Web Systems Development Practical Set 2 DUE : 8:00pm, Fri, 16th September, 2016 A. Parking permit local database Create a local database named PermitPurchases in the App_Data folder of the ParkingPermit project. Please refer to the online module 8 for the details on how to create a database. Name your local database file "PermitPurchases.mdf". Note that this database is separate from the database maintained by ASP.NET Identity. While the usernames and passwords are maintained in the ASP.NET Identity database, the PermitPurchases database is mainly used to store the data regarding different types of permits and completed purchases. Create the following three tables: users, permits and purchases with the fields/columns as shown below. When creating these tables, choose an appropriate field to be the primary key. For example, the 'username' field would be the primary key for the users table; the 'pid' field would be the primary key for the purchases table. Note that: · An 'Id' field will be generated for each table by default in Visual Studio. If the specification for a table below doesn't include the 'Id' field, please remove it from the table. · You should pay attention to the appropriate data type for each table field. For instance, you should not use a numeric type for the 'phone' field as this would strip the leading zero from the number. For different data types in SQL server, please refer to http://msdn.microsoft.com/en-us/library/ms187752.aspx Table Name: users Field Name Data Type Description Key? username VARCHAR(30) The username of a user. In ASP.NET primary Identity, this will be the customer's email address by default. gname VARCHAR(20) the given name sname VARCHAR(20) the surname address VARCHAR(40) the street address state VARCHAR(20) should be one of the states or territories in Australia postcode CHAR(4) 4 digits, we assume customers are only from Australia in this assignment Page 1 of 5 mobile CHAR(10) mobile number; 10 digits Note: · The username stored in this table should be the same as the username maintained by ASP.NET Identity. · A user's password will be stored in the database maintained by ASP.NET Identity when this user registers at this website, so there is no password field in this table. Table Name: permits Field Name Data Type Description Key? type VARCHAR(10) The type of the permit primary description VARCHAR(200) A short description of the permit quarter_price FLOAT The price of this permit if purchased for a quarter halfyear_price FLOAT The price of this permit if purchased for half a year year_price FLOAT The price of this permit if purchased for a full year Note: This table should be populated with the data below. type description quarter_price halfyear_price year_price red Description 280.00 450.00 800.00 goes here blue Description 90.00 160.00 300.00 goes here yellow Description 70.00 120.00 200.00 goes here Table Name: purchases Field Name Data Type Description Key? pid INT The purchase id, with AUTO INCREMENT set primary type VARCHAR(10) the type of the permit purchased foreign username VARCHAR(30) The username of the user who purchased this foreign permit startdate DATE the day the permit starts to be effective duration INT The number of months the permit will be effective for; can only be '3', '6' or '12'. cost FLOAT the cost of this purchase ptime DATETIME the time of the purchase being made Note: For how to make the pid field 'auto increment' in SQL Server, please refer to the second part of: http://www.w3schools.com/sql/sql_autoincrement.asp Page 2 of 5 B. Authentication and Authorization In this task, you will add authentication and authorization to the Prac2 project. Specifically, you should implement the following functionalities. B.1 Authentication of users Use the ASP.NET Identity package to implement the users registration, login and logout. Note that when you created the Prac2 project, the template aspx pages for these functionalities such as Register.aspx and Login.aspx are automatically created in the "Account" folder of the project. You can simply use these pages provided to you by ASP.NET Identity. With the above pages available, you actually only need to modify the Register.aspx in this Prac2. · You should add new ASP.NET controls to solicit all fields present in the users table from the user. · Validations should be implemented for all fields as well. The validations rules are the same as those for the fields related to users in Prac1. · If a user's registration is successful, you need to insert this user's information into the users table. For how to write into database programmatically, please refer to our online module 9 (coming soon). The source code for this database insertion should be placed in the CreateUser_Click() event handler in the "Register.aspx.cs" file (see the picture below). B.2 Authorization to users Create a folder called "users" in your project to store the aspx pages accessible only to logged-in users. Place a "Web.config" file in this folder with authorization rules to realise this. For how to compose authorization rules in "Web.config" file, please refer to our online module 5. B.3 Dynamic links Before users login to the website, the links appear in the navigation bar should only include: Home, About, Contact, Register, Login. Page 3 of 5 After users login to the website, the links appear in the navigation bar should only include: Home, About, Contact, Personal Details, Make Purchase and My Purchases, and Logout. The three links in slanted font correspond to the three aspx pages to be described in Task C below. B.4 Dynamic Default.aspx page Before users login to the website, this page should contain an introduction to the three types of permits our university offers. After users login to the website, this page should contain an introduction to what this website allows logged-in users to do. C. Aspx pages for logged-in users The three aspx pages required in this task should: · be based on the master page "Site.Master". · be placed inside the "users" folder of your project. C.1 Updating user details — PersonalDetails.aspx This page should use a DetailsView or FormView control to enable a logged-in user to update his/her details in the database. That is, allow the user to retrieve his/her existing details from the users table and then make changes to the fields except the "username". Also, implement the validation on each field as required in Task B. If the update is successful, the user should be informed about this. C.2 Displaying purchase history — MyPurchases.aspx This page should allow a logged-in user to display details of all his/her permit purchases to date. Once logged in, the user should be able to select a particular purchase from a list of all his/her purchases from the database. This list should be implemented by either GridView or ListView, and show the following fields for each purchase: purchase ID, permit type and purchase time. Having made the selection, more details on that selected purchase should be displayed by either a DetailsView or a FormView, which should include the following fields: purchase ID, permit type, starting date of the permit, duration of the permit, cost, and purchase time. C.3 Making a new purchase — MakePurchase.aspx This page should use a MultiView control to enable a logged-in user to make a new purchase. This is similar to what you did in Prac1. You can reuse some of your code in the PermitPurchasing.aspx page from Prac1 here. As this functionality is for a logged-in user, the user details such as name, address, etc. do not need to be captured again in this MultiView, since they have been saved in the users table of the PermitPurchases database. Specifically, in this Prac2 MultiView, · The View 1 should be the same as the View 2 in the Prac1 MultiView. · The View 2 should display the price to be paid for the purchase. This price should be obtained by looking up the permits table. Also, View 2 should ask for the payment details as the View 3 in the Prac1 MultiView. The 'name on card' field should use the data retrieved from the Users table. · The View 3 should display a summary which includes all information presented in View 1 and View 2, and ask the user for confirmation. · Appropriate validation controls should be added for each of the input controls mentioned in View 1 and View 2 above. The validation requirements are the same as those in Prac1. · Navigations between these Views should be implemented according to Prac1 as well. Page 4 of 5 After the user confirms, the purchase details should be written into the purchases table. The purchase time for the purchase, which must be written to the database as part of the purchase process, should be obtained by querying the current system time rather than being an input item for the user to fill in. Note that the credit card details will not be written to the database. If the insertion is successful, the user should be informed about this. Page 5 of 5