SCRIPTING, DATABASES, SYSTEM ARCHITECTURE

Similar documents
CREATING WEB FORMS WEB and FORMS FRAMES AND

Facebook Twitter YouTube Google Plus Website

PHP Tutorial From beginner to master

Chapter 1 Introduction to web development and PHP

Course Number: IAC-SOFT-WDAD Web Design and Application Development

DIPLOMA IN WEBDEVELOPMENT

ISI ACADEMY Web applications Programming Diploma using PHP& MySQL

HowTo. Planning table online

Web development... the server side (of the force)

CISC 1600 Introduction to Multi-media Computing

Web Development using PHP (WD_PHP) Duration 1.5 months

INFORMATION BROCHURE Certificate Course in Web Design Using PHP/MySQL

COURSE CONTENT FOR WINTER TRAINING ON Web Development using PHP & MySql

Advanced Web Development SCOPE OF WEB DEVELOPMENT INDUSTRY

COURSE SYLLABUS EDG 6931: Designing Integrated Media Environments 2 Educational Technology Program University of Florida

LAMP [Linux. Apache. MySQL. PHP] Industrial Implementations Module Description

Internet Technologies

This script is called by an HTML form using the POST command with this file as the action. Example: <FORM METHOD="POST" ACTION="formhandler.

Questionnaire #1: The Patient (Spørgeskema, må gerne besvares på dansk)

Dynamic Web-Enabled Data Collection

1. Please login to the Own Web Now Support Portal ( with your address and a password.

Project 2: Web Security Pitfalls

Multimedia im Netz Online Multimedia Winter semester 2015/16. Tutorial 02 Minor Subject

Advanced PostgreSQL SQL Injection and Filter Bypass Techniques

Certified PHP Developer VS-1054

Claus B. Jensen IT Auditor, CISA, CIA

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

Rensselaer Union Club Webhosting CPanel Guide

COMP 112 Assignment 1: HTTP Servers

Web Application Security Part 1

IT3504: Web Development Techniques (Optional)

IT3503 Web Development Techniques (Optional)

PRESSEKIT INTERNATIONALE STUDERENDE

CTIS 256 Web Technologies II. Week # 1 Serkan GENÇ

AJ Matrix V5. Installation Manual

Chapter 1. Introduction to web development

Lesson 7 - Website Administration

Server-side: PHP and MySQL (continued)

Specialized Programme on Web Application Development using Open Source Tools

WIRIS quizzes web services Getting started with PHP and Java

Why File Upload Forms are a Major Security Threat

Intrusion detection for web applications

Example for Using the PrestaShop Web Service : CRUD

Sample Code with Output

User's Guide and Software Design of. Job Tracking System for the NTC s Machine Shop Version 2.0

How to hack a website with Metasploit

Lecture 2. Internet: who talks with whom?

Using PHPIDS to Understand Attacks

When you have selected where you would like the form on your web page, insert these lines of code to start:

Research on the Danish heroin assisted treatment programme

QUESTIONS AND ANSWERS

Construction of Social CRM System based on WeChat Public Platform. Linjun Sun

Application Servers G Session 2 - Main Theme Page-Based Application Servers. Dr. Jean-Claude Franchitti

PROJECT REPORT OF BUILDING COURSE MANAGEMENT SYSTEM BY DJANGO FRAMEWORK

Student evaluation form

SUBJECT CODE : 4074 PERIODS/WEEK : 4 PERIODS/ SEMESTER : 72 CREDIT : 4 TIME SCHEDULE UNIT TOPIC PERIODS 1. INTERNET FUNDAMENTALS & HTML Test 1

Annual Report H I G H E R E D U C AT I O N C O M M I S S I O N - PA K I S TA N

Web Application Vulnerabilities and Avoiding Application Exposure

Plesk Panel HEAnet Customer Guide

Annual Web Application Security Report 2011

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Big Bad Moodle Guide By Mike Tupker Version 1

RIPS - A static source code analyser for vulnerabilities in PHP scripts

SETTING UP AND RUNNING A WEB SITE ON YOUR LENOVO STORAGE DEVICE WORKING WITH WEB SERVER TOOLS

Network Security In Linux: Scanning and Hacking

Specialized Programme on Web Application Development using Open Source Tools

SANS Dshield Webhoneypot Project. OWASP November 13th, The OWASP Foundation Jason Lam

Application Monitoring using SNMPc 7.0

Web Programming. Robert M. Dondero, Ph.D. Princeton University

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Content Management System

Network: several computers who can communicate. bus. Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb).

How To Write A Program In Php (Php)

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Cyber Security Challenge Australia 2014

Magento Security and Vulnerabilities. Roman Stepanov

Midlertidige Byrum Den øjeblikkelige invitation Camilla van Deurs, Arkitekt MAA, PhD

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Since we are starting small, we will partake in the time-honoured tradition of true 'Hello World' applications.

Intrusion Detection Systems (IDS)

Oct 15, Internet : the vast collection of interconnected networks that all use the TCP/IP protocols

Lesson Overview. Getting Started. The Internet WWW

Instructor: Betty O Neil

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

Using The HomeVision Web Server

PHP and XML. Brian J. Stafford, Mark McIntyre and Fraser Gallop

Introduction to Database Systems CS4320/CS5320. CS4320/4321: Introduction to Database Systems. CS4320/4321: Introduction to Database Systems

Quick Reference Guide: Shared Hosting

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

Lecture 15 - Web Security

CMP3002 Advanced Web Technology

HP WebInspect Tutorial

M3-R3: INTERNET AND WEB DESIGN

Syllabus INFO-UB Design and Development of Web and Mobile Applications (Especially for Start Ups)

UNIX Web Hosting Support Documentation

Web Designing with UI Designing

Dove User Guide Copyright Virgil Trasca

CSE 3461 / 5461: Computer Networking & Internet Technologies

INTRODUCTION TO INFORMATION TECHNOLOGY CSIT Class Hours: 3.0 Credit Hours: 4.0 Laboratory Hours: 3.0 Revised: August 24, 2012

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

Transcription:

introduction to SCRIPTING, DATABASES, SYSTEM ARCHITECTURE RECAPITULATION OF PHP Claus Brabrand ((( brabrand@itu.dk ))) Associate Professor, Ph.D. ((( Programming, Logic, and Semantics ))) IT University of Copenhagen Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011

Agenda 1) RECAPITULATION ( of PHP ) 2) EXERCISE (NIM) ( all of PHP ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 2 ] Oct 14, 2011

Message from IT dept. Please use SFTP instead of FTP:...it combines SSH (secure protocol) with FTP (File Transfer Protocol) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 3 ] Oct 14, 2011

Another Message from IT dept. NB: Hacking!: "Insecure PHP scripts" have been exploited! " Vi har inden for de sidste par uger haft to halvgrimme sager hvor nogle PHP scripts fra DSDS kurset er blevet udnyttet af hackere. Begge sager har involveret studerende fra tidligere semestre [...] Vi er nødt til at opfordre til, at der afsættes lidt af undervisningstiden til yderligere fokus på sikkerhed i PHP og meget gerne hvis I ville bede de studerende om at undlade at udvikle visse typer scripts. Det drejer sig især om opstramning af sikkerheden på scripts der tillader upload og mail. " Attacks exploited lack of validation! So, please make sure you validate your input! Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 4 ] Oct 14, 2011

Intended Learning Outcomes After the course, you are expected to be able to : 1) plan and develop medium sized web applications using the scripting language, PHP; 2) design small MySQL databases; 3) construct PHP scripts that interact with databases using SQL; 4) describe the techniques behind DB-driven web applications; 5) describe the fundamental system architectural considerations behind web applications so as to be able to communicate and collaborate with programmers and technologists. Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 5 ] Oct 14, 2011

On Assignments Requirement for the exam: You need 10 out of 11 approved! Submit A[1-5]: (by October 28) Approved A[1-5]: (by November 04) Future deadlines: TAs available for help today! (Fridays at 08:29) Your assignment status?: (Talk to your TA!) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 6 ] Oct 14, 2011

Web Service Architecture SQL Server PHP Client(s) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 7 ] Oct 14, 2011

PHP Web Services e" e" form input e" Web! Service! client www server Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 8 ] Oct 14, 2011

PHP PHP is a programming language made specifically for web service programming PHP code runs on the server (i.e., not on your computer) Programming model of PHP: with special PHP tags (<?php?>) that are evaluated and generate (dynamic) PHP PHP static dynamic dynamic Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 9 ] Oct 14, 2011

Simple PHP Example <html> <body> <?php $time = date("h:i:s") ; echo Time is <b>$time</b> ;?> </body> Time is 08:29:59 </html> PHP code is written in <?php?> tags inside regular Each PHP command ends with ; (semicolon) echo is a command that prints the argument (in this case it will print Time is 08:29:59 ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 10 ] Oct 14, 2011 PHP static dynamic

...and with Multiple PHP tags <html> <body> <?php $time = date("h:i:s");?> Time is:<b> <?php echo $time ;?> </b> </body> Time is 08:29:59 </html> PHP code is written in <?php?> tags inside regular Each PHP command ends with ; (semicolon) echo is a command that prints the argument (in this case it will print Time is 08:29:59 ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 11 ] Oct 14, 2011 PHP PHP static dynamic dynamic

Form Submission 1) The user fills out the form and clicks submit (which sends the data back to the server) 2) The server runs a web service (PHP program) that processes the data and constructs an reply 3) The server sends back the dynamically constructed document (that may depend on the data!): 42 e A B submit e client http request (url) (+data) dynamic html response www server program (e.g., PHP script) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 12 ] Oct 14, 2011

Validation of (X) Static vs Dynamic Validation PHP PHP static dynamic dynamic Validate: e input e VALID?!? client dynamic html www server PHP program Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 13 ] Oct 14, 2011

What do u need to work with? 1) forms / input fields? 2) variables? 3) operations? 4) if / while / for? 5) functions? 6) arrays? 7) validation / regexps? ) combinations of 1-7)? Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 14 ] Oct 14, 2011

Simple Web Service Example ( The BMI Service ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011

The BMI Web Service () This form submits to the PHP script <html> <body> <h1>bmi calculator</h1> <form action="http://www.itu.dk/people/brabrand/dsds/bmi.php"> Enter your height: <input type="text" name="height" /><br/> Enter your weight: <input type="text" name="weight" /><p/> <input type="submit" value="compute" /> </body> </html> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 16 ] Oct 14, 2011

<html> <body> <?php BMI with validation! $h = $_REQUEST['height'] ; $w = $_REQUEST['weight'] ; $regexp_number = '[0-9]+' ; if ( preg_match('/^'. $regexp_number. '$/', $h) ) { echo "Height: $h cm.<br/>" ; echo "Weight: $w kg.<p/>" ; $bmi = $w / (($h / 100) * ($h / 100)) ; echo "Your BMI is: <b>$bmi</b> " ; if ( $bmi < 20.0 ) { echo "which is too low!" ; } elseif ( $bmi > 25.0 ) { echo "which is too high!" ; } else { echo "which is normal." ; } } else { echo "Height was not a number!" ; }?> </body> </html> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 17 ] Oct 14, 2011

EXERCISE ( Game of NIM ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011

<?php function echo_form( $sticks, $turn ) { // function to echo form nicely echo "<form action=''> <input type='hidden' name='turn' value='$turn' /> <input type='hidden' name='sticks' value='$sticks' /> There are <b>$sticks</b> stick(s) left.<p/> <b>player $turn</b>, how many sticks do u wanna take (1-3)? <input type='text' name='take' size='1' maxlength='1'/> <p/> <input type='submit' value='take!' /> </form>" ; } ( http://www.itu.dk/people/brabrand/dsds/nim.php ) if (! isset( $_REQUEST['take'] ) ) { // set up game echo "<h1>welcome to the Game of NIM</h1>" ; $turn = 1; // player one always starts $sticks = rand( 10, 15 ) ; // initially (randomly 10-15x) #sticks } else { $turn = 3 - $_REQUEST['turn'] ; // switch players (clever: 1 <--> 2) $sticks = $_REQUEST['sticks'] - $_REQUEST['take'] ; // update #sticks } // if there is only one last stick left, current player looses! if ( $sticks == 1 ) { echo "There is (only) <b>one</b> (last) stick left!" ; echo "<p/>" ; echo "<h3>player $turn loses!</h3>" ; } else { // game still on echo_form( $sticks, $turn ) ; }?> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 19 ] Oct 14, 2011

NIM EXERCISES (pick "relevant") 1) Go through the program (NIM web service): 1a) Read through program 1b) Explain it to one another 2) Change input fields (from type='text' to...): 2a) type='radio' 2b) type='submit' 2c) <select>... </select> 3) Add input validation (using type='text' input): 3a) ensure only 1-3 is entered as #sticks (regexp) 3b) ensure #sticks taken isn't more than what remain (PHP) 4) Add player names: 4a) either: " à PHP" or "single page PHP" 4b) ensure info is submitted every time (hint: type='hidden') 5) Add a computer player: 5a) turn player2 into a computer player 5b) make player2 play using a 'winning strategy' for NIM :-) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 20 ] Oct 14, 2011

Any questions? Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011

Control Structures Control Structures: Statements (or Expr s) that affect flow of control : if-else: [syntax] if ( COND ) { STM 1 } else { STM 2 } true COND STM 1 false STM 2 [semantics] If the condition (COND) evaluates to true, statement (STM 1 ) is executed, otherwise statement (STM 2 ) is executed. confluence if: [syntax] if ( COND ) { STM } true STM COND false [semantics] If the condition (COND) evaluates to true, the given statement (STM) is executed, otherwise not. confluence Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 22 ] Oct 14, 2011

Control Structures (cont d) while: [syntax] [semantics] for: [syntax] [semantics] while ( COND ) { STM } If the condition (COND) evaluates to false, the given statement (STM) is skipped. Otherwise (if the condition was true), the statement (STM) is executed and afterwards the condition is evaluated again. If it is still true, STM is executed again... This continues until the condition evaluates to false. for (INIT; COND; INCR) { STM } Equivalent to: { INIT; while ( COND ) { STM AFTER; } } true COND STM INIT true STM INCR COND confluence confluence false false Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 23 ] Oct 14, 2011

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information