CIS-165PH Project Information

On This Page Overview Project Ideas Requirements Project Report Project Presentation Project Evaluation Criteria (50) What to Turn In Adding Your Project to the Hall of Fame Overview The purpose of the project is to use most of the techniques you have learned from this course. The finished project is a personally-developed database-driven web application. You may choose any project that meets the requirements discussed below. The project must be a real application in the sense that the site must be hosted somewhere on the Internet. You can either arrange your own hosting or use WebHawks. If you decide to arrange your own hosting, note that free hosting is adequate for this project. See Google for a list of free PHP and MySQL hosting services. Try to find a service with no ads. For the project, you must use MySQL and PHP. Any exceptions must be requested in writing (such as email) and approved in advance of the project proposal by the instructor. As much as practical, in-class exercises and homework assignments will contribute to the final project. Combining the individual assignments into a project allows you to see how database-driven Web applications work. The final project presentation will count as the final exam for the course. You must demonstrate your completed project to the instructor during the scheduled final exam time. ^ top Project Ideas Use the following topics to get ideas for your own application. You do not have to choose any of these topics -- they are provided just to get you started. Apartments Track apartments and their properties, areas of town and their various properties (e.g., bus lines, crime rate, distance from various landmarks). You would provide an interface for offering apartments for rent and finding apartments. Books Track books, their authors, and categories (which may be a complex hierarchy). You may include various attributes of the authors, the institutions they belong to, etc. You can support a buying and selling service of used books or books used in specific college courses. Pointing an interested buyer to a web source to buy a book is also an interesting option. E-commerce Track products and users along with their various attributes. Provide a product catalog for visitors to browse and a method to add products to a shopping cart. Movies Track movies, their actors, directors, genres and reviews. Several sources exists on the Web from which you can get data to populate such a database. You can support various queries such as finding movies staring an specific actor, directed by a given director, etc. You can also support updates to the reviews section of the database (e.g., viewers giving their own opinions). Surveys and Polls Track questions and the opinions of visitors who answer the questions. Provide reports on the accumulated opinions. Book Projects In addition to the above, some books like "PHP and MySQL Web Development" has several practical projects that you can adapt. Note that you must adapt any project to a particular need, and not just copy the project in its entirety from the text. For instance, you could adapt the Content Management System from a multi-writer news service to be administration pages for writing product descriptions. Another example would be to add new features to the Shopping Cart such as customer product ratings. Note that whatever code you copy from the textbook or other source must include an acknowledgement of the source. This both helps you to recall the source in case of changes and prevents you from failing the course due to plagiarism. Prior Projects You may view the student projects from previous semesters by clicking here. These projects can help give you an idea of what you can accomplish by the end of this course. ^ top Functional Requirements As a personal database-driven Web application, your project must meet requirements for both a database and web application. These requirements include: Documented database design of at least 3 tables (A4) Listing of the SQL that implements the design (A4) Populated database (A5) Proper selection of indexes for queries (A5) SQL and PHP code to insert, delete and update data (A7) SQL queries using PHP, including at least one multi-table join (A6, A8) Page-layout utilities from included files (A9) Graceful handling of user input errors (A10) At least one multiple-form sequence (A11) User authentication (A11) Project Report There are a number of other requirements for the final project. For a complete list of these requirements, see the Project Evaluation section below. ^ top Project Report The project report consists of the following information. Your name You project's name A brief introduction describing the purpose of your project One paragraph is sufficient The URL entry point for your project on the Internet A description of: A multi-form sequence where data is retained across at least two pages User authentication User-input error handling Security features You can see an example report at: project.txt. As you can see, the report can be as short as 1-2 pages. ^ top Project Presentation The final project must be demonstrated the day of the final. You are required to present your project but not necessarily in front of the class When everyone else is done, you can present it to the instructor individually The presentation should have the following: Your name and your project's name A brief introduction describing the purpose of your project A demonstration and discussion of the user interface including: Entry page Page layout Navigation features A demonstration of a multi-form sequence where you pass information from one page to another A demonstration of user-input error handling Checking of form input for errors Highlighting of errors so users easily see them Explanation to user of how to correct errors Retention of prior entries on error (except passwords) A discussion or demonstration of user authentication How the database is used for authentication How passwords are encrypted in database A discussion or demonstration of security features How data types are checked before insertion into a database How data sizes are checked before insertion into a database How taint checking of special characters is implemented (e.g. '"$#) How special symbols and spaces do not cause database errors A discussion or demonstration of cool features Point them out so we can all appreciate them Feel free to display your written report during the presentation Keep the presentation to 10 minutes or less ^ top Project Evaluation Criteria The instructor will evaluate your final project using the following criteria. Each criteria represents a specific achievement of your project and has a scoring guide. The scoring guide explains the possible scores you can receive. Some scoring guides have a list of indicators. These indicators are a sign of meeting, or a symptom of not meeting, the specific criterion. Note that a single indicator may not always be reliable or appropriate in a given context. However, as a group, they show the condition of meeting the criterion. For information on grading policies, including interpretation of scores, see the course information page. Application Functionality 10: Demonstrates mastery of database-driven web sites Has extra features or demonstrates techniques beyond the course Meets all functional requirements (see above) with particularly elegant solutions No errors encountered during operation 8: Has all the functionality expected of a professional database-driven web site Demonstrates many techniques from the course Meets all functional requirements (see above) May have one minor error 6: Has most of the functionality expected of a database-driven web site Demonstrates some techniques from the course Meets all but one of the functional requirements (see above) May have 2-3 minor errors Project not available on the Internet 4: Has some of the functionality expected of a database-driven web site Demonstrates some techniques from the lesson Meets at least 1/2 of the functional requirements (see above) Implementation seems excessively complicated. May have more than 3 minor errors 2: Serious functional problems but shows some effort and understanding Meets at least 1/2 of the of the functional requirements (see above) Has a major error or many minor errors Demonstrates few techniques from the course 0: Application does not run or was not presented by the specified time User Interface and Navigation 4: User interface is well organized and easy to use Purpose of the application is easily understood Inviting opening page draws the user inside Can easily understand current location within the application Always know how to get to any other web page Navigation is the same (e.g. size, location) on each page 3: User interface is somewhat organized and fairly easy to use Purpose of the application can be understood after a little study Movement from section to section seems logical Sometimes unsure of current location within the application Sometimes not sure of how to get to a specific page 2: User interface is inconsistently organized and somewhat hard to use Purpose of the application takes time to understand Inconsistent structure of pages Some links seem to lack purpose Unclear connections among sections Sometimes can get lost and not know where to go next 1: User interface is disjointed and difficult to use Purpose of the application difficult to understand No orientation for new visitors Some pages incomplete Difficult to navigate in an organized way Some pages are hard to find 0: Application does not run or was not presented by the specified time User-Input Error Handling 4: Errors are handled gracefully and users can correct them easily All input is thoroughly checked Error messages clearly explain how to fix the problem All errors are identified in the form at one time All prior entries retained Errors color-coded or highlighted 3: Errors can be corrected with some effort All input is checked but some minor conditions were missed Error messages somewhat explain how to fix the problem All errors are identified in the form at one time All prior entries retained 2: Errors are tiresome to correct or messages are annoying All input is checked but many conditions were missed Error messages are somewhat vague Only one error at a time is identified Prior entries are discarded 1: Error checking is inconsistent Some input is not checked Error messages are confusing Prior entries are discarded 0: Application does not run or was not presented by the specified time User Authentication 4: User authentication implemented correctly Application uses the database for authentication Passwords are encrypted in the database Salt is used for the password 3: User authentication has flaws Application uses the database for authentication Passwords not encrypted in the database Salt is not used for the password 2: User authentication has significant flaws Application uses hard-coded values for authentication 1: Authentication is inconsistent Application does not implement user authentication on every appropriate page 0: No apparent attempt implement user authentication on any page Security 4: Application follows good security practices All input is thoroughly checked before entry into the database Taint checking implemented to prevent SQL injection Special symbols and spaces do not cause database errors Data types are checked before entry into a database Sizes are checked before entry into a database 3: Application has minor security flaws All input is checked but some minor conditions were missed Taint checking not implemented to prevent SQL injection Special symbols and spaces do not cause database errors Data types are checked but some minor conditions were missed Data sizes are checked but some minor conditions were missed 2: Application has significant security flaws All input is checked but many conditions were missed Taint checking not implemented to prevent SQL injection Special symbols and spaces cause database errors Data types are checked but many conditions were missed Data sizes are checked but many conditions were missed 1: Security is inconsistent Some input is not checked Taint checking not implemented to prevent SQL injection Special symbols and spaces cause database errors Data types are not checked Data sizes are not checked 0: No apparent attempt to secure the application Database Design 4: Excellent database design Appropriate data stored in database At least three tables used All tables meet requirements of 3NF 3: Good database design Minor extra or missing data stored in database Some tables do not meet the requirements 3NF 2: Satisfactory database design Some problems with selection of data stored in database Some tables not in 2NF 1: Unsatisfactory database design No apparent reason for data stored in database Uses fewer than three tables Some tables not in 1NF Missing one or more primary keys 0: Database not used for the application SQL Usage 4: Uses a relational database proficiently and skillfully Includes SELECT, INSERT, DELETE, and UPDATE queries Uses JOIN properly in at least one query No unnecessary data fields loaded by queries 3: Uses the capabilities of a relational database fairly well Some data not stored in the database Missing one query type One unnecessary data fields loaded by queries 2: Uses some of the capabilities of a relational database Missing two queries types Up to 1/2 of fields loaded by queries are not necessary 1: Uses little of the capabilities of a relational database Uses few query types Loads all the data from the database on every page 0: Database not used for the application Database Indexing 4: Excellent database indexing All columns of WHERE clauses are covered with an appropriate index All columns of ORDER BY clauses are covered with an appropriate index No unnecessary indexes 3: Good database indexing Few (<= 1) indexing errors 2: Satisfactory database indexing Some (2-3) indexing errors 1: Unsatisfactory database indexing Several (> 3) indexing errors 0: No indexes implemented Database Export 4: Database loads from dbname.sql file with no errors or warnings 2: Database loads from dbname.sql file but has errors or warnings, or 'drop table' code is missing 0: Does not load or dbname.sql file not submitted Database Documentation 2: Database is well-documented Each table has a meaningful name Each column has a meaningful name 1: Database has some documentation errors The meaning of some table or column names are not clear 0: dbname.sql file not submitted PHP Documentation 2: Code is well-documented Name, date, and page description in page comment block Follows format for page comment block Proper use of whitespace and indenting 1: Code has minor documentation errors Has 1-2 documentation error 0: No apparent attempt at documentation Project Reporting and Presentation 4: Project is reported clearly and completely Student presents information in a logical and interesting sequence All requirements of the project were presented Written report was presented to instructor before the project was presented All project-reporting requirements were turned in Report is well-written and grammatically correct 3: Project presentation or report has minor problems Student presents information in a logical sequence All but one of the project requirements were presented Some minor project-reporting requirements are missing Report contains spelling errors, but is otherwise clearly written Project report was not given to the instructor until after the presentation 2: Project presentation or report has significant problems Audience has difficulty following presentation because student jumps around At least 1/2 of the project requirements were presented At least 1/2 of the project-reporting requirements were turned in Report only submitted electronically 1: Project presentation or report is unclear or incomplete Audience cannot understand presentation because there is no sequence of information Less than 1/2 of the project requirements were presented Less than 1/2 of the project report was completed 0: No project report submitted or was not presented at the specified time Maximum Score: 50 ^ top What to Turn In Bring a written copy of the project report to class. Before the presentation, submit to WebCT a .zip file with all your files placed in their correct directories. Include the following: The written report document as README.txt All PHP, HTML, CSS and image files dbname.sql file Any other file needed to make your project work Your .zip file must include all the files needed to make your assignment function properly. Do not assume that the instructors has any files except dbconvars.php. Your project must work as submitted. ^ top Adding Your Project to the Hall of Fame You decide whether or not to add your project to the Hall of Fame. To do so, you need to tell the instructor that it is OK in your README.txt file. For example: You have my permission to publish my project in the Hall of Fame. If you change your mind later, then email the instructor. Also, please note the following: You should have a valid URL for your project so that people can look around and see what you did WebHawk sites are removed at the end of the quarter and thus cannot be used as the web address in the Hall of Fame The instructor will occasionally test the supplied URLs and remove those that are no longer working If a user needs to login to access your site, you need to provide a way to register or a guest login and password ^ top Home | WebCT | Announcements | Course info | Expectations | Schedule Project | Help | FAQ's | HowTo's | Links Last Updated: June 05 2006 @13:18:44