3/25/2011
‐ Manajemen Sesi ‐Login User ‐ Cookie
Session y Session digunakan untuk menyimpan suatu informasi
antar proses request, baik request dalam bentuk POST atau GET y Salah satu contoh yang menggambarkan penggunaan session adalah proses login. y User akan memasukkan username melalui form login. Setelah login berhasil, user tersebut dihadapkan pada link menu navigasi g yyang menuju g j ke beberapa p halaman web. y Agar username tersebut akan selalu tampil atau tercatat di halaman‐halaman web tersebut, maka username dapat disimpan dalam session.
1
3/25/2011
Contoh sederhana
//session.php session_start(); $username = $_POST["username"]; $password = $_POST["password"]; if ($username=="ragil" && $password=="rahasia"){ $_SESSION["user"] = $username; header("Location: berhasil.php"); }else { echo "Maaf anda gagal melakukan login"; } ?>
2
3/25/2011
//berhasil.php session_start(); if (isset($ (isset($_SESSION[ SESSION["user"])){ user ])){ echo "Selamat datang
".$_SESSION["user"]." anda berhasil login
"; echo "
logout"; }else { echo "Maaf anda tidak berhak mengakses halaman ini !"; } ?> //logout.php //l h session_start(); session_unset(); session_destroy(); header("Location: login.php"); ?>
Hasil
3
3/25/2011
Login User with Session y Session dapat digunakan untuk mengatur menu yang dapat
diakses oleh user y Digunakan database untuk menyimpan data user y Schema :
Schema Flow y The first time that a protected page is requested, the user will not have y y y
y
entered his or her login details yet. The script detects this and prompts the user for a username and p p p password with a login form instead of displaying the requested page. When that form is submitted, the page is reloaded, this time with a username and password specified. The script sees that the login details have been specified, and registers them as session variables so that they remain available for the rest of the user's visit. Finally, the script checks the database to make sure the y, p username/password combination is valid. y If it is, the page requested is displayed. y If not, an "access denied" message is displayed with a link inviting the user to try logging in again.
4
3/25/2011
Form Login y Form :
Validasi Form :
Validasi Form Form dengan dengan javascript <script language="javascript">
5
3/25/2011
Cek Login $password=md5($_POST[password]); $sql="select *from user where username='$_POST[username]' AND password='$password'"; $result=mysql_query($sql); $ketemu=mysql_num_rows($result); $data=mysql_fetch_array($result); if($ketemu>0) { session_start(); $_SESSION[username]=$data[username]; $_SESSION[password]=$data[password]; $ SESSION[level] $data[level]; $_SESSION[level]=$data[level]; if($data[level]=="User Biasa“) { header('location:index.php?module=home'); }elseif($data[level]=="Administrator“) { header('location:index.php?module=home'); }}
echo "<script> alert('Username dan Password Anda tidak cocok'); location.href='index.php'";
6
3/25/2011
Login ‐‐ Login ‐‐ OK Pembagian hak akses menu Cek level user
if($_SESSION[level]== if($ SESSION[level]=="User User Biasa Biasa"){ ){ echo“
Home Browsing Surving ”; } if($_SESSION[level]=="Administrator“) { echo “
Home Tambah Edit Hapus ”; }
Hasil Manajemen Menu y User Biasa
Administrator
7
3/25/2011
Manajemen Content // Tanpa User dan Password if( if(empty($_SESSION[username]) t ($ SESSION[ ]) AND empty($_SESSION[password])){ echo "
SELAMAT DATANG di Sistem Informasi xxx
"; echo "Halaman ini dapat diakses tanpa user dan password";} else{ // Setting Menu berdasarkan level user if($_SESSION[level]=="User Biasa"){ echo "Tampilan informasi yang bisa diakes
user biasa"; }} if($_SESSION[level]=="Administrator"){ echo "Tampilan informasi yang bisa diakes
administrator";} ?>
Hasil Manajemen Content y Umum
y User Biasa
y Administrator
8
3/25/2011
Secure session management with cookie y Strong session management is a key part of a secure
pp web application. y Since HTTP does not directly provide a session abstraction, application and framework developers must bake their own using cookies.
What Cookie?? y Most web application frameworks use client‐side
cookies to index a state table on the server side. y Session state is usually represented with a special‐ purpose object type, stored on the server, and could contain anything relevant to the application: y user profile, y user privileges, y cached data from a back‐end store, y browsing history and page flow state, or y CSRF (Cross‐Site Request Forgery )prevention tokens.
9
3/25/2011
Create Cookie y Menggunakan function setcookie y Dideklarasikan sebelum tag html y Syntax : setcookie(name, value, expire, path, domain);
y Contoh : . . . .
Retrieve Cookie • Menggunakan $_COOKIE variable
nama variabel cookie cookie = user user
•
10
3/25/2011
• Menggunakan fungsi isset "; else echo "Welcome guest!
"; ?>
Menghapus Cookie • Dengan cara membuat expired cookie tersebut
• Expired time = (‐) negatif, • Cookie telah expired 3600 detik atau 1 jam yang lalu
11
3/25/2011
Membuat beberapa cookies //set beberapa setcookie("username[one]","ragil",time()+60 ); setcookie("username[two]","saputra",time()+60) ; setcookie("username[three]","hadi",time()+60); echo "Cookie telah diset...
cookie"; ?> //lihatcookie.php echo "Cookie yang telah dikirimkan:
"; if (isset($_COOKIE["username"])){ while(list($index,$value) = each($_COOKIE["username"])){ echo "Nama Ke-".$index." = ".$value."
"; } } ?>
Hasil Cookies
12