Web Application using Php + MySQL
Relational Model
Summary of Development environment
Programming/Scripting language: Php, HTML5, CSS3, JavaScript, JQuery
Database: MySQL
Web-Server: XAMPP
Code Editor: Sublime Text
Summary of features
Registration page
This screen is used to Register the new users. The features we have implemented at this screen are:
To check if the password entered under ‘Password’ and ‘Confirm Password’ fields are matching. In case they are not matching, we give an alert message ‘Passwords do not match’ .
If the passwords match then the next check is to check if the username entered by the user is already existing in the database. If it does already exist,we give an alert message on the screen to enter another username.
When both ‘Username’ and ‘Password’ are validated then the data is saved to the database. Password is encrypted using PhP md5() function that calculates the md5 hash of the string and stores the same in the database.
After the registration page, the user is redirected to the Login Page.
Login page
This screen is used to Login to the application. When we get the input from the user, we check it against our database. If a username is not found in the database, we give an alert message ‘User does not exist’.
The user can click On ‘Register’ link to register and if its selected, the user is redirected to the Registration Page.
If the user is successfully logged in after checking the username and Password against Database, it’s redirected to the Welcome Page.
Welcome page
On the screen, we have displayed a welcome message to the user that displays the username in the welcome message. We have implemented this using the SESSION functionality of Php (session_start() and echo $_SESSION['username']). Also, we have provided 3 options to the user to select from
BUY : If the user wants to buy a new insurance, he can click on this ‘BUY’ button.
SEARCH : If the user wants to search the insurance, he can click on this ‘SEARCH’ button.
BROWSE: If the user wants to browse an insurance, he can click on this ‘BROWSE’ button.
Customer Info page
If the user clicked on ‘BUY’ button on the welcome page,,the user is redirected to fill the ‘CUSTOMER DETAILS’ which includes first name, last name, Address(Composite), Gender(Optional), Marital Status, customer type(customer / WDS employee) and username.
All the mendatory input fields are implemented with “required” attribute of HTML5 to enforce the mandatory policy.
Gender, marital status and customer type is implemented with radio buttons. Gender is kept optional by not using the “checked” attribute of HTML5.
All the input fields are kept at a maximum of 30 characters, if the user enters more than 30 characters, an alert message is displayed that says “Maximum character limit exceeded”.
Select the insurance Type(Home/Auto)
Once the user enters all the Personal Details, he is redirected to the next screen where he has 2 options to select from:
AUTO INSURANCE : If the user wants to get Auto Insurance with us.
HOME INSURANCE : If the user wants to get Home Insurance with us.
Auto Details
If the user selected AUTO INSURANCE, He is redirected to the page where he has to enter Vehicle details (Including vehicle identification number (VIN), Vehicle_make_model_year and status of the vehicle).
Vehicle identification number is kept unique. If the user enters a VIN that is already existing in the database, an alert message is displayed as “VIN already in use. Try another VIN”.
Vehicle status is implemented with radio buttons with a “checked” attribute to make it a mandatory field.
Driver Details
Once the Auto details have been entered, the user is redirected to enter the driver details for the vehicle being insured. Driver Details include Name, Date of Birth and License Number. Once the user has entered all the details, the data is being stored to the database
Driver birthdate is implemented with a ‘date’ attribute of HTML5 which can take any value starting from year 1950.
Auto Invoice details
After getting all the details, an Invoice is being generated and displayed to the user on ‘INVOICE SCREEN’ to review. For generating the invoice,
Payment Due Date is calculated using the Date() function of PHP. We add +30 days to the current date by using strtotime() function with date function of PHP. Invoice details are displayed to the user.
Auto Payment page
Once the user has reviewed the invoice, the user is redirected to the payment page. For Payment method, there are 4 Options : CREDIT, DEBIT, PAYPAL, CHECK. The user can select any of the modes available.
Once the user selects the mode, the corresponding fields appear on the screen. This is implemented by using Javascript with a function taking value as per the selected mode and displaying the dynamic fields.
For ex. If the user selected CREDIT mode of payment, 4 fields(Name, Card Number,, CVV, Expiration Date) appear for the payment information. The user enters the details to proceed with the payment.
Payment successful page
The user gets a Payment successful Page. Payment success page consists of following links:
Go to homepage: user is redirected to the welcome page with the options to buy, searh, browse.
Buy another insurance: user is navigated to “select an insurance” page.
Log out: session is destroyed and the user is navigated to the login page.
Home Details
If the user wants to buy Home Insurance and clicked ‘HOME INSURANCE’ button, he is redirected to enter Home details. Home details include Purchased Date, Purchased Value, Area, Type. Along with this User also has to enter If the home has Automatic fire Notification, Installed Security System, Type of Swimming Pool, Type of Basement. Once the user has entered all the details, the data is stored in the database
Hometype, basement, auto fire notification, home security system and swimming pool are implemented with radio buttons. Swimming pool is implemented without the “check” attribute of HTML to enforce the NULL value.
Home Invoice details
After getting all the details, an Invoice is being generated and displayed to the user on ‘INVOICE SCREEN’ to review.
Payment Due Date is calculated using the Date() function of PHP. We add +30 days to the current date by using strtotime() function with date function of PHP. Invoice details are displayed to the user.
Home Payment page
Once the user has reviewed the invoice, the user is redirected to the payment page. For Payment method, there are 4 Options : CREDIT, DEBIT, PAYPAL, CHECK. The user can select any of the modes available.
Once the user selects the mode, the corresponding fields appear on the screen. This is implemented by using Javascript with a function taking value as per the selected mode and displaying the dynamic fields.
For ex. If the user selected CREDIT mode of payment, 4 fields(Name, Card Number,, CVV, Expiration Date) appear for the payment information. The user enters the details to proceed with the payment.
Payment successful page
The user gets a Payment successful Page. Payment success page consists of following links:
Go to homepage: user is redirected to the welcome page with the options to buy, searh, browse.
Buy another insurance: user is navigated to “select an insurance” page.
Log out
session is destroyed and the user is navigated to the login page.
Browse the insurance
If the user clicked on ‘BROWSE’ Button, we are displaying the details of Insurances which the user has purchased till date.
We have added the feature to display multiple insurances after the suggestions made at our presentation.
From our understanding of the business requirement, we had implemented the flow as “each user can buy one home and oneauto insurance.” changes are implemented.
Base on the type of the user
If the user is a new customer, all the insurances bought by the user are displayed on the browse section.
For a WDS employee, all the insurances bought by every user in the database, and the WDS employee himself, are displayed on the browse page for that user.
Search the insurance: If the user clicked on ‘SEARCH’ Button, user is redirected to the search insurance page.
We have implemented a search page with an input field where users can input their username.
We are retrieving the insurance details from the database based on the entered username and displaying the insurance details on the HTML page.
Security Features
SQL Injection
Since we are getting inputs from the user, there is risk of SQL injection which might occur if the user enters any malicious input which might run on the database and destroy it or can be a security concern for other user’s data. In order to save the database against any such attacks, We have used prepared statements available in PhP whenever we are taking the input from the user and running queries on the database. As per the prepared statements, we first prepare the SQL query without any input to it and then we bind the input and execute the query which saves the database against any SQL Injection.
Cross Site Scripting
We are displaying data to the user at various screens. There are chances of any attacker injecting a Javascript to the outcome. In order to deal with such Cross Site scripting attacks, we have used PhP HTMLSPECIALCHARS() functionality for the data we are displaying.
Session variable
Multiple users can use the site at the same time. We have implemented this with SESSION support of PHP.
There is a separate $_SESSION created for each user which is done by the XAMPP server.
As a visitor accesses the website, he is assigned a unique session id. PHP automatically checks if a specific session id is sent with the request i.e. if the session.auto_start is set to 1 or explicitly through session_start() or implicitly through session_register(). If this is the case, the prior saved environment is recreated.
Summary of Learning Outcome
Learned to implement changes in the code to secure the database against SQL injections and Cross site scripting which is a great threat. Security is a major concern. So, this is one of the major takeaways from the project.
Got a good understanding of implementing dynamic web pages by manipulating DOM using Javascript.
Php coding to solve challenging problems.
Processing forms with Php(collect data in a form, display submitted data by the form).
Server-side validation of form data.
Insert and display data using Php with MySQL.
Test, debug and deploy web pages with Php and MYSQL.
Understanding of REST APIs and their usage ($_GET, $_POST).
Creating a session, allowing access to multiple users at same time with Php.
Debugging in Php: comprehending Php error messages and debugging.
Structured Php programming.
Practical implementation of database concepts
PhpMyAdmin: creating database, tables, data types, data manipulation, primary key/foreign key relations.
Exporting and importing a database with PhpMyAdmin.