ITEC 325 2011fall ibarland

home—lects—exams—hws
breeze (snow day)

hw05
DB connectivity

Due: 2011.Nov.16 (Wed) 23:59

You will add to your hw04 by storing .W.o.W. skills in a database, retrieving information for one given skill, and retreiving a summary list of all skills. You will also add login sessions.

1. Copy your hw04/ project directory to hw05/.

2. (10%) Have a user login page authenticate the user/password against a database. [Clarification Nov.12:] Have the user's login time out after some amount of inactivity (10min, or perhaps 30sec, for testing).

   (You'll presumably add authorized users to the database manually — not through web forms.) For grading purposes, mention a user/password that I can use, next to the entry forms.

3. (30%) Modify the ol' skill entry form so once the information is validated, the skill gets added to the database.
   (You may over-write any previously existing information for that skill, or see extra-credit below.)

   Include all the CREATE statements used for the database, including constraints (as appropriate) for primary key, foreign keys, non-null, and unique keys.
   You do not need to include SQL check-constraints enforcing data validation.

   As discussed in lecture, be sure to guard against SQL injection by calling mysql-real-escape-string on any user-provided text which becomes part of a SQL query (even if other validation requirements make such escaping moot).

4. (30%) Make a page which shows a summary list of all skills previously entered: just the skill name, and which classes its available to. The landing page should be this and/or your login page.

5. (30%) Each skill-name on the summary list should be a link which, when clicked, brings you to a detailed-information page that includes the full description, min-level requirement, and who submitted the skill.

   Note that this is asking for a link which behaves like a form, since you won't have a separate URL for every single course — instead you'll have one page which (given a particular skill-name) pulls the detailed information out of the database. How do you have a link which provides an argument (skill-name) to another page? One easy way¹ is to have the link contain the parameter(s) explicitly, e.g. “<a href="skillDetail.php?skillName=juggling">…”, and the receiving page accesses that argument through $_GET.

   As always, to guard against HTML/script injection, be sure to call htmlspecialchars on all user-provided text (even through the database) which you are embedding in a web page. (This goes for all pages, (even if other validation requirements make such escaping moot).

6. As before, have a file sources.php (in the same directory) which simply show_sources all² your other hw04 files ONLY after the due-date.
   Your forms do not need to otherwise contain a show_source.

7. Extra credit (5%): Have most pages accessible without logging in; have logging-in apply only to entering skill information.
8. Extra credit (5%): Allow for deleting a skill (if logged in).
9. Extra credit (15%): Allow for editing an existing skill. But do so in a way that is unified with entering a new skill: The user will submit a course-number (new or existing), and be taken to the information-entry form, with all database information already filled in. (Just like a sticky form.)
   (If you do this for only for the skill name/min-level/description, but not the available-to checkboxes, that's half of the extra-credit points.)

10. Extra credit (15%; more involved): Handle the situation where a second person wants to edit an existing skill's info even while somebody else is in the process of editing it. You can either use a pessimistic approach (don't let the second person start), or an optimistic approach (when somebody submits, make sure that the database still has the same info as when they started — at least for any fields which they modified).

    The former case is easier, but you have to worry about the first user timing out. You can use database locks to help you with this (but you don't have to).

Guidelines

• Each file should start (after a doctype declaration) with a PHP comment with your name and a summary description of what the php code accomplishes.
• Use meaningful variable names, function names, and good comments as needed. Javascript code should be described with inside (“<!-- … -->”) comments.
• Write functions (both php and javascript) as appropriate, to avoid repeated code.
• Be sure to make all links relative within the directory (so I can run the WebCT submitted files in another directory).
• All code/html should be well formatted with appropriate white space and indentation so it is easy to read.
• Strive to minimize lines that wrap.
• Use standard XHTML tags and make sure your javascript does not use browser-specific constructs.
• If you have any questions, use the discussion board.
• Do not modify your final submission after the due-date.
• To submit your assignment,
  1. Have the main page accessible via https://php.radford.edu/yourUserID/itec325/hw05/. Use index.php as the landing page (or, have it auto-forward to the landing page).
  2. On D2L, attach all necessary files as hw05-yourUserId.zip.

            /* Call 'onSubmit' manually [which runs any code stored in
             * the form's attribute, but doesn't actually submit.]
             * If that code returns true, then *we* trigger the submit.
             */
            if (document.getElementById('theFormsId').onSubmit()) {
              /* We just called onSubmit(); we reach here iff that function returned true. */
              document.getElementById('theFormsId').submit()
              }
            

home—lects—exams—hws
breeze (snow day)

©2011, Ian Barland, Radford University Last modified 2011.Nov.12 (Sat)

Please mail any suggestions (incl. typos, broken links) to ibarlandradford.edu