HW3: Non-Male (Rachel Foecking, Jess Tait, Sarah Thayer)

See it in action here! See the live repository here!

File: index.html

<html>
<!-- 
File: index.html
Authors: Rachel Foecking, Jessica Tait
Date: 10/4/09
Description: This form allows the user to login, and redirects to checklogin.php
to ensure security of username and password
 -->
<h1>Welcome to the Non-Male Login System</h1>


<!-- Checks username and password fields for values, and makes sure they aren't
blank. If they are, alerts user to input required field -->

<script language="JavaScript" type="text/javascript">
function checkform ( form )
{
  if (form.myusername.value == "") {
    alert( "Please enter your username." );
    form.myusername.focus();
    return false ;
  }
  if (form.mypassword.value == "") {
    alert( "Please enter your password." );
    form.mypassword.focus();
    return false ;
  }
  return true ;
}

</script>


<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<form name="form1" method="post" action="checklogin.php" onsubmit="return checkform(this)">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</form>
</table>
</html>

File: checklogin.php

<?php
/**
 * File: checklogin.php
 * Date: 10/4/09
 * Authors: Rachel Foecking, Jessica Tait, Sarah Thayer
 * Description: Connects to the database, checks that the username and password submitted
 * in the login form from index.html belongs to one user. If so, the current timestamp
 * is added to the table, and the user is redirected to welcome.php. Otherwise, they
 * are redirected to index.html for another login attempt.
 */
ob_start(); //start output buffer
session_start();

$host="storage1.cs.trincoll.edu"; // Host name
$username="rfoeckin"; // Mysql username
$password="54321"; // Mysql password
$db_name="hfoss09_login"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

// encrypt password
$encrypted_mypassword=md5($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row; therefore it is correct user

if($count==1){
// Register $myusername, $mypassword
session_register("myusername");
session_register("mypassword");

//put current timestamp into users table for last_login field
$sql="UPDATE ".users." SET last_login=CURRENT_TIMESTAMP WHERE ".username."='$myusername'";
mysql_query($sql);

//direct user to welcome page
header("location:welcome.php");
}

else {
//if the username and password do not match, return user to login screen
echo "Wrong Username or Password";
header("location:index.html");
}
ob_end_flush();
?>

File: welcome.php

<?php
/**
 * File: welcome.php
 * Date: 10/7/09
 * Author: Sarah Thayer
 * Description: A tweak from our previous login assignment, this page displays
 * the user's list of courses and provides the option to add a new one
 */
session_start();


$host="storage1.cs.trincoll.edu"; // Host name
$username="rfoeckin"; // Mysql username
$password="54321"; // Mysql password
$db_name="hfoss09_login"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

//get current username from the session
$user = $_SESSION["myusername"];

// If no user is logged in, redirect to login page
if (!$user) 
header("location:index.html");

// Look up the user's ID 
$sql="SELECT id FROM users WHERE username='$user'";
$result=mysql_query($sql);
$id=mysql_fetch_array($result);

// Get all the course ID's associated with this user
$sql="SELECT course_id FROM user_courses WHERE user='$id[0]'";
$result=mysql_query($sql);
$course_ids = mysql_fetch_array($result, MYSQL_NUM);

?>

<html>
<title>Your Courses</title>
<h1>Welcome to Your Courses</h1>
<p>Hello <?php echo $user ?>! Below you will find the courses in which you are currently enrolled.</p>
<strong>
<?php
// Get the course id result set for user with specified ID
$sql="SELECT course_id FROM user_courses WHERE user='$id[0]'";
$result=mysql_query($sql);

// Loop through this result set and get each course_id
while( $course_ids=mysql_fetch_array($result)) {
    echo "<p>".$course_ids[course_id]." - ";
    // Get the course name result set for the specified course ID
    $sql="SELECT coursename FROM courses WHERE id='$course_ids[course_id]'";
    $result2=mysql_query($sql);
    // Get the course name and display
    $course_names=mysql_fetch_assoc($result2);
    echo $course_names['coursename']."</p>";
}

?>
</strong>
<p>Add a Course:</p>
<form name="addcourse" method="post" action="addcourse.php">
Course Name: <input name="coursename" type="text" id="coursename"><br>
Course Number: <input name="courseno" type="text" id="courseno"><br><br>

<input type="submit" name="Submit" value="Add">

<p><a href="logout.php">Logout</a></p> 

</form>

</html>

File: addcourse.php

<?php
/**
 * File: addcourse.php
 * Date: 10/7/09
 * Author: Sarah Thayer
 * Description: Inserts a course, specified by the user in welcome.php, into the
 * courses table as well as the user's courseload table, and redirects to welcome.php
 * for an updated course list to be displayed.
 */
session_start();

// Need to connect to database on every page because its not always stored in the session?
$host="storage1.cs.trincoll.edu"; // Host name
$username="rfoeckin"; // Mysql username
$password="54321"; // Mysql password
$db_name="hfoss09_login"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// gets current user, course info from add course form
$user = $_SESSION["myusername"];
$mycoursename=$_POST['coursename'];
$mycourseno=$_POST['courseno'];

// Look up the user's ID number
$sql="SELECT id FROM users WHERE username='$user'";
$result=mysql_query($sql);

// Couldn't find a function to use that doesn't return an array..
$id=mysql_fetch_array($result);

// To protect MySQL injection
$mycoursename = stripslashes($mycoursename);
$mycourseno = stripslashes($mycourseno);
$mycoursename = mysql_real_escape_string($mycoursename);
$mycourseno = mysql_real_escape_string($mycourseno);

// Add course to courses table
$sql = "INSERT INTO courses VALUES('$mycourseno', '$mycoursename')";
$result=mysql_query($sql);

//Add course to user's list of courses
$sql = "INSERT INTO user_courses VALUES('$mycourseno', '$id[0]')";
$result=mysql_query($sql);

//Redirect to welcome.php for updated course list
header("location:welcome.php");

?>

File: logout.php

<?php
/**
 * File: logout.php
 * Date: 10/7/09
 * Author: Jessica Tait
 * Description: This file is used for the logout page.  It closes the connection 
 * to the database and sends the user back to the login page.
 */
session_start();

// End session
session_destroy();

// Close connection
if(isset($ms)) {
	mysql_close($ms);
}
// Logout, redirect to login page
header("location:index.html");
?>

-- phpMyAdmin SQL Dump -- version 2.9.1.1-Debian-6 -- http://www.phpmyadmin.net -- -- Host: localhost -- Generation Time: Oct 08, 2009 at 01:44 PM -- Server version: 5.0.32 -- PHP Version: 5.2.0-8+etch7 -- -- Database: `hfoss09_login` --

-- --------------------------------------------------------

-- -- Table structure for table `courses` --

CREATE TABLE `courses` (

 `id` varchar(32) NOT NULL,
 `coursename` varchar(40) NOT NULL

) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='course names associated with course numbers';

-- -- Dumping data for table `courses` --

INSERT INTO `courses` (`id`, `coursename`) VALUES ('CPSC115', 'Introduction to Programming'), ('CPSC225', 'Topics in Application Programming'), ('CPSC300', 'Database Fundamentals'), ('math101', 'try!'), ('biol400', 'cloud'), ('CPSC999', 'Advanced HFOSS Principles'), ('MATH100', 'Math for Dummies');

-- --------------------------------------------------------

-- -- Table structure for table `user_courses` --

CREATE TABLE `user_courses` (

 `course_id` varchar(32) default NULL,
 `user` int(32) default NULL

) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='which courses users are taking';

-- -- Dumping data for table `user_courses` --

INSERT INTO `user_courses` (`course_id`, `user`) VALUES ('CPSC115', 2), ('cpsc115', 2), ('MATH100', 1), ('CPSC115', 1), ('CPSC115', 3), ('CPSC225', 3), ('CPSC115', 0), ('CPSC999', 3);

-- --------------------------------------------------------

-- -- Table structure for table `users` --

CREATE TABLE `users` (

 `id` int(32) NOT NULL default '0',
 `username` varchar(20) NOT NULL,
 `password` varchar(55) NOT NULL,
 `last_login` timestamp NOT NULL default CURRENT_TIMESTAMP,
 PRIMARY KEY  (`id`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

-- -- Dumping data for table `users` --

INSERT INTO `users` (`id`, `username`, `password`, `last_login`) VALUES (1, 'susy', 'ae2518f0370729389043d0874b2f229f', '2009-10-08 12:54:13'), (2, 'cooluser', 'b1f4f9a523e36fd969f4573e25af4540', '2009-10-07 21:37:36'), (3, 'ram', '4641999a7679fcaef2df0e26d11e3c72', '2009-10-08 13:29:45');