Name: Muhammad Ahmad Bin Abdullah (0300-8683770, 0333-

7033770, 0333-2733770, h.abdullah12@yahoo.com,

g.kochomata0@gmail.com)

Website: elegantworld.xyz/public/api

Technologies used for frontend: HTML, Bootstrap, CSS, Tailwind CSS, Javascript,
JQuery, AJAX.

Technologies used for backend: Laravel, MySQL.

Follow the following steps:

1. Register email.
2. Click on set password.
3. Enter email and press send email.
4. Check inbox or spam, an email will be sent with a link.
5. Click on the link to set password.
6. Once we set our password, we will be redirected back to website.
7. Username is by default: “avm123”.
8. Enter login credentials, press login button and we will be ready to go.
Email Link and Set Password
Four Scenarios:-

1. If we open the sent link after 20 minutes, it will show a custom made 404 page.

2. However, if we visit the link and then try to open it again, it will simply redirect us back to
login page.

3. Third scenario is when we open the link and just suppose we keep it open for more than 20
minutes. So after 20 minutes we try to submit our password to be set. This time it will
redirect us back to the login page with a message “Information! Your Session Times Out.”

4. Suppose we submitted our password to be set and then used the back button of the
browser to go back to the set password form. In such a scenario if we try to submit our
password again it will simply redirect to the login page.

Methods Used:

• At the time of sending email, I am creating a cookie in which the current time stamp value is
stored. I send that value over the link sent to you by the email. I use it to check if the current
time is less than the timestamp_value+20mins. Second check is I am making sure that the
timestamp value received in the link is the same as the timestamp value set in the cookie which
was created before sending the email. This way no one can cheat with the link sent. If they try to
do so, it will show the 404 page that I made and which is very beautiful I believe. Now if both
checks are true, we can then set our password.

• Now there was another cookie that was created before sending email to make sure that we
cannot visit the link more than once. Once we visit the link the cookie is destroyed and the
middleware makes sure that if the cookie doesn’t exist then don’t execute the http request or
the link sent to us, instead redirect us back to the login page.

• Now in the case where we opened the link and kept it open for more than 20 minutes. In that
case, I am sending the received timestamp value with the form, which is then compared with
the current time. If the current time exceeds timestamp+20mins, your password will not be set,
instead you will be redirected back to login page with the message “Your Session Times Out”.

• Now to make sure that after setting our password, we don’t go back to the form using browser
back button and submit the form again, I created another cookie before sending email, which is
destroyed once we submit the form for set password. Another middleware checks if that cookie
exists. If it does exist then you are allowed to execute the http post request to set your
password otherwise, you shall be redirected back to the login page if you try to submit again by
going back to the form using browser back button.
 • Summary: I have used timestamp, cookies and middlewares to implement these logics. All
cookies are set for a time of 20 minutes just in case.

Another Important Note:

We cannot go to email link or set our password if we are logged in. If we try to do so, it will simply
redirect us to home page. This is my middleware check. Because once we login, a session is created and
if that session exists, my middleware won’t allow us to enter the email link and set password, instead it
will redirect to Home page. (So here we are using session and middleware for this logic).

Login Page and Home Page:

The same above middleware check (discussed in “Another Important Note” – let’s call it logout
middleware) is there to make sure that we cannot visit the login page, or register our email, or send
email link to set our password if we are already logged in (i.e. the login session or the login cookie is set
– the login cookie is used for the stay signed in function). If we try to do so, which we can only do by
directly inserting the hyperlink in the URL address bar, it will redirect us back to Home page.

Similarly, I am using another middleware (let’s call it login middleware) to make sure that we cannot
enter the website or execute the logout link, if you are not logged in (i.e. the login_session or the
login_cookie doesn’t exist). If we try to visit any of those links, we will be redirected back to the login
page.

Summary: I am using session and middlewares to implement the above logics.

“Remember Me” and “Stay Signed In”:

Remember Me:

If we select the remember_me option while logging in, two cookies are created to store the username
and password of the user. So the next time we visit login page, our login credentials will be
automatically filled in the input fields of the login page with the remember_me checkbox kept selected
automatically. So we will just have to press the login button to get signed in without re-entering our
login credentials. The time length of the cookie is set to 1 day.

However, if we uncheck the option while logging in, the cookies will be destroyed and the option will be
unselected automatically. The cookies will also be destroyed, if we try to login with incorrect username
or password, in which case the remember_me option will again be unselected automatically.

Stay Signed in:

The stay_signed_in option creates a “login cookie” (for a period of 1 day). So the next time we visit the
website, we will be directly redirected to the Home page by the login middleware that we discussed
above. The login cookie is destroyed when we press the logout button, in which case we will be
redirected back to the login page (with the stay_signed_in checkbox automatically selected to tell us
that we had recently used this option).

Summary: I am using cookies here because I have set sessions to be destroyed on browser close. So we
will automatically logout on closing the browser. Moreover, sessions lifetime is set to2 hours. So after 2
hours we will have to login again.

Middlewares and Exception handling:

All of the HTTP requests are first validated by the middlewares and in case of exceptions handled by the
handler.php file.

I have told all about middlewares above. Now, in case of exceptions, for example if we try to execute
any HTTP POST request using hyperlink, like executing the submit login credentials hyperlink directly
from the browser’s URL bar, it will execute MethodNotAllowedHttpException and will redirect us back
to login page if not signed in, otherwise the logout middleware will meddle in and will redirect us to
home page.

Logout: I have used post HTTP request for logout function just so that we can’t destroy a login_sesssion
simply by executing hyperlink from the URL bar.

Moreover, for unknown HTTP requests or HTTP requests that do not exist for the website, the
HttpNotFoundException executes and displays my custom 404 page not found view if not signed in,
otherwise homepage with the help of the logout middleware.

For other HttpExceptions like “403 Forbidden To Access” or “500 Internal Server Error”, the
HttpException method executes which basically covers all sorts of Http errors and with this function I
am again using my 404 Page Not Found view.

Internal Server/Database Errors:

I have also applied manual checks for internal server/database errors.

• In case an email cannot be sent.

• Can’t find existing records.
• Can’t save data in database.
• Can’t update existing record.
• Can’t trash, restore, or delete existing record.
• etc.

Inshallah, we probably won’t see much of it because the website is working well.

Forms:
In the forms, I have used validations for each input field. Almost each field has multiple validations.
 • I have used Laravel Validation rules and Regular Expressions for Students’ and Courses’ forms
sections.
• Javascript validation and regular expressions for “login” and “set password” forms.
• For register email form, I have used a regular expression to validate the email format.

So for example, when registering an email if a specific pattern (or regular expression) is not matched, it
will display a warning “Warning! Invalid Email Address”.

Similarly, another example is in the student’s form section. While assigning a Student ID, it must match a
specific pattern or expression. Other validations for this field are that if the ID is already assigned or was
previously assigned to a deleted student then it will give validation error.

Similarly, phone number must be unique for each student and it also follows a specific pattern.

Inshallah, you can see all of this and more as you will go through the website.

Behaviour of Input Fields In Case of Validation Errors:

In case of errors the form input fields will display the values last entered, else if left empty, they will
display the values stored in the database against the record if there are any.

SQL Tables:

Student Table
Parent Child

Trigger Events:

1. Add
2. Update Trigger Event:
3. Trash
4. Restore 5. Delete

Child Parent
Deleted_Students Table
Activity Table Courses Table
If we delete any student, all of its records from the activity table will be automatically deleted (this is
called “DELETE ON CASCADE”).

In SQL, I made trigger events on Student Table for “New Entry”, “Update Existing Entry”, “Trash”,
“Restore”, and “Delete” to be stored in Activity Table and Deleted_Students Table (to store the deleted
IDs). The reason of storing deleted IDs is for the purpose of not letting them be assigned to any new
student.

Activate/Deactivate and Student Count:

We can activate/deactivate a course.

• This will effect (active/deactive) registered students accordingly,

• and will also effect the course’s availability for selection.
• Student count for each course is given and is effected by add, update, trash, restore and delete
operations performed on students.
• To activate/deactivate a course, I am using Laravel’s SoftDelete option.

Trash, Restore, and Delete:

Just for some information: Trash is Laravel’s soft_delete functionality. We have to specify in the SQL
tables’s Model in laravel that we are going to use soft_delete for its records (by including the
namespace: use Illuminate\Database\Eloquent\SoftDeletes; and the façade: use SoftDeletes; in the
class definition. After this we migrate a deleted_at column in the SQL table using laravel. With this
migration, SQL will put an entry in the column automatically each time its record is deleted using the
Elequoent Model’s delete() function, which is basically used for permanent deletion, without actually
deleting it from the table.
Restore is, well it’s Laravel’s Elequoent ORM restore() function that restore’s a table’s records that have
entry in deleted_at column.
For permanent deletion, we will have to use Laravel’s Elequoent ORM’s forceDelete() function.

Search Functions:
Search function queries are quite complex.
Search By Student ID
Student ID has a special format. The first letter of the ID must start with letter “i”, followed by two
digits, followed by a hyphen(-), followed by 4 digits. For example, i15-0277. However, with the
implemented search query, we can write any digits in the search box and it will match with every inch of
Student IDs and will display the required results if found any.
The search query ignores the hyphen(-) and the letter “i” given in the student IDs which enhances the
depth of the search. However, if we still want to mention them in our search, then it will search
accordingly. By mentioning letter “i” or hyphen(-) , we are telling the search query that we at least know
the first or the first two digits of the ID. The following are some important search samples to look for:
i. Search Value: 18
Important search results to look for:
• i18-5796
• i21-8309
• i12-9318
ii. Search Value: i18
Important search results to look for:
• i18-5796
• i18-0014
iii. Search Value: 502
Important search results to look for:
• i15-0277
• i17-5023
• i50-2887
iv. Search Value: i502
Important search results to look for:
• i50-2887
• i50-2423
v. Search Value: 1502
Important search results to look for:
• i15-0277
• i31-5029
• i23-1502
vi. Search Value: i1502
Important search results to look for:
• i15-0277
• i15-0282
vii. Search Value: 15027
Important search results to look for:
• i15-0277
• i41-5027
viii. Search Value: i15027
Important search results to look for:
• i15-0277
• i15-0278
You may try other searches like “15-“, “i9”, etc.
If all the searched results consist of only 1 Student ID, then it will display that ID in the search box
instead of the search value that we entered, indicating us that all search results belong to only one
Student ID mentioned in the search box. Try searching for 150277 or i150277 in the Activity section
search box; you will know what I mean, SIR!!
Please Take two Notes:-
1. If you type letter “i” in the search box, it will display all students who have letter “i” in their
names. What I am trying to say is that this letter “i” will only work for names and not
Student IDs, even though all Student IDs start with letter “i”. Therefore, it doesn’t make any
sense to display all students for search letter “i”.
2. Moreover, every Student ID has a hypen (-) so therefore, it doesn’t make any sense to show
all student records for “-” hypen search, instead it will show no results found.

Search By Student Name

Search by name matches the search value from between, and from the left and right of the student
names. If it matches from anywhere with a particular student name, then that record will be shown to
us in the results.
Another logic is that, if we type multiple strings in the search box, for example, “ah or li”, then it should
match the given strings with each student name, and whichever student name contains all the given
strings (three strings in this example), the record against that name should be shown in the results.
There are two additional things I did with this logic:
• If we type any special characters or numerals in the string, for example: "@#23ah#$ ^%or45&^
#$8li7%^", then it will filter out all of those, and will leave us with the strings (if any) given in the
search value. So the above search value will give us results for “ah or li”.
• No matter how many spaces we give between the strings, for example: “ah or li”, there
won’t be any change in the result set.

Search By Student Course

Search by course must start with “C-” or “c-”, followed by the course name. We are implementing the
“C-“ logic to tell the function that we want to search by student course and not student name. Now this
search function is special in a way, that after “c-” we can write any letter(s) along with any special
characters, numerals and spaces, and the function will filter out all the special characters, numerals and
spaces, leaving us with a string of letters, that it will compare with course names (which are also filtered
out from any special characters) from between, left and right. If it matches from anywhere with a
particular course name, then the student records corresponding to that course name will be shown to us
in the results.
For example, if we write, “c-phill” or “c-mphill” or “c- #p #hill” in the search box, it will display all
student records from M.PHILL course. If we write “c-hons” or “c- #h #ons”, it will display all students
from BS(Hons.) course. Similarly, if we write “C-b” or “C- # b”, it will display all students from BA, BSC,
and BS(Hons.) classes.
Take Another Note:-
3. The string “C-” or “c-” has no meaning in itself. Therefore, using these strings as a search
value will display “no results found” message.

Note:- If we give wrong page number in the url, we will be redirected to the first
page of the pagination.

Final Message
I have tried to explain every detail as good as possible and as easy as possible. I apologize for any
mistake made. THANK YOU!!