A348 Home Work 2 - Project Start

 Modified

Overview 

The assignment is for familiarization with the project basics and how to build components in a moderately complex Web system.

The project discussion presented the partial logic for registration and logging of stock traders, Registration.asp and Login.asp, these are to be completed. Also necessary is a function to log the current trader out, Logout.asp. 

Starting the Project

  1. Download Project files and unzip, defaults to \Project directory.
  2. Define the data source of Project for the C:\Project\Project.mdb file.
  3. Define a virtual drive in IIS of Project for C:\Project.

    On Windows 2000 and XP systems that have not been updated to the latest service release (Service Package 2), correct ASP programs can generate errors when using Access databases. The best solution is to update the operating system, alternatively:

    • Change Project Application Protection as a work-around associated with using Access databases and ASP:
      • Right click on Project
      • Select Properties
        • Change Application Protection to: Low(IIS Process)
        • Click OK
      • Stop and start IIS by:
        • Right click on Default Web Site
        • Stop
        • Right click on Default Web Site
        • Start
  4. Enter the browser address of: localhost/Project/Welcome.xml
  5. Register.
  6. Login.
  7. Logout.
  8. That's all it does for now.

Project parts - There are three main parts:

  1. ASP - The logic.
  2. XML/HTML - The user interface.
  3. Database - The data.

Registration.asp - Users must register first. Still to be completed for trader registration is:

  1. Verify that password and amount have been entered.
  2. Redirect to the following Web pages for the appropriate conditions:
    1. User password missing - userpasswordMissing.xml
    2. Amount missing - amountMissing.xml
  3. Insert into the Trader table password and amount.

Step 1

  • Starting  - Generally our interest is in the ASP logic and databases so its makes sense to focus on those first.
  1. Open FrontPage and select C:\Project\Registration.asp
  2. Click the Code tab at bottom left.
  • Test for parameter missing - The registration ASP tests for username parameter missing, in bold below. We need to test amount and password parameters also.
  1. Copy and duplicate that line.
  2. Modify to test for password parameter.
  3. Change:
    • Response.Redirect("usernameMissing.xml"); to
    • Response.Redirect("userpasswordMissing.xml");
  4. Save.
  5. Enter the browser address of: localhost/Project/Welcome.xml
  6. Attempt to register with a new user name but no password. You should receive an error message.

 

Registration.asp 
<%@ Language=JScript%>
<%	
// Test username !defined || username empty

    if(Request("username").Count == 0 || Request("username")=="") 
       Response.Redirect("usernameMissing.xml");                                   

   var username = Request("username");
   conn = Server.CreateObject("ADODB.Connection");
   conn.Mode = 3;
   conn.Open ("DSN=Project");
   rs = conn.Execute( "SELECT ID FROM Trader where ID='"+username+"' ");

   if (rs.EOF) {
    conn.Execute( "Insert into Trader (ID) values ('"+username+"');");
    conn.Close();
    Response.Redirect("login.xml?"+username);
  }
  else {
    conn.Close();
    Response.Redirect("usernameInuse.xml?"+username);
 }
%>

User Interface - Note that not all necessary user interface files are provided. Simple ones should be implemented for testing logic. For example, the following two files would suffice for the interface for user password missing errors. While it seems overly complex to have two files, the XML to invoke the HTML, it provides a way to implement a consistent and modular user interface separate from the ASP programming.

userpasswordMissing.xml 
<?xml-stylesheet type="text/xsl" 
               href="userpasswordMissing.htm"?>
<top>
</top>
 userpasswordMissing.htm 
<h1>User password missing</h1>

 

Step 2

  1. Repeat Step 1 but for amount using the following two files, redirect to amountMissing.xml:
amountMissing.xml 
<?xml-stylesheet type="text/xsl" 
               href="amountMissing.htm"?>
<top>
</top>
 amountMissing.htm 
<h1>Amount missing</h1>
  1. Enter the browser address of: localhost/Project/Welcome.xml
  2. Attempt to register with a new user name but no password. You should receive an error message.

 

Database tables - Project is the data source name containing all the project tables. Nearly all ASP examines one or several tables to maintain Web site functions. Registration.asp uses the Trader table that holds personal information on each registered trader. New trader information (i.e. ID, password, amount) must be inserted into the Trader table.

Step 3

  • Starting  - The key part of the ASP logic is to manage databases. First familiarize yourself with the database tables using Access.
    1. Open Access
    2. File | Open | C:\Project\Project.mdb
    3. Table | Trader

     

  • Registration.asp - Registration tests that username is not already in the Trader database table by:

var username = Request("username");
rs = conn.Execute( "SELECT ID FROM Trader where ID='"+username+"' ");
if (rs.EOF) {

If EOF then a new user is registering. New user name of 'Fred' would be inserted into the Trader database table by:

conn.Execute( "Insert into Trader (ID) values ('Fred');");

The username parameter is inserted by:

conn.Execute( "Insert into Trader (ID) values ('"+username+"');");
 

  • Database tables - Insert password of 'SECRET' for each user.
    1. Change:
      • conn.Execute( "Insert into Trader (ID) values ('"+username+"');");  to
      • conn.Execute( "Insert into Trader (ID, PASSWORD) values ('"+username+"', 'SECRET');");
         
    2. Save.
    3. Enter the browser address of: localhost/Project/Welcome.xml
    4. Register with a new user name.
    5. In Access check the Trader table. Close and reopen Trader table to observe changes.
       
  • Insert - Change the SQL Insert to use the password and amount parameters.

 

Login.asp - The login function has two key unfinished parts:

  1. Verify trader password from database table before logging in the trader, redirect to userpasswordFails.xml if password fails.
  2. Replace display of Response.Write error messages with Response.Redirect to specified Web pages. Redirect to the following Web pages for the appropriate conditions:
    1. Response.Write(username+" is not registered."); - User name not registered - usernameNotregistered.xml
    2. Response.Write(username+" already logged in"); - User name already logged in - usernameLoggedinAlready.xml
    3. Response.Write(Session("trader")+" logged in"); - Successful login - manageTrading.xml
    4. Response.Write(Session("trader") + " is logged in. Please logout first."); - Attempt to login as another trader before logging out - logoutRequired.xml
    5. User password fails - userpasswordFails.xml

Step 5

  1. Open FrontPage and select C:\Project\Login.asp
  2. Click the Code tab at bottom left.
  • Test for correct password - The login ASP does not test that the password is correct or missing.
  1. Find the line in Login.asp of:  if(Session("trader")==undefined) {
  2. Immediately prior to this point the password entered should have been checked to match that registered in the Trader.
  3. If the passwords fail to match, close the database and redirect to userpasswordFails.xml file.

Session variables - An independent session is started on an IIS server when the first ASP script is executed in a virtual directory. Session variables provide a means of holding the state of each individual session and can be accessed in any ASP script located in the directory or subdirectories of the initial ASP script starting the session. Bottom line is that session variables are global to all session scripts. 

Login.asp 
<%@ Language=JScript%>
<%	
// Test username !defined || username empty
 if(Request("username").Count == 0 || Request("username")=="")
   Response.Redirect("usernameMissing.xml");

 var username = Request("username")+"";	// Convert Request("username") to string
 conn = Server.CreateObject("ADODB.Connection"); 
 conn.Mode = 3;
 conn.Open ("DSN=Project");
 rs = conn.Execute("SELECT * FROM Trader where ID='"+username+"'");
	
 if (rs.EOF) {
    conn.Close();
    Response.Write(username+" is not registered.");
 }
 else {
    if(rs("LOGGED").Value) {
      Response.Write(username+" already logged in");
      conn.Close();
    }
    else {
      if(Session("trader")==undefined) {            
        conn.Execute("Update Trader SET LOGGED=true where ID='"+username+"';");
        conn.Close();
        Session("trader")=username;        
        Response.Write(Session("trader")+" logged in");
      }
      else
        Response.Write(Session("trader") + " is logged in. Please logout first.");
    }
 }
%>
 
Logout.asp - Logging out the current trader out requires:
  1. Determining the current trader - use the Session("trader") variable.
  2. Updating the Trader table LOGGED field for the current trader to false.
  3. Removing the current trader session variable - use Session.Abandon
  4. Redirect to logoutSuccessful.xml at execution end.

Still to be completed is:

  1. Delete records from the Cart table for the logged in trader - use the Session("trader") variable. The shopping cart module that inserts records into the Cart table will be added later. For testing that appropriate records are deleted, use Access to manually insert several records into the Cart table; the ID field should match the Session("trader") value.
  2. Redirect to logoutSuccessful.xml at execution end in place of Response.Write message.
Logout.asp 
<%@ Language=JScript%>
<%	
  conn = Server.CreateObject("ADODB.Connection"); 
  conn.Mode = 3;
  conn.Open ("DSN=Project");
  conn.Execute("Update Trader SET LOGGED=false where ID='"+Session("trader")+"';");
  conn.Close();
  Session.Abandon;		// Release all session variables
  Response.Write("Logged out");
%>

Assignment

Complete:

  1. Registration.asp - Mostly done in class.
  2. Login.asp
  3. Logout.asp

Testing

Test each ASP script for all possible cases, there is a relatively small number (invalid password, no credit card, etc.). The ASP script must be executed on an IIS server. For example, the following executes the Login.asp script directly rather than from the Login.xml form, passing the two parameters username" and "password" to the script:

Remember to refresh the page each time as the browser caches the most recent page.

Problems

Likely problems are:

  1. Refresh the browser - Remember the browser caches the output which may be stale.
  2. Script errors - Use the Response.Write("Got here in the Login Script"); tracing of execution.
  3. SQL - Getting the " and ' right is difficult. For example:
    • conn.Execute("Update Trader SET LOGGED=false where ID='"+Session("trader")+"';");

    When you get an execution error message, try writing it out by:

    • Response.Write("Update Trader SET LOGGED=false where ID='"+Session("trader")+"';");
  4. Already logged in - Usually due to the scripts leaving the session variables or databases tables in a conflicting state; for the trader, the session is logged in but the database is logged out. Run Reset.asp or manually change the trader table to log traders out.
  5. Session variables - The session (i.e. starting from the time a file in the Project directory is accessed) expires after some set amount of time, depending upon the Global.asa file or IIS settings, can be as short as 1 minute. When the session the session times out, the Session("trader") variable is undefined.
  6. Database tables - The state of the project is held in database tables. When your scripts go awry the tables can be left in a conflicting state. Use Access to edit the tables to the proper state.
  7. Errors related to OPEN of database - In Access, open the Project.mdb database, select Tools. Database Utilities..., Compact and Repair Database.

Turn in

  1. Cover Page - Your name, date, and Homework 2. Staple all pages together.
  2. Files - Printout of all ASP source files. Label each.
  3. Project directory.
    1. FTP to www.csci.ius.edu
      • In browser address enter: ftp://www.csci.ius.edu
      • Login using your IUS username. The password is your username.
      • Copy the contents of the Project directory onto ftp page.
    2. Test in IE. The Welcome.xml is a default page.
      • In browser address enter: http://www.csci.ius.edu/username/Welcome.xml
    3. Email notification to rwisman@ius.edu with subject: YOUR NAME - A348 HW2

 

Using the IUS server

You can use the IUS server over the Internet to work on assignments though it will be somewhat slower due to file transfers, etc.

The basic approach is to FTP files from your machine to the IUS server; then run the ASP scripts on the IUS server. Any corrections are made on your computer, then FTP the files to IUS and try again.

ASP database use

The database file used should be in your directory on the IUS server in order for you to make changes on your machine and FTP back to the IUS server.

Because it is your personal database on your directory, it must be opened somewhat differently. In ASP, change all database opens from:

conn.Open ("DSN=Project");

to:

conn.Open ("DRIVER={Microsoft Access Driver (*.mdb)};DBQ=c:\\A346A348\\username\\Project.mdb");

where username is your IUS username.

FTP

In a browser, enter:

IIS

To test your ASP starting at the welcome page enter with your IUS username: