Internet Programming Assignment #8 Solution

Task:

In this assignment you will create a login capability for your Calendar Website and learn about how to restrict the access to pages of your Calendar website by using a relational database (MySQL).

 

This is a very practical php application that is widely used in web portals and content management systems (CMS) like WordPress, and PHP handles it very well.

 

You must create two pages that are critical for your task:              login.php, and logout.php.

If a user attempts to use your website, but is not logged in, he/she should be redirected to the login page. The login page gets and validates the user login ID and password, checks the user login ID against the database, checks the password against the database, and if everything matches, redirects the user to the first page of your website - the calendar page.

 

From there, the user may navigate to the second page of your website, where the Input form is present. The pages of your website need to be protected from anyone who does not have a login and password in your system. You can use $_SESSION variable in PHP to store the current user's information, and if it is not set, redirect the person attempting to use the Calendar or Input page to the login page.

 

Functionality:

         If user is not authenticated, opening calendar page or Form input page should redirect user to

login.php

         login.php should display a login form with at least the following:

   Login ID Field

   Password Field

   Submit Button

   Div for Errors

 

When the submit button is clicked, your login page should validate the input and, if necessary, display the following errors:

   Please enter a valid value for Login Name Field.

   Please enter a valid value for Password Field.

   or both, if both Fields are empty

 

 

   After form input data validation, your page should query the database and following errors need to be reported should they occur:

   Login is incorrect:  User Does not exist.  Please check the login details and try again. (This

will be displayed if the Login ID entered is not present in the database users list)

   Password is incorrect:  Please check the password and try again. (This will be displayed if

the correct login is entered, but the encrypted password associated with the Login ID in the database is not the same as the encrypted password entered by the user.)

 

             Passwords  are stored  in  the  database in  a  SHA1  hashed  format.  You  need  to  convert  the password string entered by the user into a SHA1 hash format using sha1() function of PHP, and compare it to the SHA1 hashed password stored in the database

 

         The logout.php page clears the session variable, destroys the session, and redirects the user to

login.php page.

 

             The calendar page and Form Input page should display a welcome message with the current user name, and display a logout button or link.  Pressing the logout button will send the user to logout.php  page  and  log  the user  out.  Once logged  out,  the user can  no  longer open  the calendar or ad rotator page without re-entering his/her credentials on the login.php page.

 

MyCalendar.php

 

MyForm.php

 

In the Assignment files for this assignment, you will find 3 skeleton files:

 

o createTables_HW8F16.php;

 

o insertValues_HW8F16.php, and

 

o database_HW8F16.php.

 

 

 

             The database_HW8F16.php file that code that sets php variables that contain the values you can use to create a connection to your MYSQL database.

 

             Edit the file and add your database name, database username, and password credentials as provided to you in the column named MYSQL Database Info in your grades on Moodle.  Note, your database name and database user name are the same (C4131F16Uxxx, where xxx is a number between 1 and 131)

 

             Edit  the  other  two  files  and  add  your  MySQL  account  credentials  as  you  did  with  the database_HW8F16.php file, and then execute the files to create the tables and add users with their sha-1 hashed passwords. You should use the php include or include_once statements in your login.php code to get the database server credentials from database_HW8F16.php, and to be able to use PHP mysqli functions and methods to create your connection to the MYSQL database in your php code.

 

Database:

 

         The Database in this assignment contains one table: tbl_accounts

 

         The table (tbl_accounts) has following fields: acc_id, acc_name, acc_login, and acc_password.

 

           You can use following PHP code to initiate a database connection:

 

<?php

//…

 

include once 'database_HW8F16.php';

 

// Create connection

$conn=new mysqli($db_servername,$db_username,$db_password,$db_name,$db_port);

if ( $conn-connect_error ) {

 

// report error

 

} else {

 

}

//…

?

To connect to the database directly from cselabs unix machines (so you can issue SQL commands directly to the database) you can do the following:

 

module load soft/mysql

mysql -u(mysqluser) -hegon.cs.umn.edu -P3307 -p (databasename)

And then enter your password when prompted.

 

Once you have started MySQL, you can, and should, change your database password with the following command

 

set password=password('whateveryouwant');

 

 

Submission Instructions

 

Include the following files in one zipped file for your submission:

         login.php : Main Login page

         logout.php : Logout page

             The Calendar and Form input pages in your website with logout links, and modified to prevent access if a user has not successfully logged in (i.e., established a session).

         The modified insertValues_HW8F16 php file (which contains your passwords)

         style.css: (optional)

         A readme file with any additional details

         Any other files that you think we will need

 

Grading Criteria (100 points):

 

1. Submission instructions are met - 10 points

 

2. Both the pages of your website redirect the user to login.php page automatically before authentication - 10 Points

3. The Login page shows the form elements and submit button - 10 points

 

4. The Login page handles input validation, checks and retrieves the user from the database, and displays the appropriate errors - 15 points

5. The Login page logs the user in and redirects to calendar page - 15 points

 

6. Both pages of your website display the appropriate user name at the top - 15 points

 

7. It is possible to Navigate between pages and the pages are functional – 10 points

 

8. The Logout functionality works correctly - 15 points