Sonoma State University
Department of Computer Science
CS-370: Software Design and Development
Programming Assignment 3: Bid or Sell

OBJECTIVE

Write a server-side Common Gateway Interface (CGI) application that will allow the currently logged-in user to perform one of two tasks:

  • Bid on an item (currently available at auction)
  • Sell an item (in the auction to the highest bidder)

SPECIFICATIONS

User-interface:
  • Bid on an item: Create an HTML form with a pull-down menu of items currently for sale (if any). The user then enters their highest bid price for the item in a text box. The user then presses a submit button to enter. Note: users may not bid on their own items for sale.
  • Sell an item: Create an HTML form with the following fields: Description of item; Starting bid price; Starting date and time for auction. Note: the duration of all auctions is 168 hours (or 7 days) from the starting date and time. Note: for simplicity, do not include images of the item in your auction website.

Implementation:

  • You may write your Common Gateway Interface (CGI) application in PHP, Python, Perl, Java, C, or C++ (please include a Makefile if writing in C or C++).
  • All form processing must be done on the server-side via CGI.
  • Third party authentication software such as Google, Meta, etc. may not be used.
  • Your application must use the MySQL Relational Database Management System (RDBMS).
  • Your program must generate HTML 5 compliant output. Before generating dynamically-generated web content, create static web pages that you can submit to the World Wide Web Consortium Markup Validation Service at https://validator.w3.org/

SUBMITTING YOUR WORK

  • Please upload your source code (including Makefile if applicable) as a zip or gzipped-tar file.

Programming Assignment 3 Rubric

CRITERIA RATINGS POINTS
Compilation:
Web-base application uses the Common Gateway Interface and runs on the Blue web server in the CS department at Sonoma State University.		 Excellent
2 points
Application runs on the Blue web server at Sonoma State University via the Common Gateway Interface. No HTTP warnings or errors occur. The application is written in PHP, Python, Perl, Java, C, or C++.		 Satisfactory
1.4 points
The application runs on the Blue web server at Sonoma State University via the Common Gateway Interface but some HTTP warnings occur. No HTTP errors occur. The application is written in PHP, Python, Perl, Java, C, or C++		 Needs Improvement
1 point
The program relies solely on client-side Javascript applications for form processing.		 Unsatisfactory
0 points
The Common Gateway Interface is not implemented; OR an HTTP error occurred.		 2 points
Authentication:
Does the server-side application require user-authentication?		 Excellent
4 points
Web-based application requires user-authentication. If a user is logged-in, the web-based application will time-out after five minutes of inactivity. In such cases, the server will prompt the user to authenticate again before continuing. To authenticate, the user must enter their email address and a password or register as a new user with an email address and a password. No third party authentication tools are utilized (e.g. Google, Meta, etc.). No HTTP errors or warnings occur.		 Satisfactory
2.8 points
Web-based application requires user-authentication. The web-based application does not time-out after five minutes of inactivity. No third party authentication tools are utilized (e.g. Google, Meta, etc.). No HTTP errors or warnings occur.		 Needs Improvement
1.5 points
Web-based application requires third-party authentication tools (e.g. Google, Meta, etc.).		 Unsatisfactory
0 points
No user-authentication software was implemented.		 4 points
MySQL implementation:
MySQL is accessed through a database interface on the server side.		 Proficient
3 points
MySQL database is accessed via a server side application running on Blue. The server side is able to send read and write requests to update data managed by MySQL. All data is sanitized before reads or writes to the MySQL to ensure no SQL injections can occur.		 Needs Improvement
1.5 points
MySQL database is accessed via a server side application running on Blue. The server side is able to send read and write requests to update data managed by MySQL. No SQL statements are sanitized before sending to the MySQL server. Therefore, an SQL injection can occur!		 Unsatisfactory
0 points
MySQL is not accessed on the server-side.		 3 points
HTML version 5 compliant output:
Does all dynamically-generated HTML output conform to HTML 5 standard?		 Excellent
1 point
All dynamically-generated output is HTML version 5.0 compliant as verified by the HTML5 validator.		 Satisfactory
0.7 points
One error occurs in the dynamically-generated HTML output when tested with the HTML5 validator.		 Needs Improvement
0.2 points
Two or three errors occur when the dynamic web content is validated with the HTML5 validator.		 Unsatisfactory
0 points
Four or more errors occur in the dynamic web-based output when validated in the HTML validator; OR no web content is output.		 1 point
User Interface:
The server-side's application interface.		 Excellent
5 points
If the user is currently logged in (i.e. authenticated) and has been active within the last five minutes, all of the following sections (and their appropriate content - if applicable) is displayed: Selling; Purchased; Bidding; or Lost Bid.		 Satisfactory
3.5 points
If the user is currently logged in (i.e. authenticated) and has been active within the last five minutes, one of the following sections is missing from the user interface: Selling; Purchased; Bidding; or Lost Bid. The other three sections are present and display results (if applicable).		 Needs Improvement
2 points
If the user is currently logged in (i.e. authenticated) and has been active within the last five minutes, two of the following sections is missing from the user interface: Selling; Purchased; Bidding; or Lost Bid. The other two sections are present and display results (if applicable).		 Unsatisfactory
0 points
If the user is currently logged in (i.e. authenticated) and has been active within the last five minutes, no content is displayed for the following sections: Selling; Purchased; Bidding; and Lost Bid.		 5 points
Total points: 15