Lab #9 - Users and Sessions

Purpose: Add sessions and user dependent content to a site

Instructions

1. Please copy your solution (or the provided solution) for Lab #7 (Database SELECT)
2. There are three types of users we will be creating for this website: "guests" (no-login), "regular" users, and "advanced" users. For our purposes there will only be one account of each type for regular and advanced, but your code should work if there are additional accounts as well - since they will be either "regular" or "advanced" types)
3. Create a new page, and make it the home/default page, that will handle our login/logoff actions from our user
   1. If the user is not currently logged in, you will want to display a form that prompts the user for a username and password.
   2. If the user is logged in, display a welcome message and provide a method for them to logoff.
   3. The way that you will store whether a user has logged in or not is using the $_SESSION array (which will require you to call start_session() at the beginning of your PHP script.
4. There are two user accounts defined for the website, you do not need to do anything to create the accounts, but you will need to test your site by logging in as these accounts to ensure that the site behaves as desired
   1. The "regular" user has a username "regular" and a password "regularPassword"
   2. The "advanced" user has a username "advanced" and a password "advanc3DPassw0rd"
5. To test if the username and password that a user has provided are correct
   1. Use the following query to get information about the user the visitor is attempting to login as:

      SELECT * FROM `User` WHERE `username`=?

   2. Next, test whether the password is correct by using the password_verify function. This will take the user provided password, and the passhash value from the database query, to verify if the password matches the saved hash
   3. The hash is generated using the password_hash function in PHP (which has already been done for you, since we are not creating the accounts) - and ensures that even if the database was accessed inappropriately, that the passwords for the users are not known
6. Create a filter for the navigation based on the privilege level of the visistor. Each language has a defined field in the database result called "user_type" that defined the minimum privilege needed to access the page
   1. For getting all languages, the new query is:

      SELECT `language_slug`, `language_name`, `user_type`
        FROM `language`
        ORDER BY `language_name`

   2. For "guests" (visitors that have not yet logged in), show only those languages that have the "any" access level
   3. For "regular" users, show languages that have the "any" and "reg" access levels
   4. For "advanced" users, show languages that have the "any", "reg", and "adv" access levels
7. Test
   1. Test to ensure that the navigation displays the correct languages when each type of user account is used, including the "no-login" user type
   2. Test to ensure that even if the URL is changed to a valid language, that the permission of whether the user has access to that page is still validated
   3. Note: You may find it useful to modify the class structure to introduce the access level concept into the class, this is a perfectly valid approach
8. Upload your PHP file(s) (if you have not been doing that to test your code as you go), to the remote server. Place the file in "public_html/csci2006/lab09/
9. In a web-browser, go to the URL below
   Username:
   Link will populate after you enter your username

Submitting Instructions

• Upload a screenshot of your site, on a page of your choosing