Working website, Rev 1.

Register user, login, chg pw, reset pw, view accounts, all work. Can't
create a new account yet.

f8l_exception/change_password.php

@@ -0,0 +1,99 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | Change Password -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Change Password</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Change Password</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_validatePassword.php';
+include 'includes/inc_validateInput.php';
+include 'includes/inc_validateLogin.php';
+
+function changePassword($userName,$oldPassword,$newPassword) {
+	global $errorCount;
+	include 'includes/inc_dbConnect.php';
+	
+	// Select database.
+	if ($db_connect === FALSE)
+		echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+		
+	else {
+		if (!@mysql_select_db($db_name, $db_connect))
+			echo "<p>Connection error. Please try again later.</p>";
+		else {
+			$sql = "UPDATE user SET password='$newPassword' WHERE username='$userName'";
+			$result = mysql_query($sql);
+		}
+		mysql_close($db_connect);
+	}
+	return ($retval);
+}
+
+function displayForm($userName) {
+	global $errorMessage;
+	echo $errorMessage;
+	?>
+	<form name="change_password" action="change_password.php" method="post">
+	<p>User Name: <input type="text" name="userName" value="<?php echo $userName; ?>" /></p>
+	<p>Old Password: <input type="password" name="oldPassword" value="" /></p>
+	<p>New Password: <input type="password" name="newPassword" value="" /></p>
+	<p>Confirm New Password: <input type="password" name="newPassword2" value="" /></p>
+	
+	<p><input type="submit" name="Submit" value="Submit" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	include 'includes/inc_text_menu.php';
+}
+
+$showForm = TRUE;
+$errorCount = 0;
+$errorMessage = "";
+$userName = "";
+$oldPassword = "";
+$newPassword = "";
+$newPassword2 = "";
+
+// get input from form fields and validate input
+if (isset($_POST['Submit'])) {
+	$userName  = validateInput($_POST['userName'],"User Name");
+	$oldPassword = $_POST['oldPassword'];
+	$userName = validateLogin($userName,$oldPassword);
+	$newPassword  = validatePassword($_POST['newPassword'],$_POST['newPassword2'],"Password");
+	if($userName == $newPassword) {
+		$errorMessage .= "Error: new password cannot be the same as user name<br />";
+		$errorCount++;
+	}
+	if ($errorCount == 0)
+		$showForm = FALSE;
+	else
+		$showForm = TRUE;
+}
+
+if ($showForm == TRUE) {
+	if ($errorCount > 0) // if there were errors
+		$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
+	displayForm ($userName);
+}
+else {
+	// encrypt password here
+	
+	// change password in db
+	changePassword($userName,$oldPassword,$newPassword);
+    echo "<p>\nPassword has been changed!.</p><br /><br />\n";
+	include 'includes/inc_text_menu.php';
+}	
+?>
+
+</body>
+</html>

f8l_exception/deposit.php

@@ -0,0 +1,70 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | Deposit -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Deposit</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Deposit -- under construction</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_validateInput.php';
+include 'includes/inc_validateLogin.php';
+
+function displayForm() {
+?>
+	<h3>Enter your User Name and Password.</h3>
+	<?php 
+	global $errorMessage;
+	echo $errorMessage ?>
+	<form method="POST" action="login.php">
+		<p>User Name <input type="text" name="Login" /></p>
+		<p>Password <input type="password" name="Password" /></p>
+		<p><input type="submit" value="Log in" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	include 'includes/inc_text_menu.php';
+}
+
+$ShowForm = TRUE;
+$errorCount = 0;
+$errorMessage = "";
+$Login = "";
+$Password = "";	
+
+// if submit button is clicked, get login and pw and validate login
+if (isset($_POST['Login'])) {
+	$Login  = validateInput($_POST['Login'],"User Name");
+	$Password  = validateInput($_POST['Password'],"Password");
+	if ($errorCount == 0)	// validateLogin is slow, so only do that if no errors yet
+		$Login = validateLogin($Login,$Password);
+	if ($errorCount == 0)
+		$ShowForm = FALSE;
+}
+
+if ($errorCount > 0) {		// errors logged
+		displayForm();
+	}
+else {
+	if ($ShowForm == TRUE) {
+		displayForm();		// new page load
+	}
+	else {					// login approved
+		$_SESSION['login'] = $Login;
+		//header("location:my_documents.php");
+		?><script language="JavaScript">window.location = "my_documents.php";</script><?php
+		exit();
+	}
+}
+?>
+
+</body>
+</html>

f8l_exception/includes/inc_dbConnect.php

@@ -0,0 +1,10 @@
+<?php
+$db_host="joeyajames.powwebmysql.com"; // Host name
+$db_username="f8lexception"; // Mysql username
+$db_password="Kim157"; // Mysql password
+$db_name="f8lexception"; // Database name
+
+// Connect to server and select database.
+$db_connect = mysql_connect("$db_host", "$db_username", "$db_password")or die("cannot connect");
+//mysql_select_db("$db_name")or die("cannot select DB");
+?>

f8l_exception/includes/inc_generatePassword.php

@@ -0,0 +1,7 @@
+<?php
+function generatePassword( $length = 8 ) {
+	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:?";
+	$password = substr( str_shuffle( $chars ), 0, $length );
+	return $password;
+}
+?>

f8l_exception/includes/inc_getNumberOfAccounts.php

@@ -0,0 +1,18 @@
+<?php
+// get the number of checking and savings accounts for a user (max is 2)
+// increments global $errorCount if errors encountered.
+function getNumberOfAccounts ($userName) {
+	global $errorCount;
+	global $errorMessage;
+	include($_SERVER['DOCUMENT_ROOT']."/f8l_exception/includes/inc_dbConnect.php");
+	mysql_select_db("$db_name")or die("cannot select DB");
+
+	// get number of accounts
+	$sql = "SELECT * FROM account WHERE username='$userName' and accounttype='Checking' or 'Savings'";
+	$result = mysql_query($sql);
+	$count = mysql_num_rows($result);
+	
+	mysql_close($db_connect);
+	return $count;
+}
+?>

f8l_exception/includes/inc_header.php

@@ -0,0 +1 @@
+<a href="index.php"><img src="artwork/f8l_exception_logo.png" alt="F8L Exception Online Bank"></a>

f8l_exception/includes/inc_text_menu.php

@@ -0,0 +1,17 @@
+<a href="http://www.joe-james.net/f8l_exception/index.php">Home</a> |
+<a href="http://www.joe-james.net/f8l_exception/new_customer.php">New Customer</a> |
+<a href="http://www.joe-james.net/f8l_exception/login.php">Login</a> | 
+<a href="http://www.joe-james.net/f8l_exception/change_password.php">Change Password</a> |  
+<a href="http://www.joe-james.net/f8l_exception/reset_password.php">Reset Password</a> | 
+<a href="http://www.joe-james.net/f8l_exception/logout.php">Logout</a> 
+<br />  
+<a href="http://www.joe-james.net/f8l_exception/new_account.php">New Account</a> |
+<a href="http://www.joe-james.net/f8l_exception/my_accounts.php">My Accounts</a> |  
+<a href="http://www.joe-james.net/f8l_exception/deposit.php">Deposit</a> | 
+<a href="http://www.joe-james.net/f8l_exception/withdraw.php">Withdraw</a> |
+<a href="http://www.joe-james.net/f8l_exception/view_statement.php">View Statement</a> 
+<br />
+<a href="http://www.joe-james.net/f8l_exception/new_loan.php">New Loan</a> |
+<a href="http://www.joe-james.net/f8l_exception/loan_payment.php">Make Loan Payment</a> 
+<br />
+<a href="http://www.joe-james.net/f8l_exception/admin.php">Admin</a>

f8l_exception/includes/inc_validateEmail.php

@@ -0,0 +1,27 @@
+<?php
+function validateEmail($data, $fieldName)
+{
+	global $errorCount;
+	global $errorMessage;
+	
+	if (empty($data))
+	{
+		$errorMessage .= $fieldName . " is a required field. \n";
+		$errorCount++;
+		$retval = "";
+	}
+	else
+	{
+		// only clean up the input if it isn't empty
+		$retval = trim($data);
+		$retval = stripslashes($retval);
+		$pattern = "/^[\w-]+(\.[\w-]+)*@" . "[\w-]+(\.[\w-]+)*" . "(\.[a-z]{2,})$/i";
+		if (preg_match($pattern, $retval) == 0)
+		{
+			$errorMessage .= $fieldName . " is not a valid e-mail address. \n";
+			$errorCount++;
+		}
+	}
+	return($retval);
+}
+?>

f8l_exception/includes/inc_validateInput.php

@@ -0,0 +1,20 @@
+<?php
+function validateInput($data, $fieldName) 
+{
+	global $errorMessage;
+	global $errorCount;
+	if (empty($data)) 
+	{
+		$errorMessage .= $fieldName . " is a required field.<br />\n";
+		$errorCount++;
+		$retval = "";
+	}
+	else
+	{
+		// only clean up the input if it isn't empty
+		$retval = trim($data);
+		$retval = stripslashes($retval);
+	}
+	return ($retval);
+}
+?>

f8l_exception/includes/inc_validateLogin.php

@@ -0,0 +1,34 @@
+<?php
+// checks user name and pw provided on login page against registered users in account table
+// increments global $errorCount if login not approved.
+function validateLogin ($myusername,$mypassword) {
+	global $errorCount;
+	global $errorMessage;
+	include($_SERVER['DOCUMENT_ROOT']."/f8l_exception/includes/inc_dbConnect.php");
+	mysql_select_db("$db_name")or die("cannot select DB");
+
+	// To protect MySQL injection (more detail about MySQL injection)
+	$myusername = stripslashes($myusername);
+	$mypassword = stripslashes($mypassword);
+	$myusername = mysql_real_escape_string($myusername);
+	$mypassword = mysql_real_escape_string($mypassword);
+
+	// check login and password for validity
+	$sql = "SELECT * FROM user WHERE username='$myusername' and password='$mypassword'";
+	$result = mysql_query($sql);
+
+	// If result matched $myusername and $mypassword, table row must be 1 row
+	$count = mysql_num_rows($result);
+	if($count == 1){
+		// record login to login_history table
+		$sql2 = "INSERT INTO login_history (login) VALUES ('$myusername')";
+		$result = mysql_query($sql2);
+	}
+	else {
+		$errorCount++;
+		$errorMessage .= "Wrong User Name or Password.<br />\n";
+	}
+	mysql_close($db_connect);
+	return $myusername;
+}
+?>

f8l_exception/includes/inc_validatePassword.php

@@ -0,0 +1,60 @@
+<?php
+// check if password contains at least 1 upper case letter
+function containsUpper($data) {
+	return (preg_match('/[A-Z]/', $data));
+}
+function containsLower($data) {
+	return (preg_match('/[a-z]/', $data));
+}
+function containsNumber($data) {
+	return (preg_match('/[0-9]/', $data));
+}
+function containsOther($data) {
+	return TRUE;
+}
+function containsSpaces($data) {
+	return  (preg_match("/\s/",$data));
+}
+function validatePassword($data, $data2, $fieldName) 
+{
+	global $errorCount;
+	global $errorMessage;
+	
+	if (empty($data) or empty($data2)) 
+	{
+		$errorMessage .= $fieldName . " is a required field.<br />\n";
+		$errorCount++;
+		$retval = "";
+	}
+	elseif ($data !== $data2)
+	{
+		$errorMessage .= "Passwords do not match.<br />\n";
+		$errorCount++;
+		$retval = "";
+	}
+	elseif (strlen($data) < 8)
+	{
+		$errorMessage .= "Password must be at least 8 characters, 
+		must contain at least one upper case letter, at least one lower case letter, 
+		at least one number, and at least one non-alphanumeric character.<br />\n";
+		$errorCount++;
+		$retval = "";
+	}
+	elseif (!containsUpper($data) or !containsLower($data) or !containsNumber($data) or 
+		!containsOther($data) or containsSpaces($data))
+	{
+		$errorMessage .= "Password must be at least 8 characters, 
+		must contain at least one upper case letter, at least one lower case letter, 
+		at least one number, and at least one non-alphanumeric character.<br />\n";
+		$errorCount++;
+		$retval = "";
+	}
+	else
+	{
+		// only clean up the input if it isn't empty
+		$retval = trim($data);
+		$retval = stripslashes($retval);
+	}
+	return ($retval);
+}
+?>

f8l_exception/includes/inc_validateUserName.php

@@ -0,0 +1,48 @@
+<?php
+function validateUserName($data, $fieldName) 
+{
+	global $errorCount;
+	global $errorMessage;
+	
+	if (empty($data)) {
+		$errorMessage .= $fieldName . " is a required field.<br />\n";
+		$errorCount++;
+		$retval = "";
+	}
+	
+	elseif (strlen($data) < 4 || strlen($data) > 30) {
+		$errorMessage .= $fieldName . " must be at least 4 and at most 30 characters.<br />\n";
+		$errorCount++;
+	}
+	
+	else {
+		include 'includes/inc_dbConnect.php';
+		
+		// Select database.
+		if ($db_connect === FALSE)
+			echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+			
+		else {
+			if (!@mysql_select_db($db_name, $db_connect))
+				echo "<p>Connection error. Please try again later.</p>";
+			else {
+				$SQLstring = "SELECT * FROM user WHERE username = '$data'";
+				
+				$QueryResult = @mysql_query($SQLstring, $db_connect);
+				if (mysql_num_rows($QueryResult) > 0) {
+					//echo "Please select a different User Name.<br />\n";
+					$errorMessage .= "Please select a different User Name.<br />\n";
+					$errorCount++;
+					$retval = "";
+				}
+				else {
+					$retval = trim($data);
+					$retval = stripslashes($retval);
+				}
+			}
+			mysql_close($db_connect);
+		}
+	}
+	return ($retval);
+}
+?>

f8l_exception/index.php

@@ -0,0 +1,23 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | Home -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Home</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Welcome to F8L Exception Online Bank!</h1><hr />
+</head>
+<body>
+
+<h3>Secure online banking with zero fees</h3>
+<img src="artwork/vault.jpg" />
+<p>What? You're looking for a secure and reliable online bank to stash your cash in that won't bury you with fees? The F8L Exception Online Bank has it all.
+It is free, quick and easy to set up an account, and you can access all your funds conveniently online.</p>
+<br />
+<?php
+include 'includes/inc_text_menu.php';
+?>

f8l_exception/loan_payment.php

@@ -0,0 +1,124 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | Make a Loan Payment -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Make a Loan Payment</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Make a Loan Payment -- Under construction</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_validatePassword.php';
+include 'includes/inc_validateEmail.php';
+include 'includes/inc_validateInput.php';
+include 'includes/inc_validateUserName.php';
+
+function createNewAccount($First,$Last,$Email,$Login,$Password) {
+	global $errorCount;
+	include 'includes/inc_dbConnect.php';
+	
+	// Select database.
+	if ($db_connect === FALSE)
+		echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+		
+	else {
+		if (!@mysql_select_db($db_name, $db_connect))
+			echo "<p>Connection error. Please try again later.</p>";
+		else {
+			$today = date("Ymd");
+			$TableName = "account";
+			$SQLstring = "INSERT INTO 
+				$TableName (login,password,firstName,lastName,email,active,dateOpened) 
+				VALUES ('$Login','$Password','$First','$Last','$Email',1,'$today')";
+			
+			$QueryResult = @mysql_query($SQLstring, $db_connect);
+		}
+		mysql_close($db_connect);
+	}
+	return ($retval);
+}
+
+function displayForm($First, $Last, $Email, $Login) {
+	global $errorMessage;
+	echo $errorMessage;
+	?>
+	<form name="register" action="register.php" method="post">
+	<p>First Name: <input type="text" name="First" value="<?php echo $First; ?>" /></p>
+	<p>Last Name: <input type="text" name="Last" value="<?php echo $Last; ?>" /></p>
+	<p>Your E-Mail: <input type="text" name="Email" value="<?php echo $Email; ?>" /></p>
+	<p>User Name: <input type="text" name="Login" value="<?php echo $Login; ?>" /></p>
+	<p>Password: <input type="password" name="Password" value="" /></p>
+	<p>Confirm Password: <input type="password" name="Password2" value="" /></p>
+	
+	<p><input type="submit" name="Submit" value="Register" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	include 'includes/inc_text_menu.php';
+}
+
+$showForm = TRUE;
+$errorCount = 0;
+$errorMessage = "";
+$First = "";
+$Last = "";
+$Email = "";
+$Login = "";
+$Password = "";
+$Password2 = "";
+
+if (isset($_POST['Submit'])) {
+	$First = validateInput($_POST['First'],"First Name");
+	$Last = validateInput($_POST['Last'],"Last Name");
+	$Email  = validateEmail($_POST['Email'],"E-mail");
+	$Login  = validateUserName($_POST['Login'],"User Name");
+	$Password  = validatePassword($_POST['Password'],$_POST['Password2'],"Password");
+	if($Login == $Password) {
+		$errorMessage .= "Password cannot be the same as user name<br />";
+		$errorCount++;
+	}
+	if ($errorCount == 0)
+		$showForm = FALSE;
+	else
+		$showForm = TRUE;
+}
+
+if ($showForm == TRUE) {
+	if ($errorCount > 0) // if there were errors
+		$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
+	displayForm ($First, $Last, $Email, $Login);
+}
+else {
+	// encrypt password
+	//$options = array('cost' => 11);
+	//$password = password_hash($password, PASSWORD_BCRYPT, $options);
+	
+	// create account in db
+	createNewAccount($First,$Last,$Email,$Login,$Password);
+
+	// send confirmation email
+	$SenderAddress = "$First <$Email>";
+	$Headers = "From: $SenderAddress\nCC:$SenderAddress\n";
+	
+	$from = "PVault"; // sender
+    $subject = "PVault Registration Confirmation";
+    $message = $First . ",\nYou have successfully registered for PVault. Now you can Store your documents in the cloud, securely locked inside your own Personal Vault.\n\nThe PVault Team";
+    // message lines should not exceed 70 characters (PHP rule), so wrap it
+    $message = wordwrap($message, 70);
+    // send mail
+    mail($Email,$subject,$message,"From: $from\n");
+	
+    echo "<p>" . $First . "\nyour account has been created. Welcome to PVault!.</p><br /><br />\n";
+	include 'includes/inc_text_menu.php';
+}	
+?>
+
+</body>
+</html>

f8l_exception/login.php

@@ -0,0 +1,71 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | Login -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Login</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Login</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_validateInput.php';
+include 'includes/inc_validateLogin.php';
+
+function displayForm() {
+?>
+	<h3>Enter your User Name and Password.</h3>
+	<?php 
+	global $errorMessage;
+	echo $errorMessage ?>
+	<form method="POST" action="login.php">
+		<p>User Name <input type="text" name="userName" /></p>
+		<p>Password <input type="password" name="password" /></p>
+		<p><input type="submit" name="Submit" value="Log in" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	include 'includes/inc_text_menu.php';
+}
+
+$ShowForm = TRUE;
+$errorCount = 0;
+$errorMessage = "";
+$userName = "";
+$password = "";	
+
+// if submit button is clicked, get login and pw and validate login
+if (isset($_POST['Submit'])) {
+	$userName  = validateInput($_POST['userName'],"User Name");
+	$password  = validateInput($_POST['password'],"Password");
+	
+	if ($errorCount == 0)	// validateLogin is slow, so only do that if no errors yet
+		$userName = validateLogin($userName,$password);
+	if ($errorCount == 0)
+		$ShowForm = FALSE;
+}
+
+if ($errorCount > 0) {		// errors logged
+		displayForm();
+	}
+else {
+	if ($ShowForm == TRUE) {
+		displayForm();		// new page load
+	}
+	else {					// login approved
+		$_SESSION['login'] = $userName;
+		//header("location:my_documents.php");
+		?><script language="JavaScript">window.location = "my_accounts.php";</script><?php
+		exit();
+	}
+}
+?>
+
+</body>
+</html>

f8l_exception/logout.php

@@ -0,0 +1,22 @@
+<?php
+session_start(); ?>
+<!-- PVault | Logout -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+</head>
+<body>
+
+<?php
+	// Unset all of the session variables, and Destroy the session, then redirect to home
+	session_unset(); 
+	session_destroy();
+	?><script language="JavaScript">window.location = "index.php";</script><?php
+	include 'includes/inc_text_menu.php';
+?>
+
+</body>
+</html>

f8l_exception/my_accounts.php

@@ -0,0 +1,64 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | My Accounts -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | My Accounts</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>My Accounts</h1><hr />
+</head>
+<body>
+
+<?php
+function showAccounts($userName) {
+	include 'includes/inc_dbConnect.php';
+	// Select database.
+	if ($db_connect === FALSE)
+		echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+		
+	else {
+		if (!@mysql_select_db($db_name, $db_connect))
+			echo "<p>Connection error. Please try again later.</p>";
+		else {
+			$SQLstring = "SELECT * from account 
+				WHERE username='$userName'";
+			
+			$QueryResult = @mysql_query($SQLstring, $db_connect);
+			if (mysql_num_rows($QueryResult) == 0)
+				echo "<p>You have no accounts open.</p>";
+			else {
+				echo "<table width='50%' border='1'>";
+				echo "<tr>
+					<th>Account Type</th>
+					<th>Account Number</th>
+					<th>Balance</th>
+					</tr>";
+				while (($Row = mysql_fetch_assoc($QueryResult)) !== FALSE) 
+				{
+					echo "<td>{$Row['accounttype']}</td>";
+					echo "<td>{$Row['accountid']}</td>";
+					echo "<td>{$Row['balance']}</td></tr>";
+				}
+				echo "</table><br /><br />";
+			}
+		}
+		mysql_close($db_connect);
+	}
+	return ($retval);
+}
+
+$userName = "";
+$userName = $_SESSION['login'];
+echo "User Name: ".$userName."<br />";
+showAccounts($userName);
+
+include 'includes/inc_text_menu.php';
+
+?>
+
+</body>
+</html>

f8l_exception/new_account.php

@@ -0,0 +1,103 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | Open New Account -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Open New Account</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Open a New Account</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_validateInput.php';
+include 'includes/inc_getNumberOfAccounts.php';
+
+function openNewAccount($userName,$balance,$accountType) {
+	global $errorCount;
+	global $errorMessage;
+	include 'includes/inc_dbConnect.php';
+	
+	// Select database.
+	if ($db_connect === FALSE)
+		echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+		
+	else {
+		if (!@mysql_select_db($db_name, $db_connect))
+			echo "<p>Connection error. Please try again later.</p>";
+		else {
+			$today = date("Ymd");
+			$TableName = "account";
+			$SQLstring = "INSERT INTO 
+				$TableName (login,password,firstName,lastName,email,active,dateOpened) 
+				VALUES ('$Login','$Password','$First','$Last','$Email',1,'$today')";
+			
+			$QueryResult = @mysql_query($SQLstring, $db_connect);
+		}
+		mysql_close($db_connect);
+	}
+	return ($retval);
+}
+
+function displayForm($First, $Last, $Email, $Login) {
+	global $errorMessage;
+	echo $errorMessage;
+	
+	// figure out how to make a checkbox for savings or checking in this form.
+	?>
+	<form name="register" action="register.php" method="post">
+	<p>Initial Deposit: <input type="text" name="balance"  /></p>	
+	<p>Account Type: <input type="text" name="accountType" /></p>
+	
+	<p><input type="submit" name="Submit" value="Submit" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	//include 'includes/inc_text_menu.php';
+}
+
+$errorCount = 0;
+$errorMessage = "";
+$userName = $_SESSION['login'];
+$numAccounts = getNumberOfAccounts($userName);
+
+if ($numAccounts > 1)
+	echo "You already have two accounts open. Each user is limited to two accounts.";
+else {
+	$showForm = TRUE;
+	if (isset($_POST['Submit'])) {
+		$balance  = validateInput($_POST['balance'],"Initial Deposit");
+		$accountType  = validateInput($_POST['accountType'],"Account Type");
+// gotta finish coding all this stuff below.
+		if($Login == $Password) {
+			$errorMessage .= "Password cannot be the same as user name<br />";
+			$errorCount++;
+		}
+		if ($errorCount == 0)
+			$showForm = FALSE;
+		else
+			$showForm = TRUE;
+	}
+
+	if ($showForm == TRUE) {
+		if ($errorCount > 0) // if there were errors
+			$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
+		displayForm ();
+	}
+	else {
+		// create account in db
+		createNewAccount($userName,$balance,$accountType);
+
+		echo "<p>Your account has been created!.</p><br /><br />\n";
+	}
+}
+include 'includes/inc_text_menu.php';
+?>
+
+</body>
+</html>

f8l_exception/new_customer.php

@@ -0,0 +1,116 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | New Customer -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Register a New Customer</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Register a New Customer</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_validatePassword.php';
+include 'includes/inc_validateUserName.php';
+include 'includes/inc_validateEmail.php';
+
+function createNewCustomer($userName,$pw,$email) {
+	global $errorCount;
+	global $errorMessage;
+	include 'includes/inc_dbConnect.php';
+	
+	// Select database.
+	if ($db_connect === FALSE)
+		echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+		
+	else {
+		if (!@mysql_select_db($db_name, $db_connect))
+			echo "<p>Connection error. Please try again later.</p>";
+		else {
+			$errorMessage .= "Inserting new user into db.";
+			echo "Inserting new user into db. $userName $pw $email";
+			$SQLstring = "INSERT INTO 
+				user (username,password,email) 
+				VALUES ('$userName','$pw','$email')";
+			
+			$QueryResult = @mysql_query($SQLstring, $db_connect);
+		}
+		mysql_close($db_connect);
+	}
+	return ($retval);
+}
+
+function displayForm($userName,$email) {
+	global $errorMessage;
+	echo $errorMessage;
+	?>
+	<form name="new_customer" action="new_customer.php" method="post">
+	<p>User Name: <input type="text" name="userName" value="<?php echo $userName; ?>" /></p>
+	<p>Email: <input type="text" name="email" value="<?php echo $email; ?>" /></p>
+	<p>Password: <input type="password" name="password" value="" /></p>
+	<p>Confirm Password: <input type="password" name="password2" value="" /></p>
+	
+	<p><input type="submit" name="Submit" value="Register" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	include 'includes/inc_text_menu.php';
+}
+
+$showForm = TRUE;
+$errorCount = 0;
+$errorMessage = "";
+$email = "";
+$userName = "";
+$password = "";
+$password2 = "";
+
+if (isset($_POST['Submit'])) {
+	$email  = validateEmail($_POST['email'],"E-mail");
+	$userName  = validateUserName($_POST['userName'],"User Name");
+	$password  = validatePassword($_POST['password'],$_POST['password2'],"Password");
+	if($userName == $password) {
+		$errorMessage .= "Password cannot be the same as user name<br />";
+		$errorCount++;
+	}
+	if ($errorCount == 0)
+		$showForm = FALSE;
+	else
+		$showForm = TRUE;
+}
+
+if ($showForm == TRUE) {
+	if ($errorCount > 0) // if there were errors
+		$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
+	displayForm ($userName,$email);
+}
+else {
+	// should add password encryption code here
+	
+	// create account in db
+	createNewCustomer($userName, $password, $email);
+
+	// send confirmation email
+	$SenderAddress = "F8L Exception Bank Customer <$email>";
+	$Headers = "From: $SenderAddress\nCC:$SenderAddress\n";
+	
+	$from = "F8L Exception Online Bank"; // sender
+    $subject = "F8L Exception Online Bank New Customer Confirmation";
+    $message = "You have successfully registered as a new customer for F8L Exception Online Bank. We hope you will enjoy our service and our lack of fees!\n\nThe F8L Exception Online Bank";
+    // message lines should not exceed 70 characters (PHP rule), so wrap it
+    $message = wordwrap($message, 70);
+    // send mail
+    mail($email,$subject,$message,"From: $from\n");
+	
+    echo "<p>You have been set up as a new customer. Welcome to F8L Exception Online Bank!.</p><br /><br />\n";
+	include 'includes/inc_text_menu.php';
+}	
+?>
+
+</body>
+</html>

f8l_exception/new_loan.php

@@ -0,0 +1,124 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | New Loan -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | New Loan</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>New Loan -- Under construction</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_validatePassword.php';
+include 'includes/inc_validateEmail.php';
+include 'includes/inc_validateInput.php';
+include 'includes/inc_validateUserName.php';
+
+function createNewAccount($First,$Last,$Email,$Login,$Password) {
+	global $errorCount;
+	include 'includes/inc_dbConnect.php';
+	
+	// Select database.
+	if ($db_connect === FALSE)
+		echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+		
+	else {
+		if (!@mysql_select_db($db_name, $db_connect))
+			echo "<p>Connection error. Please try again later.</p>";
+		else {
+			$today = date("Ymd");
+			$TableName = "account";
+			$SQLstring = "INSERT INTO 
+				$TableName (login,password,firstName,lastName,email,active,dateOpened) 
+				VALUES ('$Login','$Password','$First','$Last','$Email',1,'$today')";
+			
+			$QueryResult = @mysql_query($SQLstring, $db_connect);
+		}
+		mysql_close($db_connect);
+	}
+	return ($retval);
+}
+
+function displayForm($First, $Last, $Email, $Login) {
+	global $errorMessage;
+	echo $errorMessage;
+	?>
+	<form name="register" action="register.php" method="post">
+	<p>First Name: <input type="text" name="First" value="<?php echo $First; ?>" /></p>
+	<p>Last Name: <input type="text" name="Last" value="<?php echo $Last; ?>" /></p>
+	<p>Your E-Mail: <input type="text" name="Email" value="<?php echo $Email; ?>" /></p>
+	<p>User Name: <input type="text" name="Login" value="<?php echo $Login; ?>" /></p>
+	<p>Password: <input type="password" name="Password" value="" /></p>
+	<p>Confirm Password: <input type="password" name="Password2" value="" /></p>
+	
+	<p><input type="submit" name="Submit" value="Register" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	include 'includes/inc_text_menu.php';
+}
+
+$showForm = TRUE;
+$errorCount = 0;
+$errorMessage = "";
+$First = "";
+$Last = "";
+$Email = "";
+$Login = "";
+$Password = "";
+$Password2 = "";
+
+if (isset($_POST['Submit'])) {
+	$First = validateInput($_POST['First'],"First Name");
+	$Last = validateInput($_POST['Last'],"Last Name");
+	$Email  = validateEmail($_POST['Email'],"E-mail");
+	$Login  = validateUserName($_POST['Login'],"User Name");
+	$Password  = validatePassword($_POST['Password'],$_POST['Password2'],"Password");
+	if($Login == $Password) {
+		$errorMessage .= "Password cannot be the same as user name<br />";
+		$errorCount++;
+	}
+	if ($errorCount == 0)
+		$showForm = FALSE;
+	else
+		$showForm = TRUE;
+}
+
+if ($showForm == TRUE) {
+	if ($errorCount > 0) // if there were errors
+		$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
+	displayForm ($First, $Last, $Email, $Login);
+}
+else {
+	// encrypt password
+	//$options = array('cost' => 11);
+	//$password = password_hash($password, PASSWORD_BCRYPT, $options);
+	
+	// create account in db
+	createNewAccount($First,$Last,$Email,$Login,$Password);
+
+	// send confirmation email
+	$SenderAddress = "$First <$Email>";
+	$Headers = "From: $SenderAddress\nCC:$SenderAddress\n";
+	
+	$from = "PVault"; // sender
+    $subject = "PVault Registration Confirmation";
+    $message = $First . ",\nYou have successfully registered for PVault. Now you can Store your documents in the cloud, securely locked inside your own Personal Vault.\n\nThe PVault Team";
+    // message lines should not exceed 70 characters (PHP rule), so wrap it
+    $message = wordwrap($message, 70);
+    // send mail
+    mail($Email,$subject,$message,"From: $from\n");
+	
+    echo "<p>" . $First . "\nyour account has been created. Welcome to PVault!.</p><br /><br />\n";
+	include 'includes/inc_text_menu.php';
+}	
+?>
+
+</body>
+</html>

f8l_exception/reset_password.php

@@ -0,0 +1,120 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | Reset Password -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Reset Password</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Reset Password</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_generatePassword.php';
+include 'includes/inc_validateInput.php';
+
+function resetPassword($userName) {
+	global $errorCount;
+	global $errorMessage;
+	global $email;
+	include 'includes/inc_dbConnect.php';
+	
+	// Select database.
+	if ($db_connect === FALSE)
+		echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+	else {
+		if (!@mysql_select_db($db_name, $db_connect))
+			echo "<p>Connection error. Please try again later.</p>";
+		else {
+			// check login for validity
+			$sql = "SELECT * FROM user WHERE username='$userName' and email='$email'";
+			$result = mysql_query($sql);
+
+			// Mysql_num_row is counting table rows
+			$count = mysql_num_rows($result);
+
+			// If result matched $userName, table row must be 1 row. Get Email address, and Reset PW
+			if($count == 1){
+				$row = mysql_fetch_row($result);
+				//$email = $row[5];
+				$newPassword = generatePassword();
+				$sql = "UPDATE user SET password='$newPassword' WHERE username='$userName'";
+				$result = mysql_query($sql);
+			}
+			else {
+				$errorCount++;
+				$errorMessage .= "Account not found. Please re-enter your User Name and Email.<br />\n";
+			}
+			mysql_close($db_connect);
+			
+			return $newPassword;
+		}
+	}
+}
+function displayForm() {
+	global $errorMessage;
+	echo $errorMessage;
+	?>
+	<form name="reset_password" action="reset_password.php" method="post">
+	<p>User Name: <input type="text" name="userName" /></p>
+	<p>Email: <input type="text" name="email" /></p>
+	<p><input type="submit" name="Reset" value="Reset" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	include 'includes/inc_text_menu.php';
+}
+
+$ShowForm = TRUE;
+$errorCount = 0;
+$errorMessage = "";
+$email = "";
+$userName = "";
+
+if (isset($_POST['Reset'])) {
+	$userName  = validateInput($_POST['userName'],"User Name");
+	$email = validateInput($_POST['email'],"Email");
+	if ($errorCount == 0) {
+		$ShowForm = FALSE;
+	}
+	else
+		$ShowForm = TRUE;
+}
+
+if ($ShowForm == TRUE) {
+	if ($errorCount > 0) // if there were errors
+		$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
+	displayForm ();
+}
+else {
+	$newPassword = resetPassword($userName);
+	if ($errorCount > 0) { // if there were errors
+		$errorMessage .= "<p>Please re-enter the form information below.</p>\n";
+		displayForm ();
+	}
+	else {
+		echo "<p>\nPassword has been reset!. A new password has been emailed to you.</p><br /><br />\n";
+		include 'includes/inc_text_menu.php';
+		
+		// send confirmation email
+		$SenderAddress = "<$email>";
+		$Headers = "From: $SenderAddress\nCC:$SenderAddress\n";
+		
+		$from = "F8L Exception Online"; // sender
+		$subject = "F8L Exception Online Bank Password Reset";
+		$message = "Your new password is $newPassword\nWe recommend you login using this password and change it to a new password of your choosing.\n\nF8L Exception Online Bank";
+		// message lines should not exceed 70 characters (PHP rule), so wrap it
+		$message = wordwrap($message, 70);
+		// send mail
+		mail($email,$subject,$message,"From: $from\n");
+	}	
+}	
+?>
+
+</body>
+</html>

f8l_exception/view_statement.php

@@ -0,0 +1,85 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | View Statement -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | View Statement</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>View Statement -- Under construction</h1><hr />
+</head>
+<body>
+
+<?php
+function displayTable() {
+	global $Login;
+	echo "User Name: " . $Login;
+	include 'includes/inc_dbConnect.php';
+
+	if ($db_connect === FALSE)
+		echo "<p>Unable to connect to the database server.</p>" . "<p>Error code " . mysql_errno() . ": " . mysql_error() . "</p>";
+		
+	else {
+		if (!@mysql_select_db($db_name, $db_connect))
+			echo "<p>No data found.</p>";
+		else {
+			
+			$TableName = "document";
+			$SQLstring = "SELECT * FROM $TableName WHERE login = '$Login' and active = 1";
+			
+			$QueryResult = @mysql_query($SQLstring, $db_connect);
+			if (mysql_num_rows($QueryResult) == 0)
+				echo "<p>No data found .</p>";
+			else 
+			{
+				echo "<table width='100%' border='1'>";
+				echo "<tr>
+					<th>Title</th>
+					<th>Tags</th>
+					<th>Revised Date</th>
+					<th>Note1</th>
+					<th>Edit</th>
+					<th>Remove</th>
+					</tr>";
+				while (($Row = mysql_fetch_assoc($QueryResult)) !== FALSE) 
+				{
+					echo "<td><a href='view_document.php?id={$Row['id']}'>{$Row['title']}</a></td>";
+					echo "<td>{$Row['tags']}</td>";
+					echo "<td>{$Row['revisedDate']}</td>";
+					echo "<td>{$Row['note1']}</td>";
+					?>
+					<td>
+					<form method="POST" action="edit_document.php">
+						<input type="hidden" name="id" value="<?php echo $Row['id']; ?>">
+						<input type="hidden" name="status" value=0>
+        				<input type="submit" name="edit" value="Edit" />
+					</form>
+					</td>
+					<td>
+					<form method="POST" action="change_document_status.php">
+						<input type="hidden" name="id" value="<?php echo $Row['id']; ?>">
+						<input type="hidden" name="status" value=0>
+        				<input type="submit" name="remove" value="Remove" />
+					</form>
+					</td></tr><?php
+				}
+				echo "</table><br /><br />";
+			}
+			mysql_free_result($QueryResult);
+		}	
+	}
+	include 'includes/inc_text_menu.php';
+}
+$Login = "";
+$Login = $_SESSION['login'];
+if ($Login == "") { // redirect to login page if not logged in
+	?><script language="JavaScript">window.location = "login.php";</script><?php
+}
+displayTable();
+?>
+
+</body>
+</html>

f8l_exception/withdraw.php

@@ -0,0 +1,70 @@
+<?php
+session_start(); ?>
+<!-- F8L Exception Online Bank | Withdraw -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>F8L Exception Online Bank | Withdraw</title>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+	<?php include 'includes/inc_header.php'; ?>
+	<h1>Withdraw -- Under construction</h1><hr />
+</head>
+<body>
+
+<?php
+include 'includes/inc_validateInput.php';
+include 'includes/inc_validateLogin.php';
+
+function displayForm() {
+?>
+	<h3>Enter your User Name and Password.</h3>
+	<?php 
+	global $errorMessage;
+	echo $errorMessage ?>
+	<form method="POST" action="login.php">
+		<p>User Name <input type="text" name="Login" /></p>
+		<p>Password <input type="password" name="Password" /></p>
+		<p><input type="submit" value="Log in" /></p>
+	</form>
+	<br /><br />
+	
+	<?php
+	include 'includes/inc_text_menu.php';
+}
+
+$ShowForm = TRUE;
+$errorCount = 0;
+$errorMessage = "";
+$Login = "";
+$Password = "";	
+
+// if submit button is clicked, get login and pw and validate login
+if (isset($_POST['Login'])) {
+	$Login  = validateInput($_POST['Login'],"User Name");
+	$Password  = validateInput($_POST['Password'],"Password");
+	if ($errorCount == 0)	// validateLogin is slow, so only do that if no errors yet
+		$Login = validateLogin($Login,$Password);
+	if ($errorCount == 0)
+		$ShowForm = FALSE;
+}
+
+if ($errorCount > 0) {		// errors logged
+		displayForm();
+	}
+else {
+	if ($ShowForm == TRUE) {
+		displayForm();		// new page load
+	}
+	else {					// login approved
+		$_SESSION['login'] = $Login;
+		//header("location:my_documents.php");
+		?><script language="JavaScript">window.location = "my_documents.php";</script><?php
+		exit();
+	}
+}
+?>
+
+</body>
+</html>

proj.txt

@@ -4,54 +4,59 @@ Project Title: Online Banking System
 Link to Github: https://github.com/dhurng/cs157AOnlineBanking/edit/master/proj.txt
 
 Database Schema
-1. Users {id, username, password, checkingAmount, savingsAmount}
-   int id: autogenerated id number.
-   String username: Customer's account username.
-   String password: Customer's account password.
-   boolean checkingAmount: yes if customer has a checking account.
-   boolean savingsAmount: yes if customer has a savings account.
+1. User {userId, username, password, loanId, accountId1, accountId2}
+   int userId: autogenerated user id number.
+   String username: Customer's username.
+   String password: Customer's password.
+   int loanId: loan number, if user has a loan.
+   int accountId1: account number for first account
+   int accountId2: account number for second account
    
-2. Transfer {id1, id2, amount, checking, savings}
-   int id1: sender.
-   int id2: recipient.
+2. Transfer {id1, id2, amount}
+   int id1: sender account.
+   int id2: recipient account.
    double amount: amount to transfer.
-   boolean checking: true if amount is coming from checking account.
-   boolean savings: true if amount is coming from savings account.
    
-3. Loan {id, date, overdue, amount, balance}
-   int id: sender.
-   Date date: date of payment.
-   boolean overdue: true if payment is late.
+3. Loan {loanId, userId, amount, paymentDueDate, paymentDate balance}
+   int loanId: loan number.
+   int userId: user who owns this loan.
    double amount: amount to pay.
+   Date paymentDueDate: date payment is due
+   Date paymentDate: date most recent payment was made
    double balance: remaining balance.
    
-4. Checking {id, balance, amount}
-   int id: customer id.
-   double balance: checking balance.
-   double amount: amount to withdraw or deposit.
+4. Account {accountId, userId, balance, interestRate, accountType}
+   int accountId: account number.
+   int userId: user who owns this account.
+   double balance: account balance.
+   double interestRate: interest rate to add to balance.
+   String accountType: account type - savings, checking
    
-5. Savings {id, balance, interestRate, amount}
-   int id: customer id.
-   double balance: savings balance.
-   double interestRage: interest rate to add to balance.
-   double amount: amount to withdraw or deposit.
+5. Transaction {userId, accountId, accountType, date, amount, transactionType, toId}
+   int userId: customer id
+   int accountId: account number or loan number
+   String accountType: checking, savings, loan
+   Date date: date of transaction
+   double amount: transaction amount
+   String transactionType: transaction type - deposit, withdraw, interest, payment
+   int toId: to customer id, for transfers
    
 Functional Requirements
-1. Customer can register to create an account.
-2. Customer can close their account.
-3. Customer can log into their account.
-4. Customer can log out of their account.
+1. Customer can register to create a new user.
+2. Customer can open a new account.
+3. Customer can close their account.
+4. Customer can log into their account.
 5. Customer can change password.
 6. Customer can reset their password.
-7. Customer can check their checking account balance.
-8. Customer can check their savings account balance.
-9. Customer can withdraw from their accounts.
-10. Customer can deposit to their accounts.
+7. Customer can check their checking or savings account balance.
+8. Customer can check their loan balance.
+9. Customer can withdraw from their checking or savings accounts.
+10. Customer can deposit to their checking or savings accounts.
 11. Customer can view their statements from each account (Checking and Savings).
-12. Customer can pay their credit card bill.
+12. Customer can pay their loan payment.
 13. Administrator can reset non-Admin password.
 14. Administrator can view customers who have a zero balance in their checking and/or savings account.
-15. Administrator can view who is a late paying their credit card bill.
+15. Administrator can view who is a late paying their loan payment.
 
 Requirements Functionalities
 //Send Query to Database
@@ -62,47 +67,115 @@ function queryMysql($query){
 	return $result;
 }
 
-// Customer Registration
-function registration ($username, $password, $checkAmount, $savingsAmount){
-	$result = queryMysql("INSERT INTO Users(username, password, checkingAmount, savingsAmount) 
-	                      VALUES ('$username', '$password', '$checkAmount', '$savingsAmount'");	
+// 1. Customer Registers to Create new User 
+function registerUser ($username, $password){
+	$result = queryMysql("INSERT INTO User(username, password) 
+	    VALUES ('$username', '$password'", $link) or die ("Database Error"); 
 }
 
-// Customer Account Cancellation
-function cancelAccount ($username){
-	$result = queryMysql("DELETE FROM Users WHERE username = '$username'");
+//2. Customer opens a New Account
+function registerAccount ($userid, $initialAmount, $accountType){
+	$result = queryMysql("INSERT INTO Account(userId, balance, accountType) 
+	    VALUES ('$userId', '$initialAmount', '$accountType'", $link) or die ("Database Error"); 
+	$result = queryMysql("INSERT INTO Transaction(userId, accountId, accountType, amount, date) 
+		VALUES ('$userId', 'accountId', '$accountType', '$initialAmount', '$today'", $link) or die ("Database Error"); 
+
+// 3. Customer Closes Account 
+function cancelAccount ($userId, $accountId){
+	$result = queryMysql("DELETE FROM Account WHERE userId='$userId' and accountId='$accountId'", $link) 
+		or die ("Database Error"); 
 }
 
-// Customer Log In
+// 4. Customer Logs In
 function userLogIn ($username, $password){
-	$result = queryMysql("SELECT * FROM Users WHERE username='$username' and password='$password'");
+	$result = queryMysql("SELECT * FROM User WHERE username='$username' and password='$password'", $link) or die ("Database Error"); 
 }
 
-// Customer Change Password
+// 5. Customer Changes Password
 function checkPassword($username, $oldPass, $newPass){
-	$result = queryMysql("UPDATE Users SET password = '$newPass' WHERE old.password='$oldPass'");
+	$result = queryMysql("UPDATE User SET password = '$newPass' 
+		WHERE username='$username' and password='$oldPass'", $link) or die ("Database Error"); 
 }
 
-// Reset Customer Password
-function resetPassword ($username) {
+// 6. Reset Customer Password
+function resetPassword ($username, $userId) {
 	$salt1 = "qm&h";
 	$token = hash('f8luser', "$salt1'somePassword'");
-	$result = queryMysql("UPDATE Users SET password='$token'");
+	$result = queryMysql("UPDATE User SET password='$token' 
+		WHERE username='$username' and userId='$userId'", $link) or die ("Database Error"); 
 	return $token;
 }
 
-//Check Checking Account Balance
-function check_CheckingBalance ($checkingsAccount) {
+// 7. Check Checking Account Balance
+function get_CheckingBalance ($username, $accountId) {
 	include 'db_connect.php';
-	$result=mysql_query("SELECT * FROM checkingsAccount ORDER BY account_type", $link) or die ("Database Error");
+	$result=mysql_query("SELECT balance FROM account 
+		WHERE accountType='checking' and username='$username' and accountId='$accountId'", $link) 
+		or die ("Database Error");
 }
 
-//Check Savings Account Balance
-function check_SavingBalance ($savingsAccount) {
+// 8. Check Savings Account Balance
+function check_SavingBalance ($username, $accountId) {
 	include 'db_connect.php';
-	$result=mysql_query("SELECT * FROM savingsAccount ORDER BY account_type", $link) or die ("Database Error");
+	$result=mysql_query("SELECT balance FROM account 
+		WHERE accountType='savings' and username='$username' and accountId='$accountId'", $link) 
+		or die ("Database Error");
 }
 
-//Withdraw from Accounts
-function withdraw ($
-//Deposit into Account
+// 9. Customer can withdraw from their accounts.
+function accountWithdraw($userId, $accountId, $accountType, $amount) {
+	include 'db_connect.php';
+	$result=mysql_query("UPDATE Account SET balance=balance-'$amount' 
+		WHERE userId='$userId' and accountId='$accountId'", $link) or die ("Database Error"); 
+	$result = queryMysql("INSERT INTO Transaction(userId, accountId, accountType, amount, date) 
+	    VALUES ('$userId', 'accountId', '$accountType', '$amount', '$today'", $link) 
+		or die ("Database Error"); 
+}
+
+// 10. Customer can deposit to their accounts.
+function accountDeposit($userId, $accountId, $accountType, $amount) {
+	include 'db_connect.php';
+	$result=mysql_query("UPDATE Account SET balance=balance+'$amount' 
+		WHERE userId='$userId' and accountId='$accountId'", $link) or die ("Database Error"); 
+	$result = queryMysql("INSERT INTO Transaction(userId, accountId, accountType, amount, date) 
+	    VALUES ('$userId', 'accountId', '$accountType', '$amount', '$today'", $link) 
+		or die ("Database Error"); 
+}
+
+// 11. Customer can view their statements from each account (Checking and Savings).
+function viewStatement($userId) {
+	include 'db_connect.php';
+	$result=mysql_query("SELECT accountType, date, transactionType, amount 
+		FROM Transaction GROUP BY accountType 
+		HAVING userId='$userId' ORDER BY date", $link) or die ("Database Error"); 
+}
+		
+// 12. Customer can pay their loan payment.
+function loanPayment($userId, $loanId, $amount) {
+	include 'db_connect.php';
+	$result=mysql_query("UPDATE Loan SET balance=balance-'$amount', paymentDate='$today' 
+		WHERE userId='$userId' and loanId='$loanId'", $link) or die ("Database Error"); 
+	$result = queryMysql("INSERT INTO Transaction(userId, loanId, accountType, amount) 
+	    VALUES ('$userId', 'loanId', 'loan', '$amount'", $link) or die ("Database Error");
+}
+
+// 13. Administrator can reset non-Admin password.
+function adminResetUserPassword ($userId, $newPassword) {
+	include 'db_connect.php';
+	$result = queryMysql("UPDATE User SET password='$newPassword' WHERE userId='$userId'", $link) 
+		or die ("Database Error"); 
+}
+
+// 14. Administrator can view customers who have a zero balance in their checking and/or savings account.
+function adminGetPoorUsers() {
+	include 'db_connect.php';
+	$result = queryMysql("SELECT userId FROM User WHERE balance<=0", $link) 
+		or die ("Database Error"); 
+}
+
+// 15. Administrator can view who is late paying their loan payment.
+function adminGetUsersOfOverdueLoans() {
+	include 'db_connect.php';
+	$result=mysql_query("SELECT userId FROM User 
+	WHERE userId IN (SELECT userId FROM Loan 
+	WHERE paymentDueDate<paymentDate", $link) or die ("Database Error");