phpMyAdmin 2. Register, Login, and Vote! (VLR) The Scenario On a shell prompt, y
ID: 3862417 • Letter: P
Question
phpMyAdmin
2. Register, Login, and Vote! (VLR) The Scenario On a shell prompt, you (a user) would get asked if you want to login to vote in the election for the presidency of the dbs17 class. If you already an existing member, then the shell prompt would ask you to enter your username and password. If you are not a member, then you need to register. You get asked to pick a username, password, name, and email (all fields are required). If username has been used before, you will be notified to reenter a new one. After registration, you can login, and then you get to vote and pick a candidate, a member/candidate can vote and self-vote, can’t vote to the same candidate twice, and no limitation on the number of votes casted. A special user named “admin”, with a space (“ ”) as the password, that can’t vote, who can display all registered members’ info, add/delete members, assign/un-assign a member to become a candidate and vice versa, and then can display simple count stats on the race status at any moment
Q__ Create and use stored procedures that validates the user existence to login, add/delete members, assign/un-assign members, and vote. If you want to use more stored procedures, functions, views, triggers, etc. feel free to do so.
Explanation / Answer
config.php
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'databasetest');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
login.php
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT username, status FROM admin WHERE username = '$myusername' and passcode = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$status = $row['status'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
if($status != 0){
echo "alredy voted";
}
else{
$query = "UPDATE admin SET status=1 WHERE name='$myusername'";
echo "$query";
$res1 = mysqli_query($db,$query);
$_SESSION['login_user'] = $myusername;
//header("location: home.php");
}
}else {
$error = "Your Login Name or Password is invalid";
header("location: register.php");
}
}
?>
<html>
<head>
<title>Login Page</title>
<style type = "text/css">
body {
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label {
font-weight:bold;
width:100px;
font-size:14px;
}
.box {
border:#666666 solid 1px;
}
</style>
</head>
<body bgcolor = "#FFFFFF">
<div align = "center">
<div align = "left">
<div><b>Login</b></div>
<div>
<form action = "" method = "post">
<label>UserName :</label><input type = "text" name = "username" class = "box"/><br /><br />
<label>Password :</label><input type = "password" name = "password" class = "box" /><br/><br />
<input type = "submit" value = " Submit "/><br />
</form>
<div><?php echo $error; ?></div>
</div>
</div>
</div>
</body>
</html>
welcome.php
<?php
include('session.php');
?>
<html">
<head>
<title>Welcome </title>
</head>
<body>
<h1>Welcome <?php echo $login_session; ?></h1>
<h2><a href="logout.php">Sign Out</a></h2>
</body>
</html>
register.php
<div class="container">
<form class="form-signin" method="POST" action="./regdb.php">
<h2 class="form-signin-heading">Please Register</h2>
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">@</span>
<input type="text" name="username" class="form-control" placeholder="Username" required>
</div>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
<a class="btn btn-lg btn-primary btn-block" href="login.php">Login</a>
</form>
</div>
regdb.php
<?php
require('config.php');
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO `admin` (username, passcode, email) VALUES ('$username', '$password', '$email')";
$result = mysqli_query($db, $query);
if($result){
$smsg = "User Created Successfully.";
header("location: login.php");
}else{
$fmsg ="User Registration Failed";
echo fmsg;
}
}
?>
home.php
<p>
Select Candidate?
<form class="form-signin" method="POST" action="./vote.php">
<select name="candidate">
<option value="">Select candidate</option>
<option value="one">one</option>
<option value="two">two</option>
</select>
<button class="btn btn-lg btn-primary btn-block" type="submit">Vote</button>
</form>
</p>
vote.php
<?php
require('config.php');
echo "hi";
$candidate= $_POST["candidate"];
echo $candidate;
$sql = "SELECT votes FROM candidate WHERE name = '$candidate'";
$votesRs = mysqli_query($db,$sql);
$row = mysqli_fetch_array($votesRs,MYSQLI_ASSOC);
$votes = $row['votes'];
echo $votes;
$votesNew= $votes+1;
echo "hi";
$query = "UPDATE candidate SET votes=$votesNew WHERE name='$candidate'";
echo "$query";
$res = mysqli_query($db,$query);
if($res){
header("location: welcome.php");
}
else{
header("location: login.php");
}
?>
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.