Assignment 5
Security & Authentication
This project will build upon the previous assignment by allowing only secure Administrator
access to edit or delete records in the Employee database.
Create a new folder named assign5. Your new work will go in this folder - both so that you will have a
backup in assign4 just in case any problems appear, and so that you will be able to
add new components without fear of breaking previous code.
The HR admin site should be expanded to have the following security:
- dbadmin.php: Admin page - PASSWORD PROTECTED - Use HTTP authentication as shown in Chapter 8, along with a new table
(emp_admin)
that has fields for usernames and passwords. You should enter yourself as a
user, and you should enter a user bpayne whose password (encrypted) is
bpayne1, so that I can test your admin capabilities.
NOTE: You can just copy and paste all pages from assign4 folder into assign5,
then modify dbadmin.php in assign5.
- When dbadmin.php is first loaded, it should require HTTP authentication,
checking the emp_admin database for a valid username and password.
- Using either sessions or cookies, the admin and edit (and any other
admin-access) pages should check for authorization, and if none is found,
require a new login. Once logged in, the session or cookie should maintain
the admin user logged in throughout a session.
Save the new dbadmin.php page, upload it to the server, and link to it from your main page.
©2005 - Bryson R. Payne, Ph.D. - All
rights reserved.