Difference between revisions of "Module 2"
(Moving some material to Module 1) |
|||
| Line 1: | Line 1: | ||
| − | + | __NOTOC__ | |
| + | Module 2 introduces you to Linux, a command-line environment, the Apache web server, and PHP. You will create and configure your own cloud instance, install Apache and related software, and then form groups to make a simple file sharing site. | ||
| − | + | <span style="font-size:1.3em; line-height:1.2em;">'''DO NOT WAIT UNTIL THE LAST MINUTE TO START ON THIS (or any) MODULE!''' The most common reason students perform poorly in this class is due to procrastination. You have been warned.</span> | |
| − | + | == Reading == | |
| + | |||
| + | The following articles on the online class wiki textbook contain information that will help you complete the assignments. | ||
| + | |||
| + | * [[Linux]] | ||
| + | * [[Bash]] | ||
| + | * [[Amazon Web Services]] | ||
| + | * [[Web Server Configuration]] | ||
| + | * [[PHP]] | ||
| + | * [[Text Editing]] | ||
| + | * [[Web Application Security, Part 1]] | ||
== Individual Assignments == | == Individual Assignments == | ||
| Line 49: | Line 60: | ||
'''Enable the UserDir module in Apache.''' Instructions are in the Web Server Configuration guide: [[Web Server Configuration#Enabling the UserDir Module]] | '''Enable the UserDir module in Apache.''' Instructions are in the Web Server Configuration guide: [[Web Server Configuration#Enabling the UserDir Module]] | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
=== Installing PHP === | === Installing PHP === | ||
| Line 72: | Line 71: | ||
Before you can continue, you will need to make yourself acquainted with PHP language components. Read the PHP guide for an overview: [[PHP#PHP Language Components]] | Before you can continue, you will need to make yourself acquainted with PHP language components. Read the PHP guide for an overview: [[PHP#PHP Language Components]] | ||
| − | === Calculator | + | === Calculator === |
| − | '''Make a calculator | + | '''Make a calculator using PHP and an HTML form.''' The form should have two inputs. The form should submit a GET request either back to the same page or to a different results page. The calculator should support addition, subtraction, multiplication, and division by means of a radio button group on the page. For 2 points of extra credit, add a fifth operation that raises ''x'' to the power of ''y''. (Consider edge cases, like decimal numbers and division by zero!) |
| − | |||
| − | |||
| − | |||
| − | |||
== Group Project == | == Group Project == | ||
| Line 84: | Line 79: | ||
You will work in pairs (that means you and one other person) on this project. | You will work in pairs (that means you and one other person) on this project. | ||
| − | '''Important Reminder:''' frequently commit your work to your | + | '''Important Reminder:''' frequently commit your work to your repository as a backup! |
=== Simple File Management Site === | === Simple File Management Site === | ||
| Line 124: | Line 119: | ||
== Grading == | == Grading == | ||
| + | |||
| + | We will be grading the following aspects of your work. | ||
| + | |||
| + | # '''Cloud Instance and Web Server:''' | ||
| + | #* You can SSH into your instance using your own custom username. | ||
| + | #* Your custom username is able to perform SUDO commands. | ||
| + | #* The time zone is correct on your instance. | ||
| + | #* The UserDir Apache module is working. | ||
| + | # '''PHP Calculator:''' | ||
| + | #* The calculator is able to perform all four functions. | ||
| + | #* The source code of your calculator is committed to your repository. | ||
| + | #* Extra credit: the calculator is able to raise a number to a power. | ||
| + | # '''File Management Site:''' | ||
| + | #* At least three different users can all have unique uploaded files. | ||
| + | #* Users can upload and delete files. If a file is "deleted", it should actually be removed from the filesystem. | ||
| + | #* Existing files can be viewed. | ||
| + | #* The directory structure is hidden. | ||
| + | #* Safe from CSRF attacks. | ||
| + | #* All HTML documents served by the site pass the W3C validator. | ||
| + | #* Site is intuitive to use and navigate. | ||
| + | |||
| + | === Creative Portion === | ||
| + | |||
| + | This module, and all future modules, will require that you invest some time into creating additional features for your group project. Plan to invest about 60 minutes of your time into the creative portion. | ||
<span style="font-size:2em; line-height:2em;">'''Due Date: Monday September 24th, by 1 PM (both individual and group)'''</span> | <span style="font-size:2em; line-height:2em;">'''Due Date: Monday September 24th, by 1 PM (both individual and group)'''</span> | ||
Revision as of 08:16, 17 March 2013
Module 2 introduces you to Linux, a command-line environment, the Apache web server, and PHP. You will create and configure your own cloud instance, install Apache and related software, and then form groups to make a simple file sharing site.
DO NOT WAIT UNTIL THE LAST MINUTE TO START ON THIS (or any) MODULE! The most common reason students perform poorly in this class is due to procrastination. You have been warned.
Reading
The following articles on the online class wiki textbook contain information that will help you complete the assignments.
- Linux
- Bash
- Amazon Web Services
- Web Server Configuration
- PHP
- Text Editing
- Web Application Security, Part 1
Individual Assignments
Learn About Linux
Linux is an open-source operating system based on UNIX. Linux is highly versatile and is used in a wide range of applications.
If you are not a Linux guru, read the Linux guide to get started: Linux
Create an AWS EC2 Instance
Once you understand Linux, you need to set up your Amazon EC2 Instance. Use the AWS article to guide you through the process: Amazon Web Services
Configuring Your Instance
Installing Essential Packages
Recall that software installation in Linux instances is usually handled through apt (Debian) or yum (RHEL). For more information, refer to the Linux guide.
To make sure everything is working properly, install your first package(s) according to the Essential Packages subsection in the Linux guide above.
Add your Own User Account
On your EC2 instance, set up your own personal account.
For information on how to add a user account, see the Linux guide: Linux#User Management
You need to do the following things once you've created your account:
- Add your account to the Sudoers list. Instructions are in the Linux guide.
- Allow your user to log in via SSH. Instructions are in the Web Server Configuration guide: Web Server Configuration
From now on, you should log into your EC2 instance using only your own username and not the default username that Amazon gives you (ec2-user or ubuntu).
Set the Timezone
Set your server to use US Central time. Instructions are in the Linux guide: Linux#Synchronizing Date and Time
Set Up the Apache Web Server
You need to install the Apache web server on your EC2 instance. Instructions are in the Web Server Configuration guide: Web Server Configuration#Apache
In order for your web server to be accessible, you need to open up Port 80 on your EC2 instance. Instructions are in the AWS guide: Amazon Web Services#Enabling Web Access to your EC2 Instance
Enable the UserDir module in Apache. Instructions are in the Web Server Configuration guide: Web Server Configuration#Enabling the UserDir Module
Installing PHP
You need to install PHP on your EC2 server. Instructions are at the top of the PHP guide: PHP
You need to configure PHP to show errors. Instructions are immediately below installation in the PHP guide.
Learning the PHP Language
Before you can continue, you will need to make yourself acquainted with PHP language components. Read the PHP guide for an overview: PHP#PHP Language Components
Calculator
Make a calculator using PHP and an HTML form. The form should have two inputs. The form should submit a GET request either back to the same page or to a different results page. The calculator should support addition, subtraction, multiplication, and division by means of a radio button group on the page. For 2 points of extra credit, add a fifth operation that raises x to the power of y. (Consider edge cases, like decimal numbers and division by zero!)
Group Project
You will work in pairs (that means you and one other person) on this project.
Important Reminder: frequently commit your work to your repository as a backup!
Simple File Management Site
You will be making a simple file management site that supports uploading, viewing, and deleting files associated with various usernames. Details:
- You should have a file named users.txt stored in a secure place on your filesystem. It should have one username per line.
- Users need to specify their username before they can sign into your site. You should check to see if their username is present in users.txt. (Passwords add an extra layer of complexity that we will cover in a later module.)
- Use PHP Session variables to keep track of the user who is logged in.
- Once in the system, you will present the available files for that user. The user then can delete these files, display/open them, or upload new files.
- A user should be able to see only his/her own files.
- When a user logs out, all files should be inaccessible until logging back in.
- You need to support at least 3 different users.
- Registering new users is NOT necessary (although you may do so for part of the creative portion)
- The url should NOT reveal internal file structure (including file names, so don't just link to the actual file on the web page!)
- Example of what not to do: http://www.example.com/download.php?file=/home/paul/file.txt
- Another bad example: http://www.example.com/~user/file.txt
- In general, don't reveal any internal information about the site.
- Food for thought: Given that Apache processes (with the exception of the main process) do not run as root, but rather as the user apache, how can you allow both your user account and the php scripts to read and write the necessary files?
- Creative portion: add an extra function to the site.
- It must be non-trivial, and involve learning outside the instructions provided in the class materials
- This idea needs to be approved by the TAs/Professor. Discuss it with at least one TA or the professor before proceeding.
- Note that the creative portion is worth double the points of a regular task. Creative portions will not be given full credit if they are too simple, or are simply rehashed things that you've already done (whether it be in this or previous modules).
You will probably find the PHP guide on this wiki to be helpful: PHP#Other PHP Tips
Web Security and Validation
Your project needs to demonstrate that thought was put into web security and best practice. For more information, see this week's Web Application Security guide: Web Application Security, Part 1
In particular:
- Your application needs to be safe from CSRF attacks. That is, you should pass tokens when uploading and deleting files in order to prevent request forgeries.
- Your project must pass the W3C Validator with no errors. For more information, see the HTML and CSS guide: HTML and CSS#Validation
Tips on Editing Files
You should tune your development environment to save you headaches throughout the semester. Instructions: Text Editing
Grading
We will be grading the following aspects of your work.
- Cloud Instance and Web Server:
- You can SSH into your instance using your own custom username.
- Your custom username is able to perform SUDO commands.
- The time zone is correct on your instance.
- The UserDir Apache module is working.
- PHP Calculator:
- The calculator is able to perform all four functions.
- The source code of your calculator is committed to your repository.
- Extra credit: the calculator is able to raise a number to a power.
- File Management Site:
- At least three different users can all have unique uploaded files.
- Users can upload and delete files. If a file is "deleted", it should actually be removed from the filesystem.
- Existing files can be viewed.
- The directory structure is hidden.
- Safe from CSRF attacks.
- All HTML documents served by the site pass the W3C validator.
- Site is intuitive to use and navigate.
Creative Portion
This module, and all future modules, will require that you invest some time into creating additional features for your group project. Plan to invest about 60 minutes of your time into the creative portion.
Due Date: Monday September 24th, by 1 PM (both individual and group)
| Assignment | Points |
|---|---|
| Birthday Card Content | 1 |
| Birthday Card Validation | 1 |
| Calculator 1 | 1 |
| Calculator 2 | 2 |
| Group Portion: | |
| Multi-User Login | 1 |
| Logout Mechanism | 1 |
| Can't Access Other Users' Files | 1 |
| Can't See File/Directory Structure | 1 |
| Can Upload New Files | 1 |
| Can View/Download Files | 1 |
| Can Delete Files | 1 |
| Cross-Site Request Forgery Safe | 1 |
| Validation | 1 |
| Creative Portion | 2 |
Grading (refactored from Module 1)
Due Date: Sept 10th 2012 by 1 PM
If you have questions, head on over to the CSE 330 Google Group. The TA's will be busy grading on Monday and likely won't be able to provide assistance in class.
Make sure to read the Web Server Configuration wiki for more specific instructions on tasks 3 and 4: Web Server Configuration
You will be asked to do the following in front of a TA (you should make sure everything is working properly and you know what to do before you sign up to demo):
- Connect to your ec2 instance
- Display the current time on your ec2 instance
- Show the test file at http://ec2-xxx-xx-xx-xxx.compute-1.amazonaws.com/~yourUserName/hello.txt (note that ~yourUserName cannot be ec2-user!)
- Show the text helloFrom___ files connected to your subversion repository. You will be asked to make and commit changes in front of the TA.
| Assignment | Points |
|---|---|
| Creating your VM | 1 |
| Working SSH | 1 |
| Working user account | 1 |
| Working NTP (correct time zone) | 1 |
| Remap userdir | 1 |
| Apache Setup | 1 |
| SVN setup on Amazon Instance | 1 |
| SVN setup on Eclipse | 1 |
