I did two things tonight. First of all I made the login screen pretty, fixed the login bug (I can spell 'username' I swear), and fixed some auth checking issues in the teacher site. The teacher site is my second big thing. I spruced up the studentinfo page (although that may be a bit of an understatement) and gave Bryan a springboard so he can hopefully see the code and say "Oh I see what you did there!" and then proceed to write a nice site. A summary of additions: the table of students has links and sorts by last name. The studentinfo page takes a student id in the url and gets the entire app and then dumps the results.

There was no research necessary this week.

There were many developments done this week to polish the site and make it more usable for the students and teachers. There is no longer a second login page for the teacher's site. Logging into the root login page will redirect the user as appropriate. This has myriad advantages over the old system. For example the cookies problem whereby the user could get automatically logged into either section of the site by being logged into the other is fixed with this system. It also centralizes the site and makes it even more transparent.

The login system also works with nwauth to authenticate users with real passwords. There was a problem with the login system not working with passwords with spaces in them. The fix for that was to add a simple pattern matching line to the perl script that escapes spaces which allows them to be passed to the command line. The perl script returns the exit code from nwauth on stdin and the php picks it up and checks that it is zero which denotes a successful authentication.

The student portion of the site is very close to being completed. The functionality is there - students can submit their information and edit it any time. The only outstanding feature that has yet to reach full functionality is the freezing of the application when the student submits and the details involved therein such as integrating the deadline. We will be ready for presentation on Monday.

A most extraordianry change to the login system. Code cleaned up and organized but also there is but one login page which will direct you to the appropriate site based on your login. Teachers to the teacher site and students to the student site. No more cookie madness (I hope). Also I don't think you can be logged on to both sites at the same time anymore. Sad story but it is more secure and pretty.

Also I fixed your MySQL query, Bryan.

The login system works, you now need a valid username/password combo for the student site. The teacher site is still being worked on and wouldn't do us much good if we couldn't log on. The only problems with the system are as follows: you cannot have spaces in your password and the system uses the soon-to-be-deprecated novell system and I was recommended to use kerberos auth with Win2000. Small problem kmoffett, the local.tjhsst.edu realm isn't configured in the krb5.conf file on adelie meaning that authing with Win2000 is impossible. Novell will work for now though, just not with spaces.

There are a couple of changes to the site itself. There is a new field on the project proposal form and a new field in the database, project title. This will be displayed to teachers when they look at the list of students. There is a submit butan on the confirm complete form but it doesn't freeze the app yet. I'm thinking that all updates will check that flag and block updates if it is 1 and notify the user that the app is frozen. Finally, you can no longer select two choice techlabs to be the same. Not now way not no how. You can try all you like, it will not accept it.

A good feature request that came to me today was having one login page and having the system redirect the user to the teacher or student site as appropriate. That will be implemented soon.

Even though I said I would stay under the radar this weekend, I couldn't help but do a few things.

I made this status page that checks for completeness on the forms, allows a user to select mentorship, and includes the confirm complete checkbox if everything is technically finished. It looks much nicer than the two separated status pages and unifies the site more. Before when the user finished filling out mentorship and they were at that point all done they had to go back to the techlab application section to check the box and submit. Somewhat non-intuitive and annoying, so it is now fixed. Also that page requires a bunch of wacky cheking that is cleaned out of the application pages and put in the status page.

The navigation bar now shows where the user is with a different-colored background and for users of fireyiff it shows a little » in front of the link. The links are now bold to tell you that there is no main page under techapp and mentapp any more. Those are still links, but they redirect to the status page which is where you should be.

Someone has put nwauth on the webserver so the login system can finally work! But it doesn't because I want to see how intranet does it so I'm not reinventing the wheel here. The rest of the login system has been fixed with the blank box and existing user checkingness.

There was not much research done this week. There were some requests from the techlab directors regarding questions on the forms that needed to be changed, especially in the first, second, and third choice selection page. The question about which courses the student has taken and their experience in the area has been made into subordiante questions to each of the choice selections. Mr. Berenty also had a couple of minor wording changes to the mentorship section.

Much development was done this week as we are on a somewhat tight deadline. The mentorship section was completed and made to work like the techlab section. It saves in the database and reports on completion status on the mentorship root page.

I realized that saving the student's username as a session variable was a very bad way to be doing things. Since the databases are all indexed by student ID, it meant that I had to do a left join on each query to gethe student ID which meant more complicated and slightly more unreadable queries. It makes so much more sense to store the student's ID as a session variable and eliminate those problems, so that's the way it works now.

There is now a rudimentary teacher section that uses the same kind of design as the student site and uses the same kind of authentication system. Its functionality is limited to selecting which students have selected that teacher's techlab and displaying their names in a table, but it is just a prototype. I anticipate that Fleming and Sarah will start working on that soon to make it work the way teachers want it to.

There was an issue in Internet Explorer where the text would simply not appear until highlighted. I believe I have fixed that issue by adding a DOCTYPE to each page telling IE that the page is a modern page an not to use its compatability features that result in rendering glitches.

The student site is technically complete. There are things that could be done to streamline the navigation of the site, however, such as showing where the user is in the navgation bar. The teacher site needs the most work. Its functionality needs to be worked out, such as whether to show all the students and sort them by choice or to allow the teacher to choose which students show up on the page based on the students' choices.

Couple of Lots of important changes today.

• First the mentorship section is done. It saves just like the techlab page. On the usability side I want a link or something that will take them back to the techlab page upon completion of the mentorship application and allow them to check the confirm complete box. I also want to make that not appear if the mentorship isn't done yet.
• Second major change is that I changed the username session variable to student id (SID). This reduces a lot of the complicated queries with left joins and three different tables. Those same queries are made on one table, much more readable.
• I fixed the wierd text-not-showing-up-in-IE bug. All that needed to be done was add a doctype to the top of the page to tell IE that this page is modern and not to use its backwards-compatability modes (read: bugs) when rendering the pages. Thanks, Oleg!
• I made a rudimentary teacher section (sorry Bryan). It integrates with the database and allows techlab directors to log in and view students who chose the applicable techlab as the first, second, or third choice. It has no clickables because I didn't feel like it and I had done a lot already, but that's easy enough to add.
• Some changes to the techlab application as per the suggestions of Mr. Strong. The courses and the other thing are now sub-questions to the first-, second-, and third-choice techlab questions. And I added the appropriate fields in the database. If we have the time I will add the bling bling like javascipty appearing text that yells at you to take prereqs and things of that nature.

All that's left is a decent teacher site, tweaking the student site if people have issues (like adding instructions and things), and rigorous testing (especially the security system, I want that to be as watertight as possible). I talked to sysadmins about getting nwauth on adelie and they said they'd get around to it soon since no one with root on that box was in the syslab at the time. All in all progress is good. This weekend is a black hole of productivity: two parties and sleep catching-up. Boy howdy! But I'll be back on the playing field Wednesday.

The HEAT IS ON! This week is Database Integration Madness! week. That's right, folks. This week will see the implementation of the database structure into this site. "How?" you ask. "How can this be?" Well it will be me randomly doing this project when I should be doing other things. It will ROCK OUT HARD!

On a more serious note, I finished the techlab portion of the site. The database is fully integrated. Yes, that's right, you can enter information and it will save. It will even tell you if you are missing fields, allows you to select whether you are doing mentorship or not, and whether or not you like your app enough to mark it as complete for techlab directors to read. The text is from my own mind though so if it doesn't sound official enough then, well, talk to me or just change it.

I also fixed the login system, tightened it up if you will by using headers instead of meta tags to redirect users and sending the user to the logout page if the cookies weren't kosher because login_verify didn't seem to be doing a good job of clearing them itself and that's what logout does best. Can't put cool messages anymore, but at least there isn't a BIZZARROOO infinite refresh loop under IE anymore (I still don't know what that was). Speaking of how much IE sucks, it still has problems displaying text. This must be fixed so if there is anyone out there with any idea AT ALL about this then we should talk. I guess it's my fault for wanting to conform to accepted standards, IE is punishing me.

Today was quite productive. Much more security was implemented and page accesses are strictly controlled. Changes for today:

• Two new session vars, username and auth_code. username is used in MySQL queries.
• Pages check if $_SESSION['username'] is set and redirects to the logout page if not. This keeps someone from going directly to techapp/ or mentapp/ for instance if not logged in which was previously allowed.
• The login page requires a valid username now. It doesn't restrict to the junior class just yet, but that's a simple modification and we're still in the testing phase.
• On first login the site checks if you have an entry in the techlab table and if not it adds you.
• There is a box now that welcomes you on each page and presents a logout link there instead of the navbar.
• Added vars in the include.inc.php file to hold the MySQL login details.
• Changed the include.inc.php file to use the 'here' syntax of php (echo <<<EOF ... EOF;) to make it prettier.

The techlab site is full of content. This is good since it is now completely ready for the presentation on Monday, at least in terms of content. Curtis made all the input forms for the techlab and mentorship sections and I snazzed them up with tables and homogenized the whole thing. I made a mentorship section and integrated the input pages. The site also has a logout button now that clears the cookie which says that you are logged in. I really need to add some more cookies but that will be hard until I can track usernames that way. I think I'll have each page (techapp, mentapp, documents, index.php) check to make sure that the session vars are kosher, otherwise it will spit the user back at the login page with a nasty warning.

This week I researched some MySQL functionality to create more customized queries. Functions like JOIN allow tables to be concatenated and referenced in one query which reduces the number of queries per page load and thusly reduces load times.

This week I got together with Dan Tran and got a dump of the intranet database. It is inserted in my database which will be used with the site to access student info.

I also worked on the stucture of the site to make it more secure and make the functionality more transparent to end users. The directories under the document root for this project are not actual directories, they are files without extensions that are specified in .htaccess to be php files. This allows more control over where the users go on the site.

There is a new CSS file that is activated when the page is printed. It removes the navigation bar and title bar leaving just the content. This is useful, for instance, in the documents section of the site to make the page appear integrated with the rest of the site but print out as intended with none of the title, navigation bar, or footer.

This week was gearing up to make a presentable site for the techlab teachers when we present it to them on Monday of next week, the 25th. Many of the technical aspects are missing such as data input and user authentication. Now that I have a database dump, these things can be worked on next week. User authentication is a problem on the TJ web server because it requires that certain software be installed that can interface with the TJ lan which is a Novell platform. Hopefully that can be worked out next week as well.

Oh woe! The intranet database does not have the passwords. Looks like I'm going to have to talk to the TJ lan for authentication. On the brighter side, I got an intranet dump to work with.

Today was quite productive. The static documents have been HTMLized and placed online. A basic design is up now on the pilot site with some basic colors and CSS. There is also a print CSS that is used if the page is to be printed. I anticipate using this to make the static docs printable without resorting to opening them in a new window since a lot of people in the group seem to oppose that idea.

As for the structure, it will be fine as a display piece for the audience on Monday, but I really want to change the way the site works on a very low level to make it like the site you are looking at right now. The "/techlab" directory does not exist. "techlab" is a file that is treated as a php file, parses the URI, and does the appropriate action. The same thing with the other sections of the site, supercomp and comparch. They are files, not directories. This is a good idea because it gives a lot more control over where the user goes to the php script that can throw errors and redirect users (try going here to see what I mean). This has a lot more potential for security.

I did no research this week.

I did not develop the site any this week

This week has been a black hole in the project lifecycle.

Progress was made in working with the site designers to figure out how the site will be laid out and how it will flow in a manner compliant with good HCI. We determined that a bar on the left side of the screen will show the user's current progress in the process and allow him or her to jump to any previous step. It is not fully determined how the mentorship portion of the site will be handled, but we think it will be a checkbox on the same page as the first, second, and third choice for techlabs that says "Do you want to do mentorship?"

This week I researched session handling in php. Sessions allow data to be preserved across pages for the kind of secure site we want to build.

I implemented sessions into the test site. The way the site now works is that the single index.php page loads the other pages according to the data in the session variable, which for now merely specifies the last form visited so that it can load the next one. This increases security by making the various forms transparent to the user and less hackable. The form pages are also engineered so that they can do nothing by themselves so that even if someone managed to find out the name of one of the pages, that knowledge would do them no good.

More progress was made on the site this week. I still have not gotten a database to work with so my effectiveness in that department was limited. I could only do small speculations on how the database would work. I worked mainly with the HCI people and site designers to bring my experience in those areas to the table even though it isn't my assigned principal task.

Go here to see the sources for the pilot techlab selection site. Change the phps extention to php to view the non-source. It is commented and it is beautiful. I use sessions!

I wrote this log page. It takes this file and parses it to display the log entries. Source for the parser can be found here.

This week I researched how to write HTML forms that would be secure, not that they are needed at this point in development. I also read the php manual where it pertained to encryption and security in php. Some of the solutions given were server-side and relied on security through obscurity, such as telling the Apache web server to treat HTML files as php scripts and foil those nasty script-kiddies. There were other ideas about encryption that would be easy to implement in the scripts that are written for this project such as grabbing the user's password and encrypting it with Java on the client side so that no plaintext passwords are sent over the Internet.

This week I created a very basic shell for the techlab application site. It consists of a non-functioning login page and a page that takes the user's name and first three techlab choices. The login page does nothing, of course, because I have no database to use right now. I also wrote some basic php scripts that check for empty fields and redirects the user back so they can change the information.

We are at a very early phase in this project but I think we are coming along very well and are ahead of our schedule. I was sick this week but still managed to do a sizable amount of R&D.