come critique my class project

[talz13]

I just set up my gentoo server at home for use with apache, mod_python and postgresql to pretty much mirror the functionality of the server at school that we've been using. I just want to get a little test going of multi-user performance at this fairly early stage of development.

Anyway, it's a web based help-desk application, and while the back end is fairly developed, the front end (web page parts) are still pretty early in development.

Please check it out and (if it's working) let me know what you think. I'd like to know if there's any glaring security problems that you might find, and what would make the general page layout look good (anything that you'd change or add to any sections).

The create user functionality will be added soon in our class version of it (this is just my self-pirated modified copy that I'm running now ), so just use these couple default usernames and passwords:

username: FMuser1
password: madonion

username: FMuser2
password: madonion2

and one thing to note, there isn't really much error checking yet in the text entry fields (like the problem description in submit request). there's possibly enough to stop people from dropping my tables and the like, but not to check for other things that might cause errors when you submit. So if you get some errors, check and make sure you weren't entering funny characters like : ; / kinda stuff.


So anyway, without further ado, here's the link:

http://www.talz13.com/proj/UIhandler.psp


please note that this is hosted on a cable modem w/ 256k upload, so it might get slow if people actually visit
_________________
Gentoo 2004.2 2.4.26-gentoo-r9 kernel
AXP 2100+
epox 8k5a3+
1024mb pc2100
120gb WD SE
GF4 TI4400
SBLive! x-gamer

[dvc5]

Site times out for me, is your DNS updated?
_________________
#define NULL rand() /*heh heh heh */

Green Is Good

[talz13]

it should be, my friends in northern ohio haven't had trouble with timeouts afaik
_________________
Gentoo 2004.2 2.4.26-gentoo-r9 kernel
AXP 2100+
epox 8k5a3+
1024mb pc2100
120gb WD SE
GF4 TI4400
SBLive! x-gamer

[dvc5]

Working now, although you should probably handle the case where the user presses "search" w/out any entry:

[talz13]

there we go, i think i fixed that one. That was the result of a debugging section that was in there, where the if was:

[RedDawn]

Mod_python error: "PythonHandler mod_python.psp"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line 299, in HandlerDispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/psp.py", line 297, in handler
p.run()

File "/usr/lib/python2.3/site-packages/mod_python/psp.py", line 208, in run
exec code in global_scope

File "/var/www/localhost/htdocs/proj/UIhandler.psp", line 28, in ?
mover.getCmd(pageid)(req, form)

File "/var/www/localhost/htdocs/proj/lib/controller.py", line 176, in searchRequest
self.requestList = self.help.selectRequest(self.searchDict)

File "/var/www/localhost/htdocs/proj/lib/helpDesk.py", line 33, in selectRequest
return self.request.selectRequest(searchDict)

File "/var/www/localhost/htdocs/proj/lib/requestContainer.py", line 103, in selectRequest
self.requestDataList = self.handler.queryDB(self.queryString)

File "/var/www/localhost/htdocs/proj/lib/dbWork.py", line 21, in queryDB
self.cur.execute(query)

File "/usr/lib/python2.3/site-packages/pgdb.py", line 189, in execute
self.executemany(operation, (params,))

File "/usr/lib/python2.3/site-packages/pgdb.py", line 208, in executemany
raise DatabaseError, "error '%s' in '%s'" % ( msg, sql )

DatabaseError: error 'ERROR: syntax error at or near "idNumber" at character 96
' in 'SELECT * FROM request WHERE originator = 'FMuser1' AND priority = 'High' AND queue = '1' idNumber = 1123 AND closeStatus = '0' AND owner = 'FMuser2' AND doneStatus = '0' AND dueDate = '2004/11/' ORDER BY idNumber ASC ;'


i typed all this stuff and when i press search.. BOOM!!!

[talz13]

[talz13]

just a little bump.

Still looking for testing, go do whatever you want on it and let me know if it breaks on anything. It seems to be doing better since I fixed those few areas that were brought up in this thread, but I'm sure there is still much left to do
_________________
Gentoo 2004.2 2.4.26-gentoo-r9 kernel
AXP 2100+
epox 8k5a3+
1024mb pc2100
120gb WD SE
GF4 TI4400
SBLive! x-gamer

[brenden]

Entered junk in search fields and voila:

[maxima]

change priority to medium
and originator to FMuser1
and search

[brenden]

Did some more messing around with closing/opening and marking finished/unfinished and voila:

[wescott]

You may want to use encrypted authentication. The page prompts me asking me whether I am willing to send the password as text. This is a definite security hole. I could boot with a HAL 91 boot floppy (verry old) and listen on a computer in your LAN and fetch a password easily.
_________________
Sometimes you feel like a nut, sometimes you don't
Gentoo Forum Member #43303

Yoda of Borg are we: Futile is resistance. Assimilate you, we will.

[talz13]

[talz13]