Your task is to develop a basic server-side user registration service in PHP. This service will operate in a very similar manner to the one your client-side application interacted with in Assignment 2.
Upon receiving a HTTP POST request, with the fields username, full name, date of birth and email, your service should return a temporary password to the client.
All requests must be checked for invalid input, and if found, an error message and appropriate HTTP status code must be returned. All successful requests should be written to a file, in JSON format.
The full Assignment description is available in the document "COSC260 - Assignment 3 - Criteria.pdf".
Please use the starter code provided in "COSC260 - Assignment 3 - Starter Code.zip". This also contains a client-side testing application, to help with testing your sever-side service.
Marking Rubric:
Error response function
|
10
|
Request validation
|
20
|
Data validation
|
40
|
Temporary password
|
15
|
Database
|
10
|
HTML modifications |
5 |
TOTAL:
|
100
|
Microsoft Word - COSC260 Assignment 3.docx COSC260 Web Programming Assignment 3 COSC260 Assignment 3: Server-Side Quiz Application Your task is to develop a basic server-side user registration service in PHP. This service will operate in a very similar manner to the one your client-side application interacted with in Assignment 2. Upon receiving a HTTP POST request, with the fields username, fullName, dateOfBirth, and email, your service should return a randomly generated temporary password to the client. All requests must be checked for invalid input, and if found, an error message and appropriate HTTP status code must be returned. All successful requests should be written to a file, in JSON format. There are 5 components to the assignment: A) Error response function B) Request validation C) Data validation D) Temporary password E) Database Starter Code You are provided with starter code, both for your server-side application, and for a client- side testing application. Please use the PHP starter code provided, as you will be required to use some of the pre-existing variables present. The client-side application is used to test your server-side code, as it allows you to make a POST request using a form, with output displayed. You should modify the a3.html file as necessary. Your submission for Assignment 3 will contain your server-side code AND your a3.html file. Deploying Your Code This is also covered in Tutorial 7 (Week 10) To test your PHP code, you can either run your own web server, or use Turing which has everything you need installed. To use Turing for web development, simply make a folder (if it doesn't already exist) in your Turing home directory named public_html Any files COSC260 Web Programming Assignment 3 placed in this folder will be accessible via the URL: https://turing.une.edu.au/~username/file.php (change 'username' and 'file' to suit) The UNIX permissions on your PHP files MUST allow for other users to read, since the web server process is running on Turing as a different user. You can enable an auto-index file listing by giving other users execute permissions on the folder. (+x on a directory allows for listing of folder contents) You can do this via the command line: chmod a+r ~/public_html/myfile.php Allow all to read the file myfile.php chmod a+x ~/public_html Allow all to execute the folder ~/public_html Or by using the turing desktop GUI (process is the same for execute permissions): - Right click on the file you want to modify -> Properties - Go to Permissions tab and change the Others setting to Read only COSC260 Web Programming Assignment 3 Testing Your Service You are provided with a test client (HTML, CSS, and JS with jQuery) which allows you to submit data to your web server, using a web form: you can use this to test your server-side application. The client will display responses from the server both on the page and in the JS console. To use this testing client, you will need to change the url variable at the start of the submit.js file to the address of your web server. If you wish to use this client for testing, please familiarize yourself with the code, and feel free to edit it if needed. Make sure to also perform your own testing and edit the provided client as necessary. You should also use the ‘network’ and ‘console’ tabs of your browser developer tools to inspect requests and responses. It is highly recommended that you use a browser addon, such as Advanced Rest Client or RESTED, or use cURL to script your own tests. You could also write your own client-side tester using HTML, CSS, and JS! A) Error Response Implement a PHP function that returns a HTTP status code along with a custom message in the header and body of the response to the client. This function will be needed for all subsequent sections and should be used when an error occurs (invalid input, wrong request type etc.). The function must set the appropriate HTTP header AND provide the message in the response body in JSON format. A good function definition would look like: send_error($code, $message) The function should take 2 input parameters: (Integer) will be the HTTP status code to return. (String) will be a custom message text $code $message COSC260 Web Programming Assignment 3 The code variable contains a value which is also key in the $responses array provided. This array maps integer codes with their appropriate reason text. Make sure to use this array! You can get the server protocol from the $_SERVER superglobal. The header should be of the form: $PROTOCOL $CODE - $REASON The response body should contain a valid JSON object of the form: { "error": "$CODE - $REASON: $MESSAGE" } Where: $PROTOCOL = HTTP Protocol used (e.g. HTTP/1.1) $CODE = HTTP Status Code (e.g. 400) $REASON = HTTP Status Code Reason (e.g. "Bad Request") $MESSAGE = Custom message (e.g. "Age must be between 13-130") Example Header: HTTP/1.1 400 - Bad Request: Please provide both your first name and surname in the format John Smith Example Body: { "error": 400 - Bad Request: full name must be provided." } NOTE: You cannot use the http_response_code() function in PHP for this as it does not allow for custom reason messages. B) Request Validation Requests must be validated to ensure they are correct for the service. This means the request must be of the right type and must contain valid data. All incoming requests must meet the following criteria: 1) The request must be POST: No other request types are accepted. 2) The request must contain POST data: An empty body is invalid 3) All required fields must be present in the POST data: username, fullName, dateOfBirth, and email. COSC260 Web Programming Assignment 3 If any of the criteria above is not met, an appropriate HTTP status code must be returned to the client. The body of the response must also contain the HTTP status code and reason, along with a custom error message. You must use your error response function from Part A. C) Data Validation All user data must be validated on the server-side, to ensure it is safe, complete, and correct. Even though client-side validation may have been conducted, there is no guarantee that client-side code has not been modified, or even executed at all. All incoming POST data for the service must be validated to meet the conditions below. POST Field Description Validation Requirements username Unique username • MUST be between 8 and 20 characters long • MUST only contain at least ONE upper case letter. MUST contain at least one number and one special character (~!@#$%^&*) fullName Name of the user • • MUST contain at least ONE white space, separating first name from surname. MUST only contain characters a-z (upper and lower case), - (hyphen), or ' (apostrophe) dateOfBirth User’s birthdate, e.g., 02/03/1989 • MUST contain the date in dd:mm:yyyy format. email Email address • MUST be validated using either: o The provided Regular Expression (See last page) o An appropriate regex found online (must be credited with the URL at which you found it) If any of these validation requirements are not met, an appropriate error message should be returned, using your error response function from Part A. You may return the first error encountered, all present errors, or some other variation. COSC260 Web Programming Assignment 3 D) Temporary password If all validation is successful, your service should return success response, and a randomly generated temporary password. The response should contain a JSON object with the format: { "password": "some password here" } The password must contain all the characters in the username, arranged randomly on the server. It must end with the user’s age. For example, if the username is Walter$hepman5 and the user’s date of birth is 07/03/1956, then the password may be tW$npahan5elmr66. E) Database In a typical server-side application, once user data is validated it would then be written to a database. We will simulate a database by writing each successful request to a text file. For each request that passes validation, all received data should be written to file, in JSON format. You must implement your "database" using PHP classes. An empty class file Database.php has been provided in the class/ directory. You must have a class property for each of the received fields: username, fullname, dateOfBirth, email. Your class must implement the JsonSerializable interface and use this to write to the database file. This does mean that during the execution of your application, you will convert data from JSON (received from the client) to a Database object, then back to JSON for writing. Note that there is no requirement to be able to programmatically read data back from your file, you only need to append the new data to the end. F) Resources Regular Expression Hints ^ : Matches the start of a string $ : Matches the end of a string COSC260 Web Programming Assignment 3 [ ] : Matches all characters and character ranges contained within \w : Matches a "word" character, same as [A-Za-z0-9_] * : Matches the previous selector 0 or more times + : Matches the previous selector 1 or more times ? : Matches the previous selector 0 or 1