In this assignment you will expand a web based application to track data about automobiles and store the data in a MySQL database. All interactions will follow the POST-Redirect pattern where appropriate.
Note that there is no specific sample code for this assignment.
You can explore a sample solution for this problem at
http://www.wa4e.com/solutions/autosess/
There are several resources you might find useful:
http://www.wa4e.com/code/sessions.zip
Here are some general specifications for this assignment:
This assignment reuses the tables from the previous assignment. No additional tables are necessary.
The changes to index.php are new wording and pointing to view.php to test for login bypass.
The basic functionality, password checking using salt and hashing, error logging, and data validation for the login.php is the same as in the previous assignment.
There are several changes that are needed for this assignment as follows:
// Redirect the browser to view.php $_SESSION['name'] = $_POST['email']; header("Location: view.php"); return;
$_SESSION['error'] = "Email must have an at-sign (@)"; header("Location: login.php"); return;The error message must be displayed only on the next GET request. (i.e. properly implement the POST-Redirect-GET-Flash pattern)
if ( isset($_SESSION['error']) ) { echo('<p style="color: red;">'.htmlentities($_SESSION['error'])."</p>\n"); unset($_SESSION['error']); }Subsequent GET requests (i.e. refreshing the page) should not show the error message to properly implement the POST-Redirect-GET-Flash pattern.
The autos.php script from the previous assignment is broken into two scripts in this assignment. The view.php script shows the list of automobiles in the database and the add.php script handles adding new automobiles to the database but does not list any autos. The view.php includes a link to add.php and logout.php and the add.php has a Cancel button.
The view.php screen
The add.php screen
In order to protect the database from being modified without the user properly logging in, the view.php and add.php must first check the session to see if the user's name is set and if the user's name is not present, the view.php must stop immediately using the PHP die() function:
if ( ! isset($_SESSION['name']) ) { die('Not logged in'); }To test, navigate to view.php manually without logging in - it should fail with "Not logged in".
In view.php if the Logout button is pressed the user should be redirected back to the logout.php page. The logout.php page should clear the session and immediately reditect back to index.php:
session_start(); session_destroy(); header('Location: index.php');
In the add.php script, when the "Add" button is pressed, you need to the same input validation as in the previus assignment, except that you must display the error using a proper POST-ReDirect-GET-Flash pattern.
In the add.php script, when you successfully add data to your database, you need to redirect back to view.php and pass a "success message" to view.php using the session:$_SESSION['success'] = "Record inserted"; header("Location: view.php"); return;
The view.php must detect and display the success message using the flash pattern:
if ( isset($_SESSION['success']) ) { echo('<p style="color: green;">'.htmlentities($_SESSION['success'])."</p>\n"); unset($_SESSION['success']); }
For this assignment you will hand in:
See the sample screenshots below to see how to show a POST-Redirect-GET happenned.
Don't take off points for little mistakes. If they seem to have done the assignment give them full credit. Feel free to make suggestions if there are small mistakes. Please keep your comments positive and useful. If you do not take grading seriously, the instructors may delete your response and you will lose points.
The total number of points for this assignment is 10. You will get up to 5 points from your instructor. You will get up to 3 points from your peers. You will get 1 for each peer assignment you assess. You need to grade a minimum of 2 peer assignments. You can grade up to 5 peer assignments if you like.
Some of the screenshots ask to see the developer console demonstrating the POST-Redirect pattern similar to the following:
Provided by:
www.wa4e.com