Errors in the XML can be checked by refreshing the home page after editing the file. Errors will be displayed at the top of the page, and will usually report a line number.
The site is protected using Apache .htaccess files, and with the htpasswd file authentication mechanism.
Password protection can be shut off by removing or renaming the .htaccess file that is requiring authentication. A quick way to temporarily shut off password protection is moving/renaming a .htaccess a .ht or htaccess with no leading-dot.
Passwords can be added or changed by using the htpasswd command found on Zoo. The way to use the command is htpasswd passwdfile username. A dash 'c' (-c) can be used in the command to create a new file.
Passwords can be removed by editing the file with a text file and removing the line that starts with the username you wish to remove.
File uploading does not rely on the name of the file given by the user on the system the file resides. The name which the uploaded file will finish with on the server will be a name given by the script. The user must input their name, must choose a lab, choose a course numberr and must submit a file. If a user happens to enter the name for an individual which already submitted for that lab, the file will not be overwritten and an error message will be displayed.
Submitted labs are placed in their corresponding lab folders. The filename will be saved as lastname_firstname_lab#.ext (the extension defaulting to PDF). Students can check to see if their file was uploaded by clicking on "View Submitted Assignments".
The directories containing submitted labs are not available to the world. The files can be reviewed by TA's by using some file transfer client, or by viewing the files from the Submit Homework screen. The login is the "TA".
Corrected assignments should be placed in the public_html/pickup/ directory. These files should maintain as much of the naming convention as possible, using underscores ('_') instead of spaces.
Files that would like to be viewed to web visitors must have permissions of at least 644. From the command line this would be chmod 644 file.html.
Directories (folders) that contain files that need to be available to web visitors must have permissions of at least 711. If the listing of files in the directory is desired, then the permissions must be 755. From the command line this would be chmod 755 directory.
Directories that can be uploaded to must have the permissions of 777 (or 707), world writable.
One way to change the permissions of multiple files is with the following usage of chmod:
chmod -R 755 .
The period stands for the current directory the user is logged into (changed by the cd command). The dash 'R' (-R) stands for recursive and affects all subdirectories (folders) below the current directory. This will change all directories and folders to permissions of 755, making all directories and folders web/world readable. This could be dangerous if done from a directory that contains the upload directories.
The programming design of this site is weak at best. It doesn't declare one function. However, it utilizes the PEAR module system, perhaps explaining why more scripting occurs than functional or objected oriented programming.
Security could be checked by making sure variables initialized by GET and POST are used by calling the $_GET and $_POST PHP superglobals.
File listing scripts could use the File_Find PEAR module. However, that module needs some work.
Add documentation on removing and adding uploaded, picked-up files and folders.
The site is listed at UVM Course Web Sites.