├── .gitignore ├── .github ├── CODEOWNERS ├── PULL_REQUEST_TEMPLATE.md ├── workflows │ └── main.yml └── ISSUE_TEMPLATE.md ├── globe_bank ├── public │ ├── images │ │ └── gbi_logo.png │ ├── staff │ │ ├── logout.php │ │ ├── index.php │ │ ├── admins │ │ │ ├── delete.php │ │ │ ├── show.php │ │ │ ├── index.php │ │ │ ├── edit.php │ │ │ └── new.php │ │ └── login.php │ ├── index.php │ └── stylesheets │ │ ├── staff.css │ │ └── public.css ├── private │ ├── db_credentials.php │ ├── shared │ │ ├── staff_footer.php │ │ ├── public_navigation.php │ │ ├── public_header.php │ │ ├── public_footer.php │ │ ├── staff_header.php │ │ └── static_homepage.php │ ├── database.php │ ├── initialize.php │ ├── functions.php │ ├── auth_functions.php │ ├── validation_functions.php │ └── query_functions.php └── database │ └── create_table_admins.sql ├── CONTRIBUTING.md ├── NOTICE ├── README.md └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | node_modules 3 | .tmp 4 | npm-debug.log 5 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Codeowners for these exercise files: 2 | # * (asterisk) deotes "all files and folders" 3 | # Example: * @producer @instructor 4 | -------------------------------------------------------------------------------- /globe_bank/public/images/gbi_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LinkedInLearning/php-user-authentication-2892138/HEAD/globe_bank/public/images/gbi_logo.png -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /globe_bank/public/staff/logout.php: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /globe_bank/private/db_credentials.php: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /globe_bank/private/shared/staff_footer.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 11 | -------------------------------------------------------------------------------- /globe_bank/private/shared/public_navigation.php: -------------------------------------------------------------------------------- 1 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | name: Copy To Branches 2 | on: 3 | workflow_dispatch: 4 | jobs: 5 | copy-to-branches: 6 | runs-on: ubuntu-latest 7 | steps: 8 | - uses: actions/checkout@v2 9 | with: 10 | fetch-depth: 0 11 | - name: Copy To Branches Action 12 | uses: planetoftheweb/copy-to-branches@v1 13 | -------------------------------------------------------------------------------- /globe_bank/public/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 |
10 | 14 |
15 | 16 |
17 | 18 | 19 | -------------------------------------------------------------------------------- /globe_bank/public/staff/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 |
7 | 13 | 14 |
15 | 16 | 17 | -------------------------------------------------------------------------------- /globe_bank/database/create_table_admins.sql: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Start by creating a database and giving a MySQL user privileges to use it. 4 | 5 | CREATE DATABASE globe_bank; 6 | 7 | GRANT ALL PRIVILEGES ON globe_bank.* TO 'php_user'@'localhost'; 8 | FLUSH PRIVILEGES; 9 | 10 | USE globe_bank; 11 | 12 | */ 13 | 14 | CREATE TABLE admins ( 15 | id INT(11) NOT NULL AUTO_INCREMENT, 16 | first_name VARCHAR(255), 17 | last_name VARCHAR(255), 18 | username VARCHAR(255), 19 | email VARCHAR(255), 20 | hashed_password VARCHAR(255), 21 | PRIMARY KEY (`id`) 22 | ); 23 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | Contribution Agreement 3 | ====================== 4 | 5 | This repository does not accept pull requests (PRs). All pull requests will be closed. 6 | 7 | However, if any contributions (through pull requests, issues, feedback or otherwise) are provided, as a contributor, you represent that the code you submit is your original work or that of your employer (in which case you represent you have the right to bind your employer). By submitting code (or otherwise providing feedback), you (and, if applicable, your employer) are licensing the submitted code (and/or feedback) to LinkedIn and the open source community subject to the BSD 2-Clause license. 8 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2021 LinkedIn Corporation 2 | All Rights Reserved. 3 | 4 | Licensed under the LinkedIn Learning Exercise File License (the "License"). 5 | See LICENSE in the project root for license information. 6 | 7 | Please note, this project may automatically load third party code from external 8 | repositories (for example, NPM modules, Composer packages, or other dependencies). 9 | If so, such third party code may be subject to other license terms than as set 10 | forth above. In addition, such third party code may also depend on and load 11 | multiple tiers of dependencies. Please review the applicable licenses of the 12 | additional dependencies. 13 | -------------------------------------------------------------------------------- /globe_bank/private/shared/public_header.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Globe Bank <?php if(isset($page_title)) { echo '- ' . h($page_title); } ?><?php if(isset($preview) && $preview) { echo ' [PREVIEW]'; } ?> 6 | 7 | 8 | 9 | 10 | 11 | 12 |
13 |

14 | 15 | 16 | 17 |

18 |
19 | -------------------------------------------------------------------------------- /globe_bank/private/shared/public_footer.php: -------------------------------------------------------------------------------- 1 | 4 | 5 |

This is a fictitious company created by LinkedIn Corporation, or its affiliates, solely for the creation and development of educational training materials. Any resemblance to real products or services is purely coincidental. Information provided about the products or services is also fictitious and should not be construed as representative of actual products or services on the market in a similar product or service category.

6 | 7 | 8 | 9 | 10 | 13 | -------------------------------------------------------------------------------- /globe_bank/private/shared/staff_header.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | 9 | 10 | GBI - <?php echo h($page_title); ?> 11 | 12 | 13 | 14 | 15 | 16 |
17 |

GBI Staff Area

18 |
19 | 20 | 21 | 22 | 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /globe_bank/private/database.php: -------------------------------------------------------------------------------- 1 | 37 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 7 | 8 | ## Issue Overview 9 | 10 | 11 | ## Describe your environment 12 | 13 | 14 | ## Steps to Reproduce 15 | 16 | 1. 17 | 2. 18 | 3. 19 | 4. 20 | 21 | ## Expected Behavior 22 | 23 | 24 | ## Current Behavior 25 | 26 | 27 | ## Possible Solution 28 | 29 | 30 | ## Screenshots / Video 31 | 32 | 33 | ## Related Issues 34 | 35 | -------------------------------------------------------------------------------- /globe_bank/public/staff/admins/delete.php: -------------------------------------------------------------------------------- 1 | 21 | 22 | 23 | 24 | 25 |
26 | 27 | « Back to List 28 | 29 |
30 |

Delete Admin

31 |

Are you sure you want to delete this admin?

32 |

33 | 34 |
35 |
36 | 37 |
38 |
39 |
40 | 41 |
42 | 43 | 44 | -------------------------------------------------------------------------------- /globe_bank/private/initialize.php: -------------------------------------------------------------------------------- 1 | 35 | -------------------------------------------------------------------------------- /globe_bank/public/staff/admins/show.php: -------------------------------------------------------------------------------- 1 | 7.0 8 | $admin = find_admin_by_id($id); 9 | 10 | ?> 11 | 12 | 13 | 14 | 15 |
16 | 17 | « Back to List 18 | 19 |
20 | 21 |

Admin:

22 | 23 |
24 | Edit 25 | Delete 26 |
27 | 28 |
29 |
30 |
First name
31 |
32 |
33 |
34 |
Last name
35 |
36 |
37 |
38 |
Email
39 |
40 |
41 |
42 |
Username
43 |
44 |
45 |
46 |
47 | 48 |
49 | 50 |
51 | -------------------------------------------------------------------------------- /globe_bank/private/shared/static_homepage.php: -------------------------------------------------------------------------------- 1 |
2 | 3 |
4 | 5 |
6 | 7 |

At Globe Bank, we have the products and customer service to back up our "worldly" claims. Give us a try, and you'll see we stand by our values and our customers.

8 | 9 |
10 |
11 | Family in front of sold home 12 |

Buying a home?

13 |

There's no place like home, and there's no home loan like Globe's.

14 |

Learn More...

15 |
16 | 17 |
18 | Father and daughter discussing finances 19 |

Saving for a rainy day?

20 |

Let our financial experts help you commit to a savings plan and schedule that works for you.

21 |

Learn More...

22 |
23 | 24 |
25 | Small business owner 26 |

Starting a business?

27 |

From small business loans to merchant accounts, our service are designed to help your small business thrive.

28 |

Learn More...

29 |
30 |
31 | 32 |
33 | -------------------------------------------------------------------------------- /globe_bank/public/staff/admins/index.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |

Admins

17 | 18 |
19 | Create New Admin 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 |
IDFirstLastEmailUsername   
ViewEditDelete
47 | 48 | 51 |
52 | 53 |
54 | 55 | 56 | -------------------------------------------------------------------------------- /globe_bank/public/staff/login.php: -------------------------------------------------------------------------------- 1 | 47 | 48 | 49 | 50 | 51 |
52 |

Log in

53 | 54 | 55 | 56 |
57 | Username:
58 |
59 | Password:
60 |
61 | 62 |
63 | 64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /globe_bank/private/functions.php: -------------------------------------------------------------------------------- 1 | "; 50 | $output .= "Please fix the following errors:"; 51 | $output .= ""; 56 | $output .= ""; 57 | } 58 | return $output; 59 | } 60 | 61 | function get_and_clear_session_message() { 62 | if(isset($_SESSION['message']) && $_SESSION['message'] != '') { 63 | $msg = $_SESSION['message']; 64 | unset($_SESSION['message']); 65 | return $msg; 66 | } 67 | } 68 | 69 | function display_session_message() { 70 | $msg = get_and_clear_session_message(); 71 | if(!is_blank($msg)) { 72 | return '
' . h($msg) . '
'; 73 | } 74 | } 75 | 76 | ?> 77 | -------------------------------------------------------------------------------- /globe_bank/public/stylesheets/staff.css: -------------------------------------------------------------------------------- 1 | html { 2 | height: 100%; 3 | width: 100%; 4 | } 5 | 6 | body { 7 | height: 980px; 8 | width: 100%; 9 | margin: 0; 10 | padding: 0; 11 | } 12 | 13 | header { 14 | width: 980px; 15 | height: 40px; 16 | margin: 0 0 10px 0; 17 | padding: 0; 18 | background: #0055DD; 19 | color: white; 20 | } 21 | 22 | header h1 { 23 | margin: 0; 24 | padding: 5px; 25 | font-size: 20px; 26 | font-family: Verdana, Arial, Helvetica, sans-serif; 27 | text-align: center; 28 | } 29 | 30 | navigation { 31 | width: 980px; 32 | margin: 0; 33 | padding: 0; 34 | text-align: center; 35 | } 36 | 37 | navigation ul { 38 | width: 980px; 39 | list-style: none; 40 | padding: 0; 41 | margin: 0; 42 | } 43 | 44 | navigation ul li { 45 | display: inline; 46 | margin-right: 1em; 47 | } 48 | 49 | #content { 50 | width: 920px; 51 | min-height: 500px; 52 | padding: 0 30px; 53 | } 54 | 55 | footer { 56 | width: 940px; 57 | height: 20px; 58 | margin: 0 0 10px 0; 59 | padding: 10px 20px; 60 | background: #0055DD; 61 | color: white; 62 | } 63 | 64 | /* Actions */ 65 | 66 | .actions { 67 | margin-bottom: 1em; 68 | } 69 | 70 | 71 | /* Lists */ 72 | 73 | table { 74 | border-collapse: collapse; 75 | vertical-align: top; 76 | } 77 | 78 | table.list { 79 | width: 100%; 80 | } 81 | 82 | table.list tr td { 83 | border: 1px solid #999999; 84 | } 85 | 86 | table.list tr th { 87 | border: 1px solid #0055DD; 88 | background: #0055DD; 89 | color: white; 90 | text-align: left; 91 | } 92 | 93 | /* Forms */ 94 | 95 | dl { 96 | clear: both; 97 | overflow: hidden; 98 | margin: 0.5em 0; 99 | } 100 | 101 | dt { 102 | float: left; 103 | font-weight: bold; 104 | width: 125px; 105 | } 106 | 107 | dd { 108 | float: left; 109 | margin-left: 1em; 110 | } 111 | 112 | #operations { 113 | clear: both; 114 | margin: 1em 0 1em 75px; 115 | } 116 | 117 | /* Errors */ 118 | 119 | .errors { 120 | display: inline-block; 121 | border: 2px solid red; 122 | color: red; 123 | padding: 1em; 124 | margin-bottom: 1em; 125 | } 126 | 127 | .errors ul { 128 | margin-bottom: 0; 129 | padding-left: 1em; 130 | } 131 | 132 | /* Session Messages */ 133 | 134 | #message { 135 | color: #0055DD; 136 | background: white; 137 | border: 2px solid #0055DD; 138 | padding: 1em 15px; 139 | margin: 1em 30px; 140 | width: 890px; 141 | } 142 | -------------------------------------------------------------------------------- /globe_bank/private/auth_functions.php: -------------------------------------------------------------------------------- 1 | = time(); 28 | } 29 | 30 | // Returns true if login expiration time is still greater than the current time 31 | function login_is_still_valid() { 32 | if (!isset($_SESSION['login_expires'])) { return false; } 33 | return $_SESSION['login_expires'] >= time(); 34 | } 35 | 36 | // is_logged_in() contains all the logic for determining if a 37 | // request should be considered a "logged in" request or not. 38 | // It is the core of require_login() but it can also be called 39 | // on its own in other contexts (e.g. display one link if an admin 40 | // is logged in and display another link if they are not) 41 | function is_logged_in() { 42 | // Having a admin_id in the session serves a dual-purpose: 43 | // - Its presence indicates the admin is logged in. 44 | // - Its value tells which admin for looking up their record. 45 | return isset($_SESSION['admin_id']) && login_is_still_valid(); 46 | } 47 | 48 | // Returns true if a page is in the allow-list and is 49 | // exempt from user authentication 50 | function page_exempt_from_auth() { 51 | $no_auth_pages = [ 52 | '/staff/login.php' 53 | ]; 54 | $current_page = str_replace(WWW_ROOT, '', $_SERVER['SCRIPT_NAME']); 55 | // If it is in the array, it is not restricted 56 | return in_array($current_page, $no_auth_pages); 57 | } 58 | 59 | // Call require_login() at the top of any page which needs to 60 | // require a valid login before granting access to the page. 61 | function require_login() { 62 | if(!is_logged_in() && !page_exempt_from_auth()) { 63 | redirect_to(url_for('/staff/login.php')); 64 | } else { 65 | // Do nothing, let the rest of the page proceed. 66 | } 67 | 68 | } 69 | 70 | ?> 71 | -------------------------------------------------------------------------------- /globe_bank/public/staff/admins/edit.php: -------------------------------------------------------------------------------- 1 | 34 | 35 | 36 | 37 | 38 |
39 | 40 | « Back to List 41 | 42 |
43 |

Edit Admin

44 | 45 | 46 | 47 |
48 |
49 |
First name
50 |
51 |
52 | 53 |
54 |
Last name
55 |
56 |
57 | 58 |
59 |
Username
60 |
61 |
62 | 63 |
64 |
Email
65 |

66 |
67 | 68 |

Passwords should be at least 12 characters and include at least one uppercase letter, lowercase letter, number, and symbol.

69 | 70 |
71 |
Password
72 |
73 |
74 | 75 |
76 |
Confirm Password
77 |
78 |
79 |
80 | 81 |
82 | 83 |
84 |
85 | 86 |
87 | 88 |
89 | 90 | 91 | -------------------------------------------------------------------------------- /globe_bank/public/staff/admins/new.php: -------------------------------------------------------------------------------- 1 | 37 | 38 | 39 | 40 | 41 |
42 | 43 | « Back to List 44 | 45 |
46 |

Create Admin

47 | 48 | 49 | 50 |
51 |
52 |
First name
53 |
54 |
55 | 56 |
57 |
Last name
58 |
59 |
60 | 61 |
62 |
Username
63 |
64 |
65 | 66 |
67 |
Email
68 |

69 |
70 | 71 |

Passwords should be at least 12 characters and include at least one uppercase letter, lowercase letter, number, and symbol.

72 | 73 |
74 |
Password
75 |
76 |
77 | 78 |
79 |
Confirm Password
80 |
81 |
82 |
83 | 84 |
85 | 86 |
87 |
88 | 89 |
90 | 91 |
92 | 93 | 94 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PHP: User Authentication 2 | This is the repository for the LinkedIn Learning course PHP: User Authentication. The full course is available from [LinkedIn Learning][lil-course-url]. 3 | 4 | ![PHP: User Authentication][lil-thumbnail-url] 5 | 6 | Do you need to know how to apply best practices for user authentication in PHP? This course walks you through a series of best practices that you can apply to your own PHP projects to avoid costly security pitfalls. Instructor Kevin Skoglund gives you an overview of user authentication in PHP, then dives into how you can implement it. He steps through creating the database table, adding new users, logging users in and out, and controlling access to pages and functions. Kevin shows you how to work with strong passwords, prevent weak ones, and reset forgotten ones. He shows you how to secure user authentication by preventing insecure direct object references (IDOR), using HTTPS, protecting access tokens, and keeping track of logins. Kevin concludes with a challenge/solution set exploring how to write PHP code that expires a user login after a set amount of time has passed. 7 | 8 | ## Instructions 9 | This repository has branches for each of the videos in the course. You can use the branch pop up menu in github to switch to a specific branch and take a look at the course at that stage, or you can add `/tree/BRANCH_NAME` to the URL to go to the branch you want to access. 10 | 11 | ## Branches 12 | The branches are structured to correspond to the videos in the course. The naming convention is `CHAPTER#_MOVIE#`. As an example, the branch named `02_03` corresponds to the second chapter and the third video in that chapter. 13 | Some branches will have a beginning and an end state. These are marked with the letters `b` for "beginning" and `e` for "end". The `b` branch contains the code as it is at the beginning of the movie. The `e` branch contains the code as it is at the end of the movie. The `main` branch holds the final state of the code when in the course. 14 | 15 | When switching from one exercise files branch to the next after making changes to the files, you may get a message like this: 16 | 17 | error: Your local changes to the following files would be overwritten by checkout: [files] 18 | Please commit your changes or stash them before you switch branches. 19 | Aborting 20 | 21 | To resolve this issue: 22 | 23 | Add changes to git using this command: git add . 24 | Commit changes using this command: git commit -m "some message" 25 | 26 | ## Installing 27 | 1. To use these exercise files, you must have the following installed: 28 | - Web server, such as Apache or Nginx 29 | - PHP 30 | - MySQL 31 | - Code editor 32 | - Web browser 33 | 2. Clone this repository into your local machine using the terminal (Mac), CMD (Windows), or a GUI tool like SourceTree. 34 | 35 | 36 | ### Instructor 37 | 38 | Kevin Skoglund 39 | 40 | Check out my other courses on [LinkedIn Learning](https://www.linkedin.com/learning/instructors/kevin-skoglund). 41 | 42 | [lil-course-url]: https://www.linkedin.com/learning/php-user-authentication 43 | [lil-thumbnail-url]: https://cdn.lynda.com/course/2892138/2892138-1630601158628-16x9.jpg 44 | 45 | -------------------------------------------------------------------------------- /globe_bank/public/stylesheets/public.css: -------------------------------------------------------------------------------- 1 | /* Site Colors: 2 | #e03e52 - pink 3 | #c8ced2 - grey 4 | #f07b27 - orange 5 | #786758 - brown 6 | */ 7 | 8 | html { 9 | height: 100%; 10 | width: 100%; 11 | } 12 | 13 | body { 14 | width: 1100px; 15 | height: 100%; 16 | margin: auto; 17 | border: 0; 18 | font-family: Verdana, Arial, Helvetica, sans-serif; 19 | font-size: 13px; 20 | line-height: 15px; 21 | background: #c8ced2; 22 | } 23 | 24 | header { 25 | height: 140px; 26 | width: 1100px; 27 | margin: 0; 28 | padding: 0; 29 | text-align: left; 30 | background: #e03e52; 31 | color: #FFFFFF; 32 | } 33 | 34 | header h1 { 35 | padding: 1em; 36 | margin: 0; 37 | } 38 | 39 | #main { 40 | width: 1100px; 41 | height: 100%; 42 | min-height: 800px; 43 | margin: 0; 44 | padding: 0; 45 | background: #c8ced2; 46 | } 47 | 48 | footer { 49 | clear: both; 50 | height: 3em; 51 | margin: 0; 52 | padding: 1em; 53 | text-align: center; 54 | background: #e03e52; 55 | color: #FFFFFF; 56 | } 57 | 58 | 59 | /* Navigation */ 60 | 61 | navigation { 62 | float: left; 63 | width: 200px; 64 | height: 100%; 65 | background: #7a6855; 66 | } 67 | 68 | navigation a { 69 | color: #FFFFFF; 70 | text-decoration: none; 71 | } 72 | 73 | navigation a:hover { 74 | color: #e03e52; 75 | text-decoration: underline; 76 | } 77 | 78 | a { 79 | color: #E03E52; 80 | text-decoration: none 81 | } 82 | 83 | a:hover { 84 | text-decoration: underline 85 | } 86 | 87 | ul.subjects { 88 | margin-top: 20px; 89 | margin-left: 20px; 90 | padding: 0; 91 | list-style: none; 92 | } 93 | 94 | ul.subjects > li { 95 | margin-bottom: 1em; 96 | } 97 | 98 | ul.pages { 99 | margin-left: 15px; 100 | padding: 0; 101 | list-style: none; 102 | font-weight: normal; 103 | } 104 | 105 | .selected > a { 106 | color: #f07b27; 107 | font-style: normal; 108 | } 109 | 110 | navigation li { 111 | font-size: 16px; 112 | line-height: 1.5em; 113 | } 114 | 115 | 116 | /* Page Content */ 117 | 118 | #hero-image { 119 | float: left; 120 | margin-bottom: 40px; 121 | padding: 0; 122 | height: 200px; 123 | width: 900px; 124 | } 125 | 126 | #page { 127 | float: right; 128 | width: 900px; 129 | height: 100%; 130 | padding-left: 0; 131 | vertical-align: top; 132 | background: #ffffff; 133 | } 134 | 135 | #page h1 { 136 | font-size: 16px; 137 | color: #000000; 138 | line-height: normal; 139 | } 140 | 141 | #page h2 { 142 | font-size: 14px; 143 | color: #000000; 144 | line-height: normal; 145 | } 146 | 147 | #page p { 148 | font-family: "Gill Sans", "Gill Sans MT", "Myriad Pro", "DejaVu Sans Condensed", Helvetica, Arial, "sans-serif" font-size: 12px; 149 | color: #000000; 150 | padding: 0px; 151 | line-height: normal; 152 | } 153 | 154 | #page h3 { 155 | font-size: 14px; 156 | color: #e03e52; 157 | } 158 | 159 | #content { 160 | margin-top: 0px; 161 | margin-left: 10px; 162 | margin-right: 10px; 163 | } 164 | 165 | #content p { 166 | font-size: 16px; 167 | line-height: normal; 168 | } 169 | 170 | #content li { 171 | padding: 5px; 172 | font-size: 16px; 173 | } 174 | 175 | #disclaimer { 176 | margin-left: 10px; 177 | font-size: 14px; 178 | line-height: normal; 179 | clear: both; 180 | padding: 1em; 181 | } 182 | 183 | /* Service blocks on homepage */ 184 | 185 | #service-blocks { 186 | margin-top: 50px; 187 | } 188 | 189 | #service-blocks .service { 190 | float: left; 191 | width: 250px; 192 | margin-right: 40px; 193 | } 194 | 195 | /* Learn More links */ 196 | 197 | a.learnmore { 198 | color: #E03E52; 199 | font-size: 14px; 200 | font-weight: bold; 201 | text-decoration: none 202 | } 203 | 204 | a.learnmore:hover { 205 | text-decoration: underline 206 | } 207 | -------------------------------------------------------------------------------- /globe_bank/private/validation_functions.php: -------------------------------------------------------------------------------- 1 | $min; 27 | } 28 | 29 | // has_length_less_than('abcd', 5) 30 | // * validate string length 31 | // * spaces count towards length 32 | // * use trim() if spaces should not count 33 | function has_length_less_than($value, $max) { 34 | $length = strlen($value); 35 | return $length < $max; 36 | } 37 | 38 | // has_length_exactly('abcd', 4) 39 | // * validate string length 40 | // * spaces count towards length 41 | // * use trim() if spaces should not count 42 | function has_length_exactly($value, $exact) { 43 | $length = strlen($value); 44 | return $length == $exact; 45 | } 46 | 47 | // has_length('abcd', ['min' => 3, 'max' => 5]) 48 | // * validate string length 49 | // * combines functions_greater_than, _less_than, _exactly 50 | // * spaces count towards length 51 | // * use trim() if spaces should not count 52 | function has_length($value, $options) { 53 | if(isset($options['min']) && !has_length_greater_than($value, $options['min'] - 1)) { 54 | return false; 55 | } elseif(isset($options['max']) && !has_length_less_than($value, $options['max'] + 1)) { 56 | return false; 57 | } elseif(isset($options['exact']) && !has_length_exactly($value, $options['exact'])) { 58 | return false; 59 | } else { 60 | return true; 61 | } 62 | } 63 | 64 | // has_inclusion_of( 5, [1,3,5,7,9] ) 65 | // * validate inclusion in a set 66 | function has_inclusion_of($value, $set) { 67 | return in_array($value, $set); 68 | } 69 | 70 | // has_exclusion_of( 5, [1,3,5,7,9] ) 71 | // * validate exclusion from a set 72 | function has_exclusion_of($value, $set) { 73 | return !in_array($value, $set); 74 | } 75 | 76 | // has_string('nobody@nowhere.com', '.com') 77 | // * validate inclusion of character(s) 78 | // * strpos returns string start position or false 79 | // * uses !== to prevent position 0 from being considered false 80 | // * strpos is faster than preg_match() 81 | function has_string($value, $required_string) { 82 | return strpos($value, $required_string) !== false; 83 | } 84 | 85 | // has_valid_email_format('nobody@nowhere.com') 86 | // * validate correct format for email addresses 87 | // * format: [chars]@[chars].[2+ letters] 88 | // * preg_match is helpful, uses a regular expression 89 | // returns 1 for a match, 0 for no match 90 | // http://php.net/manual/en/function.preg-match.php 91 | function has_valid_email_format($value) { 92 | $email_regex = '/\A[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\Z/i'; 93 | return preg_match($email_regex, $value) === 1; 94 | } 95 | 96 | // has_unique_username('johnqpublic') 97 | // * Validates uniqueness of admins.username 98 | // * For new records, provide only the username. 99 | // * For existing records, provide current ID as second argument 100 | // has_unique_username('johnqpublic', 4) 101 | function has_unique_username($username, $current_id="0") { 102 | global $db; 103 | 104 | $sql = "SELECT * FROM admins "; 105 | $sql .= "WHERE username='" . db_escape($db, $username) . "' "; 106 | $sql .= "AND id != '" . db_escape($db, $current_id) . "'"; 107 | 108 | $result = mysqli_query($db, $sql); 109 | $admin_count = mysqli_num_rows($result); 110 | mysqli_free_result($result); 111 | 112 | return $admin_count === 0; 113 | } 114 | 115 | ?> 116 | -------------------------------------------------------------------------------- /globe_bank/private/query_functions.php: -------------------------------------------------------------------------------- 1 | 2, 'max' => 255))) { 49 | $errors[] = "First name must be between 2 and 255 characters."; 50 | } 51 | 52 | if(is_blank($admin['last_name'])) { 53 | $errors[] = "Last name cannot be blank."; 54 | } elseif (!has_length($admin['last_name'], array('min' => 2, 'max' => 255))) { 55 | $errors[] = "Last name must be between 2 and 255 characters."; 56 | } 57 | 58 | if(is_blank($admin['email'])) { 59 | $errors[] = "Email cannot be blank."; 60 | } elseif (!has_length($admin['email'], array('max' => 255))) { 61 | $errors[] = "Last name must be less than 255 characters."; 62 | } elseif (!has_valid_email_format($admin['email'])) { 63 | $errors[] = "Email must be a valid format."; 64 | } 65 | 66 | if(is_blank($admin['username'])) { 67 | $errors[] = "Username cannot be blank."; 68 | } elseif (!has_length($admin['username'], array('min' => 8, 'max' => 255))) { 69 | $errors[] = "Username must be between 8 and 255 characters."; 70 | } elseif (!has_unique_username($admin['username'], $admin['id'] ?? 0)) { 71 | $errors[] = "Username not allowed. Try another."; 72 | } 73 | 74 | if($password_required) { 75 | if(is_blank($admin['password'])) { 76 | $errors[] = "Password cannot be blank."; 77 | } elseif (!has_length($admin['password'], array('min' => 12))) { 78 | $errors[] = "Password must contain 12 or more characters"; 79 | } elseif (!preg_match('/[A-Z]/', $admin['password'])) { 80 | $errors[] = "Password must contain at least 1 uppercase letter"; 81 | } elseif (!preg_match('/[a-z]/', $admin['password'])) { 82 | $errors[] = "Password must contain at least 1 lowercase letter"; 83 | } elseif (!preg_match('/[0-9]/', $admin['password'])) { 84 | $errors[] = "Password must contain at least 1 number"; 85 | } elseif (!preg_match('/[^A-Za-z0-9\s]/', $admin['password'])) { 86 | $errors[] = "Password must contain at least 1 symbol"; 87 | } elseif($admin['username'] == $admin['password']) { 88 | $errors[] = "Username and password must be different"; 89 | } 90 | 91 | if(is_blank($admin['confirm_password'])) { 92 | $errors[] = "Confirm password cannot be blank."; 93 | } elseif ($admin['password'] !== $admin['confirm_password']) { 94 | $errors[] = "Password and confirm password must match."; 95 | } 96 | } 97 | 98 | return $errors; 99 | } 100 | 101 | function insert_admin($admin) { 102 | global $db; 103 | 104 | $errors = validate_admin($admin); 105 | if (!empty($errors)) { 106 | return $errors; 107 | } 108 | 109 | $hashed_password = password_hash($admin['password'], PASSWORD_BCRYPT); 110 | 111 | $sql = "INSERT INTO admins "; 112 | $sql .= "(first_name, last_name, email, username, hashed_password) "; 113 | $sql .= "VALUES ("; 114 | $sql .= "'" . db_escape($db, $admin['first_name']) . "',"; 115 | $sql .= "'" . db_escape($db, $admin['last_name']) . "',"; 116 | $sql .= "'" . db_escape($db, $admin['email']) . "',"; 117 | $sql .= "'" . db_escape($db, $admin['username']) . "',"; 118 | $sql .= "'" . db_escape($db, $hashed_password) . "'"; 119 | $sql .= ")"; 120 | $result = mysqli_query($db, $sql); 121 | 122 | // For INSERT statements, $result is true/false 123 | if($result) { 124 | return true; 125 | } else { 126 | // INSERT failed 127 | echo mysqli_error($db); 128 | db_disconnect($db); 129 | exit; 130 | } 131 | } 132 | 133 | function update_admin($admin) { 134 | global $db; 135 | 136 | $password_sent = !is_blank($admin['password']); 137 | 138 | $errors = validate_admin($admin, ['password_required' => $password_sent]); 139 | if (!empty($errors)) { 140 | return $errors; 141 | } 142 | 143 | $sql = "UPDATE admins SET "; 144 | $sql .= "first_name='" . db_escape($db, $admin['first_name']) . "', "; 145 | $sql .= "last_name='" . db_escape($db, $admin['last_name']) . "', "; 146 | $sql .= "email='" . db_escape($db, $admin['email']) . "', "; 147 | if($password_sent) { 148 | $hashed_password = password_hash($admin['password'], PASSWORD_BCRYPT); 149 | $sql .= "hashed_password='" . db_escape($db, $hashed_password) . "', "; 150 | } 151 | $sql .= "username='" . db_escape($db, $admin['username']) . "' "; 152 | $sql .= "WHERE id='" . db_escape($db, $admin['id']) . "' "; 153 | $sql .= "LIMIT 1"; 154 | $result = mysqli_query($db, $sql); 155 | 156 | // For UPDATE statements, $result is true/false 157 | if($result) { 158 | return true; 159 | } else { 160 | // UPDATE failed 161 | echo mysqli_error($db); 162 | db_disconnect($db); 163 | exit; 164 | } 165 | } 166 | 167 | function delete_admin($admin) { 168 | global $db; 169 | 170 | $sql = "DELETE FROM admins "; 171 | $sql .= "WHERE id='" . db_escape($db, $admin['id']) . "' "; 172 | $sql .= "LIMIT 1;"; 173 | $result = mysqli_query($db, $sql); 174 | 175 | // For DELETE statements, $result is true/false 176 | if($result) { 177 | return true; 178 | } else { 179 | // DELETE failed 180 | echo mysqli_error($db); 181 | db_disconnect($db); 182 | exit; 183 | } 184 | } 185 | 186 | ?> 187 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | LinkedIn Learning Exercise Files License Agreement 2 | ================================================== 3 | 4 | This License Agreement (the "Agreement") is a binding legal agreement 5 | between you (as an individual or entity, as applicable) and LinkedIn 6 | Corporation (“LinkedIn”). By downloading or using the LinkedIn Learning 7 | exercise files in this repository (“Licensed Materials”), you agree to 8 | be bound by the terms of this Agreement. If you do not agree to these 9 | terms, do not download or use the Licensed Materials. 10 | 11 | 1. License. 12 | - a. Subject to the terms of this Agreement, LinkedIn hereby grants LinkedIn 13 | members during their LinkedIn Learning subscription a non-exclusive, 14 | non-transferable copyright license, for internal use only, to 1) make a 15 | reasonable number of copies of the Licensed Materials, and 2) make 16 | derivative works of the Licensed Materials for the sole purpose of 17 | practicing skills taught in LinkedIn Learning courses. 18 | - b. Distribution. Unless otherwise noted in the Licensed Materials, subject 19 | to the terms of this Agreement, LinkedIn hereby grants LinkedIn members 20 | with a LinkedIn Learning subscription a non-exclusive, non-transferable 21 | copyright license to distribute the Licensed Materials, except the 22 | Licensed Materials may not be included in any product or service (or 23 | otherwise used) to instruct or educate others. 24 | 25 | 2. Restrictions and Intellectual Property. 26 | - a. You may not to use, modify, copy, make derivative works of, publish, 27 | distribute, rent, lease, sell, sublicense, assign or otherwise transfer the 28 | Licensed Materials, except as expressly set forth above in Section 1. 29 | - b. Linkedin (and its licensors) retains its intellectual property rights 30 | in the Licensed Materials. Except as expressly set forth in Section 1, 31 | LinkedIn grants no licenses. 32 | - c. You indemnify LinkedIn and its licensors and affiliates for i) any 33 | alleged infringement or misappropriation of any intellectual property rights 34 | of any third party based on modifications you make to the Licensed Materials, 35 | ii) any claims arising from your use or distribution of all or part of the 36 | Licensed Materials and iii) a breach of this Agreement. You will defend, hold 37 | harmless, and indemnify LinkedIn and its affiliates (and our and their 38 | respective employees, shareholders, and directors) from any claim or action 39 | brought by a third party, including all damages, liabilities, costs and 40 | expenses, including reasonable attorneys’ fees, to the extent resulting from, 41 | alleged to have resulted from, or in connection with: (a) your breach of your 42 | obligations herein; or (b) your use or distribution of any Licensed Materials. 43 | 44 | 3. Open source. This code may include open source software, which may be 45 | subject to other license terms as provided in the files. 46 | 47 | 4. Warranty Disclaimer. LINKEDIN PROVIDES THE LICENSED MATERIALS ON AN “AS IS” 48 | AND “AS AVAILABLE” BASIS. LINKEDIN MAKES NO REPRESENTATION OR WARRANTY, 49 | WHETHER EXPRESS OR IMPLIED, ABOUT THE LICENSED MATERIALS, INCLUDING ANY 50 | REPRESENTATION THAT THE LICENSED MATERIALS WILL BE FREE OF ERRORS, BUGS OR 51 | INTERRUPTIONS, OR THAT THE LICENSED MATERIALS ARE ACCURATE, COMPLETE OR 52 | OTHERWISE VALID. TO THE FULLEST EXTENT PERMITTED BY LAW, LINKEDIN AND ITS 53 | AFFILIATES DISCLAIM ANY IMPLIED OR STATUTORY WARRANTY OR CONDITION, INCLUDING 54 | ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY OR FITNESS FOR A 55 | PARTICULAR PURPOSE, AVAILABILITY, SECURITY, TITLE AND/OR NON-INFRINGEMENT. 56 | YOUR USE OF THE LICENSED MATERIALS IS AT YOUR OWN DISCRETION AND RISK, AND 57 | YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE THAT RESULTS FROM USE OF THE 58 | LICENSED MATERIALS TO YOUR COMPUTER SYSTEM OR LOSS OF DATA. NO ADVICE OR 59 | INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM US OR THROUGH OR 60 | FROM THE LICENSED MATERIALS WILL CREATE ANY WARRANTY OR CONDITION NOT 61 | EXPRESSLY STATED IN THESE TERMS. 62 | 63 | 5. Limitation of Liability. LINKEDIN SHALL NOT BE LIABLE FOR ANY INDIRECT, 64 | INCIDENTAL, SPECIAL, PUNITIVE, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING 65 | BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER 66 | INTANGIBLE LOSSES . IN NO EVENT WILL LINKEDIN'S AGGREGATE LIABILITY TO YOU 67 | EXCEED $100. THIS LIMITATION OF LIABILITY SHALL: 68 | - i. APPLY REGARDLESS OF WHETHER (A) YOU BASE YOUR CLAIM ON CONTRACT, TORT, 69 | STATUTE, OR ANY OTHER LEGAL THEORY, (B) WE KNEW OR SHOULD HAVE KNOWN ABOUT 70 | THE POSSIBILITY OF SUCH DAMAGES, OR (C) THE LIMITED REMEDIES PROVIDED IN THIS 71 | SECTION FAIL OF THEIR ESSENTIAL PURPOSE; AND 72 | - ii. NOT APPLY TO ANY DAMAGE THAT LINKEDIN MAY CAUSE YOU INTENTIONALLY OR 73 | KNOWINGLY IN VIOLATION OF THESE TERMS OR APPLICABLE LAW, OR AS OTHERWISE 74 | MANDATED BY APPLICABLE LAW THAT CANNOT BE DISCLAIMED IN THESE TERMS. 75 | 76 | 6. Termination. This Agreement automatically terminates upon your breach of 77 | this Agreement or termination of your LinkedIn Learning subscription. On 78 | termination, all licenses granted under this Agreement will terminate 79 | immediately and you will delete the Licensed Materials. Sections 2-7 of this 80 | Agreement survive any termination of this Agreement. LinkedIn may discontinue 81 | the availability of some or all of the Licensed Materials at any time for any 82 | reason. 83 | 84 | 7. Miscellaneous. This Agreement will be governed by and construed in 85 | accordance with the laws of the State of California without regard to conflict 86 | of laws principles. The exclusive forum for any disputes arising out of or 87 | relating to this Agreement shall be an appropriate federal or state court 88 | sitting in the County of Santa Clara, State of California. If LinkedIn does 89 | not act to enforce a breach of this Agreement, that does not mean that 90 | LinkedIn has waived its right to enforce this Agreement. The Agreement does 91 | not create a partnership, agency relationship, or joint venture between the 92 | parties. Neither party has the power or authority to bind the other or to 93 | create any obligation or responsibility on behalf of the other. You may not, 94 | without LinkedIn’s prior written consent, assign or delegate any rights or 95 | obligations under these terms, including in connection with a change of 96 | control. Any purported assignment and delegation shall be ineffective. The 97 | Agreement shall bind and inure to the benefit of the parties, their respective 98 | successors and permitted assigns. If any provision of the Agreement is 99 | unenforceable, that provision will be modified to render it enforceable to the 100 | extent possible to give effect to the parties’ intentions and the remaining 101 | provisions will not be affected. This Agreement is the only agreement between 102 | you and LinkedIn regarding the Licensed Materials, and supersedes all prior 103 | agreements relating to the Licensed Materials. 104 | 105 | Last Updated: March 2019 106 | --------------------------------------------------------------------------------