martinomensio / dp1_website_june2016 Goto Github PK

what is the meaning of "The user shall be able to remove her reservation from the site, but not before that 1 minute has elapsed since the reservation start time"?

if not necessary, for strings use single quotation marks instead of double

after each header call, die to stop php processing

HTML5 input type password allows emails like "a@b", while php filter_var with FILTER_VALIDATE_EMAIL does not

check in php the user id of the reservation, don't trust the client

remove machine reservations from titles

no javascript -> show warning
no cookies -> block user

how to block user that has no cookies and no javascript?

requirements say:
In any page of the site, even without authentication, anyone shall be able to see the current state of all reservations

probably have to do a try when creating the connection with DB

Read the text again and decide if represent as (starting_time, duration) or (starting_time, ending_time).
Also decide if times are represented by (hours, minutes) or if exists a better mySql type for that

the server should not respond, instead of showing a blank page

all the pages (including the destinations of forms) must check the authentication, because user can remain some minutes completing a form, and when submits a request to one of those pages i must reject it

check input both on client side and on server side

on small screens, the topbar must not scroll

if yesterday I registered at 17:00, and today i try to delete this reservation at 12:00, the time of the reservation is in the future, and therefore a minute has not elapsed yet. Maybe representing the registration time by taking into account the day?

lower the "security"

the authentication checking by redirecting may have some problems?
please look at HTTP authentication with PHP.

if a user already logged in, on login page I should redirect him to homepage

from a generic source page

• If the cookies are not there (cookie count), set a test cookie and go to the verification page with a POST parameter that says from which source page the user is coming
• If there are cookies do nothing (terminal condition when the loop succeeds)

The test_cookie page should be reached only with cookies set. So there I can distinguish if they are enabled or not.

• If they are enabled, go to the previous page, that will know that cookies are enabled because it will look at the cookies count.
• If they are disabled, go to a third page (with a GET parameter propagating the source page) GET because the user can reload freely this page.

The third page works in the opposite way of the source page:

• If there are some cookies, go to the page specified by the GET parameter
• If there are no cookies, print a blocking error
  blocking error contains a button to check again (that goes to the source page to do another loop)

From source page:
Cookies disabled: source page --> test page --> third page&src --> STOP
Cookies enabled and present: source page --> STOP
Cookies enabled but not present: source page --> test page --> source page&src --> STOP

From third page:
Cookies disabled: third page&src --> CLICK reload --> source page --> test page --> third page&src --> STOP
Cookies enabled and present: third page&src --> source page --> STOP
Cookies enabled but not present: third page&src --> CLICK reload --> source page --> test page --> source page --> STOP

Test page should not be navigated directly by user. Must check if POST argument is present. If advanced user cheats by requesting this page with POST parameter, the test will say "cookies disabled" also if the user has enabled cookies but has not the test cookie

they don't work