For better view of this page(requirements of level 3) Here is a link :--- http://comp249.stevecassidy.net/static/level3.html Full details about assignment :- http://comp249.stevecassidy.net/static/assignment.html Level 3 The Level 3 requirements concentrate on being able to log in and out of the application and see a page customised for the user. To meet this level you must implement another set of procedures in the module user.py, and one more procedure in interface.py and then extend your web application to allow user login. Unit Tests This level adds four procedures in a new users that deal with authenticating users and managing user sessions, and another procedure in the interface module to access images for a given user. They act as an interface to the users and sessions tables in the database. These procedures are implemented in the module users.py; a version of this file with just the procedure stubs is provided for you. 1. check_login There is a procedure check_login in the users module that takes three arguments, a database connection, a user nick and a password, and returns True if the password is correct for this user and False otherwise. Note that the password is stored in the database in encrypted form. You can use the method db.crypt(text) to encrypt a password (where db is a database connection). 2. generate_session There is a procedure generate_session in the users module that takes two arguments, a database connection and a user nick. If the nick doesn't correspond to an existing user, then it returns None. If this user doesn't already have an active session (an entry in the sessions table) then a new entry is created. If there is an existing entry, then the existing session id is retrieved. The procedure then creates a cookie in the Bottle response with the name sessionid and a value of the session id for this user. The procedure returns the sessionid. 3. delete_session There is a procedure delete_sessions in the users module that takes two arguments, a database connection and a user nick. The procedure removes all entries for this user in the sessions table. It does not return a value. 4. session_user There is a procedure session_user in the users module that takes one arguments, a database connection, and returns the name of the logged in user if one can be identified or None if not. This is done by finding the session id from the cookie in the Bottle request if present, and using it to look up the user in the sessions table. 5. post_add There is a procedure post_add in the interface module that takes two arguments, a user nick and a message. The procedure creates a new entry in the posts table with nick and message provided. Functional requirements As for level two plus: 1. Login Form As a visitor to the site, when I load the home page, I see a form with entry boxes for nick and password and a button labelled Login. o The login form will have the id 'loginform' and will use fields named 'nick' and 'password'. o The action of the login form will be /login. 2. Logging In As a registered user, when I enter my user nickname (eg. Bobalooba) and password (bob) into the login form and click on the Login button, the response is a redirect to the main application page (/). When my browser loads that page I see the normal home page with the login form replaced by the message "Logged in as Bobalooba" and a button labelled Logout. o The response generated by the successful login action is a redirect (302 Found) response that redirects the user to the home page. o The redirect response also includes a cookie with the name sessionid that contains some kind of random string. o The logout button will be in a form with id logoutform and have an input submit field with the name logout. 3. Failed Login As a registered user, when I enter my email address but get my password wrong and click on the Login button, the page I get in response contains a message "Login Failed, please try again". The page also includes another login form. 4. Posting a Message As a registered user, I can fill out a form on the main page to create a new post, when I submit the form I am redirected to the main page and my new post appears in the list. o The form to post a new message will have the id postform o The action attribute for the form will be the URL /post 5. Logout Button As a registered user, once I have logged in, every page that I request contains my name and the logout button. 6. Logging Out As a registered user, once I have logged in, if I click on the Logout button in a page, the page that I get in response is the site home page which now doesn't have my name and again shows the login form. o The response to a logout request is again a redirect (302 Found) response that redirects the user to the home page. o When I now request the home page, I see the login form again because the session has been deleted. Your Task To achieve these requirements you will need to implement the new procedures in interface.py and users.py and then make use of these to extend your application to support user login and posting messages. This may seem like a huge task but the number of features and tests listed above are there to make your job as clear as possible. Take each task a step at a time and read the requirements clearly. The following chapters in the notes may be useful: • Session Management covers using cookies and a sessions table to create user sessions. • Forms Processing describes handling form input in a Bottle script. • Python and SQLite describes the way to send queries to SQLite and get results back. • Web Applications with SQLite looks at using SQLite databases as part of an appliication. • Testing Python Programs covers running unit tests.