Sunday, April 22, 2012

Day Thirty Eight: Poster Session and Farewell

My group was present at the School of Sciences and Mathematics Research Poster Session on Thursday. The poster turned out very well. It is not currently available on the wiki, but I will upload it there in the near future. It is currently hanging up on the second floor of JC Long. I stood in front of the poster during the poster session and answered any questions. I believe that Matt and Julie talked with one of the board of trustees members before I arrived. I spoke with another trustee member and sang my praise about the computer science department. I meant every word of it. I came to the College of Charleston with a major in biology and left it with a major in computer science. For the first few years, I was not sure what I was doing or where I belonged. I was lucky enough to take an intro computer science my sophomore year, and I instantly fell in love. I still need to make it through finals, but the end is in sight. Wish me luck.

TripleJ is scheduled to meet on Thursday and Sunday to prepare for our final presentation. I would update this post with a description of our efforts, but this blog is due in the form of a pdf file by tomorrow morning.

I enjoyed this class, and I will miss everyone in the department very much. Hopefully, we can find ways to communicate after graduation and keep in touch.

Day Thirty Seven: Final Words on RMH Homebase

I finished the exercises from chapter 7 and 8 in the Software Development textbook and updated the earlier posts to reflect my work. Overall, I was very successful; however, I need a lot more practice with MySQL and databases in general. My work with chapter 7 did not unit test correctly. This is likely because my understanding of both PHP and MySQL is very limited. I am more comfortable with PHP now that I took a couple of online tutorials. A lot of students in my class have somewhat of an advantage because they took Database Concepts as one of their electives. I regret not taking that class as an elective, but it is too late now. 

VirtualBox is an amazing piece of software, but it has given me a lot of difficulty over the course of this semester. I have learned to clone my virtual machines whenever I reach a critical point. For instance, after my second failure during RMH Homebase work, I finally took a hint and set up a clone with a fresh install of Eclipse and RMH Homebase 1.5 and 2.0. If anything ever goes wrong, I can just use the clone instead of reinstalling everything and wasting hours of my time. 

The blogs have been the most useful resource to me in terms of homework and our group project. When I could not get LAMP successfully installed, I found Scott's blog and figured it out. When my group could not compile XBMC from source, we looked at eachother's blog posts and determined the problem. I didn't even know what SimpleTest was before I looked at David's post. The book had helpful examples, but I had better luck getting the information from other students in many cases. I may fall behind at times and forget to update my blog, but it is an invaluable asset to myself and others

Day Thirty Six: A Final Update on Group Work

The poster is printed, and the wiki edits are basically finished. Team TripleJ's project timeline has changed a lot over the semester, but we have met the deadlines that we set for ourselves over a month ago. Every team has been keeping a private wiki over the course of the semester. This approach has worked so far because everyone in the class can edit their own wiki and view other teams' wikis for reference; however, it is not possible for us to make these wikis public for future reference outside of class. I took the simplest approach to this problem and created an exact replica of our class wiki here. It is public, but only our group members have write privileges.

Anything that I could possibly say in terms of our group's progress is already available on the wiki. I will post everything here to help readers avoid the hassle of opening yet another webpage. Feel free to visit the wiki for more information.



Progress Reports in Reference to Project Calender


Our groups calender was created and maintained via Google Calender. This is a fantastic way to make it easily available and well organized, but it doesn't lend itself very well to mile-stone updates or textual descriptions. Our milestones will be posted here, along with any other relevant information.



Milestone 1 - Ubuntu Installation and Compilation README Fix

Bug #12641: We added new and correct instructions to compile XBMC based on our experience compiling it. Most of our additions to the README were adding the proper commands for activating the PPAs and dependencies (which were originally not present at all in the README). We also fixed and updated a broken link.

We submitted a patch and began dialogue with the developers. Feedback was largely positive, but they were concerned about the presence of a third-party PPA. We removed the third party PPA, which was for the stable version of XBMC, and submitted a new patch. Our second patch also had the spacing and indentations updated to be consistent with the rest of the README file.


Milestone 2 - Xbox Controller Config

Bug #12653: This bug concerns a problem with connecting an Xbox 360 controller to the computer before XBMC is running. When one connects the controller, disconnects the controller, and then lets XBMC go inactive for 4 minutes, the XBMC will crash when you activate it again. We were able to replicate the bug. (from our Contributions page).


This bug was replicated in the Eden: Beta 2 successfully. However, the actual bug report went back and forth over the break, and in that time, Release Candidate 2 was released. After compiling the new release, we tested the bug once again, and it seemed as though the bug had been fixed. Upon further investigation, an important step in reproducing the bug had been left out and forgotten. The controller must be turned on before starting XBMC. After correcting this mistake, we were able to replicate this but in RC 2 as well.


The forums are undergoing a major upgrade, and the process seems to be taxing XBMC's resources as a whole because even the bug tracker page is slow and sometimes hangs. We will continue to investigate this bug and utilize the forum's resources once they become available.

We posted detailed instructions to reproduce the bug on the comments of the bug report. The developers were able to reproduce the bug based on our instructions. This led to a lot of chatter among the developers. They are now working hard to fix the bug. We have reached out to them asking how we can help fix the bug (or any other bugs) and are awaiting a reply.


Milestone 3 - Default Audio/Subtitle Settings Bug

Bug #10489: This bug has been closed and re-opened before. Hopefully this will be the last time. For this bug, the external subtitles are not always on by default and the user cannot save the default audio setting overall. The team read the notes for Release Candidate 1 and the bug appeared to be fixed. After posting on the bug report's wall that the bug was fixed in Release Candidate 1, the developers closed the bug report and gave it the status of fixed.

Update on Xbox controller bug: The developers were able to fix the bug in time for Eden's official release after our help. The bug is now closed and the fix is included with the latest available download of XBMC.



Milestone 4 - Wiki/Documentation Edits

The list below contains links, as well as short descriptions of changes made/updated to reflect the final Eden release. This way we can document and review our contributions.

Team Member usernames:
David Schirduan - Mercyshipdude
Jason Leonard - jleonardw9
Julie Norris - babyturtle05
James Joy - jamesjoy
Matthew Vaveris - JohnSN7


Edits Made to Pages

Controls
Link- Fixed an old link that pointed to SVN repository. It now points to the Git cpp code. (James)

How-To install XBMC Ubuntu
Link - Added descriptions and differences of the different installation methods. (David)

How to submit a patch
Link - Updated this page to reflect the switch-over to the new Git repository (Jason)

How to compile XBMC for Linux
Link - Corrected for Git repository and fixed some spelling errors (Jason)

Cue Sheets
Link - Corrected for spelling and grammar (Julie)

Built In Scripting
Link - Corrected for spelling, grammar, and function names (Julie)

ShutdownMenu
Link - Updated screenshots, menu options and explanations (David)

Language support
Link - Corrected for spelling and grammar (Julie)

HOWTO: Enable weather info display for the home screen via skinning
Link - Corrected for spelling and grammar (Julie)

Add-on: IMDb
Link - Updated page layout (Julie)

Future Edits to Pages

Troubleshooting Tactics
Link - Expand this page to include a variety of troubleshooting techniques for the XBMC (Matthew)

Controls
Link- Double check to see if the listed "available controls" are accurate (James)

Sunday, April 15, 2012

Day Thirty Five: Password Recovery in RMH Homebase

The assignment for this class is exercise 8.1 in the Software Development textbook.

Exercise 8.1.A:
You should never assume that a user will change his or her default password. For security purposes, you write code that asks users to change their passwords when they login for the first time. There should also be a conditional that checks to see if the new password is a valid password (can't be the same as the default password).

Exercise 8.1.B:
The simplest solution is to have a question, or a set of questions, that the users answer when they login for the first time. For example, a question could be "What is your mother's maiden name?" If a user forgets his or her password, he should be prompted with the question and should only be allowed to change his or her password if he or she answers the question correctly. This is not the most secure way, but it is easier than validating an email account or calling a phone number to verify the changes.

Exercise 8.1.C:
I looked around to get some ideas on how to start implementing my idea and found Jennifer's blog post. I don't want to copy/paste code or steal anyone else's ideas, but some of her code fits my needs perfectly.

First, add a password_answer variable to Person.php. We don't really need a setter, but I went ahead and added a setter and a getter.

private $password_answer; //answer to the password reset question
...

function get_password_answer(){
return $this->password_answer;
}
...

function set_password_answer($pwa){
$this->password_answer = md5($pwa);
}

Next, add a new function to dbPersons.php (be sure to add a password_answer field to the query in the setup function and add a null value to the end of the admin constructor) :


function change_password_answer($id,$answer){
connect();
$query = 'UPDATE dbPersons SET password_answer = "'.$answer.'" WHERE id = "'.$id.'"';
$result = mysql_query($query);
mysql_close();
return $result;
}


Next, make the changes to login_form.php:

if($person['password']==$person['first_name'] . $person['phone1']){
echo('<table><form method="post">
<tr><td>Please reset your password.</td></tr>
<tr><td>New Password: </td><td><input type="password"name="newpass"></td></tr>
<tr><td>Confirm New Password: </td><td><input type="password"name="newpassconf"></td></tr>
<tr><td>Please provide the following for future password recovery:</td></tr>
<tr><td>Mothers maiden name: </td><td><input type="password"name="maidenname"></td></tr>
<tr><td>Confirm answer: </td><td><input type="password"name="maidennameconf"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="SetPassword" value="SetPassword"></td></tr></form></table>');
$db_new_pass = md5($_POST['newpass']);
$db_new_pass_conf = md5($_POST['newpassconf']);
if(maidenname == maidennameconf){
if($db_new_pass == $db_new_pass_conf){
change_password($db_id, $db_new_pass);
$db_pass_answer = md5($_POST['maidenname']);
change_password_answer($db_id, $db_pass_answer);
}
else {
echo('<div><p>Error: Passwords do not match. Please try again.</p></div>    ');
}
}
else {
echo('<div><p>Error: The answers do not match. Please try again.</p></div>    ');
}
}
$_SESSION['logged_in']=1;
$type_array = explode(",",$person['type']);
if (in_array('applicant', $type_array))
$_SESSION['access_level'] = 0;
else if (in_array('manager', $type_array))
$_SESSION['access_level'] = 2;
else $_SESSION['access_level'] = 1;
$_SESSION['f_name']=$person['first_name'];
$_SESSION['l_name']=$person['last_name'];
$_SESSION['_id']=$_POST['user'];
echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
}
else {
echo('<div align="left"><p class="error">Error: invalid username/password<br />if you cannot remember your password, ask a house manager to reset it for you.</p><p>Access to RMH Homebase requires a Username and a Password. <p>For guest access, enter Username <strong>guest</strong> and no Password.</p>');
echo('<p>If you are a volunteer, your Username is your first name followed by your phone number with no spaces. ' . 'For instance, if your first name were John and your phone number were (207)-123-4567, ' . 'then your Username would be <strong>John2071234567</strong>.  ');
echo('If you do not remember your password, please enter your mothers maiden name:');
    echo('<table><form method="post"><input type="password" name="passanswer"></table>');
echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
$input_answer=md5($_POST['passanswer']);
if ($person['password_answer']==$input_answer){
echo('<table><form method="post">
<tr><td>Please reset your password.</td></tr>
<tr><td>New Password: </td><td><input type="password"name="newpass"></td></tr>
<tr><td>Confirm New Password: </td><td><input type="password"name="newpassconf"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="Set
Password" value="SetPassword"></td></tr></form></table>');
$db_new_pass = md5($_POST['newpass']);
$db_new_pass_conf = md5($_POST['newpassconf']);
if($db_new_pass == $db_new_pass_conf){
change_password($db_id, $db_new_pass);
}
else {
echo('<div><p>Error: Passwords do not match. Please try again.</p></div>    ');
}
}
else {
return 'The answer does not match the one we have on file.';
}
...

The new function works when I unit tested it, but the actual logic still needs to be tested. I have a sandbox setup. I will copy my work from my workspace into my sandbox and give it a try later.



Day Thirty Four: Chapter 8 in Software Development

8.1 Design Principles and Practice
What makes a good user interface?

  1. Completeness: 
  2. Language
  3. Simplicity
  4. Navigability
  5. Feedback and recovery
  6. Data integrity
  7. Client-server integrity
  8. Security
  9. Documentation
8.1.1 The Model-View-Controller Pattern
Separates user interface into three distinct conceptual components:
  • The application's body (the model)
    • Contains the session-specific representation of the data (state) of the system during user-system interactions: active variables and database tables
  • The user interface presentation (the view)
    • Typically a collection of user interface forms, including graphics, text, and various widgets that enable information to be easily transmitted by the controller between the user and the model: HTML and PHP
  • The user input/output and navigational functionality (the controller)
    • Receives user input via the view and initiates a response by making transformations on the data in the underlying model
    • Maintains SESSION, GET, and POST information; verifies user input; and updates other appropriate model elements.
8.1.2 Sessions, Query Strings, and Global Variables
Each individual user who logs in to the system initiates a unique session

8.1.3 Ensuring Security at the User Interface

8.1.3.1 Enforcing Levels of User Access
A user only has access to the functions and data to which he/she is entitled 

8.1.3.2 Password Encryption
Store password data in an encrypted form (md5) to ensure that it is safe if the database is accessed outside the application

8.1.3.3 SQL Injection Attacks
Prevent this exploit by filtering user input

8.1.3.4 Cross-Site Scripting Attacks
Filter external sources

8.2 Working with Code
Explained through examples. Reading the sections helps more than an outline

8.3 Adding New Features: User Interface Impact
This section is important for exercise 8.1.

Monday, April 9, 2012

Day Thirty Three: The End is in Sight

Our group met on Easter Sunday to work on our poster. I looked through some of the example posters for ideas, and my favorite design is this one. The text in the center really jumps out and demands attention. The pictures around the edge can be screenshots or other relevant visual information. The rest of the group really likes this example poster as well.

We are focusing on our experiences in the middle of a release cycle. When we joined XBMC's community for this project, Eden Beta 1 had just been released. Bug reports from Dharma were rapidly triaged by the community and the remaining, high-priority bugs were fixed by the developers. Following the github page and seeing all of the pull requests and all of the changes that were made is rather fascinating. Other groups are experiencing the push to a new release, but Eden is out right now. The major bugs have already been fixed, but there is demand for documentation as a result. The wiki page even has a plea for help. We will mention this shift in focus in our presentation

The poster is still a little rough, but our abstract is finished. We will submit the application email tomorrow during class and continue working on the poster is there is time. I still need to recompile Dharma in order to get screenshots as a reference for our poster. It is funny that I am updating screenshots on XBMC's wiki for Eden, and yet I need Dharma screenshots for our project.

I came across the printing request sheet that must be filled out and noticed a place for the faculty advisor's signature. Is this Dr. Bowring? Also, it mentions a charge for Non-SSM departments, but I am not sure what that means. These are some of the questions that I need to ask in class tomorrow.

Day Thirty Two: Implementing Changes in RMH Homebase

I am a little upset at the moment, my 10.4 virtualbox install of Ubuntu is bugging out on me. I had implemented the get functions in 7.2 and was in the process of getting SimpleTest to work in eclipse, but the GUI isn't even working. I still need to go back and perform unit tests on the other exercises, so I might just start from a fresh install of 11.10. I will update this post once I go through the entire process again.

Update:
I restarted the assignment and got it working. Here are my answers.

Exercise 7.1:

Person.php violates cirterion 5 because it adds a new Person with null values. It is just the default admin account, but it still exists.

Person.php also violates criterion 6 because the first name and the first phone number are redundant with the primary key.

Exercise 7.2:
Here are all of the shift getters:


 function get_shift_month($id){
  return substr($id,0,2);
 }
 function get_shift_day($id){
  return substr($id,3,2);
 }
 function get_shift_year($id){
  return substr($id,6,2);
 }
 function get_shift_start($id){
  if (substr($id, 11, 1) == "-")
    return substr($id,9,2);
  else return substr($id,9,1);
 }
 function get_shift_end($id){
  if (substr($id,11,1)=="-")
    return substr($id,12,2);
  else return substr($id,11,2);
 }

Here are the unit tests that I added:


$this->assertTrue(get_shift_month($s2->get_id()) == "02");
$this->assertTrue(get_shift_day($s2->get_id()) == "25");
$this->assertTrue(get_shift_year($s2->get_id()) == "08");
$this->assertTrue(get_shift_start($s2->get_id()) == "15");
$this->assertTrue(get_shift_end($s2->get_id()) == "18");


Success! No errors or failures (aside from the failure that was present in the original source code)


Exercise 7.3:
First, I made changes to dbInstall.php so I wouldn't forget to add it later:


...

include_once('dbPersons.php');
include_once('dbMonths.php')


// connect
$connected=connect();
  if (!$connected) echo("not connected...<br />");
  echo("connected...<br />");
   echo("database selected...<br />");


// setup all of the tables
   setup_dbWeeks();
   echo("dbWeeks added...<br />");
   //MONTHS
   setup_dbMonths();
   echo("dbMonths added...<br />")
   //SCHEDULE
...

Then, I made my dbMonths.php file.


<?php
include_once('Month.php');
include_once('dbDates.php');


function setup_dbMonths() {
connect();
mysql_query("DROP TABLE IF EXISTS dbMonths");
$result=mysql_query("CREATE TABLE dbMonths (id CHAR(8) NOT NULL, dates TEXT, name VARCHAR(14), weekday_start VARCHAR(9), days TEXT, timestamp DATETIME, PRIMARY KEY (id))");
if(!$result)
echo mysql_error();
mysql_close();
}


/**
 * Inserts a month into the db
 * @param $m the month to insert
 */
function insert_dbMonths($m) {
if (! $m instanceof Month) {
die ("Invalid argument for dbMonths->add_month function call");
}
connect();
$query = "SELECT * FROM dbMonths WHERE id =\"".$m->get_id()."\"";
$result = mysql_query ($query);
if(mysql_num_rows($result)!=0) {
delete_dbMonths($w);
connect();
}
$query="INSERT INTO dbMonths VALUES
(\"".$m->get_id()."\",".get_dates_text($m->get_dates()).",\"".
$m->get_name()."\",\"".
$m->get_weekday_start()."\",\"".
$m->get_timestamp()."\",\"".
$m->get_days()."\")";
$result=mysql_query($query);
mysql_close();
if (!$result) {
echo ("unable to insert into dbMonths: ".$m->get_id(). mysql_error());
return false;
}
else foreach($m->get_dates() as $i)
insert_dbMonths($i);
return true;
}
...


This file is fairly large. I order to avoid swamping this post in code, I will not post the rest


Finally, the testdbMonths.php file:



<?php
include_once(dirname(__FILE__).'/../database/dbMonths.php');
class testdbMonths extends UnitTestCase {
  function testdbMonthsModule() {
    $m=new Month("02","08");    
    $this->assertTrue(insert_dbMonths($m));
    $m=new Month("03","08"); 
$this->assertTrue(update_dbMonths($m));
$m=get_dbMonths("03-31-08");
$this->assertTrue($m->get_name()=="March 2008");
$this->assertTrue(delete_dbMonths($m));


echo "testdbMonths complete";
  }
}
?>


No tests fail or report any errors; however, dbInstall.php does not print that dbMonths was installed correctly.