Conception & Realization Of A Dynamic Web Site For The University Of Kasdi Merbah Ouargla

People's Democratic Republic of Algeria Ministry Of Higher Education And Scientific Research

Dissertation submitted in partial fulfillment of the requirements for the Degree of " Academic Applied Studies

Diplomas" in Computing Sciences Supervised by : Realized by : Mr. A. HERROUZ GUERGAB Toufik

KHEDRANE Atallah

Academic Year: 2007/2008

Kasdi Merbah-Ouargla University Faculty Of Engineering Sciences

Computing Department

The Conception & Realization Of A Dynamic Web Site Promotion 2008

2

The Conception & Realization Of A Dynamic Web Site For The University Of

Kasdi Merbah Ouargla

By KHEDRANE ATALLAH &

GUERGAB TOUFIK


3


4

To our God,, our parents, professors & all our friends for making

All this possible


5

Table Of Contents

General Introduction …………………………………………………………. 07 Chapter 01 : Web & Internet Technology & compenents. I. 1. Introduction ……………………………………………………………………… 09 I. 2. The Internet ……………………………………………………………………… 09 I. 2. 1. Internet History ………………………………………………………………. 09 I. 2. 2. Internet Management ……………………………………………………….. 11 I. 3. Internet Protocols ………………………………………………………………. 12 I. 3. 1. Architecture model TCP/IP ………………………………………………… 13 I. 3. 1. 1. The TCP/IP Model ……………………………………………………….. 13 I. 3. 1. 2. TCP/IP Model Layers ……………………………………………………. 13 I. 3. 2. IP Protocol …………………………………………………………………… 17 I. 3. 2. 1. IP Addressing ……………………………………………………………... 17 I. 3. 2. 2. IPv6 (IPng) ………………………………………………………………… 18 I. 3. 2. 3. Domain Name System (DNS) ……………………………………………. 19 I. 3. 3. The TCP protocol ……………………………………………………………. 19 I. 3. 4. The HTTP protocol ………………………………………………………….. 20 I. 3. 5. The FTP protocol ……………………………………………………………. 21 I. 3. 6. The SMTP protocol ………………………………………………………….. 22 I. 3. 6. 1. POP3 ……………………………………………………………………….. 22 I. 3. 6. 2. IMAP ……………………………………………………………………….. 23 I. 4. Internet Services ………………………………………………………………… 23 I. 4. 1. Electronic Mail (E-mail) ……………………………………………………. 23 I. 4. 2. World wide web ……………………………………………………………… 24 I. 4. 3. Internet forums ………………………………………………………………. 24 I. 4. 4. Internet Relay Chat (IRC) ………………………………………………….. 24 I. 4. 5. Telnet ………………………………………………………………………….. 24 I. 5. The World Wide Web …………………………………………………………... 25 I. 5. 1. History of the world wide web ……………………………………………... 25 I. 5. 2. The Web ………………………………………………………………………. 26 I. 5. 3. How the web works? ………………….…………………………………….. 27 I. 5. 4. Web Architecture ……………………………………………………………. 28 I. 5. 5. Weaknesses of the WWW …………………………………………………… 29 I. 5. 6. Success of the WWW ………………………………………………………… 29 I. 6. Hyper Text Markup Language (HTML) …………………………………….. 30 I. 6. 1. What is HTML ? ……………………………………………………………... 30 I. 6. 2. HTML history ………………………………………………………………… 30 I. 7. Addressing system URL ………………………………………………………... 32 I. 7. 1. Dynamic URLs vs. Static URLs ……………………………………………. 33 I. 8. Web Databases ………………………………………………………………….. 37 I. 8. 1. Scripting language CGI …………………………………………………….. 37 I. 9. Client / Server architecture ……………………………………………………. 38 I. 9. 1. The Web server ………………………………………………………………. 39 I. 9. 2. The Web client ……………………………………………………………….. 39


6

I. 10. Internet security ………………………………………………………………. 39 I. 10. 1 Principales Defense Technologies ………………………………………... 40 I. 10. 1. 1 FireWalls ………………………………………………………………….. 40 I. 10. 1. 2 Cryptography …………………………………………………………….. 40 I. 10. 1. 3 Virus .………………………………………………………………………. 41 I. 10. 1. 4 Proxy Servers …………………………………………………………….. 41 I. 10. 1. 5 VPN ………………………………………………………………………... 42 I. 10. 1. 6 Intrusion Detection System (IDS) ……………………………………… 42 I. 11. Conclusion ……………………………………………………………………... 44 Chapter 02 : Web Site Security ………………………………………………. II. 1. Cross Site Scripting XSS ……………………………………………………… 46 II. 1. 1. What is Cross Site Scripting? …………………………………………….. 46 II. 1. 2. Site owners are always confident, but so are hackers! ………………… 47 II. 1. 3. The repercussions of XSS ………………………………………………….. 47 II. 1. 4. A practical example of XSS on an Acunetix test site …………………… 48 II. 1. 5. Why wait to be hacked? ……………………………………………………. 50 II. 2. SQL Injection …………………………………………………………………... 51 II. 2. 1. SQL Injection: What is it? …………………………………………………. 51 II. 2. 2. SQL Injection: An In-depth Explanation ………………………………… 51 II. 2. 3. SQL Injection: A Simple Example ………………………………………... 52 II. 2. 4. The impact of SQL Injection ………………………………………………. 53 II. 2. 5. Preventing SQL Injection attacks ………………………………………… 53 II. 4.Conclusion ………………………………………………………………………. 54 Chapter 03 : Kasdi Merbah University Presentation ……………………………... III. 1. Introduction …………………………………………………………………… 56 III. 2.Genesis and evolution of the University of Kasdi Merbah Ouargla ……. 56 III. 3.Ouargla University Administrative management …………………………. 57 III. 3. 1. Rector ……………………………………………………………………….. 57 III. 3. 2. The Governing Council …………………………………………………… 57 III. 3. 3. Scientific Council ………………………………………………………….. 58 III. 3. 4. The Directorate ……………………………………………………………. 58 III. 4.Conclusion ……………………………………………………………………… 59 Chapter 04 : Analyse & conception ………………………………………….. IV. 1. Introduction ……………………………………………………………………. 61 IV. 2. Scope statements ……………………………………………………………… 61 IV. 2. 1. Contexte …………………………………………………………………….. 61 IV. 2. 2. General description ……………………………………………………….. 61 IV. 2. 3. Data Description …………………………………………………………... 62 IV. 2. 4. Operations and Traitements ……………………………………………… 63 IV. 4. Conclusion …………………………………………………………………….. 64 Chapter 05 : Implementation ……………………………………………………….. V. 1. Introduction …………………………………………………………………….. 66 V. 2. The workspace compenents …………………………………………………... 66 V. 3. Implementation Tools …………………………………………………………. 66


7

V. 4. What is PHP ? ………………………………………………………………….. 67 V. 4. 1. How do PHP works ………………………………………………………… 69 V. 4. 2. The key difference between PHP and JavaScript ………………………. 70 V. 5. MySQL …………………………………………………………………………... 71 V. 5. 1. An Overview of MySQL Architecture …………………………………….. 72 V. 5. 2. MySQL Characteristics ……………………………………………………. 72 V. 6. How do PHP and MySQL work together? …………………………………. 73 V. 7. PhpMyAdmin …………………………………………………………………… 74 V. 8. The web Server software ……………………………………………………… 74 V. 8. 1. Internet Information Server ……………………………………………….. 75 V. 8. 2. Apache Server ……………………………………………………………….. 75 V. 8. 3. Apache & IIS comparision ………………………………………………… 76 V. 9. Other Scripting Languages …………………………………………………… 78 V. 9. 1. JavaScript ……………………………………………………………………. 78 V. 9 .2. XML …………………………………………………………………………... 78 V. 10. AJAX …………………………………………………………………………… 78 V. 11. The system presentation …………………………………………………….. 79 V. 11. 1. Administrator space ………………………………………………………. 80 V. 11. 2. Professor space ……………………………………………………………. 84 V. 11. 3. Student space ………………………………………………………………. 88 V. 11. 4. The guest ……………………………………………………………………. 90 V. 12. Conclusion …………………………………………………………………….. 91 General Conclusion ………………………………………………………………….. 93 Bibliography & webography ……………………………………………………….. 82


8

General Introduction


9

General Introduction :

The Internet is a worldwide system of computer networks, a network of

networks in which users at any one computer can, if they have permission, get

information from any other computer (and sometimes talk directly to users at other

computers). Today, the Internet is a public, cooperative, and self-sustaining facility

accessible to hundreds of millions of people worldwide. Physically, the Internet

uses a portion of the total resources of the currently existing public

telecommunication networks.

In this project we’ll present the process of the realization of a dynamic web

site and sharie the university of Kasdi Merbah Ouargla data base on the net to keep

the interconnection between the administration, professors and the students.

This dessirtation include five chapters witch are:

The first chapter we described the web and internet technology and its

components wich is considered as the base of our system.

The second chapter we discussed the web sites security giving an overview

on the most common hacking technics used on the web and also giving some

practical examples and proposed some useful solutions.

The third chapter we presented the University Of Kasdi Marbah Ouargla.

The forth chapter was reserved for the analyzation and conception phase of

our project, describing in a detailed and a complete manner the deferents functions

supported by our system, also the data description in the DB.

The last chapter completes the previous one in exposing the deferent parts of

the system and presenting the work space components and the site features.

Finally we ended this dessirtation with a general conclusion.


10

1. Web & Internet Technology

& Components


11

I. 1. Introduction :

The Internet and the World Wide Web are not one and the same. The Internet is

a collection of interconnected computer networks, linked by copper wires, fiber-

optic cables, wireless connections, etc. In contrast, the Web is a collection of

interconnected documents and other resources, linked by hyperlinks and URLs.

The World Wide Web is one of the services accessible via the Internet, along with

various others including e-mail, file sharing, online gaming and other services..

Today, the Internet is a public, cooperative, and self-sustaining facility

accessible to hundreds of millions of people worldwide. Physically, the Internet

uses a portion of the total resources of the currently existing public

telecommunication networks.

I. 2. The Internet :

The Internet is named after the Internet Protocol, the standard communications

protocol used by every computer on the Internet. The Internet can powerfully

leverage the ability to find, manage, and share information. Never before in human

history has such a valuable resource been available to so many people at such little

cost.

I. 2. 1. Internet History :

The conceptual foundation for creation of the Internet was significantly

developed by three individuals and a research conference, each of which changed

the way we thought about technology by accurately predicting its future:

• Vannevar Bush1 wrote the first visionary description of the potential uses for

information technology with his description of the "memex" automated

library system.

• Norbert Wiener1 invented the field of Cybernetics, inspiring future

researchers to focus on the use of technology to extend human capabilities.

1 Vannevar Bush established the U.S. military / university research partnership that later developed the ARPANET, and wrote the first visionary description of the potential use for information technology, inspiring many of the Internet's creators.


12

• The 1956 Dartmouth Artificial Intelligence conference2 crystallized the

concept that technology was improving at an exponential rate, and provided

the first serious consideration of the consequences.

• Marshall McLuhan3 made the idea of a global village interconnected by an

electronic nervous system part of our popular culture.

In 1957, the Soviet Union launched the first satellite, Sputnik I, triggering US

President Dwight Eisenhower to create the ARPA4 agency to regain the

technological lead in the arms race. ARPA appointed J.C.R. Licklider5 to head the

new IPTO6 organization with a mandate to further the research of the SAGE7

program and help protect the US against a space-based nuclear attack. Licklider

evangelized within the IPTO about the potential benefits of a country-wide

communications network, influencing his successors to hire Lawrence Roberts8 to

implement his vision.

Roberts led development of the network, based on the new idea of packet

switching discovered by Paul Baran9 at RAND, and a few years later by Donald

Davies10 at the UK National Physical Laboratory. A special computer called an

Interface Message Processor11 was developed to realize the design, and the

ARPANET12 went live in early October, 1969. The first communications were

1 Norbert Wiener developed the field of cybernetics, inspiring a generation of scientists to think of computer technology as a means to extend human capabilities. 2 The 1956 Dartmouth Artificial Intelligence (AI) conference gave birth to the field of AI, and gave succeeding generations of scientists their first sense of the potential for information technology to be of benefit to human beings in a profound way. 3 Marshall McLuhan was the first person to popularize the concept of a global village and to consider its social effects. 4 Advanced Research Project Agency : is the innovative Research & Defense organization that funded the development of the ARPANET. 5 Joseph Carl Robnett "Lick" Licklider developed the idea of a universal network, spread his vision throughout the IPTO, and inspired his successors to realize his dream by creation of the ARPANET, which then led to the Internet. He also developed the concepts that led to the idea of the Netizen. 6 Information Processing Techniques Office : was funded the research that led to the development of the ARPANET. 7 Semi-Automatic Ground Environment : The SAGE program significantly advanced the state of the art in human-computer interaction, influenced the thinking of J.C.R. Licklider, caused the establishment of the MIT Lincoln Laboratory where Lawrence Roberts later worked, and established one of the first wide-area networks. 8 Lawrence (Larry) Roberts was the ARPANET program manager, and led the overall system design. 9 Paul Baran developed the field of packet switching networks while conducting research at the historic RAND organization, a concept embedded in the design of the ARPANET and the standard TCP/IP protocol used on the Internet today. 10 Donald Davies and his colleagues at the UK National Physical Laboratory independently discovered the idea of packet switching, and later developed a smaller scale packet-switched version of the ARPANET. 11 The Interface Message Processor provided a system independent interface to the ARPANET that could be used by any computer system, thereby opening the Internet network architecture from the very beginning. 12 The ARPANET was the first wide area packet switching network, the "Eve" network of what has evolved into the Internet we know and love today.


13

between Leonard Kleinrock's research center at the University of California at Los

Angeles, and Douglas Engelbart's center at the Stanford Research Institute.

The first networking protocol used on the ARPANET was the Network

Control Program1. In 1983, it was replaced with the TCP/IP2 protocol developed

by Robert Kahn, Vinton Cerf, and others, which quickly became the most widely

used network protocol in the world.

In 1990, the ARPANET was retired and transferred to the NSFNET3. The

NSFNET was soon connected to the CSNET4, which linked Universities around

North America, and then to the EUnet5, which connected research facilities in

Europe. Thanks in part to the NSF's enlightened management, and fueled by the

popularity of the web, the use of the Internet exploded after 1990, causing the US

Government to transfer management to independent organizations starting in 1995.

I. 2. 2. Internet Management:

It is often said that there is no central control, administration, or

management of the Internet. While this is generally true, there are several well-

known organizations that work together in a relatively well structured and roughly

democratic environment to collectively participate in the research, development,

and management of the Internet, shown with inter-relationships in the chart below :

1 The Network Control Protocol (NCP) was the first standard networking protocol on the ARPANET. NCP was finalized and deployed in December 1970 by the Network Working Group (NWG), led by Steve Crocker 2 The Internet's open and efficient TCP/IP protocol is the foundation of an inter-networking design has made it the most widely used network protocol in the world (we’ll talk more about this protocol later). 3 National Science Foundation Network : enlightened management of the NSFNET facilitated the Internet's first period of explosive public growth. 4 The Computer Science Network : helped introduce what was fast becoming the Internet to universities around the world, and laid the groundwork for development of the NSFNET. 5 The European Network : spread the ARPANET throughout the research community in Europe, and connected universities and research centers in a similar way to how the CSNet worked in the United States.


14

Figure 01 : Internet Management

I. 3. Internet Protocols :

In information technology, a protocol (from the Greek protocollon, which

was a leaf of paper glued to a manuscript volume, describing its contents) is the

special set of rules that end points in a telecommunication connection use when

they communicate. Protocols exist at several levels in a telecommunication

connection. For example, there are protocols for the data interchange at the

hardware device level and protocols for data interchange at the application

program level. In the standard model known as Open Systems Interconnection

(OSI)1, there are one or more protocols at each layer in the telecommunication

exchange that both ends of the exchange must recognize and observe. Protocols are

often described in an industry or international standard.

1 Open Systems Interconnection : is a standard description or "reference model" for how messages should be transmitted between any two points in a telecommunication network.


15

I. 3. 1. Architecture model TCP/IP :

The OSI reference model consists of seven layers that represent a functional

division of the tasks required to implement a network. It is a conceptual tool that it

often use to show how various protocols and technologies fit together to implement

networks. However, it's not the only networking model that attempts to divide

tasks into layers and components. The TCP/IP protocol suite was in fact created

before the OSI Reference Model; as such, its inventors didn't use the OSI model to

explain TCP/IP architecture (even though the OSI model is often used in TCP/IP

discussions today.

I. 3. 1. 1. The TCP/IP Model :

The developers of the TCP/IP protocol suite created their own architectural

model to help describe its components and functions. This model goes by different

names, including the TCP/IP model, the DARPA model and the DOD model (after

the United States Department of Defense, the “D” in “DARPA”). It was called the

TCP/IP model since this seems the simplest designation for modern times.

Regardless of the model we use to represent the function of a network—and

regardless of what we call that model!—the functions that the model represents are

pretty much the same. This means that the TCP/IP and the OSI models are really

quite similar in nature even if they don't carve up the network functionality pie in

precisely the same way. There is a fairly natural correspondence between the

TCP/IP and OSI layers, it just isn't always a “one-to-one” relationship. Since the

OSI model is used so widely, it is common to explain the TCP/IP architecture both

in terms of the TCP/IP layers and the corresponding OSI layers.

I. 3. 1. 2. TCP/IP Model Layers :

The TCP/IP model uses four layers that logically span the equivalent of the

top six layers of the OSI reference model; this is shown in Figure 02. (The physical

layer is not covered by the TCP/IP model because the data link layer is considered


16

the point at which the interface occurs between the TCP/IP stack and the

underlying networking hardware.) The following are the TCP/IP model layers,

starting from the bottom.

Figure 02: OSI Reference Model and TCP/IP Model Layers

The TCP/IP architectural model has four layers that approximately match six

of the seven layers in the OSI Reference Model. The TCP/IP model does not

address the physical layer, which is where hardware devices reside. The next three

layers—network interface, internet and (host-to-host) transport—correspond to

layers 2, 3 and 4 of the OSI model. The TCP/IP application layer conceptually

“blurs” the top three OSI layers. It’s also worth noting that some people consider

certain aspects of the OSI session layer to be arguably part of the TCP/IP host-to-

host transport layer.

• Network Interface Layer :

As its name suggests, this layer represents the place where the actual TCP/IP

protocols running at higher layers interface to the local network. This layer is


17

somewhat “controversial” in that some people don't even consider it a “legitimate”

part of TCP/IP. This is usually because none of the core IP protocols run at this

layer. Despite this, the network interface layer is part of the architecture. It is

equivalent to the data link layer (layer two) in the OSI Reference Model and is also

sometimes called the link layer. You may also see the name network access layer.

On many TCP/IP networks, there is no TCP/IP protocol running at all on

this layer, because it is simply not needed. For example, if you run TCP/IP over an

Ethernet, then Ethernet handles layer two (and layer one) functions. However, the

TCP/IP standards do define protocols for TCP/IP networks that do not have their

own layer two implementation. These protocols, the Serial Line Internet Protocol

(SLIP) and the Point-to-Point Protocol (PPP), serve to fill the gap between the

network layer and the physical layer. They are commonly used to facilitate TCP/IP

over direct serial line connections (such as dial-up telephone networking) and other

technologies that operate directly at the physical layer.

• Internet Layer :

This layer corresponds to the network layer in the OSI Reference Model

(and for that reason is sometimes called the network layer even in TCP/IP model

discussions). It is responsible for typical layer three jobs, such as logical device

addressing, data packaging, manipulation and delivery, and last but not least,

routing. At this layer we find the Internet Protocol (IP), arguably the heart of

TCP/IP, as well as support protocols such as ICMP1 and the routing protocols

(RIP, OSFP, BGP, etc.) The new version of IP, called IP version 62, will be used

for the Internet of the future and is of course also at this layer.

• (Host-to-Host) Transport Layer :

This primary job of this layer is to facilitate end-to-end communication over

an internetwork. It is in charge of allowing logical connections to be made between 1 Internet Control Message Protocol (ICMP/ICMPv4 and ICMPv6) 2 We’ll talk about it more further.


18

devices to allow data to be sent either unreliably (with no guarantee that it gets

there) or reliably (where the protocol keeps track of the data sent and received to

make sure it arrives, and re-sends it if necessary). It is also here that identification

of the specific source and destination application process is accomplished

The formal name of this layer is often shortened to just the transport layer;

the key TCP/IP protocols at this layer are the Transmission Control Protocol (TCP)

and User Datagram Protocol (UDP). The TCP/IP transport layer corresponds to the

layer of the same name in the OSI model (layer four) but includes certain elements

that are arguably part of the OSI session layer. For example, TCP establishes a

connection that can persist for a long period of time, which some people say makes

a TCP connection more like a session.

• Application Layer :

This is the highest layer in the TCP/IP model. It is a rather broad layer,

encompassing layers five through seven in the OSI model. While this seems to

represent a loss of detail compared to the OSI model, scientist think this is

probably a good thing! The TCP/IP model better reflects the “blurry” nature of the

divisions between the functions of the higher layers in the OSI model, which in

practical terms often seem rather arbitrary. It really is hard to separate some

protocols in terms of which of layers five, six or seven they encompass. (we didn't

even bother to try in this Guide which is why the higher-level protocols are all in

the same chapter, while layers one through four have their protocols listed

separately.)

Numerous protocols reside at the application layer. These include

application protocols such as HTTP, FTP and SMTP for providing end-user

services, as well as administrative protocols like SNMP1, DHCP 2and DNS3.

1 Simple Network Management Protocol (SNMP). 2 Dynamic Host Configuration Protocol (DHCP). 3 Domain Name System or Service (DNS)


19

I. 3. 2. IP Protocol :

Even though the name seems to imply that it's the fourth iteration of the key

Internet Protocol, version 4 of IP was the first that was widely used in modern

TCP/IP. IPv4, as it is sometimes called to differentiate it from the newer IPv6, is

the Internet Protocol version in use on the Internet today, and an implementation of

the protocol is running on hundreds of millions of computers. It provides the basic

datagram delivery capabilities upon which all of TCP/IP functions, and it has

proven its quality in use over a period of more than two decades.

In this section we provide extensive detail on the operation of the current

version of the Internet Protocol, IPv4. There are four main subsections, which

represent the four main functions of IP. The first subsection provides a

comprehensive discussion of IP addressing. The second discusses how data is

encoded and formatted into IP datagrams for transmission. The third describes

datagram size issues and how fragmentation and reassembly are used to convey

large datagrams over networks designed to carry small frames. The last subsection

covers matters related to the delivery and routing of IP datagrams. After the four

main subsections we conclude a look at IPv4 with an overview of IP multicasting,

which is used for delivering a single datagram to more than one recipient.

I. 3. 2. 1. IP Addressing :

This definition is based on Internet Protocol Version 4. We Note that the

system of IP address classes described here, while forming the basis for IP address

assignment, is generally bypassed today by use of Classless Inter-Domain Routing

(CIDR) addressing.

In the most widely installed level of the Internet Protocol (IP) today, an IP

address is a 32-bit number that identifies each sender or receiver of information

that is sent in packets across the Internet. When the user request an HTML page or

send e-mail, the Internet Protocol part of TCP/IP includes his IP address in the

message (actually, in each of the packets if more than one is required) and sends it


20

to the IP address that is obtained by looking up the domain name in the Uniform

Resource Locator the user requested or in the e-mail address he is sending a note

to. At the other end, the recipient can see the IP address of the Web page requestor

or the e-mail sender and can respond by sending another message using the IP

address it received.

An IP address has two parts: the identifier of a particular network on the

Internet and an identifier of the particular device (which can be a server or a

workstation) within that network. On the Internet itself - that is, between the router

that move packets from one point to another along the route - only the network part

of the address is looked at.

I. 3. 2. 2. IPv6 (IPng):

IPv6 (Internet Protocol Version 6) is the latest level of the Internet Protocol

(IP) and is now included as part of IP support in many products including the

major computer operating systems. IPv6 has also been called "IPng" (IP Next

Generation). Formally, IPv6 is a set of specifications from the Internet Engineering

Task Force (IETF). IPv6 was designed as an evolutionary set of improvements to

the current IP Version 4. Network hosts and intermediate nodes with either IPv4 or

IPv6 can handle packets formatted for either level of the Internet Protocol. Users

and service providers can update to IPv6 independently without having to

coordinate with each other.

The most obvious improvement in IPv6 over the IPv4 is that IP addresses

are lengthened from 32 bits to 128 bits. This extension anticipates considerable

future growth of the Internet and provides relief for what was perceived as an

impending shortage of network addresses.

IPv6 describes rules for three types of addressing: unicast (one host to one

other host), anycast (one host to the nearest of multiple hosts), and multicast (one

host to multiple hosts). Additional advantages of IPv6 are:


21

• Options are specified in an extension to the header that is examined

only at the destination, thus speeding up overall network performance.

• The introduction of an "anycast" address provides the possibility of

sending a message to the nearest of several possible gateway hosts with the idea

that any one of them can manage the forwarding of the packet to others. Anycast

messages can be used to update routing tables along the line.

• Packets can be identified as belonging to a particular "flow" so that

packets thatare part of a multimedia presentation that needs to arrive in "real time"

can be provided a higher quality-of-service relative to other customers.

• The IPv6 header now includes extensions that allow a packet to

specify a mechanism for authenticating its origin, for ensuring data integrity, and

for ensuring privacy.

I. 3. 2. 3. Domain Name System (DNS) :

The domain name system (DNS) is the way that Internet domain names are

located and translated into Internet Protocol addresses. A domain name is a

meaningful and easy-to-remember "handle" for an Internet address.

Because maintaining a central list of domain name/IP address

correspondences would be impractical, the lists of domain names and IP addresses

are distributed throughout the Internet in a hierarchy of authority. There is

probably a DNS server within close geographic proximity to the user access

provider that maps the domain names in the Internet requests or forwards them to

other servers in the Internet.

I. 3. 3. The TCP protocol :

TCP (Transmission Control Protocol) is a set of rules (protocol) used along

with the Internet Protocol (IP) to send data in the form of message units between

computers over the Internet. While IP takes care of handling the actual delivery of


22

the data, TCP takes care of keeping track of the individual units of data (called

packets) that a message is divided into for efficient routing through the Internet.

For example, when an HTML file is sent to you from a Web server, the

Transmission Control Protocol (TCP) program layer in that server divides the file

into one or more packets, numbers the packets, and then forwards them

individually to the IP program layer. Although each packet has the same

destination IP address, it may get routed differently through the network. At the

other end (the client program in your computer), TCP reassembles the individual

packets and waits until they have arrived to forward them to you as a single file.

TCP is known as a connection-oriented protocol, which means that a

connection is established and maintained until such time as the message or

messages to be exchanged by the application programs at each end have been

exchanged. TCP is responsible for ensuring that a message is divided into the

packets that IP manages and for reassembling the packets back into the complete

message at the other end. In the Open Systems Interconnection (OSI)

communication model, TCP is in layer 4, the Transport Layer.

I. 3. 4. The HTTP protocol :

HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files

(text, graphic images, sound, video, and other multimedia files) on the World Wide

Web. As soon as a Web user opens their Web browser, the user is indirectly

making use of HTTP. HTTP is an application protocol that runs on top of the

TCP/IP suite of protocols (the foundation protocols for the Internet).

HTTP concepts include (as the Hypertext part of the name implies) the idea

that files can contain references to other files whose selection will elicit additional

transfer requests. Any Web server machine contains, in addition to the Web page

files it can serve, an HTTP daemon, a program that is designed to wait for HTTP

requests and handle them when they arrive. The Web browser is an HTTP client,


23

sending requests to server machines. When the browser user enters file requests by

either "opening" a Web file (typing in a Uniform Resource Locator or URL) or

clicking on a hypertext link, the browser builds an HTTP request and sends it to

the Internet Protocol address (IP address) indicated by the URL. The HTTP

daemon in the destination server machine receives the request and sends back the

requested file or files associated with the request. (A Web page often consists of

more than one file.)

The latest version of HTTP is HTTP 1.1.

I. 3. 5. The FTP protocol:

File Transfer Protocol (FTP), a standard Internet protocol, is the simplest

way to exchange files between computers on the Internet. Like the Hypertext

Transfer Protocol (HTTP), which transfers displayable Web pages and related

files, and the Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP

is an application protocol that uses the Internet's TCP/IP protocols. FTP is

commonly used to transfer Web page files from their creator to the computer that

acts as their server for everyone on the Internet. It's also commonly used to

download programs and other files to your computer from other servers.

The user can use FTP with a simple command line interface (for example,

from the Windows MS-DOS Prompt window) or with a commercial program that

offers a graphical user interface. The Web browser can also make FTP requests to

download programs selected from a Web page. Using FTP, we can also update

(delete, rename, move, and copy) files at a server. We need to logon to an FTP

server. However, publicly available files are easily accessed using anonymous

FTP.

Basic FTP support is usually provided as part of a suite of programs that

come with TCP/IP. However, any FTP client program with a graphical user

interface usually must be downloaded from the company that makes it.


24

I. 3. 6. The SMTP protocol :

SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending

and receiving e-mail. However, since it is limited in its ability to queue messages

at the receiving end, it is usually used with one of two other protocols, POP31 or

IMAP2, that let the user save messages in a server mailbox and download them

periodically from the server. In other words, users typically use a program that uses

SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail. On Unix-

based systems, sendmail is the most widely-used SMTP server for e-mail. A

commercial package, Sendmail, includes a POP3 server. Microsoft Exchange

includes an SMTP server and can also be set up to include POP3 support.

SMTP usually is implemented to operate over Internet port 25. An

alternative to SMTP that is widely used in Europe is X.400. Many mail servers

now support Extended Simple Mail Transfer Protocol (ESMTP), which allows

multimedia files to be delivered as e-mail.

I. 3. 6. 1. POP3 :

POP3 (Post Office Protocol 3) is the most recent version of a standard

protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is

received and held by the Internet server. Periodically, the user (or the client e-mail

receiver) check his mail-box on the server and download any mail, probably using

POP3. This standard protocol is built into most popular e-mail products, such as

Eudora and Outlook Express. It's also built into the Netscape and Microsoft

Internet Explorer browsers.

POP3 is designed to delete mail on the server as soon as the user has

downloaded it. However, some implementations allow users or an administrator to

specify that mail be saved for some period of time. POP can be thought of as a

"store-and-forward" service.

1 Post Office Protocol 3. 2 Internet Message Access Protocol.


25

The conventional port number for POP3 is 110.

I. 3. 6. 2. IMAP :

IMAP (Internet Message Access Protocol) is a standard protocol for

accessing e-mail from a local server. IMAP (the latest version is IMAP Version 4)

is a client/server protocol in which e-mail is received and held for the Internet

server. The user (or the e-mail client) can view just the heading and the sender of

the letter and then decide whether to download the mail. He can also create and

manipulate multiple folders or mailboxes on the server, delete messages, or search

for certain parts or an entire note. IMAP requires continual access to the server

during the time that he is working with his mail.

• POP and IMAP deal with the receiving of e-mail and are not to be

confused with the Simple Mail Transfer Protocol (SMTP), a protocol for

transferring e-mail across the Internet. The user sends an e-mail with SMTP and a

mail handler receives it on the recipient's behalf. Then the mail is read using POP

or IMAP.

IMAP can be thought of as a remote file server. POP3 can be thought of as a

"store-and-forward" service.

I. 4. Internet Services :

I. 4. 1. Electronic Mail (E-mail) :

E-mail, short for electronic mail and often abbreviated to e-mail, email or

simply mail, is a store-and-forward method of composing, sending, receiving and

storing messages over electronic communication systems. The term "e-mail" (as a

noun or verb) applies both to the Internet e-mail system based on the Simple Mail

Transfer Protocol (SMTP) and to X.400 systems, and to intranet systems allowing

users within one organization to e-mail each other. Intranets may use the Internet

protocols or X.400 protocols for internal e-mail service supporting workgroup

collaboration. E-mail is often used to deliver bulk unsolicited messages, or "spam",


26

but filter programs exist which can automatically delete some or most of these,

depending on the situation.

I. 4. 2. World wide web :

All the resources and users on the Internet that are using the Hypertext

Transfer Protocol (HTTP).

I. 4. 3. Internet forums :

Is a web application for holding discussions and posting user-generated

content. Internet forums are also commonly referred to as Web forums, message

boards, discussion boards, (electronic) discussion groups, discussion forums,

bulletin boards, fora (the Latin plural) or simply forums.

I. 4. 4. Internet Relay Chat (IRC) :

Internet Relay Chat (IRC) enables people all over the world to talk together

over the Internet in real-time sessions in virtual rooms.

I. 4. 5. Telnet :

Telnet is a user command and an underlying TCP/IP protocol for accessing

remote computers. Through Telnet, an administrator or another user can access

someone else's computer remotely. On the Web, HTTP and FTP protocols allow

the user to request specific files from remote computers, but not to actually be

logged on as a user of that computer. With Telnet, we log on as a regular user with

whatever privileges we may have been granted to the specific application and data

on that computer.

Telnet is most likely to be used by program developers and anyone who has

a need to use specific applications or data located at a particular host computer.


27

I. 5. The World Wide Web :

The World Wide Web is a way of exchanging information between

computers on the Internet, tying them together into a vast collection of interactive

multimedia resources. Thousands upon thousands of computers around the world

are now connected to the web and offer a tremendous variety of information and

services to visitors.

I. 5. 1. History of the world wide web:

The World-Wide Web began in March 1989 at CERN1. "CERN is a meeting

place for physicists from all over the world, who collaborate on complex physics,

engineering and information handling projects. CERN1 Thus, the need for the

WWW system arose from the geographical dispersion of large collaborations, and

the fast turnover of fellows, students, and visiting scientists, who had to get up to

speed on projects and leave a lasting contribution before leaving.

CERN possessed both the financial and computing resources necessary to

start the project. In the original proposalTC1 Berners-Lee outlined two phases of

the project :

• First, CERN would make use of existing software and hardware as

well as implementing simple browsers for the user's workstations, based on an

analysis of the requirements for information access needs by experiments.

• Second, they would extend the application area by also allowing the

users to add new material.

Berners-Lee2 expected each phase to take three months with the full

manpower complement: he was asking for four software engineers and a

programmer. The proposal talked about a simple scheme to incorporate several

different servers of machine-stored information already available at CERN. This 1 CERN was originally named after its founding body the "Conseil Europeen pour la Recherche Nucleaire," and is now called "European Laboratory for Particle Physics." 2 Sir Timothy John Berners-Lee : who, with the help of Robert Cailliau, and a young student staff at CERN, implemented on December 25, 1990, the first successful communication between an HTTP client and server via the Internet.


28

"scheme" was to use hypertext to provide a single user-interface to many large

classes of stored information such as reports, notes, data-bases, computer

documentation and on-line systems help.

Set off in 1989, the WWW quickly gained great popularity among Internet

users. For instance, at 11:22 am of April 12, 1995, the WWW server at the SEAS

of the University of Pennsylvania responded to 128 requests in one minute.

Between 10:00 and 11:00, it responded to 5086 requests in one hour, or about 84

per minute, Even years after its creation, the Web is constantly maturing: in

December 1994 the WWW was growing at roughly 1 per cent a day, a doubling

period of less than 10 weeks.

As popular as it is at the moment, the WWW is not the only possible

implementation of the hypertext concept. In fact, the theory behind the WWW was

based on a more general project "Xanadu1," that is being developed by Ted

Nelson2.

I. 5. 2. The Web:

The web is built around hypertext and hypermedia. A hypertext document

has certain keywords or phrases linked to other online documents. A person

reading a hypertext document about dogs, for example, might be able to select the

highlighted word beagle and call up another document for more information about

that particular breed. With documents intertwined by links into a web of

information, we can select paths to browse online resources, a process often

referred to as surfing.

Hypermedia extends the concept of hypertext to other forms of information,

including images, sounds, and video clips. A person reading a hypermedia

1 Xanadu is the original hypertext and interactive multimedia system. 2 Ted Nelson : an American sociologist, philosopher, and pioneer of information technology. He coined the term "hypertext" in 1963 and published it in 1965. He also is credited with first use of the words hypermedia, transclusion, virtuality,


29

document about dogs, for example, might select a picture of a beagle and watch a

video clip about beagles.

The web subsumes previous Internet information systems such as Gopher1

and FTP. These resources can still be accessed through the web, but the web

provides a wealth of additional capabilities not previously offered by these more

restricted connection methods.

The Web consists of :

• The users personal computers.

• Web browser software to access the Web.

• A connection to an Internet service provider (ISP).

• Servers to host the data.

• Routers and switches to direct the flow of data.

I. 5. 3. How the web works?

• Web pages are stored on web servers located around the globe.

• Entering the Uniform Resource Locator or URL of a web page in the

web browser or clicking a link sends a request to the server that hosts the page.

• The server transmits the web page data to user’s computer and the

web browser displays it on the screen.

1 Gopher : a distributed document search and retrieval network protocol designed for the Internet. Its goal is to function as an improved form of Anonymous FTP.


30

I. 5. 4. Web Architecture:

The WWW project is based on the principle of universal readership: "if

information is available, then any (authorized) person should be able to access it

from anywhere in the world." The Web's implementation follows a standard client-

server model. In this model, a user relies on a program (the client) to connect to a

remote machine (the server), where the data is stored. The architecture of the

WWW (see Figure 3) is the one of clients, such as FireFox, Internet Explorer, or

Lynx, which know how to present data but not what its origin is, and servers,

which know how to extract data", but are ignorant of how it will be presented to

the user.

Figure 3: Architecture of the WWW

One of the main features of the WWW documents is their hypertext

structure. On a graphic terminal, for instance, a particular reference can be

represented by underlined text, or an icon. The user clicks on it with the mouse,

and the referenced document appears. This method makes copying of information


31

unnecessary: data needs only to be stored once, and all referenced to it can be

linked to the original document.

I. 5. 5. Weaknesses of the WWW:

The World-Wide Web began as a set of simple protocols and formats. As

time passed, the Web began to be used as a testbed for various sophisticated

hypermedia and information retrieval concepts. Unfortunately, these concepts were

quickly absorbed by the general WWW community. This means that experimental

extensions of dubious use are now established parts of the Web.

Another flaw in the current structure of the WWW is the presence of many

hypertext links that point to no longer existent documents. These occur when

authors rename or delete their works from the Web. Since the system has no way

of registering links to one's document, an author can not notify his readers of the

reorganization. The Xanadu system, on the other hand, does not have this problem

since it does not allow users to delete documents from the system.

I. 5. 6. Success of the WWW:

What is the reason for the immense success of the World-Wide Web?

Perhaps, it can be explained by CERN's attitude towards the development of the

project. As soon as the basic outline of the WWW was complete, CERN made the

source code for its software publicly available. CERN has been encouraging

collaboration by academic and commercial parties since the onset of the project,

and by doing so it got millions of people involved in the growth of the Web.

The system requirements for running a WWW server are minimal, so even

administrators with limited funds had a chance to become information providers.

Because of the intuitive nature of hypertext, many inexperienced computer users

were able to connect to the network. Furthermore, the simplicity of the HyperText

Markup Language, used for creating interactive documents, allowed these users to

contribute to the expanding database of documents on the Web. Also, the nature of


32

the World-Wide Web provided a way to interconnect computers running different

operating systems, and display information created in a variety of existing media

formats.

I. 6. Hyper Text Markup Language (HTML) :

I. 6. 1. What is HTML?

HTML (Hypertext Markup Language) is the set of markup symbols or codes

inserted in a file intended for display on a World Wide Web browser page. The

markup tells the Web browser how to display a Web page's words and images for

the user. Each individual markup code is referred to as an element (but many

people also refer to it as a tag). Some elements come in pairs that indicate when

some display effect is to begin and when it is to end.

HTML is a formal Recommendation by the World Wide Web Consortium1

(W3C) and is generally adhered to by the major browsers, Microsoft's Internet

Explorer and Netscape's Navigator, which also provide some additional non-

standard codes. The current version of HTML is HTML 4.0. However, both

Internet Explorer and Netscape implement some features differently and provide

non-standard extensions. Web developers using the more advanced features of

HTML 4 may have to design pages for both browsers and send out the appropriate

version to a user. Significant features in HTML 4 are sometimes described in

general as dynamic HTML. What is sometimes referred to as HTML 5 is an

extensible form of HTML called Extensible Hypertext Markup Language

(XHTML).

I. 6. 2. HTML history:

HTML is a subset of the Standard Generalized Markup Language (SGML).

SGML is an international standard (ISO 8879) published in 1986 as a format for

structuring and marking up documents. HTML adopts a simplified set of SGML's

1 The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web.


33

structural, semantic, and formatting tags, keeping the emphasis on the content

rather than on the document itself. An important addition to HTML was the

inclusion of support for hypertext, which enabled authors to define a semantic

network of linked information.

The evolution of HTML :

HTML is an evolving language. It doesn’t stay the same for long before a

revised set of standards and specifications are brought in to allow easier creation of

prettier and more efficient sites.

• Level 0 HTML : At level 0, HTML offered a platform-independent

means of marking data for interchange. The concept was that servers would store

and supply data and clients would retrive and display it.

• Level 1 HTML : The idea of a HTML container was added, with a

HEAD element seprate from the Body element. Opening and Closing tags were

required for some elements.

• HTML+ : HTML+ incorporated graphical and display elements into

HTML. Elements for superscripts and subscripts, footnotes, margins, inserted and

deleted text.

• HTMl 2 : Level 2 added the FORM element with INPUT, SELECT,

OPTION, and TEXTAREA plus the BR element for line breaks. It also added the

META element for detailed document description, which also provided an avenue

for indexing and cataloging the contents; also changed the description of the head

and body section.

• HTML 3 : HTML 3 included a FIG element that supported text flow

around figures; ALIGN attributes that enabled left, right or center justification;

additional attributes for background images, tabs, footnotes and banners.

HTML started fading away with the advent of Microsoft's Internet Explorer

and Netscape Navigator.


34

• HTML 3.2 : It added the SCRIPT and Styles tags. It offered new

elements and attributes that enlivened Web pages with animation, colors and

sound.

• HTML 4 : The latest version of HTML enables seprating physical

styles from the content markup by relying on style sheets; introduces the

OBJECTS element; included the STYLE, DIV and SPAN elements for

incorporating style sheets.

• XHTML 1.0:

Close to the beginning of the 21st century the W3C issued their

specifications of XHTML 1.0 as a recommendation. Since January 26, 2000 it

stands as joint-standard with HTML 4.01. XHTML marks a departure from the

way new specs have worked, it is an entirely new branch of HTML, taking in ideas

from XML, which is a far more complicated markup language than HTML. There

aren’t many new or deprecated tags and attributes in this version of HTML, but

there are things that have changed with a view of increased accessibility and

functionality. It’s mainly just a new set of coding rules.

I. 7. Addressing system URL :

Abbreviation of Uniform Resource Locator, the global address of

documents and other resources on the World Wide Web.

The first part of the address is called a protocol identifier and it indicates

what protocol to use, and the second part is called a resource name and it specifies

the IP address or the domain name where the resource is located. The protocol

identifier and the resource name are separated by a colon and two forward slashes.

For example, the two URLs below point to two different files at the domain

pcwebopedia.com. The first specifies an executable file that should be fetched

using the FTP protocol; the second specifies a Web page that should be fetched

using the HTTP protocol:


35

• ftp://www.pcwebopedia.com/stuff.exe

• http://www.pcwebopedia.com/index.html

I. 7. 1. Dynamic URLs vs. Static URLs :

Websites that utilize databases which can insert content into a webpage by

way of a dynamic script like PHP or JavaScript are increasingly popular. This type

of site is considered dynamic. Many websites choose dynamic content over static

content. This is because if a website has thousands of products or pages, writing or

updating each static by hand is a monumental task.

There are two types of URLs: dynamic and static. A dynamic URL is a page

address that results from the search of a database-driven web site or the URL of a

web site that runs a script. In contrast to static URLs, in which the contents of the

web page stay the same unless the changes are hard-coded into the HTML,

dynamic URLs are generated from specific queries to a site's database. The

dynamic page is basically only a template in which to display the results of the

database query. Instead of changing information in the HTML code, the data is

changed in the database.

But there is a risk when using dynamic URLs: search engines don't like

them. For those at most risk of losing search engine positioning due to dynamic

URLs are e-commerce stores, forums, sites utilizing content management systems

and blogs like Mambo or WordPress, or any other database-driven website. Many

times the URL that is generated for the content in a dynamic site looks something

like this:

http://www.somesites.com/forums/thread.php?threadid=12345&sort=date

A static URL on the other hand, is a URL that doesn't change, and doesn't

have variable strings. It looks like this:

http://www.somesites.com/forums/the-challenges-of-dynamic-urls.htm

ftp://www.pcwebopedia.com/stuff.exe

http://www.pcwebopedia.com/index.html


http://www.somesites.com/forums/the-challenges-of-dynamic-urls.htm


36

Static URLs are typically ranked better in search engine results pages, and

they are indexed more quickly than dynamic URLs, if dynamic URLs get indexed

at all. Static URLs are also easier for the end-user to view and understand what the

page is about. If a user sees a URL in a search engine query that matches the title

and description, they are more likely to click on that URL than one that doesn't

make sense to them.

A search engine wants to only list pages its index that are unique. Search

engines decide to combat this issue by cutting off the URLs after a specific number

of variable strings (e.g.: ? & =).

For example, let's look at three URLs:




All three of these URLs point to three different pages. But if the search

engine purges the information after the first offending character, the question mark

(?), now all three pages look the same:

http://www.somesites.com/forums/thread.php



Now, you don't have unique pages, and consequently, the duplicate URLs

won't be indexed.

Another issue is that dynamic pages generally do not have any keywords in

the URL. It is very important to have keyword rich URLs. Highly relevant








37

keywords should appear in the domain name or the page URL. This became clear

in a recent study on how the top three search engines, Google, Yahoo, and MSN,

rank websites.

The study involved taking hundreds of highly competitive keyword queries,

like travel, cars, and computer software, and comparing factors involving the top

ten results. The statistics show that of those top ten, Google has 40-50% of those

with the keyword either in the URL or the domain; Yahoo shows 60%; and MSN

has an astonishing 85%! What that means is that to these search engines, having

your keywords in your URL or domain name could mean the difference between a

top ten ranking, and a ranking far down in the results pages.

• The Solution :

So what can we do about this difficult problem? we certainly don't want to

have to go back and recode every single dynamic URL into a static URL. This

would be too much work for any website owner.

If we are hosted on a Linux server, then we will want to make the most of

the Apache Mod Rewrite Rule, which is gives us the ability to inconspicuously

redirect one URL to another, without the user's (or a search engine's) knowledge.

We’ll need to have this module installed in Apache. This module saves us from

having to rewrite our static URLs manually.

How does this module work? When a request comes in to a server for the

new static URL, the Apache module redirects the URL internally to the old,

dynamic URL, while still looking like the new static URL. The web server

compares the URL requested by the client with the search pattern in the individual

rules.

For example, when someone requests this URL:

http://www.somesites.com/forums/the-challenges-of-dynamic-urls.html

http://www.somesites.com/forums/the-challenges-of-dynamic-urls.html


38

The server looks for and compares this static-looking URL to what

information is listed in the .htaccess file, such as:

RewriteEngine on

RewriteRule thread-threadid-(.*)\.htm$ thread.php?threadid=$1

It then converts the static URL to the old dynamic URL that looks like this,

with no one the wiser:

http://www.somesites.com/forums/thread.php?threadid=12345

We now have a URL that only will rank better in the search engines, but we

end-users can definitely understand by glancing at the URL what the page will be

about, while allowing Apache's Mod Rewrite Rule to handle to conversion for us,

and still keeping the dynamic URL.

If we are not particularly technical, we may not wish to attempt to figure out

the complex Mod Rewrite code and how to use it, or we simply may not have the

time to embark upon a new learning curve. Therefore, it would be extremely

beneficial to have something to do it for us. This URL Rewriting Tool can

definitely help us. What this tool does is implement the Mod Rewrite Rule in our

.htaccess file to secretly convert a URL to another, such as with dynamic and static

ones.

We have multiple reasons to utilize static URLs in our website whenever

possible. When it's not possible, and we need to keep our database-driven content

as those old dynamic URLs, we can still give end-users and search engine a static

URL to navigate, and all the while, they are still our dynamic URLs in disguise.

When a search engine engineer was asked if this method was considered cloaking,

he responded that it indeed was not, and that in fact, search engines prefer you do it

this way. The URL Rewrite Tool not only saves our time and energy by helping us

http://www.somesites.com/forums/thread.php?threadid=12345


39

use static URLs by converting them transparently to our dynamic URLs, but it will

also save our rankings in the search engines.

I. 8. Web Databases :

The power of the WWW comes not simply from static HTML pages - which

can be very attractive, and the important first step into the WWW - but especially

from the ability to support those pages with powerful software, especially when

interfacing to databases. The combination of attractive screen displays,

exceptionally easy to use controls and navigational aids, and powerful underlying

software, has opened up the potential for people everywhere to tap into the vast

global information resources of the Internet.

I. 8. 1. Scripting language CGI :

The Common Gateway Interface (CGI) is a standard for interfacing external

applications with information servers, such as HTTP or Web servers. A plain

HTML document that the Web daemon retrieves is static, which means it exists in

a constant state: a text file that doesn't change. A CGI program, on the other hand,

is executed in real-time, so that it can output dynamic information.

Since a CGI program is executable, it is basically the equivalent of letting the

world run a program on your system, which isn't the safest thing to do. Therefore,

there are some security precautions that need to be implemented when it comes to

using CGI programs. Probably the one that will affect the typical Web user the

most is the fact that CGI programs need to reside in a special directory, so that the

Web server knows to execute the program rather than just display it to the browser.

This directory is usually under direct control of the webmaster, prohibiting the

average user from creating CGI programs. There are other ways to allow access to

CGI scripts, but it is up to the webmaster to set these up for his clients.

A CGI program can be written in any language that allows it to be executed

on the system, such as:

• C/C++


40

• Fortran

• PERL

• TCL

• Any Unix shell

• Visual Basic

• AppleScript

I. 9. Client / Server architecture :

Client/server describes the relationship between two computer programs in

which one program, the client, makes a service request from another program, the

server, which fulfills the request. Although the client/server idea can be used by

programs within a single computer, it is a more important idea in a network. In a

network, the client/server model provides a convenient way to interconnect

programs that are distributed efficiently across different locations. Computer

transactions using the client/server model are very common.

The client/server model has become one of the central ideas of network

computing. Most business applications being written today use the client/server

model. So does the Internet's main program, TCP/IP. In marketing, the term has

been used to distinguish distributed computing by smaller dispersed computers

from the "monolithic" centralized computing of mainframe computers. But this

distinction has largely disappeared as mainframes and their applications have also

turned to the client/server model and become part of network computing.

In the usual client/server model, one server, sometimes called a daemon, is

activated and awaits client requests. Typically, multiple client programs share the

services of a common server program. Both client programs and server programs

are often part of a larger program or application. Relative to the Internet, your Web

browser is a client program that requests services (the sending of Web pages or

files) from a Web server (which technically is called a Hypertext Transport

Protocol or HTTP server) in another computer somewhere on the Internet.

Similarly, your computer with TCP/IP installed allows you to make client requests


41

for files from File Transfer Protocol (FTP) servers in other computers on the

Internet.

Other program relationship models included master/slave, with one program

being in charge of all other programs, and peer-to-peer, with either of two

programs able to initiate a transaction.

I. 9. 1. The Web server :

A computer that delivers (serves up) Web pages. Every Web server has an IP

address and possibly a domain name. For example, if we enter the URL

http://www.ouargla-univ.dz/index.html in the browser, this sends a request to the

server whose domain name is ouargla-univ.dz. The server then fetches the page

named index.html and sends it to your browser.

Any computer can be turned into a Web server by installing server software

and connecting the machine to the Internet. There are many Web server software

applications, including public domain software from NCSA and Apache, and

commercial packages from Microsoft, Netscape and others.

I. 9. 2. The Web client :

The client, or user, side of the Web. It typically refers to the Web browser in

the user's machine. It may also refer to plug-ins and helper applications that

enhance the browser to support special services from the site. The term may imply

the entire user machine or refer to a handheld device that provides Web access.

Contrast with Web server.

I. 10. Internet security :

In the computer industry, refers to techniques for ensuring that data stored in a

computer cannot be read or compromised by any individuals without authorization.

Most security measures involve data encryption and passwords. Data encryption is

the translation of data into a form that is unintelligible without a deciphering

mechanism. A password is a secret word or phrase that gives a user access to a

particular program or system.

http://www.ouargla-univ.dz/index.html


42

I. 10. 1. Principales Defense Technologies :

I. 10. 1. 1. FireWalls :

Is a system designed to prevent unauthorized access to or from a private

network. Firewalls can be implemented in both hardware and software, or a

combination of both. Firewalls are frequently used to prevent unauthorized Internet

users from accessing private networks connected to the Internet, especially

intranets. All messages entering or leaving the intranet pass through the firewall,

which examines each message and blocks those that do not meet the specified

security criteria.

There are several types of firewall techniques :

• Packet filter:

Looks at each packet entering or leaving the network and accepts or rejects it

based on user-defined rules. Packet filtering is fairly effective and transparent to

users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

• Application gateway:

Applies security mechanisms to specific applications, such as FTP and Telnet

servers. This is very effective, but can impose a performance degradation.

• Circuit-level gateway:

Applies security mechanisms when a TCP or UDP connection is established.

Once the connection has been made, packets can flow between the hosts without

further checking.

In practice, many firewalls use two or more of these techniques in concert.

A firewall is considered a first line of defense in protecting private

information. For greater security, data can be encrypted.

I. 10. 1. 2. Cryptography :

The art of protecting information by transforming it (encrypting it) into an

unreadable format, called cipher text. Only those who possess a secret key can

decipher (or decrypt) the message into plain text. Encrypted messages can

sometimes be broken by cryptanalysis, also called codebreaking, although modern

cryptography techniques are virtually unbreakable.


43

As the Internet and other forms of electronic communication become more

prevalent, electronic security is becoming increasingly important. Cryptography is

used to protect e-mail messages, credit card information, and corporate data. One

of the most popular cryptography systems used on the Internet is Pretty Good

Privacy1 because it's effective and free.

Cryptography systems can be broadly classified into symmetric-key systems

that use a single key that both the sender and recipient have, and public-key

systems (asymmetric) that use two keys, a public key known to everyone and a

private key that only the recipient of messages uses.

I. 10. 1. 3. Virus :

Is a program or piece of code that is loaded onto the user computer without his

knowledge and runs against his wishes. Viruses can also replicate themselves. All

computer viruses are manmade. A simple virus that can make a copy of itself over

and over again is relatively easy to produce. Even such a simple virus is dangerous

because it will quickly use all available memory and bring the system to a halt. An

even more dangerous type of virus is one capable of transmitting itself across

networks and bypassing security systems.

Since 1987, when a virus infected ARPANET, a large network used by the

Defense Department and many universities, many antivirus programs have become

available. These programs periodically check the computer system for the best-

known types of viruses.

Some people distinguish between general viruses and worms. A worm is a

special type of virus that can replicate itself and use memory, but cannot attach

itself to other programs.

I. 10. 1. 4 Proxy Servers :

A server that sits between a client application, such as a Web browser, and a

real server. It intercepts all requests to the real server to see if it can fulfill the

requests itself. If not, it forwards the request to the real server.

1 Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication.


44

Proxy servers have two main purposes:

• Improve Performance:

Proxy servers can dramatically improve performance for groups of users.

This is because it saves the results of all requests for a certain amount of time.

Consider the case where both user X and user Y access the World Wide Web

through a proxy server. First user X requests a certain Web page, which we'll call

Page 1. Sometime later, user Y requests the same page. Instead of forwarding the

request to the Web server where Page 1 resides, which can be a time-consuming

operation, the proxy server simply returns the Page 1 that it already fetched for

user X. Since the proxy server is often on the same network as the user, this is a

much faster operation. Real proxy servers support hundreds or thousands of users.

The major online services such as America Online, MSN and Yahoo, for example,

employ an array of proxy servers.

• Filter Requests:

Proxy servers can also be used to filter requests. For example, a company

might use a proxy server to prevent its employees from accessing a specific set of

Web sites.

I. 10. 1. 5. VPN :

VPN is Short for Virtual Private Network, a network that is constructed by

using public wires to connect nodes. For example, there are a number of systems

that enable you to create networks using the Internet as the medium for

transporting data. These systems use encryption and other security mechanisms to

ensure that only authorized users can access the network and that the data cannot

be intercepted.

I. 10. 1. 6. Intrusion Detection System (IDS) :

An intrusion detection system (IDS) inspects all inbound and outbound

network activity and identifies suspicious patterns that may indicate a network or

system attack from someone attempting to break into or compromise a system.


45

There are several ways to categorize an IDS:

• Misuse detection vs. Anomaly detection:

In misuse detection, the IDS analyzes the information it gathers and

compares it to large databases of attack signatures. Essentially, the IDS looks for a

specific attack that has already been documented. Like a virus detection system,

misuse detection software is only as good as the database of attack signatures that

it uses to compare packets against. In anomaly detection, the system administrator

defines the baseline, or normal, state of the network’s traffic load, breakdown,

protocol, and typical packet size. The anomaly detector monitors network

segments to compare their state to the normal baseline and look for anomalies.

• Network-based vs. Host-based systems:

In a network-based system, or NIDS, the individual packets flowing through

a network are analyzed. The NIDS can detect malicious packets that are designed

to be overlooked by a firewall’s simplistic filtering rules. In a host-based system,

the IDS examines at the activity on each individual computer or host.

• Passive system vs. Reactive system:

In a passive system, the IDS detects a potential security breach, logs the

information and signals an alert. In a reactive system, the IDS responds to the

suspicious activity by logging off a user or by reprogramming the firewall to block

network traffic from the suspected malicious source.

Though they both relate to network security, an IDS differs from a firewall

in that a firewall looks out for intrusions in order to stop them from happening. The

firewall limits the access between networks in order to prevent intrusion and does

not signal an attack from inside the network. An IDS evaluates a suspected

intrusion once it has taken place and signals an alarm. An IDS also watches for

attacks that originate from within a system.


46

I. 11. Conclusion :

« As with any new facility, there will be a period of very light usage until the

community of users experiments with the network and begins to depend upon it.

One of our goals must be to stimulate the immediate and easy use by a wide class

of users. » - Steve Crocker1; Host Software; 7 April 1969.

Words that were written in 1969 and that we are leaving it now days…

As of March 31, 2008, 1.407 billion people use the Internet according to

Internet World Stats2.

1 Steve Crocker : the inventor of the Request for Comments series, authoring the very first RFC and many more. 2 World Internet Users and Population Stats : www.internetworldstats.com.

http://www.internetworldstats.com


47

2. Web Site Security


48

II. 1. Introduction :

Web site security is possibly today's most overlooked aspect of securing

data. In this chapter provides information about the most important web attacks,

such as SQL injection and Cross site scripting. Besides explaining how they work,

we’ll also provide information on finding and fixing these web vulnerabilities.

II. 1. Cross Site Scripting XSS:

II. 1. 1. What is Cross Site Scripting?

Cross Site Scripting (or XSS) is one of the most common application-layer

web attacks. XSS commonly targets scripts embedded in a page which are

executed on the client-side (in the user’s web browser) rather than on the server-

side. XSS in itself is a threat which is brought about by the internet security

weaknesses of client-side scripting languages, with HTML and JavaScript (others

being VBScript1, ActiveX2, HTML, or Flash) as the prime culprits for this exploit.

The concept of XSS is to manipulate client-side scripts of a web application to

execute in the manner desired by the malicious user. Such a manipulation can

embed a script in a page which can be executed every time the page is loaded, or

whenever an associated event is performed.

A basic example of XSS is when a malicious user injects a script in a

legitimate shopping site URL which in turn redirects a user to a fake but identical

page. The malicious page would run a script to capture the cookie of the user

browsing the shopping site, and that cookie gets sent to the malicious user who can

now hijack the legitimate user’s session. Although no real hack has been

performed against the shopping site, XSS has still exploited a scripting weakness

in the page to snare a user and take command of his session. A trick which often is

used to make malicious URLs less obvious is to have the XSS part of the URL

encoded in HEX (or other encoding methods). This will look harmless to the user

who recognizes the URL he is familiar with, and simply disregards and following

‘tricked’ code which would be encoded and therefore inconspicuous. 1 VBScript is an interpreted script language from Microsoft that is a subset of its Visual Basic programming language designed for interpretation by Web browsers. 2 ActiveX is the name Microsoft has given to a set of "strategic" object-oriented programming technologies and tools.


49

II. 1. 2. Site owners are always confident, but so are hackers!

Without going into complicated technical details, one must be aware of the

various cases which have shown that XSS can have serious consequences when

exploited on a vulnerable web application. Many site owners dismiss XSS on the

grounds that it cannot be used to steal sensitive data from a back-end database.

This is a common mistake because the consequences of XSS against a web

application and its customers have been proven to be very serious, both in terms of

application functionality and business operation. An online business project cannot

afford to lose the trust of its present and future customers simply because nobody

has ever stepped forward to prove that their site is really vulnerable to XSS

exploits. Ironically, there are stories of site owners who have boldly claimed that

XSS is not really a high-risk exploit. This has often resulted in a public challenge

which hackers are always itching to accept, with the site owner having to later deal

with a defaced application and public embarrassment.

II. 1. 3. The repercussions of XSS:

Analysis of different cases which detail XSS exploits teaches us how the

constantly changing web technology is nowhere close to making applications more

secure. A thorough web search will reveal many stories of large-scale corporation

web sites being hacked through XSS exploits, and the reports of such cases always

show the same recurring consequences as being of the severe kind.

Exploited XSS is commonly used to achieve the following malicious results:

• Identity theft

• Accessing sensitive or restricted information

• Gaining free access to otherwise paid for content

• Spying on user’s web browsing habits

• Altering browser functionality

• Public defamation of an individual or corporation

• Web application defacement

• Denial of Service attacks


50

II. 1. 4. A Practical example of XSS on an Acunetix test site:

The following example is not a hacking tutorial. It is just a basic way to

demonstrate how XSS can be used to control and modify the functionality of a web

page and to re-design the way the page processes its output. The practical use of

the example may be freely debated; however anyone may see the regular reports

which describe how advanced XSS is used to achieve very complex results, most

commonly without being noticed by the user.

1) Load the following link in your browser:

http://testasp.acunetix.com/Search.asp, you will notice that the page is a simple

page with an input field for running a search.

2) Try to insert the following code into the search field, and notice how a

login form will be displayed on the page:

Please login with the form below before proceeding: <br><br>Please login with the form below before proceeding:<form

action="destination.asp"><table><tr><td>Login:</td><td><input type=text length=20

name=login></td></tr><tr><td>Password:</td><td><input type=text length=20

name=password></td></tr></table><input type=submit value=LOGIN></form>, then simply hit

the search button after inserting the code.

http://testasp.acunetix.com/Search.asp


51

Through the XSS flaw on the page, it has been possible to create a FAKE

login form which can convince gather a user’s credentials. As seen in step 2, the

code contains a section which mentions “destination.asp”. That is where a hacker

can decide where the FAKE login form will send the user’s log-in details for them

to be retrieved and used maliciously.

A hacker can also inject this code by passing it around via the browser’s

address bar as follows: http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+the+form

+below+before+proceeding%3A%3Cform+action%3D%22test.asp%22%3E%3Ctable%3E%3Ctr%3E%3Ctd%3E

Login%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dlogin%3E%3C%2Ftd%3

E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length

%3D20+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput+type%3Dsubmit+v

alue %3DLOGIN%3E%3C%2Fform%3E

http://testasp.acunetix.com/Search.asp?tfSearch


52

This will create the same result on the page, showing how XSS can be used in

several different ways to achieve the same result. After the hacker retrieves the

user’s log-in credentials, he can easily cause the browser to display the search page

as it was originally and the user would not even realize that he has just been fooled.

This example may also be seen in use in all those spam emails we all receive. It is

very common to find an email in your inbox saying how a certain auctioning site

suspects that another individual is using your account maliciously, and it then asks

you to click a link to validate your identity. This is a similar method which directs

the unsuspecting user to a FAKE version of the auctioning site, and captures the

user’s log-in credentials to then send them to the hacker.

II. 1. 5. Why wait to be hacked?

The observation which can be made when new stories of the latest hacks are

published is that the sites which belong to the large brands and corporations are

hacked in exactly the same way as those sites owned by businesses on a much

smaller budget. This clearly shows how lack of security is not a matter of

resources, but it is directly dependant on the lack of awareness among businesses

of all size. Statistically, 42% of web applications which request security audits are

vulnerable to XSS, which is clearly the most recurring high-risk exploit among all


53

the applications tested. The effort to raise awareness about how easy it is for an

expert hacker to exploit a vulnerable application does not seem to be going too far.

It is still very common to see the “We’ll see when I get hacked” mentality still

lingering among site owners who finally risk losing a lot of money and also the

trust of their customers. Anybody with the interest to research this matter will see

how even individuals claiming to be security experts feel comfortable to state that

XSS is over-rated and cannot really be used to achieve serious results on a web

application. However further research will also prove that statistical figures speak

for themselves, and those same statistics keep growing at a rate which will

eventually overcast the claims of those incredulous “experts”.

II. 2. SQL Injection:

II. 2. 1. SQL Injection: What is it?

SQL Injection is one of the many web attack mechanisms used by hackers to

steal data from organizations. It is perhaps one of the most common application

layer attack techniques used today. It is the type of attack that takes advantage of

improper coding of your web applications that allows hacker to inject SQL

commands into say a login form to allow them to gain access to the data held

within your database.

In essence, SQL Injection arises because the fields available for user input

allow SQL statements to pass through and query the database directly.

II. 2. 2. SQL Injection: An In-depth Explanation

Web applications allow legitimate website visitors to submit and retrieve data

to/from a database over the Internet using their preferred web browser. Databases

are central to modern websites – they store data needed for websites to deliver

specific content to visitors and render information to customers, suppliers,

employees and a host of stakeholders. User credentials, financial and payment

information, company statistics may all be resident within a database and accessed

by legitimate users through off-the-shelf and custom web applications. Web

applications and databases allow us to regularly run our business.


54

SQL Injection is the hacking technique which attempts to pass SQL

commands (statements) through a web application for execution by the backend

database. If not sanitized properly, web applications may result in SQL Injection

attacks that allow hackers to view information from the database and/or even wipe

it out.

Such features as login pages, support and product request forms, feedback

forms, search pages, shopping carts and the general delivery of dynamic content,

shape modern websites and provide businesses with the means necessary to

communicate with prospects and customers. These website features are all

examples of web applications which may be either purchased off-the-shelf or

developed as bespoke programs.

These website features are all susceptible to SQL Injection attacks which arise

because the fields available for user input allow SQL statements to pass through

and query the database directly.

II. 2. 3. SQL Injection: A Simple Example

Take a simple login page where a legitimate user would enter his username

and password combination to enter a secure area to view his personal details or

upload his comments in a forum.

When the legitimate user submits his details, an SQL query is generated from

these details and submitted to the database for verification. If valid, the user is

allowed access. In other words, the web application that controls the login page

will communicate with the database through a series of planned commands so as to

verify the username and password combination. On verification, the legitimate user

is granted appropriate access.

Through SQL Injection, the hacker may input specifically crafted SQL

commands with the intent of bypassing the login form barrier and seeing what lies

behind it. This is only possible if the inputs are not properly sanitised (i.e., made

invulnerable) and sent directly with the SQL query to the database. SQL Injection

vulnerabilities provide the means for a hacker to communicate directly to the

database.


55

The technologies vulnerable to this attack are dynamic script languages

including ASP, ASP.NET, PHP, JSP, and CGI. All an attacker needs to perform an

SQL Injection hacking attack is a web browser, knowledge of SQL queries and

creative guess work to important table and field names. The sheer simplicity of

SQL Injection has fuelled its popularity.

II. 2. 4. The impact of SQL Injection:

Once an attacker realizes that a system is vulnerable to SQL Injection, he is

able to inject SQL Query / Commands through an input form field. This is

equivalent to handing the attacker our database and allowing him to execute any

SQL command including DROP TABLE to the database!

An attacker may execute arbitrary SQL statements on the vulnerable system.

This may compromise the integrity of our database and/or expose sensitive

information. Depending on the back-end database in use, SQL injection

vulnerabilities lead to varying levels of data/system access for the attacker. It may

be possible to manipulate existing queries, to UNION (used to select related

information from two tables) arbitrary data, use subselects, or append additional

queries.

In some cases, it may be possible to read in or write out to files, or to execute

shell commands on the underlying operating system. Certain SQL Servers such as

Microsoft SQL Server contain stored and extended procedures (database server

functions). If an attacker can obtain access to these procedures, it could spell

disaster.

Unfortunately the impact of SQL Injection is only uncovered when the theft is

discovered. Data is being unwittingly stolen through various hack attacks all the

time. The more expert of hackers rarely get caught.

II. 2. 5. Preventing SQL Injection attacks:

Firewalls and similar intrusion detection mechanisms provide little defense

against full-scale web attacks. Since our website needs to be public, security

mechanisms will allow public web traffic to communicate with our databases

servers through web applications. Isn’t this what they have been designed to do?


56

Patching our servers, databases, programming languages and operating

systems is critical but will in no way the best way to prevent SQL Injection

Attacks.

II. 4.Conclusion:

In this chapter we have presented the most common and popular hacking

technics used on the web and also giving some practical examples and proposed

some useful solutions.


57

3. Kasdi Merbah University

Presentation


58

III. 1. Introduction :

In this chapter we’ll present Kasdi Merbah University Ouargla which is a

regional institution of higher education and research, which grants academic

degrees at varios levels (associate, bachelor, and master) in a variety of subjects.

III. 2.Genesis and evolution of the University of Kasdi Merbah Ouargla:

The first nucleus of the University of Kasdi Merbah Ouargla was established

in September 1987, and knew many and rapid changes in organizational and

pedagogical structure. From teachers high school in 1987 to a university centre in

1997 and then to the University of Ouargla in the year 2001.

The teachers High school established under the 88/65 Decree of 22/03/1988,

where work began with the bachelor's degree specialization in the exact sciences

(physics, chemistry & mathematics). And the school has experienced a significant

and rapid Base structures and pedagogical development, and under the 91/119

Executive Decree of 27/04/1991 and the convention concluded between the

Ministry of Higher Education and Ministry of Education that have been annexed

the training centre and Technical school to the High school increasing the capacity

considerably. At the 1990/1991 university entry marked the opening of four new

branches: Desert irrigation, Automation and Information Management ,Trunk joint

science and technology and Exact Science , License Degree in English, while the

number of students who did not exceed 139 students during the 1987/1988 season

rose to more than 600 university students in the season 1990/1991.

In 1997 the Graduate School became a university centre under the Executive

Decree No. 07/159 of 10/03/1997, with the annex of the National High Institute of

desert farming to the Centre under Decree No. 97/337 of 10/09/1997. Then five

institutes were established and are: the Institute of Industrial Chemistry , Institute

of arts and Languages, and the Institute of irrigation and desert farming, Exact

Sciences Institute and the Institute of Social and Human Sciences.

The University of Ouargla was established under Decree No. 01-210 dated

23/07/2001 containing the establishment of the University of Ouargla, the number

of professors was 477 from various grades (Professor of Higher Education,


59

Lecturer, Assistant Professor charged with lessons, Assistant Professor, Assistant

Professor engineer) .

The number of students entering the university during 2005/2006 was up to

17055 students (333 students in post-graduation first –Masters); deployed on three

colleges:

1. Faculty of Science and Science Engineering.

2. College of arts and Human Sciences.

3. Faculty of Law and Economic Sciences.

The structures of the university is constituted of :

26 scalars, 156 lecture Halls and Practical applications Classes, 28

pedagogical labs, 06 university libraries, 08 reading Halls, 12 Internet Halls, 01

Academy of Technology, 01 invested agricultural area of 32 hectares.

The capacity of the structures of the university is estimated to 15609

Pedagogical seats, with countenance of six (06) university Residences, four of

which are reserved for males and two fore females.

III. 3.Ouargla University Administrative management :

III. 3. 1. Rector:

Is the primarily responsible for General Administration of the University and has a

power on all users, and represents the university in all civil life acts.

III. 3. 2. The Governing Council:

consists of a representative from the Higher Education Ministry and Scientific

Research (Chairman), a representative of all the same Nature ministries, a

representative of the Viceroy (Elwali), representatives from the key mandate

sectors, representatives of professors, one of each College, representatives of the

administrative workers and representatives of the students, also some Foreign

persona can participate as a consultant voice.

From the tasks of the Governing Council we can find :

• The deliberation of the university development schemes.

• Propose exchange programs and scientific cooperation.


60

• Ratification of the annual report on the activities of the university.

• As well as the ratification of the next budget draft.

III. 3. 3. Scientific Council:

Consists of the Rector (Chairman), Vice-Director and deans of faculties,

heads of scientific councils of the faculties, administrators of research units, library

Responsible, representatives of professors (two from each College), two University

Professors belonging to another university.

One of the tasks of the Scientific Council of the University is expressing its views

and recommendations on :

• The annual Schemes of formation and scientific research.

• National and international scientific Exchange programs cooperation.

• Orient research and scientific and technical documentation policy.

III. 3. 4. The Directorate:

Its only mission is in assisting the Director in carrying out his functions, and its

consisting of:

• Rector of the university: Prof. Dr. / Bouterfaya Ahmed (Chairman).

• Vice Rector in charge of the higher Formation and the continuous Formation

and Diplomas : Professor Saouli Saleh.

• Vice Rector in charge of the revitalization and promotion of scientific

research and external relations and cooperation: Professor Dahou Foudile.

• Vice Rector in charge of development and Psychology and Guidance: Dr. /

Messitfa Ammar.

• In charge of communication and scientific demonstrations: Professor Khalifa

Abdelkader.

• Dean of Science & Engineer Science Faculty: Dr. Dadda Moussa Belkheir.


61

• Dean of Law and Economic Sciences Faculty : Dr. Bengrina Mohammed

Hamza.

• Dean of literature and Human Sciences Faculty: Dr. / Qureishi AbdelKarim.

• The University General Secretary : Mr. Botahraoui AbdelHalim.

III. 4.Conclusion:

In this chapter we have presented Kasdi Merbah University, its creation,

evaluation and its Administrative management in a general manner.


62

4. Analyse & conception


63

IV. 1. Introduction :

The conception is the most important step in the computing projects. It consists

in fixing the informations choices and the manipulated operations in the system.

(It’s a global view on the system).

In this chapter we’ll present the analyse and conception phases.

IV. 2. Scope statements :

IV. 2. 1. Contexte:

It consists on a Dynamic Web Site, mading an online portal for the universirty

of Ouargla.

The most important feature of this aplication is to ignore the distance problem

for both proffeseurs in putting notes and for students in consulting them. In

addition to a lot of other operations and documents.

IV. 2. 2. General description:

The work we’re suposed to do is a dynamic web site that computes the notes

delevring operation from the proffessurs and keep the privacy of each student in

viewing his notes, this site will be associated to a data base that keeps and deliver

this informations.

The people that will interact with our site and get used of this automatisation

are:

• The site administrator: is the person who has a full access to the

database and can do all the operations, including the site management.

• The Professor: has a unique user name and password that give him the

ability to modify onley the notes of the module he is responsible of.

• The Student: has a unique user name and password that give him the

ability to view onley the notes of the modules he is studying.

• The Guest: has the ability to navigate in the site without any permission

to the database.


64

IV. 2. 3. Data Description:

Students (students):

• Student Id (sid): integer (10).

• Student name (sname): varchar (30).

• Student birthday (sbirthday): varchar (11).

• Student inscription date (sdateins): varchar (11).

• Student gender (sgender): varchar(1)

• Student branch (sbranch): integer (5).

• Student grade (sgrade): integer (1).

• Student email (semail): varchar (100).

• Student photo (sphoto): text.

• Student password (spass): varchar (20).

• Student login counter (slogin): integer (4).

Professors (profs):

• Professor Id (pid): integer (10).

• Professor name (pname): varchar (30).

• Professor gender (gender): varchar(1)

• Professor diplomat (diplome): varchar (100).

• Professor email (email): varchar (100).

• Professor password (pass): varchar (20).

• Professor login counter (login): integer (4).

Modules (modules):

• Module Id (mid): integer (10).

• Module name (mname): varchar (50).

• Module professor Id (pid): integer (10).

• Module branch (mbranch): integer (5).

Notes (notes):

• Note Id (nid): integer (20).


65

• Student Id (sid): integer (10).

• Module Id (mid): integer (10).

• Note (note): float.

• Examen kind (exam): varchar (10).

• Year (year): integer (4).

Branches (branches):

• Branch Id (bid): integer (5).

• Branch name (bname): varchar (100).

Classes (classes):

• Class Id (cid): integer (3).

• Class name (cname): varchar (100).

• Faculty Id (cfaculty): integer(2).

Faculties (faculties):

• Faculty Id (fid): integer (1).

• Faculty name (fname): varchar (100).

IV. 2. 4. Operations and Traitements

Our application may allow the following operations:

• The site administrator :

ü Full access to all site resources.

ü Add new professor.

ü Add new student.

ü Add new modules.

ü Chang professor data.

ü Chang student data.

ü Chang existing modules.

ü Delete existing professor.

ü Delete existing student.

ü Delet existing module.

• The Professor:


66

ü Add his student’s notes.

ü Change his student’s notes.

ü Change his personal Email.

ü Change his personal password.

• The Student:

ü Change his personal Email.

ü Change his personal password.

IV. 4. Conclusion:

In this chapter we have described in a detailed and a complete manner the

deferents functions supported by our system, also the data description in the DB.

Now it rest onley the implementation phase to get an operational system.


67

5. Implementation


68

V. 1. Introduction :

In this chapter we’ll present our system, starting by the required environement

for establishing the system then the detailed presentation of the application.

V. 2. The workspace compenents :

The workspace required compenents for developping the system in the

realisation phase could be picked from the list below :

Operating system

• Windows 9x • Windows XP • Windows NT • Windows Vista • Linux • Mac OS

Web Server • Apache • IIS

MYSQL data base server • MYSQL for windows • MYSQL for Linux

Administration tool for MYSQL • PhpMyAdmin (web client) • MyAdmin (windows client)

Scripting Language • Php, JavaScript Web Browser • Firefox, Opera, IE.

Other Tools DSV PHP Editor, Notepad++, Yukon Dev SQL Editor.

V. 3. Implementation Tools :

For the system realisation we have used a configured Pc as alocal developement

server then hosting it on the net.

• PC : P4 Intel 3.6Ghz, 1Gb RAM, 80Gb Hard drive space.

• OS : Windows Xp.

• Web browser : Firefox, Opera, IE.

• XAMPP 1.6.6a wich includs :

ü Apache HTTPD 2.2.8 + Openssl 0.9.8g

ü MySQL 5.0.51a

ü PHP 5.2.5

ü PHP 4.4.8


69

ü phpMyAdmin 2.11.4

ü FileZilla FTP Server 0.9.25

ü Mercury Mail Transport System 4.52

• NotePad++ V4.9.1.

• DSV PHP Editor V1.0.0

• Yukon Dev SQL Editor V.1.8.16.39

• Photoshop CS3.

V. 4. What is PHP ?

PHP originally stood for Personal Home Page. It began in 1994 as a set of

Common Gateway Interface binaries written in the C programming language by

the Danish/Greenlandic programmer Rasmus Lerdorf1. Lerdorf initially created

these Personal Home Page Tools to replace a small set of Perl2 scripts he had been

using to maintain his personal homepage. The tools were used to perform tasks

such as displaying his résumé and recording how much traffic his page was

receiving. He combined these binaries with his Form Interpreter to create PHP/FI,

which had more functionality. PHP/FI included a larger C implementation and

could communicate with databases enabling the building of simple, dynamic web

applications. He released PHP publicly on June 8, 1995 to speed up the finding of

bugs and improving the code. This release was named PHP version 2 and already

had the basic functionality that PHP has today. This included Perl-like variables,

form handling, and the ability to embed HTML. The syntax was similar to Perl but

was more limited, simpler, and less consistent.

Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT3,

rewrote the parser in 1997 and formed the base of PHP 3, changing the language's

name to the recursive initialism PHP: Hypertext Preprocessor. The development

team officially released PHP/FI 2 in November 1997 after months of beta testing.

1 Rasmus Lerdorf (born November 22, 1968 in Qeqertarsuaq, Greenland) is a Danish-Greenlandic programmer and the creator of the PHP programming language. 2 Perl is a dynamic programming language. Perl borrows features from a variety of other languages including C, shell scripting (sh), AWK, sed and Lisp. 3 The Technion – Israel Institute of Technology is an institute of higher education in Haifa.


70

PHP, which stands for "Hypertext Preprocessor", is a server-side, HTML

embedded scripting language used to create dynamic Web pages. Much of its

syntax is borrowed from C, Java and Perl with some unique features thrown in.

The goal of the language is to allow Web developers to write dynamically

generated pages quickly.

In an HTML page, PHP code is enclosed within special PHP tags. When a

visitor opens the page, the server processes the PHP code and then sends the output

(not the PHP code itself) to the visitor's browser. It means that, unlike JavaScript,

you don't have to worry that someone can steal your PHP script.

PHP offers excellent connectivity to many databases including MySQL,

Informix, Oracle, Sybase, Solid, PostgreSQL, and Generic ODBC. The popular

PHP-MySQL combination (both are open-source products) is available on almost

every UNIX host. Being web-oriented, PHP also contains all the functions to do

things on the Internet - connecting to remote servers, checking email via POP3 or

IMAP, url encoding, setting cookies, redirecting, etc.

The principal Php concurents are Perl, Microsoft Active Server Pages (ASP)

and Java Server Pages (JSP). Among Php principal advanteges :

• It is easy to understand and learn, especially for those with backgrounds in

programming such as C, javascript and HTML.

• PHP doesn’t‚ use a lot of the system‚ resources so it runs fast and doesn’t‚

tend to slow other processes down.

• PHP offers many levels of security to prevent malicious attacks.

• PHP connective abilities, it uses a modular system of extensions to interface

with a variety of libraries such as graphics, XML, encryption, etc.

• PHP has tons of server interfaces, database interfaces and other modules

available. Of the server interfaces, PHP can load into Apache, IIS, Roxen,

THTTPD and AOLserver. It can also be run as a CGI module. Database interfaces

are available for MySQL, MS SQL, Informix, Oracle and plenty of others.


71

V. 4. 1. How do PHP works:

When we go to a Web site (we’ll use http://www.ouargla-univ.dz/php/index.php

as my example here), our Internet Service Provider directs our request to the server

that holds the http://www.ouargla-univ.dz/php/index.php information. Because this

site was designed in PHP, the server reads the PHP and processes it according to

its scripted directions. In this example, the PHP code tells the server to send the

appropriate Web page data to our browser. This data is in the form of HTML that

the browser can display as it would a standard HTML page. In short, PHP creates

an HTML page on the fly based on parameters of my choosing; the server contains

no static HTML pages.

Figure 1 This graphic demonstrates how the process works between a Client,

the Server, and a PHP module (an application added to the server to increase its

functionality) to send HTML back to the browser (albeit in very simplistic terms).

All server-side technologies (ASP, for example) use some sort of third-party

module on the server to process the data that gets sent back to the client.

Figure 01

With a purely HTML-generated site, the server merely sends the HTML data to

the Web browser; there is no server-side interpretation.

Figure 2 Compare this direct relationship of how a server works with basic

HTML to that of Figure 1. This is also why HTML pages can be viewed in our

browser from our own computer since they do not need to be "served," but

dynamically generated pages need to be accessed through a server which handles

the processing.

http://www.ouargla-univ.dz/php/index.php



72

Figure 02

To the end user and their browser, there may not be an obvious difference

between what http://www.ouargla-univ.dz/php/index.php and http://www.ouargla-

univ.dz/php/index.html look like, but how the pages arrived at that point are

critically different. The major difference: By using PHP, you can have the server

dynamically generate the HTML code. In this example, the index.php page

referenced above displays news items that it retrieves chronologically from a

database.

V. 4. 2. The key difference between PHP and JavaScript:

The key difference between JavaScript and PHP is simple. JavaScript is

interpreted by the Web browser once the Web page that contains the script has

been downloaded. Conversely, server-side scripting languages such as PHP are

interpreted by the Web server before the page is even sent to the browser. And,

once it’s interpreted, the results of the script replace the PHP code in the Web page

itself; all the browser sees is a standard HTML file. The script is processed entirely

by the server, hence the designation: server-side scripting language.

Figur 03 : How Php works

Output Input

Client

Browser

<html><head> <title>Home</title> </head> <body> <br /> <p id="top">welcome</p> </body> </html>

Server

Database MYSQL

Web Server (httpd)

PHP Engin as CGI

program

< ?php $var= "welcome " ; If ( !empty($var)) Echo $var; ?>

Request


http://www.ouargla


73

V. 5. MySQL :

MySQL is a relational database management system (RDBMS) based on SQL

(Structured Query Language). First released in January, 1998, MySQL is now one

component of parent company MySQL AB's product line of database servers and

development tools.

Many Internet startups became interested in the original open source version of

MySQL as an alternative to the proprietary database systems from Oracle1, IBM,

and Informix. MySQL is currently available under two different licensing

agreements: free of charge, under the GNU2 General Public License (GPL) open

source system or through subscription to MySQL Network for business

applications.

MySQL runs on virtually all platforms, including Linux, Unix, and Windows. It

is fully multi-threaded using kernel3 threads4, and provides application program

interfaces (APIs) for many programming languages, including C, C++, Eiffel,

Java, Perl, PHP, Python5, and Tcl6.

MySQL is used in a wide range of applications, including data warehousing, e-

commerce, Web databases, logging applications and distributed applications. It is

also increasingly embedded in third-party software and other technologies.

According to MySQL AB, their flagship product has over six million active

MySQL installations worldwide. Customers include Cisco, Dun & Bradstreet,

Google, NASA, Lufthansa, Hyperion, and Suzuki.

1Oracle is the world's leading supplier of software for information management but it is best known for its sophisticated relational database products. 2 GNU is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed. 3 The kernel is the essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. 4 A thread is a sequence of responses to an initial message posting. This enables you to follow or join an individual discussion in a newsgroup from among the many that may be there. 5 Python is an interpreted, object-oriented programming language similar to Perl, that has gained popularity because of its clear syntax and readability. 6 Tcl is an interpreted script language developed by Dr. John Ousterhout at the University of California, Berkeley, and now developed and maintained by Sun Laboratories.


74

V. 5. 1. An Overview of MySQL Architecture:

MySQL is based on a tiered architecture, consisting of both primary subsystems

and support components that interact with each other to read, parse, and execute

queries, and to cache and return query results.

• Primary Subsystems :

The MySQL architecture consists of five primary subsystems that work

together to respond to a request made to the MySQL database server:

ü The Query Engine

ü The Storage Manager

ü The Buffer Manager

ü The Transaction Manager

ü The Recovery Manager

The organization of these features is shown in Figure 4.

Figure 04 MySQL subsystems

V. 5. 2. MySQL Characteristics:

• Atomicity :

A transaction is defined as an action, or a series of actions, that can access or

change the contents of a database. In SQL terminology, a transaction occurs when

one or more SQL statements operate as one unit. Each SQL statement in such a

unit is dependent on the others; in other words, if one statement does not complete,

the entire unit will be rolled back, and all the affected data will be returned to the

state it was in before the transaction was started. Grouping the SQL statements as

part of a single unit (or transaction) tells MySQL that the entire unit should be

executed atomically.


75

• Consistency :

Consistency exists when every transaction leaves the system in a consistent

state, regardless of whether the transaction completes successfully or fails midway.

• Isolation :

Isolation implies that every transaction occurs in its own space, isolated from

other transactions that may be occurring in the system, and that the results of a

transaction are visible only once the entire sequence of events making up the

transaction has been fully executed. Even though multiple transactions may be

occurring simultaneously in such a system, the isolation principle ensures that the

effects of a particular transaction are not visible until the transaction is fully

complete.

• Durability :

Durability, which means that changes from a committed transaction persist

even if the system crashes, comes into play when a transaction has completed and

the logs have been updated in the database. Most RDBMS products ensure data

consistency by keeping a log of all activity that alters data in the database in any

way. This database log keeps track of any and all updates made to tables, queries,

reports, and so on. If we have turned on the database log , we already know that

using it will slow down the performance of our database when it comes to writing

data. (It will not, however, affect the speed of our queries.)

V. 6. How do PHP and MySQL work together?

PHP and MySQL compliment each other to do with neither can do alone. PHP

can collect data, and MySQL can in turn store the information. PHP can create

dynamic calculations, and MySQL can provide it with the variables it uses. PHP

can create a shopping cart for our web store, but MySQL can then keep the data in

a format PHP can use to create receipts on demand, show current order status, or

even suggest other related products.

Although PHP and MySQL can each be used independently, when we put them

together it opens up countless possibilities for our site. As the internet progresses,

it becomes more and more necessary to deliver dynamic content to keep up with


76

the demands of web surfers and their desire to have information instantly delivered

to them online. By learning to use PHP and MySQL we can deliver this

information to them on demand.

V. 7. PhpMyAdmin :

A set of PHP-scripts to administrate MySQL over the WWW in a web interface

without needing of a deep knowledge of Sql queries. PhpMyAdmin is intended to

handle the administration of MySQL over the WWW. Currently it can :

ü Create and drop databases.

ü Create, copy, drop and alter tables.

ü Delete, edit and add fields.

ü Execute any SQL-statement, even batch-queries.

ü Manage keys on fields.

ü Load text files into tables.

ü Create and read dumps of tables.

ü Export and import CSV data.

ü Administer one single database.

V. 8. The web Server software:

A computer program that is responsible for accepting HTTP requests from

clients, which are known as web browsers, and serving them HTTP responses

along with optional data contents, which usually are web pages such as HTML

documents and linked objects (images, etc.).

There are many varieties of World Wide Web server software to serve different

forms of data we mention the most popular like Apache server, Internet

Information Server, CERN server1, NCSA server2, GoServe3, MacHTTP4 and

others.

1 CERN server : The World Wide Web daemon program, full featured, with access authorization and research tools. This daemon is also used as a basis for many other types of server and gateways. Platforms: unix, VMS. 2 NCSA server : A server for files, written in C, public domain. Many features as CERN's httpd. Platforms: unix. 3 GoServe : A server for OS/2 supporting both HTTP and Gopher, from Mike Cowlishaw of IBM UK Laboratories. 4 MacHTTP : Server for the Macintosh.


77

The most popular and effective server softwares are the Apache server and

Internet Information Server (IIS).

V. 8. 1. Internet Information Server:

IIS (Internet Information Server) is a group of Internet servers (including a Web

or Hypertext Transfer Protocol server and a File Transfer Protocol server) with

additional capabilities for Microsoft's Windows NT and Windows 2000 Server

operating systems. IIS is Microsoft's entry to compete in the Internet server market

that is also addressed by Apache, Sun Microsystems, O'Reilly, and others. With

IIS, Microsoft includes a set of programs for building and administering Web sites,

a search engine, and support for writing Web-based applications that access

databases. Microsoft points out that IIS is tightly integrated with the Windows NT

and 2000 Servers in a number of ways, resulting in faster Web page serving.

V. 8. 2. Apache Server:

Apache is a freely available Web server that is distributed under an GPL1 "open

source" license. Version 2.0 runs on most Unix-based operating systems (such as

Linux, Solaris2, Digital UNIX, and AIX3), on other UNIX/POSIX4-derived

systems (such as Rhapsody, BeOS5, and BS2000/OSD), on AmigaOS, and on

Windows 2000. According to the Netcraft (www.netcraft.com) Web server survey

in February, 2001, 60% of all Web sites on the Internet are using Apache (62%

including Apache derivatives), making Apache more widely used than all other

Web servers combined.

1 The GNU General Public License, often shortened to GNU GPL (or simply GPL), lists terms and conditions for copying, modifying and distributing free software. 2 Solaris is the computer operating system that Sun Microsystems provides for its family of Scalable Processor Architecture-based processors as well as for Intel-based processors. 3 AIX is an open operating system from IBM that is based on a version of Unix. 4 POSIX (Portable Operating System Interface) is a set of standard operating system interfaces based on the Unix operating system. 5 BeOS is a personal computer operating system that its makers describe as designed for the multimedia applications of the future.

http://www.netcraft.com)


78

V. 8. 3. Apache & IIS comparision:

Microsoft Internet Information Services Apache

Server Type WEB WEB

Latest Version 6.0 2.2.8

Price Details

Included with all Windows Server 2003 versions 0

Vendor Microsoft Corp. Apache Software Foundation

Description Web server that works in

conjunction with Windows Server operating systems

The predominant open source Web server

Features Administration GUI configuration GUI setup Remote administration SNMP

configurable/monitorable Futureproofing/scalability

.Net compliant 64-bit port Cluster support IPv6 support J2EE 1.4 certified J2EE 1.4 compliant

Other Features

Multiple logs Supports Microsoft

ISAPI Virtual servers Web-based user interface

Programming/Scripting

Includes source Own API

Administration GUI configuration GUI setup Remote administration SNMP

configurable/monitorable Futureproofing/scalability

.Net compliant 64-bit port Cluster support IPv6 support J2EE 1.4 certified J2EE 1.4 compliant

Other Features

Multiple logs Supports Microsoft

ISAPI Virtual servers Web-based user interface

Programming/Scripting

Includes source Own API


79

Own scripting/batch language

Supports external scripting/batch language Security

ActiveDirectory authentication

Antispam features Antivirus features Built-in firewall

capabilities Built-in proxy

capabilities Internal user access

scheme LDAP authentication Other/system

authentication SSL (hardware) SSL (software)

Support

Commercial support available

Forum support Free telephone support GSA scheduled Mailing list support Service-level agreement

offerings available

Own scripting/batch language

Supports external scripting/batch language Security

ActiveDirectory authentication

Antispam features Antivirus features Built-in firewall

capabilities Built-in proxy

capabilities Internal user access

scheme LDAP authentication Other/system

authentication SSL (hardware) SSL (software)

Support

Commercial support available

Forum support Free telephone support GSA scheduled Mailing list support Service-level agreement

offerings available


80

V. 9. Other Scripting Languages :

V. 9. 1. JavaScript:

Javascript is a scripting language developed by Netscape1 to enable Web

authors to design interactive sites. Although it shares many of the features and

structures of the full Java language, it was developed independently. Javascript can

interact with HTML source code, enabling Web authors to spice up their sites with

dynamic content. JavaScript is endorsed by a number of software companies and is

an open language that anyone can use without purchasing a license. It is supported

by recent browsers from mozilla, Netscap and Microsoft, though Internet Explorer

supports only a subset, which Microsoft calls Jscript.

V. 9 .2. XML:

XML (eXtensible Markup Language) is a flexible way to create common

information formats and share both the format and the data on the World Wide

Web, intranets, and elsewhere. For example, computer makers might agree on a

standard or common way to describe the information about a computer product

(processor speed, memory size, and so forth) and then describe the product

information format with XML. Such a standard way of describing data would

enable a user to send an intelligent agent (a program) to each computer maker's

Web site, gather data, and then make a valid comparison. XML can be used by any

individual or group of individuals or companies that wants to share information in

a consistent way.

V. 10. AJAX:

Ajax (Asynchronous JavaScript and XML) is a method of building interactive

applications for the Web that process user requests immediately. Ajax combines

several programming tools including JavaScript, dynamic HTML (DHTML),

XML, eXtensible Style Language Transformation (XSLT)2, cascading style sheets

(CSS)3, the Document Object Model (DOM)1, and the Microsoft object,

1 Netscape Communications Corporation It revolutionized the computer software market by giving away for free its popular Navigator Web browser until it had acquired an overwhelming market share for this category of software. 2 XSLT : the language used in XSL style sheets to transform XML documents into other XML documents. 3 a new feature being added to HTML that gives both Web site developers and users more control over how pages are displayed. With CSS, designers and users can create style sheets that define how different elements, such as headers and links, appear. These style sheets can then be applied to any Web page.


81

XMLHttpRequest. Ajax allows content on Web pages to update immediately when

a user performs an action, unlike an HTTP request, during which users must wait

for a whole new page to load. For example, a weather forecasting site could

display local conditions on one side of the page without delay after a user types in

a zip code.

Ajax is not a proprietary technology or a packaged product. Web developers

have been using JavaScript and XML in combination for several years. Jesse

James Garrett2 of the consultancy firm Adaptive Path is credited with coining the

name "Ajax" as a shorthand way to refer to the specific technologies involved in a

current approach.

V. 11. The system presentation :

Now we’ll present the system and explian its principal fonctions.

First, the Index page allows an easy navigation on our site and also to

manage the operations according to the Log-In type of each user.

Figur 05 : Index page

1 DOM, the specification for how objects in a Web page (text, images, headers, links, etc.) are represented 2 Jesse James Garrett is an experience designer and founder of Adaptive Path, a user experience strategy and design firm. Garrett co-founded the Information Architecture Institute, and his essays have appeared in New Architect, Boxes and Arrows, and Digital Web Magazine.


82

V. 11. 1. Administrator space:

The Administrator is the person who is in charge of the whole site including

the data base and its managements. We’ll list the key operations that can the

Administrator perform in our site.

Now and after clicking on the Log-In and entering the right Username and

password of the Administrator we’ll have the following operations.

• Operations on professors :

ü View professors list :

This action can be performed by clicking on the Professor link in the

Administrator space.

Figur 06 : View Professors list


83

ü Add new professor :

This action can be performed by clicking on the Add link under the professor

liste table.

Figur 07 : Add a new Professor

ü View single professor data :

This action can be performed by clicking on the professor name in the list

table.


84

Figur 08 : View single Professor data

ü Chang existing professor data :

This action can be performed by clicking on the Edit Icon on the top of the

table.


85

Figur 09 : Edit existing Professor data

ü Delete existing professor:

This action can be performed by clicking on the delete Icon

Figur 10 : Delete existing professor


86

• Operations on students :

The operations on students are the same as the once performed on the

professors.

V. 11. 2. Professor space:

ü View professor personal data :

This action can be performed by clicking on the My space link after the Log-

In operation.

Figur 11 : View professor personal data

ü Edit professor personel data:


table.


87

Figur 12 : Edit professor personal data

ü View student notes list :

This action can be performed by clicking on the Module name in the table.


88

Figur 13: View student notes list

ü Add students notes :

This action can be performed by clicking on the Add link on the bottom of

the table.


89

Figur 14 : Add student notes

ü Edit students notes :

This action can be performed by clicking on the Edit Icon on the right of the

table.


90

Figur 15 : Edit student notes

V. 9. 3. Student space:

ü View student personal data & notes:

This action can be performed by clicking on the My space link after the Log-

In operation.


91

Figur 16 : View student personal data & notes

ü Edit student personel data:


table.


92

Figur 17 : Edit student personel data

V. 9. 4. The guest:

The gust is the person that can navigate throw the site without any

permission to modify the data base resources, but he can get used of the site

contents from news, documents and also participating on the polls that are made to

interact with the visiters.


93

Figur 18 : Guest news page

v The Site test:

The site was successfully hosted on the Freehostia servers; wich is a free

web hosting provider with an interesting features.

V. 10. Conclusion:

In this chapter, we have described in a detailed and a complete manner the

components and the features of the site environment, the implementation tools and

the introducing the deferent interfaces of our application.


94

General Conclusion


95

General Conclusion :

The realization of this project was beneficial for us witch allowed as to

create an experience and competence in a lot of web development tools such as

PHP, JavaScript, HTML, and MySQL…

We’re also hoping that our system will be integrated in the University of

Kasdi Merbah web site, and we also notice that our site is online and hosted on a

free hosting provider under the URL: http://ouargla-univ.freehostia.com.

http://ouargla-univ.freehostia.com


96

Bibliography & webography


97

Bibliography & webography

1. Build Your Own Database Driven Website Using PHP & MySQL,

3rd.Edition, Kevin Yank, SitePoint editions, 2006.

2. PHP and MySQL Web Development For.Dummies, Janet Valade, Wiley

Publishing, 2008.

3. PHP Manual, PHP developement team, PHP Documentation Group,

2007.

4. http://www.acunetix.com/

5. http://www.buildwebsite4u.com

6. http://www.developpez.com

7. http://www.devshed.com

8. http://kb.iu.edu/

9. http://www.learnthenet.com

10. http://www.livinginternet.com

11. http://www.searchwinit.com

12. http://www.serverwatch.com

13. SitePiont forums, http://www.sitepoint.com/forums/

14. http://www.tcpipguide.com

15. http://www.webopedia.com

16. http://www.zeltser.com

http://www.acunetix.com/

http://www.buildwebsite4u.com

http://www.developpez.com

http://www.devshed.com

http://kb.iu.edu/

http://www.learnthenet.com

http://www.livinginternet.com

http://www.searchwinit.com

http://www.serverwatch.com

http://www.sitepoint.com/forums/

http://www.tcpipguide.com

http://www.webopedia.com

http://www.zeltser.com


98

Conception & Realization Of A Dynamic Web Site For The University Of Kasdi Merbah Ouargla

Documents

Transcript of Conception & Realization Of A Dynamic Web Site For The University Of Kasdi Merbah Ouargla