Signup / Login Script
First part of a larger project for a brand new site.
I need the SIGNUP / LOGIN / mini-site creation part (but not the actual site mini site).
It needs to be SIMPLE & SECURE.
Timeframe: soon, but not urgent (I want it quickly but do not wish to pay more to have it done urgently)
PHP 5, IT MUST be coded in PDO Php Data Objects (PHP extension) as the other part of the project will also be coded with PDO.
PHP & JavaScript validation
XHTML & CSS – no styling needed, will be based on style of the site – different project
The site will be aimed at private language tutors who teach foreign languages. (The site will only be in ENGLISH)
The main site is the sales site (www.domain.com), it offers private language tutors the ability to have a personal website promoting their services. They sign up via the online form (www.domain.com/signup.php) and have to activate their account by following the link sent to their email. On clicking this link the system creates a sub domain ie: (www.1001.domain.com), which will be their personal site. It also creates a standard template site on this sub domain that they will be able to edit by logging in. To edit their site they login via the main site (www.domain.com/login.php) and are redirected to their secure admin section ie: (www.1001.domain.com/admin.php). At a later stage a separate domain name will be purchased and pointed to their sub domain, ie: www.besttuitionabc.com > www.1001.domain.com they will however still login via (www.domain.com/login.php)
Sub domains would be created from 1001 and increase by 1 each time a new site is created.
1st site: www.1001.domain.com
2nd site: www.1002.domain.com
3rd site: www.1003.domain.com
Each sub domain will contain an independent templated site. All independent sites will use the same database. When the sub domain in created, tables will be written to the database.
So if the template site contains 3 tables (still to be defined): content, photos, links and a new site is created: www.1001.domain.com when this site is created the tables will be inserted into the Database as ‘1001content’, ‘1001photos’ & ‘1001links’.
– Complete site functionality needed if JavaScript turned off – PHP as well as JS validation.
– Must not be obfuscated as I need access to edit original code.
– I am using CPanel hosting, PHP 5
– I want sub domains created NOT htaccess and URL rewriting.
– Basic annotation of script.
Sign Up Page:
– email(username) + password + first name + last name + agree to terms check-box.
– client and server side validation: email (if already in database), password (minimum 8 characters must include a number), ‘agree to terms’ (make sure box is ticked)
– email activation > temporary URL sent via email, click to activate.
– On activation > auto creates a mini site to a new sub domain. This site will be a different project, but needs a secure admin page after signing in (see below).
– email activation include welcome message
– Error message if account signup successful but tables in database not created etc.
On activation, a script will be needed that creates a sub domain (CPanel hosting) with a mini site including creating associated files and create tables in the database. (These files and database tables will be defined separately at a later stage)
Login Page:
· Email(username) + password
· remember me – cookie option
· automatic time-out an idle session after a period of inactivity (30 mins) if remember me not ticked.
· lock account after 3 failed logins – 15 min. lockout
· JavaScript validation (on email(username) and password – error message to say email(username) incorrect format or password incorrect format)
· PHP validation – (error messages if wrong username or password – lockout: see above)
· Forgot password – email link to reset – client and server side validation on new password (minimum 8 characters must include a number)
· Login Interrupter Redirect:
If I’m trying to hit a protected page and my login cookie or session expires, I expect to be hit with a login screen. When I login, expect to be taken to the page I had requested in the first place. – is this easy or does it involves lots of extra coding?
After logged in: (in admin page)
– logout – redirects to index page
– change email – with ‘are you sure’ PHP confirmation
– change password – client and server side validation (match / check min. length & includes number)
– at top of page ‘Welcome *name*’ the name they used on the signup form.
Security:
· Passwords: md5, salt, SHA-2
· SQL injection (PDO)
· Cross site scripting
· Cross site request forgery
· Prepared statements (PDO)
· Session ID hijacking
· Form keys
This is to give you an idea of the project scope. It is not set in stone, If there are better ways of doing it than I have described then we can discuss it.
FOR INFORMATION ONLY – THESE TEMPLATE SITES ARE NOT PART OF THE PROJECT, JUST TO GIVE YOU AN IDEA OF THE OVERALL PROJECT.
All updating of content from within the admin pages of the templated sites will use the sub domain number, ie: updating the homepage header and body-text of www.1001.domain.com:
$sql = “UPDATE 1001content
SET homeheader=?, hometext=?
WHERE id=?
LIMIT 1”;
$stmt = $db->prepare($sql);
$stmt->execute(
array(
$_POST[‘homeheader’],
$_POST[‘hometext’],
$_POST[‘id’],
)
);
$stmt->closeCursor();
The sites on the sub domains will all be the same layout and be editable by logging in with the respective username and passwords. The sites will contain approx. 8 pages and include text, photo gallery, google maps, contact form.
This is what will be editable
Admin.php (this is the only page that will need to be included with the project you will be doing)
change password
change email
Index.php – introduction to services
Header (text)
Page text
upload single image
Courses.php – courses and style of working
Header (text)
page text
Location.php – where we are, how to get here
Header (text)
page text
address box – for google maps
dropdown to select zoom for google map
Gallery.php – images of us and classroom
Header (text)
page text
upload images with description.
Availability.php – dates available for tuition
Header (text)
boxy text
availability calendar – possible import Google calendar or 3rd party script
editable boxes which will allow input of hourl.y & weekly tutorial rates – this will be formatted into a table on the front of the site.
Contact.php – contact us
Header (text)
page text
contact form – sent to email address used for login.
Material.php – teaching styles, some sample language tests etc..
header (text)
page text
Links.php – links to other services – local library, Amazon dictionaries etc..
header (text)
page text
form for creating links.
THE TABLES TO BE INSERTED INTO THE DATABASE ON ACCOUNT CREATION WOULD BE SOMETHING LIKE THIS (but would also include some data to dumped)
—
— Table structure for table `content`
—
CREATE TABLE IF NOT EXISTS `content` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`homeheader` tinytext NOT NULL,
`hometext` longtext NOT NULL,
`facilitiesheader` tinytext NOT NULL,
`facilitiestext` longtext NOT NULL,
`locationheader` tinytext NOT NULL,
`locationtext` longtext NOT NULL,
`zoom` tinytext NOT NULL,
`address` tinytext NOT NULL,
`ratesheader` tinytext NOT NULL,
`ratestext` longtext NOT NULL,
`availabilityheader` tinytext NOT NULL,
`availabilitytext` longtext NOT NULL,
`houlyrates` tinytext NOT NULL,
`weeklyrates` tinytext NOT NULL,
`materialheader` tinytext NOT NULL,
`materialtext` longtext NOT NULL,
`contactheader` tinytext NOT NULL,
`contacttext` longtext NOT NULL,
`linksheader` tinytext NOT NULL,
`linkstext` longtext NOT NULL,
`galleryheader` tinytext NOT NULL,
`gallerytext` longtext NOT NULL,
`googlekey` tinytext NOT NULL,
`email` tinytext NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;
— ——————————————————–
—
— Table structure for table `links`
—
CREATE TABLE IF NOT EXISTS `links` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`rank` tinyint(11) NOT NULL,
`urltitle` tinytext COLLATE latin1_general_ci NOT NULL,
`url` tinytext COLLATE latin1_general_ci NOT NULL,
`urltext` tinytext COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=77 ;
— ——————————————————–
—
— Table structure for table `photos`
—
CREATE TABLE IF NOT EXISTS `photos` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`description` text NOT NULL,
`src` varchar(150) NOT NULL,
`tn_src` varchar(150) NOT NULL,
`rank` tinyint(3) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;