Professional Documents
Culture Documents
Final Documentation - Sardar Uncle
Final Documentation - Sardar Uncle
Website: elegantworld.xyz/public/api
Technologies used for frontend: HTML, Bootstrap, CSS, Tailwind CSS, Javascript,
JQuery, AJAX.
1. Register email.
2. Click on set password.
3. Enter email and press send email.
4. Check inbox or spam, an email will be sent with a link.
5. Click on the link to set password.
6. Once we set our password, we will be redirected back to website.
7. Username is by default: “avm123”.
8. Enter login credentials, press login button and we will be ready to go.
Email Link and Set Password
Four Scenarios:-
1. If we open the sent link after 20 minutes, it will show a custom made 404 page.
2. However, if we visit the link and then try to open it again, it will simply redirect us back to
login page.
3. Third scenario is when we open the link and just suppose we keep it open for more than 20
minutes. So after 20 minutes we try to submit our password to be set. This time it will
redirect us back to the login page with a message “Information! Your Session Times Out.”
4. Suppose we submitted our password to be set and then used the back button of the
browser to go back to the set password form. In such a scenario if we try to submit our
password again it will simply redirect to the login page.
Methods Used:
• At the time of sending email, I am creating a cookie in which the current time stamp value is
stored. I send that value over the link sent to you by the email. I use it to check if the current
time is less than the timestamp_value+20mins. Second check is I am making sure that the
timestamp value received in the link is the same as the timestamp value set in the cookie which
was created before sending the email. This way no one can cheat with the link sent. If they try to
do so, it will show the 404 page that I made and which is very beautiful I believe. Now if both
checks are true, we can then set our password.
• Now there was another cookie that was created before sending email to make sure that we
cannot visit the link more than once. Once we visit the link the cookie is destroyed and the
middleware makes sure that if the cookie doesn’t exist then don’t execute the http request or
the link sent to us, instead redirect us back to the login page.
• Now in the case where we opened the link and kept it open for more than 20 minutes. In that
case, I am sending the received timestamp value with the form, which is then compared with
the current time. If the current time exceeds timestamp+20mins, your password will not be set,
instead you will be redirected back to login page with the message “Your Session Times Out”.
• Now to make sure that after setting our password, we don’t go back to the form using browser
back button and submit the form again, I created another cookie before sending email, which is
destroyed once we submit the form for set password. Another middleware checks if that cookie
exists. If it does exist then you are allowed to execute the http post request to set your
password otherwise, you shall be redirected back to the login page if you try to submit again by
going back to the form using browser back button.
• Summary: I have used timestamp, cookies and middlewares to implement these logics. All
cookies are set for a time of 20 minutes just in case.
We cannot go to email link or set our password if we are logged in. If we try to do so, it will simply
redirect us to home page. This is my middleware check. Because once we login, a session is created and
if that session exists, my middleware won’t allow us to enter the email link and set password, instead it
will redirect to Home page. (So here we are using session and middleware for this logic).
Similarly, I am using another middleware (let’s call it login middleware) to make sure that we cannot
enter the website or execute the logout link, if you are not logged in (i.e. the login_session or the
login_cookie doesn’t exist). If we try to visit any of those links, we will be redirected back to the login
page.
If we select the remember_me option while logging in, two cookies are created to store the username
and password of the user. So the next time we visit login page, our login credentials will be
automatically filled in the input fields of the login page with the remember_me checkbox kept selected
automatically. So we will just have to press the login button to get signed in without re-entering our
login credentials. The time length of the cookie is set to 1 day.
However, if we uncheck the option while logging in, the cookies will be destroyed and the option will be
unselected automatically. The cookies will also be destroyed, if we try to login with incorrect username
or password, in which case the remember_me option will again be unselected automatically.
The stay_signed_in option creates a “login cookie” (for a period of 1 day). So the next time we visit the
website, we will be directly redirected to the Home page by the login middleware that we discussed
above. The login cookie is destroyed when we press the logout button, in which case we will be
redirected back to the login page (with the stay_signed_in checkbox automatically selected to tell us
that we had recently used this option).
Summary: I am using cookies here because I have set sessions to be destroyed on browser close. So we
will automatically logout on closing the browser. Moreover, sessions lifetime is set to2 hours. So after 2
hours we will have to login again.
I have told all about middlewares above. Now, in case of exceptions, for example if we try to execute
any HTTP POST request using hyperlink, like executing the submit login credentials hyperlink directly
from the browser’s URL bar, it will execute MethodNotAllowedHttpException and will redirect us back
to login page if not signed in, otherwise the logout middleware will meddle in and will redirect us to
home page.
Logout: I have used post HTTP request for logout function just so that we can’t destroy a login_sesssion
simply by executing hyperlink from the URL bar.
Moreover, for unknown HTTP requests or HTTP requests that do not exist for the website, the
HttpNotFoundException executes and displays my custom 404 page not found view if not signed in,
otherwise homepage with the help of the logout middleware.
For other HttpExceptions like “403 Forbidden To Access” or “500 Internal Server Error”, the
HttpException method executes which basically covers all sorts of Http errors and with this function I
am again using my 404 Page Not Found view.
Inshallah, we probably won’t see much of it because the website is working well.
Forms:
In the forms, I have used validations for each input field. Almost each field has multiple validations.
• I have used Laravel Validation rules and Regular Expressions for Students’ and Courses’ forms
sections.
• Javascript validation and regular expressions for “login” and “set password” forms.
• For register email form, I have used a regular expression to validate the email format.
So for example, when registering an email if a specific pattern (or regular expression) is not matched, it
will display a warning “Warning! Invalid Email Address”.
Similarly, another example is in the student’s form section. While assigning a Student ID, it must match a
specific pattern or expression. Other validations for this field are that if the ID is already assigned or was
previously assigned to a deleted student then it will give validation error.
Similarly, phone number must be unique for each student and it also follows a specific pattern.
Inshallah, you can see all of this and more as you will go through the website.
In case of errors the form input fields will display the values last entered, else if left empty, they will
display the values stored in the database against the record if there are any.
SQL Tables:
Student Table
Parent Child
Trigger Events:
1. Add
2. Update Trigger Event:
3. Trash
4. Restore 5. Delete
Child Parent
Deleted_Students Table
Activity Table Courses Table
If we delete any student, all of its records from the activity table will be automatically deleted (this is
called “DELETE ON CASCADE”).
In SQL, I made trigger events on Student Table for “New Entry”, “Update Existing Entry”, “Trash”,
“Restore”, and “Delete” to be stored in Activity Table and Deleted_Students Table (to store the deleted
IDs). The reason of storing deleted IDs is for the purpose of not letting them be assigned to any new
student.
Search Functions:
Search function queries are quite complex.
Search By Student ID
Student ID has a special format. The first letter of the ID must start with letter “i”, followed by two
digits, followed by a hyphen(-), followed by 4 digits. For example, i15-0277. However, with the
implemented search query, we can write any digits in the search box and it will match with every inch of
Student IDs and will display the required results if found any.
The search query ignores the hyphen(-) and the letter “i” given in the student IDs which enhances the
depth of the search. However, if we still want to mention them in our search, then it will search
accordingly. By mentioning letter “i” or hyphen(-) , we are telling the search query that we at least know
the first or the first two digits of the ID. The following are some important search samples to look for:
i. Search Value: 18
Important search results to look for:
• i18-5796
• i21-8309
• i12-9318
ii. Search Value: i18
Important search results to look for:
• i18-5796
• i18-0014
iii. Search Value: 502
Important search results to look for:
• i15-0277
• i17-5023
• i50-2887
iv. Search Value: i502
Important search results to look for:
• i50-2887
• i50-2423
v. Search Value: 1502
Important search results to look for:
• i15-0277
• i31-5029
• i23-1502
vi. Search Value: i1502
Important search results to look for:
• i15-0277
• i15-0282
vii. Search Value: 15027
Important search results to look for:
• i15-0277
• i41-5027
viii. Search Value: i15027
Important search results to look for:
• i15-0277
• i15-0278
You may try other searches like “15-“, “i9”, etc.
If all the searched results consist of only 1 Student ID, then it will display that ID in the search box
instead of the search value that we entered, indicating us that all search results belong to only one
Student ID mentioned in the search box. Try searching for 150277 or i150277 in the Activity section
search box; you will know what I mean, SIR!!
Please Take two Notes:-
1. If you type letter “i” in the search box, it will display all students who have letter “i” in their
names. What I am trying to say is that this letter “i” will only work for names and not
Student IDs, even though all Student IDs start with letter “i”. Therefore, it doesn’t make any
sense to display all students for search letter “i”.
2. Moreover, every Student ID has a hypen (-) so therefore, it doesn’t make any sense to show
all student records for “-” hypen search, instead it will show no results found.
Note:- If we give wrong page number in the url, we will be redirected to the first
page of the pagination.
Final Message
I have tried to explain every detail as good as possible and as easy as possible. I apologize for any
mistake made. THANK YOU!!