Simple PHP Exercises

9 min read

Here are three simple exercises to deepen what you have learned. First, we build a small, password-protected site. Then an example of how to check if form fields have been filled out by the user. The last one is how we can combine several web pages with only one PHP file.

Exercise 1: Password protection

For our password protection, we first need an input form for a username and password. This looks something like this, which we can save in page1.php.

<form  action  =  "page2.php"  method = "post" >
Username: <br />
<input type = "text" name = "username" > <br /> <br />
Password: <br />
<input type = "password" name = "password" />
<input type = "submit" value = " Submit " />
</form>

Password queries should always be sent by post because if it were submitted with the GET method, anyone would later be able to see which password to use.

Now we come to the PHP part, which we save in page2.php:

<?php
$username = $_POST ["username"] ;
$password = $_POST ["password"] ;
$pass = sha1($password ) ;
?>

First, we ask the transferred data from the submitted form.

With sha1 we calculate the hash value of the password. The reconversion from the SHA-1 hash is difficult and only possible with a large amount of computation. With secure passwords, calculating back is virtually impossible. This provides some protection, for example, if an attacker has access to the file with the SHA-1 hash, then he cannot easily derive the plain-text passwords from it.

One word, e.g. the word wiratama, which was hashed with sha1, looks like this:

5cebc952a6b604f302bba576c21784ba69bf2b94

To make an if statement now, we first need to convert the password to a sha1 string (text).

For this purpose, we can use the sha1 generator, or we can make our own generator.

We have to modify our code like this.

<?php
$username = $_POST ["username"] ;
$password = $_POST ["password"] ;
$pass = sha1 ($password ) ;
echo $pass ;
?>

If we press the Submit button on the form, we get the entered word as a sha1 string reissued. We will later copy this hash value for our password into the password-protected page.

Attention: The sha1 function is case-sensitive.

example looks like this after converted:
c3499c2729730a7f807efb8676a92dcb6f8a3f8f

Example looks like this after converted:
0f01ed56a1e32a05e5ef96e4d779f34784af9a96

Now comes the if statement. This will check if the encrypted password is the same as the one we saved.

Our code for page2.php looks like this:

<?php
$username = $_POST ["username"] ;
$password = $_POST ["password"] ;
$pass = sha1($password) ;
if ( $username == "Wira" AND $pass == "c3499c2729730a7f807efb8676a92dcb6f8a3f8f" )
{
echo "Welcome" ;
}
else
{
echo "Login Failed" ;
}
?>

In the if-statement, we write in our sha1-string.

If you press submit on the form, this data will be sent to page2.php. The page2.php queries these inputs and encrypts the password text box into a sha1 string. The if statement then asks if the entered encrypted password is the same as the if statement.

What do I have of the sha1 function?

Hashing passwords, converting passwords to their sha1 hash, and storing only those hashes increases the security of the system. Suppose an attacker gains unauthorized access to your system. If the passwords are saved just in plain text, then the attacker can cause considerable further damage.

However, if they are stored as a hash value, the potential damaging is significantly lower. If your users have chosen a strong password (i.e., more than 8 characters, ideally using letters and numbers), then the attacker can not recalculate the passwords and thus do no further damage. Therefore, passwords should always be stored only as a hash value.

In addition to the SHA-1 hash function, PHP also implements some other hash functions, such as md5.

Exercise 2: Check if all fields have been completed

Often you want to make sure that all fields of a form have been filled out. For example, if you implement a registration function you have to make sure that all mandatory fields have been filled out.

For this we start again with a form:

<form  action  =  "page2.php"  method = "post" >
E-Mail: <br>
<input type = "text" name = "email" > <br> <br>
Comment: <br>
<textarea name = "comment" cols = "30" rows = "5" >
</textarea>
<input type = "submit" value = " Submit " >
</form>

In this form, you enter the e-mail address and a comment.

This data will be sent to page2.php:

<?php
$email = $_POST["email"] ;
$comment = $_POST["comment"] ;
if ( $email == "" OR $comment == "" )
{
echo "Please fill out all fields" ;
}
else
{
echo "Your entry has been saved" ;
}
?>

As always, we first ask the submitted data. With the if statement we check if both fields have been filled out, we need OR keyword.

Besides OR, you can also use the logical operator AND. Now we check that both fields are different from the empty string:

<?php
$email = $_POST ["email"] ;
$comment = $_POST ["comment"] ;
if ( $email != "" AND $comment != "" )
{
echo "Your entry has been saved" ;
}
else
{
echo "Please fill out all fields" ;
}
?>

If one or both fields are blank, the visitor receives an error message. But when he has completed it, his entries are saved. How the store works, you will learn later.

Such an if statement is needed quite often, e.g., with guest books such an if statement is almost always built in.

Exercise 3: Multiple HTML documents in a PHP file

A significant advantage of PHP is that you can display dynamic content. If you program a page, such as an online shop or a forum system, there may be tens of thousands of pages. Of course, you do not want to create a new HTML page for every article in the shop or for every post in the forum. Instead, the pages are generated dynamically and displayed to the user.

So that we know in the script on which page we want to display, we can pass variables through GET and produce different outputs depending on the value.

For example, we start our PHP file as follows:

<?php 
 $page = $_GET["page"] ;          
 ?> 

We have now used this as an input field name page. This value is stored in the variable $page. Of course, you can also use other names.

As we have already learned, data submitted with GET is appended to the URL. So we do not need a form to submit specific input, just add it to the URL and press Enter.

Then we need an if-statement that checks what has been entered.

This can look like this:

<?php
$page = $_GET ["page"] ;
if ( $page == "index" )
{
echo "Welcome to the index page" ;
}
?>

If we then call this file in the browser, we first get a blank page. But if we now append to the URL?page=index, we get the output that stands between our if statement.

Thus, we can now insert any number of subpages.

That looks like this:

<?php
$page = $_GET["page"] ;
if ($page == "index" )
{
echo "index page" ;
}
if ($page == "start" )
{
echo "Home" ;
}
?>

If we now call our URL with the appendix?page=index, We get only the index page as output, but if we call this page with the appendix?page=start, we just get the output as the homepage.

Thus, we can save many subpages in a PHP file.

If you want the browser to call a particular page, if someone does not attach anything to the URL, we'll need empty function. It allows us to check if a variable (e.g., $page) is empty.

The script looks like this:

<?php
$page = $_GET["page"] ;
if (empty($page ))
{
$page = "index" ;
}
if ($page == "index" )
{
echo "index page" ;
}
if ($page == "start" )
{
echo "Home" ;
}
?>

If we call the file without an attachment (query) url, we get the output of?page = index.

Links could look like this:

<a "page1.php?page=index"> index page code      
 <a "page1.php?page=start"> Home </a>      

Of course, the links could also be in one of the if statements, like this:

<?php
$page = $_GET["page"] ;
if (empty($page))
{
$page = "index" ;
}
if ($page == "index" )
{
echo "Back to index page ";
echo "<a href=\"?page=start\">Homepage</a>";
}
if ($page == "start")
{
echo "Home" ;
echo "<a href=\"?page=index\">Back to Homepage</a>";
}
?>

We can also send forms within a file, so we only have to enter the correct query url in action value. Look like this:

<form  action = "?page=start"  method = "post" > 

Why do you need this?

Of course, we could save everything in different files, but if you have several steps (e.g., 10) for registration, then you would have to create 10 files. Otherwise, with this principle only 1 php file needed.

« »