,366 for this loop whereby it will be assigned to the value 1408 00:57:26,366 --> 00:57:29,366 of every dorm in succession in that array 1409 00:57:29,416 --> 00:57:31,626 so that you can then use it in line 77 1410 00:57:31,766 --> 00:57:36,476 where I say option value equals dorm, and then another instance 1411 00:57:36,476 --> 00:57:37,736 of dorm and then option. 1412 00:57:37,736 --> 00:57:39,076 What's the difference between these two? 1413 00:57:40,096 --> 00:57:42,946 Why did I put it in two places, both here and here? 1414 00:57:43,496 --> 00:57:43,606 Yeah? 1415 00:57:44,126 --> 00:57:46,306 >> One is the value that you'll be selecting 1416 00:57:46,306 --> 00:57:47,786 and one is the value that it ends up sending. 1417 00:57:47,926 --> 00:57:48,476 >> Exactly. 1418 00:57:48,476 --> 00:57:50,856 So what get sent is the actual value attribute. 1419 00:57:50,856 --> 00:57:52,656 What the human sees is out here. 1420 00:57:52,906 --> 00:57:55,406 And what was the significance from last Wednesday 1421 00:57:55,406 --> 00:57:57,386 of open bracket question mark equal sign? 1422 00:57:57,916 --> 00:57:57,996 Yeah? 1423 00:57:58,816 --> 00:58:01,986 >> That's a quick way of printing or-- 1424 00:58:01,986 --> 00:58:02,456 >> Exactly. 1425 00:58:02,456 --> 00:58:03,786 Quick way of doing echo. 1426 00:58:04,306 --> 00:58:06,366 Quick way of doing echo. 1427 00:58:06,366 --> 00:58:08,226 Do I need HTML special chars here? 1428 00:58:09,766 --> 00:58:09,926 Jack? 1429 00:58:10,236 --> 00:58:12,966 >> No, they're all your-- you've hard-coded all the stuff 1430 00:58:12,966 --> 00:58:14,356 in yourself so you don't need special chars. 1431 00:58:14,356 --> 00:58:16,416 >> Good. Only if I screwed up and actually put 1432 00:58:16,416 --> 00:58:18,606 like weird HTML tags in my dorm list. 1433 00:58:18,606 --> 00:58:20,746 If I can trust myself then I don't need 1434 00:58:20,746 --> 00:58:22,706 to bother calling HTML special chars here 1435 00:58:22,706 --> 00:58:25,036 because the data is coming from me not from the user. 1436 00:58:25,366 --> 00:58:28,786 Now, notice I am not in this version apparently doing what? 1437 00:58:28,786 --> 00:58:30,906 If the user fails to submit the form properly. 1438 00:58:31,226 --> 00:58:32,116 There's no if. 1439 00:58:32,116 --> 00:58:33,166 There's no else here. 1440 00:58:33,306 --> 00:58:34,776 So apparently, I am not going 1441 00:58:34,776 --> 00:58:40,216 to preselect this select menu's option if the user fills part 1442 00:58:40,216 --> 00:58:41,676 of the form but not all of it. 1443 00:58:41,946 --> 00:58:43,666 But you can imagine somewhere inside 1444 00:58:43,666 --> 00:58:47,146 of this loop probably having a condition check saying 1445 00:58:47,146 --> 00:58:50,256 if the current value in the array is equal-equal 1446 00:58:50,446 --> 00:58:53,586 to what the user submitted in POST, the superglobal, 1447 00:58:53,946 --> 00:58:56,376 then add what attribute to this option element. 1448 00:58:57,216 --> 00:58:59,476 For those-- if you recall from HTML, 1449 00:59:00,796 --> 00:59:03,576 selected so you just say selected and that's the one 1450 00:59:03,576 --> 00:59:05,996 that will be highlighted by default in the menu. 1451 00:59:06,136 --> 00:59:08,346 But I'll wave my hands at that as a sort 1452 00:59:08,346 --> 00:59:10,276 of fun project exercise potentially. 1453 00:59:10,626 --> 00:59:12,416 So at the top, where is the logic here? 1454 00:59:12,666 --> 00:59:14,246 So here is my array. 1455 00:59:14,546 --> 00:59:17,396 So frankly, it's kind of ugly syntax the PHP has for this. 1456 00:59:17,556 --> 00:59:20,406 You have to actually call the array function to make an array. 1457 00:59:20,866 --> 00:59:23,966 But this is how I've done it, $DORMS=array. 1458 00:59:24,046 --> 00:59:26,826 So this means a comma separated list of the things I want to put 1459 00:59:26,826 --> 00:59:29,446 in the array, close parenthesis, semicolon. 1460 00:59:29,766 --> 00:59:31,026 Now, I have my array. 1461 00:59:31,056 --> 00:59:34,406 And I called it, all caps, DORMS, just to send the message 1462 00:59:34,406 --> 00:59:36,916 that this is sort of like a global constant even though 1463 00:59:37,146 --> 00:59:41,046 if I goof, I could technically accidentally change this array. 1464 00:59:41,046 --> 00:59:43,216 And then the rest of the files pretty much copy 1465 00:59:43,216 --> 00:59:45,116 and paste from before. 1466 00:59:45,576 --> 00:59:45,746 All right. 1467 00:59:46,336 --> 00:59:49,696 So I think we're running out of ways of improving this 1468 00:59:49,766 --> 00:59:52,226 but let me propose just two final ideas, 1469 00:59:52,746 --> 00:59:55,446 one of which answers the shortcoming of the last. 1470 00:59:56,556 --> 00:59:58,836 What is this doing based on your inference 1471 00:59:58,836 --> 01:00:01,226 in line 76 and their about? 1472 01:00:03,536 --> 01:00:03,976 Yeah, Jack? 1473 01:00:04,516 --> 01:00:07,956 [ Inaudible Remark ] 1474 01:00:08,456 --> 01:00:10,896 Good. And there's one mistake in my code. 1475 01:00:11,776 --> 01:00:14,686 I'm again assuming that notices are disabled which is kind 1476 01:00:14,686 --> 01:00:18,036 of lazy of me, because what will this code do 1477 01:00:18,636 --> 01:00:20,606 erroneously sometimes? 1478 01:00:21,596 --> 01:00:21,826 Yeah? 1479 01:00:22,516 --> 01:00:28,006 [ Inaudible Remark ] 1480 01:00:28,506 --> 01:00:32,536 Exactly. So if the user did not actually submit the form yet, 1481 01:00:32,536 --> 01:00:33,916 and I'm iterating over this, 1482 01:00:33,916 --> 01:00:37,166 I'm accessing POST dorm even though it's not technically 1483 01:00:37,166 --> 01:00:37,726 there yet. 1484 01:00:37,836 --> 01:00:37,966 Yeah. 1485 01:00:37,966 --> 01:00:45,386 >> Question on line 80, when you do value equals 1486 01:00:46,236 --> 01:00:46,696 dorm [inaudible]. 1487 01:00:46,786 --> 01:00:48,556 >> Really good question. 1488 01:00:48,556 --> 01:00:49,676 Let's come back there, to this question 1489 01:00:49,676 --> 01:00:50,766 of dots in just a second. 1490 01:00:50,986 --> 01:00:52,486 So there's a couple ways to fix this, 1491 01:00:52,486 --> 01:00:55,996 the cheating way is kind a just do this and suppress it. 1492 01:00:56,446 --> 01:00:59,206 However, I would sometimes argue that this is kind 1493 01:00:59,206 --> 01:01:02,346 of reasonable here because the alternative is 1494 01:01:02,346 --> 01:01:08,526 if isset$_POST dorm and, so that would fix it. 1495 01:01:08,626 --> 01:01:10,756 But what do you dislike about this, perhaps? 1496 01:01:14,716 --> 01:01:15,356 >> It takes some space. 1497 01:01:15,356 --> 01:01:17,856 >> OK, take some space, but most anything we write will take 1498 01:01:17,856 --> 01:01:18,596 up some space. 1499 01:01:18,596 --> 01:01:20,546 But that's kind of fair. 1500 01:01:23,166 --> 01:01:29,856 Be a little more compelling than that. 1501 01:01:30,036 --> 01:01:34,116 What's bad about putting that check there? 1502 01:01:34,346 --> 01:01:35,486 What's two lines earlier? 1503 01:01:36,076 --> 01:01:36,196 >> Oh yeah. 1504 01:01:37,476 --> 01:01:39,556 You wouldn't want to-- you would want 1505 01:01:39,876 --> 01:01:41,606 to check before actually [inaudible]. 1506 01:01:42,466 --> 01:01:43,076 >> Exactly. 1507 01:01:43,076 --> 01:01:45,466 So, this kind a stupid that I'm doing this in a loop 1508 01:01:45,466 --> 01:01:47,816 because I'm asking literally, the same question again, 1509 01:01:47,866 --> 01:01:50,586 and again, and again for every dorm even though I should 1510 01:01:50,586 --> 01:01:53,536 technically only have to check if that variable set once 1511 01:01:54,046 --> 01:01:56,686 and then proceed to loop over the results. 1512 01:01:56,906 --> 01:01:59,366 But, frankly, if I've moved the if-- 1513 01:01:59,366 --> 01:02:03,026 if I move that check outside of the loop, 1514 01:02:03,026 --> 01:02:06,656 then I have to have another case where I spit 1515 01:02:06,656 --> 01:02:08,216 out the list by default. 1516 01:02:08,216 --> 01:02:09,916 So in short I'm going to actually wave my hands at this 1517 01:02:09,916 --> 01:02:11,806 because this is actually an interesting design problem 1518 01:02:11,806 --> 01:02:13,056 for something like a project 1519 01:02:13,266 --> 01:02:15,746 where you put those kinds of checks. 1520 01:02:16,236 --> 01:02:18,166 But for now, realize the take away is 1521 01:02:18,166 --> 01:02:19,946 that if I do put it here, it's good. 1522 01:02:19,946 --> 01:02:22,316 And frankly, it's probably not such a big deal 1523 01:02:22,316 --> 01:02:23,946 because this is a very short list. 1524 01:02:23,946 --> 01:02:25,186 The computer is like a gigahertz, 1525 01:02:25,186 --> 01:02:26,356 2 gigahertz, 3 gigahertz. 1526 01:02:26,356 --> 01:02:27,946 We're going to fly through this list anyway, 1527 01:02:28,356 --> 01:02:31,986 but realize that we are wasting some CPU cycles to check isset, 1528 01:02:31,986 --> 01:02:34,276 isset, isset, again and again. 1529 01:02:34,276 --> 01:02:34,446 Yeah. 1530 01:02:34,756 --> 01:02:36,576 >> How come you just put it on the outside 1531 01:02:36,576 --> 01:02:38,626 and then create some sort of variable 1532 01:02:38,766 --> 01:02:41,556 for [inaudible] make it true or false whether or not it's-- 1533 01:02:41,736 --> 01:02:44,926 >> So, absolutely, we could lessen the computational cost 1534 01:02:44,926 --> 01:02:47,996 here by storing the results of isset in a Boolean variable. 1535 01:02:48,086 --> 01:02:49,596 And I said Boolean but it's just a variable 1536 01:02:49,596 --> 01:02:51,876 because there's no data types you explicitly associate 1537 01:02:51,876 --> 01:02:54,086 with variables, and then we just check the value 1538 01:02:54,086 --> 01:02:54,836 of that variable. 1539 01:02:54,976 --> 01:02:57,706 We're still wasting a CPU cycle 1540 01:02:57,706 --> 01:02:59,466 or more checking that Boolean value. 1541 01:02:59,656 --> 01:03:02,386 But function calls like this tend to be more expensive 1542 01:03:02,386 --> 01:03:04,576 than actually checking variables. 1543 01:03:04,966 --> 01:03:07,156 With that said, it's not necessarily the case 1544 01:03:07,156 --> 01:03:09,586 that there's much overhead for isset since it's a native part 1545 01:03:09,586 --> 01:03:11,526 of the language so it could actually be implemented pretty 1546 01:03:11,526 --> 01:03:13,406 efficiently, so you could re-factor this. 1547 01:03:13,446 --> 01:03:15,696 But really, there's many different ways you could address 1548 01:03:15,696 --> 01:03:18,786 this and one of them might just be it's fine the way is it, 1549 01:03:19,056 --> 01:03:22,456 and in general for the project realized that when it comes time 1550 01:03:22,456 --> 01:03:24,026 to make decisions, if you realize you're kind 1551 01:03:24,026 --> 01:03:25,436 of struggling to decide on something 1552 01:03:25,766 --> 01:03:27,966 or you're very comfortable with your conclusion 1553 01:03:28,126 --> 01:03:29,616 but you think a reasonable person 1554 01:03:29,616 --> 01:03:31,996 like a teaching fellow might disagree with your perspective. 1555 01:03:31,996 --> 01:03:34,776 What we'll do always, is encourage you explain 1556 01:03:34,776 --> 01:03:37,116 and comments what your design decision was. 1557 01:03:37,146 --> 01:03:40,516 So, if were to prefix this loop saying, we're checking again 1558 01:03:40,516 --> 01:03:42,256 and again but it simplifies the code, 1559 01:03:42,256 --> 01:03:44,106 it improves the readability, you know, 1560 01:03:44,106 --> 01:03:45,926 that is a reasonable measurement of quality. 1561 01:03:45,926 --> 01:03:48,356 If it's more readable, if it's more succinct, less code. 1562 01:03:48,516 --> 01:03:50,106 That's actually not such a bad thing. 1563 01:03:50,136 --> 01:03:51,656 But justify it, because again, 1564 01:03:51,656 --> 01:03:55,536 all roles as the teaching staff will push back on you and say, 1565 01:03:55,536 --> 01:03:58,726 you know, maybe this is OK but if you didn't think about it 1566 01:03:58,886 --> 01:04:02,656 and then conclude consciously that his OK, then really, 1567 01:04:02,656 --> 01:04:04,806 we haven't done our job for not pointing that out. 1568 01:04:05,396 --> 01:04:07,256 All right, so that's a fix for that. 1569 01:04:07,606 --> 01:04:09,876 Let's do one last improvement here. 1570 01:04:10,176 --> 01:04:13,536 And it this case, what's going to be different here? 1571 01:04:13,536 --> 01:04:16,046 This time we're submitting notice to register8. 1572 01:04:16,496 --> 01:04:17,926 So let's take a look at what's ever 1573 01:04:17,926 --> 01:04:20,546 so slightly new here, register8. 1574 01:04:20,546 --> 01:04:22,826 So this is a little sneak preview 1575 01:04:22,826 --> 01:04:24,496 of something we won't do just yet. 1576 01:04:24,996 --> 01:04:27,966 But notice, as a sneak preview, how could we store this 1577 01:04:27,996 --> 01:04:30,706 in a database and more on this in a week or so? 1578 01:04:31,186 --> 01:04:33,806 We will soon see a technique whereby you can call function 1579 01:04:33,806 --> 01:04:36,266 like MySQL connect, and MySQL select, 1580 01:04:36,696 --> 01:04:38,236 and MYSQL real escape string 1581 01:04:38,236 --> 01:04:40,146 and we'll see cleaner alternatives to this. 1582 01:04:40,146 --> 01:04:42,036 We don't need to use these very verbose versions 1583 01:04:42,036 --> 01:04:43,756 that are tied fundamentally to MySQL. 1584 01:04:44,066 --> 01:04:46,386 But notice, down below is a little teaser 1585 01:04:46,386 --> 01:04:47,466 of another language. 1586 01:04:47,466 --> 01:04:52,016 Anyone know what language is being used in line 33 here? 1587 01:04:52,496 --> 01:04:54,126 Yeah, Axel? 1588 01:04:54,286 --> 01:04:59,296 >> That's my 33-- yeah, that's MySQL. 1589 01:05:00,706 --> 01:05:02,636 >> Good. And more generally, SQL, 1590 01:05:02,876 --> 01:05:06,066 so structured query language-- MySQL is the specific database 1591 01:05:06,366 --> 01:05:09,386 but the language in question is just SQL here. 1592 01:05:09,576 --> 01:05:11,946 So this will be a language we'll use in about a week 1593 01:05:11,946 --> 01:05:14,836 or two whereby we'll be able to query databases 1594 01:05:14,836 --> 01:05:17,536 for the information and also write information 1595 01:05:17,536 --> 01:05:20,046 into databases using a language like that that tends 1596 01:05:20,046 --> 01:05:21,926 to play pretty nicely with PHP. 1597 01:05:22,236 --> 01:05:23,696 So a sneak preview of what's to come. 1598 01:05:23,966 --> 01:05:25,296 And I offer this now as a teaser 1599 01:05:25,296 --> 01:05:26,956 because it's probably better rather 1600 01:05:26,956 --> 01:05:29,596 than emailing the resident advisor, all of the submissions 1601 01:05:29,596 --> 01:05:30,636 so that he or she then has to go 1602 01:05:30,636 --> 01:05:32,876 through their inbox finding the registrants putting 1603 01:05:32,876 --> 01:05:35,526 in a database, so that he or she can just pull up a webpage 1604 01:05:35,526 --> 01:05:37,706 with everyone, is probably a nice endgame 1605 01:05:37,706 --> 01:05:39,036 and definitely more consistent 1606 01:05:39,036 --> 01:05:41,456 with a truly the dynamic website. 1607 01:05:41,946 --> 01:05:43,946 Any questions? 1608 01:05:44,826 --> 01:05:44,936 Yeah. 1609 01:05:45,446 --> 01:05:46,726 >> What are some of the difference 1610 01:05:47,396 --> 01:05:47,926 between MySQL like [inaudible]? 1611 01:05:48,366 --> 01:05:53,756 >> It's a good question and kind of a loaded big question. 1612 01:05:53,756 --> 01:05:55,226 So we'll come back to this if that's OK 1613 01:05:55,226 --> 01:05:56,946 when we actually talk databases. 1614 01:05:57,416 --> 01:06:01,646 But MYSQL and Oracle and Microsoft Access and PostgreSQL 1615 01:06:01,646 --> 01:06:04,536 and a bunch of others are relational databases 1616 01:06:04,876 --> 01:06:07,096 which mean-- and they are SQL databases, 1617 01:06:07,376 --> 01:06:10,856 which means they store information generally in tables. 1618 01:06:10,856 --> 01:06:13,686 And the table-- a table is something with rows and columns 1619 01:06:13,936 --> 01:06:15,036 like in Excel spreadsheet. 1620 01:06:15,266 --> 01:06:17,826 And as we'll see, this is nice because if you submitting 1621 01:06:17,866 --> 01:06:20,226 like registrations for sports you can think 1622 01:06:20,226 --> 01:06:23,456 of a nice spreadsheet as being row by row by row by row 1623 01:06:23,456 --> 01:06:25,126 of all the students who were registered. 1624 01:06:25,486 --> 01:06:28,326 But things get a little messier if you realize, "Wait a minute. 1625 01:06:28,326 --> 01:06:30,806 I'm storing Matthews, Matthews, Matthews, Matthews, 1626 01:06:30,806 --> 01:06:33,556 the dormitory for all of these students again and again 1627 01:06:33,556 --> 01:06:37,446 and again, and I'm spending M-A-T-T-H-E-W-S, 1628 01:06:37,576 --> 01:06:40,596 8 bites at least to store Matthews again 1629 01:06:40,596 --> 01:06:41,416 and again and again. 1630 01:06:41,416 --> 01:06:43,766 It feels like I should be able to factor that out, 1631 01:06:43,936 --> 01:06:47,356 maybe give Matthews the dormitory a unique number like 3 1632 01:06:47,566 --> 01:06:50,236 and the associate only the number 3 with all 1633 01:06:50,236 --> 01:06:52,926 of the students to save on space and improve efficiency. 1634 01:06:53,186 --> 01:06:54,696 So then I have a second table. 1635 01:06:54,696 --> 01:06:57,526 And if you continue that logic for larger projects, 1636 01:06:57,526 --> 01:07:00,116 you get more and more tables and more and more complexity. 1637 01:07:00,406 --> 01:07:05,086 And you start to lose the object-oriented nature f 1638 01:07:05,086 --> 01:07:05,746 some entities. 1639 01:07:05,796 --> 01:07:09,166 So you can think of a student as being an object 1640 01:07:09,166 --> 01:07:11,106 or a student has a name, student has an ID, 1641 01:07:11,106 --> 01:07:12,086 student has an address. 1642 01:07:12,426 --> 01:07:14,386 The problem were, A, arguable problem 1643 01:07:14,386 --> 01:07:15,716 with relational databases is 1644 01:07:15,716 --> 01:07:18,456 that you essentially have flatten objects like students 1645 01:07:18,616 --> 01:07:20,516 into very flat things like rows. 1646 01:07:20,816 --> 01:07:22,776 And this tends to get annoying if nothing, if nothing else. 1647 01:07:22,776 --> 01:07:25,776 And it can also be subpar for performance in some context. 1648 01:07:26,046 --> 01:07:29,086 So all the [inaudible] these days is this NoSQL momentum, 1649 01:07:29,086 --> 01:07:32,196 which generally refers to other types of database more on-- 1650 01:07:32,196 --> 01:07:33,736 generally known as document stores 1651 01:07:34,066 --> 01:07:37,776 or object-oriented databases, where if you have a objects 1652 01:07:37,876 --> 01:07:40,886 in the Java sense or in the Java script sense, 1653 01:07:41,156 --> 01:07:43,746 you just store the objects in the database and you don't worry 1654 01:07:43,746 --> 01:07:45,536 about the somewhat arbitrary world 1655 01:07:45,536 --> 01:07:47,956 of serializing things to rows and columns. 1656 01:07:48,656 --> 01:07:51,506 So let me live that as our teaser for now, 1657 01:07:51,506 --> 01:07:54,036 of what's to come when we get there, but we will focus 1658 01:07:54,036 --> 01:07:57,416 in this class, mostly on relational databases and mostly 1659 01:07:57,416 --> 01:08:00,626 on MySQL the particular incarnation thereof. 1660 01:08:01,476 --> 01:08:04,156 All right, so tonight so that we can equip you fully 1661 01:08:04,156 --> 01:08:06,286 for the first project which again we'll be going g 1662 01:08:06,286 --> 01:08:07,146 out the door on Monday. 1663 01:08:07,316 --> 01:08:09,116 We'll probably will use the full class time, 1664 01:08:09,116 --> 01:08:10,076 so we'll probably take a couple 1665 01:08:10,076 --> 01:08:12,876 of breaks tonight before section just to set your expectations. 1666 01:08:12,966 --> 01:08:14,706 But why don't we go and have a five minute break now, 1667 01:08:14,706 --> 01:08:17,746 and we'll regroup with another tour with PHP. 1668 01:08:19,056 --> 01:08:22,576 All right. 1669 01:08:22,646 --> 01:08:23,396 We are back. 1670 01:08:23,536 --> 01:08:27,816 So, what is this? 1671 01:08:28,026 --> 01:08:28,176 Yes? 1672 01:08:28,706 --> 01:08:29,336 >> Facebook login. 1673 01:08:29,566 --> 01:08:30,196 >> OK, good. 1674 01:08:30,606 --> 01:08:32,846 So, probably looks familiar to many of you. 1675 01:08:32,846 --> 01:08:34,256 So this is Facebook's login screen, 1676 01:08:34,256 --> 01:08:36,586 representing a typical login form, 1677 01:08:37,096 --> 01:08:40,916 whereby you have username field of some sort, password field 1678 01:08:40,916 --> 01:08:42,536 of some sort, a log in button, 1679 01:08:42,746 --> 01:08:44,486 and then generally this little chec box 1680 01:08:44,516 --> 01:08:46,226 that somehow keeps you logged in. 1681 01:08:46,226 --> 01:08:47,636 So what we've done thus far 1682 01:08:47,636 --> 01:08:50,276 with our PHP examples is we've started to take user input 1683 01:08:50,276 --> 01:08:53,206 in terms of forms but it's been fairly stateless. 1684 01:08:53,206 --> 01:08:55,826 As soon as the user submits the form, if it is all correct, 1685 01:08:56,086 --> 01:08:58,846 it gets dumped to some database as we most recently saw 1686 01:08:58,846 --> 01:09:01,306 or it gets emailed or nothing happens to it altogether. 1687 01:09:01,516 --> 01:09:03,156 But that's it, there's no recollection 1688 01:09:03,156 --> 01:09:06,326 that the user have filled out this form or remembering, 1689 01:09:06,326 --> 01:09:07,736 really, who they are at all. 1690 01:09:07,976 --> 01:09:10,476 So now let's take a difference scenario, a very common one 1691 01:09:10,476 --> 01:09:13,606 that of authentication, and actually enabling users to log 1692 01:09:13,606 --> 01:09:17,296 in to a website so that they can access content that's somehow 1693 01:09:17,296 --> 01:09:19,696 restricted to certain people based on their username. 1694 01:09:19,696 --> 01:09:22,586 And to do this, now, we have to implement and code that notion 1695 01:09:22,586 --> 01:09:24,696 of the hand stamp that we talked about last week, 1696 01:09:24,696 --> 01:09:28,596 whereby once I log in I need you on every subsequent page 1697 01:09:28,596 --> 01:09:31,076 that I visit to remember that I'm not logged in, 1698 01:09:31,076 --> 01:09:35,906 so that there's not some annoying repetition 1699 01:09:35,906 --> 01:09:38,666 of asking me username and password, username and password, 1700 01:09:38,666 --> 01:09:41,026 every time I tried to click a subsequent page. 1701 01:09:41,356 --> 01:09:44,666 So how is this sort of virtual hand stamp implemented could 1702 01:09:44,666 --> 01:09:44,916 we say? 1703 01:09:45,926 --> 01:09:49,166 What's the secret sauce for this feature? 1704 01:09:49,296 --> 01:09:49,546 Jack? 1705 01:09:49,686 --> 01:09:50,306 >> Session 1706 01:09:50,626 --> 01:09:52,356 >> Yeah. So session, but what does that mean? 1707 01:09:52,686 --> 01:09:55,286 >> Something that you can tell whether 1708 01:09:55,286 --> 01:09:57,426 or not the browser has already gone through this 1709 01:09:57,426 --> 01:10:00,936 and the user has already put in their username and password-- 1710 01:10:01,156 --> 01:10:02,096 >> Good. Good. 1711 01:10:02,096 --> 01:10:04,326 So in general, a session in the context 1712 01:10:04,326 --> 01:10:06,836 of early web development irrespective of language has 1713 01:10:06,836 --> 01:10:10,036 to do with some state that is associated with the current user 1714 01:10:10,226 --> 01:10:12,796 and that state is unique to that user are not shared 1715 01:10:12,796 --> 01:10:13,636 across all users. 1716 01:10:13,636 --> 01:10:15,376 And PHP as we've seen from that list 1717 01:10:15,376 --> 01:10:18,656 on Wednesday has a superglobal called session-- 1718 01:10:18,656 --> 01:10:23,376 $_session in which we can store mechanically any variables 1719 01:10:23,376 --> 01:10:24,496 and values that we want. 1720 01:10:24,686 --> 01:10:25,036 Axel? 1721 01:10:25,576 --> 01:10:28,766 >> I was just thinking, I think session 1722 01:10:29,076 --> 01:10:31,596 in PHP stores session [inaudible]. 1723 01:10:31,946 --> 01:10:34,856 >> OK. Not quite. 1724 01:10:34,856 --> 01:10:38,166 So we'll actually pull the layer back off 1725 01:10:38,166 --> 01:10:39,986 of the session object in just a moment. 1726 01:10:39,986 --> 01:10:43,546 So let's first see how we do it in code at a high level 1727 01:10:43,546 --> 01:10:44,876 and then [inaudible] back that later 1728 01:10:44,876 --> 01:10:47,076 and see how the session superglobal, itself, 1729 01:10:47,326 --> 01:10:48,406 is actually implemented. 1730 01:10:48,406 --> 01:10:50,406 And we even try sniffing some additional code 1731 01:10:50,716 --> 01:10:52,296 to see what's going on underneath the hood. 1732 01:10:52,596 --> 01:10:54,536 So let me go ahead and open up a file, 1733 01:10:54,536 --> 01:10:56,896 no longer in my Frosh IMs directory 1734 01:10:56,896 --> 01:10:58,546 but instead in log in directory. 1735 01:10:58,726 --> 01:11:00,336 All these codes available online. 1736 01:11:00,496 --> 01:11:02,656 And I have this little cheat sheet here just for notice. 1737 01:11:03,146 --> 01:11:04,926 And let's fix this error first. 1738 01:11:05,296 --> 01:11:07,266 So I've gotten a lazy here in this file. 1739 01:11:07,266 --> 01:11:09,246 This homepage is just meant to give me hyperlinks 1740 01:11:09,286 --> 01:11:12,406 to the four version of log in demo that I put together. 1741 01:11:12,836 --> 01:11:16,156 What have I done wrong and where is that error? 1742 01:11:16,426 --> 01:11:17,526 Let's get into the habit 1743 01:11:17,526 --> 01:11:19,086 of reading these error messages now. 1744 01:11:19,716 --> 01:11:23,006 It's a little small. 1745 01:11:23,006 --> 01:11:25,276 The font, I can zoom in if that will help. 1746 01:11:26,426 --> 01:11:33,746 Tell me exactly what to do. 1747 01:11:33,986 --> 01:11:35,386 We've seen this before. 1748 01:11:35,606 --> 01:11:36,086 Yeah, Jack. 1749 01:11:41,006 --> 01:11:45,756 >> Authenticating is not defined to be any value. 1750 01:11:45,756 --> 01:11:47,886 >> OK. And what must authenticated be? 1751 01:11:48,396 --> 01:11:49,386 >> Some sort of value. 1752 01:11:49,526 --> 01:11:50,686 Some sort of variable that-- 1753 01:11:50,686 --> 01:11:54,446 >> Good. Yeah, so we saw this before with my error variable. 1754 01:11:54,446 --> 01:11:56,636 This time it's apparently called authenticated. 1755 01:11:56,636 --> 01:11:58,836 And that kind of make sense, right, if the whole goal 1756 01:11:59,126 --> 01:12:01,586 as I've just promised is to implement the notion of logging 1757 01:12:01,586 --> 01:12:03,746 and make sense that there might be a variable called 1758 01:12:03,746 --> 01:12:06,396 authenticated, which is true or false base on whether 1759 01:12:06,396 --> 01:12:07,796 or not I have logged in. 1760 01:12:08,046 --> 01:12:11,146 And it apparently is on line 24 of home.php. 1761 01:12:11,146 --> 01:12:13,186 So, what's the fix for this probably going to be? 1762 01:12:13,556 --> 01:12:14,036 >> Isset? 1763 01:12:14,466 --> 01:12:15,586 >> Isset. So let's do that. 1764 01:12:15,586 --> 01:12:19,786 Let me open up my log in directory, 1765 01:12:19,786 --> 01:12:23,326 home.php line 24 and-- there it is. 1766 01:12:23,616 --> 01:12:24,716 I got a little lazy. 1767 01:12:24,826 --> 01:12:27,186 Well, let me just point out a couple of other techniques 1768 01:12:27,186 --> 01:12:28,886 for dealing with this kind of issue. 1769 01:12:28,886 --> 01:12:34,846 So one, realize that this big loud orange error message is not 1770 01:12:34,846 --> 01:12:35,976 the default behavior for PHP. 1771 01:12:35,976 --> 01:12:38,046 We have installed in the appliance, 1772 01:12:38,046 --> 01:12:40,706 and this freely available on other servers as well, 1773 01:12:40,996 --> 01:12:43,796 a tool called Xdebug, which is a tool 1774 01:12:43,846 --> 01:12:48,516 that makes PHP's errors more verbose for diagnostic purposes. 1775 01:12:48,816 --> 01:12:50,536 And it's not that interesting here 1776 01:12:50,536 --> 01:12:52,126 because we have very little code, 1777 01:12:52,386 --> 01:12:57,296 but it also gives you what's called a call-- 1778 01:12:57,586 --> 01:13:02,046 a trace of all of the functions that have been executed to get 1779 01:13:02,046 --> 01:13:03,706 as to the point of this error. 1780 01:13:03,956 --> 01:13:05,106 In this case is not interesting 1781 01:13:05,106 --> 01:13:07,246 because only one function was called to get us here 1782 01:13:07,246 --> 01:13:09,296 and it's even an explicit function, it's just main, 1783 01:13:09,296 --> 01:13:11,466 the sort of default file that we're in, 1784 01:13:11,686 --> 01:13:14,176 but it does identify the file as being home.php 1785 01:13:14,176 --> 01:13:16,796 in the orange message, home is closer 1786 01:13:17,006 --> 01:13:18,466 on where the error message is. 1787 01:13:18,466 --> 01:13:19,496 So just realize, you don't get this 1788 01:13:19,496 --> 01:13:20,976 on all servers unless it's enabled. 1789 01:13:21,156 --> 01:13:23,166 But for us, pedagogically, it's definitely useful 1790 01:13:23,166 --> 01:13:24,316 because you see a bit more. 1791 01:13:24,556 --> 01:13:26,376 So I can fix this in a couple of ways. 1792 01:13:26,376 --> 01:13:30,706 Let me go in to home.php and I'm going kind 1793 01:13:31,106 --> 01:13:33,996 of do this, suppress NOTICEs. 1794 01:13:34,086 --> 01:13:38,416 And I'm going to do, error reporting and I'm going 1795 01:13:38,416 --> 01:13:42,856 to say E_ALL X or E_ NOTICE. 1796 01:13:43,156 --> 01:13:44,606 So let me see if I got this right. 1797 01:13:45,246 --> 01:13:47,156 Here we go. 1798 01:13:47,286 --> 01:13:48,646 So gone, problem solved. 1799 01:13:49,086 --> 01:13:49,676 Well, not really. 1800 01:13:49,676 --> 01:13:50,956 This is what I meant earlier about sort 1801 01:13:50,956 --> 01:13:52,216 of sweeping thing under rug. 1802 01:13:52,216 --> 01:13:52,866 What have I done? 1803 01:13:52,866 --> 01:13:56,366 I've told PHP to no longer tell me about notices. 1804 01:13:56,576 --> 01:14:00,016 Now, this is sometimes done on server, but again, 1805 01:14:00,016 --> 01:14:02,416 it tends to hide shortcoming in your own code. 1806 01:14:02,706 --> 01:14:04,986 But where is the setting coming form in the first place? 1807 01:14:04,986 --> 01:14:07,446 Well, let me go back to my terminal window and recall 1808 01:14:07,446 --> 01:14:09,346 that I can become the super-user, 1809 01:14:09,346 --> 01:14:13,446 the administrative user, by doing sudo, SU. 1810 01:14:13,726 --> 01:14:16,556 And now I'm going go into ETC, and then I'm going to open 1811 01:14:16,556 --> 01:14:20,436 up a file called php.ini, which stands for initialization. 1812 01:14:20,436 --> 01:14:21,466 And that's going to open 1813 01:14:21,466 --> 01:14:23,336 up a big config file, this one for PHP. 1814 01:14:23,336 --> 01:14:26,496 And I'm going to search for error reporting. 1815 01:14:26,496 --> 01:14:29,406 And on line 112, there's some documentation 1816 01:14:29,726 --> 01:14:32,076 for whatever reason PHP use semicolons 1817 01:14:32,076 --> 01:14:33,456 for their comments' character, 1818 01:14:33,456 --> 01:14:35,926 so all these blue texts is comments, so let's keep looking, 1819 01:14:36,126 --> 01:14:40,426 oops, error reporting, is this. 1820 01:14:41,076 --> 01:14:43,076 So notice in line 513, 1821 01:14:43,076 --> 01:14:45,706 this php.ini file has the following line, 1822 01:14:45,706 --> 01:14:49,746 error_reporting equals E_ALL and not E deprecated. 1823 01:14:50,146 --> 01:14:53,936 So in other words, this is PHP's config line that's saying show 1824 01:14:53,936 --> 01:14:56,906 me all messages except those related to deprecated functions. 1825 01:14:57,176 --> 01:14:58,076 That's just the default. 1826 01:14:58,076 --> 01:14:59,386 They came with this installation 1827 01:14:59,696 --> 01:15:04,146 but that is why notices are displayed, E_notice, E_warning, 1828 01:15:04,146 --> 01:15:06,296 E_error, are all separate constants 1829 01:15:06,296 --> 01:15:07,196 that you can manipulate. 1830 01:15:07,436 --> 01:15:09,906 And this is beyond the scope of the class for the most part 1831 01:15:09,906 --> 01:15:11,916 but the single ampersand operator 1832 01:15:11,916 --> 01:15:14,086 for those familiar, is what operator? 1833 01:15:16,816 --> 01:15:21,796 Bitwise and-- the tilde is the bitwise not operator 1834 01:15:21,796 --> 01:15:22,696 in invert bits. 1835 01:15:22,886 --> 01:15:24,916 And the caret symbol is XOR. 1836 01:15:24,916 --> 01:15:26,846 If unfamiliar with bitwise operators, 1837 01:15:27,126 --> 01:15:30,226 realize that there's a whole horizon of computer science 1838 01:15:30,226 --> 01:15:33,166 and programing ahead of you but for now we won't dwell too much 1839 01:15:33,166 --> 01:15:34,356 on those details, but it has to do 1840 01:15:34,356 --> 01:15:36,076 with manipulating low level bits double bits, 1841 01:15:36,076 --> 01:15:38,956 which is an efficient way of setting flags, so that speak, 1842 01:15:38,956 --> 01:15:40,866 setting values for configuration. 1843 01:15:40,866 --> 01:15:44,636 But for now, realize that this is a possible approach 1844 01:15:44,886 --> 01:15:46,386 but the not the right solution here. 1845 01:15:46,386 --> 01:15:48,966 Instead, what should we do on line 24 1846 01:15:48,966 --> 01:15:50,866 to fix this problem more properly? 1847 01:15:52,466 --> 01:15:54,466 [ Inaudible Remark ] 1848 01:15:54,916 --> 01:15:56,836 Yeah. So let's go back isset. 1849 01:15:57,456 --> 01:16:00,236 So, if it's set then you are logged in, presumably. 1850 01:16:00,746 --> 01:16:01,296 All right. 1851 01:16:01,526 --> 01:16:03,606 So, let's take a look now what Home is doing. 1852 01:16:04,096 --> 01:16:05,966 If authenticated isset 1853 01:16:06,196 --> 01:16:09,176 in the session superglobal just tell the user you are logged in 1854 01:16:09,176 --> 01:16:11,286 and to tell them you are not logged in. 1855 01:16:11,286 --> 01:16:12,246 And what else am I doing? 1856 01:16:12,246 --> 01:16:14,476 I'm also providing them with a handy little log out link 1857 01:16:14,476 --> 01:16:15,616 if they are in fact logged in. 1858 01:16:16,026 --> 01:16:18,906 So let's now go back to the browser just to see this again 1859 01:16:18,906 --> 01:16:21,256 in context, and indeed the result 1860 01:16:21,256 --> 01:16:22,596 of this webpage looks like this. 1861 01:16:22,886 --> 01:16:25,706 You are not logged in and if I look at the source in Chrome, 1862 01:16:25,706 --> 01:16:27,986 should I see any PHP code? 1863 01:16:27,986 --> 01:16:29,986 No, better not otherwise something is wrong 1864 01:16:29,986 --> 01:16:30,736 with my server. 1865 01:16:30,946 --> 01:16:33,176 Now, as an aside to one of the axis along 1866 01:16:33,176 --> 01:16:35,446 which we grade projects is this thing of style, 1867 01:16:35,446 --> 01:16:37,476 how pretty is your code, how well indented, 1868 01:16:37,476 --> 01:16:38,856 is it variables and so fort. 1869 01:16:39,116 --> 01:16:41,366 Realize that when we do evaluate style we care 1870 01:16:41,366 --> 01:16:43,486 about your PHP files, we do not care 1871 01:16:43,486 --> 01:16:47,536 about the resulting HTLM files, because notice this looks great 1872 01:16:47,536 --> 01:16:51,636 in my gedit, editor but it looks all misintended here, 1873 01:16:51,796 --> 01:16:54,596 that's fine, so long it's readable in source version, 1874 01:16:54,596 --> 01:16:56,456 we don't care what the resulting HTML is. 1875 01:16:56,456 --> 01:16:58,276 And this is simply because of your indentation 1876 01:16:58,276 --> 01:17:01,136 in your PHP file that this is getting a little messed up here. 1877 01:17:01,136 --> 01:17:03,026 So just realize this is not a big deal here 1878 01:17:03,026 --> 01:17:05,286 and the browser certainly does not care. 1879 01:17:05,816 --> 01:17:08,206 So, let's look at version 1 of a log in demo, 1880 01:17:08,526 --> 01:17:10,616 and let's go ahead and try to log in. 1881 01:17:10,616 --> 01:17:13,066 I'm going to try to log in as jharvard with no password. 1882 01:17:13,166 --> 01:17:14,596 Log in. OK. 1883 01:17:14,806 --> 01:17:18,116 So it's not read but we seem to have a very similar mechanism 1884 01:17:18,116 --> 01:17:19,946 to what we did earlier with registration. 1885 01:17:20,266 --> 01:17:23,296 Let me try, jharvard, crimson as his password. 1886 01:17:23,296 --> 01:17:25,296 Log in. That's pretty cool. 1887 01:17:25,296 --> 01:17:27,026 Even Chrome realizes I logged in. 1888 01:17:27,026 --> 01:17:28,916 So let me disable this Chrome thing just 1889 01:17:28,916 --> 01:17:30,746 so we don't capture our passwords. 1890 01:17:31,426 --> 01:17:32,046 Cancel that. 1891 01:17:32,226 --> 01:17:33,826 So now, notice, this has changed in. 1892 01:17:33,826 --> 01:17:35,316 Changed. You are logged in. 1893 01:17:35,886 --> 01:17:38,456 Now, let's infer from what we saw 1894 01:17:38,456 --> 01:17:41,226 on home.php, how log-ins work. 1895 01:17:41,756 --> 01:17:44,646 Suppose jharvard and crimson were indeed my correct username 1896 01:17:44,646 --> 01:17:50,556 and password, what must the PHP code to which my username 1897 01:17:50,556 --> 01:17:53,966 and password were submitted, must have done in order 1898 01:17:53,966 --> 01:17:56,846 for home.php to know that I am now logged in? 1899 01:17:56,846 --> 01:17:58,806 >> It must have set the authenticated variable 1900 01:17:58,806 --> 01:18:01,076 to true or to something. 1901 01:18:01,226 --> 01:18:01,876 >> Exactly. 1902 01:18:01,996 --> 01:18:05,226 So, the login1.php, as we'll soon see, 1903 01:18:05,716 --> 01:18:07,916 set a variable called authenticated to true 1904 01:18:07,916 --> 01:18:11,526 or to something and home.php is that now checking the value 1905 01:18:11,526 --> 01:18:12,506 of that same variable. 1906 01:18:12,836 --> 01:18:14,786 So, notice we have crosstalk essentially 1907 01:18:14,786 --> 01:18:15,816 between two files here. 1908 01:18:15,816 --> 01:18:18,606 We're not doing this on one huge file, so it is possible 1909 01:18:18,606 --> 01:18:21,706 for different PHP files to intercommunicate so long 1910 01:18:21,706 --> 01:18:25,576 as they each do one terribly important thing, 1911 01:18:25,576 --> 01:18:29,026 and that is specifically this here. 1912 01:18:29,256 --> 01:18:31,266 Notice in home.php, there was a line 1913 01:18:31,266 --> 01:18:33,726 that I didn't draw our attention to earlier but at the very top, 1914 01:18:33,726 --> 01:18:35,886 line 12, session_start. 1915 01:18:36,316 --> 01:18:40,786 If you want to use $_session, you must, must, 1916 01:18:41,096 --> 01:18:42,966 must call that function. 1917 01:18:43,156 --> 01:18:46,846 And you must call that function at the very top of your code. 1918 01:18:47,176 --> 01:18:51,416 You cannot spit out any HTML before calling that function. 1919 01:18:51,416 --> 01:18:52,876 And the reason will become clear in the bit. 1920 01:18:52,876 --> 01:18:55,136 It has to do with HTTP headers, and the fact 1921 01:18:55,136 --> 01:18:58,336 that function actually generates some HTTP headers related 1922 01:18:58,336 --> 01:18:58,866 to cookies. 1923 01:18:59,266 --> 01:19:01,276 And just to be super annoying, 1924 01:19:01,716 --> 01:19:04,576 realize that you can't' even screw up, 1925 01:19:04,576 --> 01:19:07,736 if you accidentally have white space at the top of your file 1926 01:19:07,736 --> 01:19:09,286 like that, I just try to Enter key, 1927 01:19:09,536 --> 01:19:12,046 that will break session and cookies. 1928 01:19:12,226 --> 01:19:14,586 Why? Again, we'll see in more detail in a moment 1929 01:19:14,786 --> 01:19:17,666 but that's saying to the PHP interpreter, here's a line 1930 01:19:17,666 --> 01:19:19,316 of white space, spit it out. 1931 01:19:19,686 --> 01:19:22,936 But then later, on line 13, your calling session_start 1932 01:19:23,156 --> 01:19:25,966 which is going to tell PHP, "Send these HTTP headers 1933 01:19:26,226 --> 01:19:27,046 but you missed your change." 1934 01:19:27,556 --> 01:19:30,646 Headers must come before all other output including white 1935 01:19:30,646 --> 01:19:35,366 space, so a very common mistake in PHP is having a leading 1936 01:19:35,366 --> 01:19:37,806 or trailing white space in the wrong places 1937 01:19:38,136 --> 01:19:41,216 so get super nit-picky yourself 1938 01:19:41,326 --> 01:19:43,756 about making sure you don't have those tiny stupid little 1939 01:19:43,756 --> 01:19:45,446 mistakes at the top and the bottoms 1940 01:19:45,446 --> 01:19:47,426 of your files, in particular. 1941 01:19:47,676 --> 01:19:49,006 So, for now, just take on faith 1942 01:19:49,006 --> 01:19:51,596 that you must call session_start both in home, 1943 01:19:51,806 --> 01:19:56,886 hp if he's access the superglobal as well as in login1 1944 01:19:57,166 --> 01:19:59,026 which is the file that's apparently doing this magic. 1945 01:19:59,026 --> 01:19:59,836 So, let's take a look at this file. 1946 01:20:00,846 --> 01:20:03,786 So in login1.php, we start with some comments. 1947 01:20:04,146 --> 01:20:06,976 I then enabled sessions with session_start. 1948 01:20:07,306 --> 01:20:08,366 Now, I'm kind of cheating. 1949 01:20:08,366 --> 01:20:09,226 I don't have a database 1950 01:20:09,226 --> 01:20:10,766 yet because we haven't gone into that lecture. 1951 01:20:10,766 --> 01:20:12,616 So for now, I'm just going to define some constants. 1952 01:20:12,976 --> 01:20:15,816 This is the syntax in PHP for defining constants, 1953 01:20:15,816 --> 01:20:18,576 by definition, their values cannot change. 1954 01:20:19,286 --> 01:20:20,796 I use all caps by convention. 1955 01:20:21,146 --> 01:20:23,356 And now notice I have some code that's kind of borrowed 1956 01:20:23,356 --> 01:20:24,966 from the Frosh IMs example. 1957 01:20:25,346 --> 01:20:30,256 If user isset in POST and pass isset in POST, 1958 01:20:30,476 --> 01:20:33,166 that doesn't mean they're correct but it does mean what? 1959 01:20:34,026 --> 01:20:34,116 Yeah? 1960 01:20:34,646 --> 01:20:39,506 >> That the user actually typed their username 1961 01:20:39,686 --> 01:20:40,706 and password in the form. 1962 01:20:40,706 --> 01:20:41,396 >> Exactly. 1963 01:20:41,396 --> 01:20:44,406 That the user typed their username and password 1964 01:20:44,406 --> 01:20:47,996 in the form which is now enough of a starting point for us 1965 01:20:47,996 --> 01:20:52,066 to check the validity of that username and password. 1966 01:20:52,066 --> 01:20:54,186 By contrast with Frosh IMs, 1967 01:20:54,266 --> 01:20:56,976 I kind of had this middleman an action parameter 1968 01:20:56,976 --> 01:21:00,936 that I just used so that minimally, 1969 01:21:00,936 --> 01:21:04,466 there was always one parameter that was submitted 1970 01:21:04,466 --> 01:21:07,136 but in this case of a form with just two values, 1971 01:21:07,136 --> 01:21:08,766 I don't need that action. 1972 01:21:08,766 --> 01:21:12,456 I could just check for username and password 1973 01:21:12,456 --> 01:21:14,906 because that's actually what I care about. 1974 01:21:14,906 --> 01:21:18,246 There's no optionality here. 1975 01:21:18,246 --> 01:21:22,646 So if-- here's the magic, if the user key equals-equals USER 1976 01:21:22,646 --> 01:21:25,616 and the PASS key equals-equals PASS, 1977 01:21:25,616 --> 01:21:28,046 those are our constants recall, then remember 1978 01:21:28,046 --> 01:21:29,166 that the user's logged in. 1979 01:21:29,166 --> 01:21:32,496 How well as Jack proposed, here's the secret line of codes, 1980 01:21:32,496 --> 01:21:35,306 SESSION authenticated equals true 1981 01:21:35,866 --> 01:21:45,976 which is not only setting it to true, it is just setting it 1982 01:21:45,976 --> 01:21:48,626 in the first place, thereby making isset happy later. 1983 01:21:48,626 --> 01:21:51,216 And I scroll down further, what I'm going to do? 1984 01:21:51,216 --> 01:21:53,096 I'm going to redirect the user. 1985 01:21:53,096 --> 01:21:56,036 Now, this is a little more complex than we've seen before. 1986 01:21:56,036 --> 01:21:59,726 And it's adapted from actually PHP's documentation. 1987 01:21:59,726 --> 01:22:01,166 There's other ways to do this. 1988 01:22:01,336 --> 01:22:04,156 But what was stupid about my previous attempts 1989 01:22:04,156 --> 01:22:05,096 of redirection? 1990 01:22:05,096 --> 01:22:05,296 Yeah? 1991 01:22:05,296 --> 01:22:06,286 >> They went through the entire path. 1992 01:22:06,286 --> 01:22:07,326 >> Yeah, they have the entire path. 1993 01:22:07,326 --> 01:22:10,396 It was hard-coded which means localhost, 1994 01:22:10,456 --> 01:22:13,016 that's not even a real website like that will only work 1995 01:22:13,016 --> 01:22:17,086 on my own machine or other people's virtual machines. 1996 01:22:17,086 --> 01:22:19,326 It's not going to work on the internet 1997 01:22:19,326 --> 01:22:22,266 and it's not a fun exercise to upload all your files 1998 01:22:22,646 --> 01:22:25,846 to a server and then have to manually go through 1999 01:22:25,846 --> 01:22:31,396 and change hard-coded URLs that you should have not hard-coded. 2000 01:22:31,396 --> 01:22:33,096 So I'm generalizing now. 2001 01:22:33,096 --> 01:22:39,116 And notice, these few lines of codes achieves the following. 2002 01:22:39,116 --> 01:22:43,386 I first figured out what host I'm on. 2003 01:22:43,526 --> 01:22:47,006 It turns out there's another superglobal. 2004 01:22:47,006 --> 01:22:49,976 We mentioned it briefly on Wednesday, called server. 2005 01:22:49,976 --> 01:22:52,756 And these have some juicy information 2006 01:22:52,756 --> 01:22:58,206 like the user browser agents, the user agent string, Mozilla 2007 01:22:58,206 --> 01:22:59,946 or IE or what not, has their IP address. 2008 01:22:59,946 --> 01:23:05,466 And it also has the HTTP host that was in the host colon field 2009 01:23:05,566 --> 01:23:08,386 in the HTTP request that we saw on Monday. 2010 01:23:08,386 --> 01:23:11,366 So, this is just putting in a variable. 2011 01:23:11,366 --> 01:23:14,256 It doesn't have to be there but it's nice and clean. 2012 01:23:14,256 --> 01:23:15,056 And now, what's this? 2013 01:23:15,056 --> 01:23:19,236 Dirname, what is the directory name of server PHP_SELF? 2014 01:23:19,276 --> 01:23:23,296 So this is a little trick whereby PHP_SELF is another key 2015 01:23:23,296 --> 01:23:26,456 in this superglobal that refers to yourself, that's all. 2016 01:23:26,456 --> 01:23:28,196 The current strip, login1.php. 2017 01:23:28,196 --> 01:23:29,726 Dirname, when passed that path gives you everything 2018 01:23:30,126 --> 01:23:33,096 but your file name. 2019 01:23:33,666 --> 01:23:37,286 So this is a way of figuring 2020 01:23:37,286 --> 01:23:39,896 out programmatically what directory are you, 2021 01:23:39,896 --> 01:23:40,626 login1.php in. 2022 01:23:40,626 --> 01:23:43,126 Rtrim, just trim some white spaces needed reverse trim 2023 01:23:43,246 --> 01:23:46,326 or rather not white space, it's optional. 2024 01:23:46,326 --> 01:23:48,766 It's going to trim leading slashes as needed. 2025 01:23:48,766 --> 01:23:52,326 So that's just a little syntactic trick. 2026 01:23:52,326 --> 01:23:57,746 And the real interesting part is this last one. 2027 01:23:57,746 --> 01:24:02,276 Header, location colon HTTP host path home.php. 2028 01:24:02,276 --> 01:24:02,946 Now where did path come from? 2029 01:24:02,946 --> 01:24:04,136 The previous line. 2030 01:24:04,186 --> 01:24:06,376 Host came from the previous, previous line. 2031 01:24:06,376 --> 01:24:11,506 And home.php is hard-coded because that's 2032 01:24:11,506 --> 01:24:13,776 where I want to send the user. 2033 01:24:13,776 --> 01:24:19,616 Now, as an aside, you will often see this 2034 01:24:19,616 --> 01:24:21,916 in PHP code just redirect to the file. 2035 01:24:22,066 --> 01:24:24,376 And it does usually work. 2036 01:24:24,376 --> 01:24:28,626 And my God, that line is so much simpler 2037 01:24:28,626 --> 01:24:33,486 than the story we just told, with all this other code. 2038 01:24:38,696 --> 01:24:41,886 This is not technically correct. 2039 01:24:42,136 --> 01:24:47,486 Technically, when you send location headers, 2040 01:24:47,956 --> 01:24:52,756 they should be full URLs not relative URLs. 2041 01:24:53,066 --> 01:24:55,786 So the reason for jumping through these hoops 2042 01:24:55,786 --> 01:25:01,256 and borrowing this code from the manual is just to make sure 2043 01:25:01,296 --> 01:25:04,236 that all browsers are happy 2044 01:25:04,756 --> 01:25:10,726 by the location line that you're sending. 2045 01:25:12,046 --> 01:25:16,016 So it's-- this is a perfect candidate for a function 2046 01:25:16,016 --> 01:25:17,496 that you could write in PHP. 2047 01:25:17,496 --> 01:25:18,866 And generalize these yourselves. 2048 01:25:19,466 --> 01:25:21,256 So in fact, let me do a quick aside and this is not 2049 01:25:21,256 --> 01:25:25,966 in the best location here but I'll just do it real fast. 2050 01:25:25,966 --> 01:25:27,236 Let me do this. 2051 01:25:27,236 --> 01:25:30,406 Let me say if I wanted to implement a function in PHP, 2052 01:25:30,406 --> 01:25:32,026 we could do it like this. 2053 01:25:32,256 --> 01:25:35,436 Function, let's say file, and then let's go down here. 2054 01:25:35,926 --> 01:25:38,176 Let me paste in this code. 2055 01:25:38,176 --> 01:25:41,676 And what I'm going to do here is return let's say, 2056 01:25:41,676 --> 01:25:44,416 http://$host$path/$file. 2057 01:25:44,416 --> 01:25:48,246 So now notice, I could simplify all of this for instance to-- 2058 01:25:48,246 --> 01:25:50,126 actually let me go one step further rather than return this. 2059 01:25:50,376 --> 01:25:53,166 Let me do header, location:exit. 2060 01:25:53,166 --> 01:25:55,066 So in other words, this is a good candidate for factoring 2061 01:25:55,136 --> 01:25:56,386 out that kind of functionality. 2062 01:25:57,386 --> 01:26:00,216 So that up here, I could just say, redirect home.php. 2063 01:26:00,216 --> 01:26:03,326 And it just simplifies my life so much. 2064 01:26:03,326 --> 01:26:05,096 And I'll only write it once. 2065 01:26:05,516 --> 01:26:07,186 So in other words, just like you would 2066 01:26:07,506 --> 01:26:09,076 in most any other language. 2067 01:26:09,076 --> 01:26:13,296 Once you find yourself doing something again and again, 2068 01:26:13,426 --> 01:26:15,896 it's a prime candidate for factoring out to a function. 2069 01:26:15,896 --> 01:26:17,776 And we'll soon see ways of including one file in another 2070 01:26:17,806 --> 01:26:19,096 so I can literally have a file called functions.php, 2071 01:26:19,126 --> 01:26:20,056 which has all of my helper functions. 2072 01:26:20,086 --> 01:26:21,196 And I could paste what I just wrote down there 2073 01:26:21,226 --> 01:26:22,726 into another file and then access it with one line of code 2074 01:26:22,756 --> 01:26:23,506 that I've highlighted in blue there. 2075 01:26:23,536 --> 01:26:24,676 >> You need to name your function redirect first. 2076 01:26:24,706 --> 01:26:25,096 >> You're right, thanks. 2077 01:26:25,126 --> 01:26:26,326 Very good point, useless as I wrote it, redirect. 2078 01:26:26,356 --> 01:26:26,566 Thank you. 2079 01:26:26,596 --> 01:26:27,376 That's what it has to look like. 2080 01:26:27,406 --> 01:26:28,876 And many different ways to do this but same principles 2081 01:26:28,906 --> 01:26:29,836 as you would see in some other language. 2082 01:26:29,866 --> 01:26:31,036 All right, so let me just roll this effect back 2083 01:26:31,066 --> 01:26:32,056 so that we're back where we started here. 2084 01:26:32,086 --> 01:26:33,496 And now, recall that the behavior we saw before was this. 2085 01:26:33,526 --> 01:26:34,666 So, here's just another approach, to checking whether 2086 01:26:34,696 --> 01:26:35,686 or not a form was submitted or not. 2087 01:26:35,716 --> 01:26:36,766 The line below body, if count POST greater 2088 01:26:36,796 --> 01:26:37,576 than 0 echo INVALID LOGIN. 2089 01:26:37,606 --> 01:26:38,086 Why am I doing that? 2090 01:26:38,116 --> 01:26:39,316 We'll think back to the logic we just saw under, 2091 01:26:39,346 --> 01:26:40,546 what circumstances will the PHP interpreter reach 2092 01:26:40,576 --> 01:26:41,326 that line of code in this file? 2093 01:26:41,356 --> 01:26:42,736 Under what circumstances will the interpreter reach this 2094 01:26:42,766 --> 01:26:42,976 line here? 2095 01:26:43,516 --> 01:26:52,896 [ Pause ] 2096 01:26:53,396 --> 01:26:55,016 Yeah? Axel? 2097 01:26:55,236 --> 01:27:00,306 >> If it's-- If the username and password was correct? 2098 01:27:00,456 --> 01:27:02,736 >> Opposite. 2099 01:27:03,456 --> 01:27:03,906 >> Oh, OK. 2100 01:27:04,406 --> 01:27:05,996 >> Right? Because we're redirecting when. 2101 01:27:06,546 --> 01:27:10,796 >> When correct. 2102 01:27:10,966 --> 01:27:11,516 >> When correct. 2103 01:27:12,046 --> 01:27:14,576 So those if conditions there said if they give us username 2104 01:27:14,576 --> 01:27:17,206 and password and username is correct and password is correct, 2105 01:27:17,206 --> 01:27:19,196 then go ahead and remember 2106 01:27:19,196 --> 01:27:21,806 with authenticated equals true then redirect the user. 2107 01:27:21,966 --> 01:27:23,896 So by the time we've redirected and called exit, 2108 01:27:23,896 --> 01:27:24,986 the user is literally gone. 2109 01:27:24,986 --> 01:27:26,336 They're at home.php. 2110 01:27:26,336 --> 01:27:29,586 So the only circumstances in which we'll get down here is 2111 01:27:29,586 --> 01:27:32,726 if they haven't submitted the form yet in which case 2112 01:27:32,726 --> 01:27:37,186 that first check way up top where we checked is user set 2113 01:27:37,186 --> 01:27:39,196 and pass set are going to be false so we're going to drop 2114 01:27:39,196 --> 01:27:40,186 down to this part of the code. 2115 01:27:40,186 --> 01:27:42,136 And then also, we will get here. 2116 01:27:42,136 --> 01:27:46,946 If the user did submit the form but they screwed up somehow 2117 01:27:46,946 --> 01:27:49,436 and username was not equal to username-- 2118 01:27:49,466 --> 01:27:51,956 user or password was not right either, 2119 01:27:52,006 --> 01:27:53,356 one or two of those mistakes. 2120 01:27:53,916 --> 01:27:55,066 So, what am I doing here, 2121 01:27:55,116 --> 01:27:57,506 if count of POST is greater than zero? 2122 01:27:57,506 --> 01:28:00,746 So if I'm at this point in the code and there's something 2123 01:28:00,746 --> 01:28:05,126 in POST, that must mean that the user submitted the form 2124 01:28:05,256 --> 01:28:07,046 with a username and/or password. 2125 01:28:07,206 --> 01:28:09,116 And it must mean that they weren't correct 2126 01:28:09,116 --> 01:28:11,436 because otherwise, I would have exited earlier. 2127 01:28:11,926 --> 01:28:13,376 So this is just another technique. 2128 01:28:13,376 --> 01:28:14,906 Again, you can implement this kind of logic 2129 01:28:14,906 --> 01:28:16,036 in any number of ways. 2130 01:28:16,036 --> 01:28:17,866 This time I choose to do the count approach. 2131 01:28:18,126 --> 01:28:20,526 And that's OK because even if there's nothing in it, 2132 01:28:21,046 --> 01:28:24,946 POST will still be in array, a big associate of array 2133 01:28:25,146 --> 01:28:26,376 that might contain keys 2134 01:28:26,376 --> 01:28:28,216 but might not depending on what the user did. 2135 01:28:28,536 --> 01:28:29,696 Now, here's another refinement. 2136 01:28:29,696 --> 01:28:33,096 In my form line there, action equals PHP_SELF, 2137 01:28:33,546 --> 01:28:35,546 it's also been a little short-sided of me 2138 01:28:35,796 --> 01:28:41,636 to hard-code the name of my destinations into my HTML. 2139 01:28:42,386 --> 01:28:46,756 Why? Why is it been arguably bad practice to say action equals 2140 01:28:46,756 --> 01:28:48,346 "froshims4".php and so forth? 2141 01:28:48,346 --> 01:28:50,526 >> Only if you want to rename the PHP file, 2142 01:28:50,526 --> 01:28:51,666 you have to change it. 2143 01:28:53,596 --> 01:28:54,456 >> Exactly. 2144 01:28:54,456 --> 01:28:55,566 If you have to rename-- 2145 01:28:55,566 --> 01:28:58,596 if you decide to reorganize your file system in your folders 2146 01:28:58,596 --> 01:29:01,186 and what not, and you rename files, now your code is broken 2147 01:29:01,406 --> 01:29:03,726 until you also open up your file 2148 01:29:03,726 --> 01:29:05,286 and change the file names inside. 2149 01:29:05,576 --> 01:29:06,706 So in the interest of, frankly, 2150 01:29:06,706 --> 01:29:08,606 making your life easier long-term, 2151 01:29:08,816 --> 01:29:12,606 hard-coding file names and paths and URLs and code, bad idea. 2152 01:29:12,856 --> 01:29:15,556 You should minimally factor it out to like constants 2153 01:29:15,556 --> 01:29:16,986 or variables that are used 2154 01:29:16,986 --> 01:29:21,116 as configurations throughout your files, or just don't do it 2155 01:29:21,116 --> 01:29:22,946 at all and figured out dynamically 2156 01:29:22,946 --> 01:29:27,406 with for instance certain server variables and things 2157 01:29:27,406 --> 01:29:29,536 like the server-- superglobal. 2158 01:29:30,186 --> 01:29:31,586 All right, so that's pretty neat. 2159 01:29:31,896 --> 01:29:34,156 So let's take this one step further to. 2160 01:29:34,156 --> 01:29:38,616 Let me open up version 2 of this, login2.php. 2161 01:29:38,616 --> 01:29:41,596 And what we did not do last time? 2162 01:29:41,596 --> 01:29:44,766 What we didn't do for any repopulation 2163 01:29:45,216 --> 01:29:47,226 so is this right or wrong? 2164 01:29:47,746 --> 01:29:50,636 It feels like I've still made a little mistake here. 2165 01:29:52,076 --> 01:29:53,516 Again, be super proper. 2166 01:29:54,306 --> 01:29:54,416 Yeah? 2167 01:29:54,876 --> 01:29:56,286 >> It doesn't check if user existed. 2168 01:29:56,836 --> 01:29:57,286 >> Exactly. 2169 01:29:57,286 --> 01:29:59,126 I made the same newbie mistake as before. 2170 01:29:59,126 --> 01:30:00,946 I didn't check if that variable was set. 2171 01:30:00,946 --> 01:30:01,976 So I have a couple of options. 2172 01:30:02,046 --> 01:30:02,756 So I have a couple of options. 2173 01:30:02,756 --> 01:30:05,246 I could put an at sign in front of the POST variable. 2174 01:30:05,246 --> 01:30:11,166 I can do an isset in front of the-- I have to get rid of the-- 2175 01:30:11,166 --> 01:30:13,796 well, I can do an if condition in there. 2176 01:30:14,116 --> 01:30:18,906 I can do the check outside the scope of that HTML variable. 2177 01:30:18,906 --> 01:30:20,646 The same story we told earlier in the context 2178 01:30:20,646 --> 01:30:23,116 of Frosh IMs, same issue here. 2179 01:30:24,236 --> 01:30:25,586 So beware, that kind of thing, 2180 01:30:25,586 --> 01:30:27,006 otherwise we're going to trigger a notice. 2181 01:30:27,416 --> 01:30:28,926 All right, but I think we can still clean this 2182 01:30:28,926 --> 01:30:29,936 up a little bit more. 2183 01:30:29,936 --> 01:30:33,646 And let me go ahead and open up not version 2 but version 3. 2184 01:30:34,196 --> 01:30:35,426 And in this case here, 2185 01:30:35,696 --> 01:30:40,066 notice that I'm setting one other thing. 2186 01:30:40,066 --> 01:30:41,556 And now we get to have a slightly more 2187 01:30:41,556 --> 01:30:42,616 technical discussion. 2188 01:30:43,046 --> 01:30:43,976 What else is in here? 2189 01:30:45,406 --> 01:30:45,836 What's new? 2190 01:30:45,836 --> 01:30:49,506 Anyone else, this time? 2191 01:30:53,516 --> 01:30:54,786 OK, soft ball question. 2192 01:30:54,786 --> 01:30:55,626 What line of code is new? 2193 01:30:55,866 --> 01:30:56,046 Yeah? 2194 01:30:56,496 --> 01:30:56,826 >> Setcookie. 2195 01:30:57,086 --> 01:30:58,006 >> OK, so setcookie. 2196 01:30:58,006 --> 01:30:59,156 We haven't seen that before. 2197 01:30:59,336 --> 01:31:01,826 And we have this line here that's saying setcookie 2198 01:31:01,826 --> 01:31:03,276 and then a whole bunch of arguments. 2199 01:31:03,576 --> 01:31:05,996 So, the comment kind of spoils the answer here. 2200 01:31:06,246 --> 01:31:08,416 So save username and cookie for a week. 2201 01:31:08,416 --> 01:31:09,406 Well, what's the point of this? 2202 01:31:09,536 --> 01:31:11,576 Well, it's kind of nice in websites whereby even 2203 01:31:11,576 --> 01:31:14,216 if you're logged out because you've waited too many days 2204 01:31:14,216 --> 01:31:16,956 to return to the site or it just doesn't remember 2205 01:31:16,956 --> 01:31:18,406 that you're logged in for very long. 2206 01:31:18,726 --> 01:31:19,866 It's kind of nice if I don't have 2207 01:31:19,866 --> 01:31:21,306 to type my username the next time 2208 01:31:21,306 --> 01:31:22,996 but I do still have to type my password. 2209 01:31:23,326 --> 01:31:26,216 Now thus far, we have pre-filled our forms 2210 01:31:26,466 --> 01:31:28,046 by using what's in POST. 2211 01:31:28,326 --> 01:31:31,616 Now obviously, if I visit a website for the first time today 2212 01:31:31,976 --> 01:31:34,946 and I've not submitted a form, there's nothing in POST. 2213 01:31:35,226 --> 01:31:37,216 But if you still want to remember the user, 2214 01:31:37,516 --> 01:31:40,426 you might have the forethought to store 2215 01:31:40,426 --> 01:31:42,506 on their computer, a cookie. 2216 01:31:42,786 --> 01:31:45,286 And a cookie is just a little file stored in RAM 2217 01:31:45,286 --> 01:31:48,336 or on the user's hard drive that can store key value pairs, 2218 01:31:48,536 --> 01:31:51,006 maybe their name, maybe their email address, 2219 01:31:51,006 --> 01:31:53,176 or really maybe just a big random numbers, 2220 01:31:53,176 --> 01:31:54,286 generally best practice. 2221 01:31:54,676 --> 01:31:58,926 So, in this case, I'm literally storing a key called user. 2222 01:31:59,286 --> 01:32:01,166 And what's the value of that key apparently? 2223 01:32:01,806 --> 01:32:01,906 Yeah? 2224 01:32:02,456 --> 01:32:07,376 >> Well, it's whatever the user has posted as user. 2225 01:32:07,376 --> 01:32:09,626 >> Whatever the user has posted as their username. 2226 01:32:09,866 --> 01:32:14,476 So-- And then this, time returns the current time in seconds 2227 01:32:14,476 --> 01:32:20,346 from January 1st, 1970, times 7 times 24 times 60 times 60. 2228 01:32:20,346 --> 01:32:21,196 Why all that math? 2229 01:32:21,516 --> 01:32:23,336 Well, we needed to be in seconds. 2230 01:32:23,646 --> 01:32:27,276 So we go 7 days times 24 hours times 60 minutes times 2231 01:32:27,276 --> 01:32:27,936 60 seconds. 2232 01:32:28,236 --> 01:32:30,786 And that gives us the appropriate third argument, 2233 01:32:30,786 --> 01:32:34,116 to setcookie which means make this cookie live for a week 2234 01:32:34,516 --> 01:32:35,776 in terms of the number of seconds 2235 01:32:35,816 --> 01:32:36,626 that are appropriate there. 2236 01:32:36,976 --> 01:32:39,166 The rest of this file is identical to before. 2237 01:32:39,376 --> 01:32:41,456 So it's kind interesting now to see the cookies. 2238 01:32:41,456 --> 01:32:43,646 So let's see if this thing actually works. 2239 01:32:43,646 --> 01:32:46,136 Let me go to login3. 2240 01:32:46,596 --> 01:32:50,716 And here we have-- oops, what did I do here? 2241 01:32:50,716 --> 01:32:53,176 On the front user and up-- now I see what I did. 2242 01:32:53,366 --> 01:32:56,486 Line 53, let's fix this real fast. 2243 01:32:57,886 --> 01:33:00,146 Isset user. 2244 01:33:00,666 --> 01:33:05,176 Down here, isset POST to user. 2245 01:33:10,296 --> 01:33:13,066 Cheating. All right, quick fix. 2246 01:33:13,596 --> 01:33:16,056 Do as I say not as I do. 2247 01:33:16,056 --> 01:33:17,626 So, here we have our same form. 2248 01:33:17,626 --> 01:33:19,096 So let's do jharvard. 2249 01:33:19,596 --> 01:33:20,536 Lets' do crimson. 2250 01:33:20,856 --> 01:33:22,656 Log in. OK, that's pretty cool. 2251 01:33:22,896 --> 01:33:26,006 And now let me go back to version 3. 2252 01:33:26,006 --> 01:33:26,996 Oh, that's convenient. 2253 01:33:27,366 --> 01:33:30,696 So again, just because I've visited this page, 2254 01:33:30,696 --> 01:33:31,816 I've not submitted a form. 2255 01:33:32,146 --> 01:33:35,446 But I'd still somehow has pre-populated the username field 2256 01:33:35,446 --> 01:33:37,686 with jharvard, so that must have come from a cookie. 2257 01:33:37,686 --> 01:33:40,276 So let's actually see how this is working underneath the hood. 2258 01:33:40,606 --> 01:33:44,646 So let me go ahead and first, clear all of my-- 2259 01:33:44,786 --> 01:33:50,136 oops, let me go ahead here and clear all of my cookies. 2260 01:33:51,116 --> 01:33:54,226 So let's see settings, history. 2261 01:33:55,516 --> 01:34:03,176 Clear all the history, just so we have get rid 2262 01:34:03,176 --> 01:34:04,506 of all the cookies involved. 2263 01:34:04,886 --> 01:34:07,156 And now let me go ahead and open a new Chrome. 2264 01:34:07,156 --> 01:34:09,856 Oops, let me open a new Chrome window. 2265 01:34:10,516 --> 01:34:21,216 [ Pause ] 2266 01:34:21,716 --> 01:34:22,456 Here we go. 2267 01:34:23,596 --> 01:34:25,716 Let me open a new Chrome window here. 2268 01:34:27,186 --> 01:34:31,716 And let me first open up the developer toolbar at the bottom 2269 01:34:32,116 --> 01:34:34,096 and let me look at the network tab. 2270 01:34:34,096 --> 01:34:35,996 And now I'm going to paste in this URL. 2271 01:34:35,996 --> 01:34:36,606 So here we go. 2272 01:34:36,606 --> 01:34:39,316 Enter. And notice that I've visited this page. 2273 01:34:39,576 --> 01:34:40,956 Let's quickly look at the headers 2274 01:34:40,956 --> 01:34:42,396 that just came across the wire. 2275 01:34:42,866 --> 01:34:47,716 So, response headers, what has been sent from the server 2276 01:34:47,776 --> 01:34:49,766 that we haven't really seen before? 2277 01:34:50,356 --> 01:34:54,026 At least we didn't see last week. 2278 01:34:54,886 --> 01:34:56,286 Response headers are down here. 2279 01:34:56,886 --> 01:34:58,076 What's looks new to us today? 2280 01:34:58,076 --> 01:34:59,496 And what's probably relevant? 2281 01:34:59,496 --> 01:34:59,716 Axel? 2282 01:34:59,716 --> 01:35:03,036 >> It could be setcookie session ID. 2283 01:35:03,036 --> 01:35:04,086 >> Yeah, so that's interesting. 2284 01:35:04,086 --> 01:35:06,206 Setcookie with PHPSESSID. 2285 01:35:06,406 --> 01:35:08,366 There's this stupid line, X-Powered-By. 2286 01:35:08,366 --> 01:35:10,356 So all these various web frameworks tend 2287 01:35:10,356 --> 01:35:11,916 to tell the whole world what you're running. 2288 01:35:12,276 --> 01:35:14,636 It's not the best practice because one, it's-- 2289 01:35:14,636 --> 01:35:17,236 you're telling the world you use PHP and specifically, 2290 01:35:17,236 --> 01:35:19,956 you're telling them to use php5.3.13. 2291 01:35:20,306 --> 01:35:21,046 Why is this bad? 2292 01:35:21,816 --> 01:35:22,506 Think paranoid. 2293 01:35:22,766 --> 01:35:22,956 Jack? 2294 01:35:23,216 --> 01:35:25,986 >> It would say there's a problem with 5.3.13 2295 01:35:26,096 --> 01:35:29,946 that specifically for bug 5.3.13, someone could come by 2296 01:35:29,946 --> 01:35:32,056 and find websites that are running back version 2297 01:35:32,056 --> 01:35:32,976 and break it. 2298 01:35:32,976 --> 01:35:33,546 >> Exactly. 2299 01:35:33,546 --> 01:35:35,306 Right, this is a newbie mistake whereby 2300 01:35:35,306 --> 01:35:37,396 if you leave this information on, 2301 01:35:37,826 --> 01:35:38,986 you are telling the whole world, 2302 01:35:38,986 --> 01:35:40,156 not only what language you're using 2303 01:35:40,156 --> 01:35:41,186 but what version you're using. 2304 01:35:41,186 --> 01:35:45,346 And as Jack says, if there is a bug discovered in php5.3.13, 2305 01:35:45,626 --> 01:35:47,586 you just told the whole world, I am vulnerable. 2306 01:35:47,586 --> 01:35:49,716 And you've told anyone who's ever visited your site that. 2307 01:35:50,126 --> 01:35:53,736 So as an aside and we leave this on to be clear 2308 01:35:53,996 --> 01:35:54,986 for exactly that purpose. 2309 01:35:54,986 --> 01:35:57,756 So we can have the conversation and it is a virtual machine. 2310 01:35:57,756 --> 01:36:00,466 It's not only internet so it's not a big deal in this context. 2311 01:36:00,736 --> 01:36:03,636 But let me go ahead and open that file again, php.ini. 2312 01:36:04,906 --> 01:36:06,956 And let me search for the word expose. 2313 01:36:07,706 --> 01:36:09,496 And the fact that that happens is all 2314 01:36:09,496 --> 01:36:13,126 because of this silly line here, expose php=on, all you have 2315 01:36:13,126 --> 01:36:16,656 to do is turn it to off and then restart the web server. 2316 01:36:16,656 --> 01:36:18,566 So let's actually do that. 2317 01:36:18,786 --> 01:36:21,596 Let me change this to off and then save it. 2318 01:36:22,046 --> 01:36:24,356 Now it's not enough to reload the browser, I actually have 2319 01:36:24,386 --> 01:36:30,726 to go back here to the-- I have to go back here to my window 2320 01:36:30,726 --> 01:36:34,156 and say service httpd restart. 2321 01:36:34,586 --> 01:36:36,666 So, service httpd restart. 2322 01:36:36,766 --> 01:36:37,886 We'll literally do just that. 2323 01:36:37,886 --> 01:36:39,136 It will restart the web server. 2324 01:36:39,136 --> 01:36:40,276 It might take a second or so. 2325 01:36:40,276 --> 01:36:41,286 And there it says OK. 2326 01:36:41,556 --> 01:36:43,116 Now, let's go back over here. 2327 01:36:43,416 --> 01:36:45,836 Let me go ahead and reload the page. 2328 01:36:46,266 --> 01:36:49,176 And now, we have this here, response headers, 2329 01:36:49,236 --> 01:36:50,476 notice what is now gone. 2330 01:36:51,296 --> 01:36:52,116 Any mention of PHP. 2331 01:36:52,116 --> 01:36:54,086 Now, there's still another problem. 2332 01:36:54,156 --> 01:36:55,346 We're still telling the world what? 2333 01:36:56,026 --> 01:36:56,256 >> Apache. 2334 01:36:56,606 --> 01:36:57,236 >> Apache. 2335 01:36:57,286 --> 01:36:59,276 So where are we going to fix that? 2336 01:36:59,596 --> 01:37:01,286 >> In httpd.conf. 2337 01:37:01,286 --> 01:37:02,576 It's not called expose there. 2338 01:37:02,576 --> 01:37:04,336 It's a different variable but the same idea. 2339 01:37:04,336 --> 01:37:06,686 So, may be good for development so you remember-- 2340 01:37:06,686 --> 01:37:08,556 you know easily what versions you're running. 2341 01:37:08,856 --> 01:37:10,316 But frankly, this is mostly marketing. 2342 01:37:10,426 --> 01:37:13,326 And it's for the worst of everyone's security all around. 2343 01:37:13,866 --> 01:37:14,256 All right. 2344 01:37:14,366 --> 01:37:20,906 So, what is noticeably absent here is there's no setcookie 2345 01:37:20,906 --> 01:37:21,476 this time. 2346 01:37:21,616 --> 01:37:23,396 But there is if you look up higher. 2347 01:37:23,396 --> 01:37:26,346 What header being sent from the browser to the server? 2348 01:37:26,566 --> 01:37:26,806 Jack? 2349 01:37:26,806 --> 01:37:27,886 >> There is already a cookie. 2350 01:37:28,146 --> 01:37:30,466 >> Yeah. So there's cookie and I wager, 2351 01:37:30,466 --> 01:37:34,336 I didn't pay too close last time but I'd wager that the value 2352 01:37:34,376 --> 01:37:39,406 of PHPSESSID is the same as was in the setcookie header earlier. 2353 01:37:39,556 --> 01:37:41,286 And this is indeed how cookies work. 2354 01:37:41,286 --> 01:37:44,636 So how do you implement state in HTTP 2355 01:37:44,756 --> 01:37:46,816 which itself is a stateless protocol? 2356 01:37:46,816 --> 01:37:48,786 And by stateless, I mean, essentially this, 2357 01:37:49,096 --> 01:37:50,396 you go to-- open a browser. 2358 01:37:50,506 --> 01:37:52,566 And most of the browser these days have come some kind 2359 01:37:52,566 --> 01:37:54,486 of spinning icon whenever you visit a webpage, 2360 01:37:54,486 --> 01:37:56,216 whether it's a globe or a circle or some kind 2361 01:37:56,216 --> 01:37:58,016 of progress bar even on mobile devices. 2362 01:37:58,336 --> 01:38:01,146 But then as soon as the webpage stops loading and is done, 2363 01:38:01,466 --> 01:38:03,896 that little spinning or whatever it is stops too. 2364 01:38:03,896 --> 01:38:07,106 And the implication is that your network connection most likely 2365 01:38:07,226 --> 01:38:09,106 has been closed, in other words, 2366 01:38:09,106 --> 01:38:12,416 you are no longer using any internet traffic to and from 2367 01:38:12,416 --> 01:38:15,016 that web server once the spinning has stopped. 2368 01:38:15,226 --> 01:38:17,456 Now, that's a bit of an oversimplification, Gmail, 2369 01:38:17,456 --> 01:38:20,846 Google Calendar, Facebook, and Twitter and all these websites 2370 01:38:20,846 --> 01:38:23,236 that use AJAX could very well keep 2371 01:38:23,236 --> 01:38:24,996 to be talking behind the scenes. 2372 01:38:25,196 --> 01:38:28,356 But for normal websites that's not so fancy, 2373 01:38:28,646 --> 01:38:29,796 the connection is closed. 2374 01:38:29,976 --> 01:38:32,796 Now again, how do you remember that the user has logged in? 2375 01:38:33,066 --> 01:38:35,526 Well, you have to tell them-- you have to stamp their hand 2376 01:38:35,846 --> 01:38:38,276 so that earlier when we saw the setcookie header 2377 01:38:38,566 --> 01:38:42,946 and it said setcookie PHPSESSID equals c5ujm8 whatever, 2378 01:38:43,386 --> 01:38:46,226 that was like the guy at the carnival or the club 2379 01:38:46,226 --> 01:38:49,656 or whatever, stamping your hand with a big random number. 2380 01:38:50,016 --> 01:38:52,786 Now, the server meanwhile stores 2381 01:38:52,786 --> 01:38:54,946 that same big random number somewhere 2382 01:38:54,946 --> 01:38:56,416 in the database, in a file. 2383 01:38:56,416 --> 01:38:59,716 But it somehow remembers that it has allocated a user out there, 2384 01:38:59,716 --> 01:39:00,686 that big random number. 2385 01:39:01,306 --> 01:39:06,026 Because you are a browser and you implement HTTP version 1.1, 2386 01:39:06,596 --> 01:39:10,296 you have agreed by nature of agreeing to this protocol, 2387 01:39:10,616 --> 01:39:13,546 to show that hand stamp every time you come back. 2388 01:39:13,546 --> 01:39:15,156 So we talked on Monday about the simple idea 2389 01:39:15,156 --> 01:39:17,636 of a protocol two humans meet each other, hello, how are you, 2390 01:39:17,636 --> 01:39:19,296 you shake hands, totally human convention. 2391 01:39:19,716 --> 01:39:20,556 Same idea with HTTP. 2392 01:39:20,556 --> 01:39:24,646 When you have been set a cookie, you should then show cookie, 2393 01:39:24,946 --> 01:39:27,416 cookie, cookie every time you go back to visit 2394 01:39:27,416 --> 01:39:28,626 that same domain name. 2395 01:39:28,816 --> 01:39:31,956 And that's exactly what Chrome has done here for me. 2396 01:39:32,576 --> 01:39:33,996 So why is that relevant? 2397 01:39:34,326 --> 01:39:37,306 Well, now, think about what the server is doing. 2398 01:39:37,306 --> 01:39:41,056 It turns out in PHP what the server typically does is this. 2399 01:39:41,056 --> 01:39:43,056 Let me go back to my terminal window. 2400 01:39:43,056 --> 01:39:45,146 Let me go into a directory called temp. 2401 01:39:45,566 --> 01:39:49,276 And notice that there's a couple files here on white. 2402 01:39:50,186 --> 01:39:51,496 Do any of these look familiar? 2403 01:39:51,496 --> 01:39:53,556 >> The top one. 2404 01:39:53,726 --> 01:39:54,706 >> Yeah, the top one. 2405 01:39:54,876 --> 01:39:56,466 You know, I didn't memorize the whole thing 2406 01:39:56,466 --> 01:39:59,266 but I remember c5ujm8 whatever. 2407 01:39:59,736 --> 01:40:04,936 That is a simple little file called SESS_ and then PHPSESSID. 2408 01:40:05,086 --> 01:40:07,256 It's the same exact value is on the browser. 2409 01:40:07,496 --> 01:40:11,226 So it's turns up by the default, PHP, to remember the contents 2410 01:40:11,226 --> 01:40:13,676 of your session superglobal, simple stores them 2411 01:40:13,676 --> 01:40:15,906 in this silly little file on disk. 2412 01:40:16,186 --> 01:40:18,776 And every time, you, the programmer, add something 2413 01:40:18,776 --> 01:40:21,856 to $_SESSION, it gets saved to disk there, 2414 01:40:22,216 --> 01:40:25,226 so that the next time the user visits your web page 2415 01:40:25,406 --> 01:40:27,896 and they show their hand stamp, by sending the cookie header, 2416 01:40:28,266 --> 01:40:31,456 PHP on the server quickly opens that file 2417 01:40:31,456 --> 01:40:32,596 in the temporary directory. 2418 01:40:32,886 --> 01:40:35,136 Grabs all the key value pairs inside of it, 2419 01:40:35,136 --> 01:40:37,626 puts them in the superglobal called session, 2420 01:40:37,836 --> 01:40:39,646 and then gives you the developer access 2421 01:40:39,956 --> 01:40:41,186 to those very same values. 2422 01:40:41,426 --> 01:40:43,446 This is known, generally, as serialization. 2423 01:40:43,646 --> 01:40:46,436 You're taking some in memory, key value pairs 2424 01:40:46,746 --> 01:40:49,956 and serializing them to disk, which is a little expensive 2425 01:40:49,956 --> 01:40:51,096 to go back and forth to disk, 2426 01:40:51,096 --> 01:40:54,396 which tends to be a slow mechanism but it ensures 2427 01:40:54,396 --> 01:40:56,186 that you will have access 2428 01:40:56,186 --> 01:40:58,756 to those same values again and again and again. 2429 01:40:59,416 --> 01:41:01,696 So let's see what actually gets stored. 2430 01:41:01,696 --> 01:41:04,636 Let me go back to Chrome and let me actually log 2431 01:41:04,636 --> 01:41:06,816 in as before jharvard crimson. 2432 01:41:07,486 --> 01:41:11,066 Log in. And now, let's notice when I went 2433 01:41:11,066 --> 01:41:14,966 to login3 here, what else was set? 2434 01:41:15,896 --> 01:41:19,806 So notice at the top, request headers. 2435 01:41:19,986 --> 01:41:22,106 Notice I set my hands stamp. 2436 01:41:22,276 --> 01:41:24,776 I sent it, because I visited the domain again. 2437 01:41:25,096 --> 01:41:27,026 Here's the form data, jharvard crimson. 2438 01:41:27,026 --> 01:41:28,036 That's just the POST. 2439 01:41:28,246 --> 01:41:30,156 And now down here is the response headers. 2440 01:41:30,156 --> 01:41:31,176 Looks what's new this time. 2441 01:41:31,526 --> 01:41:31,846 Jack? 2442 01:41:34,616 --> 01:41:36,366 >> There's a setcookie. 2443 01:41:36,586 --> 01:41:37,736 >> Yeah, another setcookie. 2444 01:41:37,736 --> 01:41:41,656 This one is named user value which is jharvard. 2445 01:41:41,656 --> 01:41:42,516 And when does it expire? 2446 01:41:42,516 --> 01:41:44,196 Looks like about a week from now. 2447 01:41:44,646 --> 01:41:46,886 So that's exactly what we send to the server. 2448 01:41:46,886 --> 01:41:49,576 Now, the convention is not to send a big number of time stamp, 2449 01:41:49,576 --> 01:41:51,696 it actually sends a date formatted in this fashion 2450 01:41:51,696 --> 01:41:53,716 but we didn't have to do the math and figure all of that out. 2451 01:41:54,076 --> 01:41:55,546 So now it's set this cookie, 2452 01:41:55,716 --> 01:41:59,566 so that means subsequently not only will the server give me the 2453 01:41:59,566 --> 01:42:02,646 program or access to the session superglobal. 2454 01:42:02,646 --> 01:42:06,766 What was the other superglobal we knew was coming that's 2455 01:42:06,766 --> 01:42:07,816 related to this stuff now? 2456 01:42:08,906 --> 01:42:12,476 Not session, not get, not post, but cookie is 2457 01:42:12,476 --> 01:42:15,216 yet another superglobal that contains all 2458 01:42:15,216 --> 01:42:16,516 of the cookies that you have said. 2459 01:42:16,516 --> 01:42:19,626 It doesn't contain PHPSESSID-- actually, maybe it does. 2460 01:42:19,626 --> 01:42:23,596 It might also contain that but it also contains all 2461 01:42:23,596 --> 01:42:25,386 of the cookies that you have set manually 2462 01:42:25,386 --> 01:42:27,456 with a function called setcookie. 2463 01:42:28,526 --> 01:42:31,426 So now what would be kind of interesting? 2464 01:42:32,356 --> 01:42:33,896 What about that temporary file? 2465 01:42:34,036 --> 01:42:36,316 Let me go over here to my terminal window. 2466 01:42:36,806 --> 01:42:38,906 Let me copy the name because I'll never remember the 2467 01:42:38,906 --> 01:42:39,456 whole thing. 2468 01:42:40,086 --> 01:42:42,276 Let me do gedit which is my text editor. 2469 01:42:42,566 --> 01:42:43,396 Paste that in. 2470 01:42:43,446 --> 01:42:46,866 Enter. And this is what PHP stored on disk. 2471 01:42:46,866 --> 01:42:51,086 And in this case, notice that-- what's in there? 2472 01:42:51,356 --> 01:42:55,056 It's not really the cookie values, it's not jharvard 2473 01:42:55,056 --> 01:42:56,096 because that was sent to the client. 2474 01:42:56,646 --> 01:43:00,396 I stored authenticated true in my session object 2475 01:43:00,566 --> 01:43:02,346 so this is how you apparently, 2476 01:43:02,576 --> 01:43:06,396 serialize a Boolean value in PHP. 2477 01:43:06,396 --> 01:43:09,176 Now normally you-- we humans would not look at this file. 2478 01:43:09,176 --> 01:43:10,946 This is kind of implementation detail 2479 01:43:10,946 --> 01:43:13,786 that only PHP should care about, but you can infer from this 2480 01:43:13,856 --> 01:43:17,126 that apparently you serialize a Boolean by writing its name, 2481 01:43:17,486 --> 01:43:19,476 a vertical bar, what is B probably mean? 2482 01:43:19,826 --> 01:43:20,066 >> Boolean 2483 01:43:20,236 --> 01:43:22,636 >> Boolean, colon, and then the value is 1 2484 01:43:22,846 --> 01:43:25,696 and then semicolon means that's the end of this value. 2485 01:43:25,696 --> 01:43:26,666 If we had more values, 2486 01:43:26,696 --> 01:43:28,706 they would just be appended again, and again, and again. 2487 01:43:28,926 --> 01:43:30,436 So that's all that's going on here. 2488 01:43:30,436 --> 01:43:33,356 And it's turns out you can move this to from disk 2489 01:43:33,356 --> 01:43:34,666 to a database if you want. 2490 01:43:34,896 --> 01:43:36,576 But, generally, sessions are implemented 2491 01:43:36,576 --> 01:43:38,186 in exactly, that way. 2492 01:43:38,786 --> 01:43:42,876 Any question on sessions or how 2493 01:43:42,876 --> 01:43:45,066 that particular feature was achieved? 2494 01:43:46,516 --> 01:43:51,566 [ Inaudible Remark ] 2495 01:43:52,066 --> 01:43:54,126 Good question. 2496 01:43:54,126 --> 01:43:58,546 Where is the information, jharvard and crimson stored? 2497 01:43:58,806 --> 01:44:00,906 It is not stored in the session at all. 2498 01:44:01,216 --> 01:44:04,276 All that the login file storing in session is what? 2499 01:44:04,936 --> 01:44:08,596 Just this Boolean value, authenticated. 2500 01:44:08,796 --> 01:44:11,766 So in this model, we have forgotten who has logged in 2501 01:44:12,106 --> 01:44:15,056 but we have to remember that someone has logged in. 2502 01:44:15,056 --> 01:44:16,306 So what is stored in the session? 2503 01:44:16,306 --> 01:44:20,266 Only authenticated equals true, that's it. 2504 01:44:21,016 --> 01:44:22,966 We could store jharvard's name. 2505 01:44:23,186 --> 01:44:25,196 And in fact, why don't we do a little tweak here, 2506 01:44:25,196 --> 01:44:26,286 just to make this more clear. 2507 01:44:26,286 --> 01:44:30,536 So in login3 in my setcookie line, I'm going to go ahead 2508 01:44:30,726 --> 01:44:34,376 and do-- near my setcookie line, I'm going to do this, 2509 01:44:34,426 --> 01:44:39,266 SESSION user=$_POST"user". 2510 01:44:39,396 --> 01:44:40,886 So let's add this line here. 2511 01:44:40,886 --> 01:44:45,976 And then let me also open home.php and get really fancy 2512 01:44:46,396 --> 01:44:52,316 and say You are logged,htmlspecialchars-- 2513 01:44:52,476 --> 01:44:55,306 just for good measure, I don't want to do post here 2514 01:44:55,306 --> 01:44:56,806 because it's not coming from there, it's going to come 2515 01:44:56,806 --> 01:45:02,116 from session, user close quote, exclamation point. 2516 01:45:02,566 --> 01:45:03,876 So now let's re-login. 2517 01:45:03,876 --> 01:45:04,916 Let me go back here. 2518 01:45:05,696 --> 01:45:06,736 Let me close this. 2519 01:45:07,276 --> 01:45:12,976 Log out. Log in to version 3, jharvard crimson. 2520 01:45:13,396 --> 01:45:15,386 And just to be clear, when I hit log in, 2521 01:45:15,696 --> 01:45:17,976 it's going to be submitted to login3.php. 2522 01:45:17,976 --> 01:45:19,716 What two session variable are 2523 01:45:19,716 --> 01:45:21,076 about to be set when I hit Submit? 2524 01:45:21,076 --> 01:45:24,346 >> Authenticated and user. 2525 01:45:24,466 --> 01:45:26,216 >> Good. Authenticated and user. 2526 01:45:26,476 --> 01:45:29,496 And those should be set to true and jharvard respectively. 2527 01:45:29,726 --> 01:45:31,266 Log in. Nice. 2528 01:45:31,816 --> 01:45:33,546 So notice now I have remembered more. 2529 01:45:33,546 --> 01:45:37,326 So if I go back this text file on disk and notice what is looks 2530 01:45:37,326 --> 01:45:40,196 like now, now we have two values. 2531 01:45:40,606 --> 01:45:42,036 Starting to look a little more cryptic 2532 01:45:42,036 --> 01:45:43,156 because this is not Boolean. 2533 01:45:43,156 --> 01:45:46,866 But notice after the semicolon now, is user vertical bar S, 2534 01:45:46,866 --> 01:45:50,016 which fully stands for string:8 2535 01:45:50,016 --> 01:45:53,746 which is the length of "jharvard". 2536 01:45:53,906 --> 01:45:56,786 So that's what's now stored there. 2537 01:45:56,946 --> 01:46:01,166 So, again, session is server side, cookie client side. 2538 01:46:02,396 --> 01:46:05,136 So, why remember server side that the user's logged in? 2539 01:46:05,526 --> 01:46:08,596 In this way, well, you want the server to be dictating whether 2540 01:46:08,596 --> 01:46:12,696 or not a user can see a flat page like home.php. 2541 01:46:12,696 --> 01:46:14,516 So, now, there is a security implication here. 2542 01:46:14,516 --> 01:46:16,026 And we'll spend more time on time on this later 2543 01:46:16,026 --> 01:46:17,906 in the semester, but the fact 2544 01:46:17,996 --> 01:46:22,906 that cookies underlie my sessions, 2545 01:46:23,386 --> 01:46:25,536 has kind of some non-trivial security implications 2546 01:46:25,536 --> 01:46:27,566 that we talked about very briefly last week. 2547 01:46:28,156 --> 01:46:33,136 What could a bad guy do with this cookie's potentially, yeah? 2548 01:46:33,746 --> 01:46:37,026 >> They're sent forward and backwards [inaudible] server 2549 01:46:37,076 --> 01:46:39,526 so if anybody would intercept that traffic, 2550 01:46:39,526 --> 01:46:42,666 they would be able to-- they would be able to get to be 2551 01:46:42,846 --> 01:46:44,756 on their computer and [inaudible] the same session. 2552 01:46:45,066 --> 01:46:45,746 >> Exactly. 2553 01:46:45,746 --> 01:46:48,466 These cookies as we've just seen, we sniffed my own traffic 2554 01:46:48,466 --> 01:46:50,716 with Chromes' little developer toolbar, 2555 01:46:50,716 --> 01:46:52,776 and we see that setcookie is sent in the clear, 2556 01:46:53,046 --> 01:46:54,596 cookie is sent in the clear. 2557 01:46:54,596 --> 01:46:56,816 And so that really is like walking back into a club 2558 01:46:56,816 --> 01:46:59,146 or an amusement park just holding your hand stamp 2559 01:46:59,186 --> 01:47:02,206 for the whole world to see and it all takes is someone to look 2560 01:47:02,206 --> 01:47:05,476 over and write down whatever unique number is on your hand 2561 01:47:05,736 --> 01:47:08,666 for him or her to then stamp their own hands and walk 2562 01:47:08,666 --> 01:47:10,566 to the door as well as you. 2563 01:47:10,836 --> 01:47:13,466 So, the fundamental problem here with sessions is 2564 01:47:13,466 --> 01:47:16,666 that the server is remembering that the client is logged in, 2565 01:47:16,666 --> 01:47:18,866 just by trusting the client to pass 2566 01:47:19,146 --> 01:47:21,296 that same big random number. 2567 01:47:21,296 --> 01:47:24,856 Now, odds are if I'm the bad guy, the odds that I'm going 2568 01:47:24,856 --> 01:47:30,916 to guess a number like c5ugm8vk97, I mean, is very, 2569 01:47:30,916 --> 01:47:32,846 very unlikely that I, the bad guy, 2570 01:47:32,846 --> 01:47:35,346 going to guess what your sessions ID is. 2571 01:47:35,626 --> 01:47:38,836 But my God, I can just sniff it by using my wireless laptop 2572 01:47:38,836 --> 01:47:41,296 and special software to sniff all the bits that are flowing 2573 01:47:41,296 --> 01:47:43,066 around the air right here on this room 2574 01:47:43,066 --> 01:47:44,556 or Starbucks or in an airport. 2575 01:47:44,916 --> 01:47:46,746 So, this is very dangerous. 2576 01:47:46,746 --> 01:47:51,496 So what's the potential solution here, to this fundamental treat? 2577 01:47:52,416 --> 01:47:52,506 Yeah? 2578 01:47:53,016 --> 01:47:54,446 [ Inaudible Remark ] 2579 01:47:54,446 --> 01:47:54,786 So, HTTPS. 2580 01:47:54,786 --> 01:47:56,906 We talked briefly about that last week 2581 01:47:56,906 --> 01:48:01,996 but HTTPS encrypts your request as well as the HTTP headers. 2582 01:48:02,256 --> 01:48:04,756 And that alone is a huge leap forward. 2583 01:48:04,756 --> 01:48:08,526 So we could still, just to be clear, even if we using HTTPS, 2584 01:48:08,526 --> 01:48:11,526 we, the developer or the user, we could use Chrome 2585 01:48:11,526 --> 01:48:14,826 and still sniff our own traffic but no one else between point A 2586 01:48:14,826 --> 01:48:18,656 and B could do that because HTTPS would be involved. 2587 01:48:18,976 --> 01:48:20,706 Now, even so, there are some attacks, 2588 01:48:20,706 --> 01:48:22,756 you can wages on SSL of HTTPS. 2589 01:48:22,756 --> 01:48:24,736 If you were curios, recall 2590 01:48:24,736 --> 01:48:26,526 that on the lecture's page from last Wednesday. 2591 01:48:26,526 --> 01:48:30,156 I did post a deck of slides from a fellow who give a presentation 2592 01:48:30,156 --> 01:48:31,506 at the conference a couple years ago. 2593 01:48:31,746 --> 01:48:33,456 It's actually quite fascinating to read 2594 01:48:33,456 --> 01:48:35,286 and will completely make you distrust 2595 01:48:35,286 --> 01:48:36,966 in the entire infrastructure that we have here 2596 01:48:36,966 --> 01:48:39,876 on the internet but it's also very technically interesting 2597 01:48:39,966 --> 01:48:40,486 as well. 2598 01:48:41,266 --> 01:48:43,016 All right, any questions? 2599 01:48:43,676 --> 01:48:48,646 All right, let's look at one last log in the example here. 2600 01:48:48,646 --> 01:48:49,536 Version 4. 2601 01:48:49,536 --> 01:48:50,966 Let me fix that real fast. 2602 01:48:52,056 --> 01:48:54,966 We're using our same technique, but I won't bother boring you 2603 01:48:54,966 --> 01:48:57,076 by asking again and again how we got it. 2604 01:48:57,076 --> 01:48:58,416 All right. 2605 01:48:58,476 --> 01:49:01,546 So, version 4, looks the same here. 2606 01:49:02,346 --> 01:49:07,166 Login4, where is it? 2607 01:49:12,276 --> 01:49:14,116 Well, actually, let's just look at the code here 2608 01:49:14,296 --> 01:49:16,636 because there is-- this is a program we don't want 2609 01:49:16,636 --> 01:49:18,646 to remember because it is actually quite bad. 2610 01:49:18,886 --> 01:49:21,216 Here's another way of remembering 2611 01:49:21,216 --> 01:49:22,096 that a user has logged in. 2612 01:49:22,636 --> 01:49:29,876 Find fault with this fast. 2613 01:49:30,406 --> 01:49:36,016 Let me reveal a little more on the screen. 2614 01:49:38,696 --> 01:49:41,216 First of all, where am I checking user mane 2615 01:49:41,216 --> 01:49:41,956 and password this time? 2616 01:49:43,526 --> 01:49:43,686 Yes. 2617 01:49:44,466 --> 01:49:45,916 >> From the cookie. 2618 01:49:45,986 --> 01:49:46,746 >> From the cookie. 2619 01:49:46,966 --> 01:49:48,226 OK, instead of from POST. 2620 01:49:48,416 --> 01:49:49,426 And this is nice, right? 2621 01:49:49,426 --> 01:49:50,756 This feels like a convenient. 2622 01:49:50,936 --> 01:49:53,096 I come back to your website after a day 2623 01:49:53,096 --> 01:49:54,216 or two of not being there. 2624 01:49:54,506 --> 01:49:56,086 My cookies are valid for seven days. 2625 01:49:56,326 --> 01:49:58,466 So how do I check that I've logged in again-- 2626 01:49:58,466 --> 01:49:59,726 that I've already logged in? 2627 01:50:00,066 --> 01:50:03,526 Well, we just store the username and password in cookies, 2628 01:50:03,526 --> 01:50:05,876 called the user and pass, and then I'll have access 2629 01:50:05,906 --> 01:50:07,876 to them server side in the cookie superglobal. 2630 01:50:08,566 --> 01:50:09,276 But this is bad. 2631 01:50:10,096 --> 01:50:12,376 Why? Yeah, Isaac. 2632 01:50:12,376 --> 01:50:15,856 >> It's stored on your computer, so anyone-- 2633 01:50:16,036 --> 01:50:16,966 >> But it's my computer. 2634 01:50:17,366 --> 01:50:19,646 Who cares that my username and password are stored 2635 01:50:19,646 --> 01:50:20,796 in my cookie on my computer? 2636 01:50:20,796 --> 01:50:22,996 >> Someone gets to your computer, they can [inaudible] 2637 01:50:22,996 --> 01:50:26,146 into whatever they want. 2638 01:50:26,316 --> 01:50:26,796 >> Exactly. 2639 01:50:26,796 --> 01:50:28,256 So it's-- actually, it's as simple as that. 2640 01:50:28,546 --> 01:50:30,136 I mean, if your machine is compromised 2641 01:50:30,136 --> 01:50:32,896 because you have noisy sibling or a roommate or whatnot 2642 01:50:32,896 --> 01:50:34,666 and they just have to go poking around the files 2643 01:50:34,666 --> 01:50:37,236 on your computer, because cookies are for-- 2644 01:50:37,236 --> 01:50:38,946 when they're persistent for multiple days, 2645 01:50:38,946 --> 01:50:41,376 they don't get stored in RAM, actually gets stored in disk, 2646 01:50:41,616 --> 01:50:43,956 some file, some on your hard drive and it depends 2647 01:50:43,956 --> 01:50:45,916 on what browser you're using, where it is, but it is somewhere 2648 01:50:45,916 --> 01:50:47,716 on your home directory, somewhere buried 2649 01:50:47,716 --> 01:50:50,626 in some seemingly innocuous directory, 2650 01:50:50,626 --> 01:50:52,816 but there could be a lot of juicy stuff in there among 2651 01:50:52,816 --> 01:50:55,866 which might now be your username and password. 2652 01:50:56,406 --> 01:51:00,496 And what else here is a little worrisome? 2653 01:51:04,676 --> 01:51:05,706 Anything else? 2654 01:51:05,866 --> 01:51:05,956 Yeah. 2655 01:51:06,516 --> 01:51:11,386 [ Inaudible Remark ] 2656 01:51:11,886 --> 01:51:13,666 Exactly. If you're not doing over SSL, 2657 01:51:13,666 --> 01:51:15,996 you're just reminding the whole world what your password were. 2658 01:51:15,996 --> 01:51:18,566 It's bad enough if you sent it via post without any encryption. 2659 01:51:18,566 --> 01:51:20,366 Now, you're sending it also via cookie. 2660 01:51:20,636 --> 01:51:23,256 And there's another slightly more arcane attack. 2661 01:51:23,876 --> 01:51:27,206 Recall last week when I did that cross-site scripting attack, 2662 01:51:27,376 --> 01:51:30,366 which was a fancy way of saying I typed a script tag into-- 2663 01:51:31,466 --> 01:51:33,886 >> Someone can edit their own username and password 2664 01:51:33,886 --> 01:51:37,836 and you haven't changed something inside the website. 2665 01:51:37,836 --> 01:51:38,516 >> Good thought. 2666 01:51:38,516 --> 01:51:40,276 Someone can change their own username and password 2667 01:51:40,276 --> 01:51:42,446 and have it edit something in the website, not necessarily. 2668 01:51:42,446 --> 01:51:45,486 Because the server still knows what the correct username 2669 01:51:45,486 --> 01:51:47,746 and password is, so I can't just change my username, 2670 01:51:48,026 --> 01:51:50,226 unless I also change my password to be 2671 01:51:50,226 --> 01:51:52,256 like Jack's username and password. 2672 01:51:52,256 --> 01:51:53,736 But for that, I'd need to know your password. 2673 01:51:53,886 --> 01:51:55,076 Now, again, I could sniff the traffic, 2674 01:51:55,076 --> 01:51:57,146 but that's not a threat scenario here, it seems. 2675 01:51:58,246 --> 01:51:58,906 This one's-- oh, yeah. 2676 01:51:59,566 --> 01:52:01,866 >> Seven day expiration of the password isn't good. 2677 01:52:02,866 --> 01:52:04,246 >> Oh, so the expiration 2678 01:52:04,246 --> 01:52:07,346 of the password is here seven days, why is that not good? 2679 01:52:07,346 --> 01:52:10,526 >> What happens when people change password-- 2680 01:52:10,526 --> 01:52:11,046 >> OK. Good. 2681 01:52:11,106 --> 01:52:13,476 So, if I change my password, I've got to remember now 2682 01:52:13,476 --> 01:52:15,196 to reset this cookie because, although, 2683 01:52:15,196 --> 01:52:17,376 it's going to be sending the wrong cookie and I'm going 2684 01:52:17,376 --> 01:52:19,896 to be sort of blocked out for those six or seven days. 2685 01:52:20,186 --> 01:52:22,126 So there, too, that suggests, "That's not stored 2686 01:52:22,126 --> 01:52:22,956 in the cookie at all." 2687 01:52:23,176 --> 01:52:25,186 And this one, we'll come back to toward the end of the semester 2688 01:52:25,186 --> 01:52:27,066 when we focus one day on security. 2689 01:52:27,066 --> 01:52:30,266 But recall last week that I did that silly little attack 2690 01:52:30,476 --> 01:52:35,426 on myself, whereby I typed in a script tag into a form field, 2691 01:52:35,646 --> 01:52:38,166 and then triggered "Hi" to appear on the screen, 2692 01:52:38,386 --> 01:52:42,566 because I tricked my browser into rendering HTML 2693 01:52:42,566 --> 01:52:43,676 that the user had provided. 2694 01:52:43,986 --> 01:52:47,036 For now, let me say that that was a stupid demo 2695 01:52:47,036 --> 01:52:49,196 because all I'm doing is like breaking the site for myself, 2696 01:52:49,536 --> 01:52:51,846 but it's representative of the class of attacks 2697 01:52:52,106 --> 01:52:54,176 that could put your username and password at risk. 2698 01:52:54,456 --> 01:52:56,446 For now, consider this, you know 2699 01:52:56,446 --> 01:52:58,706 that forms can be submitted via GET or POST. 2700 01:52:59,236 --> 01:53:02,006 If they're submitted via GET, that's equivalent 2701 01:53:02,006 --> 01:53:03,486 to putting the parameters in the URL. 2702 01:53:04,016 --> 01:53:05,446 OK. So, now, we have a URL. 2703 01:53:05,616 --> 01:53:07,856 And supposed that you are a spammer 2704 01:53:07,856 --> 01:53:09,816 and you sent someone a spam, like some kind 2705 01:53:09,816 --> 01:53:10,936 of a fishing attack that says, 2706 01:53:10,936 --> 01:53:12,856 "Click here to confirm your PayPal account," 2707 01:53:12,856 --> 01:53:15,986 something stupid like that, and you embed in that email spam 2708 01:53:16,396 --> 01:53:18,096 that URL for the user to click. 2709 01:53:18,676 --> 01:53:21,576 A bad guy, again we'll come back to this later in the semester, 2710 01:53:21,576 --> 01:53:24,066 could trick you into clicking on that link 2711 01:53:24,626 --> 01:53:28,386 that contains HTTP keys and values, parameters. 2712 01:53:28,616 --> 01:53:32,556 Now, what if one of those values were an open bracket script tag 2713 01:53:32,556 --> 01:53:35,906 and so forth, much like I manually typed in. 2714 01:53:35,906 --> 01:53:39,746 I, the spammer, could trick you into not only visiting foo.com 2715 01:53:39,886 --> 01:53:42,806 but also submitting form via GET on foo.com, 2716 01:53:42,806 --> 01:53:44,976 and one of your inputs that you've been tricked 2717 01:53:44,976 --> 01:53:47,566 into submitting could be a script tag. 2718 01:53:47,566 --> 01:53:50,996 Inside of a script tag, you have access to all of the cookies 2719 01:53:51,186 --> 01:53:53,346 in a website via JavaScript. 2720 01:53:53,646 --> 01:53:56,446 There is indeed a global variable, 2721 01:53:56,516 --> 01:53:58,956 kind of over simplification called document.cookie. 2722 01:53:59,486 --> 01:54:03,286 So long story short, if you, the bad guy, can trick a user 2723 01:54:03,786 --> 01:54:07,596 into effectively submitting a form that contains a script tag 2724 01:54:07,596 --> 01:54:09,936 and that script tag contains some mention of cookies, 2725 01:54:10,236 --> 01:54:14,236 you can trick a user into revealing all 2726 01:54:14,236 --> 01:54:15,936 of their cookies to you, the bad guy. 2727 01:54:16,136 --> 01:54:18,306 And if among the cookies is something, my God, 2728 01:54:18,306 --> 01:54:21,036 like their password, you can steal their password 2729 01:54:21,036 --> 01:54:23,326 with now even sniffing their wireless traffic. 2730 01:54:23,326 --> 01:54:26,486 You can be halfway around the world having just sent them a 2731 01:54:26,606 --> 01:54:27,406 fishing attack. 2732 01:54:27,736 --> 01:54:29,326 Again, more on that in a few weeks. 2733 01:54:29,326 --> 01:54:33,016 But for now, the takeaway is there are so many reasons not 2734 01:54:33,016 --> 01:54:34,866 to do this, just don't do it. 2735 01:54:35,326 --> 01:54:36,966 There is never a good reason to do this. 2736 01:54:36,966 --> 01:54:38,326 And it's clearly not necessary 2737 01:54:38,326 --> 01:54:39,596 because in the previous examples, 2738 01:54:39,596 --> 01:54:40,776 we stored everything in session. 2739 01:54:40,776 --> 01:54:43,196 And even then, I didn't store my username and password. 2740 01:54:43,196 --> 01:54:45,406 I just stored authenticated equals true. 2741 01:54:45,406 --> 01:54:47,906 I don't even need to store sensitive information. 2742 01:54:48,536 --> 01:54:50,626 The only risk I still run relates 2743 01:54:50,626 --> 01:54:53,106 to someone stealing my cookie, my php/id. 2744 01:54:53,236 --> 01:54:56,406 But thankfully, encryption helps raised the bar 2745 01:54:56,516 --> 01:54:57,856 to that attack significantly. 2746 01:54:58,086 --> 01:54:58,506 All right. 2747 01:54:59,976 --> 01:55:01,446 Any questions? 2748 01:55:01,446 --> 01:55:01,546 Yeah. 2749 01:55:02,516 --> 01:55:05,676 [ Inaudible Remark ] 2750 01:55:06,176 --> 01:55:09,006 Yes. So is there any difference in storing variables 2751 01:55:09,006 --> 01:55:10,076 in sessions and cookies? 2752 01:55:10,486 --> 01:55:13,136 It boils down to session is stored on the server, 2753 01:55:13,246 --> 01:55:14,686 cookies are stored on the client. 2754 01:55:15,186 --> 01:55:17,326 So, you can store anything you want on the server 2755 01:55:17,326 --> 01:55:19,246 and be reasonably comfortable that it's safe, 2756 01:55:19,246 --> 01:55:21,216 although there are attacks that can be waged there. 2757 01:55:22,066 --> 01:55:24,416 You should not store anything that's sensitive 2758 01:55:24,416 --> 01:55:26,506 on the client in the cookie. 2759 01:55:26,796 --> 01:55:29,656 Rather, it's reasonably for me to store jharvard because, 2760 01:55:29,656 --> 01:55:32,736 frankly, it's kind of convenient to be able to pre-populate 2761 01:55:32,736 --> 01:55:34,406 that field by saying jharvard. 2762 01:55:34,806 --> 01:55:36,506 I should not store his password. 2763 01:55:36,576 --> 01:55:38,356 And arguably even jharvard is not great. 2764 01:55:38,356 --> 01:55:40,466 Because that means, if someone's in, like a computer lab 2765 01:55:40,466 --> 01:55:43,406 on campus, they log in to my website, then they walk away, 2766 01:55:43,706 --> 01:55:45,826 I've leaked some information, 2767 01:55:45,826 --> 01:55:49,226 the fact that jharvard was the last using this computer even 2768 01:55:49,226 --> 01:55:51,596 if you can't log in to his account without his password. 2769 01:55:51,596 --> 01:55:52,846 So, it might just be a privacy thing. 2770 01:55:53,246 --> 01:55:55,686 So this is why, and recall where we started the story, 2771 01:55:55,956 --> 01:55:59,206 this is why many websites actually have a little field, 2772 01:55:59,206 --> 01:56:03,026 like this here, that asks you to remember that you're logged in, 2773 01:56:03,026 --> 01:56:06,286 and there's two versions of this generally, one, like Facebook, 2774 01:56:06,286 --> 01:56:08,896 it actually keeps you logged in by setting the equivalent 2775 01:56:08,896 --> 01:56:10,116 of authenticated equals true. 2776 01:56:10,336 --> 01:56:14,486 Bank websites, though, typically and others will not remember 2777 01:56:14,486 --> 01:56:16,826 that you are logged in, but they will, for convenience, 2778 01:56:16,826 --> 01:56:18,556 remember what your user ID is, 2779 01:56:18,556 --> 01:56:20,436 your username, just for convenience. 2780 01:56:20,896 --> 01:56:23,696 But that's really a server side detail that they have decided 2781 01:56:23,696 --> 01:56:24,876 to support or not support. 2782 01:56:24,876 --> 01:56:27,076 And then, in the bank's case, the stakes are higher 2783 01:56:27,286 --> 01:56:28,686 if someone logs in to your account, 2784 01:56:28,686 --> 01:56:31,376 so that's why they make you type your password again and again. 2785 01:56:31,376 --> 01:56:35,626 Facebook, nah, it's not nearly that sensitive as money. 2786 01:56:35,626 --> 01:56:35,693 Yeah. 2787 01:56:36,686 --> 01:56:39,686 >> Just a curious question. 2788 01:56:39,686 --> 01:56:46,426 For underscore session, you just authenticated, 2789 01:56:46,426 --> 01:56:48,786 you just mentioned authenticated. 2790 01:56:48,786 --> 01:56:51,496 With that-- with the information, can we able to find 2791 01:56:51,726 --> 01:56:53,706 out the user ID and password? 2792 01:56:53,706 --> 01:56:54,056 >> In the cookie? 2793 01:56:54,056 --> 01:56:54,123 >> Yeah. 2794 01:56:54,466 --> 01:56:55,386 >> In the previous example? 2795 01:56:55,626 --> 01:56:55,746 >> Yeah. 2796 01:56:55,906 --> 01:56:56,316 >> So, yes. 2797 01:56:56,396 --> 01:56:58,586 In the previous example, where I stored username 2798 01:56:58,676 --> 01:56:59,676 and password in cookies? 2799 01:57:00,326 --> 01:57:00,846 >> No. 2800 01:57:00,846 --> 01:57:00,913 >> Oh. 2801 01:57:01,016 --> 01:57:06,536 >> So, because then you didn't store the user ID and password, 2802 01:57:06,536 --> 01:57:07,546 but you just mentioned 2803 01:57:07,546 --> 01:57:10,246 like authenticated, just authenticated. 2804 01:57:10,646 --> 01:57:11,086 >> OK. 2805 01:57:11,086 --> 01:57:14,046 >> Will that cookie information can, I mean, 2806 01:57:14,206 --> 01:57:16,306 the hacker can able to find out the-- 2807 01:57:16,506 --> 01:57:16,936 >> Good question. 2808 01:57:16,936 --> 01:57:18,216 And don't call cookie information here, 2809 01:57:18,216 --> 01:57:19,546 it's more session information. 2810 01:57:19,806 --> 01:57:23,246 In that case, no, because I have genericized remembering 2811 01:57:23,246 --> 01:57:25,216 that the users logged in by just storing authenticated 2812 01:57:25,216 --> 01:57:25,946 equals true. 2813 01:57:26,246 --> 01:57:29,166 The bad guy probably cannot figure 2814 01:57:29,166 --> 01:57:31,096 out who it is, in that case. 2815 01:57:31,166 --> 01:57:33,016 They only know that someone has logged in. 2816 01:57:33,426 --> 01:57:34,526 Now, that's not a common case. 2817 01:57:34,526 --> 01:57:36,676 I did that for the sake of a simple demonstration. 2818 01:57:37,006 --> 01:57:39,386 The version I did on the fly by also storing 2819 01:57:39,386 --> 01:57:41,656 in session jharvard, so that we can then see it 2820 01:57:41,656 --> 01:57:44,276 in that text file, that's probably a better version. 2821 01:57:44,386 --> 01:57:47,516 But at that point, to be honest, if we are implementing something 2822 01:57:47,516 --> 01:57:49,876 like Facebook, frankly, there's probably 2823 01:57:49,876 --> 01:57:52,396 so much personal information going back and forth 2824 01:57:52,396 --> 01:57:55,666 if you're not using SSL like you might say, David Malan, 2825 01:57:55,666 --> 01:57:57,676 your profile, it might say, "Dear David," 2826 01:57:57,676 --> 01:57:58,866 in the email I'm viewing. 2827 01:57:58,866 --> 01:58:01,206 There are so many other ways the bad guy could infer your 2828 01:58:01,206 --> 01:58:05,266 identity, your independent of cookies and sessions. 2829 01:58:06,056 --> 01:58:06,276 Jack. 2830 01:58:06,416 --> 01:58:09,646 >> So what exactly does the keep me logged in check box do? 2831 01:58:09,926 --> 01:58:10,436 >> Good question. 2832 01:58:11,076 --> 01:58:17,776 What that does is it stores on the server a remembrance 2833 01:58:17,866 --> 01:58:23,236 that the person with php/id55512 whatever the big random number 2834 01:58:23,236 --> 01:58:25,506 is, should not be asked for their password again. 2835 01:58:26,086 --> 01:58:27,026 So, in other words, 2836 01:58:28,416 --> 01:58:29,946 they effectively have something like this. 2837 01:58:29,946 --> 01:58:34,836 Let me open up my text file and let me go back into login3. 2838 01:58:34,836 --> 01:58:38,756 So, recall that we keep checking this, 2839 01:58:38,756 --> 01:58:40,086 if user and pass are issets. 2840 01:58:40,566 --> 01:58:47,866 What Facebook probably does is if isset session, remember me, 2841 01:58:47,866 --> 01:58:53,196 or something like that, or the form is submitted, 2842 01:58:53,226 --> 01:58:56,836 something like that, this would-- actually, sorry. 2843 01:58:57,356 --> 01:58:59,216 Let's-- I put that in the wrong place. 2844 01:58:59,916 --> 01:59:03,876 Let's do it like this, up top. 2845 01:59:04,206 --> 01:59:07,696 So, if isset remember me, then I'm going 2846 01:59:07,696 --> 01:59:10,686 to do the redirect to home.php. 2847 01:59:10,686 --> 01:59:13,026 In other words, it's a separate check all together. 2848 01:59:13,346 --> 01:59:16,076 If a cookie has been set, that represents the act 2849 01:59:16,226 --> 01:59:18,706 of having clicked on that check box, the users are going 2850 01:59:18,706 --> 01:59:21,406 to be automatically routed to home.php and Facebook knows 2851 01:59:21,406 --> 01:59:23,056 that you're logged in because, also, 2852 01:59:23,056 --> 01:59:25,556 in session is probably your user ID 2853 01:59:25,556 --> 01:59:27,336 or your username, something like that. 2854 01:59:27,926 --> 01:59:29,096 So, it's really as simple as that. 2855 01:59:29,286 --> 01:59:30,816 And how does that mechanism work? 2856 01:59:31,086 --> 01:59:36,006 Well, we keep seeing it, but I didn't explain precisely. 2857 01:59:36,396 --> 01:59:40,576 PHP/id is the result of having called the function at the top 2858 01:59:40,576 --> 01:59:42,266 of one of your-- of all of your files. 2859 01:59:42,706 --> 01:59:45,766 What was that function that I made you promised to call? 2860 01:59:45,766 --> 01:59:45,856 Yeah. 2861 01:59:46,296 --> 01:59:48,416 >> Start underscore session? 2862 01:59:48,446 --> 01:59:50,716 >> Close, session star, session_start. 2863 01:59:50,966 --> 01:59:52,416 Remember that I said take on faith. 2864 01:59:52,416 --> 01:59:53,796 You must call this first. 2865 01:59:54,006 --> 01:59:54,946 What is that doing? 2866 01:59:55,226 --> 01:59:57,216 It is what's handling for you, 2867 01:59:57,216 --> 02:00:01,886 the act of sending the cookie called php/id to the browser, 2868 02:00:02,036 --> 02:00:04,786 so that you have this illusion of statefulness 2869 02:00:04,786 --> 02:00:05,956 between clients and server. 2870 02:00:06,196 --> 02:00:09,416 >> Is there an opposite, like, end session? 2871 02:00:09,566 --> 02:00:10,596 >> There is, session_destroy. 2872 02:00:10,596 --> 02:00:13,156 It will kill the session altogether 2873 02:00:13,156 --> 02:00:15,286 and there's actually a couple other functions you can call. 2874 02:00:15,426 --> 02:00:17,526 And if you pull up the php.net documentation 2875 02:00:17,526 --> 02:00:19,676 for session_destroy, they'll show you some common heuristics 2876 02:00:19,676 --> 02:00:22,546 for blowing away everything in the session but session-- 2877 02:00:22,546 --> 02:00:24,876 >> And that leads for some sort of log out? 2878 02:00:24,876 --> 02:00:25,206 >> Exactly. 2879 02:00:25,206 --> 02:00:27,986 That's exactly-- well, you can use that for the log out or, 2880 02:00:28,046 --> 02:00:30,876 frankly, we could just go back and set authenticated to false 2881 02:00:31,216 --> 02:00:34,906 but that quite-- won't quite work because false is also set, 2882 02:00:35,366 --> 02:00:37,606 so if we do that, then we have to be careful about our use 2883 02:00:37,606 --> 02:00:40,816 of isset and actually check truth values. 2884 02:00:41,646 --> 02:00:41,746 Yeah. 2885 02:00:42,296 --> 02:00:43,616 >> What if the bad guy get my cookies ID 2886 02:00:43,616 --> 02:00:48,696 and if we can't hack his computer, 2887 02:00:48,866 --> 02:00:55,156 [inaudible] that cookie with my cookie ID and just to saying 2888 02:00:55,156 --> 02:00:58,226 that authentication equals true? 2889 02:00:58,436 --> 02:00:58,886 >> Good question. 2890 02:00:58,886 --> 02:01:01,966 So a bad guy could forge your cookie 2891 02:01:02,416 --> 02:01:04,306 by guessing it or just sniffing it. 2892 02:01:04,596 --> 02:01:07,176 He cannot change authenticated is true 2893 02:01:07,176 --> 02:01:08,556 because that is stored on the server. 2894 02:01:08,966 --> 02:01:11,936 So, the bad guy's best chance here is to guess 2895 02:01:11,986 --> 02:01:14,946 or to sniff somehow the session-- 2896 02:01:14,946 --> 02:01:18,546 php/id of someone who has already logged in and then send 2897 02:01:18,546 --> 02:01:21,536 that cookie as his own, and this is exactly what's called a 2898 02:01:21,606 --> 02:01:24,706 session hijacking attack and we'll come back to that, too, 2899 02:01:24,876 --> 02:01:26,366 towards semester's end. 2900 02:01:27,826 --> 02:01:30,326 OK. Let's go ahead and take a two-minute break here 2901 02:01:30,326 --> 02:01:33,586 and then we'll come back, take a look at this cleaner approach 2902 02:01:33,586 --> 02:01:35,156 to some of the code we've been talking about known as MVC. 2903 02:01:35,156 --> 02:01:37,276 And then after that, we'll segue if you'd 2904 02:01:37,276 --> 02:01:39,366 like into section as well. 2905 02:01:39,366 --> 02:01:44,126 So let's take a couple minute break here. 2906 02:01:45,366 --> 02:01:49,996 OK. So we are back and the goal now is to try 2907 02:01:49,996 --> 02:01:54,506 to improve the quality of the design of our code and move away 2908 02:01:54,506 --> 02:01:57,286 from having these individual files that have frankly a lot 2909 02:01:57,286 --> 02:01:58,676 of code duplication, right? 2910 02:01:58,676 --> 02:02:01,426 We have a lot of the session_start at the top 2911 02:02:01,426 --> 02:02:03,356 of multiple files, which I just said you must do. 2912 02:02:03,356 --> 02:02:05,476 But it would kind of be nice if we could factor that out 2913 02:02:05,476 --> 02:02:06,706 and do it maybe one place 2914 02:02:06,946 --> 02:02:09,916 and have everyone else do what that file says to do. 2915 02:02:09,916 --> 02:02:12,606 It feels like I've got HTML tags all over the place. 2916 02:02:12,606 --> 02:02:14,726 I've got body tags, head tags, there's such a lot 2917 02:02:14,726 --> 02:02:16,956 of code duplication right now, and it feels 2918 02:02:16,956 --> 02:02:19,986 like this process is just going to get messier and messier, 2919 02:02:19,986 --> 02:02:21,416 the more complex your site gets. 2920 02:02:21,566 --> 02:02:24,506 So indeed, let's introduce another paradigm altogether 2921 02:02:24,506 --> 02:02:27,826 known as MVC, Model View Controller and we're only going 2922 02:02:27,826 --> 02:02:29,786 to scratch to the surface of this tonight but we're going 2923 02:02:29,786 --> 02:02:33,116 to take a step toward making things a little cleaner. 2924 02:02:33,246 --> 02:02:35,056 This will be a very underwhelming drawing but it 2925 02:02:35,056 --> 02:02:36,726 at least will give you a mental model here. 2926 02:02:36,966 --> 02:02:39,406 So MVC is Model View Controller 2927 02:02:39,566 --> 02:02:44,756 and the idea behind MVC is essentially this, whereby 2928 02:02:44,756 --> 02:02:47,716 and this is where I get to kind of cheat and do some ASCII art. 2929 02:02:48,336 --> 02:02:52,466 OK. That's all I wanted the iPad for, to draw this picture here. 2930 02:02:52,796 --> 02:02:55,756 So MVC kind of has this triangular relationship among 2931 02:02:55,756 --> 02:02:59,096 these three concepts known as model, view, and controller. 2932 02:02:59,336 --> 02:03:01,286 So controller is actually a nice one to start with. 2933 02:03:01,326 --> 02:03:03,446 So the controller does exactly that. 2934 02:03:03,446 --> 02:03:05,366 A controller is the code that you write 2935 02:03:05,596 --> 02:03:08,526 that really controls the flow of your entire application. 2936 02:03:08,786 --> 02:03:11,596 Now thus far, we haven't really had a controller per se. 2937 02:03:11,796 --> 02:03:13,276 We've had many controllers. 2938 02:03:13,276 --> 02:03:15,636 Froshims1.php was a controller. 2939 02:03:15,636 --> 02:03:17,816 Froshims2 was a controller. 2940 02:03:17,816 --> 02:03:20,416 Register1 that was-- register1.php was a controller. 2941 02:03:20,416 --> 02:03:21,006 Register2 was. 2942 02:03:21,006 --> 02:03:23,816 In other words, all of these files we've written thus far are 2943 02:03:23,816 --> 02:03:26,056 entirely self-contained and self-sufficient. 2944 02:03:26,096 --> 02:03:27,946 They have their HTML tags that they need. 2945 02:03:28,136 --> 02:03:29,716 They call session_start as needed. 2946 02:03:29,716 --> 02:03:31,476 They have all the PHP logic at the top. 2947 02:03:31,676 --> 02:03:32,796 Every-- they do everything. 2948 02:03:33,206 --> 02:03:34,586 There is no sharing of code. 2949 02:03:34,946 --> 02:03:39,586 Now, MVC, though, proposes that you keep your business logic, 2950 02:03:39,586 --> 02:03:41,486 so to speak, the real intellectually-- 2951 02:03:41,486 --> 02:03:43,576 some of the intellectually interesting parts 2952 02:03:43,576 --> 02:03:46,716 of your application in your controller but you relegate all 2953 02:03:46,716 --> 02:03:50,466 of the aesthetic stuff to things called views, separate files 2954 02:03:50,706 --> 02:03:52,226 that contain your HTML. 2955 02:03:52,446 --> 02:03:55,086 And in particular, it doesn't contain just static HTML. 2956 02:03:55,086 --> 02:03:58,226 It usually contains placeholders for variables. 2957 02:03:58,416 --> 02:04:00,326 So for instance, one of the things we copied 2958 02:04:00,326 --> 02:04:04,586 and pasted ad nauseam today was the head tag and the title tag 2959 02:04:04,916 --> 02:04:07,606 for all of our various web pages whether it was in register1 2960 02:04:07,606 --> 02:04:09,886 or register2 or froshims1, froshims2. 2961 02:04:09,886 --> 02:04:11,856 It was all over the place, head tags, title tags, 2962 02:04:11,856 --> 02:04:13,226 all of that again and again and again. 2963 02:04:13,686 --> 02:04:17,066 Now, even though the title of my pages might have changed 2964 02:04:17,206 --> 02:04:18,846 because I might be changing it everywhere. 2965 02:04:19,086 --> 02:04:21,796 Wouldn't it be nice if I could just write open bracket head, 2966 02:04:21,796 --> 02:04:25,756 open bracket title and then let's say dollar sign title 2967 02:04:26,016 --> 02:04:28,646 and then close title close head in one file 2968 02:04:28,956 --> 02:04:31,806 and then somehow dynamically change the value 2969 02:04:31,806 --> 02:04:35,396 of dollar sign title when I spit out that HTML. 2970 02:04:35,656 --> 02:04:38,546 In other words, can I factor out my HTML 2971 02:04:38,776 --> 02:04:40,516 from my various PHP files. 2972 02:04:40,696 --> 02:04:45,776 MVC is a mental paradigm that sort of urges you to do that 2973 02:04:46,006 --> 02:04:48,456 and model which we won't talk so much about today 2974 02:04:48,456 --> 02:04:50,896 but perhaps more in our database discussion is 2975 02:04:50,896 --> 02:04:52,436 where you store your actual data. 2976 02:04:52,436 --> 02:04:54,256 Now thus far, we don't have all that much data. 2977 02:04:54,426 --> 02:04:56,806 The only data we really had today was like a user name 2978 02:04:56,806 --> 02:04:58,606 and password, like jharvard and crimson. 2979 02:04:58,606 --> 02:05:02,176 But once we need more sophisticated pieces of data, 2980 02:05:02,426 --> 02:05:04,496 we can talk about the M in MVC. 2981 02:05:04,496 --> 02:05:08,646 But for now, let's consider C and V and let's take a look 2982 02:05:08,646 --> 02:05:09,806 at a simple demonstration. 2983 02:05:09,806 --> 02:05:11,856 So let me go back into the appliance here 2984 02:05:12,076 --> 02:05:14,006 and this is the website that I want to build. 2985 02:05:14,256 --> 02:05:15,316 It's ever so complex. 2986 02:05:15,316 --> 02:05:18,486 It's got a huge H1 tag or whatnot and a link to lectures 2987 02:05:18,486 --> 02:05:20,156 and a link to the syllabus for the course. 2988 02:05:20,506 --> 02:05:23,916 If I click on Lectures, I see this. 2989 02:05:23,916 --> 02:05:25,916 If I click on Lecture 0, I see this. 2990 02:05:26,186 --> 02:05:27,246 So what's the point of this? 2991 02:05:27,246 --> 02:05:29,856 Well, one, it's super simple just so we don't get distracted 2992 02:05:30,256 --> 02:05:31,686 by unnecessary details. 2993 02:05:31,986 --> 02:05:34,116 But it's also super simple to send a message 2994 02:05:34,116 --> 02:05:36,416 that there's redundancy, redundancy, redundancy, 2995 02:05:36,416 --> 02:05:39,286 like every single page fundamentally looks the same. 2996 02:05:39,286 --> 02:05:41,576 It's got a title and it's got unordered list. 2997 02:05:42,006 --> 02:05:45,146 And even though the content changes, the fundamental markup 2998 02:05:45,146 --> 02:05:46,826 that I've written, the HTML, it doesn't feel 2999 02:05:46,826 --> 02:05:49,236 like it's changing all that much, just the data. 3000 02:05:49,446 --> 02:05:51,966 So this feels like an opportunity to factor this out. 3001 02:05:52,176 --> 02:05:53,656 But let's see my first attempt at this. 3002 02:05:53,926 --> 02:05:56,416 Version 0 looks like this. 3003 02:05:56,456 --> 02:05:59,876 So I have these several files on my directory, index.php, 3004 02:06:00,056 --> 02:06:03,156 lectures.php, lecture0.php, and so forth, 3005 02:06:03,386 --> 02:06:06,056 and they're practically copy paste of each other. 3006 02:06:06,056 --> 02:06:11,486 Oops, let me open this in gedit index.php, looks like this. 3007 02:06:11,716 --> 02:06:12,676 It's just HTML. 3008 02:06:12,896 --> 02:06:15,886 It's called .php but recall from last Wednesday that just 3009 02:06:15,886 --> 02:06:17,886 because you call it PHP it doesn't mean it is PHP. 3010 02:06:17,886 --> 02:06:20,096 It's just it can be spit out raw HTML. 3011 02:06:20,466 --> 02:06:23,916 So here, I've hard coded some of these tags here for HTML 3012 02:06:23,916 --> 02:06:25,276 and there are those links I mentioned, 3013 02:06:25,276 --> 02:06:26,626 lectures and syllabus. 3014 02:06:27,176 --> 02:06:31,566 Now you can probably guess what lectures looks like. 3015 02:06:31,566 --> 02:06:41,626 If I open that up here, I have now in MVC, in like number 0, 3016 02:06:42,356 --> 02:06:43,426 let's pull up lectures. 3017 02:06:44,086 --> 02:06:45,356 Oh my God, it's not interesting. 3018 02:06:45,456 --> 02:06:47,646 It's pretty much copy paste as before. 3019 02:06:47,646 --> 02:06:51,356 And you spoil lecture0, lecture 1, pretty much identical. 3020 02:06:51,566 --> 02:06:54,316 So there's really an opportunity now to do some factoring out. 3021 02:06:54,316 --> 02:06:55,886 What kinds of things can we factor out? 3022 02:06:56,136 --> 02:07:00,216 Well, one, the title tags are the same, but the word inside 3023 02:07:00,216 --> 02:07:01,526 of the title tag is different. 3024 02:07:01,766 --> 02:07:04,746 So, I would love to be able to do something like this 3025 02:07:05,256 --> 02:07:07,346 or equivalent, and it's not quite as simple as that. 3026 02:07:07,346 --> 02:07:08,736 It might be more like this. 3027 02:07:08,736 --> 02:07:11,416 But that could be a step in the right direction 3028 02:07:11,416 --> 02:07:15,706 and that would be a value add of a dynamic language like PHP. 3029 02:07:15,966 --> 02:07:17,626 This, I would like to change, too. 3030 02:07:17,856 --> 02:07:20,326 And even these links, it would be nice if I had a for loop 3031 02:07:20,326 --> 02:07:22,276 or something that put these kinds of things out. 3032 02:07:22,276 --> 02:07:24,986 So there's a lot of opportunities to factor out, 3033 02:07:25,126 --> 02:07:26,836 otherwise redundant code. 3034 02:07:27,056 --> 02:07:29,146 So let's take a look at version 1 3035 02:07:29,706 --> 02:07:32,836 and see how we can start taking steps toward that. 3036 02:07:33,046 --> 02:07:36,966 So that was version 0, let me go back now to version 1 3037 02:07:37,186 --> 02:07:40,186 and in version 1, we have the following structure. 3038 02:07:40,186 --> 02:07:43,426 So in each of these sample folders 3039 02:07:43,876 --> 02:07:45,296 and I'll have this online as well. 3040 02:07:45,296 --> 02:07:46,286 There's a little read me, 3041 02:07:46,286 --> 02:07:48,426 just to remind you how we laid things out. 3042 02:07:48,426 --> 02:07:50,316 So in this read me, notice we have the following. 3043 02:07:50,666 --> 02:07:53,976 It improves upon version 0 by factoring out pages' header 3044 02:07:53,976 --> 02:07:55,976 and footer, so very low-hanging fruit here. 3045 02:07:55,976 --> 02:07:57,556 Same head tag, same title tag, 3046 02:07:57,816 --> 02:08:01,326 same stupid open bracket slash HTML tag everywhere plus open 3047 02:08:01,326 --> 02:08:02,316 bracket slash body. 3048 02:08:02,546 --> 02:08:03,756 We can factor this stuff out. 3049 02:08:03,986 --> 02:08:05,796 So notice that the only difference now 3050 02:08:05,796 --> 02:08:08,926 in this version 1 is we have the same four files as before, 3051 02:08:09,006 --> 02:08:12,666 by name at least, and then footer.php and header.php. 3052 02:08:13,146 --> 02:08:14,796 So let's now take a look at this design. 3053 02:08:15,316 --> 02:08:19,046 I'm going to go into the one subdirectory 3054 02:08:19,586 --> 02:08:23,966 and open up, let's say, index.php. 3055 02:08:24,386 --> 02:08:25,036 Interesting. 3056 02:08:25,686 --> 02:08:28,506 And you can kind of infer what I've done from this perhaps. 3057 02:08:28,986 --> 02:08:33,936 This does not look like a valid web page anymore, 3058 02:08:34,076 --> 02:08:36,046 but what must the implication be? 3059 02:08:36,226 --> 02:08:38,366 So what does require probably do in PHP? 3060 02:08:38,366 --> 02:08:39,456 It's a new function. 3061 02:08:39,456 --> 02:08:43,626 >> It pulls up some of the PHP from another file. 3062 02:08:43,626 --> 02:08:44,006 >> Exactly. 3063 02:08:44,006 --> 02:08:45,966 It pulls in a PHP code from another file, in this case, 3064 02:08:45,966 --> 02:08:48,256 header.php and it does the same at the bottom of the page 3065 02:08:48,256 --> 02:08:49,586 and it does it in those locations. 3066 02:08:49,956 --> 02:08:52,256 So where is my body tag probably? 3067 02:08:52,946 --> 02:08:53,046 Yeah. 3068 02:08:53,596 --> 02:08:54,686 >> In the header? 3069 02:08:54,766 --> 02:08:55,406 >> Exactly. 3070 02:08:55,406 --> 02:08:57,706 And the close body tag is probably in the footer. 3071 02:08:57,876 --> 02:09:00,556 So now let's take a look at header.php. 3072 02:09:00,656 --> 02:09:05,486 So in header.php, OK, there is a slightly familiar file, 3073 02:09:05,486 --> 02:09:06,946 even though it's a little abbreviated. 3074 02:09:06,946 --> 02:09:13,706 Notice that it's stops in line 20 once I say CSCI S-75, 3075 02:09:14,116 --> 02:09:14,876 that's it. 3076 02:09:14,986 --> 02:09:19,506 But that's OK because what's supposed to come next? 3077 02:09:19,666 --> 02:09:20,176 The-- yeah. 3078 02:09:20,286 --> 02:09:20,586 >> The list. 3079 02:09:20,846 --> 02:09:23,866 >> The list of links, in this case, and there's no close tag, 3080 02:09:23,866 --> 02:09:25,796 but that's OK because the close tag is in? 3081 02:09:26,376 --> 02:09:27,216 >> The footer. 3082 02:09:27,366 --> 02:09:30,056 >> The footer.php has close body and close HTML. 3083 02:09:30,056 --> 02:09:33,456 So, it's not going to be very interesting, but let's just, 3084 02:09:33,526 --> 02:09:36,096 for thoroughness, so that there's no magic, 3085 02:09:36,406 --> 02:09:39,066 open up the footer.php, there is that file. 3086 02:09:39,066 --> 02:09:41,566 I mean, my God, it's mostly common to not even code. 3087 02:09:41,936 --> 02:09:43,296 So that's a step in the right direction. 3088 02:09:43,296 --> 02:09:44,926 And let's look at lectures.php. 3089 02:09:44,926 --> 02:09:48,576 This, too, is similarly simple, mostly comments this time, 3090 02:09:48,876 --> 02:09:51,006 but require header, require footer. 3091 02:09:51,436 --> 02:09:52,196 So this is nice. 3092 02:09:52,426 --> 02:09:54,396 Now I've eliminated a lot of redundant code. 3093 02:09:54,396 --> 02:09:57,376 If I decide tomorrow I want to change all the CSS for my site, 3094 02:09:57,376 --> 02:10:00,466 I can just change the link element in the header tag 3095 02:10:00,466 --> 02:10:01,976 or add a link element for a CSS file. 3096 02:10:02,496 --> 02:10:04,776 I can add JavaScript code in one place. 3097 02:10:05,126 --> 02:10:09,966 So this is a step toward separating aesthetics 3098 02:10:10,036 --> 02:10:12,396 from our actual data that we want to display. 3099 02:10:12,396 --> 02:10:14,336 It's not quite MVC yet but it's 3100 02:10:14,336 --> 02:10:16,936 at least a step toward a cleaner design. 3101 02:10:17,166 --> 02:10:18,726 Well let's take a one step further. 3102 02:10:18,726 --> 02:10:21,376 Let me go into version 2 now, oops, 3103 02:10:21,376 --> 02:10:25,146 version 2 has the following files. 3104 02:10:27,096 --> 02:10:29,946 Wrapping header and footer with a parameterized function. 3105 02:10:30,966 --> 02:10:32,706 OK. It sounds a little fancy. 3106 02:10:32,706 --> 02:10:35,696 Can you infer from this description alone what's the 3107 02:10:35,696 --> 02:10:40,556 next enhancement I'm about to propose do you think? 3108 02:10:40,746 --> 02:10:41,296 Yeah? Axel? 3109 02:10:41,746 --> 02:10:45,616 >> Again, this is just a guess but maybe you're-- 3110 02:10:46,796 --> 02:10:48,746 maybe parameterized function means 3111 02:10:49,836 --> 02:10:54,076 that you're changing some tags, for example the title-- 3112 02:10:54,216 --> 02:10:54,496 >> Good. 3113 02:10:54,496 --> 02:10:55,286 >> -- in the header. 3114 02:10:55,616 --> 02:10:57,886 >> Yeah. Remember, I was kind of motivated to do this 3115 02:10:57,886 --> 02:11:01,286 to like factor out the title but it still allow a custom title, 3116 02:11:01,466 --> 02:11:02,666 but whereas I kind of cheated before. 3117 02:11:02,666 --> 02:11:04,726 If you look closely, I had the same title for every page. 3118 02:11:04,726 --> 02:11:06,176 Why? Because it was the same header.php. 3119 02:11:06,176 --> 02:11:09,066 So it feels like one step forward and sort 3120 02:11:09,066 --> 02:11:10,706 of another step back in that sense. 3121 02:11:10,996 --> 02:11:14,276 But let's look at the code here for header, well, 3122 02:11:14,276 --> 02:11:15,526 let's look at index first. 3123 02:11:16,346 --> 02:11:20,126 OK. So index, this is interesting, slightly new syntax 3124 02:11:20,126 --> 02:11:22,776 to absorb here but it's not all that fancy. 3125 02:11:23,046 --> 02:11:25,266 So let's look at the footer first. 3126 02:11:25,696 --> 02:11:28,876 Apparently, I have written a function called renderFooter. 3127 02:11:29,366 --> 02:11:30,106 What does it do? 3128 02:11:30,106 --> 02:11:31,476 Probably spits out the footer. 3129 02:11:31,846 --> 02:11:32,956 Now that's pretty simple. 3130 02:11:33,126 --> 02:11:35,186 RenderHeader looks a little more complex. 3131 02:11:35,186 --> 02:11:38,026 What kind of argument does renderHeader apparently take 3132 02:11:38,526 --> 02:11:40,016 even though it's a slightly new syntax? 3133 02:11:40,456 --> 02:11:42,046 It's an array. 3134 02:11:42,326 --> 02:11:46,046 It's an associative array which means it has keys and values. 3135 02:11:46,046 --> 02:11:47,406 What is the syntax and php 3136 02:11:47,406 --> 02:11:49,476 for allocating your own associative array? 3137 02:11:49,706 --> 02:11:51,586 Well previously, we saw a dorms array 3138 02:11:51,586 --> 02:11:52,846 which was numerically indexed. 3139 02:11:53,096 --> 02:11:56,226 Now we're seeing an associative array that I have made myself 3140 02:11:56,496 --> 02:11:57,496 and it works as follows. 3141 02:11:57,496 --> 02:12:00,166 You write the array function name, open parenthesis 3142 02:12:00,286 --> 02:12:03,596 and then you have the key, in this case, "title", 3143 02:12:03,826 --> 02:12:07,616 and then this crazy syntax equal sign arrow and then the value 3144 02:12:07,896 --> 02:12:10,806 of that key and then close parenthesis, close parenthesis. 3145 02:12:10,806 --> 02:12:13,956 So that gives me something similarly structured to GET 3146 02:12:13,956 --> 02:12:16,416 and POST and SESSION and COOKIE, all those superglobals 3147 02:12:16,416 --> 02:12:17,926 which were also associative arrays. 3148 02:12:18,166 --> 02:12:19,186 But this one is mine. 3149 02:12:19,296 --> 02:12:20,676 I just made it on the fly. 3150 02:12:20,676 --> 02:12:23,086 I didn't even give it a name but that's fine. 3151 02:12:23,116 --> 02:12:25,466 I'm dynamically creating an array and passing it 3152 02:12:25,466 --> 02:12:27,556 in as an argument to renderHeader. 3153 02:12:27,946 --> 02:12:30,046 Why? Well, renderHeader as you can infer 3154 02:12:30,046 --> 02:12:31,216 from the name is probably supposed 3155 02:12:31,216 --> 02:12:32,636 to render the page's header 3156 02:12:33,136 --> 02:12:36,296 and it probably takes one or more inputs. 3157 02:12:36,696 --> 02:12:39,396 One of which is clearly title but the fact 3158 02:12:39,396 --> 02:12:43,126 that I'm using an array allows me what future functionality? 3159 02:12:44,366 --> 02:12:44,466 Yeah? 3160 02:12:44,886 --> 02:12:46,986 >> Well, you can store all the things you wanted 3161 02:12:47,206 --> 02:12:48,966 and you put the renderHeader in the same array? 3162 02:12:48,966 --> 02:12:49,546 >> Exactly. 3163 02:12:49,546 --> 02:12:51,186 I can store all the things I want to pass 3164 02:12:51,186 --> 02:12:52,716 through renderHeader in the same array. 3165 02:12:52,716 --> 02:12:54,536 It is a very common paradigm in Perl, 3166 02:12:54,536 --> 02:12:56,976 with hashes, JavaScript objects. 3167 02:12:57,336 --> 02:13:00,016 It would be a little short-sided of me 3168 02:13:00,286 --> 02:13:04,016 to instead have a function called renderHeader that takes 3169 02:13:04,016 --> 02:13:06,716 for instance as its first argument the title that you want 3170 02:13:06,716 --> 02:13:09,046 to render because what about if tomorrow I decide 3171 02:13:09,046 --> 02:13:11,256 like Axel proposes, I don't just want a title, 3172 02:13:11,256 --> 02:13:13,426 I want like a JavaScript file to be included. 3173 02:13:13,636 --> 02:13:15,316 So OK, my second argument is going 3174 02:13:15,316 --> 02:13:16,676 to be the name of a JavaScript file. 3175 02:13:16,886 --> 02:13:20,336 But then on Friday, I decide I want to support CSS too. 3176 02:13:20,336 --> 02:13:22,556 So OK, I go back and change renderHeader 3177 02:13:22,556 --> 02:13:24,856 and you give it a third argument which is a CSS file. 3178 02:13:25,096 --> 02:13:26,926 But then next week, I realized I want C, 3179 02:13:27,126 --> 02:13:29,586 this just gets very, very messy quickly. 3180 02:13:29,916 --> 02:13:32,406 So by having an array from the outset, 3181 02:13:32,626 --> 02:13:34,926 it doesn't matter what the order of your arguments are. 3182 02:13:34,926 --> 02:13:38,486 Your only argument is in array, an associative array 3183 02:13:38,486 --> 02:13:40,906 and you can put any key value pairs in there that you want 3184 02:13:40,906 --> 02:13:42,036 and the order doesn't matter. 3185 02:13:42,186 --> 02:13:44,666 In other words, if I wanted another one, I put a comma 3186 02:13:44,776 --> 02:13:46,706 after the 75 and the close quote 3187 02:13:46,766 --> 02:13:48,886 and I just do the same thing again with the arrow notation, 3188 02:13:48,886 --> 02:13:50,056 and order does not matter. 3189 02:13:50,266 --> 02:13:53,906 So this is a wonderfully common paradigm in both PHP and, 3190 02:13:54,066 --> 02:13:55,396 as we'll see, JavaScript. 3191 02:13:55,656 --> 02:13:59,806 Now at the top of my page, there is one price I need to pay. 3192 02:13:59,836 --> 02:14:02,306 Why do I also apparently have this at the top? 3193 02:14:03,526 --> 02:14:03,656 Yeah? 3194 02:14:04,186 --> 02:14:05,556 >> The renderHeader 3195 02:14:05,556 --> 02:14:08,106 and renderFooter must exist in helpers.php. 3196 02:14:08,106 --> 02:14:08,906 >> Exactly, renderHeader 3197 02:14:08,906 --> 02:14:10,746 and renderFooter must exist somewhere 3198 02:14:10,746 --> 02:14:12,606 because they don't come with PHP, it turns out. 3199 02:14:12,816 --> 02:14:14,416 So they must be in a file apparently 3200 02:14:14,416 --> 02:14:15,436 that I called helpers.php. 3201 02:14:15,436 --> 02:14:17,936 So I at least have to do that. 3202 02:14:18,096 --> 02:14:21,366 Now, as an aside, there's ways of eliminating that copy paste 3203 02:14:21,366 --> 02:14:24,286 because you might now hopefully be thinking, "Oh my God, now, 3204 02:14:24,286 --> 02:14:26,886 I have to copy paste this and everyone of my PHP files." 3205 02:14:26,886 --> 02:14:28,156 And you do for now. 3206 02:14:28,546 --> 02:14:30,716 But it's at least better than all the other stuff you use 3207 02:14:30,716 --> 02:14:32,576 to have to copy and paste in every file. 3208 02:14:32,906 --> 02:14:35,886 So let's now look at helpers.php and see how it works. 3209 02:14:35,886 --> 02:14:41,106 In helpers.php, we have this function here 3210 02:14:41,776 --> 02:14:44,316 and this is a little fancy but it's kind 3211 02:14:44,316 --> 02:14:46,016 of a nice clean way of doing this. 3212 02:14:46,016 --> 02:14:47,766 So let's look at renderHeader first. 3213 02:14:48,256 --> 02:14:51,166 RenderHeader takes an argument called data. 3214 02:14:51,496 --> 02:14:55,646 And what does the equal sign array probably mean here even 3215 02:14:55,646 --> 02:14:57,686 if you're new to PHP? 3216 02:15:00,306 --> 02:15:01,886 >> It probably tells you that data is an array. 3217 02:15:01,886 --> 02:15:03,566 >> Good and it tells you a little more than that. 3218 02:15:03,566 --> 02:15:05,846 It tells you more than just that it is an array. 3219 02:15:10,976 --> 02:15:12,336 How about renderFooter? 3220 02:15:12,336 --> 02:15:13,646 Let's infer from renderFooter. 3221 02:15:13,646 --> 02:15:15,026 What's interesting about renderFooter? 3222 02:15:15,026 --> 02:15:17,976 It's identical in its signature, in its arguments. 3223 02:15:17,976 --> 02:15:19,436 But how did I call renderFooter? 3224 02:15:19,906 --> 02:15:22,776 Did I pass anything in? 3225 02:15:23,386 --> 02:15:26,146 I didn't. So the fact that there's this equal sign 3226 02:15:26,186 --> 02:15:27,646 in the declaration of the function, 3227 02:15:27,646 --> 02:15:31,286 it means that data is optional. 3228 02:15:31,836 --> 02:15:34,296 And if the user does not provide an argument, 3229 02:15:34,616 --> 02:15:37,476 the value of data will be in empty array. 3230 02:15:38,026 --> 02:15:41,066 So this is a slightly clever way of ensuring 3231 02:15:41,066 --> 02:15:42,626 that if the user doesn't give me anything, 3232 02:15:42,796 --> 02:15:44,206 I at least have an empty array. 3233 02:15:44,296 --> 02:15:47,456 Why? I just then can avoid having endif condition later 3234 02:15:47,456 --> 02:15:49,756 on to check if this is an array or is it not an array. 3235 02:15:50,206 --> 02:15:53,846 Now, the extract function is the fancy feature here of PHP. 3236 02:15:53,846 --> 02:15:57,636 Extract takes an associative array of key value pairs. 3237 02:15:57,926 --> 02:16:01,496 And what it does for each key in that associative array, 3238 02:16:01,736 --> 02:16:04,126 it creates a new local variable. 3239 02:16:04,496 --> 02:16:09,116 So the facts that we pass in title arrow CSCI S-75, 3240 02:16:09,626 --> 02:16:15,426 that will create a variable called title whose value is 3241 02:16:15,426 --> 02:16:17,706 CSCI S-75. 3242 02:16:17,986 --> 02:16:18,816 Now who cares? 3243 02:16:18,976 --> 02:16:21,776 Well notice the next that I called, require footer.php 3244 02:16:21,776 --> 02:16:24,846 or this one they'll be more interesting, require header.php. 3245 02:16:24,846 --> 02:16:30,186 So at this point in the story, I have a variable called $title. 3246 02:16:30,186 --> 02:16:32,436 Why? Because that is what the extract function does. 3247 02:16:32,966 --> 02:16:35,056 Now if I look inside of header.php, 3248 02:16:35,056 --> 02:16:38,566 this is where things get interesting finally. 3249 02:16:39,056 --> 02:16:40,496 Notice what I did here. 3250 02:16:41,426 --> 02:16:44,116 I have the top of my HTML and you were probably expecting 3251 02:16:44,116 --> 02:16:46,436 that because it is the renderHeader function. 3252 02:16:46,816 --> 02:16:51,416 But now, I have direct access to $title because I extracted it 3253 02:16:51,676 --> 02:16:53,286 from the array that was passed in. 3254 02:16:53,736 --> 02:16:55,286 So what have I really just done? 3255 02:16:55,556 --> 02:16:59,946 This is sort of a homemade templating engine. 3256 02:17:00,136 --> 02:17:02,576 So there's this notion in web programming of having templates 3257 02:17:03,026 --> 02:17:06,016 where a template typically has a lot of static content like HTML, 3258 02:17:06,016 --> 02:17:09,696 CSS, JavaScript and whatnot and then placeholders for values 3259 02:17:09,756 --> 02:17:10,876 that you want to plug in. 3260 02:17:11,296 --> 02:17:13,396 Now, that's exactly what I've done. 3261 02:17:13,396 --> 02:17:15,886 My placeholder here is $title but again, 3262 02:17:15,886 --> 02:17:18,256 I sort of was paying attention to my advice earlier 3263 02:17:18,256 --> 02:17:21,526 and I'm using htmlspecialchars just so that the user even 3264 02:17:21,526 --> 02:17:23,606 if it's me doesn't accidentally pass 3265 02:17:23,606 --> 02:17:24,846 in some dangerous characters. 3266 02:17:24,846 --> 02:17:26,206 My template is always going 3267 02:17:26,206 --> 02:17:29,116 to escape the content here and here. 3268 02:17:29,636 --> 02:17:32,056 And now, I have this very generic way 3269 02:17:32,216 --> 02:17:35,126 of rendering the title of the page and the header 3270 02:17:35,126 --> 02:17:37,776 of the page while still parameterizing in such a way 3271 02:17:37,776 --> 02:17:40,716 that may page is going to have all distinct titles based 3272 02:17:40,716 --> 02:17:42,636 on the argument I pass into renderHeader. 3273 02:17:43,006 --> 02:17:45,826 Now, renderFooter, I'll open footer.php. 3274 02:17:45,826 --> 02:17:49,016 It's a little disappointing because it still looks just 3275 02:17:49,016 --> 02:17:50,946 like this but just for good measure, 3276 02:17:50,946 --> 02:17:52,476 I still gave it the same signature. 3277 02:17:52,476 --> 02:17:54,806 Just so that in the future, I can take arguments 3278 02:17:54,806 --> 02:17:56,266 if I want for whatever reason. 3279 02:17:56,546 --> 02:17:58,276 For instance, Google Analytics, 3280 02:17:58,276 --> 02:18:00,566 if you're familiar is JavaScript code that generally belongs 3281 02:18:00,566 --> 02:18:01,746 at the bottom of the file. 3282 02:18:01,746 --> 02:18:03,606 And you might want to pass in a unique identifier 3283 02:18:03,606 --> 02:18:05,016 for your Google Analytics account. 3284 02:18:05,236 --> 02:18:06,836 You can think of a bunch of different reasons 3285 02:18:06,836 --> 02:18:09,606 where your footers might want variable as well. 3286 02:18:09,826 --> 02:18:12,136 So I just built out with that in mind even though I'm not using 3287 02:18:12,696 --> 02:18:13,566 any of them here. 3288 02:18:14,076 --> 02:18:15,156 So what's the key takeaway? 3289 02:18:15,156 --> 02:18:18,756 What problems have we solved by introducing renderHeader 3290 02:18:18,756 --> 02:18:20,266 and renderFooter just to be clear 3291 02:18:21,636 --> 02:18:23,656 versus the previous version of my website? 3292 02:18:24,246 --> 02:18:24,346 Yeah? 3293 02:18:24,736 --> 02:18:27,396 >> We haven't really solved any problems but we've reflect the, 3294 02:18:27,566 --> 02:18:31,866 what's the word, we made the website more effective 3295 02:18:31,866 --> 02:18:36,136 by actually not typing all the HTML we need multiple times. 3296 02:18:36,136 --> 02:18:37,726 >> OK. So we're no longer duplicating codes, 3297 02:18:37,726 --> 02:18:39,166 so then frankly that's a problem solved 3298 02:18:39,166 --> 02:18:40,586 because in the previous model, even though, 3299 02:18:40,586 --> 02:18:43,586 we only have a web pages, if I wanted to change the aesthetics 3300 02:18:43,806 --> 02:18:46,606 of my website, I'd have to go into every one of those files. 3301 02:18:46,606 --> 02:18:47,866 If I want to change the structure, I have to go 3302 02:18:47,866 --> 02:18:48,836 into every one of those files. 3303 02:18:49,136 --> 02:18:50,516 You know, it's not a huge problem 3304 02:18:50,516 --> 02:18:51,886 but it's arguably a poor design. 3305 02:18:51,886 --> 02:18:53,446 So it's a problem waiting to be solved. 3306 02:18:53,496 --> 02:18:55,096 And at least, we've done that. 3307 02:18:55,096 --> 02:18:57,486 And we've given ourselves the flexibility to not have 3308 02:18:57,526 --> 02:18:59,666 to sacrifice customization 3309 02:18:59,836 --> 02:19:02,296 because we have this parameterization of renderHeader 3310 02:19:02,296 --> 02:19:05,496 and renderFooter that lets us pass in arbitrary values 3311 02:19:05,496 --> 02:19:06,816 for things like title and whatnot. 3312 02:19:06,816 --> 02:19:09,786 And we've gone to the security links of at least escaping 3313 02:19:09,786 --> 02:19:11,666 that input so that now that we've kind 3314 02:19:11,666 --> 02:19:14,906 of hidden those details from the developer, myself included, 3315 02:19:15,096 --> 02:19:16,946 at least I'm not going to forget and screw up 3316 02:19:16,946 --> 02:19:20,196 and accidentally embed something that's a little dangerous. 3317 02:19:21,016 --> 02:19:22,876 So let's take things a little further. 3318 02:19:23,726 --> 02:19:28,796 In version 3 here and notice here, 3319 02:19:29,076 --> 02:19:32,406 I'm going to readily generalize these templates. 3320 02:19:32,536 --> 02:19:34,036 So let's see what this means. 3321 02:19:34,106 --> 02:19:36,596 Let me go into header.php this time. 3322 02:19:37,136 --> 02:19:42,016 And take a look here, actually that's OK. 3323 02:19:42,016 --> 02:19:46,376 And let me open this one. 3324 02:19:46,486 --> 02:19:49,226 So, helpers.php has now changed. 3325 02:19:50,516 --> 02:19:52,246 So what have I apparently done? 3326 02:19:52,246 --> 02:19:53,086 This is version 3. 3327 02:19:53,086 --> 02:19:54,456 That was version 2 before. 3328 02:19:54,596 --> 02:19:56,586 Version 2 has renderHeader, renderFooter. 3329 02:19:56,996 --> 02:19:58,696 And what was interesting there was I kind 3330 02:19:58,696 --> 02:19:59,976 of realized this was kind of stupid. 3331 02:20:00,116 --> 02:20:02,326 I pretty much copied and pasted the same function, 3332 02:20:02,326 --> 02:20:05,436 gave it two different names, and I just hard coded header.php 3333 02:20:05,436 --> 02:20:07,416 in one and footer.php in the other. 3334 02:20:07,806 --> 02:20:10,176 But what about-- let's take this to the next level. 3335 02:20:10,176 --> 02:20:12,366 And again, this is a more sophisticated design. 3336 02:20:12,366 --> 02:20:14,106 For the first project, realize, will walk you 3337 02:20:14,106 --> 02:20:15,396 through different approaches here. 3338 02:20:15,726 --> 02:20:18,806 But notice now I have a more generic render function 3339 02:20:19,036 --> 02:20:20,376 that takes two arguments. 3340 02:20:21,006 --> 02:20:23,886 One is the name of the template I want to use, "header" 3341 02:20:23,886 --> 02:20:26,236 or "footer" for instance. 3342 02:20:26,546 --> 02:20:28,586 And the second is apparently what? 3343 02:20:30,316 --> 02:20:32,396 The key value pairs that you want 3344 02:20:32,396 --> 02:20:33,656 to provide to that template. 3345 02:20:33,846 --> 02:20:35,286 In other words, in the previous version, 3346 02:20:35,286 --> 02:20:38,436 recall that renderHeader required header.php 3347 02:20:38,436 --> 02:20:42,086 and renderFooter required footer.php. 3348 02:20:42,186 --> 02:20:44,946 This just-- It feels like, oh my God, I could combine those 3349 02:20:44,946 --> 02:20:48,686 and just change the word header and footer to a variable, 3350 02:20:48,686 --> 02:20:51,256 a parameter instead and that's exactly what I've done here. 3351 02:20:51,256 --> 02:20:53,096 And I've added a little bit of sanity checking. 3352 02:20:53,096 --> 02:20:54,936 One, I first determine the path. 3353 02:20:55,336 --> 02:20:59,456 So path is going to equal template .php. 3354 02:20:59,456 --> 02:21:00,186 So what is this? 3355 02:21:00,366 --> 02:21:02,556 Well, I just felt it would be silly to have to pass 3356 02:21:02,556 --> 02:21:05,236 in the name of a template as "header.php", "footer.php". 3357 02:21:05,236 --> 02:21:08,946 It just feels instinctively that my code will look cleaner. 3358 02:21:09,126 --> 02:21:11,846 If I instead say "renderHeader" or "renderFooter", 3359 02:21:12,026 --> 02:21:13,626 but I still need the file extension 3360 02:21:13,806 --> 02:21:14,846 when I load the template. 3361 02:21:15,046 --> 02:21:16,176 So that's all I'm doing here. 3362 02:21:16,176 --> 02:21:19,806 I'm concatenating on to the name of my template .php, 3363 02:21:19,806 --> 02:21:23,166 so that I can then check, wait a minute, does that file exist, 3364 02:21:23,706 --> 02:21:25,496 in case I screwed up and made a typo, 3365 02:21:25,496 --> 02:21:28,106 and only if it does extract the variables 3366 02:21:28,106 --> 02:21:30,196 and require that template. 3367 02:21:30,656 --> 02:21:31,836 So let's take a look then 3368 02:21:32,176 --> 02:21:35,666 at what index.php looks like this time. 3369 02:21:35,786 --> 02:21:38,436 It's almost the same but it's a little cleaner. 3370 02:21:38,746 --> 02:21:42,856 Now notice I have this generic render function and I just pass 3371 02:21:42,856 --> 02:21:44,846 in as the first argument now the name of the template 3372 02:21:45,056 --> 02:21:45,856 that I want to render. 3373 02:21:45,856 --> 02:21:47,486 And those templates now are identical. 3374 02:21:47,766 --> 02:21:49,806 All I've done here is improved the design 3375 02:21:49,806 --> 02:21:51,556 of my helpers functions. 3376 02:21:52,136 --> 02:21:54,016 Any questions? 3377 02:21:54,016 --> 02:21:55,146 All right. 3378 02:21:55,996 --> 02:21:57,726 We're almost there. 3379 02:21:58,206 --> 02:22:03,396 Let's take a look at just one or two others here. 3380 02:22:04,676 --> 02:22:07,026 How about number four? 3381 02:22:07,516 --> 02:22:11,786 OK. So this is going to be a little underwhelming 3382 02:22:11,786 --> 02:22:14,336 but at least it's another step toward cleanliness. 3383 02:22:15,076 --> 02:22:17,156 We can infer this actually from the read me alone. 3384 02:22:17,266 --> 02:22:18,206 What have I done here? 3385 02:22:18,406 --> 02:22:22,276 You know, I realized that header.php and footer.php, 3386 02:22:22,276 --> 02:22:23,866 they're sort of fundamentally different 3387 02:22:24,266 --> 02:22:26,636 from all my other files, lectures 3388 02:22:26,636 --> 02:22:29,516 and lecture0.php and index.php. 3389 02:22:29,876 --> 02:22:33,236 Those don't really belong conceptually in the same folder 3390 02:22:33,236 --> 02:22:34,446 because they're different, right? 3391 02:22:34,446 --> 02:22:36,426 Index.php, the user visits. 3392 02:22:36,426 --> 02:22:38,346 Lectures.php, the user visits. 3393 02:22:38,576 --> 02:22:41,446 Header.php, the user better not visit because it's just going 3394 02:22:41,446 --> 02:22:43,706 to be the top of an HTML page and nothing else. 3395 02:22:44,026 --> 02:22:45,556 So in terms of their role, 3396 02:22:45,556 --> 02:22:47,136 these files are fundamentally different. 3397 02:22:47,136 --> 02:22:49,396 So, you know, I'm going to propose that we move footer.php 3398 02:22:49,396 --> 02:22:52,486 and header.php into a templates folder just 3399 02:22:52,486 --> 02:22:53,706 to keep them distinct. 3400 02:22:53,976 --> 02:22:55,736 And I'm going to move helpers.php 3401 02:22:55,736 --> 02:22:58,276 into a includes directory because it, too, 3402 02:22:58,276 --> 02:22:59,676 is sort of fundamentally different. 3403 02:22:59,966 --> 02:23:01,156 Now, there's still a problem here 3404 02:23:01,156 --> 02:23:02,506 and I alluded to this earlier. 3405 02:23:02,816 --> 02:23:07,366 You should not put files in your public HTML directory 3406 02:23:07,366 --> 02:23:12,186 or your document root if they contain information the user 3407 02:23:12,186 --> 02:23:14,186 does not need direct access to, right? 3408 02:23:14,186 --> 02:23:17,306 Connor proposed earlier the storage of passwords. 3409 02:23:17,626 --> 02:23:19,746 So certainly should your PHP files 3410 02:23:19,746 --> 02:23:22,586 that contain passwords not be in the same directory 3411 02:23:22,586 --> 02:23:24,526 as index.php and the like. 3412 02:23:24,906 --> 02:23:26,886 But this, too, isn't quite perfect. 3413 02:23:27,496 --> 02:23:30,376 So let me actually open up version 5's README 3414 02:23:30,946 --> 02:23:33,066 which again will reveal the file structure 3415 02:23:33,066 --> 02:23:36,336 without really getting us bogged down into the-- 3416 02:23:36,686 --> 02:23:40,216 in the actual details of the code which is largely the same. 3417 02:23:40,646 --> 02:23:42,296 Here is an even better approach. 3418 02:23:42,706 --> 02:23:46,396 Now, I'm proposing, no more public HTML directory. 3419 02:23:46,396 --> 02:23:47,656 We'll see with the first project 3420 02:23:47,656 --> 02:23:50,606 that you can actually have your own vhost or virtual host 3421 02:23:50,606 --> 02:23:52,826 in the appliance and have your own document root 3422 02:23:52,826 --> 02:23:54,896 so you don't need the silly tilde or any of that. 3423 02:23:55,186 --> 02:23:57,606 And once we enable that feature of virtual hosting, 3424 02:23:57,866 --> 02:24:01,366 I'm going to propose this, that our HTML files go 3425 02:24:01,366 --> 02:24:05,456 in the HTML directory, PH, index dot-- sorry, not my HTML files. 3426 02:24:05,486 --> 02:24:08,666 That my top level files that the user will actually visit, 3427 02:24:08,966 --> 02:24:11,386 go in a directory called arbitrarily HTML 3428 02:24:12,086 --> 02:24:14,046 because it's meant to be public-- user facing. 3429 02:24:14,446 --> 02:24:16,726 But then in an includes directory, 3430 02:24:16,946 --> 02:24:19,246 that's at the same level as the HTML directory. 3431 02:24:19,336 --> 02:24:22,546 I'm going to say helpers go and then templates, the same. 3432 02:24:22,836 --> 02:24:24,756 So we'll see this in more detail next week 3433 02:24:24,756 --> 02:24:28,016 and with the first project but now, the document root 3434 02:24:28,076 --> 02:24:31,186 of this website will be the HTML directory. 3435 02:24:31,186 --> 02:24:33,416 And the implication of that is that anyone 3436 02:24:33,416 --> 02:24:38,046 on the internet can access files in that document root directory 3437 02:24:38,336 --> 02:24:42,666 but they cannot access anything in includes or templates 3438 02:24:42,976 --> 02:24:45,976 because includes and templates are not inside what directory? 3439 02:24:46,466 --> 02:24:49,426 >> Public web? 3440 02:24:49,616 --> 02:24:51,866 >> The public web directory, the document roots, 3441 02:24:51,866 --> 02:24:53,896 the HTML directory in this case. 3442 02:24:54,116 --> 02:24:57,186 And now too, we have the V in VMC. 3443 02:24:57,536 --> 02:25:04,036 Now, my HTML directory, I could really call, just to be clear, 3444 02:25:04,536 --> 02:25:09,586 controllers and my templates can be called my views includes-- 3445 02:25:09,686 --> 02:25:12,526 it doesn't really have a letter in the acronym. 3446 02:25:12,966 --> 02:25:17,256 But in terms of MVC, controllers again refer to the code 3447 02:25:17,256 --> 02:25:20,326 that you write that control the user's interaction 3448 02:25:20,326 --> 02:25:21,046 with your website. 3449 02:25:21,046 --> 02:25:23,186 And so it stands the reason that index.php is 3450 02:25:23,186 --> 02:25:24,696 like the entry point to my site 3451 02:25:24,816 --> 02:25:26,636 and it's controlling the user's experience 3452 02:25:26,636 --> 02:25:29,336 by rendering this file, requiring this one and so forth. 3453 02:25:29,806 --> 02:25:32,576 Whereas the templates, now I've called views, 3454 02:25:33,026 --> 02:25:36,876 aren't really meant to be directly accessed by the user 3455 02:25:36,956 --> 02:25:39,546 but they do relate directly to aesthetics, 3456 02:25:39,676 --> 02:25:42,316 and so what we generally call templates are really more 3457 02:25:42,316 --> 02:25:44,146 generically known as views. 3458 02:25:44,526 --> 02:25:48,536 And so now we have the C and the V in MVC, 3459 02:25:48,646 --> 02:25:50,726 we just don't really have a mental model yet for data, 3460 02:25:50,726 --> 02:25:52,836 for storing things in a database but again, 3461 02:25:53,216 --> 02:25:54,436 that will come on the horizon. 3462 02:25:54,826 --> 02:25:57,976 So to sort of retell the story in just a few seconds, 3463 02:25:58,156 --> 02:26:00,556 we started last week by piecing together all 3464 02:26:00,556 --> 02:26:05,196 of these various PHP files, index.php today, froshims.php, 3465 02:26:05,196 --> 02:26:08,806 register.php, and again if we continue that design process, 3466 02:26:09,036 --> 02:26:11,156 things would kind of sprawl and get rather messy, 3467 02:26:11,156 --> 02:26:14,186 hard to update, have to copy paste code all over the place. 3468 02:26:14,756 --> 02:26:17,036 But now that we are sort of taking this approach, 3469 02:26:17,036 --> 02:26:18,916 we have a cleaner design and it's just going 3470 02:26:18,916 --> 02:26:20,286 to long-term make our live easier 3471 02:26:20,286 --> 02:26:24,596 because we can change one detail in header.php and it affects all 3472 02:26:24,596 --> 02:26:27,456 of my other pages without having to open up 10 or 5 3473 02:26:27,456 --> 02:26:31,376 or 20 different files, moreover I get some additional security 3474 02:26:31,376 --> 02:26:33,576 controls, more of which we'll talk about in the future. 3475 02:26:33,846 --> 02:26:36,406 So if you're new to web programming, at least try 3476 02:26:36,406 --> 02:26:39,556 to appreciate the distinction in terms of design 3477 02:26:39,746 --> 02:26:42,726 between where we started tonight and now where we seem 3478 02:26:42,726 --> 02:26:45,836 to be ending in terms of the directory structure 3479 02:26:45,836 --> 02:26:48,536 and the code design because those lessons will occur 3480 02:26:48,866 --> 02:26:49,816 in the first project. 3481 02:26:51,086 --> 02:26:54,726 Any questions on model-- on controllers or views 3482 02:26:54,726 --> 02:26:58,836 or these refinements of our design practices. 3483 02:26:58,836 --> 02:26:59,546 No? All right. 3484 02:27:00,276 --> 02:27:02,826 Why don't we officially wrap up here? 3485 02:27:02,826 --> 02:27:05,416 I'll stick around for questions and then Peter will be 3486 02:27:05,416 --> 02:27:07,796 up in just a few minutes to dive into section. 3487 02:27:07,796 --> 02:27:10,516 More on MVC from him and that will also be filmed 3488 02:27:10,556 --> 02:27:13,256 for those following along at home. 3489 02:27:13,446 --> 02:27:16,046 OK. And no class on Wednesday, July 4th. 3490 02:27:17,516 --> 02:27:24,410 [ Silence ]