joeyajames/cs157AOnlineBanking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working website, Rev 1.

Browse Source 
Register user, login, chg pw, reset pw, view accounts, all work. Can't
create a new account yet.
This commit is contained in:
joeyajames
2014-11-11 20:20:05 -08:00
parent b8d6392b88
commit e211bb797e
26 changed files with 1464 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
f8l_exception/artwork/f8l_exception_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
f8l_exception/artwork/vault.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

99
f8l_exception/change_password.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | Change Password -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Change Password</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Change Password</h1><hr />
</head>
<body>
<?php
include 'includes/inc_validatePassword.php';
include 'includes/inc_validateInput.php';
include 'includes/inc_validateLogin.php';
function changePassword($userName,$oldPassword,$newPassword) {
global $errorCount;
include 'includes/inc_dbConnect.php';
// Select database.
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>Connection error. Please try again later.</p>";
else {
$sql = "UPDATE user SET password='$newPassword' WHERE username='$userName'";
$result = mysql_query($sql);
}
mysql_close($db_connect);
}
return ($retval);
}
function displayForm($userName) {
global $errorMessage;
echo $errorMessage;
?>
<form name="change_password" action="change_password.php" method="post">
<p>User Name: <input type="text" name="userName" value="<?php echo $userName; ?>" /></p>
<p>Old Password: <input type="password" name="oldPassword" value="" /></p>
<p>New Password: <input type="password" name="newPassword" value="" /></p>
<p>Confirm New Password: <input type="password" name="newPassword2" value="" /></p>
<p><input type="submit" name="Submit" value="Submit" /></p>
</form>
<br /><br />
<?php
include 'includes/inc_text_menu.php';
}
$showForm = TRUE;
$errorCount = 0;
$errorMessage = "";
$userName = "";
$oldPassword = "";
$newPassword = "";
$newPassword2 = "";
// get input from form fields and validate input
if (isset($_POST['Submit'])) {
$userName = validateInput($_POST['userName'],"User Name");
$oldPassword = $_POST['oldPassword'];
$userName = validateLogin($userName,$oldPassword);
$newPassword = validatePassword($_POST['newPassword'],$_POST['newPassword2'],"Password");
if($userName == $newPassword) {
$errorMessage .= "Error: new password cannot be the same as user name<br />";
$errorCount++;
}
if ($errorCount == 0)
$showForm = FALSE;
else
$showForm = TRUE;
}
if ($showForm == TRUE) {
if ($errorCount > 0) // if there were errors
$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
displayForm ($userName);
}
else {
// encrypt password here
// change password in db
changePassword($userName,$oldPassword,$newPassword);
echo "<p>\nPassword has been changed!.</p><br /><br />\n";
include 'includes/inc_text_menu.php';
}
?>
</body>
</html>

70
f8l_exception/deposit.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | Deposit -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Deposit</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Deposit -- under construction</h1><hr />
</head>
<body>
<?php
include 'includes/inc_validateInput.php';
include 'includes/inc_validateLogin.php';
function displayForm() {
?>
<h3>Enter your User Name and Password.</h3>
<?php
global $errorMessage;
echo $errorMessage ?>
<form method="POST" action="login.php">
<p>User Name <input type="text" name="Login" /></p>
<p>Password <input type="password" name="Password" /></p>
<p><input type="submit" value="Log in" /></p>
</form>
<br /><br />
<?php
include 'includes/inc_text_menu.php';
}
$ShowForm = TRUE;
$errorCount = 0;
$errorMessage = "";
$Login = "";
$Password = "";
// if submit button is clicked, get login and pw and validate login
if (isset($_POST['Login'])) {
$Login = validateInput($_POST['Login'],"User Name");
$Password = validateInput($_POST['Password'],"Password");
if ($errorCount == 0) // validateLogin is slow, so only do that if no errors yet
$Login = validateLogin($Login,$Password);
if ($errorCount == 0)
$ShowForm = FALSE;
}
if ($errorCount > 0) { // errors logged
displayForm();
}
else {
if ($ShowForm == TRUE) {
displayForm(); // new page load
}
else { // login approved
$_SESSION['login'] = $Login;
//header("location:my_documents.php");
?><script language="JavaScript">window.location = "my_documents.php";</script><?php
exit();
}
}
?>
</body>
</html>

10
f8l_exception/includes/inc_dbConnect.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
$db_host="joeyajames.powwebmysql.com"; // Host name
$db_username="f8lexception"; // Mysql username
$db_password="Kim157"; // Mysql password
$db_name="f8lexception"; // Database name
// Connect to server and select database.
$db_connect = mysql_connect("$db_host", "$db_username", "$db_password")or die("cannot connect");
//mysql_select_db("$db_name")or die("cannot select DB");
?>

7
f8l_exception/includes/inc_generatePassword.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
function generatePassword( $length = 8 ) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:?";
$password = substr( str_shuffle( $chars ), 0, $length );
return $password;
}
?>

18
f8l_exception/includes/inc_getNumberOfAccounts.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
// get the number of checking and savings accounts for a user (max is 2)
// increments global $errorCount if errors encountered.
function getNumberOfAccounts ($userName) {
global $errorCount;
global $errorMessage;
include($_SERVER['DOCUMENT_ROOT']."/f8l_exception/includes/inc_dbConnect.php");
mysql_select_db("$db_name")or die("cannot select DB");
// get number of accounts
$sql = "SELECT * FROM account WHERE username='$userName' and accounttype='Checking' or 'Savings'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
mysql_close($db_connect);
return $count;
}
?>

1
f8l_exception/includes/inc_header.php Normal file
View File

@@ -0,0 +1 @@
<a href="index.php"><img src="artwork/f8l_exception_logo.png" alt="F8L Exception Online Bank"></a>

17
f8l_exception/includes/inc_text_menu.php Normal file
View File

@@ -0,0 +1,17 @@
<a href="http://www.joe-james.net/f8l_exception/index.php">Home</a> |
<a href="http://www.joe-james.net/f8l_exception/new_customer.php">New Customer</a> |
<a href="http://www.joe-james.net/f8l_exception/login.php">Login</a> |
<a href="http://www.joe-james.net/f8l_exception/change_password.php">Change Password</a> |
<a href="http://www.joe-james.net/f8l_exception/reset_password.php">Reset Password</a> |
<a href="http://www.joe-james.net/f8l_exception/logout.php">Logout</a>
<br />
<a href="http://www.joe-james.net/f8l_exception/new_account.php">New Account</a> |
<a href="http://www.joe-james.net/f8l_exception/my_accounts.php">My Accounts</a> |
<a href="http://www.joe-james.net/f8l_exception/deposit.php">Deposit</a> |
<a href="http://www.joe-james.net/f8l_exception/withdraw.php">Withdraw</a> |
<a href="http://www.joe-james.net/f8l_exception/view_statement.php">View Statement</a>
<br />
<a href="http://www.joe-james.net/f8l_exception/new_loan.php">New Loan</a> |
<a href="http://www.joe-james.net/f8l_exception/loan_payment.php">Make Loan Payment</a>
<br />
<a href="http://www.joe-james.net/f8l_exception/admin.php">Admin</a>

27
f8l_exception/includes/inc_validateEmail.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
function validateEmail($data, $fieldName)
{
global $errorCount;
global $errorMessage;
if (empty($data))
{
$errorMessage .= $fieldName . " is a required field. \n";
$errorCount++;
$retval = "";
}
else
{
// only clean up the input if it isn't empty
$retval = trim($data);
$retval = stripslashes($retval);
$pattern = "/^[\w-]+(\.[\w-]+)*@" . "[\w-]+(\.[\w-]+)*" . "(\.[a-z]{2,})$/i";
if (preg_match($pattern, $retval) == 0)
{
$errorMessage .= $fieldName . " is not a valid e-mail address. \n";
$errorCount++;
}
}
return($retval);
}
?>

20
f8l_exception/includes/inc_validateInput.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
function validateInput($data, $fieldName)
{
global $errorMessage;
global $errorCount;
if (empty($data))
{
$errorMessage .= $fieldName . " is a required field.<br />\n";
$errorCount++;
$retval = "";
}
else
{
// only clean up the input if it isn't empty
$retval = trim($data);
$retval = stripslashes($retval);
}
return ($retval);
}
?>

34
f8l_exception/includes/inc_validateLogin.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
// checks user name and pw provided on login page against registered users in account table
// increments global $errorCount if login not approved.
function validateLogin ($myusername,$mypassword) {
global $errorCount;
global $errorMessage;
include($_SERVER['DOCUMENT_ROOT']."/f8l_exception/includes/inc_dbConnect.php");
mysql_select_db("$db_name")or die("cannot select DB");
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
// check login and password for validity
$sql = "SELECT * FROM user WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
// If result matched $myusername and $mypassword, table row must be 1 row
$count = mysql_num_rows($result);
if($count == 1){
// record login to login_history table
$sql2 = "INSERT INTO login_history (login) VALUES ('$myusername')";
$result = mysql_query($sql2);
}
else {
$errorCount++;
$errorMessage .= "Wrong User Name or Password.<br />\n";
}
mysql_close($db_connect);
return $myusername;
}
?>

60
f8l_exception/includes/inc_validatePassword.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
// check if password contains at least 1 upper case letter
function containsUpper($data) {
return (preg_match('/[A-Z]/', $data));
}
function containsLower($data) {
return (preg_match('/[a-z]/', $data));
}
function containsNumber($data) {
return (preg_match('/[0-9]/', $data));
}
function containsOther($data) {
return TRUE;
}
function containsSpaces($data) {
return (preg_match("/\s/",$data));
}
function validatePassword($data, $data2, $fieldName)
{
global $errorCount;
global $errorMessage;
if (empty($data) or empty($data2))
{
$errorMessage .= $fieldName . " is a required field.<br />\n";
$errorCount++;
$retval = "";
}
elseif ($data !== $data2)
{
$errorMessage .= "Passwords do not match.<br />\n";
$errorCount++;
$retval = "";
}
elseif (strlen($data) < 8)
{
$errorMessage .= "Password must be at least 8 characters,
must contain at least one upper case letter, at least one lower case letter,
at least one number, and at least one non-alphanumeric character.<br />\n";
$errorCount++;
$retval = "";
}
elseif (!containsUpper($data) or !containsLower($data) or !containsNumber($data) or
!containsOther($data) or containsSpaces($data))
{
$errorMessage .= "Password must be at least 8 characters,
must contain at least one upper case letter, at least one lower case letter,
at least one number, and at least one non-alphanumeric character.<br />\n";
$errorCount++;
$retval = "";
}
else
{
// only clean up the input if it isn't empty
$retval = trim($data);
$retval = stripslashes($retval);
}
return ($retval);
}
?>

48
f8l_exception/includes/inc_validateUserName.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
function validateUserName($data, $fieldName)
{
global $errorCount;
global $errorMessage;
if (empty($data)) {
$errorMessage .= $fieldName . " is a required field.<br />\n";
$errorCount++;
$retval = "";
}
elseif (strlen($data) < 4 || strlen($data) > 30) {
$errorMessage .= $fieldName . " must be at least 4 and at most 30 characters.<br />\n";
$errorCount++;
}
else {
include 'includes/inc_dbConnect.php';
// Select database.
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>Connection error. Please try again later.</p>";
else {
$SQLstring = "SELECT * FROM user WHERE username = '$data'";
$QueryResult = @mysql_query($SQLstring, $db_connect);
if (mysql_num_rows($QueryResult) > 0) {
//echo "Please select a different User Name.<br />\n";
$errorMessage .= "Please select a different User Name.<br />\n";
$errorCount++;
$retval = "";
}
else {
$retval = trim($data);
$retval = stripslashes($retval);
}
}
mysql_close($db_connect);
}
}
return ($retval);
}
?>

23
f8l_exception/index.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | Home -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Home</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Welcome to F8L Exception Online Bank!</h1><hr />
</head>
<body>
<h3>Secure online banking with zero fees</h3>
<img src="artwork/vault.jpg" />
<p>What? You're looking for a secure and reliable online bank to stash your cash in that won't bury you with fees? The F8L Exception Online Bank has it all.
It is free, quick and easy to set up an account, and you can access all your funds conveniently online.</p>
<br />
<?php
include 'includes/inc_text_menu.php';
?>

124
f8l_exception/loan_payment.php Normal file
View File

@@ -0,0 +1,124 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | Make a Loan Payment -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Make a Loan Payment</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Make a Loan Payment -- Under construction</h1><hr />
</head>
<body>
<?php
include 'includes/inc_validatePassword.php';
include 'includes/inc_validateEmail.php';
include 'includes/inc_validateInput.php';
include 'includes/inc_validateUserName.php';
function createNewAccount($First,$Last,$Email,$Login,$Password) {
global $errorCount;
include 'includes/inc_dbConnect.php';
// Select database.
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>Connection error. Please try again later.</p>";
else {
$today = date("Ymd");
$TableName = "account";
$SQLstring = "INSERT INTO
$TableName (login,password,firstName,lastName,email,active,dateOpened)
VALUES ('$Login','$Password','$First','$Last','$Email',1,'$today')";
$QueryResult = @mysql_query($SQLstring, $db_connect);
}
mysql_close($db_connect);
}
return ($retval);
}
function displayForm($First, $Last, $Email, $Login) {
global $errorMessage;
echo $errorMessage;
?>
<form name="register" action="register.php" method="post">
<p>First Name: <input type="text" name="First" value="<?php echo $First; ?>" /></p>
<p>Last Name: <input type="text" name="Last" value="<?php echo $Last; ?>" /></p>
<p>Your E-Mail: <input type="text" name="Email" value="<?php echo $Email; ?>" /></p>
<p>User Name: <input type="text" name="Login" value="<?php echo $Login; ?>" /></p>
<p>Password: <input type="password" name="Password" value="" /></p>
<p>Confirm Password: <input type="password" name="Password2" value="" /></p>
<p><input type="submit" name="Submit" value="Register" /></p>
</form>
<br /><br />
<?php
include 'includes/inc_text_menu.php';
}
$showForm = TRUE;
$errorCount = 0;
$errorMessage = "";
$First = "";
$Last = "";
$Email = "";
$Login = "";
$Password = "";
$Password2 = "";
if (isset($_POST['Submit'])) {
$First = validateInput($_POST['First'],"First Name");
$Last = validateInput($_POST['Last'],"Last Name");
$Email = validateEmail($_POST['Email'],"E-mail");
$Login = validateUserName($_POST['Login'],"User Name");
$Password = validatePassword($_POST['Password'],$_POST['Password2'],"Password");
if($Login == $Password) {
$errorMessage .= "Password cannot be the same as user name<br />";
$errorCount++;
}
if ($errorCount == 0)
$showForm = FALSE;
else
$showForm = TRUE;
}
if ($showForm == TRUE) {
if ($errorCount > 0) // if there were errors
$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
displayForm ($First, $Last, $Email, $Login);
}
else {
// encrypt password
//$options = array('cost' => 11);
//$password = password_hash($password, PASSWORD_BCRYPT, $options);
// create account in db
createNewAccount($First,$Last,$Email,$Login,$Password);
// send confirmation email
$SenderAddress = "$First <$Email>";
$Headers = "From: $SenderAddress\nCC:$SenderAddress\n";
$from = "PVault"; // sender
$subject = "PVault Registration Confirmation";
$message = $First . ",\nYou have successfully registered for PVault. Now you can Store your documents in the cloud, securely locked inside your own Personal Vault.\n\nThe PVault Team";
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail($Email,$subject,$message,"From: $from\n");
echo "<p>" . $First . "\nyour account has been created. Welcome to PVault!.</p><br /><br />\n";
include 'includes/inc_text_menu.php';
}
?>
</body>
</html>

71
f8l_exception/login.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | Login -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Login</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Login</h1><hr />
</head>
<body>
<?php
include 'includes/inc_validateInput.php';
include 'includes/inc_validateLogin.php';
function displayForm() {
?>
<h3>Enter your User Name and Password.</h3>
<?php
global $errorMessage;
echo $errorMessage ?>
<form method="POST" action="login.php">
<p>User Name <input type="text" name="userName" /></p>
<p>Password <input type="password" name="password" /></p>
<p><input type="submit" name="Submit" value="Log in" /></p>
</form>
<br /><br />
<?php
include 'includes/inc_text_menu.php';
}
$ShowForm = TRUE;
$errorCount = 0;
$errorMessage = "";
$userName = "";
$password = "";
// if submit button is clicked, get login and pw and validate login
if (isset($_POST['Submit'])) {
$userName = validateInput($_POST['userName'],"User Name");
$password = validateInput($_POST['password'],"Password");
if ($errorCount == 0) // validateLogin is slow, so only do that if no errors yet
$userName = validateLogin($userName,$password);
if ($errorCount == 0)
$ShowForm = FALSE;
}
if ($errorCount > 0) { // errors logged
displayForm();
}
else {
if ($ShowForm == TRUE) {
displayForm(); // new page load
}
else { // login approved
$_SESSION['login'] = $userName;
//header("location:my_documents.php");
?><script language="JavaScript">window.location = "my_accounts.php";</script><?php
exit();
}
}
?>
</body>
</html>

22
f8l_exception/logout.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
session_start(); ?>
<!-- PVault | Logout -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<?php
// Unset all of the session variables, and Destroy the session, then redirect to home
session_unset();
session_destroy();
?><script language="JavaScript">window.location = "index.php";</script><?php
include 'includes/inc_text_menu.php';
?>
</body>
</html>

64
f8l_exception/my_accounts.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | My Accounts -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | My Accounts</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>My Accounts</h1><hr />
</head>
<body>
<?php
function showAccounts($userName) {
include 'includes/inc_dbConnect.php';
// Select database.
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>Connection error. Please try again later.</p>";
else {
$SQLstring = "SELECT * from account
WHERE username='$userName'";
$QueryResult = @mysql_query($SQLstring, $db_connect);
if (mysql_num_rows($QueryResult) == 0)
echo "<p>You have no accounts open.</p>";
else {
echo "<table width='50%' border='1'>";
echo "<tr>
<th>Account Type</th>
<th>Account Number</th>
<th>Balance</th>
</tr>";
while (($Row = mysql_fetch_assoc($QueryResult)) !== FALSE)
{
echo "<td>{$Row['accounttype']}</td>";
echo "<td>{$Row['accountid']}</td>";
echo "<td>{$Row['balance']}</td></tr>";
}
echo "</table><br /><br />";
}
}
mysql_close($db_connect);
}
return ($retval);
}
$userName = "";
$userName = $_SESSION['login'];
echo "User Name: ".$userName."<br />";
showAccounts($userName);
include 'includes/inc_text_menu.php';
?>
</body>
</html>

103
f8l_exception/new_account.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | Open New Account -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Open New Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Open a New Account</h1><hr />
</head>
<body>
<?php
include 'includes/inc_validateInput.php';
include 'includes/inc_getNumberOfAccounts.php';
function openNewAccount($userName,$balance,$accountType) {
global $errorCount;
global $errorMessage;
include 'includes/inc_dbConnect.php';
// Select database.
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>Connection error. Please try again later.</p>";
else {
$today = date("Ymd");
$TableName = "account";
$SQLstring = "INSERT INTO
$TableName (login,password,firstName,lastName,email,active,dateOpened)
VALUES ('$Login','$Password','$First','$Last','$Email',1,'$today')";
$QueryResult = @mysql_query($SQLstring, $db_connect);
}
mysql_close($db_connect);
}
return ($retval);
}
function displayForm($First, $Last, $Email, $Login) {
global $errorMessage;
echo $errorMessage;
// figure out how to make a checkbox for savings or checking in this form.
?>
<form name="register" action="register.php" method="post">
<p>Initial Deposit: <input type="text" name="balance" /></p>
<p>Account Type: <input type="text" name="accountType" /></p>
<p><input type="submit" name="Submit" value="Submit" /></p>
</form>
<br /><br />
<?php
//include 'includes/inc_text_menu.php';
}
$errorCount = 0;
$errorMessage = "";
$userName = $_SESSION['login'];
$numAccounts = getNumberOfAccounts($userName);
if ($numAccounts > 1)
echo "You already have two accounts open. Each user is limited to two accounts.";
else {
$showForm = TRUE;
if (isset($_POST['Submit'])) {
$balance = validateInput($_POST['balance'],"Initial Deposit");
$accountType = validateInput($_POST['accountType'],"Account Type");
// gotta finish coding all this stuff below.
if($Login == $Password) {
$errorMessage .= "Password cannot be the same as user name<br />";
$errorCount++;
}
if ($errorCount == 0)
$showForm = FALSE;
else
$showForm = TRUE;
}
if ($showForm == TRUE) {
if ($errorCount > 0) // if there were errors
$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
displayForm ();
}
else {
// create account in db
createNewAccount($userName,$balance,$accountType);
echo "<p>Your account has been created!.</p><br /><br />\n";
}
}
include 'includes/inc_text_menu.php';
?>
</body>
</html>

116
f8l_exception/new_customer.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | New Customer -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Register a New Customer</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Register a New Customer</h1><hr />
</head>
<body>
<?php
include 'includes/inc_validatePassword.php';
include 'includes/inc_validateUserName.php';
include 'includes/inc_validateEmail.php';
function createNewCustomer($userName,$pw,$email) {
global $errorCount;
global $errorMessage;
include 'includes/inc_dbConnect.php';
// Select database.
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>Connection error. Please try again later.</p>";
else {
$errorMessage .= "Inserting new user into db.";
echo "Inserting new user into db. $userName $pw $email";
$SQLstring = "INSERT INTO
user (username,password,email)
VALUES ('$userName','$pw','$email')";
$QueryResult = @mysql_query($SQLstring, $db_connect);
}
mysql_close($db_connect);
}
return ($retval);
}
function displayForm($userName,$email) {
global $errorMessage;
echo $errorMessage;
?>
<form name="new_customer" action="new_customer.php" method="post">
<p>User Name: <input type="text" name="userName" value="<?php echo $userName; ?>" /></p>
<p>Email: <input type="text" name="email" value="<?php echo $email; ?>" /></p>
<p>Password: <input type="password" name="password" value="" /></p>
<p>Confirm Password: <input type="password" name="password2" value="" /></p>
<p><input type="submit" name="Submit" value="Register" /></p>
</form>
<br /><br />
<?php
include 'includes/inc_text_menu.php';
}
$showForm = TRUE;
$errorCount = 0;
$errorMessage = "";
$email = "";
$userName = "";
$password = "";
$password2 = "";
if (isset($_POST['Submit'])) {
$email = validateEmail($_POST['email'],"E-mail");
$userName = validateUserName($_POST['userName'],"User Name");
$password = validatePassword($_POST['password'],$_POST['password2'],"Password");
if($userName == $password) {
$errorMessage .= "Password cannot be the same as user name<br />";
$errorCount++;
}
if ($errorCount == 0)
$showForm = FALSE;
else
$showForm = TRUE;
}
if ($showForm == TRUE) {
if ($errorCount > 0) // if there were errors
$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
displayForm ($userName,$email);
}
else {
// should add password encryption code here
// create account in db
createNewCustomer($userName, $password, $email);
// send confirmation email
$SenderAddress = "F8L Exception Bank Customer <$email>";
$Headers = "From: $SenderAddress\nCC:$SenderAddress\n";
$from = "F8L Exception Online Bank"; // sender
$subject = "F8L Exception Online Bank New Customer Confirmation";
$message = "You have successfully registered as a new customer for F8L Exception Online Bank. We hope you will enjoy our service and our lack of fees!\n\nThe F8L Exception Online Bank";
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail($email,$subject,$message,"From: $from\n");
echo "<p>You have been set up as a new customer. Welcome to F8L Exception Online Bank!.</p><br /><br />\n";
include 'includes/inc_text_menu.php';
}
?>
</body>
</html>

124
f8l_exception/new_loan.php Normal file
View File

@@ -0,0 +1,124 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | New Loan -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | New Loan</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>New Loan -- Under construction</h1><hr />
</head>
<body>
<?php
include 'includes/inc_validatePassword.php';
include 'includes/inc_validateEmail.php';
include 'includes/inc_validateInput.php';
include 'includes/inc_validateUserName.php';
function createNewAccount($First,$Last,$Email,$Login,$Password) {
global $errorCount;
include 'includes/inc_dbConnect.php';
// Select database.
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>Connection error. Please try again later.</p>";
else {
$today = date("Ymd");
$TableName = "account";
$SQLstring = "INSERT INTO
$TableName (login,password,firstName,lastName,email,active,dateOpened)
VALUES ('$Login','$Password','$First','$Last','$Email',1,'$today')";
$QueryResult = @mysql_query($SQLstring, $db_connect);
}
mysql_close($db_connect);
}
return ($retval);
}
function displayForm($First, $Last, $Email, $Login) {
global $errorMessage;
echo $errorMessage;
?>
<form name="register" action="register.php" method="post">
<p>First Name: <input type="text" name="First" value="<?php echo $First; ?>" /></p>
<p>Last Name: <input type="text" name="Last" value="<?php echo $Last; ?>" /></p>
<p>Your E-Mail: <input type="text" name="Email" value="<?php echo $Email; ?>" /></p>
<p>User Name: <input type="text" name="Login" value="<?php echo $Login; ?>" /></p>
<p>Password: <input type="password" name="Password" value="" /></p>
<p>Confirm Password: <input type="password" name="Password2" value="" /></p>
<p><input type="submit" name="Submit" value="Register" /></p>
</form>
<br /><br />
<?php
include 'includes/inc_text_menu.php';
}
$showForm = TRUE;
$errorCount = 0;
$errorMessage = "";
$First = "";
$Last = "";
$Email = "";
$Login = "";
$Password = "";
$Password2 = "";
if (isset($_POST['Submit'])) {
$First = validateInput($_POST['First'],"First Name");
$Last = validateInput($_POST['Last'],"Last Name");
$Email = validateEmail($_POST['Email'],"E-mail");
$Login = validateUserName($_POST['Login'],"User Name");
$Password = validatePassword($_POST['Password'],$_POST['Password2'],"Password");
if($Login == $Password) {
$errorMessage .= "Password cannot be the same as user name<br />";
$errorCount++;
}
if ($errorCount == 0)
$showForm = FALSE;
else
$showForm = TRUE;
}
if ($showForm == TRUE) {
if ($errorCount > 0) // if there were errors
$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
displayForm ($First, $Last, $Email, $Login);
}
else {
// encrypt password
//$options = array('cost' => 11);
//$password = password_hash($password, PASSWORD_BCRYPT, $options);
// create account in db
createNewAccount($First,$Last,$Email,$Login,$Password);
// send confirmation email
$SenderAddress = "$First <$Email>";
$Headers = "From: $SenderAddress\nCC:$SenderAddress\n";
$from = "PVault"; // sender
$subject = "PVault Registration Confirmation";
$message = $First . ",\nYou have successfully registered for PVault. Now you can Store your documents in the cloud, securely locked inside your own Personal Vault.\n\nThe PVault Team";
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail($Email,$subject,$message,"From: $from\n");
echo "<p>" . $First . "\nyour account has been created. Welcome to PVault!.</p><br /><br />\n";
include 'includes/inc_text_menu.php';
}
?>
</body>
</html>

120
f8l_exception/reset_password.php Normal file
View File

@@ -0,0 +1,120 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | Reset Password -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Reset Password</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Reset Password</h1><hr />
</head>
<body>
<?php
include 'includes/inc_generatePassword.php';
include 'includes/inc_validateInput.php';
function resetPassword($userName) {
global $errorCount;
global $errorMessage;
global $email;
include 'includes/inc_dbConnect.php';
// Select database.
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>Connection error. Please try again later.</p>";
else {
// check login for validity
$sql = "SELECT * FROM user WHERE username='$userName' and email='$email'";
$result = mysql_query($sql);
// Mysql_num_row is counting table rows
$count = mysql_num_rows($result);
// If result matched $userName, table row must be 1 row. Get Email address, and Reset PW
if($count == 1){
$row = mysql_fetch_row($result);
//$email = $row[5];
$newPassword = generatePassword();
$sql = "UPDATE user SET password='$newPassword' WHERE username='$userName'";
$result = mysql_query($sql);
}
else {
$errorCount++;
$errorMessage .= "Account not found. Please re-enter your User Name and Email.<br />\n";
}
mysql_close($db_connect);
return $newPassword;
}
}
}
function displayForm() {
global $errorMessage;
echo $errorMessage;
?>
<form name="reset_password" action="reset_password.php" method="post">
<p>User Name: <input type="text" name="userName" /></p>
<p>Email: <input type="text" name="email" /></p>
<p><input type="submit" name="Reset" value="Reset" /></p>
</form>
<br /><br />
<?php
include 'includes/inc_text_menu.php';
}
$ShowForm = TRUE;
$errorCount = 0;
$errorMessage = "";
$email = "";
$userName = "";
if (isset($_POST['Reset'])) {
$userName = validateInput($_POST['userName'],"User Name");
$email = validateInput($_POST['email'],"Email");
if ($errorCount == 0) {
$ShowForm = FALSE;
}
else
$ShowForm = TRUE;
}
if ($ShowForm == TRUE) {
if ($errorCount > 0) // if there were errors
$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
displayForm ();
}
else {
$newPassword = resetPassword($userName);
if ($errorCount > 0) { // if there were errors
$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
displayForm ();
}
else {
echo "<p>\nPassword has been reset!. A new password has been emailed to you.</p><br /><br />\n";
include 'includes/inc_text_menu.php';
// send confirmation email
$SenderAddress = "<$email>";
$Headers = "From: $SenderAddress\nCC:$SenderAddress\n";
$from = "F8L Exception Online"; // sender
$subject = "F8L Exception Online Bank Password Reset";
$message = "Your new password is $newPassword\nWe recommend you login using this password and change it to a new password of your choosing.\n\nF8L Exception Online Bank";
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail($email,$subject,$message,"From: $from\n");
}
}
?>
</body>
</html>

85
f8l_exception/view_statement.php Normal file
View File

@@ -0,0 +1,85 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | View Statement -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | View Statement</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>View Statement -- Under construction</h1><hr />
</head>
<body>
<?php
function displayTable() {
global $Login;
echo "User Name: " . $Login;
include 'includes/inc_dbConnect.php';
if ($db_connect === FALSE)
echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
else {
if (!@mysql_select_db($db_name, $db_connect))
echo "<p>No data found.</p>";
else {
$TableName = "document";
$SQLstring = "SELECT * FROM $TableName WHERE login = '$Login' and active = 1";
$QueryResult = @mysql_query($SQLstring, $db_connect);
if (mysql_num_rows($QueryResult) == 0)
echo "<p>No data found .</p>";
else
{
echo "<table width='100%' border='1'>";
echo "<tr>
<th>Title</th>
<th>Tags</th>
<th>Revised Date</th>
<th>Note1</th>
<th>Edit</th>
<th>Remove</th>
</tr>";
while (($Row = mysql_fetch_assoc($QueryResult)) !== FALSE)
{
echo "<td><a href='view_document.php?id={$Row['id']}'>{$Row['title']}</a></td>";
echo "<td>{$Row['tags']}</td>";
echo "<td>{$Row['revisedDate']}</td>";
echo "<td>{$Row['note1']}</td>";
?>
<td>
<form method="POST" action="edit_document.php">
<input type="hidden" name="id" value="<?php echo $Row['id']; ?>">
<input type="hidden" name="status" value=0>
<input type="submit" name="edit" value="Edit" />
</form>
</td>
<td>
<form method="POST" action="change_document_status.php">
<input type="hidden" name="id" value="<?php echo $Row['id']; ?>">
<input type="hidden" name="status" value=0>
<input type="submit" name="remove" value="Remove" />
</form>
</td></tr><?php
}
echo "</table><br /><br />";
}
mysql_free_result($QueryResult);
}
}
include 'includes/inc_text_menu.php';
}
$Login = "";
$Login = $_SESSION['login'];
if ($Login == "") { // redirect to login page if not logged in
?><script language="JavaScript">window.location = "login.php";</script><?php
}
displayTable();
?>
</body>
</html>

70
f8l_exception/withdraw.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
session_start(); ?>
<!-- F8L Exception Online Bank | Withdraw -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>F8L Exception Online Bank | Withdraw</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<?php include 'includes/inc_header.php'; ?>
<h1>Withdraw -- Under construction</h1><hr />
</head>
<body>
<?php
include 'includes/inc_validateInput.php';
include 'includes/inc_validateLogin.php';
function displayForm() {
?>
<h3>Enter your User Name and Password.</h3>
<?php
global $errorMessage;
echo $errorMessage ?>
<form method="POST" action="login.php">
<p>User Name <input type="text" name="Login" /></p>
<p>Password <input type="password" name="Password" /></p>
<p><input type="submit" value="Log in" /></p>
</form>
<br /><br />
<?php
include 'includes/inc_text_menu.php';
}
$ShowForm = TRUE;
$errorCount = 0;
$errorMessage = "";
$Login = "";
$Password = "";
// if submit button is clicked, get login and pw and validate login
if (isset($_POST['Login'])) {
$Login = validateInput($_POST['Login'],"User Name");
$Password = validateInput($_POST['Password'],"Password");
if ($errorCount == 0) // validateLogin is slow, so only do that if no errors yet
$Login = validateLogin($Login,$Password);
if ($errorCount == 0)
$ShowForm = FALSE;
}
if ($errorCount > 0) { // errors logged
displayForm();
}
else {
if ($ShowForm == TRUE) {
displayForm(); // new page load
}
else { // login approved
$_SESSION['login'] = $Login;
//header("location:my_documents.php");
?><script language="JavaScript">window.location = "my_documents.php";</script><?php
exit();
}
}
?>
</body>
</html>