Trusted WP2250 Assignment 2.

Overview Russel Street Medical are happy with your work and want you to continue developing their website. The website should be hosted on Coreteaching from the url below: (where yoursid is your student number). Website Expansion and Code Practice [5 marks] Your wp directory should be protected with a .htaccess file. If you already have a .htaccess file in your wp or public_html directories, both directories should be protected; if not place a copy of the .htaccess from your a1 directory into your a2 directory. You will need to create more PHP files: tools.php: a file that contains functions common to all pages and to reduce webpage clutter. administration.php: a webpage that shows a login screen to all users by default and administration information to authorised users, eg patient booking requests and an add user facility. appointments.txt: a spreadsheet that you will write to using fputcsv() and read from using fgetcsv(). accessattempts.txt: a spreadsheet that you will write to using fputcsv() users.txt: a spreadsheet that you will write to using fputcsv() and read from using fgetcsv(). Note: The spreadsheets will need to have 606 permissions as PHP will need to write to them. It will help if you put the spreadsheet headings in manually initially, then each booking is appended to the spreadsheet without the need to write the headings in each time. Marks will also be awarded for code organisation and indentation. Page 1 of 4 RMIT Classification: Trusted Carousel Gallery [5 marks] The client would like a carousel gallery on the home page (index.php) of at least five images that automatically cycle and have the option of a user stepping backwards and forwards though the gallery by clicking direction area / buttons or thumbnails of each image. This can be a Javascript or jQuery plugin that you source on the internet OR if you wish you can build your own. Includes and Modules [5 marks] Place your common code areas such as the top of each page (ie DOCTYPE head, opening body tag and header element) and the bottom (ie footer element and closing body & html tags) into external files and include it into your pages with the require_once() function. The page title should be set with a variable (or some equivalent method) and be different on each page. Each page should include the tools.php file and have access to the session object, a suggestion is to have session_start() near or at the top of the tools.php file. Patient Booking Facility [10 marks] All $_POST data from the booking page form in assignment 1 should be checked client side and also server-side to guard against hackers and cater for those without Javascript enabled. Any errors detected server-side should be placed near the field in error and the previous inputs should preserve state, eg text fields should have the same text, checkbox attributes should be checked. TIP: To bypass client-side validation, include this submit button in your forms: <button formnovalidate>Submit without validation</button> Note: The client-side validation can be performed using an external plugin, HTML5 patterns, or using your own Javascript code. If the data is all correct, the booking request should be appended to the new appointments.txt spreadsheet using fputcsv() along with the time that the booking was made. The data can be comma or tab delimited (ie your choice of delimiter) along with the date and time that the patient submitted the booking request. If no errors are detected a booking confirmation message should be displayed letting the patient know that the office will be in touch soon with a set time, and with a link back to the home page. Page 2 of 4 RMIT Classification: Trusted Administration Page with Basic Login & Logout Facility [10 marks] Note: The administration page layout and design can be put together using a Bootstrap template if you wish. The administration team would like an administration page that displays a username / password login form if no one is logged in, ie if $_SESSION[user] is not set. Set up the admin page to allow at least two of the three staff members to log in with the username / password credentials below: Stephen : Drs123! Abigale : Dra456! Kiyoko : Nki789! The username & passwords can be hard coded in tools.php for this part or included in the users.txt spreadsheet. Once a user is logged in, ie if $_SESSION[user] is set, they would like to see a Welcome {username} message and a logout button which restores the initial log in form content. When logged in they also want to see a table of all booking requests found in appointments.txt. From there, the admin staff will enter times into their own proprietary booking system (ie not a part of this assignment) and contact patients to arrange actual appointment times. The client would like you to modify the requested booking date (ie the date the patient wants an appointment and not the date that the booking was made) so it is easier for a human to read, eg “2022-10-17” should be displayed as “Monday, 17th October 2022”. Have a look through PHPs date and time function library to find a function that does this, ie do not write your own unless you are really keen! Administration Page with User Register Facility [5 marks] The admin page is upgraded to: Read the users.txt file for valid username & password rather than hard coded values. Allows a logged in user to register (append) another user in a spreadsheet called users.txt. Makes sure no duplicate logins are made, eg two stephens. Any failed login attempt should have one simple message that the attempt was not successful near the form. All unsuccessful login attempts should be appended to accessattempts.txt with just the username and date-time of the attempt. Page 3 of 4 RMIT Classification: Trusted Marking Rubric [40 marks] Website Expansion and Code Practice [5 marks] Carousel Gallery [5 marks] Includes and Modules [5 marks] Patient Booking Facility with Server-side Validation [10 marks] Administration Page with Basic Login & Logout Facility [10 marks] Administration Page with User Register Facility [5 marks] Page 4 of 4