A11-Authenticating Users

On This Page Overview Specifications Extra Credit Grading Criteria (22) What to Turn In Overview During this assignment, you will implement a registration and login system for your project that includes: Developing a form that allows users to register Develop a form that allows users to login Develop a protected (login required) page that requires users to login Note on Database Wrappers: Do NOT use a database wrapper like PEAR MDB2 or ADODB for this course. These are fine products but the instructor does NOT have them installed and your code will fail the tests if you use them and you will get a low score. ^ top Specifications This assignment has several parts and you must complete all parts for full credit. First make sure you have completed the exercises from lesson 11 and have saved the files using the specified names exactly. Using the specified file names makes for easier grading. Write a single-page form named register.php for your project that allows users to register a username and password on your web site. Using the specified name makes grading easier. After you turn in the assignment, you can change the name of the page for your final project. Also note that you should NOT include "secure.php" in your register.php page for this assignment. You can change this after the assignment if you do not want to allow self-registration. Write a single-page form for your project named login.php that allows users to login to your web site. Using the specified name makes grading easier. After you turn in the assignment, you can change the name of the page for your final project. Write a page for your project named logout.php that destroys any cookies and session variables you may have created in your login and registration processes and prevents access to the secret page. Using the specified name makes grading easier. After you turn in the assignment, you can change the name of the page or remove the page from your final project. Write a "secret" page for your project that requires visitors to login before they can access the page. Please identify the name of the page in your README.txt file. I will run the page to verify your code. It must run without warnings, errors or notices for full credit. Ensure that user entries are checked for errors, errors are clearly identified and that users can correct mistakes easily. Use the included file includes/dbconvars.php for all database connections in your code. Even though you do not need to submit your dbconvars.php file, the instructor will use one to test your work. Failure to use a dbconvars.php file will result in a poor grade. Export (dump) your database as SQL statements to a text file using the technique we discussed in lesson 2.1.5. Name your file after your database name and add the extension .sql to the name (dbname.sql). For example, the artzy database export file would be named artzy.sql. Make sure that your dbname.sql file: Does not contain a SQL 'USE' or 'CREATE DATABASE' statement anywhere in the file Includes DROP TABLE IF EXISTS statements for all tables Create a PHP comment at the top of all PHP pages formatted like the following: /** * CIS-165PH Asn 11 * login.php * Login page to authenticate users * * @author Ed Parrish * @version 1.3 5/02/08 */ In your README.txt file provide instructions on using this assignment. For example, if a password is required, please include a password. If any particular values are required for a form, please provide the values. Zip your files and submit the zipped archive file to Blackboard as explained in the section of this document: What to Turn In. Note: Please do not turn in more than one *.sql file or I may grade using the wrong file. Also, please do not put any spaces or special characters like #, : or $ in any file or folder names. ^ top Extra Credit The following are worth extra credit points: Provide a page named preferences.php that lets the user change their password and other personal information in your database. (2 points) Make certain that your README.txt file lists any extra credit attempted and the names of the pages containing a sample of the work. ^ top Grading Criteria The instructor will evaluate your assignment using the following criteria. Each criteria represents a specific achievement of your assignment and has a scoring guide. The scoring guide explains the possible scores you can receive. Some scoring guides have a list of indicators. These indicators are a sign of meeting, or a symptom of not meeting, the specific criterion. Note that a single indicator may not always be reliable or appropriate in a given context. However, as a group, they show the condition of meeting the criterion. For information on grading policies, including interpretation of scores, see the course information page. Lesson Exercises 2: All lesson exercises attempted and turned in 1: Some lesson exercises completed and turned in 0: No lesson exercises completed or turned in Database Export 2: Database loads from dbname.sql file with no errors or warnings 1: Database loads from dbname.sql file but has errors, warnings or missing data 0: Does not load or dbname.sql file not submitted Functionality 10: Demonstrates mastery of the assignment Has extra features or demonstrates techniques beyond the assignment Applies concepts from the lessons appropriately Meets all specifications (see above) with particularly elegant solutions Runs to completion with no abnormal error conditions Generates correct output given correct input Behaves in a reasonable way in response to incorrect data 8: Has all the functionality expected of the assignment Demonstrates many techniques from the lesson Meets all specifications (see above) Implementation seems more complicated than necessary. May have one minor error 6: Has most of the functionality expected of the assignment Demonstrates some techniques from the lesson Meets all but one of the specifications (see above) Implementation seems excessively complicated. May have 2-3 minor errors 4: Has some of the functionality expected of the assignment Demonstrates some techniques from the lesson Meets at least 1/2 of the specifications (see above) Implementation seems excessively complicated. May have more than 3 minor errors 2: Serious functional problems but shows some effort and understanding Meets less than 1/2 of the of the specifications (see above) Has a major error or many minor errors Implementation seems very convoluted Demonstrates few techniques from the lesson 0: Does not execute User-Input Error Handling 4: Errors are handled gracefully and users can correct them easily All input is thoroughly checked Error messages clearly explain how to fix the problem All errors are identified in the form at one time All prior entries retained Errors color-coded or highlighted 3: Errors can be corrected with some effort All input is checked but some minor conditions were missed Error messages somewhat explain how to fix the problem All errors are identified in the form at one time All prior entries retained 2: Errors are tiresome to correct or messages are annoying All input is checked but many conditions were missed Error messages are somewhat vague Only one error at a time is identified Prior entries are discarded 1: Error checking is inconsistent Some input is not checked Error messages are confusing Prior entries are discarded 0: Does not run PHP Documentation 2: Code is well-documented Name, date, and page description in page comment block Follows format for page comment block Proper use of whitespace and indenting Files are correctly zipped 1: Code has minor documentation errors Has 1-2 documentation errors 0: No apparent attempt at documentation README.txt File 2: README.txt file submitted with specified information included 1: README.txt submitted but some information was not included 0: No README.txt submitted Maximum Score: 22, plus extra credit ^ top What to Turn In Submit your assignment following the instructions for homework. Create a single zip file with at least the following files in the web-application root folder: README.txt file All the exercise files from Lesson 11 login.php file register.php file Your login-protected web page dbname.sql file Note: if you turn in a file with the wrong file name, you may receive no credit. Your .zip file must include all the files and subdirectories needed to make your assignment function properly. Do not assume that the instructors has any files except dbconvars.php. Your assignment must work as submitted. If you have a restricted page that is part of the grading, please explain in your README.txt file how I can access it. If I cannot access a restricted page, then I cannot grade it. ^ top Home | Blackboard | Syllabus | Expectations | Schedule Project | Help | FAQ's | HowTo's | Links Last Updated: May 24 2012 @16:15:52