1 00:00:00,506 --> 00:00:08,896 [ Silence ] 2 00:00:09,396 --> 00:00:10,406 >> Hello, everybody. 3 00:00:11,186 --> 00:00:12,686 My name is Peter. 4 00:00:12,686 --> 00:00:13,916 You can also call me Meyer. 5 00:00:13,916 --> 00:00:18,306 And I'm one of your TF's. 6 00:00:18,476 --> 00:00:21,576 Thank you so much for joining us for a section here 7 00:00:21,576 --> 00:00:25,056 on Wednesday, the 27th of June. 8 00:00:25,056 --> 00:00:30,246 We're going to be talking about HTTP, DNS and PHP. 9 00:00:30,436 --> 00:00:34,066 So how far did David get in the lecture? 10 00:00:34,066 --> 00:00:37,396 Did he get all the way to talking 11 00:00:37,396 --> 00:00:43,246 about the GET superglobal, $ underscore GET? 12 00:00:43,386 --> 00:00:45,896 Did he talk about that? 13 00:00:46,106 --> 00:00:53,796 Did he talk about $ underscore or sorry, POST? 14 00:00:54,006 --> 00:00:56,616 >> [Inaudible] he mentioned it previously. 15 00:00:56,786 --> 00:01:00,196 >> He mentioned it, yeah okay. 16 00:01:00,766 --> 00:01:05,216 What about $ underscore SESSION? 17 00:01:05,216 --> 00:01:05,676 >> He did. 18 00:01:05,946 --> 00:01:10,756 It looks like it was previously mentioned. 19 00:01:10,756 --> 00:01:11,526 >> He mentioned it, okay. 20 00:01:11,706 --> 00:01:13,036 Cool. Good. 21 00:01:14,486 --> 00:01:20,036 So we'll cover some of this stuff today. 22 00:01:20,206 --> 00:01:23,666 First of all, I wanted to point 23 00:01:23,666 --> 00:01:25,896 out just a few things about HTTP and DNS. 24 00:01:25,896 --> 00:01:30,306 I'm using this new presentation tool, Prezi. 25 00:01:30,966 --> 00:01:34,866 So we'll give this a whirl. 26 00:01:34,866 --> 00:01:40,506 I don't have very many slides but first of all, 27 00:01:41,126 --> 00:01:46,966 all of my sections will have code that's available 28 00:01:46,966 --> 00:01:49,676 at this content link. 29 00:01:50,256 --> 00:01:54,816 So if you go to this link and I'll make this Prezi available 30 00:01:54,816 --> 00:01:57,516 as well, you'll be able to find the code -- 31 00:01:57,676 --> 00:01:59,106 any code that we do today. 32 00:01:59,396 --> 00:02:06,666 So the code will be in this folder and you can email me 33 00:02:06,666 --> 00:02:12,276 at this email, pnore@fas.harvard.edu. 34 00:02:12,536 --> 00:02:15,426 So first of all, let's talk about HTTP and DNS. 35 00:02:15,426 --> 00:02:23,826 DNS is -- did he give much time to DNS? 36 00:02:23,826 --> 00:02:29,496 Did David spend much time talking about DNS at all? 37 00:02:30,396 --> 00:02:30,486 >> Yes. 38 00:02:30,646 --> 00:02:31,216 >> Yeah, he did. 39 00:02:31,296 --> 00:02:32,316 Okay, cool. 40 00:02:32,316 --> 00:02:40,216 So he talked about how every DNS request goes to your local ISP 41 00:02:40,216 --> 00:02:45,876 and then if you're local ISP doesn't know what the domain 42 00:02:45,876 --> 00:02:48,426 name for or what the IP address is 43 00:02:48,426 --> 00:02:50,066 for a given domain name then it goes 44 00:02:50,106 --> 00:02:52,496 through the root name server all the way 45 00:02:52,496 --> 00:02:56,896 up to a dot.com name server for prezi.com. 46 00:02:56,896 --> 00:03:05,696 So then if he covered DNS pretty well then we can spend some more 47 00:03:05,926 --> 00:03:11,426 time talking about hypertext transfer protocol. 48 00:03:11,816 --> 00:03:19,826 So like any protocol, I find it interesting to think 49 00:03:19,826 --> 00:03:23,746 about protocols by thinking about CB radios. 50 00:03:23,746 --> 00:03:27,316 Back in the 70's, they used to have these radios in every car 51 00:03:27,726 --> 00:03:32,386 and there's kind of a protocol for how you announced yourself 52 00:03:32,766 --> 00:03:36,366 to the people that were around you like to the vehicles 53 00:03:36,366 --> 00:03:39,796 that are around you that had CB radios in those vehicles. 54 00:03:40,556 --> 00:03:46,896 And so if you go check out the voice procedures on Wikipedia, 55 00:03:46,896 --> 00:03:51,396 there are certain key words like affirm, negative, over, 56 00:03:51,396 --> 00:03:53,646 out and there are certain times 57 00:03:53,646 --> 00:03:56,176 when you can say those key words. 58 00:03:56,706 --> 00:04:00,486 And HTTP is the same way. 59 00:04:00,486 --> 00:04:04,586 There are certain key words inside the header 60 00:04:05,006 --> 00:04:07,056 and there are certain places 61 00:04:07,056 --> 00:04:10,666 at which certain key words are able to occur. 62 00:04:12,326 --> 00:04:20,516 And you can see these headers in progress later on in this term. 63 00:04:20,516 --> 00:04:27,626 We'll talk about how to see the raw HTTP headers as they head 64 00:04:27,626 --> 00:04:31,806 across the internet in order to see what's actually happening 65 00:04:31,806 --> 00:04:34,426 with your AJAX requests. 66 00:04:35,156 --> 00:04:41,756 So it's a protocol which is just a set of conventions 67 00:04:41,756 --> 00:04:45,776 with vocabulary and a method for using that vocabulary. 68 00:04:46,096 --> 00:04:48,126 And it's also stateless which means 69 00:04:48,196 --> 00:04:51,246 that every time information is sent and received once, 70 00:04:51,706 --> 00:04:53,256 the information is discarded. 71 00:04:53,766 --> 00:04:56,966 So we need cookies and session management 72 00:04:56,966 --> 00:05:00,616 like the $ sign underscore session in order 73 00:05:00,616 --> 00:05:03,096 to make anything appear persistent. 74 00:05:03,556 --> 00:05:08,086 And what that means is that when you request a webpage, 75 00:05:08,696 --> 00:05:11,396 like let's say you go to netflix.com 76 00:05:11,796 --> 00:05:17,746 and you see your homepage on Netflix, if you were to go 77 00:05:17,746 --> 00:05:21,396 to another page on Netflix, the only way that they're able 78 00:05:21,396 --> 00:05:25,086 to know that you are still you and not somebody else is, 79 00:05:25,306 --> 00:05:30,136 by using this simulated persistence 80 00:05:30,136 --> 00:05:32,396 with session management and cookies 81 00:05:33,016 --> 00:05:37,116 and information stored on the server. 82 00:05:42,166 --> 00:05:49,316 So the webpage is created on the server by -- 83 00:05:49,756 --> 00:05:53,776 it's initiated with a browser request. 84 00:05:54,236 --> 00:06:03,196 The browsers sense an HTTP header that contains an address 85 00:06:03,416 --> 00:06:06,716 like this one could be prezi.com/, you know, 86 00:06:06,716 --> 00:06:10,796 this big long address and then all of these key value pairs. 87 00:06:11,586 --> 00:06:16,066 And then Apache finds the appropriate page to render, 88 00:06:16,786 --> 00:06:21,046 and once it's found the appropriate PHP file that's 89 00:06:21,046 --> 00:06:26,486 going to process when the URL actually is delivered, 90 00:06:26,876 --> 00:06:30,406 then it processes the PHP that's in that file. 91 00:06:30,936 --> 00:06:35,016 And that file returns HTML after interacting 92 00:06:35,016 --> 00:06:36,336 with one or more databases. 93 00:06:36,666 --> 00:06:37,926 This could be MySQL. 94 00:06:37,926 --> 00:06:39,626 It could be a CSV file. 95 00:06:39,626 --> 00:06:42,466 It could be XML that's stored on the server. 96 00:06:42,516 --> 00:06:44,566 It could be a flat file database. 97 00:06:45,306 --> 00:06:48,366 We'll deal with a lot of these different circumstances 98 00:06:48,416 --> 00:06:49,106 throughout the course. 99 00:06:50,016 --> 00:06:53,396 And then after processing the PHP, 100 00:06:53,396 --> 00:06:57,406 it returns the HTML back to the browser. 101 00:06:57,516 --> 00:07:03,016 So if you can think about Apache as being these kind 102 00:07:03,016 --> 00:07:05,166 of purplish pink things in here, 103 00:07:05,506 --> 00:07:12,226 that will actually clarify your mind as we try 104 00:07:12,226 --> 00:07:16,526 to debug our programs. 105 00:07:20,496 --> 00:07:23,676 So that's pretty much all I have with Prezi. 106 00:07:24,026 --> 00:07:28,196 Let's get started with some examples. 107 00:07:28,246 --> 00:07:30,496 So I'm going to be using a previous version 108 00:07:30,956 --> 00:07:35,666 of the CS50 appliance that we'll be using in this class. 109 00:07:36,096 --> 00:07:38,526 We're still updating the appliance 110 00:07:38,786 --> 00:07:42,866 so once it's officially released then you'll be able 111 00:07:42,866 --> 00:07:46,506 to download this computer within a computer and run it 112 00:07:46,506 --> 00:07:48,586 within a hypervisor on your computer. 113 00:07:48,956 --> 00:07:50,726 Now hypervisor is a program 114 00:07:51,036 --> 00:07:53,096 that runs a computer within a computer. 115 00:07:53,096 --> 00:07:57,426 If you've never run a virtual machine on your computer, 116 00:07:57,426 --> 00:08:02,966 it'll be kind of a brain stretch the very first time. 117 00:08:03,396 --> 00:08:05,566 It's almost like a simulation 118 00:08:05,566 --> 00:08:08,516 of a CPU that's running its own operating system 119 00:08:08,516 --> 00:08:15,376 and we've stored in a large file that's over one gigabyte 120 00:08:15,506 --> 00:08:20,306 in size a setup environment that includes a server 121 00:08:20,586 --> 00:08:24,066 and a development environment, if you want to use Linux. 122 00:08:24,066 --> 00:08:27,956 And that's the environment that you'll be using. 123 00:08:28,196 --> 00:08:28,466 Yeah? 124 00:08:28,956 --> 00:08:32,436 >> If we already have something, I have VMware. 125 00:08:33,116 --> 00:08:33,476 >> Yeah. 126 00:08:33,666 --> 00:08:37,666 >> Can I run it inside VMware? 127 00:08:37,876 --> 00:08:42,326 >> So the question is if you are already familiar with VMware, 128 00:08:42,326 --> 00:08:43,896 can you run it inside VMware? 129 00:08:44,346 --> 00:08:48,326 That's quite probably true. 130 00:08:48,326 --> 00:08:50,926 Previous versions did work in VMware. 131 00:08:51,306 --> 00:08:54,406 I think for Windows, the preferred method is actually 132 00:08:54,576 --> 00:08:56,216 to use VMware right now. 133 00:08:56,546 --> 00:08:58,806 So that'll probably work just fine. 134 00:08:59,166 --> 00:09:01,776 Because I'm not responsible for developing the next version 135 00:09:01,776 --> 00:09:03,196 of the appliance, I can't say for sure 136 00:09:03,196 --> 00:09:05,026 which hypervisors it'll support. 137 00:09:05,436 --> 00:09:10,326 But I think that that's a fairly reasonable guess. 138 00:09:11,546 --> 00:09:15,196 And they've deployed it onto multiple hypervisors in the past 139 00:09:15,196 --> 00:09:16,986 to VirtualBox and to VMware. 140 00:09:17,526 --> 00:09:19,356 So you should be able 141 00:09:19,356 --> 00:09:23,656 to use whatever hypervisor you want probably. 142 00:09:24,566 --> 00:09:32,966 So the appliance I have open right here, 143 00:09:34,426 --> 00:09:37,776 so inside this little box, 144 00:09:37,776 --> 00:09:43,186 right here is a computer that's running inside my computer. 145 00:09:43,186 --> 00:09:45,806 And this is a computer that's running Fedora Linux. 146 00:09:46,536 --> 00:09:48,746 Fedora is a certain distribution of Linux, 147 00:09:48,876 --> 00:09:52,126 so if you're not familiar with Linux, 148 00:09:52,126 --> 00:09:55,956 it's an operating system just like Windows or Macintosh. 149 00:09:56,336 --> 00:10:01,866 And Linux, unlike Windows or Macintosh, 150 00:10:01,866 --> 00:10:03,886 has many different distributions. 151 00:10:04,056 --> 00:10:06,426 There are many different flavors to it. 152 00:10:06,756 --> 00:10:08,356 I guess in the same way 153 00:10:08,356 --> 00:10:11,426 that Windows Vista is a little bit different 154 00:10:11,536 --> 00:10:13,436 than Windows Seven. 155 00:10:13,436 --> 00:10:16,766 Linux Fedora is a little bit different than Linux Ubuntu. 156 00:10:17,156 --> 00:10:24,066 So there are different flavors for each version of Linux. 157 00:10:24,066 --> 00:10:28,026 And so the key right here is this IP address 158 00:10:28,026 --> 00:10:34,026 which has been already configured for us. 159 00:10:34,266 --> 00:10:50,026 192.168.119.128 and if we open up a terminal here in your -- 160 00:10:50,026 --> 00:10:53,386 in this class, you'll probably become pretty familiar 161 00:10:53,386 --> 00:10:57,256 with terminal applications if you're not already. 162 00:10:57,916 --> 00:11:04,546 And right now, we're in a Linux environment so if we type ls, 163 00:11:04,786 --> 00:11:07,266 it lists the contents of the directory. 164 00:11:08,076 --> 00:11:11,796 And right now, we are in -- 165 00:11:12,186 --> 00:11:16,296 if I do PWD, that stands for print working directory, 166 00:11:16,826 --> 00:11:19,516 you can see I'm in the folder jharvard 167 00:11:19,516 --> 00:11:23,426 which is inside the folder Home. 168 00:11:24,146 --> 00:11:30,236 So when I did ls up at the top, that listed the current files 169 00:11:30,236 --> 00:11:33,366 and folders that are inside the folder jharvard that's 170 00:11:33,366 --> 00:11:34,446 inside Home. 171 00:11:34,446 --> 00:11:37,646 And there are many more commands 172 00:11:38,156 --> 00:11:40,766 that you'll need to get familiar with. 173 00:11:40,766 --> 00:11:43,446 If you're curious about any of these commands 174 00:11:43,486 --> 00:11:47,496 that I've demonstrated here, you can type man which stands 175 00:11:47,496 --> 00:11:49,476 for manual and then the command, 176 00:11:50,666 --> 00:11:55,436 and then you get a long help page that tells you all 177 00:11:55,526 --> 00:11:59,986 of the switches that can tell you more information 178 00:12:00,106 --> 00:12:03,676 than the default version of the command. 179 00:12:03,796 --> 00:12:07,186 So for example, this one right here, ls-a, 180 00:12:07,756 --> 00:12:13,026 that does not ignore entries starting with the dot 181 00:12:13,406 --> 00:12:17,856 which is a shortcut for this current directory. 182 00:12:17,856 --> 00:12:23,346 So if I do ls-a, then I see all the dot files. 183 00:12:23,896 --> 00:12:28,526 Another one that'll be really useful in this class is ls-l 184 00:12:29,186 --> 00:12:34,826 which gives you the long listing for the directory. 185 00:12:34,826 --> 00:12:40,786 And in this case, it gives you over here at the left, 186 00:12:40,786 --> 00:12:46,786 the permissions of the file and the owner and the group 187 00:12:46,816 --> 00:12:51,936 and the size and the last modification date and the name. 188 00:12:52,606 --> 00:12:56,186 The permissions will become really important when you try 189 00:12:56,186 --> 00:13:02,076 to debug which the permissions which are over here, 190 00:13:02,076 --> 00:13:04,036 will become really important you try 191 00:13:04,036 --> 00:13:09,176 to debug what pages do and don't show up. 192 00:13:09,766 --> 00:13:16,626 So normally, when you open the -- when you open your appliance, 193 00:13:17,536 --> 00:13:24,576 it will probably not have a public HTML directory. 194 00:13:24,996 --> 00:13:27,566 You will have to create the directory and the way 195 00:13:27,566 --> 00:13:33,386 that you create the directory is by typing mkdir. 196 00:13:34,076 --> 00:13:39,836 I'm going to create a temporary directory right now to EMP 197 00:13:39,836 --> 00:13:43,656 and if I tag ls-la, then -- 198 00:13:43,656 --> 00:13:48,476 or ls-l, then now you can see there's a folder, 199 00:13:48,476 --> 00:13:52,426 the temp folder that I just created 200 00:13:52,536 --> 00:13:57,536 and it has these permissions which are different 201 00:13:57,536 --> 00:13:59,426 than the public HTML permissions. 202 00:14:00,336 --> 00:14:02,276 And we'll deal more with permissions 203 00:14:02,276 --> 00:14:08,106 in another section once you already have the appliance 204 00:14:08,106 --> 00:14:10,056 and have played around with this? 205 00:14:10,716 --> 00:14:15,966 But in general, there's a mnemonic that you'll want 206 00:14:16,106 --> 00:14:22,686 to commit to memory which is that the number four stands 207 00:14:22,686 --> 00:14:28,116 for read permissions, and two stands for write, 208 00:14:28,596 --> 00:14:33,336 and one stands for execute. 209 00:14:33,396 --> 00:14:39,176 So the permissions that you have or that you can assign, 210 00:14:39,686 --> 00:14:42,526 are the sum of all the permissions that you want. 211 00:14:43,006 --> 00:14:47,746 So for example, if I wanted to change the permissions 212 00:14:47,806 --> 00:14:56,376 on the temp directory so that there are three relevant people 213 00:14:56,376 --> 00:15:01,416 that can interact with this directory, there is the user 214 00:15:01,416 --> 00:15:03,086 which comes first, the rwx. 215 00:15:03,086 --> 00:15:08,036 Then there is the group which is the middle rwx. 216 00:15:08,036 --> 00:15:15,076 And then there is everyone like, the permissions for every person 217 00:15:15,076 --> 00:15:19,606 that could encounter this folder which is the last triple of rwx. 218 00:15:20,256 --> 00:15:22,176 So whenever you indicate permissions, 219 00:15:22,176 --> 00:15:25,306 you indicate three numbers which is a number be -- 220 00:15:25,306 --> 00:15:30,036 each of which is a number between one and seven. 221 00:15:30,456 --> 00:15:35,836 And for example, if I wanted the temp directory 222 00:15:35,836 --> 00:15:40,356 to have the same permissions as the public HTML directory, 223 00:15:40,356 --> 00:15:44,796 I'd want it to have 755 because you can see the public HTML 224 00:15:44,796 --> 00:15:49,746 directory has read, write, execute for the first bit 225 00:15:49,746 --> 00:15:52,516 which is four plus two plus one. 226 00:15:52,516 --> 00:15:59,206 And then for the middle and the last users, for the group 227 00:15:59,206 --> 00:16:03,776 and for everyone, it has, well I guess for that one, 228 00:16:03,776 --> 00:16:07,946 the group has execute and read permissions 229 00:16:08,416 --> 00:16:11,106 so that would actually only be six. 230 00:16:11,986 --> 00:16:16,376 And then for the last one -- or no. 231 00:16:16,376 --> 00:16:19,926 It has read and execute so that's -- yeah. 232 00:16:20,946 --> 00:16:27,906 So read plus execute is five so there's read and execute 233 00:16:27,906 --> 00:16:32,006 on the group which is the middle one and on the final bit 234 00:16:32,006 --> 00:16:33,706 which is for everyone. 235 00:16:33,916 --> 00:16:36,836 So if I were to change the permissions 236 00:16:36,836 --> 00:16:40,856 on the temp directory with the chmod command, 237 00:16:40,966 --> 00:16:50,696 C-H-M-O-D 755 temp, then now temp has the same permissions 238 00:16:50,696 --> 00:16:51,986 as public HTML. 239 00:16:52,496 --> 00:16:59,966 So the reason why this is important is that when you go 240 00:16:59,966 --> 00:17:14,836 to this IP address, 192.168.119.128/ 241 00:17:14,836 --> 00:17:24,416 and then the user name which is jharvard, you are taken directly 242 00:17:24,416 --> 00:17:27,236 into the public HTML folder. 243 00:17:30,396 --> 00:17:34,136 CD stands for change directory so I just changed directory 244 00:17:34,136 --> 00:17:35,776 into the public HTML folder. 245 00:17:37,076 --> 00:17:41,836 And here you can see the S75-Sections folder 246 00:17:41,836 --> 00:17:44,626 which is just like what you see here. 247 00:17:45,466 --> 00:17:53,446 So if I were to move the temporary directory I just 248 00:17:53,446 --> 00:18:01,286 created to this directory, now you can see there's S75-Sections 249 00:18:01,286 --> 00:18:04,216 in temp and if I were to refresh this page, 250 00:18:04,666 --> 00:18:08,036 now I see the temp directory and because I assigned it 251 00:18:08,036 --> 00:18:13,536 at the same permissions, I should be able to go into it. 252 00:18:13,536 --> 00:18:16,486 And I don't have anything in there currently. 253 00:18:17,236 --> 00:18:22,166 So if you remember back to this image right here, 254 00:18:27,896 --> 00:18:34,946 the very first thing Apache does is find what PHP file to render. 255 00:18:35,776 --> 00:18:39,296 So if I go to -- 256 00:18:40,036 --> 00:18:44,716 it automatically knows that this server automatically knows 257 00:18:44,756 --> 00:18:47,746 that if you go to tilde and then a username, 258 00:18:48,376 --> 00:18:55,666 it goes to that user's public HTML folder which is 259 00:18:56,216 --> 00:19:01,236 at this address, 260 00:19:01,996 --> 00:19:04,176 home/jharvard/public underscore html. 261 00:19:04,206 --> 00:19:08,976 So that's what Apache does in order to find, 262 00:19:08,976 --> 00:19:11,836 in order to map the tilde jharvard 263 00:19:11,926 --> 00:19:14,566 to the public HTML folder and from then on, 264 00:19:15,186 --> 00:19:19,016 it just goes inside the folders the way that you tell it to. 265 00:19:19,206 --> 00:19:29,276 So if I go inside temp, and go inside temp -- 266 00:19:29,796 --> 00:19:39,916 if I create an index.php file inside of this temp directory, 267 00:19:40,246 --> 00:19:44,906 then if there's either an index.php or an index.html, 268 00:19:45,046 --> 00:19:48,616 it will -- Apache will naturally assume that is the one 269 00:19:48,616 --> 00:19:49,926 that you want to create. 270 00:19:50,416 --> 00:19:54,686 What we're seeing right here is the default Apache index. 271 00:19:55,536 --> 00:20:00,386 And so if I create an index.php, 272 00:20:00,796 --> 00:20:06,976 this is the default Apache index page for the temp folder. 273 00:20:07,046 --> 00:20:12,166 And if I create an index.php, it'll override this default one 274 00:20:12,466 --> 00:20:17,896 and display whatever the result of my php execution is. 275 00:20:18,856 --> 00:20:24,436 So I'm going to be using the terminal editor VIM 276 00:20:25,046 --> 00:20:32,566 to edit index.php and we'll just -- 277 00:20:33,366 --> 00:20:35,746 I'm sure that David did a little bit 278 00:20:35,746 --> 00:20:38,326 of this in his class as well. 279 00:20:38,326 --> 00:20:39,976 We'll just make a simple page. 280 00:21:07,106 --> 00:21:13,166 So now, if I refresh this page, it actually shows me the result 281 00:21:13,856 --> 00:21:18,686 of executing this php file. 282 00:21:19,206 --> 00:21:22,966 Now, there's no php code that's actually executed 283 00:21:22,966 --> 00:21:28,126 because we didn't include any begin php execution 284 00:21:28,126 --> 00:21:30,426 or end php execution tags. 285 00:21:31,166 --> 00:21:35,536 So the begin php execution tag is like that. 286 00:21:36,096 --> 00:21:38,086 Can you see that okay? 287 00:21:38,086 --> 00:21:45,446 So one of the most fundamental commands in php is echo. 288 00:21:46,216 --> 00:21:53,146 And you call echo by putting what you would like echoed 289 00:21:53,146 --> 00:21:57,496 out to the screen as a parameter to the function call. 290 00:21:58,326 --> 00:22:11,886 So I'm going to create a break and then echo more content. 291 00:22:12,116 --> 00:22:19,226 And then I'll close the php tags 292 00:22:20,696 --> 00:22:24,196 and this should echo more content out right there. 293 00:22:25,126 --> 00:22:29,556 So one of the most important commands 294 00:22:29,616 --> 00:22:32,986 that you can learn about is phpinfo. 295 00:22:33,896 --> 00:22:37,426 And that tells you everything there is to know 296 00:22:37,746 --> 00:22:42,996 about the version of php that you're running. 297 00:22:43,436 --> 00:22:46,716 One of the first things that I do, if I'm working 298 00:22:46,716 --> 00:22:51,336 on a new server is run this command in order to really find 299 00:22:51,886 --> 00:22:56,606 out what the server is capable of. 300 00:22:56,606 --> 00:22:59,166 Because it changes with every installation of php 301 00:22:59,166 --> 00:23:05,626 and with every version of Apache and the parameters 302 00:23:05,626 --> 00:23:06,686 that it's installed with. 303 00:23:07,626 --> 00:23:14,956 So phpinfo as a function call gives me this nice page 304 00:23:15,016 --> 00:23:21,176 that has all of these important key value pairs like, 305 00:23:22,266 --> 00:23:30,556 display errors is on, and error reporting. 306 00:23:31,486 --> 00:23:37,896 Now, this gives us a rather confusing integer 307 00:23:37,956 --> 00:23:39,126 for error reporting. 308 00:23:39,416 --> 00:23:45,986 But we can find out what that is if we were really determined to. 309 00:23:45,986 --> 00:23:49,196 It's easier to set error reporting than it is 310 00:23:49,296 --> 00:23:51,026 to read it through this page. 311 00:23:51,756 --> 00:23:54,086 So if you're interested -- 312 00:23:54,256 --> 00:24:05,896 if your version of php has any particular functionality, 313 00:24:06,436 --> 00:24:10,826 you can call the phpinfo function and then use control F 314 00:24:10,826 --> 00:24:12,356 on your page in order to search 315 00:24:12,356 --> 00:24:15,586 for that particular parameter and then look for it. 316 00:24:15,586 --> 00:24:19,806 So the [inaudible] with variable names in php, there are lots 317 00:24:20,686 --> 00:24:23,386 of things that are valid. 318 00:24:23,606 --> 00:24:26,646 Basically anything that begins with a dollar sign 319 00:24:26,646 --> 00:24:28,416 and then a letter or an underscore; 320 00:24:29,686 --> 00:24:32,586 these are all valid variable names. 321 00:24:33,186 --> 00:24:37,166 I would recommend against using an underscore just 322 00:24:38,016 --> 00:24:42,206 because php actually uses them internally in order 323 00:24:42,486 --> 00:24:45,866 to do its own variables like I post which is a variable 324 00:24:46,596 --> 00:24:50,606 that contains a very special array. 325 00:24:51,016 --> 00:24:54,496 Did David talk about arrays at all in this last? 326 00:24:54,496 --> 00:24:59,766 So one really clever function is print underscore r 327 00:24:59,906 --> 00:25:03,386 and if you put an array inside of print underscore r, 328 00:25:03,426 --> 00:25:07,796 then it tells you what's inside of the array. 329 00:25:07,796 --> 00:25:12,616 And in this one, it just displays an empty array. 330 00:25:12,756 --> 00:25:13,366 Why is that? 331 00:25:13,516 --> 00:25:17,356 For $ underscore GET, what's $ underscore GET supposed 332 00:25:17,356 --> 00:25:18,436 to have inside of it? 333 00:25:18,436 --> 00:25:18,503 Yeah. 334 00:25:18,503 --> 00:25:22,266 >> It should have parameters follow the URL. 335 00:25:22,836 --> 00:25:24,626 >> Right, so I actually need -- yes. 336 00:25:24,626 --> 00:25:32,386 Someone suggested that it should have the parameters following 337 00:25:32,826 --> 00:25:32,956 the URL. 338 00:25:32,956 --> 00:25:35,846 So this is actually the index.php page 339 00:25:35,846 --> 00:25:39,826 and if I put key equals val and refresh the page, 340 00:25:40,796 --> 00:25:44,326 then now my array is updated with a key 341 00:25:45,116 --> 00:25:51,146 of the word key and the value val. 342 00:25:51,146 --> 00:25:56,216 So I should be able to create a new break and then I am going 343 00:25:56,486 --> 00:26:04,386 to concatenate that break with $ underscore GET key and then 344 00:26:04,386 --> 00:26:09,156 because val is stored inside the key, then it's printed 345 00:26:09,156 --> 00:26:12,546 out right there and concatenated to a break. 346 00:26:12,546 --> 00:26:16,106 So in order to get beyond GET and POST 347 00:26:16,106 --> 00:26:20,146 which contain the information that Apache receives inside 348 00:26:20,146 --> 00:26:22,796 of the request, we need to incorporate sessions. 349 00:26:22,796 --> 00:26:25,196 And so the key to doing sessions is 350 00:26:25,196 --> 00:26:33,616 to at the very beginning before you echo out any content, 351 00:26:33,616 --> 00:26:37,906 you have to make sure that you call sessions underscore start 352 00:26:37,906 --> 00:26:48,016 and this actually makes it possible for you to use any 353 00:26:48,396 --> 00:26:59,696 of the key value pairs that you will then store inside the 354 00:26:59,696 --> 00:27:00,786 session variable. 355 00:27:00,786 --> 00:27:05,126 So the session variable is $ underscore SESSION 356 00:27:05,126 --> 00:27:16,556 and I can store anything in a key value pair here. 357 00:27:16,746 --> 00:27:20,756 Arrays in php let you store numbers or strings 358 00:27:21,246 --> 00:27:30,626 or even other arrays in them so you can have nested arrays. 359 00:27:31,196 --> 00:27:35,526 So you can use the session variable 360 00:27:35,586 --> 00:27:43,196 to literally store arrays of arrays of arrays in order 361 00:27:43,266 --> 00:27:48,786 to contain hierarchical information, 362 00:27:49,106 --> 00:27:52,936 if that's what you want to do. 363 00:27:53,926 --> 00:27:59,076 So I'll store first name inside -- 364 00:27:59,676 --> 00:28:30,356 I'll use my name, Peter and -- 365 00:29:43,206 --> 00:29:51,476 So if we go back to this page and refresh it, 366 00:29:51,476 --> 00:29:54,866 it says temporary page is working. 367 00:29:56,046 --> 00:30:08,506 And what has now happened is that I have created a cookie 368 00:30:08,656 --> 00:30:12,866 on my computer by my browser 369 00:30:12,866 --> 00:30:19,646 and that cookie contains a very long string of numbers 370 00:30:19,646 --> 00:30:21,296 that uniquely identifies me. 371 00:30:21,716 --> 00:30:26,496 And that cookie that has that long number in it, 372 00:30:27,036 --> 00:30:33,076 there is a file -- or there is a folder inside Apache that has 373 00:30:33,076 --> 00:30:35,136 that same long number in it. 374 00:30:35,576 --> 00:30:41,166 And so then when I request this page again, it goes and digs 375 00:30:41,166 --> 00:30:46,846 out that folder and puts the stuff that's inside 376 00:30:46,846 --> 00:30:48,926 that folder stored in the server 377 00:30:49,146 --> 00:30:55,436 into the $ underscore SESSION variable for you to use. 378 00:30:55,436 --> 00:31:00,756 So if I were to create I will call it after -- 379 00:31:00,856 --> 00:31:03,186 well in fact we'll copy it. 380 00:31:05,856 --> 00:31:18,666 Copy, cp stands for copy so I'm going to copy the index 381 00:31:18,666 --> 00:31:24,136 and call it index02 and now, 382 00:31:25,026 --> 00:31:34,606 I will not included these assignment statements 383 00:31:40,316 --> 00:31:40,976 but I will. 384 00:31:48,176 --> 00:31:51,016 You don't actually need these parentheses here 385 00:31:51,076 --> 00:31:53,346 for historical reasons. 386 00:31:53,646 --> 00:31:58,046 These days, everything in php is done in an object-oriented 387 00:31:58,046 --> 00:31:59,636 and function-oriented way. 388 00:32:00,106 --> 00:32:03,586 But traditionally, you actually can just do this. 389 00:32:04,626 --> 00:32:14,116 So now, I have a page that is index02 and if I go 390 00:32:14,116 --> 00:32:20,076 to index02.php, I see Peter Nore. 391 00:32:21,056 --> 00:32:23,966 And even though there's no assignment statement 392 00:32:24,236 --> 00:32:35,106 on this page and the reason why is that in index.php, 393 00:32:35,416 --> 00:32:43,676 I stored those variables in this SESSION folder. 394 00:32:43,976 --> 00:32:46,626 This one's called first underscore name. 395 00:32:47,046 --> 00:32:49,836 This one's called last underscore name 396 00:32:49,836 --> 00:32:51,816 and when you call session underscore start, 397 00:32:52,296 --> 00:32:58,966 when you visit this page, index.php, it creates a cookie 398 00:32:58,966 --> 00:33:04,436 on your computer -- created by your browser 399 00:33:04,896 --> 00:33:07,946 and that cookie is just a little file that has a long number 400 00:33:07,946 --> 00:33:12,906 in it and at the very same time, it creates a folder 401 00:33:12,906 --> 00:33:16,816 on the server here in Fedora and Apache does this, 402 00:33:17,466 --> 00:33:19,696 and it has that same number in it. 403 00:33:19,696 --> 00:33:27,006 So then, when I visit index02, it sends the cookie 404 00:33:27,316 --> 00:33:33,006 that was created on my computer to the server and it has 405 00:33:33,006 --> 00:33:37,656 that number in it so Apache knows that it can look up inside 406 00:33:37,656 --> 00:33:44,056 that directory and retrieve the information that was stored 407 00:33:44,056 --> 00:33:46,096 in a previous session. 408 00:33:46,796 --> 00:33:47,136 Yeah. 409 00:33:47,566 --> 00:33:59,596 >> If you had to stop a command like a session end and begin 410 00:33:59,596 --> 00:34:04,636 with index.php, would it still have performed 411 00:34:04,636 --> 00:34:06,976 or is there such a command? 412 00:34:06,976 --> 00:34:10,806 >> So the question was if you were to call a command 413 00:34:10,806 --> 00:34:20,016 to end the session before the variables were stored then would 414 00:34:20,016 --> 00:34:22,036 this retrieval be possible? 415 00:34:22,316 --> 00:34:26,466 >> Yeah, after the variables were stored 416 00:34:27,336 --> 00:34:29,636 but before you made index02. 417 00:34:30,266 --> 00:34:33,886 >> Yeah, so let's see. 418 00:34:44,076 --> 00:34:47,696 I don't even think that that is a command. 419 00:34:47,866 --> 00:34:50,576 What you can do is -- 420 00:35:01,296 --> 00:35:09,076 That it's kind of tricky to actually delete all -- 421 00:35:09,076 --> 00:35:11,376 to delete the entire session. 422 00:35:11,376 --> 00:35:13,556 You have to do several different things. 423 00:35:15,056 --> 00:35:23,086 You can expire the cookie prematurely. 424 00:35:23,186 --> 00:35:26,226 You can -- let's see. 425 00:35:26,276 --> 00:35:33,136 I'll actually have to give -- 426 00:35:34,066 --> 00:35:38,986 I can't remember the syntax right now. 427 00:35:38,986 --> 00:35:43,446 I'll have to get back to you with that comment. 428 00:35:43,446 --> 00:35:46,556 The -- and it is essential that you be able 429 00:35:46,556 --> 00:35:51,386 to do otherwise you wouldn't be able to log someone out. 430 00:35:51,736 --> 00:35:55,536 The -- right now, if I visit this page, 431 00:35:55,736 --> 00:36:02,966 it will always say the name that was stored there unless I go 432 00:36:02,966 --> 00:36:04,126 into a separate cookie space. 433 00:36:04,546 --> 00:36:07,006 And this is where Chrome is especially efficient 434 00:36:07,296 --> 00:36:11,006 for developing because if you press control shift end, 435 00:36:11,006 --> 00:36:13,466 you can instantly get into a fresh cookie space. 436 00:36:14,296 --> 00:36:26,906 And if I go to the same webpage, you can see it says, 437 00:36:27,406 --> 00:36:32,386 "undefined index first name" in index02 on line 11. 438 00:36:32,386 --> 00:36:37,706 So what we're seeing here are notices and you can see 439 00:36:37,706 --> 00:36:41,036 that the default error level in php is set 440 00:36:41,036 --> 00:36:43,376 up to actually tell you about the notices. 441 00:36:43,376 --> 00:36:45,816 This is something you wouldn't want 442 00:36:45,816 --> 00:36:47,656 in production environments obviously 443 00:36:47,656 --> 00:36:52,016 because it would expose your server to vulnerabilities 444 00:36:52,016 --> 00:36:56,306 and you can control the error reporting but because we're 445 00:36:56,656 --> 00:36:59,896 in a different cookie space here then you're not -- 446 00:37:00,056 --> 00:37:02,916 you know, this is what you would see once you call 447 00:37:03,806 --> 00:37:06,826 that special command. 448 00:37:08,566 --> 00:37:14,686 So let's try -- 449 00:37:27,276 --> 00:37:40,456 One thing that you can do is you can create a form and here 450 00:37:40,456 --> 00:37:48,116 in index.php, the first one, if we create a form 451 00:37:48,146 --> 00:38:03,246 and action equals our index02.php, and -- 452 00:38:28,126 --> 00:38:33,346 Or we can even -- you can even have a form submit to its own -- 453 00:38:34,356 --> 00:38:37,366 to the actual page itself. 454 00:38:38,026 --> 00:38:44,566 Or I believe, you can even leave a blank 455 00:38:44,566 --> 00:38:48,976 and it will submit it to this one as well. 456 00:39:12,276 --> 00:39:25,856 So if we go to index.php, we should create some labels here. 457 00:40:02,056 --> 00:40:05,796 So right now, we need a submit. 458 00:40:05,796 --> 00:40:12,736 I think that's how it is. 459 00:40:23,526 --> 00:40:32,846 So what I've just done is submitted the first name 460 00:40:32,846 --> 00:40:39,496 and the last name form elements to the GET parameter 461 00:40:39,496 --> 00:40:45,116 and then print it out of GET parameter. 462 00:40:45,116 --> 00:40:47,376 So this page is actually ran twice. 463 00:40:48,196 --> 00:40:50,666 The very first time, 464 00:40:51,176 --> 00:40:56,326 print underscore r actually is you can see 465 00:40:56,326 --> 00:41:01,766 that my name is actually appended up here 466 00:41:01,926 --> 00:41:04,366 when I actually hit submit. 467 00:41:04,916 --> 00:41:08,286 So right now, there are no parameters and then 468 00:41:08,286 --> 00:41:10,866 when I hit submit, the parameter show up 469 00:41:10,866 --> 00:41:12,896 and print underscore r records 470 00:41:12,976 --> 00:41:17,186 at the variables are actually submitted. 471 00:41:17,616 --> 00:41:23,716 So because you can get access to variables this way, 472 00:41:25,096 --> 00:41:31,946 you can then store the -- 473 00:41:39,066 --> 00:41:41,976 Value of getting it from the GET superglobal. 474 00:42:02,256 --> 00:42:10,316 So what this will do, well maybe somebody else can explain it. 475 00:42:11,406 --> 00:42:16,706 What will this enable us to do? 476 00:42:16,856 --> 00:42:16,923 Yeah. 477 00:42:17,286 --> 00:42:22,166 >> Take the [inaudible]. 478 00:42:22,356 --> 00:42:33,556 >> Right, so it enables us to take the first and the last name 479 00:42:33,646 --> 00:42:39,916 from these two text boxes, store them into the SESSION and then 480 00:42:39,916 --> 00:42:45,856 if we load this page, whatever we type in here should show 481 00:42:46,866 --> 00:42:52,536 up on the second page because it's in the same SESSION. 482 00:42:54,816 --> 00:43:02,946 So I'm going to put random phrase here 483 00:43:03,586 --> 00:43:14,216 and it should store it in the SESSION 484 00:43:14,756 --> 00:43:18,506 and we have a syntax error, 485 00:43:18,506 --> 00:43:20,876 unexpected less than sign on line 12. 486 00:43:21,526 --> 00:43:30,616 So the problem here is that I didn't echo this br tag out 487 00:43:32,026 --> 00:43:38,506 and so it was confused because I was in the middle of php mode. 488 00:43:38,506 --> 00:43:46,096 And it needs a quote on that same line or a semi-colon 489 00:43:46,096 --> 00:43:47,566 in order to terminate the statement. 490 00:43:48,206 --> 00:43:51,996 So now, random phrase appears in the session. 491 00:43:52,656 --> 00:44:03,176 So this gives you an example of how you can take input 492 00:44:03,176 --> 00:44:06,246 from the user, store it into the SESSION 493 00:44:06,696 --> 00:44:08,896 and then retrieve that later. 494 00:44:08,896 --> 00:44:12,986 And because each cookie has an expiration date, 495 00:44:12,986 --> 00:44:16,396 you can store how long that's stored on the server. 496 00:44:16,396 --> 00:44:18,086 You can have it stored a month. 497 00:44:18,196 --> 00:44:20,076 You can have it stored a year. 498 00:44:20,076 --> 00:44:21,526 You can have it stored for 10 years. 499 00:44:22,046 --> 00:44:27,826 Ultimately though, it's up to the user how long 500 00:44:27,826 --> 00:44:30,596 that cookie is on their computer. 501 00:44:30,596 --> 00:44:35,306 It's possible for them to delete that cookie and then 502 00:44:35,456 --> 00:44:38,296 that information would not be stored persistently, 503 00:44:38,726 --> 00:44:45,386 which is why we have to log in periodically to some services. 504 00:44:45,836 --> 00:44:53,156 And because you can store arrays instead of array, 505 00:44:53,686 --> 00:44:59,056 you could even have a person key inside of SESSION and then 506 00:44:59,056 --> 00:45:05,296 in each person could be an array where there's a key, first name 507 00:45:05,296 --> 00:45:12,506 and last name and where or maybe the SESSION key could be people 508 00:45:12,506 --> 00:45:15,206 and then you could have actually store a bunch of people. 509 00:45:15,606 --> 00:45:20,256 You can store a lot of things into SESSION. 510 00:45:20,256 --> 00:45:26,086 It's actually just limited by the file size, you know, 511 00:45:26,086 --> 00:45:28,756 the memory is limited to the file size 512 00:45:28,756 --> 00:45:32,006 of the computer that's running it. 513 00:45:32,476 --> 00:45:37,496 So I think that pretty much illustrates it. 514 00:45:37,496 --> 00:45:46,376 In order to use post, you would -- I think it's -- 515 00:45:46,596 --> 00:45:50,756 is it type equals post? 516 00:45:51,876 --> 00:45:52,746 Is it method? 517 00:45:52,746 --> 00:45:53,986 Yeah, method. 518 00:45:57,896 --> 00:46:07,976 So if we do post then -- 519 00:46:18,356 --> 00:46:24,996 You can see that this -- oh, that didn't do it. 520 00:46:26,206 --> 00:46:26,846 Method, here. 521 00:46:39,046 --> 00:46:43,586 So what you should do whenever you're using these -- 522 00:46:44,276 --> 00:46:47,886 whenever you're referencing something that could be coming 523 00:46:47,886 --> 00:46:53,486 in from the outside world, you need to use is set 524 00:46:53,976 --> 00:46:57,686 in order to see if it is set. 525 00:46:57,686 --> 00:47:03,456 Either that or use the @ symbol in order to indicate 526 00:47:03,456 --> 00:47:06,006 that you want the errors to be suppressed 527 00:47:06,126 --> 00:47:07,386 if that key is not there. 528 00:47:07,856 --> 00:47:10,896 Because this is an array, this is a variable that refers 529 00:47:10,896 --> 00:47:14,416 to an array, and if that array doesn't have the key first name 530 00:47:14,416 --> 00:47:15,686 then you'll get a notice. 531 00:47:16,286 --> 00:47:20,866 So now that I've put the @ symbol there then it won't 532 00:47:20,866 --> 00:47:24,216 complain if that key is not present. 533 00:47:25,156 --> 00:47:38,706 So in Chrome, the -- I don't think you can pause 534 00:47:38,756 --> 00:47:47,216 in the middle of post but I'm sure David showed last time 535 00:47:47,386 --> 00:47:50,926 that you can view the different requests 536 00:47:51,166 --> 00:47:54,376 that have been done by the page. 537 00:47:54,856 --> 00:48:00,226 And when you're using JavaScript in order to indicate the -- 538 00:48:00,306 --> 00:48:03,946 in order to retrieve information from the server, 539 00:48:04,136 --> 00:48:07,386 you can press record and then have JavaScript do some 540 00:48:07,386 --> 00:48:12,976 executions and each request will appear right here. 541 00:48:14,366 --> 00:48:20,286 And so because I had the record button on, 542 00:48:20,286 --> 00:48:22,366 you can see the headers here. 543 00:48:23,216 --> 00:48:27,366 There is form data where first name is random 544 00:48:27,366 --> 00:48:37,196 and last name is string and the -- it's sent as post which means 545 00:48:37,196 --> 00:48:43,016 that nothing was stored in the actual URL request. 546 00:48:43,646 --> 00:48:48,826 But it's still in plain text and trivially observed. 547 00:48:48,826 --> 00:48:57,116 It's slightly more difficult to uncover a password if it's post 548 00:48:57,116 --> 00:48:58,976 but it's by no means secure. 549 00:48:59,396 --> 00:49:05,866 The -- so now you can see it first name is random 550 00:49:05,866 --> 00:49:07,746 and last name is string. 551 00:49:15,176 --> 00:49:18,296 And now first name is another random and last name is string. 552 00:49:18,676 --> 00:49:24,436 And even if I go to index01 or index02 then -- 553 00:50:04,046 --> 00:50:05,596 So I'm doing something wrong, where? 554 00:50:06,156 --> 00:50:07,066 >> On the left side? 555 00:50:07,136 --> 00:50:07,506 >> Yeah. 556 00:50:07,726 --> 00:50:09,316 >> Where your spread is [inaudible], 557 00:50:10,336 --> 00:50:12,186 it's underscore post. 558 00:50:12,186 --> 00:50:12,876 >> Oh yeah, yeah, yeah. 559 00:50:13,196 --> 00:50:16,826 So here instead of underscore GET, 560 00:50:16,826 --> 00:50:18,576 it should be underscore post 561 00:50:19,026 --> 00:50:23,036 because it's no longer retrieving it through the URL. 562 00:50:24,016 --> 00:50:34,356 So if I go back and submit that, and then go to index02.php, 563 00:50:34,356 --> 00:50:37,016 then now my name appears. 564 00:50:37,706 --> 00:50:44,846 So I think that covers most of these things except for how 565 00:50:44,846 --> 00:50:53,486 to manually create, how to manually delete the cookie. 566 00:50:54,166 --> 00:50:56,756 >> I think [inaudible]. 567 00:50:58,816 --> 00:51:04,916 >> Yeah, that will -- does that do everything? 568 00:51:06,596 --> 00:51:11,076 >> You'd have to be [inaudible]. 569 00:51:11,316 --> 00:51:15,976 >> I think the effect for the user is the same. 570 00:51:31,356 --> 00:51:38,266 So now, if we go to index02 then these are undefined. 571 00:51:38,556 --> 00:51:42,316 So for the user session destroy called at the end 572 00:51:43,016 --> 00:51:50,856 or called anywhere like destroys the availability of the number. 573 00:51:51,376 --> 00:51:55,276 Do you know if that actually destroys the actual information 574 00:51:55,276 --> 00:51:55,496 on the -- 575 00:51:55,496 --> 00:51:57,446 >> I think it [inaudible]. 576 00:51:57,646 --> 00:51:57,896 >> Yeah? 577 00:51:59,086 --> 00:52:01,116 >> But I'm not [inaudible]. 578 00:52:01,196 --> 00:52:05,736 >> The cookie -- I'm not sure 579 00:52:05,736 --> 00:52:10,406 if session destroy actually expires the cookie for the user? 580 00:52:11,096 --> 00:52:16,216 But yeah, so this should log the user out. 581 00:52:16,216 --> 00:52:23,936 If we wanted to do a password, you can do -- 582 00:52:23,936 --> 00:52:25,946 I think its type equals password. 583 00:52:37,696 --> 00:52:40,636 Yeah, so if you do type equals password, then you can store -- 584 00:52:41,266 --> 00:52:46,556 you can make it so that it doesn't appear on the screen. 585 00:52:46,806 --> 00:52:52,636 So that's at least how you could implement some primitive 586 00:52:52,636 --> 00:52:55,986 password functionality using SESSION. 587 00:52:56,466 --> 00:53:09,186 So what we could do is put at the top of this page, 588 00:53:11,016 --> 00:53:22,836 password -- it's like a secret password equals trust no one. 589 00:53:23,796 --> 00:53:30,586 And then you could say if -- 590 00:54:48,086 --> 00:54:52,176 So here, the form is not going to a different page 591 00:54:52,296 --> 00:54:58,146 but if we submit it to index02.php with a method 592 00:54:59,466 --> 00:55:08,076 of post, and we change this to password, 593 00:55:09,876 --> 00:55:14,586 so that it matches this post password field, 594 00:55:14,586 --> 00:55:18,976 we'll even print it out. 595 00:55:35,316 --> 00:55:45,026 So here, I got in because I used the trust no one password. 596 00:55:45,386 --> 00:55:47,136 But if I used a different password 597 00:55:47,136 --> 00:55:49,736 and here maybe this would be easier to see 598 00:55:50,666 --> 00:55:55,976 if I delete that type. 599 00:56:07,046 --> 00:56:11,886 So that actually did not work. 600 00:56:12,266 --> 00:56:12,856 Let's see. 601 00:56:14,196 --> 00:56:18,326 The name is password. 602 00:56:18,716 --> 00:56:19,296 If we -- 603 00:56:19,296 --> 00:56:20,086 >> You're not [inaudible]. 604 00:56:21,406 --> 00:56:21,496 >> I'm -- 605 00:56:21,726 --> 00:56:27,036 >> And you're doing it back [inaudible]. 606 00:56:27,226 --> 00:56:31,476 >> Yeah. So I didn't test for equality. 607 00:56:31,476 --> 00:56:40,346 Instead I actually assigned -- I overwrote the password key 608 00:56:41,206 --> 00:56:47,306 so if I do this, you do not enter the right password 609 00:56:47,596 --> 00:56:55,316 but if I enter trust no one then it says you got in. 610 00:56:55,516 --> 00:57:00,846 And then it says undefined index first name. 611 00:57:10,046 --> 00:57:13,176 I'm not sure why it says undefined index first name. 612 00:57:13,726 --> 00:57:15,826 Oops, oh yeah, because it's 613 00:57:16,346 --> 00:57:17,976 in the SESSION if I actually said -- 614 00:57:27,146 --> 00:57:34,186 Yeah. So do you guys have any questions about how 615 00:57:34,186 --> 00:57:39,996 to use the GET superglobal, the POST superglobal, 616 00:57:40,086 --> 00:57:43,556 or the SESSION superglobal, or what a superglobal is? 617 00:57:44,196 --> 00:57:47,606 Is that pretty clear? 618 00:57:48,346 --> 00:57:53,936 You can store tons and tons of information inside the SESSION. 619 00:57:53,936 --> 00:57:59,876 If you want something bigger or more rigorous, you can write it 620 00:57:59,876 --> 00:58:06,206 to a file and we'll cover that in future sections. 621 00:58:07,176 --> 00:58:15,486 The -- I will add these two files to the -- 622 00:58:15,936 --> 00:58:21,956 to this GET hub page and you will be able, 623 00:58:22,786 --> 00:58:29,886 GET is preinstalled on the appliance 624 00:58:30,536 --> 00:58:35,596 so when you get the appliance, you'll be able 625 00:58:35,596 --> 00:58:41,916 to run these examples right in your own appliance 626 00:58:42,176 --> 00:58:46,816 and use the same URL's I have in class. 627 00:58:47,536 --> 00:58:51,536 So I think that's pretty much everything 628 00:58:51,536 --> 00:58:53,856 that we've really had to get through today. 629 00:58:54,336 --> 00:59:00,086 You may encounter one issue when you start playing with this 630 00:59:00,676 --> 00:59:03,896 which is the permissions issue. 631 00:59:04,316 --> 00:59:10,146 If I were to create -- let's say I wanted 632 00:59:10,146 --> 00:59:11,696 to create another directory. 633 00:59:20,766 --> 00:59:25,656 And I make an index.html page. 634 00:59:26,696 --> 00:59:32,836 Let's just see if this works. 635 00:59:45,286 --> 00:59:51,676 So now, I should be able to go to -- 636 00:59:53,206 --> 00:59:58,206 I'm in home of jharvard public html temp2. 637 00:59:58,506 --> 01:00:02,936 So I should be able to go to inside the jharvard directory. 638 01:00:02,936 --> 01:00:03,976 I should be able to temp2. 639 01:00:05,486 --> 01:00:09,916 But it says you don't have access to temp2 on this server. 640 01:00:10,446 --> 01:00:17,166 So the first thing you want to do is do ls-l and make sure 641 01:00:17,166 --> 01:00:19,606 that the permissions are right. 642 01:00:19,946 --> 01:00:23,496 In order for directories to show up, 643 01:00:23,496 --> 01:00:26,966 they need at the very least execute permissions 644 01:00:27,466 --> 01:00:32,556 because you -- to execute a directory means 645 01:00:32,646 --> 01:00:36,236 to be able to go inside of it. 646 01:00:36,386 --> 01:00:39,416 It's different then -- you don't necessarily need read 647 01:00:39,416 --> 01:00:40,756 permissions or write permissions. 648 01:00:40,756 --> 01:00:42,726 Read permissions on a directory means 649 01:00:43,296 --> 01:00:47,936 that you can list the files inside of it and write means 650 01:00:47,996 --> 01:00:53,686 that you can write -- you can touch a new file inside of it. 651 01:00:53,786 --> 01:00:57,096 But you want to make sure that at the very least, you can -- 652 01:00:57,096 --> 01:01:01,796 everyone can execute it. 653 01:01:02,326 --> 01:01:05,546 So if you -- you know, in general, 654 01:01:06,046 --> 01:01:09,996 755 will be fine for directories. 655 01:01:10,636 --> 01:01:16,746 If you change the permissions on temp2 to 755, 656 01:01:16,996 --> 01:01:21,276 then you'll still encounter this issue which is 657 01:01:21,276 --> 01:01:24,676 that now we can get inside temp2 and find 658 01:01:24,676 --> 01:01:27,226 out that there's an index.html page. 659 01:01:27,686 --> 01:01:29,796 But if I go inside temp2, 660 01:01:29,846 --> 01:01:36,656 I can see that the index.html only has rewrite permissions. 661 01:01:37,476 --> 01:01:42,596 Now, if I do ls-l on the temp directory 662 01:01:42,596 --> 01:01:45,076 that we are working in, I can see index.php 663 01:01:45,126 --> 01:01:49,246 and index02.php only had rewrite permissions. 664 01:01:49,836 --> 01:01:54,066 So why is it that I can enter these 665 01:01:54,336 --> 01:01:56,766 and execute them just fine but not this one? 666 01:01:57,796 --> 01:02:01,876 Does anyone have an idea? 667 01:02:02,086 --> 01:02:08,786 So what's happening here is that Apache, if you go back 668 01:02:09,546 --> 01:02:17,006 to this page, Apache, the very first thing it does is try 669 01:02:17,006 --> 01:02:21,356 to find a file to handle the request. 670 01:02:21,706 --> 01:02:28,686 And so if I go to jharvard/temp2, 671 01:02:29,276 --> 01:02:31,306 the first thing it looks for is index.php 672 01:02:31,306 --> 01:02:35,346 and if index.php isn't there, it looks for an index.html. 673 01:02:35,856 --> 01:02:41,846 And if it actually has the suffix html then it assumes -- 674 01:02:42,086 --> 01:02:46,206 then Apache assumes that there's no php that needs to be executed 675 01:02:46,206 --> 01:02:50,856 and actually delivers the html file up the way 676 01:02:50,856 --> 01:02:53,386 that it is on the server. 677 01:02:53,486 --> 01:02:58,826 And so, as a result, everyone needs read permissions in order 678 01:02:58,826 --> 01:03:03,416 to read an html file or in order to read a jpeg like an image. 679 01:03:03,816 --> 01:03:07,576 So you would need to chmod this 680 01:03:07,756 --> 01:03:11,366 so that everyone has the read bit enabled. 681 01:03:11,366 --> 01:03:14,126 And now, we can access it. 682 01:03:15,376 --> 01:03:21,386 This will probably cost you a few headaches the first time 683 01:03:21,716 --> 01:03:25,896 that you're working with the appliance, if you've never dealt 684 01:03:25,896 --> 01:03:27,246 with Linux permissions before. 685 01:03:27,886 --> 01:03:34,326 But again, that -- this 644 permissions is only necessary 686 01:03:34,326 --> 01:03:37,926 for things where everyone needs to be able to read them. 687 01:03:38,296 --> 01:03:45,586 We're using a type of php that the php is actually executed 688 01:03:45,586 --> 01:03:51,456 as you, the user, and you are jharvard. 689 01:03:51,636 --> 01:03:59,836 So it just needs these first read-write bits to be enabled. 690 01:04:00,766 --> 01:04:03,786 Are there any questions about that? 691 01:04:06,956 --> 01:04:08,906 I think that pretty much covers it. 692 01:04:09,046 --> 01:04:15,016 I'll make sure that these are up on GET by tomorrow 693 01:04:15,016 --> 01:04:18,296 and I'll make sure that the slide shows -- 694 01:04:18,296 --> 01:04:19,986 accessible through there as well. 695 01:04:19,986 --> 01:04:20,826 Thanks so much.