- Site created by Ryan McHenry as a class project for MIS
314 at Western Washington University.
- All product information is dynamically generated using Active
Server Pages.
- Book, customer and order information is stored in an Access database.
- Server-side includes are used for all components that are used more
than once (such as the search/browse and Author scripts, as well as
the header and footer).
- Home Page
- "Recommended Reads" are randomly selected from the
database.
- The browse menu is dynamically generated from the database using a SQL query that shows
only the current book categories.
- Book descriptions are truncated at 300 characters.
- Search/Browse response page
- The search function searches book titles, descriptions and
categories fields in the database.
- The RecordCount property of the RecordSet object is used
to count the number of books found by the search.
- Searches that have no matches respond gracefully
- Shopping cart page
- Uses a cookie to store the ISBNs of items in the
cart.
- Checkout pages
- Searches the database for email addresses of existing
customer accounts and writes their shipping information in
the form on the order confirmation page.
- Order Confirmation Page
- Checks for shopping cart and prompts user if cart is
empty.
- All fields are checked to make sure that they contain
information.
- Checks email address in database and prompts user to try
again user if address not found.
- Modifications made to customer information are updated in
the database.
- Order information are written to the database.
- An email is sent to the customer with the order
information.
- The shopping cart is emptied by setting ItemCount to zero in the ShoppingCart cookie. .
- Order History Page
- Searches the database for all orders associated with
e-mail address
- If no matching email address is found user is prompted to
try again.
- Enhancements
- From a link on the login page, a new customer can add themselves to the database. If all fields in the form are not complete, the user is provided with an error message and provided with a link back to the form.
The SQL statement looks for the email enetered to find duplicates. If the email address exists in the database, the user is redirected to the default page with an explanatory message.
A binary compare on the password and confirm password ensures the user knows the password they have entered before it is written to the database.
If all information is satisfied, the customer's information is written to the database, a confirmation HTML formatted email is sent and they are redirected to the home page and provided with a confirmation message.
If the email address already exists in the database, the information is not written and the user is redirected to the home page with an error message.
- The Login Page requests the email address and password of the user, using an SQL statement, finds the customer record associated with the email address and performs a binary compare of the password in the database and the password input by the user.
If the two passwords compare, the user's email address, password and name are written to a cookie after which, the user is redirected to the default page with a personalized welcome message.
If the passwords do not match, user is redirected to the login page with an error message.
- The login page also has a link for users that forgot their password. This link takes them to a form where they enter their email address and a binary compare is run on any match in the database. If it matches, an HTML format email
containing the password is sent to the user's email address.
- The home page checks for the login cookie. If found, a personalized welcome message is displayed otherwise "Not Logged In" is displayed.
- The user can sign out as well. This process deletes the login cookie and redirects the user to the login page which displays the message "Logged Out."
If the user signs out, but no login cookie is present, the same process occurs with the message "Not Logged In."
- The checkout01 page looks for the login cookie and, if it exists, redirects the user to checkout02.asp and displays their information.
Otherwise, the login form is displayed. Checkout03 checks the shipping address for duplicates in the database. If none are found, the information is stored and the shipID pulled for querying. Otherwise, a separate SQL statement only pulls the shipID.
- An administration page is provided to view customer information (not passwords) and add/edit inventory information. This page acts like the login page, except the record to be found by the SQL statement has already been specified.
If the passwords match, the customer information list is displayed, if not, the user is redirected to the login page and provided with an error message.
- The shipping information on the product page varies depending on the number of units available. After an order is placed, the units for each item ordered are reduced by the quantity ordered.
- Webdamentals strictly uses SQL statements to find information and preload fields to be written.
- If an email address is not found on the main login page, an error message is displayed. If this occurs on the checkout login page, it is assumed that the customer is new so checkout=true and the Register form is displayed. A checkout string is passed
to the form which, if this hidden field is true, the customer's information is written to the database, a confirmation HTML formatted email is sent to them and they are redirected back to the checkout login page.
- If a search or browse category returns only one item, the product page for that item is displayed.
- If an item is out of stock, the add to cart icons are removed.
- The search string is filtered for single quotes to prevent SQL injection and for HTML tags.
|
|
