In Assignment One, you set up the basic design of the site, now you must expand the functionality of the site by adding SERVER-side PHP scripts. Design All new pages created for this assignment must conform to the design criterion established for Assignment One. All the pages you created in Assignment One should also be present in Assignment Two-not just the new pages or modified pages.
Required Tasks and Elements Assignment 1 Concepts Marks will be deducted for failure to adhere to the concepts already marked in Assignment One. E.g., Pay attention to your PHP coding style, e.g., your code should: Be simple and elegant, Be documented, e.g., comments at top of each document and on major sections, Use appropriate variable/types names, Use an appropriate layout, e.g., consistent indentation and use of white space. Appropriately structured, modular, reusable etc. Pay attention to the coding style of any new, modified or "PHP generated" XHTML or CSS (as detailed in Assignment One).
All new pages created for this assignment, and that includes dynamic pages created by PHP scripts must be in the same design style as all the pages in Assignment One This assignment must work when viewed using the Firefox browser or the Debian/Linux Firefox clone-Iceweasel. Your PHP scripts must work using the supplied version of PHP-the supplied version of PHP does not have any extra modules compiled in-it is the vanilla PHP with the calendar module only.
All URLs must work and be relative. Use CSS not XHTML attributes for presentation and style. All pages produced should be valid XHTML. Data Directory Data is going to be collected from users, some of it very sensitive and will require protecting. For ease of coding and marking create a new top level directory called data that will contain all the data files created and be used by the scripts of this assignment. Catalogue Pages From Assignment 1 you should have your site's catalogue spread over at least two pages with a link or entrance page to the catalogue. Modify the existing Catalogue pages using the XHTML Form element so that a visitor to the Catalogue pages can: Select items in the catalogue for purchase.
Each item that can be purchased has to be selectable with a quantity. That is, the number of seed packets the visitor wishes to purchase. After the customer has selected the items he or she wishes to purchase (with quantities for each item) there should be a Continue button on the page so that the customer's selections can be sent to the SERVER. Write a PHP "Order" script to do the following- Accept the input from the Catalogue forms. Check whether a cookie containing previous selections has been sent by the client Combine the selections in the cookie with the new selections from the form Return an XHTML page to display the total of the user's selections (those in the cookie plus the new selections from the form). Have the total cost of the purchases at the bottom of the page. This must be a well structured XHTML page. The returned XHTML page should also modify the cookie (or create it if it does not exist) so it contains all the user's selections to date The returned XHTML page should have two buttons on the bottom "Continue" and "Check Out". The "Continue" button takes the user back to the catalogue pages. The "Check Out" button calls the Check-Out script.
The Order script must perform input error checking! It must check input data is valid, cookie data is valid, cookie is valid! The POST method should be used to send the data to the Order script. Use only one script Check-Out Script The Check-Out script should be called if the ``submitting orders'' link of Assignment 1 is selected. When the Check-Out script is called the first thing it should do is read the cookie containing the complete order and validate the cookie data.
If the cookie does not exist (or something is wrong with the cookie data) it will return a page requesting the user first visit the catalogue and make some selections first. There should be a link back to the catalogue pages. If the cookie exists and is valid its contents will be displayed with the total cost of the purchases and added to the page will be a Form requesting shipping address and Credit Card information. The information requested will be- Shipping Information: Name Street Address City Postcode State Payment Information: Credit Card Type Credit Card Number Name on Credit Card Expiry date of the Credit Card (month and year) Card Security Code Use the appropriate XHTML INPUT types. The TEXT input type is not the most appropriate type in all cases. The POST method should be used to send the data to the script. Input error checking must be done by the script (for example, required fields must be filled in.
But do not worry about validating the CREDIT CARD number- to do that you would have to calculate the valid checksum using the Luhn Algorithm-Please don't do this as the marker will be required to enter a valid credit-card number!) When a Purchase has been accepted the Check-Out script will create a unique text file containing the purchase information in the directory data/purchase (see the notes section below). When a Purchase has been accepted the Check-Out script will create a unique text file containing the credit-card information in the directory data/payment (see the notes section below).
Link the two files-the purchase file and payment file by placing the other filename in each text file. That way you know which payment file is linked to which order file When a Purchase has been accepted the Check-Out script will reply with a thank-you page. The cookie on the client machine should also be erased! Use only one script Protecting Sensitive Information The information stored after a successful purchase should be protected from unauthorised downloads. Protect the directory purchase by configuring your SERVER so that only valid users have access to the purchase directory.
Protect the directory payment by configuring your SERVER so that only users in the admin group have access to the payment directory. Create a password file called password and group file called group, containing the following - Username Password Group user1 one admin user2 two The password and group files must be placed in the data directory. These files and any other sensitive files must also be protected by configuring the server so that no-one can download them! Assignment help Section In the help directory document this assignment and include links to the source of ALL your PHP scripts, configuration files &c. Documentation Explain the purpose of the PHP procedures that you have written. Include links in your help documentation to all (non-XHTML) source code files, e.g., PHP, CSS. Error Checking Your scripts should check all input for validity.
Your scripts should escape all input to eliminate any possibility of Cross-Site Scripting. List your checks in the help documentation. Marking Scheme: Order (one script) 30 Check-Out (one script) 35 Script Error Checking 15 Protecting Data 10 Design of new pages 10 Total 100 Notes: Reread the Notes from Assignment One. All new pages created for this assignment, and that includes dynamic pages created by scripts must be in the same design style as all the pages in Assignment One Scripts are to be written in PHP. No other language will be accepted- as learning PHP is part of the course.
Study the example scripts supplied with the SERVER and that can be found in the practicals. Each script must perform multiple tasks-write each task as a separate procedure this way the functionality of the script can be built-up incrementally and debugging is easier. Reuse code. There are a number of functions that are repeated in both scripts (display the contents of the cookie) use the same code.
The following function is an example of a simple way to create a unique filename in a directory # # usage # $filename = uniquefn("cc","payment"); # will create the files: # payment/cc001 # payment/cc002 # ... # relative to the script's location. # function uniquefn($prefix="tmpfile", $dir=".") { $max_files = 999; if( ! is_dir($dir) ) { return NULL; } $count = 1; do { $filename = sprintf("%s/%s_%03u","$dir","$prefix",$count); $count++; if( $count > $max_files ) { return NULL; } } while( file_exists("$filename") ); return $filename; } Do Not use global configuration directives as the directives will Not be submitted with the assignment. Directory configuration files should be used in the directories that require them. Some of the file configuration directives in directory configuration files must be absolute. For example, the path to a password or group file.
This is the only place where absolute pathnames should ever be used. These absolute paths will be modified by the marker before marking your assignment. The password and group files must be in the document tree so that it they are submitted with your assignment. Please note that on a commercial site a password or group file would NEVER be placed in the document tree.