Define and implement a software system that lets an authorized reporter enters information about a (simulated) computer system services incident (kind of incident, date, time of day, reporter, type of incident, auto-increment incident identifier, etc) for insertion into a database using an HTML Form. The system's service should be provided only if the user (reporter) authenticates him/herself properly (with their valid reporter_name and password). If authenticated the information is inserted into a database and a summary report is returned to the reporter. The reporter also has the additional option of requesting an email copy of the incident information (subject to system authorization of their email request). The HTML form used to submit the incident must be validated (as strict HTML, XHTML or HTML5). The form page should also include links to snapshots of developer tool results (like HTTP headers exchanged using Firebug or Live Headers - Firefox add-ons) and a link to a summary paragraph about your assignment experience.
The fields on the form should be pleasingly arranged using an HTML table. Or another layout technique that occurs to you. The Incident entry form should include an appropriately sized textarea element to allow entering a paragraph of descriptive text describing the nature of the incident. A menu lets the user categorize the pretend incident (as 'computer systems', password-related, database-related, hardware-related, AFS related, 'Other', etc). Date and Time are not entered by the submitter but generated internally by the database system. Include a form field for an email address the submitted data can be optionally sent to. Assign a maximum size for any input fields on the form (such as for email address, reporter name, and password). Use a password type for the password field. The Form elements should be neatly labeled (reporter name, incident description, etc).
The incident entries should be inserted with an auto-incrementing incident identifier when inserted in the database. The entry is also assigned a MySQL defined date (month/day/year) and separate time-of-day (hour/minute/second) when inserted. The database table should include the incident reporter's name but not their password (which appears only in the Authentication table). For future reference we will assume the reporter's name is also unique, but it is the incident identifier that should be the primary key for the Incident table. Data screening must be provided by the PHP script to protect the database inputs against malicious exploits like SQL injection. This can be done using the mysql_real_escape command to clean the input, or (optionally) using so-called prepared statements (which we do not cover in class, but this is required for Honor's students).
As usual, the PHP script must use a separate PHP include file for your MySQL account information. This is completely different from the pretend reporter name/password which you invent for the assignment. That pretend reporter name/password MUST be different from your MySQL account name & password. All of them are different from your UCID name and password which is never even used here. The HTML page should be valid (strict) HTML or strict XHTML (as declared by a DOCTYPE element on your HTML page) and the page must have a corresponding W3C validation sticker embedded on the page that lets the HTML be verified against the chosen standard. It can also be validated HTML5 based on a test validator at W3C. It should include a hyperlink to a page with images of Firebug and Live Headers views of the HTTP exchange for the form submission and a link to page with a brief paragraph about the student's personal experience with the assignment.
Include a checkbox on the form to request an email copy to be accessed on submission by the PHP script. If you can't figure out how to make this work you can use a pair of radio buttons that lets the user indicate if he wants to receive an email copy (but there's a 3 point deduction if you do it that way). If an email is requested the script should email the incident information to the user including: a date and a time determined by the PHP script, the reporter, the description and type of the incident, suitably laid out in the email message. The email request should be acted on only if the email address is in an authorized email table in the database and the limit of emails for that address has not been exceeded. If the address is unauthorized the form submitter should be notified of this as part of the response to the browser when the incident is submitted.
The Incident report should be echoed to the browser by the PHP script in a visually organized and appealing way using simple HTML tags and style rules. The echoed content should include the reporter name, incident description, the category selected for the incident, the incident number generated by the system for the incident (it requires some research on your part to figure out how to include this in the report easily; don't use an SQL select statement to do this), the time and date (generated for this purpose by the PHP code, not the time and date supplied in the database), what actions the script took on the request (rejected, inserted, emailed copy, etc), but not the password.
The bottom of the PHP script file (below the PHP code section) must include a hyperlink with text descriptor Back that links the user to the original Form page when clicked.