Category:I702 Web Application Programming

From ICO wiki
Revision as of 19:11, 5 June 2016 by Lvosandi (talk | contribs) (Lecture/lab #1: Structuring HTML and making use of relational databases)


This course is 5 ECTS and it's mandatory for CSE students. Other ITC students may also attend and CSE students who comprehend Estonian can follow the I244 lectures.

The main point of this course is to get to know the software stack that is used to build modern web applications and by the end of the course being able to write a web application and if we'll have enough time - to deploy it on a (virtual) server and defend it. Deduplicate your work and combine the work of this course with Python and Research Project courses.

  • Progress visible in Git from day one
  • Possible scenarios to pass the course:
    • classic: Build a simple mobile-frindly webshop with shopping cart using PHP, MySQL, Apache, Ubuntu.
    • Substitute a component (see below) you don't like and do the same
    • Scratch your own itch, develop something that largely makes use of following technologies and it is relevant to you
    • Extend WordPress, Joomla etc to build a website for your customer, eg. when you're working already
    • Pick a project idea from Python course page, there are several ideas which more or less constitute as web apps.
    • Find an interesting web application that's participating on Google Summer of Code, get to know the community, prepare for participation on GSoC and successfully finish the GSoC.
  • If this is your first experience with this sort of stuff make sure you go HTML & CSS, JavaScript, jQuery and SQL tracks on CodeAcademy and start with simply creating your homepage :)
  • For page layouts check Twitter Bootstrap

Web shop

Lecture/lab #1: Structuring HTML and making use of relational databases

Lecture recording #1, lecture recording #2

Use following as barebone for your PHP application, check here for semantic tags of HTML5:

<!DOCTYPE html>
    <meta charset="utf-8"/>
    <meta name="description" content="Introduction to this guy's website">
    <title>This goes into the titlebar</title>
    <link rel="css/style.css" type="text/css"/>
    <script type="text/javascript" src="js/main.js"></script>
    <meta name="viewport" content="width=device-width, user-scalable=no"/><!-- Disable zoom on smartphone -->
      Your shop name goes here
      Navigation links go here
      Product items go here
      The actual content goes here
      <?php echo "This, is hellõu from PHP!"; ?>
      Context specific links go here
      Footer goes here


Use phpMyAdmin to create a table for your web shop's products:

CREATE TABLE IF NOT EXISTS `lauri_shop_product` (
  `name` varchar(30) NOT NULL,
  `description` text NOT NULL,
  `price` decimal(10,2) NOT NULL,
  PRIMARY KEY (`id`)

Listing items from MySQL database can be implemented with mysqli:


    $conn = new mysqli("localhost", "test", "t3st3r123", "test");
    $results = $conn->query(
      "SELECT id,name,price FROM lauri_shop_product;");

    while ($row = $results->fetch_assoc()) {
          <a href="description.php?id=<?=$row['id']?>">



Description page:

<a href="index.php">Back to product listing</a>

$conn = new mysqli("localhost", "test", "t3st3r123", "test");
$statement = $conn->prepare(
  "SELECT `name`, `description`, `price` FROM" .
  " `lauri_shop_product` WHERE `id` = ?");
$statement->bind_param("i", $_GET["id"]);
$results = $statement->get_result();
$row = $results->fetch_assoc();

<span style="float:right;"><?=$row["price"];?>EUR</span>


Occasionally you might want to get all rows from a table, this can be achieved with fetch_all method:

    $conn = new mysqli("localhost", "test", "t3st3r123", "test");
    $results = $conn->query(
      "SELECT id,name,price FROM lauri_shop_product;");
    $rows = $results->fetch_all(MYSQLI_ASSOC); // Pull ALL results
    foreach ($rows as $row) {
          <a href="description.php?id=<?=$row['id']?>">

Lecture/lab #2: Structuring PHP files and managing sessions

Place the header and footer in different files header.php and footer.php and include them like this:

require_once "config.php";
include "header.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
$conn->query("set names utf8"); // Support umlaut characters
<!-- Page specific stuff goes here -->
<? include "footer.php" ?>

Make sure session is started in header.php:

if (!array_key_exists("cart", $_SESSION)) {
    $_SESSION["cart"] = array();

Also create config.php, DO NOT commit this to the Git repository below:

// This is site specific configuration! Do not commit this to Git!
define("DB_SERVER", "localhost");
define("DB_USER",   "test");
define("DB_PASS",   "t3st3r123");
define("DB_NAME",   "test");

In the product description page place "Add to cart" button:

<form method="post" action="cart.php">
  <input type="hidden" name="id" value="<?=$_GET["id"];?>"/>
  <input type="submit" value="Add to cart"/>

Create cart.php for adding items to the cart and displaying the shopping cart contents:

$product_id = intval($_POST["id"]);
if (array_key_exists($product_id, $_SESSION["cart"])) {
    $_SESSION["cart"][$product_id] += 1;
} else {
    $_SESSION["cart"][$product_id] = 1;

Set up your Git, you'll have to do this again if you change computer:

git config --global "$(getent passwd $USER | cut -d ":" -f 5)"
git config --global $
git config --global core.editor "gedit -w -s"

Create a repository at Github and in your source code tree:

git init
git remote add origin
git add *.php js/*.js css/*.css
git commit -m "Initial commit"
git push -u origin master

Add .gitignore, files. Check out if it looks more or less like this.

Lecture/lab #3

This time we improved our shopping cart code and applied some styling to the website.


  • When adding items to cart, make it possible to select count of items using a combobox.
  • Add grand total calculation for the shopping cart.
  • Split your CSS files to three: common design, design for displays and design for printers, check out page source of this

Lecture/lab #4: User registration

Set up database table for user accounts:

CREATE TABLE IF NOT EXISTS `lauri_shop_user` (
  `email` varchar(64) NOT NULL,
  `password` varchar(256) NOT NULL,
  `first_name` varchar(64) NOT NULL,
  `last_name` varchar(64) NOT NULL,
  `phone` varchar(20) DEFAULT NULL,
  `dob` date NOT NULL,
  `salutation` varchar(5) DEFAULT NULL,
  `vatin` varchar(12) DEFAULT NULL,
  `company` varchar(64) DEFAULT NULL,
  `country` char(2) NOT NULL,
  `address` varchar(256) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)

Form for entering the data:

<form method="post" action="regsubmit.php">
    <label for="email">E-mail</label>
    <input type="email" name="email" required/>
    <label for="password">Password</label>
    <input type="password" name="password" required/>
    <select name="country">
      <option value="ee">Estonia</option>
      <option value="lt">Latvia</option>
      <option value="lv">Lithuania</option>
    <label for="phone">Telephone number</label>
    <input type="tel"/>
    <label for="vatin">VAT indication number</label>
    <input type="text" pattern="([A-Z0-9]{4,14})?$"/>
    <label for="dob">Date of birth</label>
    <input type="date" name="dob" placeholder="dd/mm/yyyy" required/>
    <label for="first_name">First name</label>
    <input type="text" name="first_name" required/>
    <label for="last_name">Last name</label>
    <input type="text" name="last_name" required/>
    <input type="submit"/>

PHP code for processing submission:

require_once "config.php";
include "header.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .
$conn->query("set names utf8");

$statement = $conn->prepare(
"INSERT INTO `lauri_shop_user` (
VALUES (?, PASSWORD(?), ?, ?, ?, ?, ?, ?, ?, ?, ?)");

# whenever you get "call to a member function ... on a non-object" this means something
# is failing **before** that line so you have to manually check for errors like this:
if (!$statement) die("Prepare failed: (" . $conn->errno . ") " . $conn->error);


if ($statement->execute()) {
    echo "Registration was successful! <a href=\"index.php\">Back to main page</a>";
} else {
    if ($statement->errno == 1062) {
       // This will result in 200 OK
       echo "This e-mail is already registered";
    } else {
       // This will result in 500 Internal server error
       die("Execute failed: (" .
           $statement->errno . ") " . $statement->error);

Lecture/lab #5: Logging in

Login form for our web shop:

<form action="login.php">
  <input type="text" name="user"/>
  <input type="password" name="password"/>
  <input type="submit" value="Log in!"/>

Create login.php:

// This is login.php, here we check if user provided proper credentials
var_dump($_POST); // This is just to check that the data gets to server
include "config.php";

// This is copy-paste from description.php!
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error)
  die("Connection to database failed:" .

$conn->query("set names utf8");

$statement = $conn->prepare(
"SELECT * FROM lauri_shop_user

$statement->bind_param("ss", $_POST["user"], $_POST["password"]);
$results = $statement->get_result();
$row = $results->fetch_assoc();

if($row) {
    echo "Login successful, hello " . $row["first_name"];
    $_SESSION["user"] = $row["id"]; // This just stores user row number!
} else {
    echo "Login failed";

Note that in production you should follow guidelines on storing passwords in safe manner, such as PBKDF2!

In index.php navigation bar:

if (array_key_exists("user", $_SESSION)) {
   echo "Hello" . $_SESSION["user"];
   // Put link to logout.php here
} else {
   // Show the login form above

For logging out create another file logout.php:

header("Location: index.php");


  • Create changepassword.php where use could change their password

Lecture/lab #6: SQL foreign keys and join queries

This time we added two database tables for storing orders.

Database table for orders, again use phpMyAdmin to import it:

CREATE TABLE IF NOT EXISTS `lauri_shop_order` (
  `shipped` timestamp NULL DEFAULT NULL,
  `paid` timestamp NULL DEFAULT NULL,
  `shipping_address` text,
  `user_id` int(11) NOT NULL,
  PRIMARY KEY (`id`)

Also add many to many relationship between order and products belonging to a particular order:

CREATE TABLE IF NOT EXISTS `lauri_shop_order_item` (
  `order_id` int(11) NOT NULL,
  `product_id` int(11) NOT NULL,
  `count` int(11) NOT NULL,
  `unit_price` decimal(10,2) NOT NULL,
  PRIMARY KEY (`id`)

Populate both tables with some arbitrary data and verify you get sensible output with SQL snippets below.

Following SQL query lists orders belongin to a certain user:

  `lauri_shop_order`.`id` as `order_id`,
  `lauri_shop_order`.`shipping_address` as `shipping_address`,
  `lauri_shop_order`.`created` as `created`
  `lauri_shop_order`.`user_id` = 2

Following SQL query joins data from two tables to generate list of items belonging to a certain order:

  -- The format here is `table_name`.`column_name` as `Whatever you want to call it`
  `lauri_shop_order_item`.`id` as `order_item_id`,
  `lauri_shop_order_item`.`product_id` as `product_id`,
  `lauri_shop_product`.`name` as `product_name`,
  `lauri_shop_order_item`.`unit_price` as `order_item_unit_price`,
  `lauri_shop_order_item`.`count` as `order_item_count`,
  `lauri_shop_order_item`.`unit_price` * `lauri_shop_order_item`.`count` as `subtotal`
  -- We select all rows from lauri_shop_order_item table and then
  -- try to find a matching row based on following condition
  `lauri_shop_order_item`.`product_id` = `lauri_shop_product`.`id`
  `lauri_shop_order_item`.`order_id` = 1

Add database indexes so we could rapidly search by these columns:

ALTER TABLE `lauri_shop_order` ADD INDEX (`user_id`);
ALTER TABLE `lauri_shop_order_item` ADD INDEX (`product_id`);
ALTER TABLE `lauri_shop_order_item` ADD INDEX (`order_id`);

Add foreign key constraints to bind one table to another:
Important note: the foreign keys fields must be indexed and the constraint name must be unique throughout the whole database (otherwise a "check data type" error occurs).

ALTER TABLE `lauri_shop_order`
ALTER TABLE `lauri_shop_order_item`
  ADD CONSTRAINT `product_fk` FOREIGN KEY (`product_id`) REFERENCES `lauri_shop_product` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION,
  ADD CONSTRAINT `order_fk` FOREIGN KEY (`order_id`) REFERENCES `lauri_shop_order` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION;

You should end up with a database schema like this:



  • Add orders.php for showing a list of orders belonging to a certain user. Copy boilerplate code from description.php.
  • Add orderdetail.php for listing items in a particular order. Use GET parameter 'id' to specify order id. Copy boilerplate code from description.php.
  • Split your CSS files to three: common design, design for displays and design for printers, check out page source of this.

Lecture/lab #7: Uploading files

We basically have two options for uploading files to server:

  • Use BLOB datatype for the column
  • Store filename in varchar field and move the file to an uploads directory

This is an example implementation for the latter. It calculates the SHA1 checksum of the file and appends the original file name extension. This way the files are deduplicated as well :)

    <form method="post" enctype="multipart/form-data">
      <input type="text" name="product_title"/>
      <input type="text" name="product_description"/>
      <input type="file" name="product_image" required/>
      <input type="file" name="product_thumbnail"/>
      <input type="submit"/>
    <!-- You also need:
    mkdir uploads
    chmod 777
    if (array_key_exists("product_image", $_FILES)) {
      $finfo = finfo_open(FILEINFO_MIME_TYPE);
      $mimetype = finfo_file($finfo, $_FILES["product_image"]["tmp_name"]);
      if ($mimetype != "application/pdf") die("Go away!");

      $checksum = sha1(file_get_contents(
        $_FILES["product_image"]["tmp_name"])) . "." .
        pathinfo($_FILES["product_image"]["name"], PATHINFO_EXTENSION);
      if (!file_exists("uploads/" . $checksum)) {
          "uploads/" . $checksum);
    <p>Mimetype was: <?= $mimetype; ?></p>
    <p>Checksum was: <a href="uploads/<?=$checksum;?>"><?=$checksum;?></a>
    <p>Filename was: <?=$_FILES["product_image"]["name"];?></p>
    <p>File stored at: <?=$_FILES["product_image"]["tmp_name"];?></p>

Lecture/lab #8: JavaScript and CSS selectors

This will simply load the file from given URL and place the response into #content

// In HTML we only have <button id="update_cart">Update cart</button> to trigger update
// and <div id="shopping_cart">Initially empty</div> for placing the shopping cart in the webpage

// Wait page to be loaded and then associate click event
document.addEventListener("DOMContentLoaded", function() {
   "click", updateCart

// This only defines updateCart function, but it does not run it!
function updateCart() {
  var request = new XMLHttpRequest();'GET', 'cart.php', true);

  // This is an example of callback
  request.onload = function() {
    // This function runs once response has been received
    if (request.status >= 200 && request.status < 400) {
      document.querySelector("#shopping_cart").innerHTML =

  // This will only start the request

Form submission is fairly easy with vanilla JavaScript as well, of course jQuery's $.post is a bit simpler:

function removeItem() {"Going to remove product with id from cart:", this.dataset.product_id);

  var formData = new FormData();
  formData.append("id", this.dataset.product_id);
  formData.append("count", -1);

  var request = new XMLHttpRequest();'POST', 'cart.php', true);

The dataset.product_id comes from the data- attributes, you can automatically generate these in cart.php:

  onClick="removeItem">Remove item</button>

Look here for more information about what kind of API-s you can use from JavaScript.

Image gallery

This is another example which we are going to implement for practice. It's a web application for uploading images. The images are grouped into albums and users can like each other's uploads.

Database schema:



  • Main page highlighting latest 50 uploads (index.php)
  • User registration (reg.php)
  • Upload view for uploading images once user has logged in (upload.php)
  • User view listing their albums with thumbnails (user.php)
  • Album view listing thumbnails only of this album (album.php)
  • Image view with list of people who liked it (image.php)
  • Ajax loaded like section (like.php)

You also need:

  • js/main.js
  • css/style.css
  • config.php for database settings, don't commit it to Git
  • header.php
  • footer.php

Use HTML5 input widget for uploading images, this way you can easily take a photo with your smartphone:

<input id="file" type="file" accept="image/*">

Use ImageMagick's PHP bindings to create a thumbnail of the uploaded picture:

$im = new Imagick("uploads/original.jpg");
$im->thumbnailImage(50, 50);

If you want to use ImageMagick on your own webserver, you might have to install the package yourself:

apt-get install php5-imagick

Use something like following to insert salted password hashes to the database:

$statement = $conn->prepare(
"insert into `lauri_gallery_user` (
values (?, ?, ?)");

// This will be random for every user registered
$salt = substr(str_shuffle(
    "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);

    sha1($salt . $_POST["password"]));

And to check credentials:

$statement = $conn->prepare("select * from lauri_gallery_user where email = ? and password_hash = SHA1(CONCAT(password_salt, ?))");

$statement->bind_param("ss", $_POST["email"], $_POST["password"]);

To force a "save as ..." dialog to appear for images you need to create a PHP file which spits out correct headers and then dumps the image file bytes:

header('Content-Disposition: attachment; filename="' . original_filename . '.jpg"');
readfile('uploads/' . original_file_hash . ".jpg");

Use following SQL join query to get two last uploaded images of a certain user:

on = lauri_gallery_image.album_id
    lauri_gallery_album.owner_id = ?
order by
    lauri_gallery_image.created desc
limit 2


Adding foreign keys

First add index to the referring row (owner_id of the table album) and referred row (id of the user table) by clicking on the Index button in the table structure view:


Once you have enabled indexing on the referring column and also referred column you can associate them like this, click on Relation view in the table structure page:


Select referred table/column and set on delete trigger to cascade and on update trigger to none:


Web server configuration and SSL

This time we discussed a bit devops - how to set up web server on your machine to serve your web application.

You can use any Ubuntu/Debian based machine and simply do:

sudo apt-get install apache2 libapache2-mod-php5 php5-mysqlnd

After that you can simply place files under /var/www/html and point your web browser to the IP address of the machine, which in case of your laptop is http://localhost

The easiest way to set up and manage a MySQL database is by installing phpMyAdmin:

sudo apt-get install phpmyadmin mysql-server

Password for the root database user is asked, remember to save this for later! Open up http://localhost/phpmyadmin and log in with username root and the same password. Remember that MySQL root user is distinct from the operating system user root!

Katrin will show you how to install and manage Ubuntu in Operating systems course.

To tweak Apache configuration file following directories:


After tweaking you need to restart the server of course:

service apache2 restart

To fake a domain name on your personal machine you can modify the hosts file and then point your web browser to that file:

Exercises, these you can do only on your personal machine at the moment:

  • Set up Apache 2 web server with two virtual hosts
  • Set up ID-card authentication for your website and attempt to grab the isikukood (national identification number) in the PHP code

real-time communications with nchan

This time we did some connection juggling with nchan, see demo here. Feel free to integrate it to your web shop customer support :)

Chatroom HTML:

<!DOCTYPE html>
    <meta charset="utf-8"/>
    <title>This goes into the titlebar</title>
    <script type="text/javascript" src="js/main.js"></script>
    <div>Messages go here</div>
    <input id="name" type="text" placeholder="Nick goes here"/>
    <input id="msg" type="text" placeholder="Your msg goes here"/>
    <button onClick="sendMessage();">Go!</button>

Chatroom JavaScript:

// EventSource is sort of like a class
var source = new EventSource("");

// Here we associate a function with the event of message coming in
source.onmessage = function(event) {
  console.log("Received server-sent event:",;
  document.querySelector("div").innerHTML +=
      "<br/>" +;

function sendMessage() {
  var request = new XMLHttpRequest();'POST', '', true);
  var data = document.querySelector("#name").value + ": " +
	document.querySelector("#msg").value;"About to send:", data);

Python client example:

import requests
# requests is performing HTTP request
r = requests.get("",
	headers={"Accept": "text/event-stream"}, stream=True)

for line in r.iter_lines():
    print "Got line:", line

If you want to set up nchan server yourself the configuration in /etc/nginx/sites-enabled/blah

server {
    listen 80;
    listen 443 ssl;

    location /pub {
        nchan_publisher http;
        #allow; # Whitelist this IP address for publishing
        nchan_channel_id $arg_id;
        add_header Access-Control-Allow-Origin;

    location ~ "^/lp/(.*)" {
        nchan_subscriber longpoll;
        nchan_channel_id $1;

    location ~ "^/ev/(.*)" {
        nchan_subscriber eventsource;
        nchan_channel_id $1;


Following are the requirements for the traditional+modern web application:

  • It doesn't look terrible a'la jurandi kodukas.
  • Makes use of WebFonts
  • Makes use of HTML5 input types
  • Makes use of CSS3 styling
  • Makes use of JavaScript additional user input validation.
  • Makes use of server side programming language (eg PHP, node.js, Python, Ruby)
  • Makes use of a database eg (MySQL, Postgres or NoSQL) in a safe manner, avoids SQL injections.
  • Mobile friendly, same web application has to work comfortably on desktop, phones and tablets as well.
  • Makes use of cookies for sessions.
  • Conforms to standards, use W3C Validation Service to check.
  • Can be used by visually impaired people, this usually means the web application has to be usable from a text-based web browser such as links, lynx or w3m.

Optional features

  • Estonian ID-card login
  • Social network login buttons
  • Use nchan or node.js etc for implementing real-time communication between the server and web browser using EventSource or WebSockets.

Deployment on school infrastructure

Traditional PHP+MySQL can be deployed on

  • if you're using Windows computers at school simply place the PHP files under H:\public_html
  • if you're using Ubuntu computers at school simply place the PHP files under ~/Documents/public_html
  • if you're using Windows remotely use PuTTY, WinSCP or Swish to connect to with your school credentials
  • if you're using Ubuntu remotely, press Ctrl-L in file browser and enter s

Use phpMyAdmin on to administer the database, the username is test and password is t3st3r123

This category currently contains no pages or media.