Assessment Details

For this assignment, you will create an online marketplace - a bit like Facebook Marketplace or eBay.

Your marketplace, Kettle Basement is dedicated to community members selling or exchanging kettles with other local members.

Users can create accounts, browser kettles that are up for sale or exchange, make an offer, and message the winner to arrange the exchange.

You must implement this platform using PHP and MySQL or MariaDB, with some JavaScript for validation.

Database Structure

The web application uses a relational database. The database has the following structure:

User ( id, name, email, password, location )

Kettle ( id, user_id, title, description, seeking, submitted )

Offer (id, user_id, kettle_id, offer, accepted, submitted)

Message (id, from_user_id, to_user_id, offer_id, sent, text)

Primary keys are indicated with underlines or bold formatting, and foreign keys are italicized.

Each record in the User table represents a member of the site. Members can add kettles to the site, and review and make offers on the kettles added by others.

Each record in the Kettle table represents a kettle that a user has put up for sale or exchange. The seeking field is free text and indicates what the user is willing to accept in exchange for the item. 

The Offer table stores offers made by other users for a particular kettle. Users may make multiple offers for a single item.

Finally, Kettle Basement should allow members to send messages to each other to arrange the exchange. The Message table tracks messages sent between members about a particular offer, along with the date and time that the message was sent.

The following constraints should be applied when implementing the application:

The User password field should be a VARCHAR of 255 characters. The name, email, and location fields should be VARCHAR of a length that you determine to be reasonable and sufficient;

The Message.text and Offer.offer fields may be either VARCHAR or TEXT.

The Kettle.submitted, Offer.submitted, and Message.sent fields should all be be MySQL TIMESTAMPs.

The Kettle.accepted field can be either a Boolean indicating whether this offer was successful, or a nullable TIMESTAMP indicating when the offer was accepted.

Only one offer may be accepted per kettle - this is not enforced by the database design but must be enforced by the application. You may change the schema to make it enforced by the database if you prefer.

Please note that you are free to extend this database schema if required.

Initial Data

When the database is created, it should be populated with data of your own invention, appropriate to the theme (keep it clean). 

You should have at least:

5 users;

3 kettles;

5 offers, at least one of which is submitted by the tutor user, and accepted by the seller; and

3 messages about a single accepted offer

One of the users must be you (even if you are not interested in kettles). Use your student id - 30338458 - for the username, and your real name and email address. 

One of your users must have the username tutor and the password guest.

Invent other users as necessary - perhaps use characters from your favourite movie or band.

Include this data as part of your written report.

Database creation DDL

Create a single SQL file that creates the MySQL database, creates the four tables above, and populates them with your initial data. 

Use your student id and course code as the database name as follows:

ITECH3108_30338458_A1.

Passwords should be hashed using, at minimum, the crypt() PHP function. Prefer to use the PHP password_hash() function to generate password hashes.

For the password 'guest', the following hash may be used in your database:

PASSWORD = '$2y$10$123854833030000999999u3qXgx6nkyXqch1ZhByC5z1m2dwVB7qC'

It is acceptable for all initial users to share the same password for testing.

Use of MD5 or SHA1/2 for password hashes is not acceptable.

Write SQL queries that display all of the initial data using SELECT statements, and list these queries in your report.

User accounts

Write PHP and HTML to allow new users to sign up. The form should request a username, email address and password. The password must be hashed before storing it in the database.

Using PHP, validate that the username is unique, and the password is at least 5 characters (before hashing).

Write PHP code to allow users to log in and log out. This will require the use of sessions and/or cookies.

Viewing items

Write PHP and HTML to allow users to view a list of all items currently offered, including any offers made for each. The list should be sorted so the most recent items are listed first.

Kettles with accepted offers should still be displayed, but highlighted in some way, including highlighting the successful offer.

You may implement this using whatever User Interface approach makes sense to you.

Making and Accepting Offers

Write PHP and HTML that allows users to make an offer on a particular kettle.

This should only work on items that don't have accepted offers.

Users should be able to review offers made on their kettles, and accept one.

Messages

Write PHP and HTML to allow the users in an accepted exchange to message each other.

Create a messages page that displays the messages sent and received by the logged-in user, including the date and time for each message.

Aggregate data

Create a page that displays the following information, using SQL aggregation such as COUNT and SUM, subqueries or nested SELECT statements, inner joins and (left or right) outer joins.

The total number of kettles on the site;

The top 3 most-wanted kettles, ordered in descending order by number of offers made;

Bonus challenge task- Moderation

Extend the data model and write code to implement moderation features:

Users can report users for violating site rules (for example, by posting inappropriate offers);

A moderator can review reported users, sorted by number of reports, weighted by the reporting user's reputation (descending order)

Users found to be in violation of site rules should have their accounts disabled, but should not be deleted

Users who incorrectly report users for being in violation when they are not should have reputation reduced, so their reports are less important in future

Users who correctly report other users should have their reputation increased, so their reports are more important in future.