https://www.esurveycreator.com/s/c134393

My current classwork, to be submitted on Monday, is an evaluation of risk management in software projects. Of course, this is because I intend to have a career in management. (No, really I’m not [runs away screaming])

OK, I’m back and am amused to learn that there have been at least two international workshops on software aging and rejuvenation! Here’s one of the papers.

By the way, I’m currently in awe of the Digital Object Identifier system.

A web-designer I know has just tweeted about the Magic Dance of the Epic Un-bork. How many of you have danced this, and do you dance widdershins or turn wise?

I’ve become minutes secretary for Leith Central Community Council, even though I live in the West End. Their AGM is on Monday the 27th of May. Your attendance is solicited.

Further, new office-bearers will be needed – if you are eligible, give it a go. Contributing to the only body that has statutory, independent input to your local authority and is designed expressly to gather and communicate community opinions can only be a good thing.

So at the ‘show me your website – prove you did the work’ session yesterday, the lecturer added another requirement. This was the ability to delete a record from the database.

It was reasonably trivial to implement – I took longer than I’d have liked because I wanted safety trapping and reporting.

• only an admin could delete a user’s record/account (so delete function was only on the admin page)
• admin accounts can’t be deleted. (I’ve added a bit to the write up, suggesting a superuser who can delete admin accounts)
• The admin has to manually and correctly enter the deletee’s screenname and password. Mismatched or non-existent data earns the admin a lambasting.
• After a successful delete, the webpage reports User Arnöld, whose email was T-101@skynet.com, has been terminated.

I could have built in more safeguards or options such as You entered user JöhnCönnör but email address sarah.connor@resistance.com. JöhnCönnör‘s email address is john.connor@resistance.com, and sarah.connor@resistance.com‘s username is SärähCönnör. Did you wish to terminate

• JöhnCönnör/john.connor@resistance.com
• SärähCönnör/sarah.connor@resistance.com
• both
• neither

(The bullet points would be buttons.) However, this would have added to the complexity of the code without demonstrating any new skills, apart from possibly the PHP script which is called in cases of mismatch calling (and passing suitable parameters to) a separate PHP script to do the actual deletion. I’ve only passed parameters from PHP-enabled webpages to PHP scripts and JavaScript scripts, from PHP scripts back to PHP-enabled web pages and from JavaScript scripts to PHP scripts, not from one PHP script to another, so this might have been interesting.

But deletion is stupid! As was pointed out in the database systems course at the start of the MSc, and again in the Information Systems Engineering course last term, and by another correspondent, deleting a user-account is likely to delete transactions associated with that user. (Thank goodness I didn’t try to implement an e-commerce site – I’ve no idea [yet] how to set up relations in MySQL but I suspect it can’t be too hard.) Instead, such users should be marked as inactive. If the number of inactive users degrades performance, they can be moved to a separate database (with the option of reinstating them if so desired).

And as for adding an extra requirement 5 days before the submission deadline, BAH!

Anyway, I’ve now submitted my website code and printed my write-up (note no TurnItIn check!) to hand in on Monday.

I’ve done as much as I’m going to do on the web design coursework. The site is here. If you want the database stuff to work, you’ll need to feed this script into PHPmyadmin.

For those of you who aspire to be administrators, go here.

The write-up has taken a working day. Writing it helped me find several errors (now fixed, I think) and plenty of scope for improvement if this site was ever to go live. Enjoy!

OK, I’ve got as far as test 2 and History/culture lesson 2 – that’s enough to demonstrate my web-programming, ahem, skills. In place of language lesson 3, there’s a page exhorting students to buy the dead-tree-format dictionary and take the course for real.

Test 2 uses AJAX/JSN to pull the questions out of the database. This is un-necessarily complex for this context, but possibly worthwhile if I was to have lots of questions, and a script that pulled 20 random questions from this pile. Of course, the actual reason for using AJAX/JSON is to get the marks available for doing so.

it’s taken me until now to deal with the situation where a student has passed test 1, but then logs out and returns at a later date. To prevent non-linear progress, the list of lessons in the left sidebar had no links to actual lessons, apart from lesson 1. Then a student would have to go to lesson 1, then from there to test 1, and could only proceed to history/culture lesson 1 by passing test 1 (or by hacking the URL). Access to lesson 2 was only from history/culture lesson 1, and so on.

I realised today that the list of lessons needed to be augmented such that links would be in place if the student had passed relevant lessons. So it was fairly simple to make the side-bar code a PHP file (it had been a single HTML file, included into every relevant page) and then include PHP nuggets calling PHP scripts that echoed enlarged fonts, with links if relevant scores in the DB were >19. (Yes, PHP’s woeful arithmetic bug struck again. Using if (score=20) didn’t work yet again.

(Aarrgghh, I’ve just realised if (score==20) may well have worked! If so, I apologise to PHP!)

So just the admin functions (contact us, amend and delete accounts) to go…

I’m very disappointed that we didn’t finish the Touro yesterday. Here’s the cyclemeter map of where we got to. (The full route is here.)

After fighting our way up long slopes, in parts an inch deep with rain, and trying to stay on while ever-present but gusty wind did its best to stop us, we’d just started the descent to Crosslee (about 19 miles, 2 hours 20 minutes) when a marshal-car caught up with us. The marshal strongly advised us to turn back – due to flooding and wind, the long route was closed, a river was threatening to burst its banks at Traquair, a rider had been blown off his or her bike and we still had the biggest (and presumably most gusty) ascent ahead of us.

We were both soaked through and shivering, and neither of us were enjoying the ride. My gloves were sodden from rain running down my sleeves, gusty wind meant I couldn’t stay clipped in and visibility was pretty poor. So we made the logically correct but emotionally incorrect decision to turn back. The return to the Gordon Arms was fairly swift (the sun even tried to come out) but cold. We stopped there for about half an hour, enjoying chat with other riders, basking in front of the log fire and wringing out sodden kit.

We were offered a lift back to Peebles but by then the rain had abated slightly and we wanted to ‘finish’ under our own steam. The final 12 miles were lovely – the sun came out, it was warm enough to ride without gloves and I enjoyed pelting downhill through through 4-inch deep floods (Elly didn’t like this).

Back at Peebles High School, spectators were applauding finishers – I don’t know how to describe how fraudulent this felt. We skulked away fairly soon back to our hotel for tea and dry clothes. Both of us cried – we had trained for 4 months, made all that effort for what felt like nothing. The sadness is just about gone and we’ve promised ourselves we’ll go back and do the route so that we can feel we were delayed, not beaten.

We weren’t the only ones advised not to finish – there were already about 40 timing chips in the DNF pile by the time we got back to Peebles, and another Lifescycler wrote ‘I bailed after almost coming to grief on a climb’ (There are other comments here and here [Facebook].) Other Lifescyclers did finish, one despite 4 punctures and another who ‘came off and went underwater at one point…’

In all, we did 38 miles at an average speed of 9·8 mph.

Ah well, Tour de Forth and other sportives beckon…

UPDATE
Thanks so much to Lifescyclers tonight for positive talk and encouragement – now feeling ‘well, we gave it a good shot … and we’ll be back to beat it!’

Here’s some photos (all blagged from Facebook)

Andy and his dream-machine	conditions en route
flooding en route	floods at Traquair – yeehah!
conditions at finish
Bruce ‘finishing’	Bruce and Elly ‘finishing’

Many websites use databases. And databases use special characters to do things, such as mark the ends of input. For example, a website might use PHP code to look in a table of registered users. If this code doesn’t include suitable protection, nasty people can do nasty things by including the special characters in their input. (See here for examples.)

Fortunately, PHP provides ways to sanitise input by replacing such nasty characters with harmless equivalents. Unfortunately, I can’t get them to work.

My first obstacle was that my test called a piece of javascript to assemble the student’s answers into a string of name-value pairs: answer00=students_answer&answer01=students_answer&…, then tack this onto the URL of the PHP script which handled these answers. The PHP script then used GET to pull the data from the augmented URL, decode this string into separate variables, one per answer. Removing nasty input in javascript looks fiendishly complex.

So I wanted to send the answers straight to the PHP code. My way around doing this was to make my test a form, and accept the ugliness thereof. The javascript piece could go (it was an echo of a technique used in the registration step to admonish when incomplete data was given), so long as I made the test POST its answers straight to the PHP code.

It should, then, have been straightforward to sanitise the input by adapting the examples given at php.net. Several hours of out-of-cheese errors later, I wimped out. Despite the sanitised versions looking exactly as they should (so “text’ became “text’), my answer-processing code choked every time. My approach became let’s assume my website will never be attacked, so the only character I have to worry about is ‘ because Klingon uses loads of them!

PHP provides a function that removes any set of characters from a ‘victim’ string – and the result is guaranteed to be a string. So subjecting each answer to removal of ‘ would suffice. Eventually I had code that did just this. (It’s unbelievable how many typos can be made in repeating $escapedq00 = str_replace ($search, $replace, $q00); 20 times, even when using copy and paste!

So I can now sanitise answers enough for this classroom exercise. I freely admit, both here and in my code, that it’s jsut not good enough for real life. But I can now move on to the rest of the MoSCoW list. Hurrah! No more out-of-cheese errors, and the webTribble is untroubled.

update to previous report

More progress but blindingly slow. I am in deep loathing of PHP:

One of my functions gets a number of rows from a MySQL database. A number of rows can only be zero or a positive integer, depending on the SQL select instruction used. My select instruction narrows this range to 0 or 1, depending on whether a question has been answered correctly. And I’ve echoed both results to screen, many, many times – always 0 for an incorrect answer and 1 for a correct answer

So I should be able to do
if ($numrows = 1) {
$score++;  //update the student’s score

But that doesn’t work. This does:
if ($numrows > 0) {
$score++;  //update the student’s score

That cost me over 4 hours of hair-pulling.

Clumsy code
My code is pretty clumsy, I think. To mark a test of 20 questions:

1. I set up two 1-D arrays, each of 20 elements. The first contains the student’s answers. The second contains text strings which are the same as the column headings in a MySQL table called wrongright.
2. For each question, I compare the student’s answer (dragged back out of the first array) with the value dragged from a correct_answers table – this drag uses the contents of the second array. If the answer is correct (this is where the above moan happens),
   1. a variable for the student’s score for this test is incremented by 1
   2. ‘1’ is written to the the MySQL table, in the row for this test and the column for the question being processed.

   If the answer is incorrect, ‘0’ is written.

3. When all the questions have been processed, the student’s final score is written to a students table, in the row for the current student and the column for this test.
4. If the final score is greater than 19 (cos again normal integer arithmetic fails), the PHP code exits by sending an HTML page which congratulates the student. Otherwise the PHP code exits by sending an HTML page which tells the student he or she has failed the test.
5. The ‘you have failed’ page contains many PHP nuggets.
   1. Most just include bits of HTML which are common to all pages – so if I decide to change one of these features, I only need to change one bit of code
   2. The first serious nugget calls the student’s screen name from session storage.
   3. The next calls a script to list the questions answered incorrectly. This code again has two arrays. The first is contains text strings which are the same as the column headings in wrongright. The second has text strings ‘question 01’, … ‘question 20’. For each question, if the relevant field in wrongright contains ‘0’, the relevant bit from the second array is called. So the student is told something like ‘You got the following questions wrong: question 01, question 07, question 20’.
   4. The next calls a script to retrieve this student’s score from the table of students. So the student is told ‘You scored $score out of 20.’
   5. The final one gives the student some feedback. It drags the score back from the table of students, then echoes an epithet back to the HTML page:
      • score < 20, epithet=” Not bad for a human. Miserable for a member of an intelligent species.”
      • score < 18, epithet= ” You must study harder.”
      • score < 15, epithet=” You must study much harder.”
      • score < 10, epithet=” petaQ! (Look it up.)”
      • score < 5), epithet=” You are a miserable excuse for a lobeless Ferengi.”

      This uses a chain of if statements because of my problems with PHP’s integer arithmetic. (It would be so much cleaner to use a switch statement.)

MoSCoW
Must

• Find a way of sanitising input so that apostrophes don’t stuff up my code
• Write appropriately sanitised answers. (The ‘correct’ answers are currently ‘A’, ‘B’, … , ‘T’)
• Write history/culture lesson 1 and an unmarked history/culture assignment.

Should

• language lesson 2
• test 2
• history/culture lesson 2 and its unmarked history/culture assignment.
• A nice ‘you have finished – your final score for the whole scheme was …’ finishing page.

Could

• language lessons 3-6
• test 3-6
• history/culture lesson 3-6 and their unmarked history/culture assignment.

Won’t

• negative marking – deducting points from the student’s total score
• if the adjusted total score falls below a certain percentage, send the student back to the beginning
• a ‘thermometer’ in the right sidebar representing the student’s progress

Fun bits

• the epithets
• Microsoft = (translating the parts of the word, tunHom [tun = ‘soft’, -Hom = diminutive]).
• ****ing evil computer = De’wI’ mIgh jay’
• my code traps ‘out of cheese’ errors (should a certain PHP nugget fail to make contact with the database). All error traps enable users to email the webTribble