CSc 337 - Web Programming > Assignments > Assignment 13

General Information

Due: 26 Mar 2012, 11:59pm


This project spans three assignments to create an image uploading and viewing system. Users will be able to create and have accounts, to upload images, to view images that they have uploaded, and to view "public" images that other users have uploaded.

In this first assignment, you will lay the groundwork for the rest of the project. You'll need to design and create a database that can store information about users and the photos that they upload. You will also need to code account creation and login pages that salt and hash user passwords.

  1. Your user's passwords should be salted and hashed. This means you will have to store both the salt and the hash in your table and that you should not store the original password.
  2. Your database should store information about pictures for the following functionality:
    1. Users should be able to upload pictures to their account and view them later. The pictures (files) themselves will be stored in a folder on the server, but information about the pictures should be maintained in the database.
    2. Users should be able to mark their pictures as public or private. Later, public photos will be visible to anyone and private photos only to their uploader.
    You do not have to implement the functionality yet, just create database tables that will store necessary information.
  3. Users should be able to create accounts if they don't have one or log in if they do. Sessions should be used to maintain login information.
  4. Once logged in, a home page informing the user that they are logged in is sufficient.

Feel free to reuse code from the chat project, since login and account creation will be similar.

Hashing should be done with sha256, using PHP's hash function.


Throughout this project, we will be looking for valid handling of edge cases and correct protection against security issues that have been discussed in lecture. Polite error messages are expected when the user attempts to perform an invalid action.

Homework Submission

As detailed on the homework submission page, this homework must be on the class web server in a folder titled homework13 for it to be graded.