UNIX Tools Fall 2005: Assignment 4

	UNIX Tools (Fall 2005)	Assignment 4	Due: 11/30/05 before midnight

Overview

In the previous assignment, we wrote a command to create user identifiers, store data with the identifiers, and secure them. In this assignment, we will use this command as a basis to create a simple web-based account system which will enable users to upload and download files over the web.

The web system will support three primary operations:

Create a new account
Edit account settings (including change password)
Login and upload/download files

An example of a system that requires login is the homework account system. For this assignment, there should be a plain HTML page that users will start from that will contain an HTML form asking for a login and password, as well as a link to create a new account.

New accounts

If a user clicks the link to create a new account, he/she will be presented with a form where the following information will be entered:

First name
Last name
Email
Login
Password (use <input type="password">)
Password confirmation (use <input type="password">)

Once this information is entered, your script will use the auth command to create a new identifier in the system (the identifier will be the "login" form element) and associate attributes with the above information. If an account already exists, you will report back an error to the user saying that the account already exists. If any of the attributes are left out, or the passwords do not match, you should report the problem (e.g. "Email is blank", "Passwords do not match").

If the new identifier is successfully created, your script should present the login page (an easy way to do this is to simply cat the main html page).

Login

If a user enters a login and password on the first page and submits the form, your script will check if the identifier exists, and if so it will verify that the password entered is valid. There are two error conditions that must be reported: (1) No such login and (2) password incorrect, each with a link to go back to the password page.

If login is successful, you will present a page with the following options:

Edit password settings: When a user clicks on this link, you will present a form that looks like the new account page, but with the form pre-filled out with the existing attributes for the user. The password elements should be empty; if they are not filled in, the password will not be changed (if they are filled in, they must match before the password is changed). You should support changing the first name, last name, email, and password.
Upload file: When a user clicks on this link, you will present a form that allows for a file upload. When the form is submitted, you will place the uploaded file into the directory that is returned from the auth -g dir comment.
List files: When a user clicks on this link, you will present a list of files in the directory corresponding to the dir attribute. On this page, each file will be a link that when clicked on, will return the contents of the file for download.
Log out: Clicking on this link will go back to the login page.

Notes

When a user is logged in, you will need to pass around the token between pages. The best way to do this is by using a hidden form variable or appending a parameter to the end of links. Another way you can do this is by using cookies (if you use cookies, be sure to clear the cookie on logout).

You must write your scripts with Perl and do not use sed or awk anywhere in your scripts. All account management should be done through the auth your wrote in your last assignment (you do not need to rewrite/change this command). Do not call any shell scripts other than auth. You can fix any issues in the auth command, but do not add features to support this assignment.

Due to issues with the NYU web servers, do not use ~ or $HOME to refer to the root directory where auth keeps it's files. Change your command to have an explicit directory (for example, /home/kornj/.auth). Also, you may need to change your script to access the commands mkdir and touch from /usr/bin, due to issues with other versions of these commands on the web servers.

If you have not already done so, follow the instructions here to set up the directory structure for your HTML files and CGI scripts. If you want to read more about HTML forms, the W3C HTML specification has a good (formal) description here. You should also read the CGI upload example (HTML file CGI script).

Turning in the assignment

You must submit all of your scripts and HTML. Also include a URL where your assignment can be tested in the submission form. Submit using the homework submission system.