CS-90.3 Assignment 4
Due May 3

This assignment is an exercise in using PHP’s session mechanism to manage visitors’ flow through a web site that requires people to log into the site before using its special features. Your site’s “special feature” is the form where users enter text and a color, and get to see their message squared and colored.

You will also practice processing a primitive sort of database: a CSV spreadsheet that contains user names and passwords.

When you have finished the assignment, send me an email message, and I’ll check it out on babbage.

• Be sure to sign your email so I know who sent it.
• The Subject line of your message must be:

  CS-90.3 Assignment 4

1. Set up your site.

   You may need to modify the following setup if you have already set your site up differently from the way we left it after Assignment 3. That’s okay but your setup must include the features listed here. Also the presentation that follows assumes the setup given here, so you might have to interpret what’s said here in light of changes you might have made.

   So far, your site has an index page that contains the form where users enter some text and a color, and an “assignment_2.php” page that processes the form data from the index page. The structure of the site is still to include those two pages.

   Add two new pages: a login page (login.php) that includes a form where users enter their user name and password, and a verification page (scripts/assignment_4.php, for example), which verifies that the user has entered valid credentials. The login page is to be styled “nicely” and include the XHTML and CSS validation links, but the assignment_4 page will (utlimately) never be seen by users and need not be styled at all.

2. Implement the login feature.

   Set up a simple form on the login page that provides a text input element for the user’s name, and a password input for the password. Submitting the form sends the form data to the assignment_4 page using the POST method. (Why POST?).

   For now, the assignment_4 page is simply to display a message telling the user whether the login attempt was successful or not. The implementation of this page is to work as follows:

   1. Make sure the user name and password data are present in the $_POST array, and that neither is empty (after trimming away whitespace at the beginning and end of each string). If any of these preconditions fails, the user has not logged in successfully.
   2. Read the file named users.csv that I have saved at users.csv to see if the user name and password provided on your form are in this file. You can use the link to download a copy of the file to use while developing your site, but when you submit the assignment, your code is to use the file in the location given.

      Here is PHP code that reads each line of the file and “dumps” it onto the web page:

      <?php ini_set('auto_detect_line_endings', true); $fp = fopen('../../users.csv', 'r') or die("Unable to open\n"); while ($line = fgetcsv($fp)) { var_dump($line); } ?>

      Note that the code goes outside of your site to access the file: PHP code can do that.

      You will see that the file contains four columns per row (taken from the spreadsheet that I use to inidividualize exams for students in this course): Exam Id, Student Id, Last Name, and First Name. For this assignment, use the Last Name column as the user name, and the Student Id column as the password.

      The algorithm you have to implement inside the while loop is to compare $line[1] to the password supplied by the user, and $line[2] to the user name. If both strings match, the user has logged in successfully, and an appropriate message is to be displayed. If the while loop completes without finding a match, an appropriate error message is to be displayed instead. You should use a break statement to exit the loop when a match is found rather than continue to go through the loop. You will need a boolean variable, initialized to false before entering the loop, and set to true when a match is found, to test whether the user logged in successfully or not. In pseudo-code:

      $found = false; while ($line = ... { if user name and password match this line { $found = true; break; } } if ($found) echo successful login message else echo unsuccessful login message

3. Use session variables and redirect headers to manage the loging process.

   Instead of having the assignment_4 page display messages, have it redirect the user either back to the login page (if login was unsuccessful) or to the index page (if login was successful).

   Here is sample code that redirects the user to the login page (assuming the login page is in the directory above the assignment_4 page:

   header("Location: ../login.php");

4. Use session variables to manage the user’s flow through the site.

   If the user accesses the index page or the assignment_2 page without logging in first, do an immediate redirect to the login page.

   If the user accesses the index page after logging in, display a message above the form greeting him/her by name.

   Have the login page record the user’s name in $_SESSION['logged-in-as'].

5. Handle assignment_2 specially.

   If the user goes directly to the assignment_2 page, record it in another session variable, and have the login page return the user to that page instead of to the index page if login is successful

6. Validate and test your code carefully before submitting it.