Project Coordinator

Project coordinator is a project that was done as a part of the course Advanced Data Models and Systems at Umeå University given spring 04. The project addresses the problem of coordinating a group. We have built a web application that enables users to form virtual groups. Each formed group has their own forum where the members can exchange information, they are also able to share files among each other. This report briefly describes how this web application has been developed and which tools and programming languages we have used.


Introduction
These days many temporary groups are formed with nothing in common but a joint project.This often leads to problems with coordination in the group.This project is intended to help these groups with a simple way to contact each other, exchange information and possibility to store common files.A web based virtual environment is implemented where a database is used to store files and all information about the users and groups.Each user has to register to get an account on the system.When they are registered they can create and join groups.In each group there is a forum where the members can exchange information and each member has the possibility to upload/download files in the group.The files are stored in a temporal database to make it possible to have several versions of the same file.There is also implemented a search function for the forum and to find groups.
The first thing we did was deciding on the tools to use.We decided to use Post-greSQL as database and to use PHP (Hypertext Preprocessor) to build the web application and handle the communication with the database.For more information about these tools you can visit their websites www.postgresql.comand www.php.net.The work started with designing the database.We constructed an ER-diagram (Entity Relationship diagram).This diagram was then translated to SQL schema.This schema has been slightly changed during the implementation, but not much.We also programmed some trigger that handled some temporal aspects in the database.When we had a running database we started implementing the application using PHP and HTML.The first thing we did was implementing the authentication used in the application.We use sessions to authenticate the users.To be able to use the system a user has to register, he/she will then receive an email with a random password which the user can use to log in.The passwords are stored in database hashed using MD5 hashing algorithm.When a user log in we simply use the MD5 algorithm on the password and compares it with the one stored in the database.When a login is successful a session will be registered, this session contains the username, first name, last name and last login for the authenticated user.These values are used to check if a user has the rights to view a specific page.When this was working properly we continued the implementation with the group management.This part is the key part of the solution which enables users to create groups, remove groups, join groups and exit a joined group.Each user can create any number of groups.A group can be either public (available for all other users) or private.To be able to join a private group the user who tries to join the group has to supply a password for the group.This password is set by the creator of the group (when creating the group) and stored in database using MD5 algorithm.The only one allowed to remove a group is the creator (owner) of the group.For each group a user has joined he/she can navigate to the groups own page.Now when we had implemented the group functionality we continued with the functionality for each group.We started implement a forum were the members of a group could create threads, and posting posts in a thread.All the text in the forum are parsed and cursed words are replaced with stars (*), we also remove some HTML tags and script tags.This is because the risk of someone creating for example a PHP script that loops and prints a line a million times.The curse words that we parse the input for is defined in an array and can easily be changed.The next thing we did was the file management.Each group is also able to upload files, these files can be of any type.The files are stored as large object directly in the transaction time database.If a user uploads a newer version of a file (same name) that is already stored in the database the old file is still stored in the database.When a user want to download a file the file is fetched from the database and directly pushed out to the browser.We have also implemented search functions so a user can search for a string either in the group name or in the description or both.The users can also search for a string in the forum.Every table that displays information has a paging functionality.When entries in a table are over a threshold (now set to 10) there will be a next/previous link at the button of the tables which can be used to view the rest of the entries.When a user logs in to the system every update in the users joined groups are displayed so that he/she easily get an overview of the updates made since last visit.

Result
The final result was satisfying and what we expected from the application.We haven't found any major malfunctions.The goal was to partly solve problems with coordination in small projects group and our solution has accomplished that target.But there are a lot of possible improvements that could be implemented that we didn't have time to do in this course.The first improvement could be to make it possible to upload/download whole directory structures to make it easier to work with the files.There would also be nice if it was possible to change the user profile, for example his/her email address.The database could maybe store a little bit more information about each user, like phone number and address etc.It would be a good idea if there was some kind of admin interface where he/she could be responsible for creating groups and give the users access to them.Also set file quota on each group and be able to delete things from the database.Another nice feature would be to have a calendar, both for users and groups.When a user joins a group he/she also inherits the group's activities to the calendar.There could also be a little more security added, like implementing SSL for the connection between server and clients.

Discussion
We enjoyed doing this project and also learned a lot from it.The part of learning PHP took a little more time then expected.It also takes a lot of time to develop interfaces in PHP because it easy becomes very much code.We have a total of 3400 lines of code.Although PHP was a little hard to learn we think it is a good programming language.There are a lot of resources about PHP on the internet that can help you much.We also like the simple (compared to ODBC) database functions that is available for PostgreSQL.Anyway, it was a fun project to work with.It would have been fun to implement a lot more features to the system but we simply did not have the time to do this.The security in the system isn't maybe the best, we encrypt the user's password before it is put in the database but we don't have any encryption when the client sends the password to the server.If anyone sniffed the password when it is being sent to the server there isn't any problem to log in to the users account.We could have used SSL to secure this link but we did not really have the time to implement a secure SSL connection.Another way to get the password would be if they could get access to the database, now the password is stored hashed (MD5) in the database so that won't harm anyone.Although the rest of the information in the database are not stored encrypted so if someone got the database connection variables they could steal all information.The connection variables for the database are stored in a directory that can not be accessed from internet and is therefore protected.These variables should also be stored encrypted with some symmetric algorithm like AES and not in plain text like now.We have not focused on security in this project but if we were to develop a web application that were to be used in a real situation the above security lacks must be fixed or at least considered.

Conclusion
In this project we have designed a web application that hopefully can help some groups to share information and files.The application has a simple interface and is easy to use.With a little further development we think this can be a useful application to many, especially for project groups in school.

Figur 1 :
Figur 1: Three different versions of one file.