Transcript ParzoofNew

Welcome to Parzoof!
Presented by:
Idan Hodor
Boaz Farkash
Instructor: Viktor Kullikov
Project Goals
 Learn how to design and implement a modern end-to-
end Web Project.
 Learn C# and the .NET framework.
 Get acquainted with the Microsoft Web Development
environment:
• Visual Studio
• ASP.NET
What we’ve learned
 C# and the .NET framework.
 ASP.NET
 Relational databases – SQL Server
 Connecting to data via ADO.NET
 Web design: HTML, XHTML, CSS.
 And the toughest part: Putting it all together with the 3-
tier approach.
Project Description
 Parzoof is a social networking website for students,
inspired by Facebook.
 Students can browse each others profiles, exchange
public and private messages, find friends and upload
pictures.
 Each user has his own profile page, which is dynamically
built by content that he and his friends add.
3-Tier Design
 Purpose:
• Divide design into layers that have
different purposes.
• Each layer can be independently
maintained and improved, while the
connecting interfaces remain
unchanged.
• Scalability
• Robustness
Tier 0 - Database
Tier 0 - Database
 Stored Procedures act as the interface to the database.
 SPs are precompiled – better performance.
 Transactions - prevent data corruption.
 Return parameters – reduce number of database accesses.
 Changes in the database are easy to implement.
 This is why we preferred using SPs over using Queries.
 Views were used to gather data for quicker access.
 They are also precompiled.
 GUID were used as primary keys:
 They are easy two handle. No two GUIDs are the same.
 Data is not deleted – it is marked as invalid.
Tier 1 - DAL
• The DAL acts as an abstraction layer between the BL and
the database.
• Using ADO.Net it connects to SQL Server and gets data to
the next layer.
• We designed it so that the BL user doesn’t need to know
anything about the data or ADO.
• Switching to another data provider is quick and easy.
Tier 1 – DAL – in depth
• DAL.cs - A singleton class in charge of data fetching.
• Connection.cs – In charge of creating the ADO connection to SQL
server.
• Query.cs – This class runs the ADO commands and serves as another
abstraction layer for the DAL. The SPs are run by this class. The DAL
uses this class to add parameters, and select what kind of data type he
would like to get the data in: DataTableReader / Array …
Tier 2 – Business Logic
• 6 Major Classes are Handled:
1.
2.
3.
4.
5.
6.
7.
8.
Student
Friend
Faculty
Private Message
Public Message
Picture
Login
Register
Tier 2 – Business Logic





For each major class, there is an Array class which contains an
array of that class:
MessagePrivateArray
MessgaePublicArray
PictureArray
FriendArray
FacultyArray
Each Array class contains an ArrayList Object that contains
objects from that class and some additional information about
the List.
Tier 2 – Business Logic
The Use of ArrayList:
 The ArrayList is dynamically enlarged when new
objects are inserted, make it very space friendly. No
waist of space.
 ArrayList Object are easy to manipulate.
 The .Net functions works smoothly with the
ArrayList objects, making it is to present the Data on
screen.
 Arraylist is much lighter than DataTableReader,
and much easier to handle than an Array.
Tier 2 – Business Logic – in depth
Password Security
• In order to keep the passwords safe, they are encrypted.
• Upon registration, a random salt number is created and is
hashed with the passwords using SHA1 (Secure Hash
Algorithm).
Password Security - continued
Registration:
User Password
New Random salt number
SHA1
Hashed Password
Using the Session State
 The session is used to hold data we need frequently
across pages.
 Advantages:
 Reduces number of database accesses.
 Faster than accessing the database.
 Process independent – runs in a separate process than
the host ASP.Net process.
 Can hold BL objects, and therefore greatly simplifies
cross page data transfer.
Session State - continued
 We use the session mainly to store this information:
1. Login Status – Logged in / Signed out.
2. Active Student – The student object of the logged in
user.
3. Viewed Student – The student whose profile is being
watched at the moment.

To increase security, we changed the session timeout.
Image Handling
 Upon upload, each image is named with a GUID and stored
in the same place:
 Prevents filename collisions.
 Doesn’t put out in the open which pictures belong to which
user.
 A custom control makes browsing through photos in
thumbnail view or full view intuitive and easy.
Image Handling - Continued
 To add ‘Next’ & ‘Previous’ viewing capabilities for thumbnails
and full pictures, small bits of data need to be moved from page
to page.
 Instead of using the session for this, we used the “Query
String”, which stores the data in the URL:
http://.../Pages/Pictures.aspx?NumOfPicturePages=2&CurrentPicturePage=2&NumOfPictures=12
• This is more lightweight than using the session.
Error Logging
 To keep track of errors we used Windows Event
Viewer.
 Errors are caught with try-catch statements, and
are written to the Event Viewer.
Tier 3 – Presentation Layer
Presentation Layer – XHTML & CSS
 Designing in a standard compliant way means separating
structure from appearance.
 XHTML is only used to define the structure of the page.
 CSS is in charge of how the structure looks.
 Advantages:
 Easier to read HTML code.
 Graphical design can be changed without affecting the aspx
files.
Presentation Layer – Master Pages
 In order to create an illusion that the entire website and all
its pages are one entity – Master Pages are used.
 The Master Page acts as a frame that can host different child
pages and interact with them.
Presentation Layer - Custom Controls
 Advantages of using custom controls:
 Reusability – The same control can be used in different
pages. Besides saving time for the developer, this is also
helpful for the user: New pages that use same controls feel
familiar and easier to handle.
 Simplicity – Their code behind fulfills a certain logic, which
isn’t tied to a particular page.
Thank you for listening
Suggestions for improvement
 Moving to AJAX
 Using JavaScript to enhance the user experience
 Improve Image handling with real thumbnail creation and
image resizing.
 Include email notifications.