Difference between revisions of "Module 2"
Line 195: | Line 195: | ||
#*** You may style the page with bolding, hyperlings, images, block quotes and lists | #*** You may style the page with bolding, hyperlings, images, block quotes and lists | ||
#*** [http://dillinger.io/ This online markdown editor] makes it easy to learn this format | #*** [http://dillinger.io/ This online markdown editor] makes it easy to learn this format | ||
+ | #** The url of BOTH your calculator and your file sharing site. '''''We need this to grade your work.''''' | ||
#** Names and Student IDs of all the group members | #** Names and Student IDs of all the group members | ||
#** A link to the front page of your site | #** A link to the front page of your site |
Revision as of 14:20, 27 January 2017
Module 2 introduces you to Linux, a command-line environment, the Apache web server, and PHP. You will create and configure your own cloud instance, install Apache and related software, and then form groups to make a simple file sharing site.
DO NOT WAIT UNTIL THE LAST MINUTE TO START ON THIS (or any) MODULE! The most common reason students perform poorly in this class is procrastination. You have been warned.
Reading
The following articles on the online class wiki textbook contain information that will help you complete the assignments.
Individual Assignments
There are a lot of wiki pages that you need to read in order to complete the individual portion of Module 2. The wiki pages contain an assortment of required steps, optional steps, and information. To make things easier, we have highlighted the required steps with a red bar, like you see on the left of this message. Do not skip anything marked with a red bar, or else you will not have a perfectly configured instance.
Learn About Linux
Linux is an open-source operating system based on UNIX. Linux is highly versatile and is used in a wide range of applications.
If you are not a Linux guru, read the Linux guide to get started: Linux
Install Cygwin: Windows Users Only
You will need Cygwin in order to log into and configure your EC2 instance. Cygwin is already installed on the CEC machines. Instructions for installing Cygwin on your personal machine are located in the Workflow guide.
Mac OS X users should located the "Terminal" application, which is installed by default; you will need this in the coming steps.
Create an AWS EC2 Instance
Once you understand Linux, you need to set up your Amazon EC2 Instance. Use the AWS article to guide you through the process: Amazon Web Services
Configure SSH
Follow the instructions in the SSH guide to do the following:
- Create your own SSH key pair
- Log in as the default user to your EC2 instance
- Create a new user
- Give the new user your SSH public key
From now on, when you need to log into your EC2 instance as an administrator, just pop up a terminal and run:
$ ssh your-username@ec2-xx-xx-xx-xx.compute-1.amazonaws.com
Install Essential Packages
Recall that software installation in Linux instances is usually handled through apt (Debian) or yum (RHEL). For more information, refer to the Linux guide.
To make sure everything is working properly, install your first package(s) according to the Essential Packages subsection in the Linux guide.
Set the Timezone
Set your server to use US Central time (America/Chicago). Instructions are in the Linux guide: Linux#Synchronizing Date and Time
Set Up the Apache Web Server
You need to install the Apache web server on your EC2 instance. Refer to the Apache guide.
In order for your web server to be accessible, you need to open up Port 80 on your EC2 instance. Instructions are in the AWS guide: Amazon Web Services#Enabling Web Access to your EC2 Instance
Enable the UserDir module in Apache. Instructions are in the Apache guide: Apache#The UserDir Module
Install PHP
You need to install PHP on your EC2 server. Instructions are at the top of the PHP guide: PHP
You need to configure PHP to show errors. Instructions are immediately below installation in the PHP guide.
Learn the PHP Language
Before you can continue, you will need to make yourself acquainted with PHP language components. Read the PHP guide for an overview: PHP#PHP Language Components
Set Up your Workspace
You are now ready to set up the workspace that you will be using for the rest of the semester. Follow the instructions in Workflow to:
- Make an account on Bitbucket
- Make a repository for your individual work for CSE 330
- Install SourceTree
- Windows only: Set up Pageant so that SourceTree can conect to Bitbucket
- Clone your CSE 330 repo from Bitbucket
- Install Komodo Edit
- Create a Komodo Edit Project inside of your Git repository
- Add the *.komodoproject file to .gitignore
- Install FileZilla
- Connect FileZilla to your remote instance
Calculator
Make a calculator using PHP and an HTML form. The form should have two inputs. The form should submit a GET request either back to the same page or to a different results page. The calculator should support addition, subtraction, multiplication, and division by means of a radio button group on the page. (Consider edge cases!)
Group Project
You will work in pairs (that means you and one other person) on this project.
In this module, and all future modules, the group portion builds off of material you learn in the individual portion. You should therefore complete the individual portions prior to working on the group portions. (Trust us: it will make your life easier!)
Important Reminder: frequently commit your work to your repository as a backup!
Simple File Sharing Site
You will be making a simple file sharing site that supports uploading, viewing, and deleting files associated with various users. Details:
- You should have a file named users.txt stored in a secure place on your filesystem. It should have at least three usernames, with one username per line.
- Passwords add an extra layer of complexity (encryption) that we will cover in Module 3. You will not earn credit for implementing passwords as your creative portion for this module.
- Users of the file sharing site should be able to enter their username and then log in.
- You may implement logins using session variables, or you may implement them using a GET parameter that is passed between pages. You will need to always use sessions starting in Module 3.
- Users should see a list of all files associated with their username after the log in.
- Users should be able to view, upload, and delete files associated with their username.
- The URI should NOT reveal the internal file structure of your web site.
- Example of what not to do: http://www.example.com/download.php?file=/home/paul/file.txt
- Another bad example: http://www.example.com/~user/file.txt
- Good example: http://www.example.com/view.php?user=music&name=file.txt
- In general, don't reveal any internal information about the site.
- Food for thought: Given that Apache processes (with the exception of the main process) do not run as root, but rather as the user apache, how can you allow both your user account and the php scripts to read and write the
- necessary files?
- Hint: You shouldn't be storing the user-uploaded files in public_html (that is only the place for your own web-page files),
- Hint number 2: you will need to use chown to change permissions to let user apache (or www-data for Ubuntu) have permissions on the user-files (that are not in the public_html folder). If you don't know what this does or how to do this, look at the Apache page
- You should customize your file sharing site by implementing an additional feature or two as part of the creative portion.
You will probably find the PHP guide on this wiki to be helpful: PHP#Other PHP Tips
Web Security and Validation
Your project needs to demonstrate that thought was put into web security and best practice. For more information, see this week's Web Application Security guide: Web Application Security, Part 1
In particular:
- Your application needs to follow the conventions of FIEO (Filter Input and Escape Output). Things you should filter include file names, usernames, and so on.
- Your project must pass the W3C Validator with no errors. For more information, see the HTML and CSS guide: HTML and CSS#Validation
Grading
We will be grading the following aspects of your work. There are 100 points total.
Assignments must be committed to Bitbucket by the end of class on the due date (commit early and often). Failing to commit by the end of class on the due date will result in a 0.
- You must save your repo as:
- "<Season><year>-Module<#>-StudentID"
- (ie. Spring2025-Module3-201343)
- For the group project, you must save your repo as:
- "<Season><year>-Module<#>-StudentID1-StudentID2"
- (ie. Spring2025-Module3-201343-312532)
- OR, if you are working alone, put both your individual and group portions in your individual repo
If you do not name your repo correctly, or share it with cse330, the TA's are not responsible for grading your assignment. If we cannot find it, you will receive a zero.
_____________
- Cloud Instance and Web Server (30 Points):
- You can SSH into your instance using your own custom username and SSH key. Put a screenshot in your repository of your terminal SSH-ing into your instance (15 points)
- Your custom username is able to perform SUDO commands. Put a screenshot in your repository of you successfully executing a command with sudo (5 points)
- The time zone is correct on your instance. Put a screenshot in your repository of the results of the `date` command (5 points)
- The UserDir Apache module is working. Place a file in /home/<username>/public_html and link to the file in your README.md (5 points)
- PHP Calculator (15 Points):
- The calculator is able to perform all four functions (2 points each, 8 points in total)
- Each function is given as a radio button choice (4 points)
- The calculator page passes the W3C HTML validator (3 points)
- File Sharing Site (40 Points):
- File Management (25 Points):
- Users should not be able to see any files until they enter a username and log in (4 points)
- Remember that users.txt should be stored in a secure location on your filesystem. That is, you should not be able to type any URL into your browser and see the raw users.txt file!
- Users can see a list of all files they have uploaded (4 points)
- Users can open files they have previously uploaded (5 points)
- Note: Users should be able to open not only plain text files but also other file formats: images, spreadsheets, etc.
- Users can upload files (4 points)
- Note: Like users.txt, uploaded files should be stored in a secure location on your filesystem. That is, do not keep your uploads directory underneath a directory served by Apache!
- Users can delete files. If a file is "deleted", it should actually be removed from the filesystem (4 points)
- The directory structure is hidden (2 points)
- Users can log out (2 points)
- Note: If using session variables, you must actually log out the user by destroying their session; i.e., don't just redirect them to the login screen.
- Users should not be able to see any files until they enter a username and log in (4 points)
- Best Practices (10 Points):
- Code is well formatted and easy to read, with proper commenting (4 points)
- The site follows the FIEO philosophy (3 points)
- All pages pass the W3C validator (3 points)
- Usability (5 Points):
- Site is intuitive to use and navigate (4 points)
- Site is visually appealing (1 point)
- File Management (25 Points):
- Creative Portion (15 Points) (see below)
- Make sure you have a README.md file in your group repo with the following:
- An .md file is a plain text file called a markdown file [1] .
- The contents of your README.md file are shown on your repo, making it easier for us to grade
- You may style the page with bolding, hyperlings, images, block quotes and lists
- This online markdown editor makes it easy to learn this format
- The url of BOTH your calculator and your file sharing site. We need this to grade your work.
- Names and Student IDs of all the group members
- A link to the front page of your site
- A brief description of what you did for your creative portion
- Any additional login details needed for the TA
- An .md file is a plain text file called a markdown file [1] .
- Make sure you have a README.md file in your group repo with the following:
Creative Portion
This module, and all future modules, will require that you invest some time into creating additional features for your group project. Plan to invest at least 60 minutes of your time into the creative portion.
- The creative portion is an opportunity for you to learn material of your own interest.
- You will not earn credit for a creative-portion feature that simply rehashes something you've already done in a previous module.
If you need ideas for a creative portion, or if you want to know whether or not your creative portion idea is "hard enough", ask a TA.