“Add authentication (movie-login and movie-logout).
In movie-login, include salting/hashing/sanitization.
Add username to session upon successful login.
Write session check code. Include (use PHP include or require) session check to every page (except login and logout pages). This means that when a user goes directly to any page without login, the user will be redirected to the login page.
Upon logout, destroy session and other code (see lecture). Redirect user to the movie-login page upon logout.
Add DB table for ROLE. There should be two types of roles: customer and admin. See document for role access info for each use case.
Add PHP code to perform authorization (role matching) in authorizing.php. Include (use PHP include or require) authorizing.php into all secured pages (pages that need authentication to access them).
Add unauthorized.php to direct users without authorization to.
Add one new page to show a list of all Users. Only ‘admin’ has access to this page. Both ‘admin’ and ‘customer’ have access to other Movie pages. (5 pts extra credit for those who did pages for Add/Update/Delete User data).”