This lab will show you how to make a form that generates and email message. Then when you click on the email link, it will update a database with a person's new password. You will create 5 small html/php scripts. Put them in a folder called lab09. Upload them to public_html/lab09 and they will be called by: http://weblab.salemstate.edu/~S0273260/lab09/register.html Be sure to not allow any SQL injection attacks in the code by calling the dbescape function of your database.php script or another method of your choosing. You will have to create a new MySQL table for use in this lab. You can call it Lab09 if you want, and it will need these columns: l9_id INTEGER UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY l9_email VARCHAR(64) l9_pwhash VARCHAR(64) l9_verified INTEGER NOT NULL DEFAULT 0 You can either use the mysql command line program to create the table or you can use the http://weblab.salemstate.edu/phpmyadmin web page to create the table. 1) register.html: a) Display a simple form with email address and password input boxes and a submit button. Decide on what names to give the two input boxes. b) When submit is clicked, send the entered email address and password (via POST) to a script called register.php    
 ...input boxes ...submit button 
   2) register.php (about 12 lines of PHP code): a) Open database by requiring database.php. Since register.php is in a folder lab09 under public_html and your database.php file is in public_html, you will need: require_once '../database.php'; ...to include it. If you put database.php in that data_files directory, you would need: require_once '../../data_files/database.php'; ...to include it. b) Get email address and password from URL. c) Check database for duplicate email address, die if found. d) Use the passhash() function given in the hw02-bb.html page to generate the password hash string. You might want to put the passhash() and passtest() functions at the bottom of your database.php file. e) Write given email address and password hash to database. f) Send email message with this URL: http://weblab.salemstate.edu/~S1234567/lab09/ verify.php?userid=$userid&last16=$last16 ...where $userid is the userid from writing database record and last16 is the last 16 characters of the password hash Use the php mail() function to send an email message: $email = email address entered on form $theurl = url as shown above mail ($email, "Verification Link", $theurl); For testing purposes, you can always send to your real email address, and that will let you use made-up email addresses to register with. So make everything in the file the same as before, just use this to send the email: mail ("your real address", "Verification Link", $theurl); g) echo "Please check email $email for verification link" 3) verify.php (about 10 lines of PHP code): a) open database b) get userid and last16 from URL clicked in email message you should use either $_GET or $_REQUEST to retrieve the values c) read database record using the userid, error if not found d) check last16 against last 16 characters of l9_pwhash, error if not matched e) mark record as verified by setting l9_verified=1 f) echo "successfully verified, go to login.html to log in" 4) login.html: a) display a simple form with an email address and password box and a submit button b) when submit is clicked, sends the entered email address and password (via POST) to a script called login.php Note: you can copy register.html and just change the action to login.php 5) login.php (about 10 lines of PHP code, the first half is the same as register.php): a) open database b) get email address and password from URL c) read record from database for that email address, error if not found, eg, die ("email address not found"); d) verify the password hash, error if doesn't match, eg, die ("bad password"); you can use the passtest() function given in hw02-bb.html e) check for l9_verified = 1, error if not f) echo "success" if match found