Difference between revisions of "Module 2"
(→Group Project: Adding Validation)
|Line 110:||Line 110:|
|Line 143:||Line 146:|
|Cross-Site Request Forgery Safe
|Cross-Site Request Forgery Safe
Revision as of 15:21, 1 September 2012
In Module 2, you will learn about HTML, CSS, and PHP.
This article contains your assignments for Module 2.
DO NOT WAIT UNTIL THE LAST MINUTE TO START ON THIS (or any) MODULE! The most common reason students perform poorly in this class is due to procrastination. You have been warned.
Learning HTML and CSS
You need to become familiar with HTML and CSS. Read the HTML and CSS guide to get started: HTML and CSS
Write a Birthday Card
Write a birthday card to a friend or family member using HTML and CSS. Use HTML do define the content of the card (like the headings and the paragraphs), and use CSS to define the appearance. Some ideas:
- Make the background-color of the page baby blue and use purple ink to write a card to a little boy
- Make the text big and red, and include pictures of hearts
- Use a boxy font with text shadows to make your card look urban (more advanced)
Remember that you're in a computer science class (not an art class), so we don't care if your card looks ugly. The main thing is that you learn HTML and CSS and use them appropriately.
Your birthday card must pass the W3C Validator with no errors. For more information see the HTML and CSS guide: HTML and CSS#Validation
You need to install PHP on your EC2 server. Instructions are at the top of the PHP guide: PHP
You need to configure PHP to show errors. Instructions are immediately below installation in the PHP guide.
Learning the PHP Language
Before you can continue, you will need to make yourself acquainted with PHP language components. Read the PHP guide for an overview: PHP#PHP Language Components
Make a calculator that uses PHP to multiply two variables provided in the URL and displays the result on a page.
Make a second calculator. This one should have an HTML form for the two inputs. It can either POST back to the same page, or to a different result page. In addition to multiplication, this page should support addition, subtraction, and division, by means of a radio button group on the page.
You will work in pairs on this project.
Important Reminder: frequently commit your work to your subversion repository as a backup!
Simple File Management Site
You will be making a simple file management site that supports uploading, viewing, and deleting files associated with various usernames. Details:
- You should have a file named users.txt stored in a secure place on your filesystem. It should have one username per line.
- Users need to specify their username before they can sign into your site. You should check to see if their username is present in users.txt. (Passwords add an extra layer of complexity that we will cover in a later module.)
- Use PHP Session variables to keep track of the user who is logged in.
- Once in the system, you will present the available files for that user. The user then can delete these files, display/open them, or upload new files.
- A user should be able to see only his/her own files.
- When a user logs out, all files should be inaccessible until logging back in.
- You need to support at least 3 different users.
- Registering new users is NOT necessary (although you may do so for part of the creative portion)
- The url should NOT reveal internal file structure (including file names, so don't just link to the actual file on the web page!)
- Example of what not to do: http://www.example.com/download.php?file=/home/paul/file.txt
- Another bad example: http://www.example.com/~user/file.txt
- In general, don't reveal any internal information about the site.
- Food for thought: Given that Apache processes (with the exception of the main process) do not run as root, but rather as the user apache, how can you allow both your user account and the php scripts to read and write the necessary files?
- Creative portion: add an extra function to the site.
- It must be non-trivial, and involve learning outside the instructions provided in the class materials
- This idea needs to be approved by the TAs/Professor. Discuss it with at least one TA or the professor before proceeding.
You will probably find the PHP guide on this wiki to be helpful: PHP#Other PHP Tips
Web Security and Validation
Your project needs to demonstrate that thought was put into web security. In particular, your file upload application should be CSRF-safe. That is, you should pass tokens when uploading and deleting files in order to prevent request forgeries. For more information, see this week's Web Application Security guide: Web Application Security, Part 1
Finally, your project must pass the W3C Validator with no errors. For more information see the HTML and CSS guide: HTML and CSS#Validation
Tips on Editing Files
You have several choices when it somes down to actually editing files on your web site.
- You can use a command-line text editor, like vi, emacs, or nano
- You can use a GUI text editor, like Notepad++
- You can use a full GUI IDE, like Eclipse
The choice is really what you prefer. Using the GUI certainly has advantages over a command-line interface, but it's sometimes faster to edit files directly on your server. Either way, you should frequently commit changes to your repository.
- In Eclipse, go to Install New Software...
- Add the following URL: http://update.aptana.com/update/studio/
- Load the packages and install Aptana Studio.
- Restart Eclipse.
- In the Aptana Studio welcome screen, go to Plugins
- Install the Aptana Studio PHP plugin
- Restart Eclipse again.
If you don't want to use Eclipse, Notepad++ is a nice choice. You may want to download it and save it to your H: drive. http://notepad-plus-plus.org/
Note: Remember that you can use a SSH filesystem client to make local files automatically update on your server. Fore more information, see the Web Server Configuration guide from Module 1.
Due Date: _____ (both individual and group)
|Birthday Card Content||1|
|Birthday Card Validation||1|
|Can't Access Other Users' Files||1|
|Can't See File/Directory Structure||1|
|Can Upload New Files||1|
|Can View/Download Files||1|
|Can Delete Files||1|
|Cross-Site Request Forgery Safe||1|