The system should be able to secure creating client accounts, integrate the notion of administrator and have a shopping cart.
You should use PDO class for communications with the database.
For this phase, we'll have to have a class for:
- Applications
- Clients/administrators
- Shopping cart
You will have to update your database to integrate administrators. Use the same table as for clients. You should find a solution to avoid mixing up clients and administrators. The page index.php should have a new element, Add to cart button.
The button should allow an authenticated client to add an item to his cart.
The items should be stocked in a session variable to allow for displaying all the items in the cart to the client.
So you should have a new page panier.php (French for "cart") that will display the list of products selected by the client. From this same page, the client should be able to modify the quantity that will be set to 1 by default. If the client modifies the quantity to 8, for example, this quantity should be saved as well and displayed correctly when the page is refreshed.
The following message should be displayed in the upper part of the page: "Welcome First Name, Last Name".
As for administrator, we should once again use the client authentication form, but as long as administrators cannot create accounts for themselves, the accounts should be created in advance in the database.
To secure the password, it should be generated with the help of PHP "crypt" function including a unique salt for every user. This applies both to clients and administrators. For a client, it should be done automatically in the account registration form whereas for administrator it can be entered directly into the database.
The Add to cart button should allow displaying a page dedicated to the selected product, produit.php. You should use "regex" to rewrite the URTL dynamically for each of the products including new ones that could be created.
The name of the product should be included in the URL.
The Add to cart button should now add items in the session variable without refreshing the page (using AJAX). A message confirming that the item has been added to the cart should be displayed.
AJAX should be used as well for creating client accounts.
When a client enters his e-mail, we should validate with AJAX if the e-mail is available and does not exist in the DB.
A message in green should appear to the right of the form if the e-mail is available and a message in red if not.
To secure the account, we should integrate a captcha.