It is amazing what you can accomplish if you do not care who gets the credit -- Harry S Truman

Links
Home
Outline
Lectures
Tutorials & Labs
Assignments
References
Unix FAQ

CSE3WE Web Engineering - Assignment 2

Semester 1, 2009

Update

Some hints are available to assist you with implementing an appropriate assignment.

Addendum

The payment processing addendum is now available.

The Task

Your task is to write a Perl server-side (CGI) online digital art store, as follows:

  • This assignment requires you to implement an "online digital art store". The emphasis is not on functionality, rather on designing and engineering a system that is robust, reliable and secure.

  • Guests to the website should be able to browse your catalogue, however they should only be given thumbnail images and should not be able to access the actual artwork.

  • Your online catalogue should contain no more than 10 items - you do not need to provide the ability to navigate through these items, rather you can simply display them all on the one page.

  • A registered user must identify themselves by entering their email address and password. After logging in a user should be provided with a list of their past purchases, along with the current balance of their account. A session should timeout after a given period of inactivity (say 15 minutes).

  • Once logged in a registered user should be able to purchase additional artwork. The price of the artwork is to be deducted from their current account balance, however the balance cannot become less than $0 - we are not providing credit!

  • After purchasing the artwork the higher resolution version should be made available for download. Your CGI should restrict access to the image files - you can "serve up" an image sending an appropriate content type header, then printing the contents of the binary image file. This purchase should also be accessible next time they log into their account.

  • You do not need to provide facilities to add money to an account balance. Likewise, you do not need to provide facilities for registering a new account (unless you choose to, see later).

  • There are a great number of design decisions involved in building a system of this type. Obviously security is paramount - you need to think very carefully about what a user should and should not be able to do! Verifying the details of each purchase is also crucial to prevent unwanted behaviour from occurring.

Important! When selecting images to use within your online art store please ensure that you do not infringe on copyright - there are plenty of good images around that can be used without restriction, likewise you can make use of your own digital photos should you so choose.

Submission Requirements

Your submission (which must be in "hard copy" form -- electronic submissions will not be accepted) should include brief documentation of the overall design and operation of your system, all Perl code (properly indented, with sufficient and appropriate internal documentation), evidence of operational testing and (obviously) the URL of your system's entry page so that the assessor can test it. Don't forget to include the email address and password of a "customer" so that we can actually login and use the system!

Due date is the last Friday of semester, Friday, 5th June 2009 at 5pm. This assignment is worth 30% of your total mark for CSE3WE Web Engineering, and is compulsory.

Please refer to the subject outline for other submission requirements.

Your system must demonstrate attention to the following:

  • You are to ensure that your system is as secure as you can make it. This means that you are to give attention to all of the same security issues as in Assignment 1, plus those that are introduced by the greater complexity of this assignment.

  • Session management is obviously required to link the various pages of the application together once a user has logged in. Use whichever technology you think is most appropriate. You are to implement this in your own code -- that is, I want to see the session management code as part of your system. You should not use any of the standard Perl session management modules for this part of your assignment.

  • You are to implement data storage for this assignment using Perl's DBI module. Your data should be stored in an SQLite database and accessed using the DBD::SQLite backend.

  • Extensions: After you have completed all of the required/basic functionality, you may want to implement some or all of the following (for possible extra marks):

    • Provide a mechanism that allows a new visitor to register an account - you could assign a default balance for their account, unless you implement the next feature, which case you can "charge" the initial balance to their credit card. You may also want to verify the email address provided is correct, by marking the account inactive until a key sent to them via email is entered into the website.

    • Add the ability for a user to "top up" their account balance. This would require them entering a (ficticious) credit card number, name, expiry date and card type. Transaction processing facilities will be provided over the coming weeks (by the Bank of WE), which you can interface to via LWP::Simple. Details for this will be made available as an addendum to the assignment.

    • ...etc. Good work will be rewarded.

  • IMPORTANT: Your system must be implemented as a single Perl CGI program. There should be no need for any static HTML pages at all -- all necessary web pages should be generated dynamically by your system. This does not preclude the use of pre-written HTML segments (eg. boilerplate stuff) which your system might simply dump to the browser, it means that the URL of your system remains the same through an entire session.

Note

You are required to design and code this system yourself. It's obvious that you can derive inspiration (and even code snippets) from many sources, but the majority of the system should be your own work. Code which you have not written yourself should be acknowledged (either inline, in a Perl comment, or elsewhere) using the standard referencing guidelines from the La Trobe University, Bendigo Assignment Guide. Your submission must include a "Statement of Authorship" (caution: MS-Word link) to certify that any code not otherwise acknowledged/referenced is your own work. Be aware that Perl is a language which, more than others, reflects the programmer's "style". If there are slabs of non-referenced third-party code in your program, they tend to be very obvious to the astute reader. We will be able to tell if you didn't write it, so best not to try. You are reminded to familiarise yourself with the University's policy on academic misconduct (caution: large PDF file). This policy will be applied in this and all other assignments in Web Engineering.

Be aware that this assignment forms a major part of your assessment for CSE3WE Web Engineering. You are expected to submit a piece of work which reflects your own learning in the subject. You should therefore not expect that valuable classroom time (especially laboratory time) will be made available for your lecturer/tutor to assist you in debugging your program. Perl/CGI programming is not difficult, but it has quite complex contextual and practical issues, mostly to do with integrating your system into the redgum server environment correctly. You are expected to address these issues yourself. We will be assessing you on your performance.