Administrating the NR 143 Web Site

Contents

  1. Menu System
  2. Site Organization
  3. Password Protection
  4. Assignment (File) Uploading
  5. Assignment Correcting
  6. File Permissions
  7. TODO (Programmer Notes)
  8. NOTES (other)

Menu System

The javascript and the HTML menu on the main page is generated with PHP from the file menu.xml located in public_html. Few XML editors exist, but the XML file format is intuitive enough for editing by hand in a text editor. The width attributes in submenu have to do with the javascript code. Also segments of the file can be commented out with XML/HTML comment tags of the form <!-- -->.

Errors in the XML can be checked by refreshing the home page after editing the file. Errors will be displayed at the top of the page, and will usually report a line number.

Site Organization

Password Protection

The site is protected using Apache .htaccess files, and with the htpasswd file authentication mechanism.

Shutting off password

Password protection can be shut off by removing or renaming the .htaccess file that is requiring authentication. A quick way to temporarily shut off password protection is moving/renaming a .htaccess a .ht or htaccess with no leading-dot.

Adding usernames/passwords to the password file

Passwords can be added or changed by using the htpasswd command found on Zoo. The way to use the command is htpasswd passwdfile username. A dash 'c' (-c) can be used in the command to create a new file.

Removing usernames/passwords from the file

Passwords can be removed by editing the file with a text file and removing the line that starts with the username you wish to remove.

Assignment (File) Uploading

File uploading does not rely on the name of the file given by the user on the system the file resides. The name which the uploaded file will finish with on the server will be a name given by the script. The user must input their name, must choose a lab, choose a course numberr and must submit a file. If a user happens to enter the name for an individual which already submitted for that lab, the file will not be overwritten and an error message will be displayed.

Submitted labs are placed in their corresponding lab folders. The filename will be saved as lastname_firstname_lab#.ext (the extension defaulting to PDF). Students can check to see if their file was uploaded by clicking on "View Submitted Assignments".

Assignment Correcting

The directories containing submitted labs are not available to the world. The files can be reviewed by TA's by using some file transfer client, or by viewing the files from the Submit Homework screen. The login is the "TA".

Corrected assignments should be placed in the public_html/pickup/ directory. These files should maintain as much of the naming convention as possible, using underscores ('_') instead of spaces.

File Permissions

Web Readable Permissions (AKA World-Readable Permissions)

Files that would like to be viewed to web visitors must have permissions of at least 644. From the command line this would be chmod 644 file.html.

Directories (folders) that contain files that need to be available to web visitors must have permissions of at least 711. If the listing of files in the directory is desired, then the permissions must be 755. From the command line this would be chmod 755 directory.

Directories that can be uploaded to must have the permissions of 777 (or 707), world writable.

Changing permissions for many files

One way to change the permissions of multiple files is with the following usage of chmod:

chmod -R 755 .

The period stands for the current directory the user is logged into (changed by the cd command). The dash 'R' (-R) stands for recursive and affects all subdirectories (folders) below the current directory. This will change all directories and folders to permissions of 755, making all directories and folders web/world readable. This could be dangerous if done from a directory that contains the upload directories.

TODO

The programming design of this site is weak at best. It doesn't declare one function. However, it utilizes the PEAR module system, perhaps explaining why more scripting occurs than functional or objected oriented programming.

Security could be checked by making sure variables initialized by GET and POST are used by calling the $_GET and $_POST PHP superglobals.

File listing scripts could use the File_Find PEAR module. However, that module needs some work.

Add documentation on removing and adding uploaded, picked-up files and folders.


NOTES

The site is listed at UVM Course Web Sites.

Attempts to upgrade the JavaScript code from Dynamic Drive were unsuccessful -- the "Navigation Bar" wouldn't appear in IE and still wouldn't appear in Netscape 6 and Mozilla 1.1 beta.

August 2002 Aaron Hawley