Objective
Demonstrate your knowledge and understanding of web development and website design.
Delays caused by computer downtime cannot be accepted as a valid reason for a late submission without penalty.
Students must plan their work to allow for both scheduled and unscheduled downtime.
The LMS will be configured to allow you to submit as many times as you like, the most recent version will be marked.
Late submissions will incur a 5% penalty for each day that it is late.
If you change your submission after the due date it is considered a late submission and will incur a 5% penalty for
each day that it is late
Assignments will NOT be accepted after 10:00 AM Friday 8th of June.
Copying, Plagiarism
This is an individual assignment. You are explicitly instructed not to work in groups.
Plagiarism is the submission of somebody else’s work in a manner that gives the impression that the work is your
own. For individual assignments, plagiarism includes the case where two or more students work collaboratively on
the assignment. The Department of Computer Science and IT treats plagiarism very seriously. When it is detected,
penalties are strictly imposed.
Submission Guidelines
You are required to upload your solutions to the LMS in a zip file.
This ZIP file MUST include all the images, PHP, HTML and CSS files that your website needs to function.
HOWEVER you must not include the IIT_Assets directory in you submission.
You are NOT permitted to use any sort of automated code generation tools or programs
You website MUST work on the webprog.cs.latrobe.edu.au web server and display correctly in Google Chrome
installed on the computer labs on Level 1 Beth Gleason building.
V4
Problem Description
This assignment continues on from the content you have completed in lab 8.
You will be designing a functioning online movie database and ticket sales system for a small movie cinema business.
This particular business would like a new website that allows people to purchase tickets to a movie and also allows
them to leave reviews of films for others to read.
The website will be written with PHP, HTML5 and CSS. JavaScript. will not be permitted.
You have been provided with some partially completed code.
Along with some implementation documentation to guide you.
The website must allow the users to browse the films in our database and also buy tickets and leave reviews.
When the user is ready to buy a ticket they will navigate to the session they would like to attend and buy the ticket.
The user will then enter their username and click buy now.
If the user does not have an account, they will need to sign up first using the sign up page.
Once the purchase has been confirmed the user is shown a receipt, which also doubles as the ticket itself.
Some customers like to print the ticket and show it when they walk in. others use their smartphone.
The website will also include a few pages that are not for customers, but instead are for the business owners to
evaluate the performance and sales of the business.
Pages that are intended for customers should not display unnecessary technical details such as the MovieIDs or
MemberIDs. Please note that "Member", "Customer" and "User" are used interchangeably in this document.
Rules and Requirements
• The site must run correctly on webprog.cs.latrobe.edu.au server
• The site must run correctly in Google Chrome that is installed in BG 139.
• All CSS styles MUST be placed into a CSS file. (TheaterStyle.css)
There must be no CSS code in your HTML/PHP files
• JavaScript. is not allowed in this assignment, do not use any JS code. This includes but not limited to:
tags, and onclick attributes.
• Your site MUST use relative URLs for all resources (including images and hyperlinks).
The only exception to this rule is the hyperlink to the brands website.
• When you submit your assignment please include all the files your site needs to operate (including the
database directory) However, you MUST NOT include the IIT_Assets directory.
• Your code must be HTML5 compliant please use the HTML5 validator (see the end of Lab08 for instructions)
• The website should have a consistent look and feel. All the pages should have the same layout and the
navigation bar should always be visible to the user.
• You website must be secure from SQL Injection attacks and Cross site scripting attacks.
• Make sure you have read this document and all relevant documentation.
• You are not expected to implement any sort of password authentication system (unless you do bonus task 2)
• You are not expected to implement a payment system, you can assume that when a customer buys a ticket
the money magically appears in the businesses bank account.
• Your site must contain at least one CSS animation/transition (but still keep it professional).
• The site must have a logo (of your own design) at the top next to the heading.
• The search system needs to work and have links to go to the next and pervious pages (see Lab08).
• Your code must be indented and easy to read.
• Premade CSS/HTML/PHP packages such as bootstrap are not permitted.
Your Task
You job is to take the partial solutions and make them into a fully functioning ticket management system.
Most of the PHP code is done for you, the real challenge is making the website look professional and attractive to
potential customers.
Please make sure you have read the PHP and Database lectures.
Making an online system like this can be overwhelming it is important to break the system down into smaller tasks.
Here are the tasks you need to complete BEFORE starting the assignment.
1. Ensure you have completed Lab08 (this is not optional)
2. Copy all the provided assignment code into the Lab08 directory.
3. View the provided files in a web browser and see how they function (if at all, some may have errors)
4. Open all the files in the lab08 directory in Notepad++ and read the code and comments provided.
5. Carefully read this document and any attached documentation on LMS.
Here are the main tasks you need to do for this assignment.
1. Get the navigation bar working.
2. Get the website functional.
a. Start by getting MovieList.php ViewMovie.php working and looking nice.
3. Make the website look professional.
4. Complete any additional requirements.
5. Complete the written report.
If you get stuck on task 2 put it aside and work on task 3 or task 5 until you can get help.
Web assignments like this sound easy enough but please don’t underestimate the time required to complete this
assignment. Start it as soon as possible.
I highly recommend looking at what other successful online cinema websites look like such as Hoyts or Village
Cinemas. What things do they display on the page? What colours do they use? How big is the text?
When working with real clients they often do not know exactly want they want.
It's your job as a web developer to interpret their requirements and deliver a final product.
Please ensure your code is valid HTML5. Remember that just because 'it works' does not mean it is correct.
Use the HTML5 validator to check your HTML code (see lab08).
Task 1 - The Navigation bar
The first thing you should do is get a basic navigation bar working so that you can at least browse the website.
The navigation bar is just like what we did in lab 05.
The navigation bar MUST contain links to the following pages:
• Homepage.php (you may also name this file index.php if you like)
• MovieList.php
• SessionList.php
• Report.php
• SignUp.php
Please note that all the files on this website use the TheaterStyle.css file.
So any styles you put in TheaterStyle.css will apply to all the pages.
It's OK of the page is ugly at this point we will style. it later.
Once you have the navigation bar finished, copy its code to all the PHP pages except:
PostReview, BuyTicket, ProcessNewSession and ProcessNewMemeber because they will not be visible to the user.
You navigation bar links should change colour when the user hovers the mouse over them.
Task 2 - Getting the website functional.
Before starting this task, please fix the cookie message on ViewMovie.php
Instructions for you to do this are in the appendix.
I have provided you most of the PHP code, you just need to fill in the blanks.
Don’t forget to check over the Lecture notes they contain many handy examples.
I have provided you with a document called "Assignment 3 File Details" this file explains what each PHP file will do,
and what SQL statements are required in each file.
Some of the PHP files are already fully functioning.
You should look though the PHP files and complete any of the TODO statements.
Open all the PHP files in Notepad++ and press Ctrl + F and search for the word "TODO".
If you get stuck work on Task 3 until you can get help.
Task 3 - Making the site look professional.
If you haven’t already please visit https://css-tricks.com/snippets/css and http://learnlayout.com/ these website
contain excellent examples of the things you can do with CSS and layouts.
What you should do is pick a file to focus on to start with (such as MovieList.php).
Then decide on a layout structure, where should the navigation bar go? Where should the heading go?
Some people like to draw a layout plan on paper of how they want the page to look before starting any code.
Look around at other people's websites for ideas.
As I said at the start of this course web design requires a large amount of self-directed learning.
There are plenty of online resources on working with HTML and CSS.
Once you have decided how you want your page to be structured think about what kinds of divs you will need.
Most website will have four major divs: container, header, navigation, and main.
HTML5 provides new semantic tags for these functions like and you can use these if you like.
But and tags like we did in the labs are also acceptable.
I find that it makes things easier if you assign a random background colour to all the divs using CSS.
This makes it easier to see where the divs are.
Once you have the main site layout figured out you need to think about how the products should be displayed
Do you want them listed one per line or a side by side layout? (Examples below)
The layout and style. is up to you.
Once you have all the layout looking the way you want it's time to assign colours and fonts.
I would advise against using bright colours, except maybe on the prices. Having a bright yellow background is not
very aesthetically pleasing.
Remember that you are building a website for a business, you need to keep the page looking as professional and
attractive as possible.
You can apply CSS to any item in the page, including buttons and form. fields.
Finally once you are happy with the layout copy the relevant HTML code to the other PHP files.
Or use includes.
Task 4 - Additional Requirement
On the search page (MovieList.php) provide the user a drop down list that allows the user to change what genres are
shown.
Users may not want a movie in particular but know what genres they like.
The drop down box should sit next to the search box.
So a user could leave the search box empty and set the genre to "Drama" and they should only be shown drama
movies.
A sample is shown above, yours should include all 16 genres. The default is "All Genres".
The value of the "All Genres" option should be a percent symbol, so that when it's passed into the SQL LIKE it will
match all genres.
You can then read in the URL parameter like so
if(isset($_GET['genre']))
{
$genreFilter = $_GET['genre'];
}
else
{
$genreFilter = '%';
}
When constructing the SQL for this, you cannot simply use WHERE Genre like ?
Because that will cause issues for the group_concat()
What you can do instead is use the IN operator. Something like this should do:
Movies.MovieID IN (SELECT MovieID FROM MovieGenre WHERE Genre like ?)
This should be added to the WHERE section of your existing SQL you did in Lab 8, the one with the LIKE statements.
Just be aware when using ANDs and ORs in SQL, you should put brackets around the OR section.
The following is optional.
You could hard code the genre drop down list, but a better idea is to generate the option tags using SQL.
SELECT distinct Genre FROM MovieGenre
You will need to prepare, execute and fetch another SQL statement,
Task 5
Your clients (the movie business) have a number of questions for you.
Please answer these questions using HTML/CSS/PHP.
By making a new page named Report.php and putting the questions and your answers on that page.
You should provide working links to supporting documentation references to substantiate your position.
You can also use images if you like, but please do not hotlink any of the images.
Questions:
1. What is HTML?
2. What is CSS?
3. In HTML what does “Hotlink an image” mean, what is hotlinking? Is hotlinking bad?
4. What is PHP and what does PHP do?
5. How does PHP and HTML relate to each other?
6. Explain the difference between POST and GET requests.
When should post be used? When should GET be used?
7. What is trusted data untrusted data? Please provide some examples of each.
8. What is SQL Injection? How does it work? Can you give an example?
9. Is our website safe from SQL Injection?
10. What is Cross Site Scripting (XSS) how does it work?
11. Is our website safe from XSS?
12. What are web cookies?
13. Are cookies bad? What happens if I disable cookies in my browser?
14. How much disk space does the website require? Including images.
15. What are HTTP Status codes?
16. Describe the HTTP status codes listed below:
o 200
o 302
o 400
o 403
o 404
o 500
17. Did you complete any of the bonus tasks or add any extra features to the website?
If so, explain how and why you did.
Bonus Task 1
If you are feeling adventurous here are some optional bonus challenge tasks you can do for extra marks.
Make a ViewMember.php page that shows the details of a particular member.
This is intended for the business owners to see user activity.
Clicking a username on ViewMovie.php should direct me to the details of that user.
The page should show two tables:
A table that shows the details of all the tickets they have purchased, including:
• Ticket ID (clicking this should link to viewTicket.php)
• Session ID (clicking this should link to viewSession.php)
• Session Time
• Ticket Timestamp
• Movie Title (clicking this should link to viewMovie.php)
• Normal Price of the session
A table of all the reviews they have written, including:
• Review ID
• MovieID (clicking this should link to viewMovie.php)
• Timestamp
• Star rating.
Extra challenge:
Make it so when I click the review ID I am taken to another page that shows me the review text of that review.
Bonus Task 2
The owners of the business request you put some kind of authentication (password protection) on SessionList,
AddNewSession ProcessNewSession to prevent unauthorised access.
There are a number of ways to implement such a system but the simplest would be HTTP Basic Authentication.
You can easily implement HTTP basic authentication in PHP.
A single hardcoded username and password (of your choice) will be sufficient.
NOTE: You must include a copy of the username/password in your assignment submission (in a text file).
NOTE: The password protection must also apply to ViewSession.php ONLY IF $_GET['details'] is set to 1.
Extra challenge:
Implement the password system such that it is able to check if the password is correct without storing the password
itself anywhere.
It should be virtually impossible for anyone to figure out what the password is even if they have access to all your
files. This is a useful property to have because it means that even if your files were made public the website will still
be secure.