Module 6

From CSE330 Wiki
Revision as of 21:30, 1 September 2012 by Shane (talk | contribs) (→‎Web Security)
Jump to navigationJump to search

In Module 4, you will learn about JavaScript, the prevailing client-side language, and AJAX, a method for performing asynchronous updates to a web page (without refreshing the page).

This article contains your assignments for Module 4.

Individual Assignments

Simple Calculator

Read the JavaScript guide first: Javascript and AJAX

Create a simple JavaScript calculator.

  • The web page should have two input fields and a radio button group for the operation, with the 4 basic math operations represented (add,subtract,multiply,divide).
  • The javascript should monitor all three fields and display the current result whenever the user changes any value in any field, without refreshing the page.
  • The calculator should be completely self-contained; i.e., you should not be making any requests to any other server-side or client-side scripts or web pages after the initial page load.

jQuery Dialogs

Helpful Resource: jQuery Documentation

Create a simple page using jQuery dialogs.

  • Create a page that has the words "Google" and "Yahoo".
  • When the user clicks the "Google" text, open a jQuery dialog window with one jQuery dialog button. If the button is pressed, display the Google logo image (the image can be stored on your web server) on the web page, and if the dialog is closed any other way, do nothing.
  • When the user clicks the "Yahoo" text, open a jQuery dialog window with one jQuery dialog button. If the button is pressed, display the Yahoo logo image (the image can be stored on your web server) on the web page, and if the dialog is closed any other way, do nothing.
  • Initially there should be no image on the page (i.e., the img should be hidden with the CSS display attribute). After one of the two images is displayed, if the user clicks on the image, a jQuery dialog box should be opened with one dialog button, and if the button is pressed then the image should be hidden again. Otherwise, do nothing.

Group Project

You will work in pairs on this project.

Important Reminder: frequently commit your work to your subversion repository as a backup!

I forgot if I already mentioned this, but start early on this project! It will take longer than you think, I promise!



Build a simple calendar that allows users to add and remove events dynamically.

You will use javascript and jQuery to process user interactions at the web browser, without ever refreshing the browser after the initial web page load.

You will leverage your existing PHP and MySQL knowledge for the server side of the calendar application to manage users and calendar events.


  • Support a month-by-month view of the calendar.
    Show one month at a time, with buttons to move forward or backward.
    There should be no limit to how far forward or backward the user can go.
  • Users can register and log in to the website.
    You may leverage your MySQL project code and database from last week to get started.
    You may alternatively use OpenID for user authentication. Note that you will still need a Users table in order associate calendar events with a certain OpenID.
  • Unregistered users should see no events on the calendar.
  • Registered users can add events.
    All events should have a day and time.
    All events should have a day and time.
    You also do NOT need to support recurring events (where you add an event that repeats, for example, every monday).
  • Registered users see only events that they have added.
  • Registered users can delete events.
  • All user and event data must be kept in a MySQL database.
  • The actual calendar HTML should be built with PHP.
  • At no time should the main page need to be reloaded.
    User registration, user authentication, event addition, and event deletion should all be handled by JavaScript, jQuery dialogs, and asynchronous POST/GET requests to PHP scripts.

Web Security and Validation

Your project needs to demonstrate that thought was put into web security and best practice. For more information, see this week's Web Application Security guide: Web Application Security, Part 3

In particular:

  • Your application needs to prevent XSS attacks. The easiest way to prevent this is to continue sanitizing all of your output using htmlentities().
  • Perform precautionary measures to prevent session hijacking attacks.
    You should specify your session cookie to be HTTP-Only. However, for the means of this module, you need not test for user agent consistency.

You should continue the practices that you have learned in past weeks:

  • Pass tokens in forms to prevent CSRF attacks
  • Use prepared queries to prevent SQL Injection attacks
  • If storing passwords in a database, always store them encrypted
  • Your page should validate with no errors through the W3C validator.


Due Date: _____ (both individual and group)

Assignment Points
Calculator 2
jQuery Dialogs 2
Group Portion:
Calendar month view correct 1
Move between months (without page reload) 1
User authentication and registration (without page reload) 2
Add events (new event shown in calendar without page reload) 2
Delete events (event removed from calendar without page reload) 2
User events are private 1
Creative Portion 2