Blue Team

1
CEN 3031 Software Engineering, Summer 2005

• Blue Team
• Aaron Kunz (Facilitator)
• Evan Lobosco (GUI)
• Luis Ybarra (Server)
• Midterm Presentation of
• Alert Tracking System

2
Requirements Analysis

• http//www.cise.ufl.edu/revan/reqsto.html

3
Design Solution (see next slide)

• The system will be entirely web based
• The system will consist of a collection of PHP
  scripts interacting with an Oracle database.
• The PHP scripts will interact with each other by
  passing POST variables and modifying SESSION
  variables, as shown on the next slide.

4
(No Transcript)
5
Completed 6/12/2005
6
Current Database Structure

• SQL create table users(
• username varchar(10),
• password varchar(10),
• permissionlevel number(3))
• SQL insert into users values('aaron','smtdxm',99
  9)
• SQL insert into users values('test','test',50)

7
Proposed Database Additions

• create table MESSAGES(
• Mfrom varchar(10) not null,
• Mto varchar(10) not null,
• Mdate varchar(40) not null,
• Mnew char(1) not null,
• Mtext varchar(1000) not null)
• create sequence ALERT_ID
• start with 1
• increment by 1
• nomaxvalue

• Add a field to the USERS table to store
  information about group memberships

create table ALERTS( alertid number not null
primary key, dateposted varchar(40) not
null, postedby varchar(10) not null,
alert varchar(1000) not null,
permissionlevel number(3))
Then, alert posting would be accomplished like
this
insert into ALERTS values(ALERT_ID.nextval,
'date', 'uname','text','1')
8
Login Script (login.php)calls authenticate.php

• !/usr/local/bin/php
• session_start()
• echo"
• Alert Tracking
  System"
• switch (_SESSION'opcode') // The opcode
  variable is used to tell the script which login
  message to display, and is modified by the logout
  script and any page that the // user attempts
  to visit without having logged in.
• case "3"
• echo "You have
  successfully logged out."
• session_destroy()
• break
• case "2"
• echo "You must log in
  first."
• session_destroy()
• break

9
Authentication Script (authenticate.php)called
from login.php

• !/usr/local/bin/php
• session_destroy() //reset all session
  variables (prepare for potential new session)
• session_start()
• putenv("ORACLE_HOME/usr/local/libexec/oracle-clie
  nt")
• if (cOCILogon("akunz", "_mosfet_", "orcl"))
  //connect to Oracle database
• echo "Successfully connected to Oracle."
• s OCIParse(c, "SELECT FROM users WHERE
  username '"._POST'uname'."' AND password
  '"._POST'pw'."'") // check username
  password
• OCIExecute(s)
• while ( OCIFetch(s) )
• _SESSION'user' _POST'uname' //store
  username as a session variable
• _SESSION'opcode'"0" //indicate that login
  was successful
• _SESSION'level'OCIResult(s,
  'PERMISSIONLEVEL') //set session permission
  level to match users permission level

10
Temporary Main Page Script (temp.php)called
from authenticate.php

• !/usr/local/bin/php
• session_start()
• if (_SESSION'opcode' "0") // user is
  logged in
• echo "You are currently logged in as
  "._SESSION'user'.".
  "
• echo "Your permission level is
  "._SESSION'level'.".
  "
• echo "Log Out"
• else // user is not logged in and most likely
  bookmarked this page. Redirect to login page.
• _SESSION'opcode' 2 // Login page will
  say You must log in first.
• header('locationlogin.php')

11
Logout Script (logout.php)called from temp.php

• !/usr/local/bin/php
• session_start()
• _SESSION'opcode'"3" // Login page
  will say You have successfully logged out.
• // This will also ensure that
  the user will be considered logged out
• // by the system since all
  pages consider opcode0 to mean that
  // the user is correctly logged in.
• header('locationlogin.php') // go back to the
  login page
• ?

12
Demonstration!

• http//www.cise.ufl.edu/akunz/midterm/login.php

Main group website
http//www.cise.ufl.edu/revan/