Basic Content

You will copy the existing $("$sessions$")$ project and paste it into a NEW folder called "hashbrown". Modify the newly copied version as described below:

Create a brand new table called secureusers with the same fields as the users table from the "Keepin' the Session Alive" assignment.

Be sure to make the password field a varchar$(512)$ or larger in order to fit the hashed password string.

Be sure to make the table on your local machine and your remote server.

Create a button$/$link called "users" which goes to a page called users.php

When clicking on "users" it shows the username and password for all users as they are stored in the database

Note: in the real world, this is foolish and an obvious security risk. However, for grading purposes $($and since this is not a real site$),$ I need it to be present.

Add a new button$/$link to the form called "create account"

When the user clicks on the button a new page will load called "create$-$account.php$"$ which will have a web form with the following:

User Name Field

Password Field

Verify Password Field

Submit Button called "Create Account"

Reset Button

Link to the Log In page.

Verify that the "password" and "verify password" fields match each other or an error message must be shown

Be sure to display an appropriate error message on the page if needed

Be sure to keep all of the user's entered data in each of the fields.

Until these two fields match, they will not be able to create an account

Your PHP code will need to do several things:

Make sure the newly entered user name is not already in the database

If the user doesn't exist, and the passwords match each other, insert the new username and password, and be sure to salt and hash the password.

Note: do NOT use the PHP function password$\_$hash$().$

Create your own hashing function that uses your own salt and uses the PHP hash$()$ function

Display a message stating that the user was created successfully along with a link to the log in page

The two password fields must not show the values entered by the user $($it should show dots instead$)$

Once the user creates an account they will be able to log in to the system using the newly created account

Be sure that the original users $($i$.$e$.,$ chuck, car, dog, bob$)$ can still log in

Hint: you'll have to modify things to make sure that their passwords are hashed with your newly created hashing function

Style the site $($all pages$)$

Think about font sizes, colors, styles, etc.

Think about the user experience $($UX$)$

Think about padding, and margin

The site needs to look "clean" not cluttered

It needs to be a pleasant user experiences

Error messages and other text need to be easy to read, and noticeable rather than placed "randomly"

Be thoughtful about the user's experience.

Advanced Content

In the real world, a real programmer has to be good at researching online. The Advanced Content section is meant to prepare you for that. Below is a list of a few items that purposely aren't fully $($or at all$)$ covered in the lectures $/$ videos. The intent is to get you used to the idea of taking what you know and branching out through a little bit of research online, just like in the real, post$-$school, world. :$)$

Use the PHP documentationLinks to an external site. and $($as a secondary source$)$ W$3$SchoolsLinks to an external site..

Correctly implement the following items on your page:

If the user tries the wrong password $3$ times in a row, then remove the web form completely and display a message that says "Account Locked"

Note: the account doesn't actually need to be locked. Just display a message saying so$.$

Upon logging in$,$ display a message with the users name along with a message that states how many times they've logged into the system

Hint: you'll need to track their logins in the database