CSC 107

Server-Side Scripting for the Web

Smith College > CS Dept > CSC 107 > Assignments > Files

Course Links

• Home
• Syllabus
• Calendar
• Texts
• Requirements
• Schedule
• Office Hours
• TA Hours
• Student Pages

Assignments

• Assignments
• Labs
• How to Submit
• Citation Guidelines

Resources

• Links

External

• C.S. Dept.
• Smith College

This assignment is designed to help you practice working with the file system under PHP. You should begin by completing the exercises in the lab on file operations, and then proceed to the task below.

A Guestbook Application

For this assignment, you will create a page that will store and display comments in a guestbook. Since these comments will be provided by visitors to the site, you must be careful about proper security. Make sure that your page implements the following measures at all times:

1. All visitor input is sanitized before it is stored or displayed, either using strip_tags or htmlentities.
2. No input beyond some reasonable size will be accepted for addition to the guestbook. (You can use the strlen function to check the length of a string.)
3. No input will be added to the guestbook if the guestbook file exceeds a reasonable size limit, say 32 KB. (You can use the filesize function to check the size of a file.)

Guidelines

Begin with a design in mind. A simple guestbook might include a guest's name, a comment, and perhaps a timestamp. You will need form inputs for the first two; the last you can get from the system clock. The lines below will store the current date and time in the variable $date.

date_default_timezone_set("America/New_York");
$date = date("d/m/Y \a\\t h:i A");

When your page loads, it should check whether there is form data available in the $_POST superglobal. If there is, it should read the comment and name fields, sanitize them, and construct the date string. After checking the comment and file size limits, it should (assuming everything is within the limits) open a data file in append mode and add the name, comment, and date as formatted HTML content.

At this point, whether or not a new comment has been added, your page should load in the contents of the guestbook data file and add them to the web page. This displays the guestbook. The form to add a new entry can follow.

Note that the guestbook data file should be owned by your course account, not by apache. Thus due to the permission restrictions on maven, you will have to create an empty file and grant read/write permissions to everyone. For extra security, you should locate this file outside the web file tree -- in other words, not within your public_html folder. Use your knowledge of Unix file paths to direct your PHP script to the correct location.