Chris Pollett > Old Classses >
CS174
( Print View )

Student Corner:
  [Grades Sec1]

  [Submit Sec1]

  [Lecture Notes]
  [Discussion Board]

Course Info:
  [Texts & Links]
  [Description]
  [Course Outcomes]
  [Outcomes Matrix]
  [Course Schedule]
  [Grading]
  [Requirements/HW/Quizzes]
  [Class Protocols]
  [Exam Info]
  [Regrades]
  [University Policies]
  [Announcements]

HW Assignments:
  [Hw1]  [Hw2]  [Hw3]
  [Hw4]  [Hw5]  [Quizzes]

Practice Exams:
  [Midterm]  [Final] 

                           












HW#5 --- last modified February 06 2019 04:12:27..

Solution set.

Due date: May 16

Files to be submitted:
  Hw5.zip

Purpose:To gain a little bit of experience with security, localization, and scaling.

Related Course Outcomes:

The main course outcomes covered by this assignment are:

CLO3 -- Write server-side scripts that process HTML forms.

CLO4 -- Write client-side scripts that validate HTML forms.

Specification:

For the last assignment you are going to write a PHP web app for an international restaurant. Before we get into the specifics of this site, here are some global considerations. (a) First, pick one language other than English for which a Unicode character set exists. You will use gettext to localize your app to this language as well as English. (b) For internationalization, you should accept inputs to any forms on your site in both languages. (c) For security, your site should serve on all pages appropriate headers to prevent click-jacking. (d) You should on all pages with forms use a CSRF token to prevent cross-site request forgery attacks. (e) All form inputs should be sanitized and validated. All database operations should use prepared statements. You may use either Mysql or Sqlite3 for your database. (f) Your site should be coded using the MVA pattern of HW3, every page output should validate as HTML 5 using the W3C validator, be WAI accessible, and you should use the PRG pattern so that no form handling should break the back button. You should do deployment testing so that your code will run in whatever folder path I put it in under document root. In terms of configuration, when testing your code I will look at the configs/Config.php to alter settings for my machines. I will also run the CreateDb.php script if it exists. If I can't get your code to run by altering these files, you will at most receive partially credit on any of the point valued items. I will also look at the file readme.txt in the main folder for your group member names and IDs.

Now on to the app itself... The main purposes of the site are to attract customers to the restaurant and to ensure customers keep coming back by maintaining a loyalty program. (g) The landing page should attract a patrons attention, should have the restaurant's address, and should have its operating hours. (h) There should be a link to driving directions with a map, a link to the restaurant menu that features any weekly specials or seasonal items. (i) The language that these pages are displayed should by default be determined by the $_SERVER["HTTP_ACCEPT_LANGUAGE"] super-global base on the Accept-Language header sent from the client. (j) For unknown languages, this should default to English. (k) However, there should be a link to allow a user to select the site language too.

(l) The site landing page should have a Rewards link which takes the user to a Rewards page. (m) Rewards page has a form on it where a user can enter an email address together with a dropdown with two options: Rewards Balance and Rewards Coupon and beneath this a "Go" button. (n) Clicking on the Go button should send an email to the user with either the current dollar amount of their rewards or (o) send an email saying a Gift Card is in the (snail) mail and then reset their reward balance to 0. You do not have to implement actual sending of gift cards -- that's the let's pretend part of the homework.

Your restaurant site should have a control panel. (p) If a user adds ?c=admin to the base url of the site, they are taken to a control panel. This will initially have a login page. The admin page is intended only for the site owner (to keep things simple we assume the restaurant only has one waiter/owner) and the user name and password can be specified in configs/Config.php. Once logged in, the restaurant owner can select between two activities: Specify the current menu specials and add a receipt. (q) The current menu specials activity page should have a textarea populated with the current menu specials, a Save and a Revert. The owner should be able to edit this textarea, clicking Revert should revert the page to the last saved specials. (r) Clicking save should have two effects: (1) Saving the current specials so that they now will also display on the menu page, (2) send an email to anyone who has ever accumulated rewards the new specials. (s) The Add-a-Receipt activity should have a form with an Amount text field, an Email address field, and a Save Button. The idea of this form is that when someone eats at the restaurant and pays their bill they have the option of entering their email address on the bill payment. If they do, the restaurant owner can use this form to record how much was spent. (t) When the save button is clicked, 1% of the amount spent is added to the BALANCE column of a row corresponding to that email address in the PATRON database table. An email should also be sent to the patron saying thank you and with their current balance. This is the same table which should be used in sending the emails for the Rewards page mentioned above.

Point Breakdown

Items (a)-(t) above (1/2pt each, graded all or nothing) 10pts
Total10pts