Chris Pollett > Old Classses >
CS174
( Print View )

Student Corner:
  [Grades Sec1]
  [Submit Sec1]
  [Class Sign Up Sec1]
  [Lecture Notes]
  [Discussion Board]

Course Info:
  [Texts & Links]
  [Topics/Outcomes]
  [Outcomes Matrix]
  [Grading]
  [Class Protocols]
  [HW/Quiz Info]
  [Exam Info]
  [Regrades]
  [Honesty]
  [Additional Policies]
  [Announcements]

HW Assignments:
  [Hw1] [Hw2] [Hw3]
  [Hw4] [Hw5] [Quizzes]

Practice Exams:
  [Midterm] [Final]

HW#4 --- last modified February 07 2019 04:37:47..

Solution set.

Due date: Nov 18

Files to be submitted:
Hw4.zip

Purpose:To make your own REST web service, to gain experience working with XML, JSON.

Related Course Outcomes:

The main course outcomes covered by this assignment are:

LO2 -- Write schemas, DTDs, and style sheets for XML documents.

LO4 -- Write client-side scripts that validate HTML forms.

LO5 -- Develop and deploy web applications that involve components, web services, and databases.

Specification: For this homework you will create a REST-based advertising web service as well as a minimal site to test your web service is working. Within the Hw4.zip file you submit, there should be two subfolders BestSiteAd and SiteTest corresponding to these two sites. Both of these web apps should be developed using the frameworks and folder structures we have used in Hw2 and Hw3.

PHP allows for a very crude form of url rewriting that does not require any special web server configuration. Namely, if you have a url of the form:

 
http://somewhere.com/some-path/index.php/method_name/?arg1=value1&...&arg_n=value_n

Then the script index.php will be executed by the web server, as a substring of $_SERVER["REQUEST_URI"] you can determine the method_name, and $_REQUEST will contain the arguments of the query string. Using this set-up, you could determine a controller and a particular activity for that controller from method name and then be back to the framework used in Hw2 and Hw3. You should use this strategy to implement BestSiteAd. The idea of BestSiteAd is you are an advertising company and you are trying to determine which is the best ad for a given fixed product (for example, you might have three or four possible campaigns to promote a laundry detergent and you want to try to figure out which is the best). It should support the following three methods:

get-ad -- this should take as argument a format with value either xml or json. It should then return either an xml or json document containing an advertisement chosen at random from among the group of three or four advertisements for the product BestSiteAd is test marketing. An advertisement has at a minimum an Ad ID, a title, URL to go find out more about that product, and a description. On the server a particular ad should be stored in a database and you should make use of a model to read it.
increment-choice -- this should take an argument id whose value can be an Ad id. It should increment a counter (stored in a database table) which records how often a given advertisement was clicked.
increment-vulnerable -- this should operate exactly like increment-choice but be vulnerable to a SQL injection attack (so you experiment with what to do and not to do as far as your db code). Your configs folder readme.txt besides saying how to configure your site, the group members' names and their ids, should say how to test this vulnerability.

In addition to this REST service, the BestSiteAd should have a landing page that displays the current number of clicks for each ad choice. This page should have a link "Reset Counters" which when clicked resets all the ad choice counters to 0. Finally, the landing page should have a functional form to add a new advertisement and also a link beside each currently listed ad that would cause that add to be deleted.

The BestSiteAd folder should also have a sub-folder xml. This should have a file ad.dtd which should describe your xml ad language used in get-ad. XML advertisements output by get-ad should validate against this dtd. You can check this using Oxygen XML Editor (1 month trial license is free).

The SiteTest web page should be just a page that displays ten news stories that you make up. Each time you refresh the stories should be displayed in a different order. Stories should be displayed in div tags. After the first displayed news item, there should be a blank div with id advertisement. Using a Javascript onload event in the body of your page, you should request the get-ad method of the BestSiteAd service and display an ad with a slightly different background color than the rest of the news items. To do this I want you to make use of a proxy script on SiteTest that proxies the information from BestSiteAd. Whether xml or json is used for the request should be configurable from your configs/config.php file for SiteTest. All links on the SiteTest page should go back to the SiteTest page itself. So a link for a news item first goes to the SiteTest page which then redirects to the real URL of that item. Similarly, for ads. Before the redirect occurs, it should call the increment-choice method of the news item or ad in question. Let's assume all news items have Ad id 0 and actual ads have positive Ad ids.

Point Breakdown

Folder structure for BestSiteAd and SiteTest as described (1/2pt), config folders and readme.txt as described (1/2pt)	1pt
get-ad (1/2pt for json 1/2xml) method and increment-choice REST method (1pt) work as described	2pts
increment-vulnerable works as increment-choice but does have a SQL-injection vulnerability as described in readme.txt	1pt
ad.dtd is a valid DOCTYPE file and output of get-ad in XML mode validates against it in Oxygen	1pt
The landing page portion of the BestSiteAd appears and works as described	1pt
SiteTest displays as described	1pt
onload event and Javascript used to get ad (1/2pt) via a proxy (1/2) point	1pt
xml or json used in SiteTest request configuration from config.php file	1pt
All links on SiteTest refer back to SiteTest and invoke increment-test as described before redirecting	1pt
Total	10pts