(Assignment last updated: 10/15/2009 3:03:52 PM)  

Assignment 4 -- Forms, Validation, Cookies and Sessions

1. Validate.php  - This page validates that the user has entered valid data in four textboxes. The user is given a polite warning below the textbox if the data is not valid. The code from the class handout Validation.php (source) may be useful. Steps:

  1. Create a php page with four textboxes and a button. You can copy the HTML from the sample if you like.

  2. Persist the values in the textbox between page postbacks by setting the value attribute of the textboxes as follows: 

    value="<? echo $firstname; ? >" 

    You will need to use $_GET[] at the top of the script to set the value of the PHP variables.
  3. The invalid data warnings should appear immediately below the appropriate textbox. Do this with a php script block below the textbox: The php code looks something like this:
     
    <?php
    If ($postback && (strlen($firstname) == 0 || !ctype_alpha($firstname))) {
    echo "<font color='red'>Please enter your first name (alpha characters only)</font>";
    $pageValid = false;
    }
    ?>
  4. The first time the page is loaded it should not display warning messages. We will use a hidden form field to create a "flag" named postback to tell us that the page is posting back to itself. We will only display the warnings when postback=true.
  5. If all data on the page is valid write a "Success" message at the bottom of the page. We will know the page is valid by creating a flag named $pageValid. At the top of the script set $pageValid=true. If any of the data is not valid, set its value to false (see the code snippet above). Only display the "Success" message at the bottom of the page if ($pageValid == true && $postback). 
  6. Use the following criteria to validate each textbox. You may perform stronger validation, but not weaker. For a regular expression email pattern you many use the one from the class handout or Google "regular expression email."

    User entry Validity Tests PHP functions & tools
    first name length > 0, alpha characters only strlen(), ctype_alpha()
    age numeric value in the range 13-99 is_numeric(), comparison operators (<, >)
    email valid email format (does not have to be precise) regular expressions -- preg_match()
    state abbreviation valid 2 character state abbr. Valid state abbrevations in an array and use in_array() to search.

  7. The textboxs and text in the page should not jump around when error messages appear, as this look amateurish.

2. Order01.php - This three-page order form uses cookies to store user information between pages. It also validates that the user has entered valid data before redirecting to the next stage of the process. Instead of giving the user a "Success" message we will write their information to a cookie and redirect them to the next stage of the order process. Steps:

The page is similar to the previous example. In the "success" block do the following:

  1. write the user's info to cookies. For example: 
          setcookie("firstname",$firstname); 

  2. Redirect the user to the next stage of the order process as follows:
           header("location: Order02.php"); 

The second page, Order02.php, asks the user to select a car color. It also validates that a value was entered before redirecting to the final stage of the ordering process.  This page is very similar to Order01.php. 

The final page, Order03.php, reads the information from the cookie and puts it into a message to the user. It also displays an image of the car they have selected. 

There are nine car-color combinations (3 car models x 3 colors). You should use the images located at: /sandvig/mis314/assignments/a04/images/accordGreen.jpg

The image names are:

AccordGreen.jpg
AccordRed.jpg
AccordSilver.jpg
OutbackGreen.jpg
OutbackRed.jpg
OutbackSilver.jpg
s2000Green.jpg
s2000Red.jpg
s2000Silver.jpg

Note that the image names are composed of the car model and color. Concatenate the car model and color directly into the image tag to specify the image, as shown here:
 
<img src="/mis314/assignments/a04/images/<% = strModel & strColor %>.jpg" >

Finally, provide a link back to order01.php.

Option: If you don't like my boring car styles you may use different images.  You must have at least three car models in at least three colors each.

3. index.php - This assignment password protects the page index.php. If a user tries to access index.php before logging-in they are redirected to a login page. The page first checks for the existance of a session object to see if the user has been authenticated and if they aren't it redirects them to the login page.

The login page requests a name and password and, if correct, creates a session object containing the user's name and redirects the user to index.php.

Note: all php pages that use sessions must include the session_start() function at the top of the page before anything is outputted to the browser.

Steps for login.php:

  1. Create Form: Create a form with two textboxes and a hidden field named 'postback' (see source code in example). Passwords should never appear in the query string, so use method = "post" in the form tag.

  2. Form Validaton: Add validation to the textboxes, similar to Validate.php. The test to check the first name looks something like:

    If ($_POST['postback'] && strlen($_POST['username'])< 1) {...

  3. Validate user and create session: At the top of the page add an IF statement that checks that a username has been entered and that password is 'guest'  If both conditions are true, assign the user's name to a session object and redirect the user to index.php. The syntax to check for a valid username and password looks something like:

    if ($_POST['password'] == 'guest' && isset($_POST['username']))

    The syntax to redirect to index.php:

    header("location: index.php");

  4. Hyperlink: Add a hyperlink near the bottom of the page that points to index.php.

Steps for index.php

  1. Check if logged in: Add an if statement at the top index.php checkes for a session and if not found redirects the user to login.php. The syntax is something like:

    if (!isset($_SESSION["username"])) {...

  2. Greeting: In the body of the page add a message that greets the user by name.

  3. Logout button: Add a form button with the text "logout" and a hidden form field that sets "abandon" to "true."

  4. Session_unset(); Add another if statement at the top of the page that checks if the logout button has been clicked. If the posted variable "abandon' is true then use the session_unset(); function to clear the session, then redirect the user back to the login page.

Check your URLs to make sure they are correct before you submit them for grading.  The subject line of your email should read "MIS314 Ax YourName" where x is the assignment number. Send an email with the appropriate URLs to: 

  1. Professor Sandvig at (note: this address is for homework assignments only. Please send other email to )
  2. The class teaching assistant, Emma James, at
  3. cc a copy to yourself (as a time-stamped receipt of your submission) 

When pages are connected via navigation it is only necessary to submit the URL to the first page.