Unit 27 – WEB SERVER SCRIPTING - Bedford-college.co.uk

ovenforksqueeSecurity

Nov 3, 2013 (3 years and 9 months ago)

80 views

Page
1

of
27


BTEC
Level 3 in Information Technology

Assignment 20
1
2
-
1
3


UNIT
2
7



WEB

SERVER SCRIPTING


Student Name:



Assignment:

E
-
Solutions

-

Creating Dynamic Web Pages


Hand Out Date:

W/B
24 September 2012

Hand In Date:

W/B 20 May 2013


Assessor:

Sue Brandreth

Internal Verifier:

Paula Hobday


This assignment brief has been verified as fit for purpose:
-


IV Signature:


................................
.............................



IV Date:

24/9/2012

........................




Grading criteria
-

To achieve each grade
the evidence must show that the learner is able:

For a Pass to:


P1

explain the principles of web server scripting


P2

use web server scripting to identify a user’s browser and screen resolution


P3

upload files to a web server using web server
scripting


P4

implement, test and document a simple login system using web server scripting


P5

implement, test and document a web content management system to meet a
defined need


P6

explain the issues surrounding web server scripting.


For a Merit to:


M1

compare server
-
side and client
-
side scripting


M2

edit the content of a text file on a web server using web server scripting


M3

create a multi
-
user, dynamic login system using web server scripting


M4

implement an error log for
a website using web server scripting.


For a Distinction to:


D1

evaluate the combined use of client and web server scripting


D2

create a web application to generate website statistics using web server
scripting


D3

recommend ways to improve web
security when using web server scripting.



LEARNER DECLARATION

I certify that the work submitted for this assignment is my own and research sources
are fully acknowledged.


Learner’s signature:

⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮
⸮⸮⸮⸮⸮⸮⸮⸮⸮.


aate 獵bmitted:


⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮⸮



Page
2

of
27


Assessor’s Comments:


Task

Criteria

Assessor’s Comments

Achieved































Assessor
’s Signature
:


Date




Page
3

of
27


INTRODUCTION



Final
Hand In Date: W/B
20

May,

20
13



SCENARIO



You work

as a trainee for ‘E
-
Solutions’,
a
n exciting,
recently established
local
company specialising in
e
-
commerce consultancy and in the design,
implementation and hosting of e
-
commerce websites
for small to medium
-
sized, local businesses.



Your manager has asked you to write a series of short reports and information leaflets mostly

intended as a source of information for the company’s clients. You have also been asked to create
presentations to deliver

to clients, as well as create

small prototype websites to demonstrate your
creative and technical skills using web server scripting
.


Reports should be submitted as well presented, word
-
processed documents with headers and footers,
and headings and subheadings. You may need to include case studies, statistics and other evidence
to support your conclusions


You are expected to underta
ke research on each subject (using books from the Library, and
resources available on the Internet


including your tutor’s website at
http://www.bedford
-
college.co.uk/courses

-

and on the College’s
Virtual Learning Environment (VLE), ‘Moodle’).


Any sources of information should be listed as references at the end of your documents and these
sources should be referenced within the text of your documents.


Your reports should be illustrated with
screen
-
prints, images, tables, charts and/or graphics.





Page
4

of
27


TASK 1

Explain the principles of web server
scripting

Compare server
-
side and client
-
side
scripting


P1


M1


Hand In Date: W/B
15

October

201
2


Hand In Date: W/B
5

November

201
2



Part 1 (P1)


‘E
-
Solutions’ has a potential new client and you have been
asked to visit one of the managing directors to explain the
principles of web server scripting.


You have been asked to produce a short report explaining the
principles of web server scripting. Yo
u should include an
illustrated description of the steps that take place on a web
server associated with the processing of a request for a PHP file

(
P1
)
.


Your report should also include a very brief overview of
other
web server scripting options


including
PHP (Hypertext Pre
-
Processor or Personal Home Page), ASP (Microsoft's Active Server Pages), JSP
Java Server Pages), Cold Fusion, ASP.NET (Microsoft's dot.net Active Server Pages), Perl, Ruby on
Rails and Django.


You should illustrate your report with real world examples of the use of web server scripting in
practice.


The Board of Directors at this company is not particularly IT literate and thus all technical terms
incorporated in your report should be clearly
explained.


Part 2 (M1)


You have now been asked to deliver a short talk to the Board of
Directors comparing server
-
side and client
-
side scripting. You
should create a short PowerPoint presentation which should
include a comparison of functionality


what can be implemented
with client
-
side scripting and what can be implemented with
server
-
side scripting (
M1
).


You should also discuss the benefits and disadvantages of both types of scripting.


Simple examples should be used to support your stateme
nts.


This explanation could be partially presented in the form of tables.


You may be asked to deliver this presentation to the rest of your class


therefore, speaker’s notes
would be an advantage.


Page
5

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

P1












M1


Task 1


b硰lain the
prin捩ple猠of
web 獥r癥r
獣ripting








Compare
獥r癥r
-
獩de
and 捬ient
-
獩de
獣ripting





















P1












M1






Assessor's Si gnat ur e:


Dat e:



Candi dat e's Si gnat ur e:


Dat e:





Page
6

of
27


TASK 2

Upload files to a web server using
web server scripting


P3

Hand In Date: W/B
19

November

201
2



For your first practical task

you must use your chosen web server scripting
technology, PHP, to create web pages which allow a user to upload a selected
file to a web server.

This will be used as a prototype to demonstrate to your
clients how their visitors can upload files to their
web servers

(
P3
)
.


The
visitor

should be able to access a web page which contains a HTML form
with a text field, browse button and a submit button. The user should then be
able to search for a file using the browse button. The full path to the selected f
ile should then appear
in the text field. The user should then be able to click the submit button to upload the file.


Successful upload of the file should be confirmed to the user as shown below:
















As evidence, you should submit your web page(s) code and screen prints. The code should be fully
commented to describe the purpose of the various code structures.


You should also demonstrate an awareness of good coding practice by the use of indentatio
n and
your choice of appropriate names for instances of PHP files, objects and variables.


Screen prints should also be used to demonstrate the functionality of your code.






Page
7

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

P3

Task 2


rpload file猠to
a web 獥r癥r
u獩ng web
獥r癥r
獣ripting



























P3




Assessor's Signature:


Date:



Candidate's Signature:


Date:






Page
8

of
27

TASK 3

Use web server scripting to identify a
user’s browser and screen
resolution


P2

Hand In Date: W/B
10

December

201
2



For this next task you must use your chosen
web server scripting technology, PHP, to create
a web page which detects the user's browser
(user agent) specifications and the local Internet
Protocol (IP) address.


This will be used as a prototype to demonst
rate
to your clients in a simple way how web server
scripting can be used to gather information
about their visitors.


This information should be displayed in a user
-
friendly format on the page, and at the same time
written to a text file called
logfile.t
xt
.


Your web page should appear similar to that shown below:






















As evidence, you should submit your web page code and screen prints. The code should be fully
commented to describe the purpose of the various code structures.


You
should also demonstrate an awareness of good coding practice by the use of indentation and
your choice of appropriate names for instances of PHP files, objects and variables.


Screen prints should also be used to demonstrate the functionality of your code.

Page
9

of
27


You should also include a printout or screen print of the contents of the file logfile.txt.


Please
Note
: It is currently not possible to determine the user's screen resolution using server
-
side
scripting. Therefore, we have changed what you are asked
to do for this criteria.




Page
10

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

P2

Task 3



r獥
web 獥r癥r
獣ripting to
identif礠a
user’s browser
and 獣reen
re獯lution
























P2




Assessor's Signature:


Date:



Candidate's Signature:


Date:






Page
11

of
27



TASK 4

Explain the issues surrounding web
server scripting

Recommend ways to improve web
security when using web server
scripting


P6


D3


Hand In Date: W/B
14

January

20
13


Hand In Date: W/B
15

April 2013





Part 1 (P6)


You have been asked to produce a short information leaflet explaining
two security issues and two ethical issues associated with web server
scripting.


You should
include

some
real world
case studies or examples (
P6
)
.






Part 2 (D3)


For the second part of this task you
r manager at ‘E
-
Solutions’
has asked you to
write a report recommending ways to improve
web security when using web server scripting
.



You should illustrate your report with

some
real world
case
studies or examples.


You should

also
demonstrate an in depth understanding of the
issues involved and their importance to the integrity and
reliability of business websites

(
D3
)
.






Page
12

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

P6













D3

Task 4



b硰lain the
i獳ue猠
獵rrounding
web 獥r癥r
獣ripting








oe捯mmend
wa祳 to
impro癥 web
獥捵rit礠when
u獩ng web
獥r癥r
獣ripting













P6













D3




Assessor's Signature:


Date:



Candidate's Signature:


Date:






Page
13

of
27


TASK 5

Implement, test and document a web
content management system to meet
a defined need


P5


Hand In Date: W/B
4

February

201
3



A local office supplies business, Lee Office Supplies, has
asked ‘E
-
Solutions’ to create a small web application which
will allow their administrators

to access web pages from
which they will be able to view and add items of stock
online.


You have been asked
by your manager to demonstrate
your skills by
creat
ing

this

simple
example of a content
management system
.



You
must first write a short statement of the requirements of
the company, Lee Office Supplies.


For this task, you will use a
MySQL

database already
created for you on the

Computing d
epartment’s web server.
The
MySQL

database is called
LeeOfficeSuppliesX

(
wh
ere
X

is the number allocated to you as a
username
/
password

for accessing the
MySQL

database
)
.
You
will
have full privileges for this database


but not for other
LeeOfficeSupplies

databases.


You should begin by creating a
StockItems

table. You should s
elect appropriate field names, field
types, field sizes and primary key for the table structure.


Your table should contain the following records.


Database: LeeOfficeSuppliesX

Table: StockItems

ItemCode

ItemDesc

ItemStockQty

ItemUnitPrice

ItemCategory

LOS001

A4 paper x 500 sheets (white)

100

3.50

Paper

LOS002

A4 paper x 500 sheets (blue)

205

3.70

Paper

LOS003

A4 paper x 500 sheets (yellow)

300

3.70

Paper

LOS004

Ballpoint pen x 40 (red ink)

30

10.00

Pens

LOS005

Ballpoint pen x 40 (red
ink)

40

10.00

Pens

LOS006

Ballpoint pen x 40 (red ink)

20

10.00

Pens

LOS007

Pencil eraser x 50

10

10.00

Eraser



You should first create a web page which displays all records from the
StockItems

table as shown
below:


Page
14

of
27

















A second web page should present the user with a simple
HTML

form that asks the user to enter a
new stock record as shown below:


















You should add a simple JavaScript validation to the
ItemCode

text box which would prevent the
form’s data being submitted until a six
-
digit code has been entered.












Page
15

of
27


When the Submit button is clicked the data should be processed and appended to the
StockItems

table and a simple JavaScript alert box should confirm successful addition of the new data to the
table.











Your website should include an index page with links to display all items in stock, and to add new
records.


As evidence, you should submit

the code from your web pages together with screen prints. The code
should be fully commented to describe the purpose of the various code structures.


You should also demonstrate an awareness of good coding practice by the use of indentation and
your ch
oice of appropriate names for instances of PHP files, objects and variables.


Screen prints should be used to demonstrate the functionality of your
web application
. The pages
should
also
be demonstrated to your assessor.


Your documentation should include a simple test plan with screen prints demonstrating testing of
content management system using both valid and invalid data.





Page
16

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

P5









Task 5



fmplementI
te獴 and
do捵ment a
web 捯ntent
management
獹獴em to
meet a defined
湥敤




















P5















Assessor's Signature:


Date:



Candidate's Signature:


Date:







Page
17

of
27


TASK
6

Implement, test and document a
simple login
system using web server
scripting

Create a multi
-
user, dynamic login
system using web server scripting


P4



M3

Hand In Date: W/B
11

March

201
3




A local pet supplies business, Spring Pet Supplies, has asked ‘E
-
Solutions’ to create a small
customer login system for the website
which will allow their customers
, on successful login,

to access
web pages where they will be able to view their account details,
their
purchase history and place new orders.



You have been asked by your manager to de
monstrate your skills
by creating this simple example of a
multi
-
user login
system.


You must first write a short statement of the requirements of the
company,
Spring Pet

Supplies.


For this task, you will use a
MySQL

database already created for you on t
he

Computing d
epartment’s
web server. The
MySQL

database is called
SpringPetSuppliesX

(
where
X

is the number allocated to
you as a
username
/
password

for accessing the
MySQL

database
)
. You

will

have full privileges for
this database


but not for other
Sp
ringPetSupplies

databases.


You should begin by creating a
Users

table. You should select appropriate field names, field types,
field sizes and primary key for the table structure. Your table should contain at least three records.


Suggested data is
shown below but you may choose your own data:


Database: SpringPetSuppliesX

Table: Users

UserID

FirstName

LastName

Username

Password

Email

UID001

Helen

Troy

HelenT

Planet10

HT@somewhere.com

UID002

Shekhar

Chopra

ShekharC

123Water

SC@myplace.co.uk

UID003

Mark

Beach

MBeach

MB9999

Mark@Beachy.com


A web page should present the user with a simple
HTML

form that asks the user to enter his
username

and
password
.


When the user clicks the L
o
gin button, a
PHP

script should query the Users table for an entry that
matches the inputted combination of
username

and
password
.


If no records are found, a “
Sorry, wrong password
” message should be displayed together with the
option to try again.


Page
18

of
27


If the login detail
s are valid then a page should be displayed that welcomes the user by name to the
website.


As evidence, you should submit the code from your web pages together with screen prints. The code
should be fully commented to describe the purpose of the various
code structures.


You should also demonstrate an awareness of good coding practice by the use of indentation and
your choice of appropriate names for instances of PHP files, objects and variables.


Screen prints should be used to demonstrate the function
ality of your log
-
in system. The pages
should
also
be demonstrated to your assessor.


Your documentation should include a simple test plan with screen prints demonstrating testing of log
-
in system using both valid and invalid data.





Page
19

of
27


Assessor’s Comm
ents:


Student Name:





Criteria

Assessor’s Comments

Achieved

P4












M3

Task

6



fmplementI
te獴 and
do捵ment a
獩mple login
獹獴em u獩ng
web 獥r癥r
獣ripting





Create a multi
-
u獥rI d祮ami挠
login 獹獴em
u獩ng web
獥r癥r
獣ripting



















P4












M3




Assessor's Si gnat ur e:


Dat e:



Candi dat e's Si gnat ur e:


Dat e:





Page
20

of
27


TASK 7

Edit the content of a text file on a web
server using web server scripting


M2

Hand In Date: W/B
25

March

201
3



For your next practical task you must
use your chosen web server
scripting technology, PHP, to create web pages which accept user
input via an HTML form and write the user input to a text file on a web
server (
M2
).


This will be used as a prototype to demonstrate to your clients how
web page

users can create and edit documents on their web servers.


Your form should accept the user's first name, last name, email address, and message. The text
written to the text file on the server should include the current date for each entry.


A page sho
uld then be displayed to the user which confirms that the data is being processed as
shown below:

















IMPORTANT
: You should also show that you can edit the content of the text file by adding further
user input. Don’t forget this part!


As evidence, you should submit your web page(s) code and screen prints. The code should be fully
commented to describe the purpose of the various code structures.


You should also demonstrate an awareness of good coding practice by the use of indentatio
n and
your choice of appropriate names for instances of PHP files, objects and variables.


Screen prints should also be used to demonstrate the functionality of your code. These screen prints
should include the content of the text file on the web server.




Page
21

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

M2

Task 7




bdit the
捯ntent of a
te硴 file on a
web 獥r癥r
u獩ng web
獥r癥r
獣ripting



























M2




Assessor's Si gnat ur e:


Dat e:



Candi dat e's
Si gnat ur e:


Dat e:






Page
22

of
27


TASK 8

Implement an error log for a website
using web server scripting


M4

Hand In Date: W/B
22

April

201
3




One of the more technical
-
minded clients of ‘E
-
Solutions’ has asked you
to demonstrate how you could create an error
log using web server
scripting.


For
the next task you must create and test a prototype
error log for

a
website.
Remember that, by default,
PHP sends an error log to the
server

s logging system or
to
a file

-

depending on how the
error_log

configuration is set in the php.ini file.



For this task
, you should
use the
error_log()

function

to

send error logs to a specified
text
file

named
error_log.txt
.


Create a PHP page which will generate an error message if a test value is greater than 1.


Error details (number and description) generated by a web page coding errors should be displayed on
the page and then saved to the text file named
error_log.txt
.


The web page should display the following message if the test value is greater than 1:
















As evidence, you should submit your web page(s) code and screen prints. The code should be fully
commented to describe the purpose of the various code structures.


You should also demonstrate an awareness of good coding practice by the use

of indentation and
your choice of appropriate names for instances of PHP files, objects and variables.


Screen prints should also be used to demonstrate the functionality of your code. These screen prints
should include the content of the text file on th
e web server.



Page
23

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

M4

Task 8



fmplement an
error log for a
web獩te u獩ng
web 獥r癥r
獣ripting
























M4




Assessor's Si gnat ur e:


Dat e:



Candi dat e's
Si gnat ur e:


Dat e:






Page
24

of
27

TASK 9

Create a web application to generate
website statistics using web server
scripting


D2

Hand In Date: W/B
6

May

201
3



For this next short task you must use your chosen web
server scripting technology, PHP, to create a web
page
which generates website statistics. It is suggested that
this should be in the form of a simple visit counter (
D2
).


This will be used as a prototype to demonstrate to your
clients how web server scripting can be used in a simple
way to gather stati
stics about website visitors.


The information should be displayed in a user
-
friendly format on the page, and at the same time
written to a text file called
visit_counter.txt
.


As evidence, you should submit your web page code and screen prints. The code

should be fully
commented to describe the purpose of the various code structures.


You should also demonstrate an awareness of good coding practice by the use of indentation and
your choice of appropriate names for instances of PHP files, objects and va
riables.


Screen prints should also be used to demonstrate the functionality of your code, and the page should
be demonstrated to your assessor.


You should also include a printout or screen print of the contents of the file
visit_counter.txt
.






Page
25

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

D2

Task 9



Create a web
appli捡tion to
generate
web獩te
獴ati獴i捳 u獩ng
web 獥r癥r
獣ripting






















D2




Assessor's Signature:


Date:



Candidate's
Signature:


Date:






Page
26

of
27


TASK 10

Evaluate the combined use of client
scripting and web server scripting


D1

Hand In Date: W/B
20

May

201
3



One of the clients of ‘E
-
Solutions’ has recently heard
that JavaScript and PHP can be effectively used
together on

web pages to enhance both interactivity
and functionality.

He has heard that Facebook,
Amazon and Google use both types of scripting on
their sites. He has also heard about a technology
known as AJAX.



You have already explained

the difference between
server
-
side and client
-
side scripting. You now did
to
describe a variety of situatio
ns when server
-
side scripting (PHP) and client
-
side scripting
(JavaScript) work well together. You should use

case studies and

real
-
world examples to
illustrate
your expl
anations.



For each example, you should explain

the
rationale for incorporating both server
-
side and
client
-
side functionality within the same web
page.


As evidence, you should submit your web
page(s) code and screen prints. The code
should be fully commented to describe the
purpose of the various code structures.


You should also demonstrate an awareness of
good coding practice by the use of indentatio
n
and your choice of appropriate names for
instances of PHP files, objects and variables.




Page
27

of
27


Assessor’s Comments:


Student Name:





Criteria

Assessor’s Comments

Achieved

D1

Task 1
0



b癡luate the
捯mbined u獥
of 捬ient
獣ripting and
web 獥r癥r
獣ripting

























D1




Assessor's Signature:


Date:



Candidate's Signature:


Date: