1. Instructions

Students are asked to work individually or in pairs for this assignment and are encouraged to seek help from classmates and teaching staff.

Students must make sure that their homepage available from this url:
titan.csit.rmit.edu.au/~s1234567/wp/a4/index.php

Where is 1234567 is your student id and titan can also be jupiter or saturn .

All media (images, video etc) must be located in the media folder and not the wp folder.

An official submission must be made by 11.59pm Friday Week 12 via Canvas.

Please zip up your wp folder and rename it with your student id(s), ie wp-s1234567.zip or wp-s1234567-s1234568.zip (groups)

This submission will be used for plagiarism testing and as a reference should problems arise.

If all these things are not done, you may receive zero marks.

Groups can submit notices to this form: https://forms.gle/GEUZccgbokmYpe4E8

Please Note: Keep the wireframe.css file and functionality unmodified, it is a helpful and important part of your development and our marking processes.

Please Note: If there are issues with your assignment that you need to fix before marking can take place, we will assign a temporary mark of 0.1. Don't panic, it's a temporary mark which will be updated once you are ready for marking.

2. Overview, Set Up and Modules

The client "Lunardo" is happy with your work (or happy with your price :-P ) and wants you to continue developing the website, implementing server side programming functionality.

As part of the development process, the client wants you to have a debug module visible at the bottom of the page (ie under the footer) so that the inner workings of the page are visible when testing: request data $_GET  and $_POST must be visible, what is in the $_SESSION (ie the shopping cart) and your page code.

A file called tools.php is already present in your a4 folder and was created to house ALL PHP functions in one place and included near the top of your file. This file should have session_start() near the top so that your page has access to the session object. NB If you are an advanced student and using classes or other advanced PHP techniques, you may use more than one external file.

Movie data may be loaded from a spreadsheet using the fgetcsv() function, but this is an advanced task for interested students only.

As much as possible, initialising and processing variables should be in organised structures rather than as disparate ad-hoc variables. You should also organise processing and validating code into functions so that the index and receipt pages are not cluttered with initialising and processing code.

2.1 Helpful functions to put in tools.php

Instructions when using code examples in a debug module and/or when debugging in general:

● The blue code is "function declaration code" to put in tools.php.

● The purple code is "function calling code" to put into index.php or receipt.php, or elsewhere in tools.php, ie where you want the return or output of the function.

1) "preShow()" function prints data and shape/structure of data, by default it can echo a string but can return a string if a boolean is passed as a second variable:
function preShow( $arr, $returnAsString=false ) {
$ret = '<pre>' . print_r($arr, true) . '</pre>';
if ($returnAsString)
return $ret;
else 
echo $ret; 
}
1.1) Usage examples:

preShow($_POST); // ie echo the $_POST array

$session = preShow($_SESSION, true); // ie return $_SESSION as a string

2) Output your current file's source code:
function printMyCode() {
$lines = file($_SERVER['SCRIPT_FILENAME']);
echo "<pre id='mycode'><ol>";
foreach ($lines as $line)
echo '<li>'.rtrim(htmlentities($line)).'</li>';
echo '</ol></pre>';
}
2.1) Usage examples:
printMyCode(); // prints all lines of code in this file with line numbers
3) A "php multiple dimensional array to javascript object" function
function php2js( $arr, $arrName ) {
echo "<script>\n";
echo "/* Generated with A4's php2js() function */";
echo " var $arrName = ".json_encode($arr, JSON_PRETTY_PRINT);
echo "</script>\n\n";
}
3.1) Usage examples:
$pricesArrayPHP = [ ... ];
php2js($pricesArrayPHP, 'pricesArrayJS'); // ie echos javascript version
4) A 'reset the session' submit button
if (isset($_POST['session-reset'])) {
foreach($_SESSION as $something => &$whatever) {
unset($whatever);
}
}
4.1) Usage examples:
<form ... >
... 
<input type='submit' name='session-reset' value='Reset the session' >
...
</form>

3. Booking Form Processing

In assignment 3 you were asked to submit form data to a testing processing script. Now you must submit data to your processing script which will either be located at the top of index.php (easier option) or in a separate processing script (more challenging option). Guiding flow charts for the easier option can be found in the next section.

All form data must be validated server side for two reasons:

1. Not all honest customers have javascript enabled so there must be a server side fall back.

2. Dishonest users will turn javascript off, then try and hack your website, placing mal-formed bookings in your tab delimited spreadsheet for fun or for malicious reasons.

Make sure that all inputs (movie, seats and customer fields) are checked server side using PHP functions.
You should:

1. Reject any orders without a valid movieID, OR book them in to see Frozen II :-P

2. Ignore any seats that fall outside the range 1 - 9 (eg 0, -3, 13, "ELEVENTY")

3. Prefill any text based fields with posted input (sanitised versions are ok) and place the error message next to the field in error.

You do not need to place errors next to the hidden movie fields or the seat drop down fields; if these values are invalid it is due to a hacker modifying your form's HTML. If you like you can place a message "Stop hacking our website!" if this happens.

Only when all the data is validated should order information be placed into the SESSION and an order be written to your tab delimited bookings spreadsheet.

4. Booking Process Flowchart

4.1 Screening Booking

This is a recommended flowchart for the screening booking process.

POST data is processed by index.php and added to SESSION only if all the posted data is valid.

If users attempt to navigate to receipt.php, they should be re-directed to index.php.

Update: To get you started with adding data to the session, use this code:
$_SESSION = $_POST;

5. Receipt Page and Tickets

5.1 Tax Invoice (Receipt)

Once a booking has been written to your tab delimited spreadsheet, a tax invoice (ie a receipt) for the customer should be generated so that when in print view, the page is styled to be different and fits on an A4 page(s).

This page can either be a different page (ie receipt.php) or a part of the single page application (ie index.php). It should be on company letterhead with a dummy ABN number: 00 123 456 789

PLEASE NOTE: If making the receipt and tickets component of the webpage part of the index page, when you press print, only the receipt and tickets should be visible in print view, the rest of the web page should not be visible.

The customer details should be separate to the movie(s), day and hour, and seat details; and the seat details should be in a table or grid element along with the total price.

Prices are GST inclusive, the receipt should show the total and GST component (ie 1 / 11 of the total price).

5.2 Ticket(s)

Further, tickets for each film should be generated so that the customer can print either:

● a group/shared ticket (ie one for all seat holders in the booking that shows quantity of each seat) OR

● individual tickets for each seat holder (eg 3 first class adult tickets if 3 first class adult tickets have been purchased).

The generation of individual tickets is a more complex task and is worth more marks.

Marks Allocation

15 marks or 15% of your final grade

Setup, Modules, Programming Structure (5 marks)

Your GitHub or BitBucket wp repository is up to date with regular A4 related commits, your commit messages are sensible, reflects the work you completed at each step.

Tools.php contains functions, structured (multidimensional) associative array(s) for use in index.php and receipt.php, programming clutter is reduced as a result.

A debug module shows POST & SESSION data, code output in index and receipt pages

Booking form fieldsets and clickable labels are present with placeholder text where applicable.

All POST validation in index page and SESSION validation in receipt page occurs before any HTML is outputted, receipt page redirects to index page if SESSION is empty.

Booking Form Data Processing (5 marks)

Customer fields are re-checked serverside using regexes and/or other appropriate validation functions.

Movie and seat fields are checked serverside using regexes and/or other appropriate validation functions.

Both honest and dishonest users are kept on the index page until all form data is valid.

Rejected POST values for seats and customers are placed in original input field, error messages are placed next to invalid customer fields server side, styled appropriately.

Validated bookings are added to the session and appended to bookings tab delimited spreadsheet using fputcsv(), no invalid data is inserted into the session or written to file.

Receipt and Tickets Page (5 marks)

Invoice section is styled differently so that it fits on A4 letterhead; business and customer information is present, order breakdown is clear.

Total price and GST component calculated correctly server side, prices are shown to 2 decimal places with $ in front.

Design and quality of receipt page is high, is functional, looks very professional; information is laid out in logical organised sections and in grid like structures.

A single (group) ticket shows all seat types & quantities, screening & seating information; design and quality of tickets is high, is functional, looks very professional; this is separate from the invoice.

Instead of a single group ticket, individual tickets for each person / seat are generated.

Total: 15 marks (or 15% of your final grade)