Using the application code in W1 Assignment 3, you will further examine the potential for attack and defense in the areas of input validation, access control, and session management.
Click here to access the code (you will need to modify the code based on the questions below).
Create a report in a 2- to 3-page Microsoft Word document addressing the following:
· Locate the PHP code for validating the user's login information. Use the variables defined there to restrict the content page to only those who have successfully logged into the system.
· Describe how the session is managed from page to page in the application. How long is the session active by default? What conditions will end the session?
· Identify the form validation rules that need to be put in place for the login form and the registration form. What format should the data have? What is the maximum length of each item? Identify the necessary functions in JavaScript and PHP to create these validation rules and list them in your report.
Note: You will write the functions for the form validation in W3 Assignment 2, so the more you prepare now the simpler that exercise will be.
Support your responses with examples.
Cite any sources in APA format.
RUNNING HEAD: The PHP Code 1
The PHP Code
Brandon Whitley
South University Online
ITS4221
April 7, 2015
Introduction
PHP is a server-side scripting language, which is specially designed for development of websites. It is also used as a general purpose programming language. PHP was originally created in 1994, by Rasmus Randorf and was successfully installed in over 240 million websites. Originally, PHP stood for Personal Home page but is nowadays used to refer to HypertextPreprocessor. The code can easily be used with a combination of other engines or be mixed with HTML, (Turland, 2011). This paper examines the potential for attack and defense in the areas of input validation, access control and session management.
Locate the PHP code for validating the user's login information. Use the variables defined there to restrict the content page to only those who have successfully logged into the system.
The PHP code used for validating user’s login information is ‘config.php’. First, the common code is executed to connection to the database and for the session to start, the ‘common.php’ variable is required. At the top of the page, the process of ensuring that the user is either logged in or out takes place. If the user is not logged in, they are redirected to the log in page with the header ‘location: login.php’. With this, it is crucial as it permits only the accounts owner to view details in his or her account and no trespass to other users’ account. The content in the page is highly restricted to only those who have successfully logged into the system. The variables used in PHP are presented using the dollar sign followed by the name of the variable, which is case sensitive. Variables used are: $var, $4site and $tayte among ot ...
Using the application code in W1 Assignment 3, you will further ex.docx
1. Using the application code in W1 Assignment 3, you will
further examine the potential for attack and defense in the areas
of input validation, access control, and session management.
Click here to access the code (you will need to modify the code
based on the questions below).
Create a report in a 2- to 3-page Microsoft Word document
addressing the following:
· Locate the PHP code for validating the user's login
information. Use the variables defined there to restrict the
content page to only those who have successfully logged into
the system.
· Describe how the session is managed from page to page in the
application. How long is the session active by default? What
conditions will end the session?
· Identify the form validation rules that need to be put in place
for the login form and the registration form. What format should
the data have? What is the maximum length of each item?
Identify the necessary functions in JavaScript and PHP to create
these validation rules and list them in your report.
Note: You will write the functions for the form validation in W3
Assignment 2, so the more you prepare now the simpler that
exercise will be.
Support your responses with examples.
Cite any sources in APA format.
RUNNING HEAD: The PHP Code 1
2. The PHP Code
Brandon Whitley
South University Online
ITS4221
April 7, 2015
Introduction
PHP is a server-side scripting language, which is specially
designed for development of websites. It is also used as a
general purpose programming language. PHP was originally
created in 1994, by Rasmus Randorf and was successfully
installed in over 240 million websites. Originally, PHP stood
for Personal Home page but is nowadays used to refer to
HypertextPreprocessor. The code can easily be used with a
combination of other engines or be mixed with HTML,
(Turland, 2011). This paper examines the potential for attack
and defense in the areas of input validation, access control and
session management.
Locate the PHP code for validating the user's login information.
Use the variables defined there to restrict the content page to
only those who have successfully logged into the system.
The PHP code used for validating user’s login information is
‘config.php’. First, the common code is executed to connection
to the database and for the session to start, the ‘common.php’
variable is required. At the top of the page, the process of
ensuring that the user is either logged in or out takes place. If
the user is not logged in, they are redirected to the log in page
with the header ‘location: login.php’. With this, it is crucial as
it permits only the accounts owner to view details in his or her
account and no trespass to other users’ account. The content in
3. the page is highly restricted to only those who have successfully
logged into the system. The variables used in PHP are presented
using the dollar sign followed by the name of the variable,
which is case sensitive. Variables used are: $var, $4site and
$tayte among others. In case the user enters a wrong email
address, the filter option displays certain information to
validate the codes and accept the sign in attempts.
Describe how the session is managed from page to page in the
application. How long is the session active by default? What
conditions will end the session?
Genuine account users will have all the information required for
log in details and provide them on time. Delays in this case, are
not flagged off, and the account may be suspended for a while
until further verifications are made by the rightful owner. After
the user enters the CAPTCHA code correctly, a database table is
designed to necessitate storage of the username, password,
account creation time, number r of log in attempts and last
logged in IP address. These are very crucial in determining who
logged in last in the system, (Tyson, 2014). The session is
active by default for a maximum of twenty four hours before
any sign out attempts are noted. This is the maximum amount of
time the account is expected to remain inactive before the
default pages are restored, for the purpose of data security.
Identify the form validation rules that need to be put in place
for the login form and the registration form. What format should
the data have? What is the maximum length of each item?
Identify the necessary functions in JavaScript and PHP to create
these validation rules and list them in your report.
By default, the validation framework expects the user to key in
information into selected or marked fields. Validation rules are
specified per action for example, the ‘action class’ where the
java class name of the action element is specified. Secondly, the
XML file is required to be placed in the class path (Leon,
2001). This is the same location as the action class where rules
are further specified using validators. The maximum length for
each item is six characters and the format entirely depends on
4. the data types used. Examples of validators are: field validators
and non-field validators.
References
Turland, M. (2011). PHP Master. London: Cengage learning.
Tyson, S. (2014). Decode the PHP Codes. New York:
Cambridge University Press.
Leon, A. (2001). Core PHP Programming. California: CRC
Press.
As you progress through the course, you will need a good
understanding of the files in this folder. There is guidance
below
on the database used for the login/registration application and a
list of files included. Pay attention to what files
should and should not be modified. Each modifiable file has
notes for code that should not be edited.
It is recommended that you view these files using Notepad++
(http://notepad-plus-plus.org/) or similar editor.
Database Structure:
email (Primary Key) - varchar(50) // Email address
fname - varchar(30) // First name
lname - varchar(30) // Last name
pw - varchar(20) // Password
id - varchar(50) // Session ID (Unix time value for valid
session)
Files:
// DO NOT EDIT:
index.html // Redirect page to index.php
index.php // Sets up application page
5. include/view.html // Result if login is successful and navigation
link is clicked - This is a test page
include/header.html // This sets the visual display of the page -
Review content for testing and validation rules
include/desc.html // This is the default page when no navigation
is active
// MODIFY AS NEEDED
include/main.js // This is the main JavaScript for the application
- you will add validation rules here
include/main.php // This is the main script of the application -
you will add validation and modifications here
Using the application code in W1 Assignment 3, you will
further examine the potential for attack and defense in the areas
of input validation, access control, and session management.
Click here to access the code (you will need to modify the code
based on the questions below).
Create a report in a 2- to 3-page Microsoft Word document
addressing the following:
· Locate the PHP code for validating the user's login
information. Use the variables defined there to restrict the
content page to only those who have successfully logged into
the system.
· Describe how the session is managed from page to page in the
application. How long is the session active by default? What
conditions will end the session?
· Identify the form validation rules that need to be put in place
for the login form and the registration form. What format should
the data have? What is the maximum length of each item?
Identify the necessary functions in JavaScript and PHP to create
these validation rules and list them in your report.
Note: You will write the functions for the form validation in W3
Assignment 2, so the more you prepare now the simpler that