CS 418/518 - Web Programming
Spring 2014: Tues/Thurs 9:30-10:45am, E&CS 2120

Print - Admin



  • Dr. Michele Weigle
  • mweigle at cs.odu.edu
  • E&CS 3214
  • Office Hours:
    MW 9:30-11am
  • TA: Sawood Alam
    salam at cs.odu.edu




Useful Links

Project 3: Admin, Moderator, and User Functions

Assigned: Tuesday, Mar 4, 2014
Status Report: Tuesday, Mar 25, 2014
Due: Tuesday, Apr 1, 2014 in-class demos


The assignment asks you to continue to extend your message board from Project 2. This version requires the addition of a registration mechanism for new users and extended role functions.

New User Registration

We want to allow new users to register for your site. You should use a 2-step procedure to reduce illegitimate registrations:

  • a person requests an account
  • you send them an email with the necessary information to complete the registration (typically a confirmation link with a 1-time key used to verify that particular registration request)

At registration time, users should be able to specify if they want to receive either text/html email or text/plain email. Note that you cannot send email outside of the @cs.odu.edu domain.

You are encouraged to have other groups test out your new user registration feature.

We will cover sending email in class on March 18.

Forgot Password

It is nice to allow users to recover or reset their passwords if needed. Add a "Forgot password?" function to email the user a password reminder, their plain-text password, or a link to change their password. It is your choice which to implement.

Extended Role Functions

Now that you have implemented roles, it's time to extend the roles and specify the difference between an admin, moderator, and user.


  • Users can edit their own posts
    • leave some indicator that the post was edited - e.g. "this post edited on 2012-08-27 at 17:20:11 by mweigle"
  • Keep track of user stats - can display this for each user, but requirement is to collect it for each user
    • date registered
    • number of posts
    • number of threads started
    • date of last post
  • Define your own user ranking scheme
    • e.g.: "newbie, user, veteran, no life" or "walk-on, travel squad, 2nd line, starter", ...
    • make up your own values and formula
    • "user level" is displayed when users read posts


  • Administrator should have an "overview" of all registered users, summarizing their activities (date registered, posts, replies, etc)
  • Administrators and Moderator functions:
    • "freeze" entire threads (no more replies, but thread is not deleted)
    • edit or delete message (leave some indicator that the message was edited or deleted)
      • do "the right thing" when deleting msgs re: replies
        (check for race conditions: e.g. a msg being deleted after a user has begun the reply process but before they hit "submit")
    • "suspend" and "un-suspend" user
      • suspend = cannot post messages until suspension is lifted
      • send email re: action to the user
  • Administrator only functions (in addition to those introduced in Proj2):
    • delete users and send email to user informing why deleted

SQL Injection Attack Prevention

It is important to protect your site against SQL injection attacks. Don't let malicious users (or even malicious friends) attack your site with a DROP TABLE command (or any other SQL commands) in a text box.

We will cover SQL injection attack prevention in class on March 20.


New User Registration

  • Form for new user to register for the site that includes option to receive text/html email or text/plain email.
  • Registration form sends email (in proper format) to user (at provided email address) to complete registration.

Forgot Password

  • Implement forgot password option to remind user of their password or allow user to reset their password.

Extended Role Functions

  • Allow users to edit their own posts and leave some indicator that the post was edited
  • Implement a user ranking scheme and display user level on each user's post
  • Admin has overview of all registered users with stats (date registered, number of posts, number of threads started, date of last post, etc.)
  • Admin and Mods can freeze threads.
  • Admin and Mods can edit or delete messages (leave indicator). Clarification: can edit and delete messages -MCW 3/22/14
  • Admin and Mods can suspend and un-suspend users.
    • send email re: action to the user
  • Admins can delete users.
    • send email to user informing why deleted

SQL Injection Attack Prevention

  • Prevent SQL injection attacks in all of your forms.


In-class status report (Mar 25)

  • 0 or 2 points
    • you will get 0 points if you are present but don't report any progress
    • you will only get 1 point if no member of your group is on-time to class
  • Attendance is mandatory
  • 2-3 minute presentation per group
  • Slides or appropriate digital and presentable alternative
    • don't demo your system for us yet, but screenshots are fine
  • Status, problems, solutions, concepts, "to dos"

Writeup (Apr 1)

  • 3 points - graded by Dr. Weigle
  • Brief, but should contain how each requirement was met, design decisions, programming tricks, helpful resources consulted, division of labor and responsibilities (if in a 2-person group)
  • Provide an estimate of the number of hours worked on the project - added 3/7/14 -MCW

In-class demo (Apr 1-3)

  • 20 points - TA will examine your project after class
    • 15 points - requirements
    • 3 points - usability
    • 2 points - aesthetics
  • Order of the demos will be chosen at random
    • everyone should be prepared to demo on Apr 1
    • if you do not demo on Apr 1, you will demo on Apr 3
    • no code is to be edited after 11:59pm on Apr 1
  • Demonstrate all of the required features of your system
  • Show any 'extras' that you have done
  • Tell us the division of labor (who did what)
  • Demo must use the version available on weiglevm - no magic laptops!
  • 5 minutes max - practice your demo ahead of time -- Update: 7 minutes max -MCW 3/25/14

Grades should be available within one week


Project: We will assume that your project is available at https://weiglevm.cs.odu.edu/~username/proj3/

  • These URLs must be valid for all students
    • If you are in a group of 2, only 1 URL will have the actual PHP, and the "other" URL will auto-redirect to the "right" URL
    • You will lose points if your URLs don't work in this manner

Writeup: Submit a hard-copy in class on Apr 1

  • 1-2 pgs max, no cover page
  • if 2 pgs, print double-sided if possible


  • Debug within your group first, then ask for other groups to help debug your operations
  • Your status report is for your benefit and the benefit of your peers more than for me.