Criteria C

Project Folder: Techniques Used:

Error Handling (page2)

Database Queries (page4)
User Authentication (page6)
Hashing (page8)
Graph Generation (page9)
For Loop Iteration (page11)
Email Verification (page12)
Error Handling

Elect must be able to handle errors to achieve success criterion 7.

(Snippet from “signup.handler.php”)

Error handling is seen when validating credentials. If the back-end to the signup system finds
that the input data does not meet a criteria, a ”header()“ function is called, redirecting the user
back to the signup page with a variable set in the URL: "error".
 (Snippet from “signup.php”)
Using PHP’s “$_GET[]“ function, Elect grabs the “error” variable in the URL and compares it
against other possible values. Once a match occurs, the front-end will display an error
message, using PHP’s ”echo” function; allowing students to change data inputs optimally,
achieving the success criteria.
Database Queries

Being able to communicate with a database and its tables effectively is necessary to
achieve the success criterions such as 3,5,6,7 and 8.

(Snippet from “database.handler.php”)

The details for a database connection are present in “database.handler.php”.Using
“mysqli_connect()”, database-connections are established by passing details stored in the
variables: “$serverName”, “$dbUsername”, “$dbPassword”, “$dbName”. A variable “$conn” is
set establishing a connection to the database. Whenever a connection to a database is
needed, a script will reference “database.handler.php” to fetch “$conn”. This design is
implemented to reduce repetition and increase program speed.
 (Snippet from “signup.handler.php”)
- A script is running queries to check if an email already exists within the database. On
line 70, the script references “database.handler.php” to carry out communications with
a database. The connection function, “mysqli_connect()” is stored under the variable
“$conn”. Line 83 initialises a connection with the database using PHP’s function
“mysqli_stmt_init()”. Line 82 displays the creation of a query stored in the variable
“$emailStatement”. Lines 84->90 show a security process: Prepared-Statements. By
‘preparing’ a statement, attacks like “SQL-Injections” are avoided. Line 91 executes
the statement and Line 93 fetches the results of the query. If there is a result, the
student email exists, if not, the student email does not exist.
User Authentication

User authentication is present to achieve success criterions 4,5,6 and 7.

(Snippet from “login.handler.php”)

Having identified that the username someone had entered exists in the database through line
28, the program needs to identify if they had entered the right password to go along with it.
PHP’s “password_verify()” function compares the hashed password in the database to the
password that the student/admin entered. If they don’t match, line 42 runs “header()” which
redirects the user to the front-end of the login page where they meet an error message.
However, if they match, line 35 creates a session variable called “username” using the
function “$_SESSION[]”. It sets the name of the username/email to this variable. This action
“logs” the student/admin in as now, other pages of Elect can see that the user’s
“$_SESSION[“username”]” is set. Depending on the name of this username, certain pages
will change their look in response to the user’s account. For example, on “index.php”, instead
of the “signup” button being present, users will see “Vote” and admins will see “Admin Panel”.
Hashing

A hashing function allows a program to digest a string of characters to make it

unreadable and secure which was to achieve criterion 9.

(Snippet from “signup.handler.php”)

Shown above, the script has to transfer the user’s details submitted through “signup.php” to
the database. One way of doing that is to store sensitive information as plain text, however,
that is insecure. To maximise security, PHP’s function “password_hash()” was implemented to
hash sensitive information like passwords. After the hash, the student’s password is passed
into a statement where it is submitted into the database, stored securely as a hash.
Graph generation

In order to satisfy the success criterion 8, Chart.JS, was imported to create the
voteboard.

(Snippet from “votebord.php”)

- Within the <head></head> tags, javascript ran to require Chart.JS methods and
functions from a content-delivery-service. With this, I can use the Chart.JS API.

Snippet from “votebord.php”)

- Lower down the page, the script contains canvas tags which holds each chart holding
an ID for Chart.JS API to recognise them by.

Snippets from “votebord.php”)

Loops are implemented to cycle through election candidates. In the first image the function
“fetchValueAdminConfig()” fetches the setting in its parameter in the admin config table. In
this case, the parameter is “currentCandidates”. So, that function will return the number of
candidates taking place, allowing the loop to iterate through all of them. The function
“fetchCandidateNameCandidates()” fetches the candidate names from their number. The
other image has the same loop; however, the name function was replaced by
”fetchNumberOfVotesForACandidateScripts()”, which returns the number of votes that each
candidate has. These two loops iterate through candidates to supply the Chart.JS API with
the information to display the number of votes for each candidate.

Snippets from “voteboard.php”)

These snippets of code run at the end of the chart set up to generate a pie chart and are bar
charts in the canvases defined by their IDs earlier.
For Loop Iteration

(Snippet from “about.php”)

A loop was implemented to produce a template regarding each candidate and their related
information. This loop iterates through all the existing users in the election, their Names,
Speech Links and Content are fetched and printed.
Email Verification

One feature of the success criteria was to build an architecture that would prohibit
double voting. My school creates one email for each of our students. These emails all
have a custom domain: “@gemswis”. Utilising this, I thought that if I could develop a
system in which the signup algorithm only accepts emails belonging to that domain, it
would mean that each student can only vote once, as they would not have the chance
to create multiple accounts using a fake email service of some kind. The service would
send a verification email to the email that they inputted into the system. It would require
the user to click the link generated in the email and their account would be validated.

(Snippet from “signup.handler.php”)

 - Lines 6->8 depicts a function being defined as ”phpMailer()”. This function sends
emails for validation to occur. ”$emailInsert” is the variable holding the recipient's email
and ”$urlInsert” holds a special link used for validating each user.

(Snippet from “signup.handler.php”)

To generate the URL that a user would receive to verify their email, we need to generate it.
Two variables ”$selector”, ”$token” are created as a part of this. Then, a URL was created to
handle verification using these variables. This URL will be mailed to the user.

(Snippet from “signup.handler.php”)

The script adds the user’s information to the database. The ”phpMailer()” is run with certain
parameters defined earlier, sending the email. ”$email” is the user’s inputed email from the
submit signup form.
 (Snippet from my email inbox.)
Users receive an email put forward to be an email bot.
 (Snippet from emailVerify.handler.php)
On lines 4->5, the variables called selector and validator in the URL are grabbed and set to
variables in code. On lines 9->20, processes are being run so the program checks if rows are
discovered using variables from earlier. If so, the algorithm checks if the validator is the same,
if so, the email is verified. Lines 31->47 transfers old information about the user into the “user”
table where they can now log in and vote. Line 60 logs them into their account by setting a
session variable “username” equal to their email.

Sources:

CSS tutorial. (n.d.). Retrieved June 6, 2022, from

https://www.w3schools.com/css/

HTML tutorial. (n.d.). Retrieved June 6, 2022, from

https://www.w3schools.com/html/

PHP tutorial. (n.d.). Retrieved June 6, 2022, from

https://www.w3schools.com/php/

Krossing, D. (2015). 1: Introduction to PHP programming [Video]. On YouTube.

https://www.youtube.com/watch?v=qVU3V0A05k8&list=PL0eyrZgxdwhwB

Toawjm9faF1ixePexft-