ITEC 325 2011fall ibarland

home—lects—exams—hws
breeze (snow day)

hw03
Server side validation

Due: 2011.Sep.27 (Tue) 23:59.

We will incrementally improve on hw02—Forms's .W.o.W. page by doing server-side validation of the submitted information. The changes you need are to skill-submit.php (and, renaming hw0{2,3}-files.php.)

Make a copy of your directory from hw02, named hw03/. (cp -pR hw02/ hw03 will Recursively copy directories, preserving timestamps.) I will grade your hw in the usual way, by visiting https://php.radford.edu/~yourUserId/itec325/hw03/hw03-files.php, which should (a) before the deadline say "source not available until date", and (b) after the deadline have links to all your hw03 files, showing their last-modified time and source.

Validate the information submitted on the form, as specified below. (You don't need to change the form at all.) In skill-submit.php, if all the user-provided information is validated, just show the result as before. However, if any fields don't validate, you must include a line near the top of the result saying that the form was not properly submitted. Then, include a list of all the errors. Strive to make the error-messages as specific as possible. For example, if the user included an illegal character in a textbox, then the error message:

• Poor: “the field is required, and it must be less than 20 characters long, and it cannot contain any punctuation”
• Acceptable: “the field contains an illegal character; only letters and digits are allowed”,
• Excellent: “the field contains ‘!’; only letters and digits are allowed”.

1. “Your name”: required. Make it long enough that somebody named Kimberleigh-Anne Josephine Montgomery-Richardson ¹ won't be offended, but not too much longer than that, to protect somebody who inadvertently pastes in some other long text into that input. We'll allow any punctation and characters, but there should be at least one alphabetic character included.
2. Attributed tied-to: required; must be one of the items in the list.
   (Do not use a six-way if-else-if; use in-array.)
3. Skill-name: required; can't be too long; can contain spaces, hyphens, apostrophes (and of course alphanumeric characters), but no other characters².

   As part of this step, you must have a php function that takes in a string and a list of allowed characters (or, dis-allowed characters, or perhaps even a regular expression), and returns a an error message (if the string doesn't match the requirement), or the empty string (if the string does match the requirement). Be sure to give a descriptive name to this function.
   (If you're really good, you'll find a way to re-factor this so that you can go back and use this function to assure there is at least one alphaebetic character in the username, as well.)

4. Min-level: optional (if not provided, use 20). If entered, it must a valid number in the range.
   (Design choice: do you want to allow people to type things like "0099"? If the range had happened to include 0, would your verification accept "-0"? Should it?)

   As part of this step, you must have a php function that takes in a string and two integers (an upper and lower bound), and returns an error message (if it doesn't represent an integer in that range, inclusive), or the empty string (if it does). Be sure to give a descriptive name to this function.

5. Skill Description: A max-length, as you feel is appropriate. No restriction on characters.
6. Available-to: At least one box should be checked, and all checks should be valid.
7. Finally: for all inputs, trim spaces from the beginning and end of the field, and collapse consecutive spaces into one³ (pregex-replace \ + ). Do this for all fields in $_POST, as follows:
   1. Write a function which takes in a single string and returns the version with tidied-up-spaces;
   2. write a function which takes an array, and returns a new array with each value tidied up;
   3. at the start of your program, call this latter function on $_POST (putting the result back into $_POST, presumably).
   4. Extra credit: overload these two function names, so you have less names to remember.
   Of course, include test cases for each of these of your functions.
   Note how doing this gives you — for free! — protection against skill-description that is totally whitespace, people who accidentally⁴ mis-enter an extra space in their name, etc..

If you think the above restrictions are too strict or too loose, and want to do something different, comment that clearly at the top of your php file (and run it by me if it's different enough that I might object). Your concern should be with the end-user's experience.

Other requirements

• Each file start should start with with a PHP or HTML comment with your name, class, etc. (after a doctype declaration and perhaps <html>).
• Use meaningful variable names, function names, and good comments as needed.
• Write functions (both php and javascript) as appropriate, to avoid repeated work.
  I recommend writing functions that return strings rather than print (as convenient⁵), and including one or two test-cases as examples. Writing the test-case first often clarifies exactly what your code needs to return.
• Use standard XHTML tags and make sure any javascript does not use browser-specific constructs.
• All code/html should be well formatted with appropriate white space and indentation so it is easy to read.
• Strive to minimize lines of code longer that 100 characters.
• If you have any questions, use the discussion board.
• Do not modify your final submission after the due-date; if you want to make changes, copy all your files to a new directory and work on those.

home—lects—exams—hws
breeze (snow day)

©2011, Ian Barland, Radford University Last modified 2011.Sep.24 (Sat)

Please mail any suggestions (incl. typos, broken links) to ibarlandradford.edu