Allowing Threaded Comments on Your Portfolio

Assignment 6 – October 8, 2006

Due: During your discussion section

Language: Use a web scripting language (PHP preferred).

Do not use a framework for this assignment. It is simple enough that a full-scale framework would be overkill. If you plan to implement some additional features like spam protection, gravatar support, etc. then you might want to use some libraries to do that but avoid frameworks¹. If you have already used a framework for your assignment 5, talk to your TA.

The course polices actually discourage the use of frameworks.

• Enable threaded comments for each of your projects
• Enable simple protection from spam and profane words
• Protect against embedded html that might break your page
• Integrate this assignment with the previous assignment

• Learn some basics of web scripting languages
• Learn some basic database design

For this assignment, you will be working with the same partner that you did for assignment 5 (that means more pair programming!). Changes can be made to your copy of assignment 5 to accommodate these new requirements. You should talk to your partner on how to approach this problem. You need to enable comments for each project on your portfolio.

Instead of the boring type of comments that you can find on web blogs, you will be implementing threaded comments. For examples of threaded comments, please visit slashdot. That means there is some hierarchy to the comments. If you want, you can also implement sorting by date, comment score, etc.

While having comments are nice, sometimes some random stranger might leave profane terms in the comments. Also, some people might also flood your comments by leaving link to other sites. You will think of ways to avoid both of these problems. There are various different ways to do this and it will be interesting to see what everyone comes up with. For instance, some sites make you actually type in the word displayed on an image before allowing you to post a comment. Another way would be to just allow all comments but you, as the web author, have to release each comment before they are displayed. Talk to your partner and come up with some fun ideas.

To protect against profane terms, you might want to keep a dictionary of words and just do an on the fly replacement of those words. For instance, “idiot” might be replaced with “person who is not so smart”. Use your own imagination to see what words and their euphemisms you can come up with. ; )

While allowing comments is nice, it also brings up some potential security issues. The user can embed Javascript/HTML that can break the layout of your page. Also, if you are not careful, the user can enter a SQL query as a comment and delete all the tables in your database. Think of how you will protect against this and implement it.

This project will require using a database and some web scripting language. If you already have a web server set up, you can go ahead and use it. We are trying to provide you with PHP and MySQL access but it depends on when TSG replies. Updates from them will be posted here and on the newsgroup.

While the description of the project is simple enough, your main hassle would be dealing with PHP and MySQL (or whatever language or database of your choice). Why? Here are a list of things that you need to keep in mind as you approach this:

• How do you associate comments with a page? Is it going to be by page title, project title. etc? What if you rename your page? What if you delete the page? This is a very important question. You do not want to just regenerate your portfolio from scratch every time and lose all your previous comments.
• How would you associate comments with one another? What if you deleted the parent of multiple comments?
• What kind of metadata would I have to associate with each comment? Maybe I need to know the date, author, score, etc?
• What if one of those fields above are missing? For instance what if author was not specified? Would it affect anything?
• What contents would I allow in my comments? Some primitive HTML (for links, pictures, etc) or just plain text?
• How would I integrate this with my portfolio generator? The code for including comments should be automatically generated for each page.
• ...

The above are interesting issues that must be taken care of. We will address those issues during discussion section.

IMPORTANT Again, do not forget that you have to integrate this assignment with assignment 5 and make it feel like a real application. That means when I generate the portfolio, I should have the code that enables comments already embedded into the portfolio. More importantly, when I regenerate a project, there must be some way to ensure that I do not lose the comments that were there previously. In other words, your program should give you the option to retain the previous comments even if you are generating. Also, this time around, we want to see that every project so far has been entered in your portfolio and that it is working properly.

A word of advice. Use the database properly. It is hard to define what properly means but I can give an example of what not to do. Do not create ONE table with only ONE column and then dump everything as a string inside that column! That string that you dump in happens to be the serialized form of an object. So instead of using the database for information retrieval, you treat it as a large dumping ground for you to serialized your objects and then recover it. If the previous sentences do not make sense to you, then it is fine. It probably means that the atrocious idea did not occur to you and that you will use the database properly.

Hints:

1. For PHP reference, nothing beats PHP.net. Not only do you get proper documentation but you can also read the comments on each page and get hints on how to use those functions.
2. For Windows users, installing PHP, MySQL and Apache can be tricky. So there are installation packages like EasyPHP that helps make the process easier.
3. If you are uncomfortable with accessing the database from the command line, then a MySQL GUI tool might be helpful. Try googling for the term "MySQL GUI". Most come with a 30-day trial. phpMyAdmin is also a good tool built with PHP that does this well.
4. I have the lecture slides on passing variables between pages in PHP that I did from Fall 2005. They might be useful. All source code files are included and are mentioned at the bottom right of the relevant slides. Get them from here.

Grading:

• Technical:
  • Did you enable threaded comments? [5]
  • Did you enable some protection against embedded html/javascript? [5]
  • Did you enable simple protection for spam and profane words? [5]
  • Did you use a database properly ? [5]
  • Did you have ways to "remove" unwanted comments? [5]
  • Did you integrate this assignment with the previous one? [5]
  • Can you retain previous comments each time you generate your portfolio? [5]
  • Are your previous projects in the portfolio? [5]
  • Does your program feel like a real application? [3]
  • Did you do real pair programming? [5]
• Style:
  • Were comments adequate? [3]
  • Were meaningful names use for variables, constants, and functions? [3]
  • Was the naming convention consistent? [3]
  • Are most functions less than 25 lines? [3]
  • Did you use multiple files for your source code? [3]
• Participation:
  • Did you ask questions in discussion section? [10]
  • Are you able to explain how the program works (without your partner)? [10]

Notes

Can you retain previous comments each time you generate your portfolio? Some times you really want to generate everything from scratch and then it is fine to remove all your previous comments. But what if you want to generate a new project and keep the existing projects intact? Right now, most of your portfolio generator generates everything from scratch and does not keep the previously generated projects. With comments it becomes slightly more tricky now. You cannot just generate from scratch since you want to retain the comments. What you need is some form of incremental generation for new projects. Also do not forget that sometimes you want to make changes to existing projects e.g. add a new author, add a new file, etc without actually marking that as a new project (just a modified project). How would you take care of that?

¹ Why avoid frameworks? In general, frameworks are great for doing stuff. However, in a classroom setting, they suck. I have seen students using frameworks in the previous semesters. And only those who know the framework have an idea of what is going on when they present. The other students who have never seen it before will not be able to see what is going on and are left in the dark. And there is not enough time to explain how the framework works within 20 minutes to the other students. Frameworks are not something that you can easily pick up in one sitting. Now the question: what is a framework and what is a library? If you must structure your files and code in such a way so that the you can work with the component, then that system is a framework (plug your code into the component). If you can easily integrate your code with the system, then that component is a library (plug the component into your code). Also, you might want to check out frameworkitis. Talk to your TA and see what he says.