DUE: February 24, 2009, BEFORE start of lab
Most web applications require their users to log in before they can use the site. For this lab, you will create code to create new users, allow a user to log in, and display a list of current users.
You will need a reference book, or online PHP tutorials and references for this lab.
1. You need to use objected-oriented approach when you write your PHP scripts.
2. Make sure the code you write is well documented.
3. While you do not have to validate the XHTML code generated by your PHP scripts, you should try to write/generate well-formed XHTML.
Part 0: Create page.inc.php (5 points)
Part 1: Create New User (45 points)
For this part, you will write the code to allow a new user to create an account to use the system, using a web interface. The user information will be stored in a file (later we will use a database to store all information).
a) Using your page.inc.php file, create an input page called input_newuser_page.php that includes a form with three input fields: username, password1, password2. The action for the form should be newuser_page.php.
b) The purpose of the form is to allow a user to create a new user name and password. But other actions will be needed for users, such as check user and list users. Create another file called “user.php” which defines a class called “user”. The class should include variables for each user attribute ($userName and $password) and functions that may be needed when creating, finding, or listing users. For this exercise, just implement a function for adding a new user.
function add_user($userName, $password1, $password2, $fileName);
This function should do some checks described below, and if there is some error, the function should just return FALSE. If everything is OK, a new row for this user should be written into the file with provided file name and the function should return TRUE. Note that you should never store passwords in plain text. You should therefore store the username and the encrypted password (use the sha1() function). The information about a user should be stored on one line, with some delimiter such as tab or “|” between the username and password.
· Check that current user does not already exist in the file with given filename.
· Check that password 1 and password 2 are the same (use strcmp())
· Check that the password contains at least one letter and one number (use ereg())
c) Now add code to newuser_page.php to create a new user object, and call the function add_user() with the “posted” values from the form and some file name as parameters. Based on the return value for the function, display some feedback message for the user.
Test you program. Input some data, submit, and check in the file if the appropriate rows were added to the file.
Part 2: Log in (30 points)
For this part, you will write the code to allow an existing user to log into the system,
a) Using your page.inc.php file, create an input page called input_login_page.php that includes a form with two input fields: username, and password. The action for the form should be login_page.php.
b) The purpose of the form is to allow a user to log in into the system.
Now you will add to the user class a function to check whether the information entered by the user matches the data in the file:
function check_user($userName, $password, $fileName);
The function should return TRUE if the user with given name and password exists into the file with given file name, and FALSE otherwise. Remember that the passwords stored in file are encrypted, so you should encrypt the password before checking for equality. Note that you can use explode() to split the line you read from the file to get the username and encrypted password.
c) Now add code to login_page.php to create a new user object and call the check_user function with the posted values from the form and the name of the file containing all the users as parameters. If the information entered by the user matches the information in the file, a link to a new file you will create in part 3 userlist_page.php will be displayed. Otherwise, an error message is displayed.
Part 3: Display list of users (20 points)
For this part, you will display all the users in the users file as a HTML table.
a) Add to the user class a function to returns an array containing a list of all user names from the given filename.
b) Using your page.inc.php file, create a userlist_page.php script that creates a new user object, calls the list_users function, and formats the output as an XHTML table.
At this point you should be feeling pretty confident in your ability to process forms using PHP and how html files interact with PHP files. Your experience with C++, Java, and Perl makes this relatively easy to do. With a good syntax reference (plenty on the web but a good reference book is the best) you should be able to write server-side scripts. File I/O, classes, looping constructs, single and multidimensional arrays, string manipulation, and many of the topics covered in IC210, IC211, and IT350 are all featured in PHP. We could go on for weeks just learning and mastering PHP. The bottom line is given your programming experience you should be able to use PHP to the maximum extent possible by simply using a reference manual to figure out the syntax and semantics of the language.
Turn in (due before start of lab on February 24, 2009):