| WebSys Pizza Server (Hidden Fields) |
| WebSys Home | Try it |
This sample PHP program demonstrates the use of hidden fields
to provide a session. This system involves a single
PHP program, although this program can handle a number of different
kinds of requests. The examples we have discussed in the past have
involved multiple CGI programs, this one involves only one. The single
PHP program (pizza.php) can act in different ways
depending on the query received, specifically it looks at the form
field named "formname" and does the following:
Value of formname | Resulting Action |
|---|---|
| none | Sends back a login form. |
login |
Validates the name and password, and if valid sends back an order form |
order |
Validates the order and if valid sends back a receipt |
The system includes a login form that allows a user to log on to the system using a name and password. The PHP program simply checks for the username "joe" and the password "pizza", these values are part of the PHP program itself. In a real application this data would come from a file or a database...
Note: All the forms in this system use GET, in real life you would use POST for submission of a password!
Once the user logs in, the program sends back a pizza order form. When the order form is submitted, the order is processed only if the user's name and password are part of the request. The name and password are not entered by the user in the order form, instead these values come from hidden fields (created by the program when it created the order form).
This system uses hidden form fields to propogate state information between the login form and the order form. This means that the order form includes some hidden fields (name and password) so that it "knows" who it filling out the order form. As far as the program is concerened, it doesn't know whether the query is constructed by hand, or comes from a user who filled out the order form - as long as a name and password are present in the query the program will process the pizza order.
Keep in mind that using hidden fields does not provide a secure system! Any user could look at the HTML source for the order form and see what the name and password are!
Much of the HTML that is generated by the program is read from files. This makes it possible to change the look of the site without changing the PHP file.
| pizza.php | The PHP program. One program handles the entire system. Click on this link and you will get the login page. See below to actually see the source code. |
| logo | The WebSys Pizza logo that shows up on the top of all pages. |
| pizzaguy.gif | A graphic image included in the logo. |
| loginform.tmpl | The HTML form a user uses to log in to the pizza server. |
| orderform.tmpl | Most of the HTML form for ordering a pizza. |
| pizzaphp.html | Source code for the PHP program |
| pizza.zip | Zip file containing everything. |
