1. Simple programs. Use toturialspoint test server mentioned in the course to write a PHP page which: a. shows "Hi RT!" using PHP's echo instruction b. also shows 5 stars, where 5 is the value of the variable n at the beginning of the script ($n=5): ***** c. also shows 3 lines with 5 stars each, where 3 and 5 are taken from variables n and p: ***** ***** ***** d. also shows a triangle, where 5 is the value of a variable n: ***** **** *** ** * 2. URL parameters, loop, HTML table, colours, algorithmics, and rt-projet server. a. Test the "Hi RT!" echo exercice on rt-projet server, see the detailed instructions provided at the end of this file (or alternatively on your own machine by installing a Web server + PHP module + DB, such as LAMP/WAMP; by default: http://localhost/phpmyadmin, login 'root', password blank, DB type MariaDB). b. Write loop.php which uses a loop to show the numbers from 1 to n on one line, where n is the value from the URL when executed as loop.php?n=15 (use $_GET['n'] to get the value 15). Check that n is a natural number between 1 and 20, elsewhere "Error" is shown instead of the table. c. Add a nested loop to show multiplication table for n*n, like this (example for n=4): 1 2 3 4 2 4 6 8 3 6 9 12 4 8 12 16 d. Use tag to show the multiplication table in an HTML table. e. In the same table, show numbers greater than 50 in red, and between 20 and 50 in green (use style attribute in td tags). 3. Form, PHP function, file inclusion, security. a. Write form.html which allows user to choose a number N, a character, and one of three possible colours: red, green, and blue. The 2nd page form.php shows that character N times with the chosen colour. b. Using HTML built-in attributes, validate the user input in the form: the three fields are required, the number field must contain a number between 1 and 10, the character can have only one character, and only one colour must be chosen. c. Create a PHP function which has three parameters: the number, the character, and the colour, and does the same processing as previously (which shows the given character N times in the given colour). Use this function instead of the previous code. d. Move this function in a separate PHP file, and include that file in PHP. Put that file in the parent directory, and explain the vulnerability fixed. 4. PHP and DB, security. a. If you use rt-projet server, use the database assigned to you (as shown at the end of this page), elsewhere create a database, called test. Inside, create one table, called students, with two columns, name (string 30 characters) and mark (integer). Click on 'Structure' tab and check that the two types are right, and on 'Browse' tab to check that the table has no data yet. b. Create a page add.php which shows a form with two fields, name and mark (an integer from 0 to 10), both mandatory, and, if there are parameters ($_GET[...]), also enters them in the DB (so the same PHP page shows either the form, or processes data). Show the text "Student added" if the insertion was successful. Check with phpmyadmin that it has indeed been added to the table. c. Avoid unexpected results by first checking that name is an 8-letter string a..z (preg_match ('/^[a-z]{1,8}$/', $var)) and mark an integer 0..9 (preg_match ('/^[0-9]$/', $var)), and showing an error and stopping the script in the wrong case. d. Create a page update.php which shows a form with name and mark (mandatory fields), and updates the mark of the given student. Do the same security check as previously. e. Create a page show.php which shows the name and mark of all the students in an HTML table. f. Add a first column 'Remove' to the HTML table containing on each line simply an 'X' character which links to delete.php?name=xyz, with xyz being the name of the student on that line. g. Write delete.php which removes the given student. Show an example of an unexpected name which does bad things. Do the same security check as previously. -------- How to use the rt-projet server Pour des exercices qui nécessitent de lire l'URL, plusieurs pages (formulaires par ex.) ou une base de données par ex., vous pouvez utiliser le site rt-projet. L'accès à ce serveur est possible soit directement depuis les machines de l'université, soit (eduroam ou Internet) avec VPN. Pour des détails, revoir le fichier de saé14. La identifiants du serveur BD sont : serveur : mysql_serv login : login passwd : login-rt2023 BD : login phpmyadmin est disponible en haut de la page (ou à https://rt-projet.pu-pm.univ-fcomte.fr/phpmyadmin). Il vous est demandé de changer très rapidement le mot de passe: aller sur phpmyadmin, ensuite sur changer mon mot de passe (à l'accueil).