CS 315 Project Milestone 4: PHP/Databases/Security

Assigned: 5 November 2018   Due: 3 December 2018

The fourth and final Milestone for your project requires you to augment your site with PHP that interacts with a database. As with Milestone 2, the focus for this milestone is on giving the user ways to interact with your site and affect the information that they receive. For most of you this will probably happen through the use of form data that is processed by PHP resulting in dynamically constructed web pages and database inserts/selects. Something involving AJAX, with PHP/database backend could also be reasonable for this milestone.

For this milestone I also want you to do a thorough security analysis of your site. I want you to describe all of the security issues that you think are relevant to your site and what you have done to address them. For most of you these issues include (but are not limited to) the possibilities of html injection and SQL injection. Please include this report as part of the annotation of your milestone that you submit.

Where possible your pages should use valid HTML5 syntax. You should validate your pages using the W3 validator as described in class. You should primarily use an external style sheet, with inline or document styles as needed for particular documents. When you need to use something that won't validate, you should clearly indicate what you are doing. Gratuitously nonvalidating pages are not acceptable. Note that this applies to your dynamically created pages, as well as your static pages.

The new portion of your project will be evaluated based on its adherence to the requirements, its demonstration of your understanding of a reasonable amount of PHP, its use of well-written, well-documented PHP code, well-defined database tables, well-written SQL for interacting with the database, and the level of creativity is exhibits.

When you submit this milestone you are also submitting the final version of your project. Your overall project will be evaluated on how well it demonstrates competent use of the different technologies we studied this semester, the amount of effort that it shows, the overall coherence of the design and its creativity. Be sure that the link you submit is for your entire project.

Turn in your submission using the Assignment Submission Page for this class. Be sure that your submitted URL will remain stable while I am grading it. As with previous milestones, I also want you to give me a link to a short document that describes what you have done with PHP and databases on your pages and any design decisions and compromises you have made. This annotation page should also link to accessible versions of your PHP scripts so that I can look at them. Accessible means that they have an extension such as .phps that my browser doesn't try to interpret. You should also use the annotation to tell me about any aspect of your site that you want me to be sure not to miss when I am evaluating it. Again, this annotation page is also where your security analysis will go. Also the definition of any SQL tables that you define should go in the annotations. Please make the annotation page in HTML, so that the page displays readably and the links are clickable.