Prototype 6 (for Assignment02): Registration Form, SQL Inserts/Updates, programmer-defined function to simplify programming, more complex server-side logic, hashing, safe IO. Paper copy due 1ST class Week of Oct 19th . Include your name, stapled, title: Prototype 4: your full name, must be neat (no handwriting!) Use two-sided page if possible. Two or three points deducted if not professional looking. Examples/Notes: https://web.njit.edu/~mchugh/202/NOTES/Assignment02/WEEK6/ Study related homework questions and additional topics at: https://web.njit.edu/~mchugh/202/NOTES/Assignment-Homeworks/ Refer to: https://web.njit.edu/~mchugh/202/NOTES/Assignment02/Assignment02-2015-sp.pptx especially 2-8. Videos: PHP programmer-defined functions 6C:5:00 minutes-into-video-to-end; 3B1: SQL Injection and mysql_real_escape_string. Hash password in SQL statement: 6D, 6E. Later but not for this prototype Javascript 5D, 5D1; Javascript discussion/example: 6B. 1. Define Form with inputs for REGISTERED. Most data is from Form but REGISTERED attributes like regist_datetime and numcourses are defined in the SQL insert statement. Form action is register.php (slide 8 above). Ignore form layout issues for now. 2. Define function Rnum ($username, $email) which returns number of rows where either $user or $email appear in REGISTERED. Put function definition in myfunctions.php file. It looks like: function Rnum ($username, $email) { --- }. The body executes an SQL select statement and the function returns the number of rows selected. The SQL query looks like $s = "select * from REGISTERED where … ". When you develop Rnum, test it by calling it from a simplistic version of register.php that just calls the function (possibly with hardcoded values for its arguments) and prints number of rows returned. This establishes there are no syntax errors and the function behaves as intended. The calling script register.php must be connected to database and include the file that defines the function (include ("myfunctions.php")). 3. Implement register.php with programmer-defined function described in slides 3-8 of PPT above. Use Rnum function to simplify logic that guards against script trying to insert an existing user name or email in REGISTERED but allows insert if user name and email are new. Protect again SQL injection by using mysql_real_escape_string and protect against bad output by using htmlspecialchars. Hash password in SQL using sha1 so DB copy is encrypted. Later (but not required for this prototype) you will need to modify your retrieve.php script from previous assignment to handle the select statement comparison because the comparison will involve the sha1 function – see video 6D (especially around 2min40sec into video). Be sure password column in REGISTERED is varchar and 60 characters length to accommodate the hashed copy of password. Snapshots 1. Browser view of Form: register.html 2. HTML code for register.html 3. PHP code for myfunctions.php with code for Rnum function. 4. PHP code for register.php with basic SQL insert process using Rnum described above. 5. phpMyAdmin Print View of REGISTERED data when users with hashed passwords are input 6. Output from register.php when user exists. 7. Output from register.php when user is new and user is successfully registered Bonus+3: Use mysqli prepared statements in which case mysql_real_escape_string is not needed. Bonus+3: Define/use functions: safeIn ($name) to transform Form data named $name by mysql_real_escape_string and safeOut ($x) to output $x using htmlspecialchars. The first function prevents SQL injection; the 2nd prevents XSS attacks. Bonus+4: Download and use MySQL Workbench tool to draw a diagram that shows relation between REGISTERD and GRADES. proto-p6.docx Page 1 1. Browser view of Form. All elements must be present and labeled but prototype layout doesn't have to be precise. The primary focus of the prototype is the server-side processing in register.php. 2. HTML code for register.html 3. PHP for myfunctions.php: definition of Rnum($username, $email) 4. PHP for register.php: with insert using Rnum function as described on previous page and outlined in Assignment02-2015-fall.pptx slide 6-10. 5. phpMyAdmin Print View of REGISTERED data when users with hashed passwords are input 6. Output from register.php when input user or email already exists. There should be message indicating the user name is already in the REGISTERED. Echo input safely 7. Output from register.php when input user name is new and user is successfully registered. Script should echo input data and indicate user is inserted into REGISTERED TABLE. Echo input safely proto-p6.docx Page 2