Transcript ParzoofNew
Welcome to Parzoof! Presented by: Idan Hodor Boaz Farkash Instructor: Viktor Kullikov Project Goals Learn how to design and implement a modern end-to- end Web Project. Learn C# and the .NET framework. Get acquainted with the Microsoft Web Development environment: • Visual Studio • ASP.NET What we’ve learned C# and the .NET framework. ASP.NET Relational databases – SQL Server Connecting to data via ADO.NET Web design: HTML, XHTML, CSS. And the toughest part: Putting it all together with the 3- tier approach. Project Description Parzoof is a social networking website for students, inspired by Facebook. Students can browse each others profiles, exchange public and private messages, find friends and upload pictures. Each user has his own profile page, which is dynamically built by content that he and his friends add. 3-Tier Design Purpose: • Divide design into layers that have different purposes. • Each layer can be independently maintained and improved, while the connecting interfaces remain unchanged. • Scalability • Robustness Tier 0 - Database Tier 0 - Database Stored Procedures act as the interface to the database. SPs are precompiled – better performance. Transactions - prevent data corruption. Return parameters – reduce number of database accesses. Changes in the database are easy to implement. This is why we preferred using SPs over using Queries. Views were used to gather data for quicker access. They are also precompiled. GUID were used as primary keys: They are easy two handle. No two GUIDs are the same. Data is not deleted – it is marked as invalid. Tier 1 - DAL • The DAL acts as an abstraction layer between the BL and the database. • Using ADO.Net it connects to SQL Server and gets data to the next layer. • We designed it so that the BL user doesn’t need to know anything about the data or ADO. • Switching to another data provider is quick and easy. Tier 1 – DAL – in depth • DAL.cs - A singleton class in charge of data fetching. • Connection.cs – In charge of creating the ADO connection to SQL server. • Query.cs – This class runs the ADO commands and serves as another abstraction layer for the DAL. The SPs are run by this class. The DAL uses this class to add parameters, and select what kind of data type he would like to get the data in: DataTableReader / Array … Tier 2 – Business Logic • 6 Major Classes are Handled: 1. 2. 3. 4. 5. 6. 7. 8. Student Friend Faculty Private Message Public Message Picture Login Register Tier 2 – Business Logic For each major class, there is an Array class which contains an array of that class: MessagePrivateArray MessgaePublicArray PictureArray FriendArray FacultyArray Each Array class contains an ArrayList Object that contains objects from that class and some additional information about the List. Tier 2 – Business Logic The Use of ArrayList: The ArrayList is dynamically enlarged when new objects are inserted, make it very space friendly. No waist of space. ArrayList Object are easy to manipulate. The .Net functions works smoothly with the ArrayList objects, making it is to present the Data on screen. Arraylist is much lighter than DataTableReader, and much easier to handle than an Array. Tier 2 – Business Logic – in depth Password Security • In order to keep the passwords safe, they are encrypted. • Upon registration, a random salt number is created and is hashed with the passwords using SHA1 (Secure Hash Algorithm). Password Security - continued Registration: User Password New Random salt number SHA1 Hashed Password Using the Session State The session is used to hold data we need frequently across pages. Advantages: Reduces number of database accesses. Faster than accessing the database. Process independent – runs in a separate process than the host ASP.Net process. Can hold BL objects, and therefore greatly simplifies cross page data transfer. Session State - continued We use the session mainly to store this information: 1. Login Status – Logged in / Signed out. 2. Active Student – The student object of the logged in user. 3. Viewed Student – The student whose profile is being watched at the moment. To increase security, we changed the session timeout. Image Handling Upon upload, each image is named with a GUID and stored in the same place: Prevents filename collisions. Doesn’t put out in the open which pictures belong to which user. A custom control makes browsing through photos in thumbnail view or full view intuitive and easy. Image Handling - Continued To add ‘Next’ & ‘Previous’ viewing capabilities for thumbnails and full pictures, small bits of data need to be moved from page to page. Instead of using the session for this, we used the “Query String”, which stores the data in the URL: http://.../Pages/Pictures.aspx?NumOfPicturePages=2&CurrentPicturePage=2&NumOfPictures=12 • This is more lightweight than using the session. Error Logging To keep track of errors we used Windows Event Viewer. Errors are caught with try-catch statements, and are written to the Event Viewer. Tier 3 – Presentation Layer Presentation Layer – XHTML & CSS Designing in a standard compliant way means separating structure from appearance. XHTML is only used to define the structure of the page. CSS is in charge of how the structure looks. Advantages: Easier to read HTML code. Graphical design can be changed without affecting the aspx files. Presentation Layer – Master Pages In order to create an illusion that the entire website and all its pages are one entity – Master Pages are used. The Master Page acts as a frame that can host different child pages and interact with them. Presentation Layer - Custom Controls Advantages of using custom controls: Reusability – The same control can be used in different pages. Besides saving time for the developer, this is also helpful for the user: New pages that use same controls feel familiar and easier to handle. Simplicity – Their code behind fulfills a certain logic, which isn’t tied to a particular page. Thank you for listening Suggestions for improvement Moving to AJAX Using JavaScript to enhance the user experience Improve Image handling with real thumbnail creation and image resizing. Include email notifications.