$25
Task: In this assignment you will create a login capability for your Calendar Website and learn about how to restrict the access to pages of your Calendar website by using a relational database (MySQL). This is a very practical php application that is widely used in web portals and content management systems (CMS) like WordPress, and PHP handles it very well. You must create two pages that are critical for your task: login.php, and logout.php. If a user attempts to use your website, but is not logged in, he/she should be redirected to the login page. The login page gets and validates the user login ID and password, checks the user login ID against the database, checks the password against the database, and if everything matches, redirects the user to the first page of your website - the calendar page. From there, the user may navigate to the second page of your website, where the Input form is present. The pages of your website need to be protected from anyone who does not have a login and password in your system. You can use $_SESSION variable in PHP to store the current user's information, and if it is not set, redirect the person attempting to use the Calendar or Input page to the login page. Functionality: If user is not authenticated, opening calendar page or Form input page should redirect user to login.php login.php should display a login form with at least the following: Login ID Field Password Field Submit Button Div for Errors The following pages illustrate and describe the behavior you will implement when someone attempts to access your Calendar or Form php scripts. First, if a person attempts to run your Calendar.php or Form.php scripts and they are not “logged in”, the login page will be displayed as follows. 2 When the submit button is clicked, your login page should validate the input and, if necessary, display the following errors: Please enter a valid value for Login Name Field. Please enter a valid value for Password Field. or both, if both Fields are empty 3 After your login script successfully obtains values for the login and password, your login script should query the database to check the values entered against the values stored in the database. The following errors need to be reported should they occur: o Login is incorrect: User does not exist. Please check the login details and try again. (This will be displayed if the Login ID entered is not present in the database users list) o Password is incorrect: Please check the password and try again. (This will be displayed if the correct login is entered, but the encrypted password associated with the Login ID in the database is not the same as the encrypted password entered by the user.) 4 Passwords should be stored in the database in a SHA1 hashed format. You need to convert the password string entered by the user into a SHA1 hash format using sha1() function of PHP, and compare it to the SHA1 hashed password stored in the database. You should edit and run the insertValues PhP script provided to insert a user or users, login names and passwords into your database before running your login script. When a user has successfully logged in, the Calendar page and Form Ipage should display a welcome message with the current user name, and display a logout button or link. When a user selects the LogOut button on the Calendar or Form Pages, your script should should clear the session variable, destroy the session, and redirect the user to login.php page. Once logged out, a user can no longer open the Calendar or Form pages without successfully reentering her or his credentials via the login.php page. MyCalendar.php 5 MyForm.php In the Assignment files for this assignment, you will find 3 skeleton files: o createTables_HW6F17.php; o insertValues_HW6F17.php, and o database_HW6F17.php. The database_HW6F17.php file contains code that sets php variables which contain values you can use to create a connection to your MYSQL database. Edit the file and add your database name, database username, and password credentials as provided to you in the column named Database Information in your grades on Moodle. Your Database name and password are provided (password is in the feedback column). Note, your database name and database user name are the same (F17CS4131Uxxx, where xxx is a number between 1 and 130) Edit the other two files and add your MySQL account credentials as you did with the database_HW6F17.php file, and then execute the files to create the tables and add users with their sha-1 hashed passwords. You should use the php include or include_once statements in your login.php code to get the database server credentials from database_HW6F17.php, and to use those credentials (values stored in PHP variables) to execute PhP mysqli functions and methods to create your connection to the MYSQL database in your PhP code. 6 Database: The Database in this assignment contains one table: tbl_accounts The table (tbl_accounts) has following fields: acc_id, acc_name, acc_login, and acc_password. You can use following PHP code to initiate a database connection: To connect to the database directly from cselabs unix machines (you can issue SQL commands directly to the database via the command line) you can do the following: % module load soft/mysql % mysql – u -hcse-curly.cse.umn.edu -P3306 -p And then enter your password when prompted. Once you have started MySQL, you can, and should, change your database password with the following command set password=password('whateveryouwant'); Submission Instructions Include the following files in one zipped file for your submission: login.php : Main Login page logout.php : Logout page The Calendar and Form input pages in your website with logout links, and modified to prevent access if a user has not successfully logged in (i.e., established a session). The modified insertValues_HW6F17 php file (which contains your passwords) style.css: (optional) A readme file with any additional details Any other files that you think we will need 7 Grading Criteria (100 points): 1. Submission instructions are met - 10 points 2. Both the pages of your website redirect the user to login.php page automatically before authentication - 10 Points 3. The Login page shows the form elements and submit button - 10 points 4. The Login page handles input validation, checks and retrieves the user from the database, and displays the appropriate errors - 15 points 5. The Login page logs the user in and redirects to calendar page - 15 points 6. Both pages of your website display the appropriate user name at the top - 15 points 7. It is possible to Navigate between pages and the pages are functional – 10 points 8. The Logout functionality works correctly - 15 points