CSCI 2006 - Spring 2024 - Server-Side ProgrammingAssignment #3 - User Accounts & Manager Views

Assignment #3 - User Accounts & Manager Views

Purpose: Expand our webpage to include additional features (part 2)

Instructions

  1. You may begin this assignment by either using your solution from Assignment #2 or the solution for Assignment #2
  2. The expanded website we will be created is demonstrated here
  3. Add a page to your site that includes a form for the user to enter a username and password
  4. Add processing code to your site that will recieve the entered username and password and do the following
    1. Run a query to get the information for the user account (if it exists) with that username (note you are only supplying the username to this query)
      SELECT * FROM `User` WHERE `user_name`=?
    2. If the query returns a row, check the "user_hash" field against the supplied password using PHP's password_verify function. The "user_hash" value is a hash made using a one-way hash
    3. If the password verifies as correct, set session data to track this particular user. I recommend storing the user_id, user_type, and their user_display at a minimum (as those will be used later). Bring the user to the home page
    4. If the password verifies as incorrect, bring the user to the login page and display a message indicating that the login failed
    5. If the query returned no rows, act as if the password verification failed (we don't want to let site visitors know if the username is correct)
  5. Add a page to your site that when visited, logs the user off (likely you removing the session data) and returns the user to the home page
  6. Modify your site to respond to whether a user is logged in, in the following ways
    1. If a user is not logged in, the navigation items should be "Home" and "Login"
    2. If a user is logged in (and is not an admin), the navigation items should be "Home", "Cart", "Logoff"
    3. If a user is logged in (and is an admin -- user_type="admin"), the navigation items should be "Home", "Admin", "Logoff"
    4. When the cart page is visited, you will need to get the cart id via a query:
      SELECT `cart_id` FROM `Cart` WHERE `cart_user`=? AND `cart_status`='open'
      and pass this acquired cart_id as the parameter like we did in the previous assignment
  7. For the admin page, ensure that the user is an admin prior to displaying any content, if not, return the user to the home page. For the content of the admin page, display a list of users and their current cart totals, as well as a list of artworks and the distribution of sales of products for those artworks. The queries you will need for that data are:
    SELECT `user_display`,
  SUM(`ci_qty`*`variation_price`) AS total
 FROM `Cart`
  INNER JOIN `CartItem` ON `ci_cart`=`cart_id`
  INNER JOIN `Variation` ON `variation_id`=`ci_variation`
  INNER JOIN `User` ON `user_id`=`cart_user`
 WHERE `cart_status`='open'
 GROUP BY `user_id`, `user_display`
    SELECT `variation_name`,
  `work_name`,
  `artist_name`,
  SUM(`ci_qty`) AS total
 FROM `Variation`
  INNER JOIN `CartItem` ON `variation_id`=`ci_variation`
  INNER JOIN `Work` ON `work_id`=`variation_work`
  INNER JOIN `Artist` ON `artist_id`=`work_artist`
 GROUP BY `variation_name`,`work_name`,`artist_name`
  8. The database has 4 defined users
    1. admin, with a password of "admin123"
    2. user1, with a password of "cookiefrogpuddingsnail"
    3. user2, with a password of "raspberryfirecake"
    4. user3, with a password of "sandbeachtowelumbrella"
  9. Test your site to ensure that pages that are not in the navigation are not displaying any information that a user should not have access to (such as non-admins and the admin page, or non-users and a cart)
  10. Upload your files to the a folder called "assignment3", inside your csci2006 folder
  11. In a web-browser, go to the URL below to verify it appears as expected

    Link will populate after you enter your username
  12. Ensure that your code is not producing any errors or warnings, by using the log-access tool. If you have trouble understanding the log messages, please email me for assistance. Note the log does not reset, so you need to look at when any errors/warnings occurred and which HTTP request they were for to better understand whether you have already fixed that issue

Submitting Instructions