Reading Assignment
- Study the PHP online manual information on PostgreSQL access functions: pg_connect(), pg_query(), and pg_fetch_assoc() in particular. Also, look at the htmlspecialchars(), preg_replace(), and sha1() functions.
Assignment To Submit
The assignment is to validate users by checking the username and password supplied by the user against values stored in database tables.
When you have finished the assignment, send me an email message, and I’ll check it out on babbage.
- Be sure to sign your email so I know who sent it.
- The Subject line of your message must be:
CS-90.3 Assignment 5
-
Set up your database.
Following the instructions given in class, be sure you can access your database on oak, and add two tables to it named users and emails. The users table is to have an id column of type serial, a username column of type text, and a password column of type text. The emails column is to have an email column of type text and a user_id column of type integer. emails.email must be not NULL and unique; emails.user_id must have a foreign key constraint: it must reference users.id.
Populate your tables with information for at least two users. One of the users must have a username of 'Perfect Student', must have a password of 'e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4', and must have two email addresses in the emails table. This password is the result of passing the string 'secret' to the sha1() function.
-
Modify the login form page from Assignment 4.
Add a second form to it with the legend of the fieldset saying “Assignment 5.”
This form is to have an action page named assignment_5.php, and must contain a text input for the user’s name and three password inputs for password, new password, and new password again. Be sure each input has a clear and meaningful associated label for it.
The last two password fields must be present, but implementing the change-password feature that uses them will be an optional, extra-credit, part of the assignment.
-
Implement the login feature by looking up the user's name and password in the database.
The page assignment_5.php, unlike the action page for Assignment 4 is simply to display one of three messages:
- A message that tells the user he or she has logged in successfully.
- A message that tells the user his or her name was not found in the database.
- A message that tellse the user his or her name was found in the database but that the password entered was incorrect.
You would never give separate messages for the second and third cases in the real world. But this is an academic exercise, and we want to be able to debug the code easily.
All passwords in the database are to be stored as sha-1 hashes of the password entered by the user. If you would like to “salt” the hashes, you may do so, but you will have to then change the password for user “Perfect Student” from the value given above to the hash of 'secret' with your salt added to it.
-
Add an email lookup feature to the action page.
When the user logs in successfully, include a list of all of his/her email addresses in the message displayed.
-
Optional: Add a “change password” feature.
If you have the time and inclination, add code to the action page that lets the user change his or her password.
If the user logs in successfully and if the “new password” input matches the “new password again” input (and they are not blank), update the user’s password in the database.