I am doing the Harvards building dynamic websites called CS-75 (also could be called E-75), because someone told me about it and I just thought might as well, it is all learning 🙂 even if allot of it you may already know.
Here is the classes part of the project, I have only done two, one for the users which allow for registration/forgotten password/login etc and another for the stock function like buying and selling stock.
To start with here is the users.php file, this file will allow the user to login and setup the SESSION information,
<?php // could have setup the contrustor to have a session ID of the user. // I went for this of passing in the users ID in the parameters, encase I wanted to pass in a different user within a admin screen!. class User { // LoginCheck will check against the database the users creditials, please note that the string is send in clear text over the port/IP address from the php server to mysql database. public function LoginCheck($varuser, $varpassword, $checkPassword = false) { global $db; if ($checkPassword == false) $sqlquery = sprintf("select uid from users where username = '%s' and pass = AES_ENCRYPT('%s', '%s%s') and guid = 0", $varuser, $varuser, $varuser, $varpassword); else $sqlquery = sprintf("select uid from users where username = '%s' and guid = 0", $varuser); $result = $db->query($sqlquery); if ($db->rowsNumber($result) === 1) { $output = $db->arrayResults($result); $_SESSION["authenticated"] = true; $_SESSION["username"] = $output["uid"]; $db->freeResult($result); return true; } return false; } |
here is the registration method, that will return values that are useful for the error reporting part of the web site
// RegisterUser // paramters : $varuser = email address // $varpassword = password // return values // -2 : check password // -1 : not a valid email address // 0 : already registered // 1 : email check public function RegisterUser($varuser, $varpassword) { global $db; if (!$this->CheckPassword($varpassword)) return -2; // first lets check for a valid email address preg_match("/(\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6})/", $varuser, $matches); if (isset($matches[0])) { // valid email address $sqlquery = sprintf("select uid from users where username = '%s'", $varuser); $result = $db->query($sqlquery); if ($db->rowsNumber($result) ===1) { $output = $db->arrayResults($result); $db->freeResult($result); if ($output["uid"] > 0) return 0; } // so there is no user with that email address, // if there is not a trigger on the database // $sqlquery = sprintf("insert into users (username, pass) values ('%s',AES_ENCRYPT('%s','%s%s'))", $varuser, $varuser, $varuser, $varpassword); $sqlquery = sprintf("insert into users (username, pass,guid) values ('%s',AES_ENCRYPT('%s','%s%s'), uuid())", $varuser, $varuser, $varuser, $varpassword); $db->query($sqlquery); $sqlquery = sprintf("select guid from users where username = '%s'", $varuser); $result = $db->query($sqlquery); if ($db->rowsNumber($result) ===1) { $output = $db->arrayResults($result); $guid = $output["guid"]; $db->freeResult($result); // email the client a $subject = 'Registration required for stocks program'; $message = 'Please click on the link to register with the site'; $message .= "<a href=\"http://{$_SERVER["SERVER_NAME"]}{$_SERVER["PHP_SELF"]}?uid=$varuser&validid=$guid\">http://{$_SERVER["SERVER_NAME"]}{$_SERVER["PHP_SELF"]}?uid=$varuser&validid=$guid</a>"; $headers = 'From: noresponse@codingfriends.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); //mail($varuser, "Register with the stocks site", $message, $headers); // debugging, just output the message echo $message; return 1; } } else return -1; } |
encase the user has javascript turned off and the javascript is not checking to make sure that the user is passing in a password that is at least 6 characters long and also has 1+ numeric/aplha characters.
// checks password to be a minimum of 6 letters and also contains at least // 1+ aplha/numeric private function CheckPassword($varpassword) { $varpassword = trim($varpassword); if (strlen($varpassword) >=6) { // if not all aplha or digit characters then return true else false if (!ctype_alpha($varpassword)) if (!ctype_digit($varpassword)) return true; return false; } else return false; } |
Here the user will be emailed, if you uncomment the code, a link that will allow to change the password
public function ForgottenUser($varuser) { global $db; $sqlquery = sprintf("update users set guid = uuid() where username = '%s'", $varuser); $result = $db->query($sqlquery); if ($db->rowsAffected() === 1) { $db->freeResult($result); $sqlquery = sprintf("select guid from users where username = '%s'", $varuser); $result = $db->query($sqlquery); $output = $db->arrayResults($result); $db->freeResult($result); $subject = 'Forgotten password'; $message = 'Please click on the link to get back your password with the site'; $message .= "<a href=\"http://{$_SERVER["SERVER_NAME"]}{$_SERVER["PHP_SELF"]}?uid=$varuser&validid={$output["guid"]}\">http://{$_SERVER["SERVER_NAME"]}{$_SERVER["PHP_SELF"]}?uid=$varuser&validid={$output["guid"]}</a>"; $headers = 'From: noresponse@codingfriends.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); //mail($varuser, "Register with the stocks site", $message, $headers); // debugging, just output the message echo $message; return true; } $db->freeResult($result); return false; } |
here this is checking to make sure that the value that was passed to the user to either registrar/forgotten password that is it the same as what is in the database and thus change that value to 0 to denote that the user is valid.
public function CheckUserGUID($varuser, $guid) { global $db; $retValue = false; $sqlquery = sprintf("select guid from users where username = '%s'", $varuser); $result = $db->query($sqlquery); if ($db->rowsNumber($result) === 1) { $output = $db->arrayResults($result); if ($guid == $output["guid"]) $retValue = true; $sqlquery = sprintf("update users set guid = 0 where username = '%s'", $varuser); $db->query($sqlquery); } $db->freeResult($result); return $retValue; } |
If the user wants to update there password, here we alter the database values to for there password and using the AES_ENCRYPT function within MySQL to encrypted the password.
public function ChangePassword($varuserID, $varpassword) { global $db; if (!$this->CheckPassword($varpassword)) return false; $sqlquery = sprintf("select username from users where uid = %s", $varuserID); $result = $db->query($sqlquery); if ($db->rowsNumber($result) === 1) { $output = $db->arrayResults($result); $varuser = $output["username"]; $db->freeResult($result); $sqlquery = sprintf("update users set pass = AES_ENCRYPT('%s', '%s%s') where username = '%s' and guid = 0", $varuser, $varuser, $varpassword, $varuser); $result = $db->query($sqlquery); return true; // if the password is the same, then the line is not updated and thus may come across as a weird message. // if ($db->rowsAffected() ===1) // return true; } $db->freeResult($result); return false; } |
this is the method that will return the value of the users cash that they have left
public function GetCash($varuser) { global $db; $returnValue = 0; $sqlquery = sprintf("select cash from users where uid = %d", $varuser); $result = $db->query($sqlquery); if ($db->rowsNumber($result) ===1) { $results = $db->arrayResults($result); $returnValue = $results["cash"]; } $db->freeResult($result); return $returnValue; } |
last but not the least, here is destroying the session data, so that the user is logout.
// logout the user! public function Logout() { session_destroy(); } }; ?> |
The next class is the stock details, I called it getstocks.php, to start with I am getting the stock details from the yahoo site, with using the fopen of the yahoo.
<?php class StocksDetails { public function GetStocksFromYahoo($varsearch) { $returnvalue = 0; $handle = fopen("http://download.finance.yahoo.com/d/quotes.csv?s=$varsearch&f=sl1d1t1c1ohgv&e=.csv", "r"); while ($row = fgetcsv($handle)) { if ($row[0] == $varsearch) $returnvalue = $row[1]; } fclose($handle); return $returnvalue; } |
This method will build up a array of the users stock details and also the present value of the stock symbol.
// display all of the users stock details, public function ReturnAllStocks($varusernameID) { global $db; $sqlquery = sprintf("select symbol, quantity from stocks where uid = '%s'", $varusernameID); $result = $db->query($sqlquery); $insI = 0; while ($row = $db->arrayResults($result)) { $returnArr[$insI++] = array($row["symbol"], $row["quantity"],$this->GetStocksFromYahoo($row["symbol"])); } $db->freeResult($result); return $returnArr; } |
This method will sell the stock that the user has, to start with need to update the users cash flow for the sale of the stock, and then delete the actual stock from stocks table in the database that is linked to the user.
public function SellStock($varusernameID, $stockID) { global $db; $db->startTransaction(); try { // need to pull back users stock quantity and then delete it from the list and update the cash within the users table. $sqlquery = sprintf("update users,stocks set users.cash = users.cash + (%f * stocks.quantity) where users.uid = stocks.uid and users.uid = %d and stocks.symbol = \"%s\"",$this->GetStocksFromYahoo($stockID), $varusernameID, $stockID); $result = $db->query($sqlquery); if ($db->rowsAffected() == 1) { $sqlquery = sprintf("delete from stocks where uid = %d and symbol = \"%s\"", $varusernameID, $stockID); $result2 = $db->query($sqlquery); if ($db->rowsAffected() != 1) throw new Exception("Error updating the stock details"); } else throw new Exception("Error updating users cash"); $db->commitTransaction(); } catch (Exception $e) { echo "Possible error : {$e->getMessage()}"; $db->rollbackTransaction(); } } |
this method is the opposite of the above, where we are buying stock, we have to check the users balance/cash to make sure that they are able to, and then go though the process of updating the users table and the stocks, I am using the START TRANSACTION from within MySQL database InnoDB so that if any of process errors I can rollback the updates to the database tables.
// buy the stock into the users public function BuyStock($varusernameID, $stockID, $stockQuantity) { global $db; $valueOfStock = $this->GetStocksFromYahoo($stockID) * $stockQuantity; if ($valueOfStock > 0) { try { $db->startTransaction(); // update the users cash, whilst making sure that there is enought !!. $sqlquery = sprintf("update users set cash = cash - (%f) where uid = %d and cash > %f", $valueOfStock, $varusernameID, $valueOfStock); $db->query($sqlquery); // if there was enought money, place the update into the stocks table now!. if ($db->rowsAffected() ==1) { // now update the stock database table, could have used on duplicate key here.. $sqlquery = sprintf("update stocks set quantity = quantity + %d where uid = %d and symbol = '%s'",$stockQuantity, $varusernameID, $stockID); $db->query($sqlquery); // there was no stock of that type already, then just insert if ($db->rowsAffected() == 0) { $sqlquery = sprintf("insert into stocks values (%d,\"%s\", %d)", $varusernameID, $stockID, $stockQuantity); $db->query($sqlquery); } } else throw new Exception("Not enought money!"); $db->commitTransaction(); } catch (Exception $e) { echo "Possible error : {$e->getMessage()}"; $db->rollbackTransaction(); return 0; } } else { echo "Possible error : Getting values from Yahoo stock"; return 0; } return $valueOfStock; } |
Here, I am getting the news from of the symbol stock from the yahoo rss links.
public function ArrayOfStockDetails($stockID) { $xmlDoc = simplexml_load_file("http://finance.yahoo.com/rss/headline?s=$stockID"); $xpath = $xmlDoc->xpath("//channel/item"); $insI = 0; foreach ($xpath as $key) { $arrayRet[$insI++] = array("Date" => (string)$key->pubDate, "Link" => (string)$key->link, "Title" => (string)$key->title); } return $arrayRet; } }; ?> |
Next going to do the basic php file to load up the class files and connect to the database, with also the javascript code.