USA: +1(669)289-8683 
Sign in
read the attached file for instruction
Modify the ch21_tech_support solution to encrypt the passwords for the technician and the customers in the tech support database. In a document describe how you made the modifications and with screen captures show that the modifications were implemented successfully. Demonstration of implementation of the Tech Support solution without any modification will earn 80 points. Full points will be awarded when you demonstrate the encryption modification.
TechSupport/Ch 21 project
1
Projects
Project 21-1:
Add user authentication
For this project, you will use a secure connection and require all users to log in including customers, technicians, and administrators. (Required reading: chapters 1-6, 10, and 21)
The Home page
Operation
· If you’ve been using the starting Home page for these projects, you’ll have to replace it with a Home page like the one above.
· When the user clicks one of the links on the main menu, the application displays a login form that’s appropriate for the type of user.
The Admin Login page
Operation
· When the user enters a valid username and password, the Admin Menu page is displayed. Otherwise, the Admin Login page is displayed again.
· To log in, you can use “admin” as the username and “sesame” as the password.
The Admin Menu page
Operation
· To navigate to an application, the user can click on the appropriate link.
· The page displays a message that indicates the login status.
· To log out, the user can click on the Logout button. This displays the Main Menu page.
Specifications
· All pages should include a link to the Home page in the header for the page.
· Except for the Home page, all pages should use a secure (https) connection.
· No pages should allow an unauthorized user to access them. For example, only a user that’s logged in as an administrator should be able to access the Admin Menu page.
The Technician Login page
Operation
· When the user enters a valid technician email and password, the Select Incident page is displayed. Otherwise, the Technician Login page is displayed again.
The Select Incident page
Operation
· Same as project 20-3, but the bottom of the page displays a message about the technician that’s logged in and provides a Logout button that the technician can use to log out.
· If there are open incidents for the current technician, this page displays a table of incidents as shown in project 20-3.
· If there are no open incidents for the current technician, this page displays a message and a link as shown above. However, this link only displays new incidents if new incidents have been assigned to the technician.
The Customer Login page
Operation
· When the user enters a valid customer email and password, the Register Product page is displayed. Otherwise, the Customer Login page is displayed again.
The Register Product page
Operation
· Same as project 6-4, but the bottom of the page displays a message about the customer that’s logged in and provides a Logout button that the customer can use to log out.
TechSupport/ch21_tech_support/admin/admin_login.php
Admin Login
TechSupport/ch21_tech_support/admin/admin_menu.php
Admin Menu
Login Status
You are logged in as .
TechSupport/ch21_tech_support/admin/index.php
TechSupport/ch21_tech_support/customer_manager/customer_display.php
Add/Update Customer
TechSupport/ch21_tech_support/customer_manager/customer_search.php
Customer Search
Results
| Name | Email Address | City | |
|---|---|---|---|
Add a new customer
TechSupport/ch21_tech_support/customer_manager/index.php
getFields();
$fields->addField(‘first_name’);
$fields->addField(‘last_name’);
$fields->addField(‘address’);
$fields->addField(‘city’);
$fields->addField(‘state’);
$fields->addField(‘postal_code’);
$fields->addField(‘phone’);
$fields->addField(’email’);
$fields->addField(‘password’);
if (isset($_POST[‘action’])) {
$action = $_POST[‘action’];
} else if (isset($_GET[‘action’])) {
$action = $_GET[‘action’];
} else {
$action = ‘search_customers’;
}
switch ($action) {
case ‘search_customers’:
include(‘customer_search.php’);
break;
case ‘display_customers’:
$last_name = $_POST[‘last_name’];
if (empty($last_name)) {
$message = ‘You must enter a last name.’;
} else {
$customers = get_customers_by_last_name($last_name);
}
include(‘customer_search.php’);
break;
case ‘display_customer’:
$customer_id = $_POST[‘customer_id’];
$customer = get_customer($customer_id);
// Get data from $customer array
$customer_id = $customer[‘customerID’];
$first_name = $customer[‘firstName’];
$last_name = $customer[‘lastName’];
$address = $customer[‘address’];
$city = $customer[‘city’];
$state = $customer[‘state’];
$postal_code = $customer[‘postalCode’];
$country_code = $customer[‘countryCode’];
$phone = $customer[‘phone’];
$email = $customer[’email’];
$password = $customer[‘password’];
// Get countries
$countries = get_countries();
// Set action and button text for form
$action = ‘update_customer’;
$button_text = ‘Update Customer’;
include(‘customer_display.php’);
break;
case ‘display_add’:
$password = ”; // don’t display db connect password
$country_code = ‘US’; // set default country code
$countries = get_countries();
$action = ‘add_customer’;
$button_text = ‘Add Customer’;
include(‘customer_display.php’);
break;
case ‘add_customer’:
// Get data from POST request
$first_name = $_POST[‘first_name’];
$last_name = $_POST[‘last_name’];
$address = $_POST[‘address’];
$city = $_POST[‘city’];
$state = $_POST[‘state’];
$postal_code = $_POST[‘postal_code’];
$country_code = $_POST[‘country_code’];
$phone = $_POST[‘phone’];
$email = $_POST[’email’];
$password = $_POST[‘password’];
// Validate form data
$validate->text(‘first_name’, $first_name, true, 1, 50);
$validate->text(‘last_name’, $last_name, true, 1, 50);
$validate->text(‘address’, $address, true, 1, 50);
$validate->text(‘city’, $city, true, 1, 50);
$validate->text(‘state’, $state, true, 1, 50);
$validate->text(‘postal_code’, $postal_code, true, 1, 20);
$validate->phone(‘phone’, $phone, true, 1, 20);
$validate->email(’email’, $email, true, 1, 50);
$validate->password(‘password’, $password, true, 1, 20);
// Load appropriate view based on hasErrors
if ($fields->hasErrors()) {
$countries = get_countries();
$action = ‘add_customer’;
$button_text = ‘Add Customer’;
include(‘customer_display.php’);
} else {
add_customer($first_name, $last_name,
$address, $city, $state, $postal_code, $country_code,
$phone, $email, $password);
include(‘customer_search.php’);
}
break;
case ‘update_customer’:
// Get data from POST request
$customer_id = $_POST[‘customer_id’];
$first_name = $_POST[‘first_name’];
$last_name = $_POST[‘last_name’];
$address = $_POST[‘address’];
$city = $_POST[‘city’];
$state = $_POST[‘state’];
$postal_code = $_POST[‘postal_code’];
$country_code = $_POST[‘country_code’];
$phone = $_POST[‘phone’];
$email = $_POST[’email’];
$password = $_POST[‘password’];
// Validate form data
$validate->text(‘first_name’, $first_name, true, 1, 50);
$validate->text(‘last_name’, $last_name, true, 1, 50);
$validate->text(‘address’, $address, true, 1, 50);
$validate->text(‘city’, $city, true, 1, 50);
$validate->text(‘state’, $state, true, 1, 50);
$validate->text(‘postal_code’, $postal_code, true, 1, 20);
$validate->phone(‘phone’, $phone, true, 1, 20);
$validate->email(’email’, $email, true, 1, 50);
$validate->password(‘password’, $password, true, 1, 20);
// Load appropriate view based on hasErrors
if ($fields->hasErrors()) {
$action = ‘update_customer’;
$button_text = ‘Update Customer’;
$countries = get_countries();
include(‘customer_display.php’);
} else {
update_customer($customer_id, $first_name, $last_name,
$address, $city, $state, $postal_code, $country_code,
$phone, $email, $password);
include(‘customer_search.php’);
}
break;
}
?>
TechSupport/ch21_tech_support/errors/db_error.php
Database Error
An error occurred while attempting to work with the database.
Message:
TechSupport/ch21_tech_support/errors/db_error_connect.php
Database Error
There was an error connecting to the database.
The database must be installed as described in appendix A.
The database must be running as described in chapter 1.
Error message:
TechSupport/ch21_tech_support/errors/error.php
Error
TechSupport/ch21_tech_support/incident_assign/incident_assign.php
TechSupport/ch21_tech_support/incident_assign/incident_select.php
Select Incident
| Customer | Product | Date Opened | Title | Description | |
|---|---|---|---|---|---|
TechSupport/ch21_tech_support/incident_assign/index.php
TechSupport/ch21_tech_support/incident_assign/technician_select.php
Select Technician
| Name | Open Incidents | |
|---|---|---|
TechSupport/ch21_tech_support/incident_create/customer_get.php
Get Customer
You must enter the customer’s email address to select the customer.
TechSupport/ch21_tech_support/incident_create/incident_create.php
Create Incident
TechSupport/ch21_tech_support/incident_create/index.php
TechSupport/ch21_tech_support/incident_display/incidents_assigned.php
Assigned Incidents
| Customer | Product | Technician | Incident | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
TechSupport/ch21_tech_support/incident_display/incidents_unassigned.php
Unassigned Incidents
| Customer | Product | Incident | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
TechSupport/ch21_tech_support/incident_display/index.php
TechSupport/ch21_tech_support/incident_update/incident_select.php
Select Incident
TechSupport/ch21_tech_support/incident_update/incident_update.php
TechSupport/ch21_tech_support/incident_update/index.php
TechSupport/ch21_tech_support/incident_update/technician_login.php
Technician Login
You must login before you can update an incident.
TechSupport/ch21_tech_support/index.php
Main Menu
TechSupport/ch21_tech_support/main.css
/* the styles for the HTML elements */
body {
margin-top: 0;
background-color: #BFCFFE;
font-family: Arial, Helvetica, sans-serif;
}
h1 {
font-size: 150%;
margin: 0;
padding: .5em 0 .25em;
}
h2 {
font-size: 120%;
margin: 0;
padding: .25em 0 .25em ;
}
h1, h2 {
color: black;
}
p {
margin: .5em 0 .5em 0;
padding: 0;
}
ul {
margin: 0;
padding: 0;
}
li {
margin: 0;
padding: 0;
}
ul.nav {
list-style-type: none;
margin-left: 0;
padding-left: 0;
}
ul.nav li {
padding-bottom: 0.5em;
}
a {
color: #3333CC;
font-weight: bold;
}
a:hover {
color: #3333CC;
}
table {
border: 1px solid #001963;
border-collapse: collapse;
}
td, th {
border: 1px dashed #001963;
padding: .2em .5em .2em .5em;
vertical-align: top;
text-align: left;
}
#no_border {
border: 0px;
}
#no_border td {
border: 0px;
}
form {
margin: 0;
}
br {
clear: left;
}
textarea {
font-family: Arial, Helvetica, sans-serif;
font-size: 80%;
}
/* the styles for the div tags that divide the page into sections */
#page {
width: 760px;
margin: 0 auto;
background-color: white;
border: 1px solid #001963;
}
#header {
margin: 0;
border-bottom: 2px solid black;
padding: .5em 2em;
}
#header h1 {
color: black;
margin: 0;
padding: 0;
}
#header p {
margin: 0;
padding: .25em 0 0 0;
}
#header ul {
margin: 0;
padding: 1em 0 0 0;
}
#main {
margin: 0;
padding: .5em 2em .25em;
}
#content {
padding-bottom: .25em;
}
#footer {
clear: both;
margin-top: 1em;
padding-right: 1em;
border-top: 2px solid black;
}
#footer p {
text-align: right;
font-size: 80%;
margin: 1em 0;
}
.right {
text-align: right;
}
.error {
color: red;
}
/********************************************************************
* Additional styles for aligned forms
********************************************************************/
#aligned {
margin: .5em 0 2em;
}
#aligned label {
width: 8em;
padding-right: 1em;
padding-bottom: .5em;
float: left;
}
#aligned input {
float: left;
}
#aligned input[text] {
width: 15em;
}
TechSupport/ch21_tech_support/model/admin_db.php
prepare($query);
$statement->bindValue(‘:username’, $username);
$statement->bindValue(‘:password’, $password);
$statement->execute();
if ($statement->rowCount() == 1) {
$valid = true;
} else {
$valid = false;
}
$statement->closeCursor();
return $valid;
}
?>
TechSupport/ch21_tech_support/model/country_db.php
prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
?>
TechSupport/ch21_tech_support/model/customer_db.php
prepare($query);
$statement->bindValue(‘:email’, $email);
$statement->bindValue(‘:password’, $password);
$statement->execute();
if ($statement->rowCount() == 1) {
$valid = true;
} else {
$valid = false;
}
$statement->closeCursor();
return $valid;
}
function get_customers() {
global $db;
$query = ‘SELECT * FROM customers
ORDER BY lastName’;
try {
$statement = $db->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_customers_by_last_name($last_name) {
global $db;
$query = ‘SELECT * FROM customers
WHERE lastName = :last_name
ORDER BY lastName’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:last_name’, $last_name);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_customer($customer_id) {
global $db;
$query = ‘SELECT * FROM customers
WHERE customerID = :customer_id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:customer_id’, $customer_id);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_customer_by_email($email) {
global $db;
$query = ‘SELECT * FROM customers
WHERE email = :email’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:email’, $email);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function delete_customer($customer_id) {
global $db;
$query = ‘DELETE FROM customers
WHERE customerID = :customer_id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:customer_id’, $customer_id);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function add_customer($first_name, $last_name,
$address, $city, $state, $postal_code, $country_code,
$phone, $email, $password) {
global $db;
$query = ‘INSERT INTO customers
(firstName, lastName,
address, city, state, postalCode, countryCode,
phone, email, password)
VALUES
(:first_name, :last_name,
:address, :city, :state, :postal_code, :country_code,
:phone, :email, :password)’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:first_name’, $first_name);
$statement->bindValue(‘:last_name’, $last_name);
$statement->bindValue(‘:address’, $address);
$statement->bindValue(‘:city’, $city);
$statement->bindValue(‘:state’, $state);
$statement->bindValue(‘:postal_code’, $postal_code);
$statement->bindValue(‘:country_code’, $country_code);
$statement->bindValue(‘:phone’, $phone);
$statement->bindValue(‘:email’, $email);
$statement->bindValue(‘:password’, $password);
$statement->execute();
$statement->closeCursor();
// Get the last product ID that was automatically generated
$id = $db->lastInsertId();
return $id;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function update_customer($customer_id, $first_name, $last_name,
$address, $city, $state, $postal_code, $country_code,
$phone, $email, $password) {
global $db;
$query = ‘UPDATE customers
SET firstName = :first_name,
lastName = :last_name,
address = :address,
city = :city,
state = :state,
postalCode = :postal_code,
countryCode = :country_code,
phone = :phone,
email = :email,
password = :password
WHERE customerID = :customer_id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:first_name’, $first_name);
$statement->bindValue(‘:last_name’, $last_name);
$statement->bindValue(‘:address’, $address);
$statement->bindValue(‘:city’, $city);
$statement->bindValue(‘:state’, $state);
$statement->bindValue(‘:postal_code’, $postal_code);
$statement->bindValue(‘:country_code’, $country_code);
$statement->bindValue(‘:phone’, $phone);
$statement->bindValue(‘:email’, $email);
$statement->bindValue(‘:password’, $password);
$statement->bindValue(‘:customer_id’, $customer_id);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
?>
TechSupport/ch21_tech_support/model/database.php
PDO::ERRMODE_EXCEPTION);
try {
$db = new PDO($dsn, $username, $password, $options);
} catch (PDOException $e) {
$error_message = $e->getMessage();
include(‘../errors/database_error.php’);
exit();
}
function display_db_error($error_message) {
include ‘../errors/db_error.php’;
exit;
}
?>
TechSupport/ch21_tech_support/model/database_oo.php
PDO::ERRMODE_EXCEPTION);
private static $db;
private function __construct() {}
public static function getDB () {
if (!isset(self::$db)) {
try {
self::$db = new PDO(self::$dsn,
self::$username,
self::$password,
self::$options);
} catch (PDOException $e) {
$error_message = $e->getMessage();
include(‘../errors/database_error.php’);
exit();
}
}
return self::$db;
}
}
?>
TechSupport/ch21_tech_support/model/fields.php
name = $name;
$this->message = $message;
}
public function getName() { return $this->name; }
public function getMessage() { return $this->message; }
public function hasError() { return $this->hasError; }
public function setErrorMessage($message) {
$this->message = $message;
$this->hasError = true;
}
public function clearErrorMessage() {
$this->message = ”;
$this->hasError = false;
}
public function getHTML() {
$message = htmlspecialchars($this->message);
if ($this->hasError()) {
return ‘‘ . $message . ‘‘;
} else {
return ‘‘ . $message . ‘‘;
}
}
}
class Fields {
private $fields = array();
public function addField($name, $message = ”) {
$field = new Field($name, $message);
$this->fields[$field->getName()] = $field;
}
public function getField($name) {
return $this->fields[$name];
}
public function hasErrors() {
foreach ($this->fields as $field) {
if ($field->hasError()) return true;
}
return false;
}
}
?>
TechSupport/ch21_tech_support/model/incident_db.php
prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_incidents_unassigned() {
global $db;
$query = ‘SELECT c.firstName, c.lastName,
p.name AS productName,
i.*
FROM incidents i
INNER JOIN customers c ON c.customerID = i.customerID
INNER JOIN products p ON p.productCode = i.productCode
WHERE techID IS NULL’;
try {
$statement = $db->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_incidents_assigned() {
global $db;
$query = ‘SELECT c.firstName AS customerFirstName, c.lastName AS customerLastName,
t.firstName AS techFirstName, t.lastName AS techLastName,
p.name AS productName,
i.*
FROM incidents i
INNER JOIN customers c ON c.customerID = i.customerID
INNER JOIN products p ON p.productCode = i.productCode
INNER JOIN technicians t ON t.techID = i.techID’;
try {
$statement = $db->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_incidents_by_technician($id) {
global $db;
$query = ‘SELECT c.firstName, c.lastName, i.*
FROM incidents i
INNER JOIN customers c ON c.customerID = i.customerID
WHERE techID = :id AND dateClosed IS NULL’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:id’, $id);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_incident($id) {
global $db;
$query = ‘SELECT *
FROM incidents
WHERE incidentID = :id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:id’, $id);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function add_incident($customer_id, $product_code, $title, $description) {
global $db;
$date_opened = date(‘Y-m-d’); // get current date in yyyy-mm-dd format
$query =
‘INSERT INTO incidents
(customerID, productCode, dateOpened, title, description)
VALUES (
:customer_id, :product_code, :date_opened,
:title, :description)’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:customer_id’, $customer_id);
$statement->bindValue(‘:product_code’, $product_code);
$statement->bindValue(‘:date_opened’, $date_opened);
$statement->bindValue(‘:title’, $title);
$statement->bindValue(‘:description’, $description);
$statement->execute();
$statement->closeCursor();
// Get the last product ID that was automatically generated
$id = $db->lastInsertId();
return $id;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function assign_incident($incident_id, $technician_id) {
global $db;
$query =
‘UPDATE incidents
SET techID = :technician_id
WHERE incidentID = :incident_id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:incident_id’, $incident_id);
$statement->bindValue(‘:technician_id’, $technician_id);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function update_incident($incident_id, $date_closed, $description) {
global $db;
$query =
‘UPDATE incidents
SET dateClosed = :date_closed,
description = :description
WHERE incidentID = :incident_id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:date_closed’, $date_closed);
$statement->bindValue(‘:description’, $description);
$statement->bindValue(‘:incident_id’, $incident_id);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
?>
TechSupport/ch21_tech_support/model/product_db.php
prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_products_by_customer($email) {
global $db;
$query = ‘SELECT products.productCode, products.name
FROM products
INNER JOIN registrations ON products.productCode = registrations.productCode
INNER JOIN customers ON registrations.customerID = customers.customerID
WHERE customers.email = :email’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:email’, $email);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_product($product_code) {
global $db;
$query = ‘SELECT * FROM products
WHERE productCode = :product_code’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:product_code’, $product_code);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function delete_product($product_code) {
global $db;
$query = ‘DELETE FROM products
WHERE productCode = :product_code’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:product_code’, $product_code);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function add_product($code, $name, $version, $release_date) {
global $db;
$query = ‘INSERT INTO products
(productCode, name, version, releaseDate)
VALUES
(:code, :name, :version, :release_date)’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:code’, $code);
$statement->bindValue(‘:name’, $name);
$statement->bindValue(‘:version’, $version);
$statement->bindValue(‘:release_date’, $release_date);
$statement->execute();
$statement->closeCursor();
// Get the last product ID that was automatically generated
$id = $db->lastInsertId();
return $id;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function update_product($code, $name, $version, $release_date) {
global $db;
$query = ‘UPDATE products
SET name = :name,
version = :version,
releaseDate = :release_date
WHERE productCode = :product_code’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:code’, $code);
$statement->bindValue(‘:name’, $name);
$statement->bindValue(‘:version’, $version);
$statement->bindValue(‘:release_date’, $release_date);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
?>
TechSupport/ch21_tech_support/model/registration_db.php
prepare($query);
$statement->bindValue(‘:customer_id’, $customer_id);
$statement->bindValue(‘:product_code’, $product_code);
$statement->bindValue(‘:date’, $date);
$statement->execute();
$statement->closeCursor();
// Get the last product ID that was automatically generated
$id = $db->lastInsertId();
return $id;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
?>
TechSupport/ch21_tech_support/model/technician.php
first_name = $first_name;
$this->last_name = $last_name;
$this->email = $email;
$this->phone = $phone;
$this->password = $password;
}
public function getID() {
return $this->id;
}
public function setID($value) {
$this->id = $value;
}
public function getFirstName() {
return $this->first_name;
}
public function setFirstName($value) {
$this->first_name = $value;
}
public function getLastName() {
return $this->last_name;
}
public function setLastName($value) {
$this->last_name = $value;
}
public function getFullName() {
return $this->first_name . ‘ ‘ . $this->last_name;
}
public function getEmail() {
return $this->email;
}
public function setEmail($value) {
$this->email = $value;
}
public function getPhone() {
return $this->phone;
}
public function setPhone($value) {
$this->phone = $value;
}
public function getPassword() {
return $this->password;
}
public function setPassword($value) {
$this->password = $value;
}
}
?>
TechSupport/ch21_tech_support/model/technician_db.php
prepare($query);
$statement->bindValue(‘:email’, $email);
$statement->bindValue(‘:password’, $password);
$statement->execute();
if ($statement->rowCount() == 1) {
$valid = true;
} else {
$valid = false;
}
$statement->closeCursor();
return $valid;
}
function get_technicians() {
global $db;
$query = ‘SELECT * FROM technicians
ORDER BY lastName’;
try {
$statement = $db->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_technicians_with_count() {
global $db;
$query = ‘SELECT *,
(SELECT COUNT(*) FROM incidents
WHERE incidents.techID = technicians.techID) AS openIncidentCount
FROM technicians
ORDER BY openIncidentCount’;
try {
$statement = $db->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_technician($id) {
global $db;
$query = ‘SELECT * FROM technicians
WHERE techID = :id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:id’, $id);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function get_technician_by_email($email) {
global $db;
$query = ‘SELECT * FROM technicians
WHERE email = :email’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:email’, $email);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
return $result;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function delete_technician($technician_id) {
global $db;
$query = ‘DELETE FROM technicians
WHERE techID = :technician_id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:technician_id’, $technician_id);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
function add_technician($first_name, $last_name, $email, $phone, $password) {
global $db;
$query = ‘INSERT INTO technicians
(firstName, lastName, email, phone, password)
VALUES
(:first_name, :last_name, :email, :phone, :password)’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:first_name’, $first_name);
$statement->bindValue(‘:last_name’, $last_name);
$statement->bindValue(‘:email’, $email);
$statement->bindValue(‘:phone’, $phone);
$statement->bindValue(‘:password’, $password);
$statement->execute();
$statement->closeCursor();
// Get the last product ID that was automatically generated
$id = $db->lastInsertId();
return $id;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
function update_technician($id, $first_name, $last_name, $email, $phone, $password) {
global $db;
$query = ‘UPDATE technicians
SET firstName = :first_name,
lastName = :last_name,
email = :email,
phone = :phone,
password = :password
WHERE technicianID = :id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:id’, $id);
$statement->bindValue(‘:first_name’, $first_name);
$statement->bindValue(‘:last_name’, $last_name);
$statement->bindValue(‘:email’, $email);
$statement->bindValue(‘:phone’, $phone);
$statement->bindValue(‘:password’, $password);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
?>
TechSupport/ch21_tech_support/model/technician_db_oo.php
prepare($query);
$statement->execute();
$rows = $statement->fetchAll();
$statement->closeCursor();
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
// convert the array of rows to an array of Technician objects
$technicians = array();
foreach($rows as $row) {
$t = new Technician(
$row[‘firstName’], $row[‘lastName’],
$row[’email’], $row[‘phone’], $row[‘password’]);
$t->setID($row[‘techID’]);
$technicians[] = $t;
}
return $technicians;
}
public static function deleteTechnician($technician_id) {
$db = Database::getDB();
$query = ‘DELETE FROM technicians
WHERE techID = :technician_id’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:technician_id’, $technician_id);
$row_count = $statement->execute();
$statement->closeCursor();
return $row_count;
} catch (PDOException $e) {
display_db_error($e->getMessage());
}
}
public static function addTechnician($t) {
$db = Database::getDB();
$first_name = $t->getFirstName();
$last_name = $t->getLastName();
$email = $t->getEmail();
$phone = $t->getPhone();
$password = $t->getPassword();
$query = ‘INSERT INTO technicians
(firstName, lastName, email, phone, password)
VALUES
(:first_name, :last_name, :email, :phone, :password)’;
try {
$statement = $db->prepare($query);
$statement->bindValue(‘:first_name’, $first_name);
$statement->bindValue(‘:last_name’, $last_name);
$statement->bindValue(‘:email’, $email);
$statement->bindValue(‘:phone’, $phone);
$statement->bindValue(‘:password’, $password);
$statement->execute();
$statement->closeCursor();
// Get the last product ID that was automatically generated
$id = $db->lastInsertId();
return $id;
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
}
?>
TechSupport/ch21_tech_support/model/validate.php
fields = new Fields();
}
public function getFields() {
return $this->fields;
}
// Validate a generic text field
public function text($name, $value,
$required = true, $min = 1, $max = 255) {
// Get Field object
$field = $this->fields->getField($name);
// If field is not required and empty, remove errors and exit
if (!$required && empty($value)) {
$field->clearErrorMessage();
return;
}
// Check field and set or clear error message
if ($required && empty($value)) {
$field->setErrorMessage(‘Required.’);
} else if (strlen($value) < $min) {
$field->setErrorMessage(‘Too short.’);
} else if (strlen($value) > $max) {
$field->setErrorMessage(‘Too long.’);
} else {
$field->clearErrorMessage();
}
}
// Validate a field with a generic pattern
public function pattern($name, $value, $pattern, $message,
$required = true) {
// Get Field object
$field = $this->fields->getField($name);
// If field is not required and empty, remove errors and exit
if (!$required && empty($value)) {
$field->clearErrorMessage();
return;
}
// Check field and set or clear error message
$match = preg_match($pattern, $value);
if ($match === false) {
$field->setErrorMessage(‘Error testing field.’);
} else if ( $match != 1 ) {
$field->setErrorMessage($message);
} else {
$field->clearErrorMessage();
}
}
public function phone($name, $value, $required = false) {
$field = $this->fields->getField($name);
// Call the text method and exit if it yields an error
$this->text($name, $value, $required);
if ($field->hasError()) { return; }
// Call the pattern method to validate a phone number in the (999) 999-9999 format
$pattern = ‘/^\([[:digit:]]{3}\) [[:digit:]]{3}-[[:digit:]]{4}$/’;
$message = ‘Use (999) 999-9999 format.’;
$this->pattern($name, $value, $pattern, $message, $required);
}
public function email($name, $value, $required = true) {
$field = $this->fields->getField($name);
// If field is not required and empty, remove errors and exit
if (!$required && empty($value)) {
$field->clearErrorMessage();
return;
}
// Call the text method and exit if it yields an error
$this->text($name, $value, $required);
if ($field->hasError()) { return; }
// Split email address on @ sign and check parts
$parts = explode(‘@’, $value);
if (count($parts) < 2) {
$field->setErrorMessage(‘At sign required.’);
return;
}
if (count($parts) > 2) {
$field->setErrorMessage(‘Only one at sign allowed.’);
return;
}
$local = $parts[0];
$domain = $parts[1];
// Check lengths of local and domain parts
if (strlen($local) > 64) {
$field->setErrorMessage(‘Username part too long.’);
return;
}
if (strlen($domain) > 255) {
$field->setErrorMessage(‘Domain name part too long.’);
return;
}
// Patterns for address formatted local part
$atom = ‘[[:alnum:]_!#$%&\’*+\/=?^`{|}~-]+’;
$dotatom = ‘(\.’ . $atom . ‘)*’;
$address = ‘(^’ . $atom . $dotatom . ‘$)’;
// Patterns for quoted text formatted local part
$char = ‘([^\\\\”])’;
$esc = ‘(\\\\[\\\\”])’;
$text = ‘(‘ . $char . ‘|’ . $esc . ‘)+’;
$quoted = ‘(^”‘ . $text . ‘”$)’;
// Combined pattern for testing local part
$localPattern = ‘/’ . $address . ‘|’ . $quoted . ‘/’;
// Call the pattern method and exit if it yields an error
$this->pattern($name, $local, $localPattern,
‘Invalid username part.’);
if ($field->hasError()) { return; }
// Patterns for domain part
$hostname = ‘([[:alnum:]]([-[:alnum:]]{0,62}[[:alnum:]])?)’;
$hostnames = ‘(‘ . $hostname . ‘(\.’ . $hostname . ‘)*)’;
$top = ‘\.[[:alnum:]]{2,6}’;
$domainPattern = ‘/^’ . $hostnames . $top . ‘$/’;
// Call the pattern method
$this->pattern($name, $domain, $domainPattern,
‘Invalid domain name part.’);
}
public function password($name, $password, $required = true) {
$field = $this->fields->getField($name);
if (!$required && empty($value)) {
$field->clearErrorMessage();
return;
}
// Must be at least 6 characters
$this->text($name, $password, $required, 6, 20);
if ($field->hasError()) { return; }
}
}
?>
TechSupport/ch21_tech_support/nbproject/private/config.properties
TechSupport/ch21_tech_support/nbproject/private/private.properties
auxiliary.org-netbeans-modules-web-client-tools-api.clientdebug=false
auxiliary.org-netbeans-modules-web-client-tools-api.dialogShowDebugPanel=true
auxiliary.org-netbeans-modules-web-client-tools-api.FIREFOX=true
auxiliary.org-netbeans-modules-web-client-tools-api.INTERNET_5f_EXPLORER=false
auxiliary.org-netbeans-modules-web-client-tools-api.serverdebug=true
run.as=LOCAL
url=http://localhost/project_solutions/ch21_tech_support/
TechSupport/ch21_tech_support/nbproject/private/private.xml
TechSupport/ch21_tech_support/nbproject/project.properties
include.path=${php.global.include.path}
php.version=PHP_5
source.encoding=UTF-8
src.dir=.
tags.asp=false
tags.short=true
web.root=.
TechSupport/ch21_tech_support/nbproject/project.xml
org.netbeans.modules.php.project
ch21_tech_support
TechSupport/ch21_tech_support/product_manager/index.php
TechSupport/ch21_tech_support/product_manager/product_add.php
Add Product
TechSupport/ch21_tech_support/product_manager/product_list.php
Product List
| Code | Name | Version | Release Date | |
|---|---|---|---|---|
TechSupport/ch21_tech_support/product_register/customer_login.php
Customer Login
You must login before you can register a product.
TechSupport/ch21_tech_support/product_register/index.php
TechSupport/ch21_tech_support/product_register/product_register.php
Register Product
You are logged in as
TechSupport/ch21_tech_support/technician_manager/index.php
TechSupport/ch21_tech_support/technician_manager/technician_add.php
Add Technician
TechSupport/ch21_tech_support/technician_manager/technician_list.php
Technician List
| Name | Phone | Password | ||
|---|---|---|---|---|
| getFullName(); ?> | getEmail(); ?> | getPhone(); ?> | getPassword(); ?> |
TechSupport/ch21_tech_support/under_construction.php
Sorry, this page is currently under construction.
We’ll finish it as quickly as we can. Thanks!
TechSupport/ch21_tech_support/util/secure_conn.php
TechSupport/ch21_tech_support/util/valid_admin.php
TechSupport/ch21_tech_support/util/valid_customer.php
TechSupport/ch21_tech_support/util/valid_technician.php
TechSupport/ch21_tech_support/view/footer.php