Creating PHP script that creates uses and manipulates arrays

Assignment Help Computer Engineering

Reference no: EM131854061

Lab - PHP: Arrays, Functions and Form processing

Overview - This lab walks you through using PHP to create simple applications. PHP is popular for many Web applications, so becoming comfortable with the syntax of PHP will help you diagnose and identify potential security issues. It is not envisioned you will become an expert in PHP from this course, but you will be able to create simple Web applications; and, in the near future of this course, analyze that code for security issues.

Learning Outcomes: At the completion of the lab you should be able to:

1. Create and test PHP scripts that include Arrays

2. Create and test PHP scripts that include Functions

3. Create, and test PHP scripts to process HTML Forms

4. Compare and contrast session creating mechanisms in PHP

Part 1 - Create and test PHP scripts that include Arrays

This exercise will walk through creating a PHP script that creates, uses and manipulates arrays. We will use the gedit text editor to create the PHP file in the Virtual Machine.

Part 2 - Create and test PHP scripts that include Functions

In this exercise we will create a PHP web page that uses both existing and user-defined PHP functions. Functions are used to help organize code into sub-units to allow for code reuse and reproducible results.

Part 3 - Create and test PHP scripts to process HTML Forms

In this exercise we will create a PHP web pages that include simple forms that use get and post methods for submission of data. The first set of code below is the HTML file providing 3 textfields and a PHP get method.

Part 4 - Compare and contrast session creating mechanisms in PHP

In this exercise we will create a simple PHP page that creates and reads available cookies as well as PHP session variables. For the first session example, we will create a cookie in PHP and use a form based submission to expire the cookie.

The following guidelines should be used in your design and development:

1. The Login form should consist of fields for username, email address and password.

2. After login, a welcome message should appear providing a simple order form with at least 10 products of your choice. Be sure to include an image of the product and price.

3. Users can shop your store for up to 30 minutes before the session will expire.

4. Once all products are selected, the user should be able to checkout and pay for their purchases.

5. The payment page should display the username, email address and the products and total price of the purchases.

6. A "Purchase" button should be available to indicate the product was purchases and should generate a "Thank you" message of your choice.

7. On the Thank you message page, an option for logging out and essentially unsetting the stored sessions variables should be available and implemented.

8. Note all pages should have session timeout functionality.

Feel free to add additional HTML and PHP elements to enhance your web application. Create screen captures showing the successful running of your application. For your deliverables, you should submit a zip file containing your word document (or PDF file) with screen shots of the application running successfully along with your PHP web application file. Include your full name, class number and section and date in the document.

Lab - Introduction to OWASP ZAP

Overview - This lab walks you through using ZAP by OWASP. ZAP is a vulnerability analysis tool used to scan Web applications for possible software flaws. As an introduction to using ZAP, you will scan and interrupt http protocols in PHP code we developed in week 4. You will also run the attack scanner on code you developed in week 4.

Important: Do not attempt to use these tools against any live Web site. It is illegal to do so. You can only scan sites you have written permission to scan. You should use the virtual machine on applications you developed running on the localhost and disconnect from the Internet when running ZAP.

Learning Outcomes: At the completion of the lab you should be able to:

1. Launch ZAP and view Web sites history and input parameters

2. Use ZAP to intercept http messages and change their content to Identify possible vulnerabilities

3. Read and analyze reports produced from ZAP and prioritize and fix alerts associated with software issues

Part 1 - Launch ZAP and view Web sites history and input parameters

This exercise will walk you through Launching ZAP and allow you to become comfortable with the GUI for ZAP within your virtual machine. We will use ZAP to begin to analyze some of the PHP Web applications we created in week 4.

Part 2 - Use ZAP to intercept http messages and change their content to Identify possible vulnerabilities

One of the strong features of the ZAP tool is the ability to interrupt HTTP message and change the values in an attempt to find software flaws. In this exercise, we will use the week4 PHP web applications and demonstrate how the input parameters sent from the form can easily be changed and redirected back to the application with the new parameters.

To interrupt an HTTP transmission, you use the Break Points functionality within ZAP.

Part 3 - Read and analyze reports produced from ZAP

In this lab, we will run the automatic scanning feature of ZAP and then generate HTML Alert reports for the DemoGetForm.html and DemoPostForm.html and discuss approaches to prioritize and mitigate the issues found in each Web applications.

Lab - Introduction to MySQL

Overview - This lab walks you through using MySQL. MySQL is a relational database that can be used as part of Web and other applications. This lab serves as a primer for using MySQL and will serve as a foundation when we discuss SQL injection attacks and possible mitigations.

Learning Outcomes: At the completion of the lab you should be able to:

1. Connect to a MySQL database and show the tables within the Ubuntu virtual machine

2. Create MySQL tables containing popular data types and constraints

3. Insert, update and delete data from MySQL database tables

4. Create and execute SQL Select statements and simple joins on MySQL tables

Part 1 - Connect to a MySQL database and show the tables within the Ubuntu virtual machine

The Virtual Machine already has MySQL installed. A MySQL username has also been created along with a database to use for your applications and testing. Although there are SQL editors available, for simplicity, we will use gedit to create the MySQL scripts. To run the scripts we will just copy and paste from the editor to the MySQL prompt.

Part 2 Create MySQL tables containing popular data types and constraints

The reading for this week covered the foundations for creating and dropping tables using a variety of data types and constraints. In this exercise we will create three tables along that could be used to represent a very simple student and course registration system. The tables all have primary keys. One table provides foreign keys to the other two tables.

When creating SQL commands to be executed in MySQL, it is always recommended to prepare them in a text editor and then either run the script or copy and paste into the MySQL application. Since this isn't a course in database design, we will just copy and paste from the gedit text editor.

Part 3 - Insert, update and delete data from MySQL database tables

Once tables have been created your can insert records and then update the record or even delete the record. This exercise discusses how to use MySQL to populate and modify the records in your database. We will once again, create the database scripts using the gedit text editor.

Part 4 - Create and execute SQL Select statements and simple joins on MySQL tables

Once tables have been created and data populated, you can query the tables using the Select statement. The Select statement has many clauses, the examples below will emphasis the where and order by clauses.

Lab - LAMP Apps

Overview - This lab walks you through using Linux, Apache, MySQL and PHP (LAMP) to create simple, yet very powerful PHP applications connected to a MySQL database. For developers using Windows, the acronym becomes WAMP (Linux is replaced by Windows). The basics of inserting, updating, deleting and selecting from MySQL using PHP forms will be provided. Some "bad" security practices that lead to SQL injection vulnerabilities will be exposed as well as some techniques to mitigate these issues.

Learning Outcomes: At the completion of the lab you should be able to:

1. Insert data into a MySQL database using PHP forms

2. Query existing data in a MySQL database using PHP forms

3. Delete data from a MySQL database using PHP forms

4. Update data in a MySQL database using PHP forms

Part 1 - Insert data into a MySQL database using PHP forms

In this exercise we will create a small table in MySQL and then use a PHP form to insert collected from the user into the form. We will first use a technique very susceptible to SQL injection and then a better approach using prepared statements.

Part 2 - Query existing data in a MySQL database using PHP forms

Now that we have a form to Insert data into a table, we can expand and leverage the previous code to select from the database and display the results in an HTML table. We will also add a link to the Insert Table so we can demonstrate adding additional students.

Part 3 - Delete data from a MySQL database using PHP forms

Now that we have a form to Insert and Select data, we can continue to expand and add the delete functionality. This code shows you an approach to deleting data from a data table. Deleting data from a table can be a dangerous and often an unrecoverable event so make sure your application really requires this type of functionality.

Part 4 - Update data in a MySQL database using PHP forms

Now that we have a form to Insert, delete and Select data, we can continue to expand and add the update functionality. This code shows you an approach to updating data.

Lab - LAMP ZAP Analysis and Mitigation

Overview - For this final lab you will use the tools and techniques used throughout the course to analyze and mitigate and document the results of two LAMP applications. The first application you will analyze is the e-Commerce application you wrote during week 7. For the second application you will use a prototype UMUC tutoring LAMP application which you will need to install on your VM and then run the analysis, fix all vulnerabilities and document the results.

In both applications, you are expected to perform the scanning using ZAP research the results, identify and fix software vulnerabilities, and professionally document your process and final results.

Learning Outcomes: At the completion of the lab you should be able to:

1. Set-up and run the UMUC tutor application on your VM.

2. Conduct automated and manual analysis on two different LAMP applications.

3. Identify, prioritize and repair software vulnerabilities found in the LAMP applications.

4. Document the process and findings of your Web application security analysis.

Part 1 - Set-up and Run the UMUC tutor application on your VM

In this exercise you will create and populate the database tables for the LAMP application and install the PHP and associated files on your VM. The application is fully functional (but definitely not safe). You need to perform a few steps to make sure it is working properly on your VM.

Attachment:- Assignment Files.rar

Reference no: EM131854061

Questions Cloud

What are the benefits and cost of having a strong culture : What are the benefits and cost of having a strong culture like lululemon's? What elements of this culture would you like to see at your company and why?

Calculate the heat added : It is then expanded to a volume 1.0 x 10p-3 m3 Calculate the heat added ?Q and the work done A W if the expansion is

Considering your retirement needs-annual compounding : You are 35 years old today and are considering your retirement needs. assume an annual interest rate of 8%, annual compounding:

Consider a three-stage engine : Consider a three-stage engine whose working fluid is one mole of a gas whose molecules have five degrees of freedom each

Creating PHP script that creates uses and manipulates arrays : Lab - PHP: Arrays, Functions and Form processing. This exercise will walk through creating a PHP script that creates, uses and manipulates arrays

Determining the five degrees of freedom : Consider a three-stage engine whose working fluid is one mole of agas whose molecules have five degrees of freedom each.

Determine how to create voice over powerpoint : For this assignment, you will create a presentation based on corporate brands. Remember that brand identity translates into corporate identity.

Analyze roles of sponsor and manager in project management : Analyze the roles of the sponsor and the manager in project management. Select the role that you believe is more critical to the success of the project.

Is the corporate tax schedule progressive : how to gain maximum learning and points from your discussion engagement - Your initial post must contain citation of the course concepts

Reviews

len1854061

2/8/2018 1:29:09 AM

Formatting & Referencing: APA. Please note, the ubuntu VM install will prompt you to update it's software version. Please do not update the VM. It has been programmed to work well in it's current version. Thanks. Here is the question. I will send you the Ubuntu Virtual machine iso through gmail. all u need to do is to upload this iso file into ur virtual box and power it on. that's it. everything has already been configured in this ISO. Some of the exercise will be easier if done in this provided virtual machine. email me if u have any quetion with downloading of this ISO.

len1854061

2/8/2018 1:29:02 AM

Lab4 due 10 PM. Lab5 due 10 PM. Lab6 due 10 PM. lab7 due 10 PM. lab8 due 10 PM. Please do check the attachment if any. Lab Submission Requirements: After completing this lab, you will submit a word (or PDF) document that meets all of the requirements in the description at the end of this document. In addition, your MySQL file should be submitted. You can submit multiple files in a zip file.

len1854061

2/8/2018 1:28:57 AM

Your report is well-organized and clearly written. (0.5 points) Runs manual attacks on your week7 lab submission. (1 point) Runs automatic attacks on your week7 lab submission. (1 point) Runs manual attacks on the tutor app. (1 point) Runs automatic attacks on the tutor app. (1 point) Eliminates all alerts in both applications. (2 points) Submits a word or PDF document that includes screen captures demonstrating your process and results. Screen captures are fully described. Clearly documents specifically what you did to mitigate each issue. (2 points) Document is well-organized and includes a table of contents, page numbers, figures and table numbers. The writing style should be paragraph style with bullets used very sparingly to emphasize specific findings. Document your references using APA style. (1 point) Includes all before and after application files in zip format. (sql and parameter files, security.conf, apache2.conf, php.ini) (1 point)

len1854061

2/8/2018 1:28:48 AM

All product data are organized in one or more MySQL tables. (1 point) Stores your customer data as they order from your store. (1 point) Allows the ability for the store owner to insert new products, update existing products, delete existing products and list all available products. (2 points) Uses prepared statements to minimize SQL injection. (2 point) Forms flow logically within your application and are presented in an attractive easy-to-use Web interface. (1 point) Submits a zip file containing your word document (or PDF file) with screen captures of the application running successfully along with your SQL script file. Each screen capture is fully described. (1.5 point)

len1854061

2/8/2018 1:28:38 AM

Uses Select and appropriate joins to display all columns from the Faculty and Course tables for each Faculty and Course in the FacultyCourse table. (1 point) Submits a zip file containing your word document (or PDF file) with screen captures of the application running successfully along with your SQL script file. Screen captures are fully described. (1 point) Submits one .sql script file containing all of your SQL statements. (0.5 points) Your report is well-organized and clearly written. (0.5 points) Creates a simple e-Commerce supports displaying, adding, updating and deleting products from a database that are part of products in your store. (1 point)

len1854061

2/8/2018 1:28:28 AM

Uses update statements to update any Faculty who have taught more than 4 courses to modify the number to 5 courses taught. (0.5 points) Deletes any Faculty record whose LastName starts with the letter ‘Z’. (0.5 points) Deletes any Course record that was first offered in 1999. (0.5 points) Uses select statements to display all records in all 3 tables. Orders by the Faculty lastname, and Course title as appropriate. (0.5 points) Uses Select statements to display all Faculty who have not taught any courses. (0.5 points) Uses Select statements to display all Courses offered before 1984. (.5 points)

len1854061

2/8/2018 1:28:18 AM

Creates a table named Faculty to store FacultyID( Primary key), FirstName, LastName, Email, Date of birth and number of courses taught to date. Selects the appropriate data types and constraints for the table. (1 point) Creates a table named Courses to store CourseID (Primary key), Discipline Name (e.g. SDEV), Course Number (e.g. 300), Number of Credits (e.g. 3), Year first offered (e.g. 2010) and Course Title. Selects the appropriate data types and constraints for the table. (1 point) Creates a table named FacultyCourses to store the Faculty and the Courses they have taught. Designs the table based on the Faculty and Courses tables you previously created. (1 point) Uses Insert statements to populate at least 10 faculty records, 5 Course records, and 25 FacultyCourses records. (.5 point) Uses update statements to update all Courses to 4 credits. (0.5 points)

len1854061

2/8/2018 1:27:53 AM

Runs the manual interception techniques, and describes in detail the information revealed to you during your analysis. (1 point) Analyzes all files used for the application (loginAuth.html, authcheck.php and logout.php). (1 point) Modifies the http messages and looks for possible vulnerabilities. (1 point) Runs the automatic scan, and generates an HTML report showing all alerts. (1 point) Discusses all of the output and tries possible solutions for all alerts. (1 point) Reruns the scanner after you have fixed as many issues as you can to demonstrate your success. (1 point) Submits a zip file containing your word document (or PDF file) with screen shots of your scans. (1 point) Includes the descriptions and analysis of your results, your prioritization and approach to mitigating the issues. (2 points) Includes the reports from your scan. (0.5 points) Your report is well-organized and clearly written. (0.5 points)

len1854061

2/8/2018 1:27:38 AM

Uses Select statements to display all Courses offered before 1984. (.5 points) Uses Select and appropriate joins to display all columns from the Faculty and Course tables for each Faculty and Course in the FacultyCourse table. (1 point) Submits a zip file containing your word document (or PDF file) with screen captures of the application running successfully along with your SQL script file. Screen captures are fully described. (1 point) Submits one .sql script file containing all of your SQL statements. (0.5 points) Your report is well-organized and clearly written. (0.5 points)

len1854061

2/8/2018 1:27:25 AM

Uses Insert statements to populate at least 10 faculty records, 5 Course records, and 25 FacultyCourses records. (.5 point) Uses update statements to update all Courses to 4 credits. (0.5 points) Uses update statements to update any Faculty who have taught more than 4 courses to modify the number to 5 courses taught. (0.5 points) Deletes any Faculty record whose LastName starts with the letter ‘Z’. (0.5 points) Deletes any Course record that was first offered in 1999. (0.5 points) Uses select statements to display all records in all 3 tables. Orders by the Faculty lastname, and Course title as appropriate. (0.5 points) Uses Select statements to display all Faculty who have not taught any courses. (0.5 points)

len1854061

2/8/2018 1:26:52 AM

Write a Review

Required(*) Message

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

User Account

All Pages