Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

COMP2020 TECHNOLOGIES FOR WEB APPLICATIONS

SCC T2 2022: Major Project Assignment

A. Requirements

a) ALL instructions given in this document MUST be followed in order to be eligible for full marks for the Web Application Assignment. This document has six (7) pages.

b) This assignment is NOT a group assignment; collusion, plagiarism, cheating of any kind is not acceptable. As part of your submission you MUST certify that all work submitted is your own. If you cannot honestly certify that the work is your own then do not submit the assignment. Breaches of the Misconduct Rule will be dealt with according to the university policy (see the learning guide for more information).

c) All assignment submissions will be checked for academic misconduct by the use of the MOSS program from Stanford University. Details on MOSS can be obtained from the MOSS web site http://theory.stanford.edu/~aiken/moss/

d) Design the web pages with ease of navigation and operation, attractiveness and accessibility in mind. Images other than those provided in the assignment zip file (if any) may also be used in the assignment.

e) All assignment source files are to be compressed into an archive and uploaded to the Major Project (30%) submission folder on vUWS prior to the due date and time. You may create subfolders within this folder if you wish.

f) All styling and page layout must be achieved using CSS. The use of Bootstrap or other frameworks is not permitted.

g) All client-side validation must be achieved using JavaScript. 

For the problem definition described in section B you must

h) include your authorship details at the top of each file in coded comments;

i) reference all sources that you used for inspiration of your solution as per Section C of this document;

j) ensure that your web application renders correctly in Chrome or Firefox and runs correctly from the XAMPP 8.1.6 apache web and MySQL server.

B. Web Application Assignment Details

B(i) - Background information and description

Online medical service booking provides a lot of advantages to medical clinics and public community.

In this assignment you will create a web application for online medical service booking similar to HotDoc named MedBook. The MedBook web application will allow

• patients can search for medical clinics by suburb

• patients can view the medical clinic details from the selected suburb

• patients can make bookings of medical service with the medical clinic

• patients can view their own bookings

• new patients can register to access medical booking services, make bookings with medical clinics and view their own bookings.

This is a very simplified web application and leaves out aspects that would be required in a medical service booking. Read the Functional Requirements section (section B(ii) of this document) to determine what is specifically required for MedBook. The MySQL database that supports the functionality of MedBook is named MedBook.

The MedBook database is described in section B(iii) of this document. You will need to design and create the PHP web pages for this assignment.

B(ii) – Functional Requirements

The MedBook web application must

a) be coded using HTML 5, CSS, JavaScript, and PHP as necessary.

Note: all files described below must be PHP files to achieve the server-side functionality.

b) provide easy-to-use navigation for the user as described in the following page descriptions.

c) provide the following page content and functionality for each page as described.

Search Page (search.php)

Page purpose/description:

This page is a search page to find medical clinics by suburb. The search page can be used by non-registered or registered patients.

Page content:

The page will have the following content:

1. Navigation to the other pages of MedBook as appropriate including

· A Log Out link (if the patient is logged in), or a Log In link (if the patient is not logged in),

· A Register link (for patients that want to register) unless the patient has already logged in.

2. Patient’s username (if the registered patient is logged in)

3. An HTML form (the search form) which contains

• a text box to enter the suburb for the search (mandatory field)

• a submit button

As indicated above the search text box is mandatory. That is, a search may be performed only if a search keyword has been entered.

4. A ‘search results’ section that lists clinic names and addresses that match the suburb entered in the form.

Page functionality:

The Search page will

1. validate that a suburb has been entered in the search form (using client-side JavaScript). Do not allow the form to submit unless a suburb has been entered. Only letters, hyphens and white space are accepted in the search form for suburb,

2. use postback for the search form,

3. sanitise the submitted suburb to avoid possible sql injection then search the MedBook database for records that contain the suburb entered in the search form. The search should check for matches with clinic suburb. Both exact match and a partial match are possible so the search may find zero, one or many matches depending upon the search suburb entered. The output from the search depends on the number of matches found:

a. One or more clinics found: generate a summary list of matching records with clinicID, clinic names and addresses underneath the search form. The user will be able to choose the match they want to view more detail about from this list (see point 4 below) by clicking on the match clinicID. The summary list should be displayed in groups of clinicID, clinic names and addresses

b. Zero clinic found: display an appropriate message underneath the search form instead of showing a list of results

4. enable the user to choose a clinic match from the search results. The clinicID of the clinic in the search results list should be presented as hypertext link. When clicked, the hypertext link loads the Clinic Details page (clinicdetails.php) which displays more specific details for the chosen match. Description of the Clinic Details page are given below.

General Page Notes:

The design of this page is open to your creativity, but it must appropriately display all required information in a clearly readable, well organised and usable format. You need to present the use of PHP functions to prevent SQL injections and XSS attacks.

ClinicDetails Page (clinicdetails.php)

Page purpose/description:

The purpose of this page is to display to the patient the content of the chosen clinic from search.php. The ClinicDetails page can be accessed by registered or non-registered patients.

Page content and functionality:

The page will:

1. include navigation to the other pages of MedBook as appropriate including

· a Log Out link (if the patient is logged in) or a Log In link (if the patient is not logged in)

· and a Register link (if the patient has not registered or ) unless the patient has already logged in

2. display the patient username (if the patient is logged in)

3. display the name of the clinic, clinic ID, suburb, address

4. If the booking is being made by a logged-in patient, use a postback form which contains

• a selection list for medical services which are obtained from the services table in the medBook database: (mandatory and single selection)

• a date picker for the booking date (mandatory)

• a time picker for the booking time (mandatory)

• a submit button

                      The form data will need to be validated that all input devices have a value on the server side before being inserted into the database. The selection list is allowed to have multiple items selected so multiple services can be included in one booking.

Note: the date and time pickers are not supported input types on Safari so you need to use Chrome or Firefox to test the form   

The booking will be added to the booking list table for that patient once the postback form is successfully validated and processed. The page will redirect to BookingList page for that patient.

5. If the booking is being made by a registered but not logged-in patient, use a postback form which contains

• an input textbox for the patient’s username (mandatory) registered in the patient table

• a selection list for 5 types of general medical service: “nutrition support”, “dental care”, “pharmaceutical”, “physical therapy” and “diagnosis care” (mandatory and multiple is enabled)

• a date picker for the booking date (mandatory)

• a time picker for the booking time (mandatory)

• a submit button

Note: the date and time pickers are not supported input types on Safari so you need to use Chrome or Firefox to test the form

The booking will be added to the booking table for that patient when the patient’s username and password are authenticated and the postback form is successfully validated and processed.

Once the booking is added to MedBook database, the page will redirect to search.php page. If the booking is made by a non-registered patient because the username doesn’t have a match in patient, it should automatically redirect the patient to the Register page.

Note:

The date and time are commonly used data types in MySQL. You have to insert a new booking with the booking date and time from form submission. Suppose you have a date input and a time input device whose name attributes are bookDate and bookTime respectively in the form and the method of the form is POST, you can use the following functions date and strtotime to convert the submitted values to date and time in MySQL format.

<?php

$bDate=$_POST[“bookDate”];

$bTime=$_POST[“bookTime”];

$bookingDate = date('Y-m-d',strtotime($bDate));

$bookingTime = date('H:i:s',strtotime($bTime));

//use sql insert statement to add a new booking record with $bookingDate and $bookTime

?>

General Page Notes:

The design of this page is open to your creativity, but it must appropriately display all required information in a clearly readable, well organised and usable format.

Booking list Page (bookinglist.php)

Page purpose/description:

Booking lists are collections of medical bookings. Booking lists can only be accessed by logged in patients. Bookings can be added to booking lists. Booking lists cannot be deleted. Booking lists belong to a specific logged-in patient; a logged-in patient cannot access any other patient’s booking list(s). Registered but non-logged in patients cannot access this page.

Page content and functionality:

The page will:

1. include navigation to the other pages of MedBook as appropriate including a Log Out link,

2. display the patient username for the logged in patient,

3. display a list of bookings that belong to the logged-in patient including booking id, service type, date and time. Each booking id is to be a hypertext link that will open the ClinicDetails page so that the patient can view the clinic name, clinic ID, suburb and address from the chosen booking and update the service type, booking date and booking time on the ClinicDetails page.

General Page Notes:

The design of this page is open to your creativity, but it must appropriately display all required information in a clearly readable, well organised and usable format.

Patient Registration Page (register.php)

Page purpose/description:

The purpose of this page is to provide a registration for new patients of MedBook. This page is only accessible to new patients who have not registered in MedBook yet. If a patient has already logged in, they can not access this page.

Page content and functionality:

The page will:

1. include navigation to the other pages of MedBook as appropriate,

2. include a postback login form which contains

• a text box to capture the new patient username

• a password box to capture the new patient password

• a submit/log in button

When the form is submitted by the new patient, the page will need to validate the new patient credentials (username and password) as supplied by the new patient against the records in the patient table of the MedBook database.  For a new patient to successfully register they must supply a username that does not already exist in the MedBook database. The passwords from the patient table are encrypted with sha256 algorithm. You need to hash the password form field from the login form to compare with the encrypted password in the patient table. Suppose your password form field is named as “password”, you can retrieve the value by

      $pword = $_POST[“password”];

      $hpass = hash(“sha256”,$pword);

The $hpass is the hashed (with sha256 algorithm) password.

The page will allow or deny access to the subsequent pages of MedBook depending on the result of authentication as follows:

a. Successful registration: Successful registration should automatically redirect the registered patient to the Login page and a new record is inserted to patient table with username and password

b. Failed registration: Unsuccessful registration should automatically display an appropriate error message to the new patient to re-attempt registration with a different username and password because the patient table already stores a patient record with the chosen username. The message should be displayed in an appropriate location on the register page in a suitable colour.

Patient Login Page (login.php)

Page purpose/description:

The purpose of this page is to provide a login facility for registered patients of MedBook. Some of the functionality described in previous pages is only available to users after they have logged in.

Page content and functionality:

The page will:

1. include navigation to the other pages of MedBook as appropriate,

2. include a postback login form which contains

• a text box to capture the username

• a password box to capture the password

• a submit/log in button

When the form is submitted by the user the page will need to authenticate the patient credentials (username and password) as supplied by the patient in the login form against the records in the patient table of the MedBook database. The passwords from the patient table are encrypted with sha256 algorithm. You need to hash the password form field from the login form to compare with the encrypted password in the patient table. Suppose your password form field is named as “password”, you can retrieve the value by

      $pword = $_POST[“password”];

      $hpass = hash(“sha256”,$pword);

The $hpass is the hashed (with sha256 algorithm) password and you can use it as a part of WHERE clause in the SQL statement for credential matching.

The page will allow or deny access to the subsequent pages of MedBook depending on the result of authentication as follows:

c. Successful login attempt: Successful authentication should automatically redirect the patient to the search page.

d. Failed login attempt: Unsuccessful authentication should automatically redirect to the login page so that the patient may try to login again. An appropriate error message must be displayed to the patient if the login attempt fails. The message display must be implemented using appropriate PHP server-side code; it is not to be a JavaScript alert (or any other browser side component). The message should be displayed in an appropriate location on the login page in a suitable colour.

Patient Login Credentials:

The passwords that are stored in the patient table of the MedBook database are encrypted using the sha256 algorithm (the passwords are not salted). A list of patient usernames and plain text passwords can be found in the RegisteredPatientCredentials document.

Note: You need to present the use of PHP functions to prevent SQL injections and XSS attacks.

Log Out Page (logout.php)

The purpose of this page is to log the patient off the web application and automatically return them to the search page. The Log Out page must not display anything to the user. The page should remove all session variables and end the session (if sessions were used). It should then automatically redirect to the search page. This page can be accessed from any of the pages as detailed above.

B(iii) – Database Description

To connect to the MedBook database use the following in your php script

$dbConn = new mysqli("localhost", "root", "", "MedBook");

if($dbConn->connect_error) {

die("Failed to connect to database " . $dbConn->connect_error);

}

Notes

• The patient and clinic table within the MedBook database have already been populated with some data. Use the supplied allTables.php script to view the data (make sure you use the connection information as indicated above).

• Tables in the MedBook database are described in the Database Dictionary document.

• A list of usernames and plain passwords of registered patients can be found in the RegisteredPatientCredentials document.

B. Referencing

Referencing must follow the guidelines given in Section 2.5.3 of the TWA Learning Guide.

D. Submission Instructions

To submit your Assignment, you must do the following by the due date and time specified on page 1 of this document.

1. Compress all the resource files (HTML, CSS, Javascript, PHP) with the signed academic integrity form in an archive and upload it  in the Major Project (30%) submission folder on the vUWS.

2. All of the submitted files should be tested and validated on your own XAMPP 8.1.6 apache and MySQL server before the submission.

E. Marking Criteria and Standards

The marking criteria and standards for the Web Application Assignment are published in Section 2.5.3 of the Learning guide and will be used to assess your assignment submission according to the specific weightings identified in the table below.

Code functionality/correctness	60%	Web Page Design	25%
Form Design	10%	Code Readability	5%