Vous êtes sur la page 1sur 7

Coursework Guidance Apple farm Web site Access mysql database use this link: http://stumyadmin.cms.gre.ac.uk/index.

php to upload your webpages see this website for help http://labs.cms.gre.ac.uk/general/ftp.asp download the File Zilla FTP software from https://filezilla-project.org/ (download the client one) To validate your webpages for HTML: http://validator.w3.org/ CSS: http://jigsaw.w3.org/css-validator/ Web Accessibility: http://www.contentquality.com/ Level 1 and Level 3: Account creation & Verify account a Create form for registration, your form should include username, password, e-mail as required, then add extra fields such as address, phone number. b Use javascript to validate your form i.e make sure that users complete the form correctly c Create database to include a table for members, the table should be able to store all information submitted by form (password should be encrypted before saving), also add primary key, code, and activation status (which default value 0, and change to 1 when user activate account. d Create php file for connecting to your database which should be included in any webpage that will connect to database e See snippets of code in php to help Connection to database
<?php $host = "localhost"; $database = "name of your database"; $user = "root"; $password = ""; //connect the database $con=mysql_connect($host,$user,$password)or die("could not connect to database"); mysql_select_db($database)or die(No database found ); ?>

Save information in database

<?php //connect database, use include function to include your connection file include ("include your connection file created above"); /* validation of customer completed username, password and email fields of your forms*/ if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['email']) && !empty($_POST['email'])){ /*The mysql_real_escape_string() function escapes special characters in a string for use in an SQL statement*/ $username = mysql_real_escape_string ($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $email = mysql_real_escape_string($_POST['email']); //add any other field created in your registration form as above // now you will check if there is a duplicate username

$search = mysql_query("SELECT * FROM users WHERE username='".$username."'") or die(mysql_error()); $match = mysql_num_rows($search); if($match >0){ $msg = 'The USERNAME already exist Try Again.'; echo($msg); }

/* here you validate email is in correct pattern using preg_match() function*/ elseif(!preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z09-]+)*(\.[a-z]{2,3})$^", $email)){ // Return Error - Invalid Email $msg = 'The email you have entered is invalid, please try again.'; echo($msg); } else{ // Return Success - Valid Email $hash = md5(uniqid(rand()); // Generate random 32 character hash and assign it to a local variable. // now insert data into your table users mysql_query("INSERT INTO users (username, password, email, firstname, lastname, address, city, country, postcode, contactno, hash) VALUES( '". mysql_real_escape_string($username) ."', '". mysql_real_escape_string(md5($password)) ."', '". mysql_real_escape_string($email) ."', '". mysql_real_escape_string($firstname) ."', '". mysql_real_escape_string($lastname) ."', '". mysql_real_escape_string($address) ."', '". mysql_real_escape_string($city) ."', '". mysql_real_escape_string($country) ."', '". mysql_real_escape_string($postcode) ."', '". mysql_real_escape_string($contactno) ."', '". mysql_real_escape_string($hash) ."') ") or die(mysql_error()); //now send the email $to = $email; // Send email to our user $subject = 'Signup | Verification'; // Give the email a subject $message = ' Thanks for signing up! Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. -----------------------Username: '.$username.' Password: '.$password.' -----------------------Please click this link to activate your account:


website url/verify.php?email='.$email.'&hash='.$hash.'

'; // Our message above including the link $headers = 'From: your email' . "\r\n"; // Set from headers mail($to, $subject, $message, $headers); // Send our email $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.'; } } ?> /* When user click in the link sent to his/her email this will call the webpage in the link (e.g. verify.php see above link. In this page you will verify tand activate the account*/ <?php //connect database, use include function to include your connection file include ("include your connection file created above"); /* here you will use ($_GET) as data send will be in the url, checking that you received the email and the hash code*/ if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){ // Verify data $email = mysql_real_escape_string ($_GET['email']); // Set email variable $hash = mysql_real_escape_string ($_GET['hash']); // Set hash variable /* Now search your table for email and hash code, also checking another field (eg active or status which will have default value 0 when you created your table)*/ $search = mysql_query("SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error()); $match = mysql_num_rows($search); if($match > 0){ /* We have a match, activate the account, update your table by setting active field to 1*/ mysql_query("UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error()); echo '<div class="message">Your account has been activated, you can now login</div>'; }else{ // No match -> invalid url or account has already been activated. echo '<div class="message">The url is either invalid or you already have activated your account.</div>'; } }else{ // Invalid approach echo '<div class="message">Invalid approach, please use the link that has been send to your email.</div>'; } ?> </div>

Level 2: Authentication a create a form for login b create a php file (or you could have both form and php in one webpage e.g. login.php or signin.php) c here snippets of code
<?php session_start(); //connect database as above include ("include your connection file created above"); // validate that you received data correctly if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['password']) && !empty($_POST['password'])){ $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(md5($_POST['password'])); // check your tables for username and password and active $search = mysql_query("SELECT username FROM users WHERE username='".$username."' AND password='".$password."' AND active=1") or die(mysql_error()); $match = mysql_num_rows($search); if($match > 0){ while($row = mysql_fetch_array($search)){ echo 'login success'; $_SESSION["username"] = $username; $_SESSION["password"] = $password; //take them to product page to chooses their product header("location: product.php"); exit(); } } // Set cookie / Start Session / Start Download etc... else{ $msg = 'Login Failed! Please make sure that you enter the correct details and that you have activated your account.'; } } ?> //The above $msg will be displayed in the webpage as follows <?php if(isset($msg)){ // Check if $msg is not empty echo '<div class="message">'.$msg.'</div>';// Display message } ?>

Level 4: Editing details a create a php file to check that the user logged in to allow for editing details b re-use the form that you created in Level 1 but populated with default values extracted from your database. c Here snippets of code Session checking

<?php //starting a session session_start(); //condition if user already login or not if (!isset($_SESSION["username"])) { header("location: login.php"); exit(); } // SESSION VARIABLE $username = $_SESSION["username"]; $password = $_SESSION["password"]; // Connect to the MySQL database see above include "your connection file"; $search = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' "); // query the user // ------- MAKE SURE PERSON EXISTS IN DATABASE --------$match = mysql_num_rows($search); // count the row nums // ------- MAKE SURE USER EXISTS IN DATABASE --------if ($match == 0) { // evaluate the count echo "Please make sure that you have an account."; mysql_close(); } ?>

Editing details
<?php Require(session file created above"); //including the session checking script ?> <?php // the match condition is if the user started session and the user information exist in database if($match ==1 ){ while ($row = mysql_fetch_array($search)){ $username = $row ["username"]; $email = $row ["email"]; // add all fields of your user table same as above } } ?> // here you will save data after have been update by the user <?php //connect database as above require ("your connection file"; //validating data if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['email']) && !empty($_POST['email'])){ //The mysql_real_escape_string() function escapes special characters in a string $username = mysql_real_escape_string ($_POST['username']); $email = mysql_escape_string($_POST['email']); // add all fields of your user table same as above

for use in an SQL statement if(!preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9]+)*(\.[a-z]{2,3})$", $email)){ // Return Error - Invalid Email $msg = 'The email you have entered is invalid, please try again.'; }else{ $search= mysql_query("UPDATE users SET username ='$username', email='$email', firstname='$firstname', lastname='$lastname', address= '$address', city= '$city', country='$country', postcode= '$postcode', contactno='$contactno', ' WHERE username ='$username'") or die(mysql_error()); $msg = 'Your account has been updated'; } }?> <!--php script end --> <!--HTML page start --> <body > <div align="center" id ="mainwrapper"> <!-- title and description --> <div id="content"> <div id ="membermenu"> <p> <a href="member.php">&lt;&lt;Back to Member Area </a></p> </div> <h3>EDIT PERSONAL AND CONTACT INFORMATION</h3> <?php if(isset($msg)){ // Check if $msg is not empty echo '<div class="message">'.$msg.'</div>'; ;// Display message } ?> <!--edti registration info form notice that users are not allowed to change their username, so make the text field read only, also not allow for change of password therefore dont display it in the form, you can do this by using send email give them link where they can change their password--> <form action="editregistration.php" method="post" > <table cellspacing="10" cellpadding="0"> <tr> <td >User name</td> <td >:</td> <td><input name="username" type="text" value = "<?php echo $username?>" readonly /></td> </tr> <tr> <td>Email</td> <td>:</td> <td><input name="email" type="text" value="<?php echo $email?>" /></td> </tr> <!do exactly as above for ther fields in your table except password, active code and also hash code--> <tr> <td colspan="3" align="center"><input type="submit" class="submit_button" value="update" /> </td> </tr>

<tr> <td></td> </tr> </table> </form> </body> </html>

Level 5: Offer apple varieties and express interest a Create a form for the farmer in separate webpage to offer varieties of apples, upload images, and check sales. Notice that this only for the farmer. So he/she should have a separate username and password in different table in your database. You can set this while creating the table Level 6: Allow customers to express interest on an apple variety a. Create a form for members to express their interest on a product, this can be done when members click on a product a form loaded where you can have one text field to put name of product, field for how many kilos and text field the price offered When submit, the data should be saved in the product table Level 7: Keyword Search This for farmer only where he can search for a product and what offers