1 |
%$Header: /home/dashley/cvsrep/e3ft_gpl01/e3ft_gpl01/webprojs/fboprime/docs/manual/manual.tex,v 1.36 2006/04/10 04:28:07 dashley Exp $
|
2 |
%-----------------------------------------------------------------------------------
|
3 |
%Notational conventions:
|
4 |
% o Software product names are placed in italics (\emph{}), both in
|
5 |
% the text and in the index.
|
6 |
% o Unix commands are placed in italics (\emph{}).
|
7 |
% o Database table names are shown in italics (\emph{}), both in the text and
|
8 |
% in the index.
|
9 |
% o Database table field names are shown in italics (\emph{}).
|
10 |
% o Include file names are shown in Courier-like text (\texttt{}).
|
11 |
% o Standalone script names are shown in Courier-like text (\texttt{}).
|
12 |
%-----------------------------------------------------------------------------------
|
13 |
\documentclass[letterpaper,10pt,titlepage]{article}
|
14 |
%
|
15 |
%\pagestyle{headings}
|
16 |
%
|
17 |
\usepackage{amsmath}
|
18 |
\usepackage{amsfonts}
|
19 |
\usepackage{amssymb}
|
20 |
\usepackage[ansinew]{inputenc}
|
21 |
\usepackage[OT1]{fontenc}
|
22 |
\usepackage{graphicx}
|
23 |
\usepackage{makeidx}
|
24 |
%
|
25 |
%
|
26 |
%Define certain conspicuous global constants.
|
27 |
\newcommand{\productbasename}{FBO-Prime}
|
28 |
\newcommand{\productversion}{0.1}
|
29 |
\newcommand{\productname}{\productbasename{}-\productversion}
|
30 |
%
|
31 |
%New environments
|
32 |
%The following environment is for the glossary of terms at the end.
|
33 |
\newenvironment{docglossaryenum}{\begin{list}
|
34 |
{}{\setlength{\labelwidth}{0mm}
|
35 |
\setlength{\leftmargin}{4mm}
|
36 |
\setlength{\itemindent}{-4mm}
|
37 |
\setlength{\parsep}{0.85mm}}}
|
38 |
{\end{list}}
|
39 |
%%
|
40 |
%The following environment is for the database table and field
|
41 |
%documentation at the end.
|
42 |
\newenvironment{docdbtblfielddef}{\begin{list}
|
43 |
{}{\setlength{\labelwidth}{0mm}
|
44 |
\setlength{\leftmargin}{10mm}
|
45 |
\setlength{\itemindent}{-5mm}
|
46 |
\setlength{\parsep}{0.85mm}}}
|
47 |
{\end{list}}
|
48 |
%%
|
49 |
|
50 |
%Embarrassingly, I've forgotten why "makeindex" is necessary ...
|
51 |
\makeindex
|
52 |
%
|
53 |
\begin{document}
|
54 |
%-----------------------------------------------------------------------------------
|
55 |
%"See" References
|
56 |
%-----------------------------------------------------------------------------------
|
57 |
%%%%% M %%%%%
|
58 |
\index{Dawn Masternak|see{Masternak, Dawn}}
|
59 |
\index{Eric Metzger|see{Metzger, Eric}}
|
60 |
\index{Sunhee Metzger|see{Metzger, Sunhee}}
|
61 |
%%%%% W %%%%%
|
62 |
\index{Theresa Whiting|see{Whiting, Theresa}}
|
63 |
\index{Dan Wynja|see{Wynja, Dan}}
|
64 |
%-----------------------------------------------------------------------------------
|
65 |
\title{\emph{\productname{}} Installation, Maintenance, and User Manual}
|
66 |
\author{\vspace{1cm}\\David T. Ashley\\\texttt{dta@e3ft.com}\\\vspace{1cm}}
|
67 |
\date{\vspace*{8mm}\small{Version Control $ $Revision: 1.36 $ $ \\
|
68 |
Version Control $ $Date: 2006/04/10 04:28:07 $ $ (UTC) \\
|
69 |
$ $RCSfile: manual.tex,v $ $ \\
|
70 |
\LaTeX{} Compilation Date: \today{}}}
|
71 |
\maketitle
|
72 |
|
73 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
74 |
%Abstract confirmed OK, DTA, 20060304.
|
75 |
%
|
76 |
\begin{abstract}
|
77 |
This document describes in detail
|
78 |
the \emph{\productbasename{}} web-based
|
79 |
FBO support software, version \productversion{}\@. The
|
80 |
document provides substantial technical detail and is suitable
|
81 |
for server administrators, webmasters, and users.
|
82 |
|
83 |
At present, \emph{\productbasename{}}
|
84 |
software provides only web-based resource
|
85 |
scheduling (for aircaft, simulators,
|
86 |
and flight instructors)\@. However, in the future, it may be enhanced
|
87 |
to provide additional functionality for FBOs or
|
88 |
to provide support for the aviation community that almost
|
89 |
always surrounds an FBO (such as by providing support for various
|
90 |
types of aviation associations).
|
91 |
|
92 |
The software is designed to run satisfactorily in the environment
|
93 |
available through most web hosting companies on a shared
|
94 |
Linux server.
|
95 |
|
96 |
A single instance of the software has the capability to support only one FBO
|
97 |
(and it uses only one \emph{MySQL} database)\@. However, an arbitrary number of
|
98 |
instances of the software may be installed on a single server, supporting an
|
99 |
arbitrary number of FBOs (with each instance using one \emph{MySQL} database).
|
100 |
|
101 |
The software is offered under the GPL, and is free
|
102 |
both monetarily and in an intellectual property sense.
|
103 |
\end{abstract}
|
104 |
|
105 |
\clearpage{}
|
106 |
\pagenumbering{roman} %No page number on table of contents.
|
107 |
\tableofcontents{}
|
108 |
\clearpage{}
|
109 |
\listoffigures
|
110 |
\clearpage{}
|
111 |
|
112 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
113 |
%Force the page number to 1. We don't want to number the table of contents
|
114 |
%page.
|
115 |
%
|
116 |
\setcounter{page}{1}
|
117 |
\pagenumbering{arabic}
|
118 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
119 |
|
120 |
\section{Introduction, Overview, and Miscellany}
|
121 |
\label{siov0}
|
122 |
|
123 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
124 |
|
125 |
\subsection{Acknowledgements}
|
126 |
\label{siov0:sack0}
|
127 |
|
128 |
I am very grateful to all of the following individuals and institutions:
|
129 |
|
130 |
\begin{itemize}
|
131 |
\item The original authors of
|
132 |
\index{ORS@\emph{ORS}}\emph{ORS} \cite{bibref:p:ors},
|
133 |
who answered all questions by e-mail and were very supportive in
|
134 |
this endeavor. Additionally, the designs of the
|
135 |
\emph{\productbasename{}} web pages are heavily borrowed from
|
136 |
\emph{ORS}\@. The authors of \emph{ORS} saved me \emph{much} design time in
|
137 |
figuring out how to achieve the desired effects with HTML.
|
138 |
\item \index{Masternak, Dawn}Dawn
|
139 |
Masternak \cite{bibref:i:masternakdawn} for original ideas about
|
140 |
reimplementing the website.
|
141 |
\item \index{Whiting, Theresa}Theresa Whiting \cite{bibref:i:whitingtheresa}
|
142 |
and
|
143 |
\index{Wynja, Daniel}Dan Wynja \cite{bibref:i:wynjadaniel}
|
144 |
for numerous technical, functionality, and usability
|
145 |
observations and suggestions.
|
146 |
\item \index{Metzger, Eric}Eric and
|
147 |
\index{Metzger, Sunhee} Sunhee Metzger \cite{bibref:i:metzgereric}
|
148 |
for allowing me to use the Marshall FBO as a testbed for
|
149 |
this software.
|
150 |
\item \index{Rostamian, Rouben}Rouben Rostamian \cite{bibref:i:rostamianrouben} for assistance with
|
151 |
the simple expression for scheduling interval overlap
|
152 |
(see Eq. \ref{eq:stbg0:sdov0:01}, p. \pageref{eq:stbg0:sdov0:01}).
|
153 |
\end{itemize}
|
154 |
|
155 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
156 |
|
157 |
\subsection{History}
|
158 |
\label{siov0:shis0}
|
159 |
|
160 |
In 2005, the \index{Marshall Aviation Center}Marshall Aviation Center
|
161 |
(hereinafter referred to as \index{MAC}\emph{MAC}) was succeeded by
|
162 |
\index{Metzger's Aircraft Services}Metzger's Aircraft Services (hereinafter
|
163 |
referred to as \index{MAS}\emph{MAS}) as the FBO at the Marshall,
|
164 |
Michigan, USA airport.
|
165 |
|
166 |
The web hosting and database development for MAC had been handled by
|
167 |
\index{Kalamazoo Software}Kalamazoo Software \cite{bibref:com:kalsoft}\@.
|
168 |
\index{Masternak, Dawn}Dawn Masternak \cite{bibref:i:masternakdawn},
|
169 |
the office manager at
|
170 |
MAC, had been dissatisfied with Kalamazoo Software for these reasons:
|
171 |
|
172 |
\begin{itemize}
|
173 |
\item The base price of \$99/month for the web presence with a scheduler
|
174 |
seemed high.
|
175 |
\item Dawn had the subjective impression that MAS was being overbilled
|
176 |
for website changes. Her impression was that changes
|
177 |
requiring about 1/2 hour of time were typically billed for 1-2 hours.
|
178 |
\end{itemize}
|
179 |
|
180 |
MAC spent, on average, approximately \$2,000/year for the web presence with
|
181 |
aircraft scheduler. For a small
|
182 |
business, this is a significant expenditure. It was natural to investigate
|
183 |
whether it could be done less expensively.
|
184 |
|
185 |
When MAS assumed the FBO in 2005, the arrangement with Kalamazoo Software was
|
186 |
discontinued, and MAS hosted the site with
|
187 |
\index{Ashley, David}Dave Ashley \cite{bibref:i:ashleydavidt} using
|
188 |
\index{ORS@\emph{ORS}}ORS \cite{bibref:p:ors} on an experimental basis.
|
189 |
|
190 |
After a period of experimentation, it was determined that ORS would perform
|
191 |
satisfactorily. Experimentally, the MAS website was moved to
|
192 |
\index{Hagen Hosting}Hagen Hosting \cite{bibref:hagenhostingweb}. After
|
193 |
a few weeks of hosting with Hagen Hosting, all user data was lost (and had to
|
194 |
be restored by Dave Ashley) twice in one week. Correspondence with
|
195 |
Hagen Hosting revealed that HTTP server issues that
|
196 |
could not be quickly resolved were the root cause (these issues
|
197 |
had caused difficulties for other customers as well). To prevent further hiccups, the MAS
|
198 |
website was moved back to Dave Ashley.
|
199 |
|
200 |
The nature of the technical hiccups with Hagen Hosting was probably that
|
201 |
an HTTPD process was dying unexpectedly. Because ORS works by fully reading
|
202 |
and then fully writing files, HTTPD processes that die unexpectedly could result
|
203 |
in truncated or incompletely written data files. The file that was damaged
|
204 |
when the site was hosted with Hagen Hosting was truncated to zero length twice
|
205 |
in one week. The technical design of ORS is sound, but an implementation
|
206 |
using a \index{MySQL@\emph{MySQL}}\emph{MySQL}
|
207 |
\cite{bibref:c:mysql} database would be more resilient with respect to
|
208 |
dying HTTPD processes (and hence might be more reliable on a heavily-loaded server).
|
209 |
|
210 |
In January of 2006, the ORS source code was examined in detail by
|
211 |
Dave Ashley with the aim of customizing it to provide more user privacy
|
212 |
and meet other goals of MAS\@. It was determined that it wasn't a good investment to
|
213 |
modify the source code, and instead it was decided to rewrite the resource scheduler
|
214 |
from scratch as a \emph{MySQL} implementation.
|
215 |
\emph{\productbasename{}} (the software described in this document)
|
216 |
is the rewrite.
|
217 |
|
218 |
|
219 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
220 |
|
221 |
\subsection{Suboptimal Characteristics of ORS}
|
222 |
\label{siov0:ssco0}
|
223 |
|
224 |
It was determined (in 2005 and 2006)
|
225 |
that ORS \cite{bibref:p:ors}
|
226 |
has the following characteristics that make it suboptimal
|
227 |
for use by MAS:
|
228 |
|
229 |
\begin{enumerate}
|
230 |
\item The file-based database implementation is vulnerable to
|
231 |
dying HTTPD processes, and may make the product unsuitable for
|
232 |
hosting on heavily-loaded servers (which would impede the ability
|
233 |
to move the MAS site to a professional web hosting company).
|
234 |
\item Performance issues include:
|
235 |
\begin{enumerate}
|
236 |
\item Scheduler page loads were sometimes noticeably slow,
|
237 |
taking several seconds (but at other times taking less
|
238 |
than a second).
|
239 |
\item The file-based implementation requires that \emph{all}
|
240 |
data be read on every page load ($O(N)$ or worse).
|
241 |
\item The mutual exclusion mechanism (a lockfile to prevent
|
242 |
others processes from reading any scheduler file)
|
243 |
has performance disadvantages in a heavy usage environment.
|
244 |
\item Regular maintenance (backups, database pruning)
|
245 |
is integrated with the page loads. This also
|
246 |
contributes to slow page loads.
|
247 |
\end{enumerate}
|
248 |
\item There may be security issues, as some of the files intended to be
|
249 |
PHP include files can be directly executed by forming an appropriate
|
250 |
URL\@. It is unclear what attacks may be possible.
|
251 |
\item The paradigm of user privacy isn't what MAS desires. It is
|
252 |
possible for users to get unnecessary and potentially private
|
253 |
information about other users. Specific information that shouldn't be
|
254 |
obtainable in the MAS environment includes:
|
255 |
\begin{itemize}
|
256 |
\item A list of the other users (no relevance to a customer
|
257 |
scheduling an airplane, simulator, and/or instructor).
|
258 |
\item Identity of person reserving aircraft at various times (no relevance
|
259 |
to a person scheduling an airplane, simulator, or instructor).
|
260 |
\item Comments included with the reservation (for discovery flights, this often involves
|
261 |
names and phone numbers---not relevant to other customers).
|
262 |
\end{itemize}
|
263 |
\item For members of the line crew working at MAS, the authentication timeout
|
264 |
period is too short (as an employee works behind the counter during a
|
265 |
business day, they need to authenticate \emph{several} times).
|
266 |
\item The way in which the hours of a day's schedule are displayed means that
|
267 |
the late night and early morning hours can't be easily viewed. It would
|
268 |
be helpful to have scheduling views that are more ``free form'' where:
|
269 |
\begin{itemize}
|
270 |
\item One can freely scroll forward and backwards in time, without respect
|
271 |
to time and calendar boundaries.
|
272 |
\item One can freely zoom in and out, obtaining finer and coarser views
|
273 |
of scheduling.
|
274 |
\end{itemize}
|
275 |
\item The calendaring system makes it awkward to move around between dates.
|
276 |
It seems that a calendar with one or more months displayed and where one can
|
277 |
directly click on a day of interest might be easier to use.
|
278 |
\item The display of half-hours is awkward (the ``:30'')\@. A simpler
|
279 |
method is to textually display only whole hours but have it clear
|
280 |
by the geometry (i.e. where rectangles begin) whether a reservation
|
281 |
begins on a whole or half hour.
|
282 |
\item Aircraft/simulators and flight instructors have to be scheduled separately, even for
|
283 |
a simple instructional appointment.
|
284 |
\item The ORS notion of ``hiding'' aircraft a user can't schedule is a good one,
|
285 |
but there are those occasions where the user wants to see aircraft they can't
|
286 |
schedule, so there needs to be an override available to the user.
|
287 |
(Example: maybe a user can't fly a multi-engine aircraft, but they
|
288 |
want to get a quick ride somewhere in such an aircraft with a flight instructor.
|
289 |
In this case it would help to figure out the availability of the aircraft
|
290 |
before making a phone call.)
|
291 |
\item Users like \emph{Line}, \emph{Crew}, or \emph{Maint} are awkward (they require a separate
|
292 |
account under ORS). Instead, users should always log in as themselves (i.e.
|
293 |
authentication tied to the individual, always), and some users should by default have things
|
294 |
they schedule appear as a ``pseudo-user'' such as \emph{Line}, \emph{Crew}, or \emph{Maint}.
|
295 |
It is also important that they be able to schedule as themselves---this covers the case
|
296 |
where a line employee is taking flight lessons, and perhaps other cases as well.
|
297 |
\item Storing passwords in the clear is ill-advised. The more modern way of thinking
|
298 |
is hashed storage with password test and reset ability only.
|
299 |
\item ORS isn't the right framework for expansion to meet the other needs
|
300 |
of MAS (such as electronic maintenance of student training records,
|
301 |
support of other aviation organizations associated with the FBO, etc.).
|
302 |
\end{enumerate}
|
303 |
|
304 |
|
305 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
306 |
|
307 |
\subsection{Software and Documentation License}
|
308 |
\label{siov0:slic0}
|
309 |
|
310 |
The \emph{\productbasename{}} software and all associated documentation
|
311 |
(including this document)
|
312 |
is licensed under the
|
313 |
\index{GNU Public License (GPL)}GNU Public License \cite{bibref:gnuorgweb}.
|
314 |
The software is free both in a monetary and in an intellectual property sense.
|
315 |
|
316 |
Please note that the GPL may impose the requirement that if the source code
|
317 |
is modified, the modifications be made available publicly.
|
318 |
|
319 |
|
320 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
321 |
|
322 |
\subsection{Obtaining the Software}
|
323 |
\label{siov0:sosw0}
|
324 |
|
325 |
The software is viewable via \emph{ViewCVS}, and
|
326 |
later the server will be set up to make nightly tarballs of the tip of the
|
327 |
CVS archives and perhaps also to allow anonymous CVS
|
328 |
access. This will be finalized when the software is more mature.
|
329 |
|
330 |
|
331 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
332 |
|
333 |
\subsection{Requesting Changes to this Document}
|
334 |
\label{siov0:scdo0}
|
335 |
|
336 |
I'm very sensitive to issues of readability, organization,
|
337 |
and indexing.
|
338 |
|
339 |
Please forward suggestions for simple changes
|
340 |
(typographical mistakes, grammar issues, indexing issues, etc.)
|
341 |
to me (Dave Ashley \cite{bibref:i:ashleydavidt}).
|
342 |
|
343 |
For more complex changes or enhancements
|
344 |
(such as the rewrite or addition of a paragraph or section),
|
345 |
you might consider
|
346 |
modifying the \LaTeX{} source code directly and e-mailing me the entire document
|
347 |
or the rewritten/added section. (There is, of course, a small possibility that I
|
348 |
would reject a change---so advance coordination about the proposed
|
349 |
changes would be prudent.)
|
350 |
|
351 |
This document is maintained under a version control system (note the revision
|
352 |
information on the title page), so changes are very easy to accommodate.
|
353 |
|
354 |
|
355 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
356 |
|
357 |
\subsection{Feature Wish List}
|
358 |
\label{siov0:sfwl0}
|
359 |
|
360 |
The following features will be incorporated
|
361 |
in future releases of \emph{\productbasename{}}:
|
362 |
|
363 |
\begin{enumerate}
|
364 |
\item \textbf{Demonstration mode:}
|
365 |
a configuration constant that will allow the software to be
|
366 |
run on a demonstration website to demonstrate its capabilities.
|
367 |
Demonstration mode would include login without authentication
|
368 |
and automatic periodic purge of data.
|
369 |
\end{enumerate}
|
370 |
|
371 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
372 |
|
373 |
\subsection{Software Recommendations}
|
374 |
\label{siov0:ssrc0}
|
375 |
|
376 |
TBD\@. (This section is reserved for recommendations concerning software
|
377 |
an FBO might use to maintain a website.)
|
378 |
|
379 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
380 |
|
381 |
\subsection{Hosting Company Recommendations}
|
382 |
\label{siov0:shrc0}
|
383 |
|
384 |
TBD\@. (This section is reserved for recommendations for hosting companies
|
385 |
that provide hosting plans and equipment known to work well with \emph{\productbasename{}}.)
|
386 |
|
387 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
388 |
|
389 |
\section{Theory of Operation, Installation, and Maintenance}
|
390 |
\label{sins0}
|
391 |
|
392 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
393 |
|
394 |
\subsection{Theory of Operation}
|
395 |
\label{sins0:sots0}
|
396 |
|
397 |
Logically, the server source code is composed of three components:
|
398 |
|
399 |
\begin{itemize}
|
400 |
\item A set of PHP scripts that are executed in response
|
401 |
to HTTP requests (described in
|
402 |
\S{}\ref{swpg0}, p. \pageref{swpg0}). These files all reside in the same directory
|
403 |
of an \emph{Apache} \emph{DocumentRoot} or are \emph{Alias}'d or
|
404 |
\emph{ScriptAlias}'d into the \emph{Apache} namespace.
|
405 |
|
406 |
All of these files have the extension \emph{.php}.
|
407 |
\item A set of PHP library files that are included
|
408 |
and used by the \emph{.php} files
|
409 |
(described in \S{}\ref{sphl0}, p. \pageref{sphl0}).
|
410 |
|
411 |
All of these files have the extension \emph{.inc}.
|
412 |
\item A set of standalone PHP utility scripts that can be executed
|
413 |
to perform various utility functions
|
414 |
(described in \S{}\ref{ssas0}, p. \pageref{ssas0}). These
|
415 |
scripts are designed to be executed from a shell or a cron job.
|
416 |
|
417 |
These utility scripts
|
418 |
can be located anywhere except where they can be
|
419 |
executed in response to HTTP requests, but the recommended location
|
420 |
is with the PHP library files.
|
421 |
|
422 |
All of these utility scripts have the extension \emph{.php}.
|
423 |
\end{itemize}
|
424 |
|
425 |
The \emph{\productbasename{}} software works in the following way:
|
426 |
|
427 |
\begin{itemize}
|
428 |
\item Some \emph{.php} scripts
|
429 |
(\S{}\ref{swpg0})
|
430 |
are executed in response to web
|
431 |
visits. These \emph{.php} scripts allow users and
|
432 |
administrators to view and modify user and scheduling
|
433 |
information using a web browser.
|
434 |
\item Some utility \emph{.php} scripts
|
435 |
(\S{}\ref{ssas0})
|
436 |
are executed periodically
|
437 |
by the *nix system, normally via \emph{cron}.
|
438 |
These scripts perform database maintenance
|
439 |
and promote standby reservations.
|
440 |
\item Some utility \emph{.php} scripts
|
441 |
(\S{}\ref{ssas0})
|
442 |
are manually executed in special
|
443 |
circumstances (for example, to
|
444 |
initialize the database or if an administrator password is lost).
|
445 |
\item All \emph{.php} scripts may include \emph{.inc} files
|
446 |
(\S{}\ref{sphl0})
|
447 |
in the PHP library. (These include files are shared
|
448 |
between all PHP scripts, and provide a way to localize functionality
|
449 |
so that changes need to be made in only one place.)
|
450 |
\item All \emph{.php} scripts may interact with the
|
451 |
\emph{MySQL} server (by executing SQL queries)
|
452 |
in order to store, modify, and retrieve user and scheduling
|
453 |
information.
|
454 |
\end{itemize}
|
455 |
|
456 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
457 |
|
458 |
\subsection{Administrator Requirements}
|
459 |
\label{sins0:sarq0}
|
460 |
|
461 |
The instructions in this document assume that the individual attempting to install
|
462 |
\emph{\productbasename{}} has solid Unix administration skills. The individual
|
463 |
attempting to install \emph{\productbasename{}} must have these skills:
|
464 |
|
465 |
\begin{itemize}
|
466 |
\item An understanding of Unix file and directory permissions, including:
|
467 |
\begin{itemize}
|
468 |
\item \index{UID}UID,
|
469 |
\index{GID}GID, and the standard Unix file and directory permission bits.
|
470 |
\item \index{chmod@\emph{chmod}}\emph{chmod},
|
471 |
\index{chown@\emph{chown}}\emph{chown}, and other commands used to modify
|
472 |
Unix file and directory permission bits.
|
473 |
\end{itemize}
|
474 |
\item An understanding of standard Unix commands, including
|
475 |
\index{cp@\emph{cp}}\emph{cp},
|
476 |
\index{mv@\emph{mv}}\emph{mv},
|
477 |
\index{rm@\emph{rm}}\emph{rm}, and
|
478 |
\index{tar@\emph{tar}}\emph{tar}.
|
479 |
\item An rudimentary understanding of how dynamic web content is generated and served,
|
480 |
including \index{Apache@\emph{Apache}}\emph{Apache}.
|
481 |
\item A rudimentary understanding \index{SQL}\emph{SQL} and \emph{MySQL}.
|
482 |
\end{itemize}
|
483 |
|
484 |
Attaining competence in Unix sufficient to install
|
485 |
\emph{\productbasename{}} is not trivial, especially if one has no experience
|
486 |
with Unix systems.
|
487 |
|
488 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
489 |
|
490 |
\subsection{Server System Requirements}
|
491 |
\label{sins0:ssyr0}
|
492 |
|
493 |
In order to run the \emph{\productname{}} software, the
|
494 |
\index{server requirements}server must meet the
|
495 |
following specifications.
|
496 |
|
497 |
\begin{itemize}
|
498 |
\item \emph{Linux} (necessary version uncertain).
|
499 |
\item \emph{Apache} (necessary version uncertain).
|
500 |
\item \emph{MySQL} (necessary version uncertain).
|
501 |
\item \emph{PHP} (necessary version uncertain).
|
502 |
\item The server must be configured so that \emph{cron} jobs can
|
503 |
be run.
|
504 |
\end{itemize}
|
505 |
|
506 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
507 |
|
508 |
\subsection{Server Software Installation Instructions}
|
509 |
\label{sins0:sssi0}
|
510 |
|
511 |
This section contains precise instructions for installing the
|
512 |
\emph{\productbasename{}} software on a server. The server must meet the
|
513 |
requirements in \S{}\ref{sins0:ssyr0}.
|
514 |
|
515 |
The steps in installing the \emph{\productbasename{}}
|
516 |
software are:
|
517 |
|
518 |
\begin{enumerate}
|
519 |
\item Choose the path where the \emph{PHP} web files,
|
520 |
\emph{PHP} library files, and web graphics will
|
521 |
be placed (\S{}\ref{sins0:sssi0:spwg0}, p. \pageref{sins0:sssi0:spwg0}).
|
522 |
\item Set up the \emph{MySQL} database software
|
523 |
(\S{}\ref{sins0:sssi0:smsq0}, p. \pageref{sins0:sssi0:smsq0}).
|
524 |
\item Set up the \emph{Apache} web server software
|
525 |
(\S{}\ref{sins0:sssi0:sapc0}, p. \pageref{sins0:sssi0:sapc0}).
|
526 |
\item Unpack the \emph{\productbasename{}} software
|
527 |
(\S{}\ref{sins0:sssi0:susc0}, p. \pageref{sins0:sssi0:susc0}).
|
528 |
\item Generate the \emph{\productbasename{}} hash key
|
529 |
(\S{}\ref{sins0:sssi0:sgsh0}, p. \pageref{sins0:sssi0:sgsh0}).
|
530 |
\item Customize the PHP library include path
|
531 |
(\S{}\ref{sins0:sssi0:sphl0}, p. \pageref{sins0:sssi0:sphl0}).
|
532 |
\item Customize the web page script include path
|
533 |
(\S{}\ref{sins0:sssi0:scwp0}, p. \pageref{sins0:sssi0:scwp0}).
|
534 |
\item Customize the \emph{MySQL} database access constants
|
535 |
(\S{}\ref{sins0:sssi0:sdac0}, p. \pageref{sins0:sssi0:sdac0}).
|
536 |
\item Initialize the \emph{MySQL} database
|
537 |
(\S{}\ref{sins0:sssi0:sdin0}, p. \pageref{sins0:sssi0:sdin0}).
|
538 |
\item Perform the functionality tests
|
539 |
(\S{}\ref{sins0:sssi0:sftt0}, p. \pageref{sins0:sssi0:sftt0}).
|
540 |
\item Customize the default FBO information
|
541 |
(\S{}\ref{sins0:sssi0:scdf0}, p. \pageref{sins0:sssi0:scdf0}).
|
542 |
\end{enumerate}
|
543 |
|
544 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
545 |
|
546 |
\subsubsection{Choice of PHP Source File, PHP Library, and Graphics Paths}
|
547 |
\label{sins0:sssi0:spwg0}
|
548 |
|
549 |
Server environments vary considerably. For example:
|
550 |
|
551 |
\begin{itemize}
|
552 |
\item On a server owned by the FBO, there is generally full freedom
|
553 |
in locating files (such as
|
554 |
\index{PHP library}PHP library files).
|
555 |
\item On a server owned by a web hosting company, there is generally
|
556 |
very little freedom in locating files (such as PHP library files).
|
557 |
Typically, all locations are specified by the web hosting company.
|
558 |
\end{itemize}
|
559 |
|
560 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
561 |
|
562 |
\paragraph{PHP Source File Path}
|
563 |
|
564 |
First, choose where to locate the PHP source files (these are the files that
|
565 |
are executed in response to HTTP requests---see \S{}\ref{swpg0}, \pageref{swpg0}), and record this choice to use
|
566 |
in later installtion steps. All of the files identified in \S{}\ref{swpg0} must be located in the
|
567 |
same directory.
|
568 |
|
569 |
For an FBO with website \texttt{http://myfbo.com}, a typical choice for a URL
|
570 |
to access the flight scheduler would be\\\\
|
571 |
\texttt{http://myfbo.com/flightschedule}.\\\\
|
572 |
This URL has associated with it a path on the server (usually, below the
|
573 |
Apache
|
574 |
\index{Apache@\emph{Apache}!DocumentRoot directive@\emph{DocumentRoot} directive}%
|
575 |
\index{DocumentRoot (Apache directive)@\emph{DocumentRoot} (Apache directive)}\emph{DocumentRoot}).
|
576 |
In this case, the server directory to contain the PHP source code should be chosen and created;
|
577 |
permissions should be checked to ensure that the Apache server
|
578 |
can read the files; and the choice should be recorded for later installation steps.
|
579 |
|
580 |
A second common choice is to locate the flight scheduler at a URL of the form
|
581 |
\texttt{http://flightschedule.myfbo.com}. The mechanics of setting up DNS and
|
582 |
Apache are not discussed here. If you are an inexperienced Unix administrator,
|
583 |
I recommend that you make the simpler choice described in the paragraph above.
|
584 |
|
585 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
586 |
|
587 |
\paragraph{PHP Library Path}
|
588 |
|
589 |
The PHP library path is the path where the PHP interpreter searches for
|
590 |
files specified in the PHP \emph{include()} and \emph{require()} commands.
|
591 |
|
592 |
The likely PHP library path chosen varies depending on whether the server is
|
593 |
owned.
|
594 |
|
595 |
For an server owned by the FBO, a typical choice is to place the library include files
|
596 |
in a subdirectory of the path specified in the \emph{php.ini} file.
|
597 |
|
598 |
For a server owned by a hosting company, a typical choice is anywhere not
|
599 |
aliased into Apache's URL space.\footnote{In other words, web clients should not be able to
|
600 |
choose a URL so as to point to the PHP library files.}
|
601 |
|
602 |
This choice should be made, the directory should be created, and permissions should be set
|
603 |
so that Apache can read but not modify the files, and the choice should be recorded.
|
604 |
|
605 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
606 |
|
607 |
\paragraph{Graphics File Path}
|
608 |
|
609 |
\emph{\productbasename{}} has some graphics (logos, arrows, icons, etc.) that must be
|
610 |
loadable by a browser. These files must all be together in the same directory.
|
611 |
|
612 |
A typical choice for a location for these graphics is\\\\
|
613 |
\texttt{http://myfbo.com/fboprimegraphics}.\\\\
|
614 |
|
615 |
The necessary directory should be created on the server, permissions should be set appropriately,
|
616 |
and the base URL of the graphics should be recorded.
|
617 |
|
618 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
619 |
|
620 |
\subsubsection{\emph{MySQL} Database Setup}
|
621 |
\label{sins0:sssi0:smsq0}
|
622 |
|
623 |
Setup of \index{MySQL@\emph{MySQL}!Setup for \productbasename{}@Setup for \emph{\productbasename{}}}%
|
624 |
\emph{MySQL} involves obtaining a database name,
|
625 |
userid, and password. (This is the only information
|
626 |
required to set up \emph{\productbasename{}}---creation of
|
627 |
database tables is handled by a script.)
|
628 |
|
629 |
The steps to set up \emph{MySQL} depend on how the software
|
630 |
is hosted.
|
631 |
|
632 |
\begin{itemize}
|
633 |
\item If the software is hosted by a hosting company, the
|
634 |
\emph{MySQL} database name, userid, and password will probably
|
635 |
be assigned by the hosting company.
|
636 |
\item If the software is hosted on an owned or dedicated server,
|
637 |
the setup must be performed by the individual
|
638 |
installing \emph{\productbasename{}}.
|
639 |
\end{itemize}
|
640 |
|
641 |
If the software is hosted on an owned or dedicated server,
|
642 |
the following steps should be used to set up \emph{MySQL}:
|
643 |
|
644 |
\begin{enumerate}
|
645 |
\item Choose a database name, userid, and password
|
646 |
for use with \emph{MySQL}. In subsequent description, these
|
647 |
are denoted \emph{dbname}, \emph{userid},
|
648 |
and \emph{password}.
|
649 |
\item Log into \emph{MySQL} as the root user.\footnote{Note that the
|
650 |
\emph{root} password for \emph{MySQL} is not the same
|
651 |
thing as the \emph{root} user password for \emph{Linux}.}
|
652 |
The command to do this is:
|
653 |
|
654 |
\texttt{mysql --user=root -p}
|
655 |
\item Create the database. The \emph{MySQL} command to do this is:
|
656 |
|
657 |
\texttt{create database \emph{dbname};}
|
658 |
\item Grant the user \emph{userid} all privileges on database
|
659 |
\emph{dbname} using password \emph{password} when connecting
|
660 |
from \emph{localhost}.\footnote{The normal arrangement is that the
|
661 |
\emph{MySQL} daemon runs on the same server as \emph{Apache}, hence
|
662 |
the connection from \emph{localhost}.} The command to do this is:
|
663 |
|
664 |
\texttt{grant all on \emph{dbname}.* to \emph{userid}@localhost\\identified by '\emph{password}';}
|
665 |
\item Log out of \emph{MySQL} (Control-D).
|
666 |
\item Test the permissions created by running
|
667 |
|
668 |
\texttt{mysql --user=\emph{userid} -p}
|
669 |
|
670 |
and entering the \emph{password} chosen. Issue the command:
|
671 |
|
672 |
\texttt{use database \emph{dbname};}
|
673 |
|
674 |
to verify permission to access \emph{dbname}.
|
675 |
\item Log out of \emph{MySQL} (Control-D).
|
676 |
\end{enumerate}
|
677 |
|
678 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
679 |
|
680 |
\subsubsection{\emph{Apache} Setup}
|
681 |
\label{sins0:sssi0:sapc0}
|
682 |
|
683 |
\index{Apache@\emph{Apache}!Setup for \productbasename{}@Setup for \emph{\productbasename{}}}%
|
684 |
As with \emph{MySQL}, the setup of \emph{Apache} is more complex
|
685 |
for an owned or dedicated server. Details TBD.
|
686 |
|
687 |
|
688 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
689 |
|
690 |
\subsubsection{Unpacking of \emph{\productbasename{}} Source Code}
|
691 |
\label{sins0:sssi0:susc0}
|
692 |
|
693 |
TBD.
|
694 |
|
695 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
696 |
|
697 |
\subsubsection{Generation of \emph{\productname{}} Hash Key}
|
698 |
\label{sins0:sssi0:sgsh0}
|
699 |
|
700 |
The \emph{\productbasename{}} hash key must be defined in a file in the
|
701 |
PHP library named \emph{sitehashkey.inc}.
|
702 |
|
703 |
The \index{sitehashkeygen.php@\emph{sitehashkeygen.php}}\texttt{sitehashkeygen.php}
|
704 |
script (\S{}\ref{ssas0:shkg0}, p. \pageref{ssas0:shkg0}) should
|
705 |
be used to generate this file automatically.
|
706 |
|
707 |
Simply execute the \texttt{sitehashkeygen.php} script with the path to the
|
708 |
PHP library as the only parameter, then review
|
709 |
permissions on the \emph{sitehashkey.inc} file for appropriateness.
|
710 |
|
711 |
It would also be possible to generate the \emph{sitehashkey.inc}
|
712 |
file manually (although there should be no reason to do this).
|
713 |
The recommended approach would be to replicate the file contents
|
714 |
shown in Figure \ref{fig:ssas0:shkg0:00} (p. \pageref{fig:ssas0:shkg0:00}),
|
715 |
but with the key chosen randomly (perhaps by
|
716 |
typing random keystrokes in the text editor).
|
717 |
|
718 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
719 |
|
720 |
\subsubsection{Customization of Include Path in PHP Library Files}
|
721 |
\label{sins0:sssi0:sphl0}
|
722 |
|
723 |
TBD.
|
724 |
|
725 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
726 |
|
727 |
\subsubsection{Customization of Include Path in Web Pages}
|
728 |
\label{sins0:sssi0:scwp0}
|
729 |
|
730 |
TBD.
|
731 |
|
732 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
733 |
|
734 |
\subsubsection{Customization of \emph{MySQL} Database Access Constants}
|
735 |
\label{sins0:sssi0:sdac0}
|
736 |
|
737 |
TBD.
|
738 |
|
739 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
740 |
|
741 |
\subsubsection{Database Initialization}
|
742 |
\label{sins0:sssi0:sdin0}
|
743 |
|
744 |
TBD.
|
745 |
|
746 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
747 |
|
748 |
\subsubsection{Functionality Tests}
|
749 |
\label{sins0:sssi0:sftt0}
|
750 |
|
751 |
TBD.
|
752 |
|
753 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
754 |
|
755 |
\subsubsection{Customization of Default FBO Information}
|
756 |
\label{sins0:sssi0:scdf0}
|
757 |
|
758 |
TBD.
|
759 |
|
760 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
761 |
|
762 |
\subsection{Maintenance and Other Procedures}
|
763 |
\label{sins0:smpr0}
|
764 |
|
765 |
This section contains the precise instructions for installing the
|
766 |
\emph{\productname{}} software on a server. The server must meet the
|
767 |
requirements in \S{}\ref{sins0:ssyr0}.
|
768 |
|
769 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
770 |
|
771 |
\subsubsection{Backing Up \emph{MySQL} Database Contents}
|
772 |
\label{sins0:smpr0:sbak0}
|
773 |
|
774 |
TBD.
|
775 |
|
776 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
777 |
|
778 |
\subsubsection{Backing Up FBO Web Content}
|
779 |
\label{sins0:smpr0:sbak1}
|
780 |
|
781 |
TBD.
|
782 |
|
783 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
784 |
|
785 |
\subsubsection{Restoring \emph{MySQL} Database Contents}
|
786 |
\label{sins0:smpr0:sres0}
|
787 |
|
788 |
TBD.
|
789 |
|
790 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
791 |
|
792 |
\subsubsection{Restoring FBO Web Content}
|
793 |
\label{sins0:smpr0:sres1}
|
794 |
|
795 |
TBD.
|
796 |
|
797 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
798 |
|
799 |
\subsubsection{Upgrading to a Newer Version of \emph{\productbasename{}}}
|
800 |
\label{sins0:smpr0:sugd0}
|
801 |
|
802 |
TBD.
|
803 |
|
804 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
805 |
|
806 |
\section{Technical Background}
|
807 |
\label{stbg0}
|
808 |
|
809 |
This section provides technical background that may be useful in understanding
|
810 |
the \emph{\productbasename{}} software.
|
811 |
|
812 |
|
813 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
814 |
|
815 |
\subsection{The Site Hash Key}
|
816 |
\label{stbg0:sshk0}
|
817 |
|
818 |
\index{site hash key}In order to provide security for hashed passwords, session identifiers,
|
819 |
and other constructs, the
|
820 |
\emph{\productbasename{}} software must have available a string (or equivalently, a number)
|
821 |
that is not available to non-administrative users of the software. This string
|
822 |
is called the \emph{site hash key}.
|
823 |
|
824 |
It is most convenient to generate the site hash key using the \texttt{sitehashkeygen.php}
|
825 |
script, described in \S{}\ref{ssas0:shkg0}, p. \pageref{ssas0:shkg0}.
|
826 |
|
827 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
828 |
|
829 |
\subsection{The MD5 Message Digest Algorithm}
|
830 |
\label{stbg0:smdf0}
|
831 |
|
832 |
\index{MD5 message digest algorithm}The MD5 message digest algorithm
|
833 |
\cite{bibref:rfc1321} is a cryptographic hash algorithm. The most important
|
834 |
properties of the algorithm are described in the executive summary of
|
835 |
\cite{bibref:rfc1321}:
|
836 |
|
837 |
\begin{quote}
|
838 |
\emph{This document describes the MD5 message-digest algorithm. The
|
839 |
algorithm takes as input a message of arbitrary length and produces
|
840 |
as output a 128-bit ``fingerprint'' or ``message digest'' of the input.
|
841 |
It is conjectured that it is computationally infeasible to produce
|
842 |
two messages having the same message digest, or to produce any
|
843 |
message having a given prespecified target message digest. The MD5
|
844 |
algorithm is intended for digital signature applications, where a
|
845 |
large file must be ``compressed'' in a secure manner before being
|
846 |
encrypted with a private (secret) key under a public-key cryptosystem
|
847 |
such as RSA.}
|
848 |
\end{quote}
|
849 |
|
850 |
The statement that ``\emph{it is computationally infeasible to produce
|
851 |
two messages having the same message digest, or to produce any message having
|
852 |
a given prespecified target message digest}'' means
|
853 |
that it is conjectured infeasible to ``work backwards'' from
|
854 |
a message digest to a message having that digest except by generating
|
855 |
random messages. Even by generating random messages and
|
856 |
evaluating their MD5 message digest at the rate of a billion ($10^9$) messages
|
857 |
per second (an unattainable rate on a single computing platform), the expected time
|
858 |
to find a message with a prespecified message digest is 5 trillion billion years.
|
859 |
|
860 |
The MD5 message digest function is ``one-way'' in that it is very inexpensive to
|
861 |
find the MD5 message digest given a message, but intractable to find a viable message
|
862 |
given its MD5.
|
863 |
|
864 |
|
865 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
866 |
|
867 |
\subsection{\emph{\productbasename{}} Cryptographic Hash Functions}
|
868 |
\label{stbg0:sfch0}
|
869 |
|
870 |
The \emph{\productbasename{}} software provides a cryptographic hash function
|
871 |
used extensively in the software and denoted
|
872 |
the \index{site hash function}\emph{site hash function} or \index{SHF}\emph{SHF}\@.
|
873 |
The SHF function maps from an arbitrary number
|
874 |
of input strings to
|
875 |
an MD5 message digest.
|
876 |
|
877 |
The SHF is designed so that a potential attacker
|
878 |
cannot determine the MD5 message digest that would be generated from
|
879 |
a set of input strings. In order to accomplish this behavior,
|
880 |
the input strings are ``mixed'' with the
|
881 |
\index{site hash key} before the MD5 message digest is calculated.
|
882 |
If $s_i$ denotes the $i$th input string, $n$ denotes the number of
|
883 |
input strings, $h$ denotes the site hash key,
|
884 |
and ``$+$'' denotes string concatenation, the hash function used is
|
885 |
|
886 |
\begin{eqnarray}
|
887 |
\nonumber
|
888 |
& SHF(s_1, s_2, s_3, \ldots{}, s_n)& \\
|
889 |
\label{eq:stbg0:sfch0:00}
|
890 |
& = & \\
|
891 |
\nonumber
|
892 |
& MD5(h + s_1 + h + s_2 + h + s_3 + \ldots{} + s_n + h) . &
|
893 |
\end{eqnarray}
|
894 |
|
895 |
Note that given the input strings $s_1 \ldots{} s_n$, an attacker
|
896 |
cannot predict $SHF(s_1 \ldots{} s_n)$ without
|
897 |
knowledge of the site hash key. Note also that an attacker cannot deduce
|
898 |
the site hash key by observing a number of sets of strings and the
|
899 |
corresponding $SHF()$ output.
|
900 |
|
901 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
902 |
|
903 |
\subsection{Password Storage}
|
904 |
\label{stbg0:spst0}
|
905 |
|
906 |
\index{password}Although unsafe computing practice, it is anticipated that
|
907 |
some users will use the same passwords for \emph{\productbasename{}}
|
908 |
as they use for other systems (such as e-mail and banking). It is unwise
|
909 |
to store \emph{\productbasename{}} passwords on the server in the clear,
|
910 |
in case the server is compromised or in the case of misconduct by
|
911 |
employees of the FBO or the hosting company.
|
912 |
|
913 |
Current doctrine with respect to password storage is:
|
914 |
|
915 |
\begin{itemize}
|
916 |
\item Passwords should not be stored on the server. Instead,
|
917 |
only cryptographic hashes of the passwords should be stored.
|
918 |
\item \index{salt}``Salt''\footnote{Some element of uncontrollability or randomness.} should be applied to
|
919 |
cryptographic hash generation. Without salt, two negative
|
920 |
circumstances are possible:
|
921 |
\begin{itemize}
|
922 |
\item It may be possible to determine if two users have the same password
|
923 |
(because the stored cryptographic hashes are identical).
|
924 |
\item Dictionary attacks may become easier. (Salt makes dictionaries
|
925 |
difficult to build.)
|
926 |
\end{itemize}
|
927 |
\item It should not be technically possible to view passwords.
|
928 |
\item Users and administrators should only be able to verify and
|
929 |
reset passwords (never to view them).
|
930 |
\end{itemize}
|
931 |
|
932 |
The algorithm used for password storage in \emph{\productbasename{}} is:
|
933 |
|
934 |
\begin{itemize}
|
935 |
\item When a user account is created, an SGUID and other
|
936 |
random elements are used to create 128 bits of ``salt''. This salt
|
937 |
is stored with the user record.
|
938 |
\item The password information stored is the SHF of
|
939 |
the user's salt and the password.
|
940 |
\end{itemize}
|
941 |
|
942 |
In order for an attacker to glean information about a user's password
|
943 |
based on information stored on the server:
|
944 |
|
945 |
\begin{itemize}
|
946 |
\item The site hash key would need to be compromised.
|
947 |
\item The user's salt would need to be compromised.
|
948 |
\item Even with the two previous conditions met, the only attack possible
|
949 |
is a dictionary attack.\footnote{The dictionary database could not be
|
950 |
built until the site hash key and user's salt were compromised. Additionally:
|
951 |
\begin{itemize}
|
952 |
\item Due to the salt, the dictionary would apply to only one user.
|
953 |
\item It would not be possible to determine whether two users
|
954 |
have the same password.
|
955 |
\end{itemize}}
|
956 |
\end{itemize}
|
957 |
|
958 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
959 |
|
960 |
\subsection{Unix Time vs. Scheduling Time}
|
961 |
\label{stbg0:sutv0}
|
962 |
|
963 |
Traditionally, time in Unix systems has been represented as integer seconds since
|
964 |
the \index{Unix epoch}\index{epoch}Unix epoch, where the Unix epoch is defined as
|
965 |
00:00:00 \index{UTC}UTC on January 1, 1970. Unix systems overall perform well,
|
966 |
but there are occasional glitches---for example, a carelessly-written Unix
|
967 |
\emph{cron} job might run twice or not at all as \index{daylight savings time}daylight
|
968 |
savings time comes or goes.
|
969 |
|
970 |
Note that traditional Unix time does not include the notion of daylight savings time.
|
971 |
UTC is never adjusted in this way. Only the offset of local time
|
972 |
with respect to UTC changes.
|
973 |
|
974 |
It would be possible to have the resource scheduler use the traditional
|
975 |
Unix time. There would be two disadvantages to such an approach:
|
976 |
|
977 |
\begin{enumerate}
|
978 |
\item GET and POST parameters would not be human-friendly (making debugging
|
979 |
more difficult).
|
980 |
\item There would be complexity in handling reservations near the transitions
|
981 |
to and from daylight savings time.
|
982 |
\end{enumerate}
|
983 |
|
984 |
For these reasons, this software uses two time schemes:
|
985 |
|
986 |
\begin{itemize}
|
987 |
\item For \index{SGUID}SGUIDs
|
988 |
(\S{}\ref{stdd0:sdty0:sgui0}, p. \pageref{stdd0:sdty0:sgui0})
|
989 |
and other special purposes where only time ordering is required, the software uses
|
990 |
traditional Unix time.
|
991 |
\item For reservation scheduling
|
992 |
(see \index{STIME}STIME, \S{}\ref{stdd0:sdty0:stim0}, p. \pageref{stdd0:sdty0:stim0}),
|
993 |
an abstract representation of local time is used. This abstract
|
994 |
representation does not consider daylight savings time.
|
995 |
\end{itemize}
|
996 |
|
997 |
In behavior, the scheduler resembles a large piece of paper with many
|
998 |
squares. There is no allowance made for the extra hour or missing hour
|
999 |
that accompany daylight savings time. This means that reservations
|
1000 |
spanning the transition may be longer or shorter by one hour than the
|
1001 |
scheduler calculates. In practice, this is not likely to be a problem, as
|
1002 |
very few pilots fly a rental plane at 2 a.m.
|
1003 |
|
1004 |
The Unix notion of time and the scheduler's notion of time intersect at these places:
|
1005 |
|
1006 |
\begin{itemize}
|
1007 |
\item The time and date displayed by the scheduler as the current time and date.
|
1008 |
\item Time of day and date assumed for deciding which calendar day and which portion of the day to
|
1009 |
display.
|
1010 |
\item Time of day used for deciding if a user is trying to schedule or cancel a reservation
|
1011 |
too close to the time of the reservation.
|
1012 |
\end{itemize}
|
1013 |
|
1014 |
It is anticipated that this software may be run on a server not in the same
|
1015 |
\index{locale (time)}locale
|
1016 |
as the FBO. For this reason, the software can be customized to
|
1017 |
use as the current time either:
|
1018 |
|
1019 |
\begin{itemize}
|
1020 |
\item The server local time with an optional offset.
|
1021 |
\item UTC (GMT) time with an optional offset.
|
1022 |
\end{itemize}
|
1023 |
|
1024 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1025 |
|
1026 |
\subsection{Time Interval Conventions}
|
1027 |
\label{stbg0:stic0}
|
1028 |
|
1029 |
The \emph{\productbasename{}} software deals extensively
|
1030 |
with \index{time interval}time intervals.
|
1031 |
It is useful---and it prevents mistakes---to have
|
1032 |
a formal definition of what is intended by an interval.
|
1033 |
|
1034 |
For example, if \emph{Student A} reserves an airplane from 2 p.m. to
|
1035 |
3 p.m., and \emph{Student B} reserves the same airplane from 3 p.m. to
|
1036 |
4 p.m., which student has the airplane at exactly 3 p.m.?\footnote{Answer:
|
1037 |
\emph{Student B}, and the rationale follows.}
|
1038 |
|
1039 |
The convention used in the \emph{\productbasename{}} software
|
1040 |
is that reservation intervals are
|
1041 |
\index{closed interval}\index{interval!closed}closed on the left and
|
1042 |
\index{open interval}\index{interval!open}open
|
1043 |
on the right, that is, a scheduling interval from $t_0$ to
|
1044 |
$t_1$ encompasses all values or time $t$ such that
|
1045 |
|
1046 |
\begin{equation}
|
1047 |
t \in [ t_0, t_1),
|
1048 |
\end{equation}
|
1049 |
|
1050 |
\noindent{}or, equivalently but using different notation,
|
1051 |
|
1052 |
\begin{equation}
|
1053 |
t_0 \leq t < t_1 .
|
1054 |
\end{equation}
|
1055 |
|
1056 |
At first glance, it may seem frivolous to pay so much attention to
|
1057 |
this definition. However, in the formation of SQL queries and in definitions
|
1058 |
such as \emph{adjacency} or \emph{overlap}, uncertain definitions lead to
|
1059 |
software with uncertain behavior.
|
1060 |
|
1061 |
|
1062 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1063 |
|
1064 |
\subsection{Definition of Overlapping Intervals}
|
1065 |
\label{stbg0:sdov0}
|
1066 |
|
1067 |
\index{overlapping intervals}\index{interval!operlapping}Two time intervals
|
1068 |
|
1069 |
\begin{equation}
|
1070 |
\label{eq:stbg0:sdov0:000}
|
1071 |
\overline{c} = [c_0, c_1)
|
1072 |
\end{equation}
|
1073 |
|
1074 |
\noindent{}and
|
1075 |
|
1076 |
\begin{equation}
|
1077 |
\label{eq:stbg0:sdov0:0000}
|
1078 |
\overline{w} = [w_0, w_1)
|
1079 |
\end{equation}
|
1080 |
|
1081 |
\noindent{}overlap if there can be found some value of time $t$ which
|
1082 |
is in both intervals, i.e.
|
1083 |
|
1084 |
\begin{equation}
|
1085 |
\label{eq:stbg0:sdov0:00}
|
1086 |
\exists t : t \in \overline{c} \wedge t \in \overline{w} .
|
1087 |
\end{equation}
|
1088 |
|
1089 |
It can be shown that a simple test\footnote{Thanks to
|
1090 |
Rouben Rostamian \cite{bibref:i:rostamianrouben}
|
1091 |
for his post to the \texttt{sci.math} newsgroup containing this
|
1092 |
expression.} for
|
1093 |
overlap is
|
1094 |
|
1095 |
\begin{equation}
|
1096 |
\label{eq:stbg0:sdov0:01}
|
1097 |
(c_0 < y_1) \wedge (y_0 < c_1) .
|
1098 |
\end{equation}
|
1099 |
|
1100 |
It is also possible and potentially desirable to generalize the
|
1101 |
notion of a reservation to include
|
1102 |
\index{reservations!zero-length}zero-length reservations where
|
1103 |
$t_0 = t_1$. If this is done, we must accept
|
1104 |
the $t_0=t_1$ case as an idiom for $[t_0, t_1]$\footnote{Rather
|
1105 |
than for $[t_0, t_1)$, which wouldn't make sense with $t_0=t_1$}.
|
1106 |
In this case, the notion of overlap presented
|
1107 |
in (\ref{eq:stbg0:sdov0:00}) can still be applied. It is believed
|
1108 |
that the simplest expression for overlap of two potentially
|
1109 |
zero-length reservations is
|
1110 |
|
1111 |
\begin{equation}
|
1112 |
\label{eq:stbg0:sdov0:02}
|
1113 |
((c_0 < y_1) \wedge (y_0 < c_1)) \vee (c_0 = y_0) .
|
1114 |
\end{equation}
|
1115 |
|
1116 |
No special results have been obtained for evaluating more than two intervals for
|
1117 |
overlap.
|
1118 |
|
1119 |
|
1120 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1121 |
|
1122 |
\subsection[\mbox{\protect$O(\log N)$}, \mbox{\protect$O(N)$}, and \mbox{\protect$O(N^2)$}]
|
1123 |
{\mbox{\protect\boldmath$O(\log N)$},
|
1124 |
\mbox{\protect\boldmath$O(N)$}, and \mbox{\protect\boldmath$O(N^2)$}}
|
1125 |
\label{stbg0:sonn0}
|
1126 |
|
1127 |
\index{O() notation@$O()$ notation}``$O()$''
|
1128 |
notation comes from computer science, and denotes an upper bound
|
1129 |
on the number of steps required to perform a calculation or to execute
|
1130 |
an algorithm (such as a database search algorithm)\@. In this context, $N$ is
|
1131 |
used to denote some parameter that can be varied to represent more difficulty,
|
1132 |
such as more records in a database or more records to sort.
|
1133 |
|
1134 |
In designing the \emph{\productbasename{}} software, it is natural to be
|
1135 |
concerned with the performance of the software as the number of records
|
1136 |
(users, resources, reservations) increases. This is especially relevant
|
1137 |
because ORS had performance problems.
|
1138 |
|
1139 |
The nature of an $O(N)$ algorithm is easiest to comprehend.
|
1140 |
An $O(N)$ algorithm is normally an algorithm where a fixed amount of processing
|
1141 |
is performed for each of $N$ items. For example, reading $N$ items from a file
|
1142 |
tends to be an $O(N)$ operation. If it takes one second for a computer to
|
1143 |
read 1,000 items, it might be reasonable to expect it to take two seconds
|
1144 |
to read 2,000 items.
|
1145 |
|
1146 |
An $O(\log N)$ operation is an operation where the time to complete
|
1147 |
the operation varies roughly as the logarithm of the number of elements.
|
1148 |
For example, if it takes one second for a computer to perform an operation
|
1149 |
on 10 elements and two seconds on 100 elements; it might be reasonable to
|
1150 |
expect it to take three seconds on 1000 elements.\footnote{$\log 10 = 1$,
|
1151 |
$\log 100 = 2$, and $\log 1000 = 3$.}
|
1152 |
|
1153 |
An $O(N^2)$ is an operation where the time to complete the operation varies roughly
|
1154 |
as the square of the number of elements. For example, if it takes one second for
|
1155 |
a computer to perform an operation on 10 elements, it would be reasonable to expect
|
1156 |
it to take four seconds on 20 elements and nine seconds on 30 elements.
|
1157 |
|
1158 |
Note that $O(N^2)$ operations are frequently created (usually accidentally!) by
|
1159 |
nested loops over data, such as occur in the classic rock/bubble sorts.
|
1160 |
$O(N^2)$ algorithms are \emph{extremely} undesirable.
|
1161 |
|
1162 |
It is easy to see that $O(\log N)$ algorithms are more
|
1163 |
desirable than $O(N)$ algorithms, which are in
|
1164 |
turn more desirable than $O(N^2)$ algorithms.
|
1165 |
|
1166 |
The goal in designing the database for \emph{\productbasename{}} is to ensure as much
|
1167 |
as possible that all database queries require $O(\log N)$ time to execute, rather
|
1168 |
than $O(N)$ or $O(N^2)$ time.
|
1169 |
|
1170 |
$O(\log N)$ behavior is in general achieved by defining the fields used in important
|
1171 |
queries to be
|
1172 |
\index{key field}\index{MySQL@\emph{MySQL}!key field}\emph{key} fields.
|
1173 |
Definition as a key field has two effects on
|
1174 |
the behavior of database queries:
|
1175 |
|
1176 |
\begin{itemize}
|
1177 |
\item Queries involving equalities or inequalities of the key field become
|
1178 |
$O(\log N)$ rather than $O(N)$.
|
1179 |
\item Database insertions require somewhat more time (because of the overhead
|
1180 |
of maintaining special indexes or trees that assist in searching).
|
1181 |
\end{itemize}
|
1182 |
|
1183 |
As an example of a critical query, consider a user who is browsing airplane
|
1184 |
scheduling information. In order to allow the scheduling information to be quickly
|
1185 |
displayed,
|
1186 |
\emph{MySQL} must be able to quickly locate the scheduling records that
|
1187 |
correspond to the airplane and the time period being viewed. For this reason,
|
1188 |
database table fields identifying the airplane
|
1189 |
and the start and end of the reservation are
|
1190 |
key fields.
|
1191 |
|
1192 |
Comments and explanations involving $O()$ notation are found throughout the
|
1193 |
\emph{\productbasename{}} source code and throughout this document.
|
1194 |
|
1195 |
|
1196 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1197 |
|
1198 |
\subsection[\mbox{\protect$1\leftrightarrow{}1$},
|
1199 |
\mbox{\protect$1\leftrightarrow{}\infty{}$},
|
1200 |
and
|
1201 |
\mbox{\protect$\infty\leftrightarrow\infty{}$} Table Relationships]
|
1202 |
{\mbox{\protect\boldmath$1\leftrightarrow{}1$},
|
1203 |
\mbox{\protect\boldmath$1\leftrightarrow{}\infty{}$},
|
1204 |
and
|
1205 |
\mbox{\protect\boldmath$\infty\leftrightarrow\infty{}$} Table Relationships}
|
1206 |
\label{stbg0:sdbx0}
|
1207 |
|
1208 |
TBD.
|
1209 |
|
1210 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1211 |
|
1212 |
\section{Technical Design Decisions}
|
1213 |
\label{stdd0}
|
1214 |
|
1215 |
TBD.
|
1216 |
|
1217 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1218 |
|
1219 |
\subsection{Standard Web Page Appearance}
|
1220 |
\label{stdd0:swpa0}
|
1221 |
|
1222 |
TBD.
|
1223 |
|
1224 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1225 |
|
1226 |
\subsection{Data Types}
|
1227 |
\label{stdd0:sdty0}
|
1228 |
|
1229 |
\index{data types}%
|
1230 |
This section describes the custom data types maintained by the software.
|
1231 |
|
1232 |
PHP is primarily a string-based language. The important data types that
|
1233 |
are used to implement this software are, for the most part, forced into
|
1234 |
string form. String forms provide a way to represent data not inherently
|
1235 |
supported by PHP, such as long integers.
|
1236 |
|
1237 |
The string forms of data described here generally (but not always)
|
1238 |
have these characteristics.
|
1239 |
|
1240 |
\begin{itemize}
|
1241 |
\item String forms are typically constant-length.
|
1242 |
\item String forms typically have as their first two characters a type identifier.
|
1243 |
This provides a way for the software to trap typing mistakes.
|
1244 |
\item String forms are typically chosen so that the
|
1245 |
lexographic ordering of the strings corresponds to the desired ordering of the
|
1246 |
represented data.
|
1247 |
\end{itemize}
|
1248 |
|
1249 |
|
1250 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1251 |
|
1252 |
\subsubsection{UTIME (Unix Timestamp)}
|
1253 |
\label{stdd0:sdty0:sutm0}
|
1254 |
|
1255 |
\index{UTIME}%
|
1256 |
A Unix timestamp is a decimal representation of the number of
|
1257 |
seconds since the Unix epoch, and includes a fractional part.
|
1258 |
|
1259 |
\begin{figure}
|
1260 |
\centering
|
1261 |
\includegraphics[width=4.6in]{utimeformat01.eps}
|
1262 |
\caption{Format of UTIME}
|
1263 |
\label{fig:stdd0:sdty0:sutm0:00}
|
1264 |
\end{figure}
|
1265 |
|
1266 |
Figure \ref{fig:stdd0:sdty0:sutm0:00} illustrates the format of
|
1267 |
an UTIME. A UTIME consists of 22 characters, with the following
|
1268 |
components.
|
1269 |
|
1270 |
\begin{itemize}
|
1271 |
\item \textbf{``UT'' (2 characters):}
|
1272 |
This fixed string aids in preventing type accidents with
|
1273 |
string data types.
|
1274 |
\item \textbf{Integer seconds since the Unix epoch (11 characters):}
|
1275 |
These 11 characters are an integer, zero-padded on the left as
|
1276 |
necessary, that represent the integer seconds since the Unix
|
1277 |
epoch.
|
1278 |
\item \textbf{Nanoseconds associated with the integer seconds (9 characters):}
|
1279 |
These 9 characters are an integer, zero-padded on the left as
|
1280 |
necessary, that represent the nanoseconds associated with the
|
1281 |
integer seconds since the Unix
|
1282 |
epoch.
|
1283 |
\end{itemize}
|
1284 |
|
1285 |
Note that UTIMEs as described have the property that the lexical
|
1286 |
string sort order corresponds to the time sort order.
|
1287 |
|
1288 |
Note that the UTIME format can be used only for values that:
|
1289 |
|
1290 |
\begin{itemize}
|
1291 |
\item Are used as part of generating a unique or random data value
|
1292 |
(see, for example, \S{}\ref{stdd0:sdty0:sgui0}).
|
1293 |
\item Are used to determine elapsed time.
|
1294 |
\end{itemize}
|
1295 |
|
1296 |
UTIMEs cannot be mixed directly with scheduling time, as the FBO
|
1297 |
may be in a different time zone than the server.
|
1298 |
|
1299 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1300 |
|
1301 |
\subsubsection{SGUID (Server Globally-Unique Identifier)}
|
1302 |
\label{stdd0:sdty0:sgui0}
|
1303 |
|
1304 |
\index{SGUID}%
|
1305 |
\index{globally-unique identifier}%
|
1306 |
It is necessary or helpful in some contexts to have a way to create an
|
1307 |
identifier that is guaranteed to occur no more often than once in the lifetime
|
1308 |
of the server. \emph{MySQL} can be used to create such identifiers, and there
|
1309 |
are also methods based on file and IPC semantics that can be used.
|
1310 |
|
1311 |
The method used in the software is a \index{spin lock}spin lock on a precision
|
1312 |
timestamp; and the timestamp is concatenated with the PID. The method works
|
1313 |
because:
|
1314 |
|
1315 |
\begin{itemize}
|
1316 |
\item A single process (by virtue of the spin lock) can't generate the same
|
1317 |
precision timestamp twice.
|
1318 |
\item No two processes can have the same PID at the same time.
|
1319 |
\end{itemize}
|
1320 |
|
1321 |
\begin{figure}
|
1322 |
\centering
|
1323 |
\includegraphics[width=4.6in]{sguidformat01.eps}
|
1324 |
\caption{Format of SGUID}
|
1325 |
\label{fig:stdd0:sdty0:sgui0:00}
|
1326 |
\end{figure}
|
1327 |
|
1328 |
Figure \ref{fig:stdd0:sdty0:sgui0:00} illustrates the format of
|
1329 |
an SGUID. An SGUID consists of 32 characters, with the following
|
1330 |
components.
|
1331 |
|
1332 |
\begin{itemize}
|
1333 |
\item \textbf{``SG'' (2 characters):}
|
1334 |
This fixed string aids in preventing type accidents with
|
1335 |
string data types.
|
1336 |
\item \textbf{Integer seconds since the Unix epoch (11 characters):}
|
1337 |
These 11 characters are an integer, zero-padded on the left as
|
1338 |
necessary, that represent the integer seconds since the Unix
|
1339 |
epoch.\footnote{Note that 11 digits comfortably solves the Unix
|
1340 |
2037 A.D. issue, as this will guarantee SGUIDs
|
1341 |
beyond 5000 A.D.}
|
1342 |
\item \textbf{Nanoseconds associated with the integer seconds (9 characters):}
|
1343 |
These 9 characters are an integer, zero-padded on the left as
|
1344 |
necessary, that represent the nanoseconds associated with the
|
1345 |
integer seconds since the Unix
|
1346 |
epoch.\footnote{As of this writing, Linux provides time to a resolution
|
1347 |
of microseconds. It is anticipated that a resolution of nanoseconds will
|
1348 |
accommodate any hardware speed advances in the foreseeable future.}
|
1349 |
\item \textbf{PID (10 characters):}
|
1350 |
These 10 characters are an integer, zero-padded on the left as
|
1351 |
necessary, that represent Unix PID expressed
|
1352 |
as a decimal number.\footnote{As of this writing, PIDs are 16 bits only.
|
1353 |
However, it seems inevitable that PIDs will be expanded to 24 or 32 bits in the
|
1354 |
future.}
|
1355 |
\end{itemize}
|
1356 |
|
1357 |
Note that SGUIDs as described have a very important property---the lexical
|
1358 |
string sort order corresponds to the time sort order, with the PID used as a tie-breaker.
|
1359 |
This property is used to decide the priority of standby reservations
|
1360 |
(\S{}\ref{stdd0:ssby0}, p. \pageref{stdd0:ssby0}).
|
1361 |
|
1362 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1363 |
|
1364 |
\subsubsection{SID (Session Identifier)}
|
1365 |
\label{stdd0:sdty0:ssid0}
|
1366 |
|
1367 |
A \index{session identifier}session identifier (\index{SID}SID) is the
|
1368 |
cookie provided to the browser to authenticate the user after a successful login
|
1369 |
process is completed.
|
1370 |
|
1371 |
A session identifier is an identifier only. The state associated with the
|
1372 |
session is maintained on the server side.
|
1373 |
|
1374 |
A session identifier is exactly 66 characters long and consists of these components:
|
1375 |
|
1376 |
\begin{itemize}
|
1377 |
\item The two characters ``SI'' (2 characters).
|
1378 |
\item An SGUID as described in \S{}\ref{stdd0:sdty0:sgui0} (32 characters).
|
1379 |
\item The server cryptographic hash function of the first two fields described
|
1380 |
above (32 characters).
|
1381 |
\end{itemize}
|
1382 |
|
1383 |
The process of using an SID for authentication is protected by these mechanisms:
|
1384 |
|
1385 |
\begin{itemize}
|
1386 |
\item It is impossible for a client to forge an SID, as the client does not have
|
1387 |
access to the server hash key. (Additionally, it would be extremely for
|
1388 |
a client to guess an SGUID that is already associated with a session on the
|
1389 |
server, as this space is quite large.)
|
1390 |
\item The \emph{\productbasename{}} software also records the IP address of the
|
1391 |
connecting computer, records that information in the server-side session
|
1392 |
state, and will not accept the SID from a computer connecting from a different
|
1393 |
IP address. Thus (NAT schemes aside) an SID cannot be reused by a client
|
1394 |
other than the one it was issued to.
|
1395 |
\end{itemize}
|
1396 |
|
1397 |
|
1398 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1399 |
|
1400 |
\subsubsection{STIME (Scheduling Timestamp)}
|
1401 |
\label{stdd0:sdty0:stim0}
|
1402 |
|
1403 |
\index{STIME}%
|
1404 |
A scheduling timestamp is a timestamp in an abstract
|
1405 |
calendar format with a resolution appropriate for:
|
1406 |
|
1407 |
\begin{itemize}
|
1408 |
\item Representing the start times and end times of
|
1409 |
reservations.
|
1410 |
\item Marking database records with a modification time that will be
|
1411 |
formatted and displayed.
|
1412 |
\item Representing dates, such as expiration dates.
|
1413 |
\end{itemize}
|
1414 |
|
1415 |
\begin{figure}
|
1416 |
\centering
|
1417 |
\includegraphics[width=4.6in]{stimeformat01.eps}
|
1418 |
\caption{Format of STIME}
|
1419 |
\label{fig:stdd0:sdty0:stim0:00}
|
1420 |
\end{figure}
|
1421 |
|
1422 |
Figure \ref{fig:stdd0:sdty0:stim0:00} illustrates the format of
|
1423 |
an STIME\@. An STIME consists of 16 characters, with the following
|
1424 |
components.
|
1425 |
|
1426 |
\begin{itemize}
|
1427 |
\item \textbf{``ST'' (2 characters):}
|
1428 |
This fixed string aids in preventing type accidents with
|
1429 |
string data types.
|
1430 |
\item \textbf{Calendar year (4 characters).}
|
1431 |
\item \textbf{Calendar month (2 characters).}
|
1432 |
\item \textbf{Calendar day (2 characters).}
|
1433 |
\item \textbf{Hour, 24-hour time (2 characters).}
|
1434 |
\item \textbf{Minute (2 characters).}
|
1435 |
\item \textbf{Second (2 characters).}
|
1436 |
\item \textbf{Microsecond (6 characters).}
|
1437 |
\end{itemize}
|
1438 |
|
1439 |
Note that STIMEs as described have the property that the lexical
|
1440 |
string sort order corresponds to the time sort order.
|
1441 |
|
1442 |
An STIME is used only for scheduling time, and is necessarily the time in the
|
1443 |
client locale.
|
1444 |
|
1445 |
|
1446 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1447 |
|
1448 |
\subsubsection{DT8 (Short Calendar Date)}
|
1449 |
\label{stdd0:sdty0:sdat8}
|
1450 |
|
1451 |
\index{DT8}%
|
1452 |
The DT8 data type is used to specify dates in a shorthand
|
1453 |
format in GET/POST parameters and in software internals.
|
1454 |
The format is a string consisting of exactly 8
|
1455 |
characters:
|
1456 |
|
1457 |
\begin{itemize}
|
1458 |
\item Calendar year (4 characters).
|
1459 |
\item Calendar month (2 characters).
|
1460 |
\item Calendar day (2 characters).
|
1461 |
\end{itemize}
|
1462 |
|
1463 |
A DT8 is used only for scheduling time, and is necessarily the time in the
|
1464 |
client locale.
|
1465 |
|
1466 |
|
1467 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1468 |
|
1469 |
\subsubsection{T4 (Short Calendar Time)}
|
1470 |
\label{stdd0:sdty0:sdtt4}
|
1471 |
|
1472 |
\index{T4}%
|
1473 |
The T4 data type is used to specify times in a shorthand
|
1474 |
format in GET/POST parameters and in software internals.
|
1475 |
The format is a string consisting of exactly 4
|
1476 |
characters:
|
1477 |
|
1478 |
\begin{itemize}
|
1479 |
\item Hour (``00''-``23'', 2 characters).
|
1480 |
\item Minute (``00''-``59'', 2 characters).
|
1481 |
\end{itemize}
|
1482 |
|
1483 |
Note that the string ``2400'' is not a legal T4\@. Technically, ``2400'' is
|
1484 |
``0000'' of the following day.
|
1485 |
|
1486 |
A T4 is used only for scheduling time, and is necessarily the time in the
|
1487 |
client locale.
|
1488 |
|
1489 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1490 |
|
1491 |
\subsubsection{T3 (Shorter Calendar Time)}
|
1492 |
\label{stdd0:sdty0:sdtt3}
|
1493 |
|
1494 |
\index{T3}%
|
1495 |
The T3 data type is used to specify times in a shorthand
|
1496 |
format in GET/POST parameters and in software internals, with
|
1497 |
a granularity of 10 minutes.
|
1498 |
|
1499 |
Because \emph{\productbasename{}} will only schedule with a granularity
|
1500 |
of 30 minutes, any start time of a reservation is expressible as a T3.
|
1501 |
|
1502 |
The format of a T3 is a string consisting of exactly 3
|
1503 |
characters:
|
1504 |
|
1505 |
\begin{itemize}
|
1506 |
\item Hour (``00''-``23'', 2 characters).
|
1507 |
\item Minutes divided by ten (``0''-``5'', 1 character).
|
1508 |
\end{itemize}
|
1509 |
|
1510 |
Note that the string ``240'' is not a legal T3\@. Technically, ``240'' is
|
1511 |
``000'' of the following day.
|
1512 |
|
1513 |
A T3 is used only for scheduling time, and is necessarily the time in the
|
1514 |
client locale.
|
1515 |
|
1516 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1517 |
|
1518 |
\subsubsection{T2 (Shortest Calendar Time)}
|
1519 |
\label{stdd0:sdty0:sdtt2}
|
1520 |
|
1521 |
\index{T2}%
|
1522 |
The T2 data type is used to specify times in a shorthand
|
1523 |
format in GET/POST parameters and in software internals, with
|
1524 |
a granularity of 1 hour.
|
1525 |
|
1526 |
A T2 is simply the hour of the time, and may range from ``00''-``23''.
|
1527 |
|
1528 |
Note that the string ``24'' is not a legal T2\@. Technically, ``24'' is
|
1529 |
``00'' of the following day.
|
1530 |
|
1531 |
A T2 is used only for scheduling time, and is necessarily the time in the
|
1532 |
client locale.
|
1533 |
|
1534 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1535 |
|
1536 |
\subsection{User Permissions}
|
1537 |
\label{stdd0:supm0}
|
1538 |
|
1539 |
TBD.
|
1540 |
|
1541 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1542 |
|
1543 |
\subsubsection{Permission Templates and Permission Schema}
|
1544 |
\label{stdd0:supm0:snap0}
|
1545 |
|
1546 |
There are [at least] two ways of thinking about user permissions:
|
1547 |
|
1548 |
\begin{itemize}
|
1549 |
\item A user is in a defined role (customer, FBO owner, line employee,
|
1550 |
flight instructor, etc.) and should have fixed privileges
|
1551 |
directly tied to to the role.
|
1552 |
\item The role of the user is only a starting point for the granting
|
1553 |
of permissions. Users may require more or fewer permissions, in
|
1554 |
a fine-grained sense, than is traditional for their role. For example,
|
1555 |
a line employee may be authorized to change fuel prices or have other
|
1556 |
privileges not granted to other line employees.
|
1557 |
\end{itemize}
|
1558 |
|
1559 |
The approach taken in the \emph{\productbasename{}} software is the second
|
1560 |
approach---fine-grained permissions. The specific approach taken is:
|
1561 |
|
1562 |
\begin{itemize}
|
1563 |
\item At the time a user is created, they are created as a ``permission template'' corresponding
|
1564 |
to their role or job. The permission template is a starting point.
|
1565 |
\item Permissions are very specific and fine-grained, and all permissions can be
|
1566 |
individually added or removed from an individual user after the user
|
1567 |
account is created.
|
1568 |
\item The permission templates and the associated permissions are
|
1569 |
customizable in the configuration file.
|
1570 |
\item Most user permissions are Boolean in nature, but some may have integer,
|
1571 |
floating point, or
|
1572 |
string values.
|
1573 |
\end{itemize}
|
1574 |
|
1575 |
|
1576 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1577 |
|
1578 |
\subsubsection{Mechanism of Storage and Query}
|
1579 |
\label{stdd0:supm0:sstq0}
|
1580 |
|
1581 |
PHP is an interpreted language. The steps that are interpreted run
|
1582 |
relatively slowly (because the interpreter must parse the PHP statements), whereas
|
1583 |
PHP built-in functions (compiled `C' code) run very quickly. One way to enhance
|
1584 |
efficiency is to be sure that things that happen often come down to
|
1585 |
built-in functions rather than PHP statements that must be interpreted.
|
1586 |
|
1587 |
SQL queries are also relatively slow, and a mechanism that avoids these
|
1588 |
is desirable.
|
1589 |
|
1590 |
The mechanism chosen to represent permissions is:
|
1591 |
|
1592 |
\begin{itemize}
|
1593 |
\item User permissions are represented as a single string (in \emph{MySQL}, a
|
1594 |
\emph{varchar} field).
|
1595 |
\item The user permission string is a group of permissions separated by
|
1596 |
the forward slash character (``/'').
|
1597 |
\item Each permission takes one of the following forms:
|
1598 |
\begin{itemize}
|
1599 |
\item \emph{``/ptag''}:
|
1600 |
For a boolean permission, presence of the
|
1601 |
\emph{ptag} indicates that the user has the permission, and absence
|
1602 |
of the \emph{ptag} indicates that the user does not have the permission.
|
1603 |
\item \emph{``/ptag=``value''}:
|
1604 |
The permission (or attribute) \emph{ptag} is assigned the
|
1605 |
\emph{value}.
|
1606 |
\end{itemize}
|
1607 |
\item Permission strings are escaped so that the string \emph{``/ptag''}
|
1608 |
can occur only at the start of the definition of the permission
|
1609 |
\emph{ptag}. Specifically:
|
1610 |
\begin{itemize}
|
1611 |
\item If the forward slash character occurs in the value of a
|
1612 |
permission, the forward slash character is escaped
|
1613 |
by suffixing it with the backslash character.
|
1614 |
\item The permission values allowed are very restrictive. Specifically:
|
1615 |
\begin{itemize}
|
1616 |
\item Backslashes are not allowed within permission values.
|
1617 |
\item Double-quotes are not allowed within permission values.
|
1618 |
\end{itemize}
|
1619 |
\end{itemize}
|
1620 |
\item Presence of a permission can be rapidly determined by using
|
1621 |
a string search\footnote{The string search functions are built into PHP, and are
|
1622 |
very quick because they are compiled `C' code.}
|
1623 |
by ``\emph{/ptag}''. Because of the escaping used,
|
1624 |
this string can only occur if permission \emph{ptag} exists.
|
1625 |
\end{itemize}
|
1626 |
|
1627 |
|
1628 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1629 |
|
1630 |
\subsubsection{Administrator Permissions}
|
1631 |
\label{stdd0:supm0:sadp0}
|
1632 |
|
1633 |
TBD.
|
1634 |
|
1635 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1636 |
|
1637 |
\subsection{\emph{MySQL} Database Design}
|
1638 |
\label{stdd0:smdd0}
|
1639 |
|
1640 |
TBD.
|
1641 |
|
1642 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1643 |
|
1644 |
\subsubsection{Overall Relational Design}
|
1645 |
\label{stdd0:srds0}
|
1646 |
|
1647 |
Figure \ref{fig:stdd0:srds0:00} illustrates the overall relational
|
1648 |
database design. The design consists conceptually of only five tables.
|
1649 |
However, because the $\infty\leftrightarrow\infty$ relationships require
|
1650 |
a cross-reference table, seven physical tables are actually required.
|
1651 |
|
1652 |
\begin{figure}
|
1653 |
\centering
|
1654 |
\includegraphics[width=4.6in]{rdoveralldesign01.eps}
|
1655 |
\caption{\emph{\productname{}} Relational Database Overall Design}
|
1656 |
\label{fig:stdd0:srds0:00}
|
1657 |
\end{figure}
|
1658 |
|
1659 |
In the actual \emph{MySQL} database, the eight tables shown in
|
1660 |
Figure \ref{fig:stdd0:srds0:00} are named exactly
|
1661 |
as indicated:
|
1662 |
\index{usrs@\emph{usrs}}\emph{usrs},
|
1663 |
\index{resv@\emph{resv}}\emph{resv},
|
1664 |
\index{slot@\emph{slot}}\emph{slot},
|
1665 |
\index{rscs@\emph{rscs}}\emph{rscs},
|
1666 |
\index{sper@\emph{sper}}\emph{sper},
|
1667 |
\index{sess@\emph{sess}}\emph{sess},
|
1668 |
\index{loge@\emph{loge}}\emph{loge},
|
1669 |
and
|
1670 |
\index{dpar@\emph{dpar}}\emph{dpar}.
|
1671 |
The cross-reference table not shown in the figure is named by concatenating the
|
1672 |
cross-referenced table names:
|
1673 |
\index{usrsresv@\emph{usrsresv}}\emph{usrsresv}.
|
1674 |
|
1675 |
The seven tables shown in Figure \ref{fig:stdd0:srds0:00}
|
1676 |
have the following contents:
|
1677 |
|
1678 |
\begin{itemize}
|
1679 |
\item \textbf{\emph{usrs} (Users):}
|
1680 |
User information, including contact information and hashed password.
|
1681 |
\item \textbf{\emph{resv} (Reservations):}
|
1682 |
Reservations, including comments.
|
1683 |
\item \textbf{\emph{slot} (Slots):}
|
1684 |
Information about the actual time slot occupied by a reservations's
|
1685 |
linked resource, including start time and end time.\footnote{The
|
1686 |
\emph{slot} table allows a single reservation to use two or more different
|
1687 |
resources at different times. This occurs most commonly when a student
|
1688 |
schedules both ``ground'' and ``air'' time with an instructor, and the
|
1689 |
``ground'' time extends either before or after the ``air'' time, or both.}
|
1690 |
\item \textbf{\emph{rscs} (Resources):}
|
1691 |
Schedulable resources, including aircraft, simulators, and flight instructors.
|
1692 |
\item \textbf{\emph{sper} (Scheduling Permissions):}
|
1693 |
The relationship between users and resources, in terms of the user's ability
|
1694 |
to schedule the resource with and without an instructor.\footnote{Instructors themselves
|
1695 |
have no scheduling restrictions---any student may schedule time with any instructor.}
|
1696 |
\item \textbf{\emph{sess} (Sessions):}
|
1697 |
State of user logins.
|
1698 |
\item \textbf{\emph{loge} (Log entries):}
|
1699 |
Significant and insignificant events for the software. These are stored
|
1700 |
in a database table rather than a file
|
1701 |
for easier sorting, viewing, manipulation, and pruning.
|
1702 |
\item \textbf{\emph{dpar} (Database parameters):}
|
1703 |
Parameters of the database as a whole, such as the current
|
1704 |
version of \emph{\productbasename{}} that created the
|
1705 |
database and an SGUID obtained at the time any table of
|
1706 |
the database was modified.
|
1707 |
\end{itemize}
|
1708 |
|
1709 |
Note in Figure \ref{fig:stdd0:srds0:00} that there is a 1:1 link indicated
|
1710 |
between resources and users. Every flight instructor resource is also a user, and so
|
1711 |
when a user (usually, a student) creates, modifies, or cancels a reservation,
|
1712 |
the flight instructor user may be automatically notified by e-mail. In order to
|
1713 |
determine the e-mail addresses associated with the flight instructor resource,
|
1714 |
the link from the resource to the user is followed. Without such a link, the
|
1715 |
flight instructor's e-mail addresses would have to be maintained in two places in
|
1716 |
the database.
|
1717 |
|
1718 |
|
1719 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1720 |
|
1721 |
\subsubsection{Structure of Reservations}
|
1722 |
\label{stdd0:sres0}
|
1723 |
|
1724 |
A reservation consists of the following components (please
|
1725 |
refer to Figure \ref{fig:stdd0:srds0:00}):
|
1726 |
|
1727 |
\begin{itemize}
|
1728 |
\item One or more entries from the users table (\emph{usrs}). In the case
|
1729 |
of multiple users attached to a reservation, all have authority to
|
1730 |
modify the reservation.
|
1731 |
\item \textbf{Exactly one} record from the reservations table (\emph{resv}).
|
1732 |
\item One or more entries from the slots table (\emph{slot}).
|
1733 |
\item One or more entries from the resources table (\emph{rscs}), paired
|
1734 |
1:1 with the entries from the slots table. (Note also that a given reservation
|
1735 |
may include a given resource only once.)
|
1736 |
\end{itemize}
|
1737 |
|
1738 |
The format of a \emph{reservation} as presented above is deliberately general.
|
1739 |
It allows these reservation structures:
|
1740 |
|
1741 |
\begin{itemize}
|
1742 |
\item More than one user may be included on a reservation. This facilitates
|
1743 |
the case where two users schedule the same resource at the same time (for example,
|
1744 |
if two users fly together somewhere recreationally).
|
1745 |
\item If more than one resource is included on a reservation, the resources need not be
|
1746 |
scheduled at the same time. (For example, this accommodates the case where a student may have
|
1747 |
some ``ground'' time with a flight instructor before or after flying.)
|
1748 |
\item Any number of resources may be present on a reservation.
|
1749 |
(For example, a mechanic could reserve three planes at once for reservations.)
|
1750 |
\end{itemize}
|
1751 |
|
1752 |
Note that other rules (not related to database structure) may prohibit
|
1753 |
some of the structures above. For example, a student may be prohibited
|
1754 |
from scheduling more than one airplane and one instructor.
|
1755 |
|
1756 |
Zero-length reservations (reservations with $t_0 = t_1$) are currently prohibited.
|
1757 |
|
1758 |
Reservations can be of three types:
|
1759 |
|
1760 |
\begin{itemize}
|
1761 |
\item \index{active reservation}\index{reservation!active}\textbf{Active Reservations:}
|
1762 |
An active reservation is a reservation that currently blocks a resource
|
1763 |
(prevents other simultaneous active reservations).
|
1764 |
\item \index{standby reservation}\index{reservation!standby}\textbf{Standby Reservations:}
|
1765 |
A standby reservation is a reservation that can be promoted to
|
1766 |
an active reservation if the conflicting active reservation(s)
|
1767 |
are canceled.
|
1768 |
\item \index{banner reservation}\index{reservation!banner}\textbf{Banner Reservations:}
|
1769 |
A banner reservation is a ``reservation'' that is for
|
1770 |
information only, and cannot block active reservations or be
|
1771 |
promoted to an active reservation.
|
1772 |
|
1773 |
A banner reservation is for user information only. Sample
|
1774 |
uses of banner reservations:
|
1775 |
|
1776 |
\begin{itemize}
|
1777 |
\item To provide special instructions for scheduling an airplane
|
1778 |
or flight instructor. (Example: ``\emph{Please contact Jane
|
1779 |
directly to schedule instruction on Mondays}''.)
|
1780 |
\item To provide information about an airplane or flight
|
1781 |
instructor. (Example: ``\emph{Rates have been
|
1782 |
increased to \$100/hr for this aircraft}''.)
|
1783 |
\end{itemize}
|
1784 |
\end{itemize}
|
1785 |
|
1786 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1787 |
|
1788 |
\subsubsection{Treatment of Standby Reservations}
|
1789 |
\label{stdd0:ssby0}
|
1790 |
|
1791 |
A \index{standby reservation}\index{reservation!standby}\emph{standby reservation}
|
1792 |
is a reservation made for resource(s) when the resource is/are already
|
1793 |
committed to another reservation(s) at the same time. (\emph{At the same time} means
|
1794 |
any form of overlap.)
|
1795 |
|
1796 |
A standby reservation is represented in exactly the same way as an
|
1797 |
\index{active reservation}\index{reservation!active}active reservation, except that
|
1798 |
the Boolean table field
|
1799 |
\emph{isactive} (see \S{}\ref{sdtf0})
|
1800 |
is set FALSE.
|
1801 |
|
1802 |
Active and standby reservations are manipulated using the following
|
1803 |
rules.
|
1804 |
|
1805 |
\begin{enumerate}
|
1806 |
\item The maximum number (i.e. depth) of standby reservations is limited by
|
1807 |
a configuration constant in the \emph{TBD} file. If this configuration
|
1808 |
constant is 0, standby reservations are not allowed.
|
1809 |
\item The maximum depth of standby reservations configuration constant is
|
1810 |
only loosely enforced. There are some situations where depth of standby
|
1811 |
reservations will be underestimated (due to the computational complexity
|
1812 |
of evaluating the true depth), but \emph{at least} the number of configured
|
1813 |
standby reservations will be allowed.
|
1814 |
\item When a user schedules a reservation, the reservation is created as an
|
1815 |
active reservation if there are no resource conflicts. However, if there
|
1816 |
are resource conflicts and if the configuration allows it, the user is given the option of
|
1817 |
creating a standby reservation.
|
1818 |
\item When an active reservation is canceled, one or more standby reservations will be
|
1819 |
automatically promoted, if applicable, to occupy the resources freed up. If
|
1820 |
permission flags for the canceling user are appropriate, the promotion of standby
|
1821 |
reservations may be suppressed.
|
1822 |
\item If a cancelation is made too close to the reservation time, (the notion of
|
1823 |
``too close'' is a configuration constant), a standby reservation cannot be
|
1824 |
promoted (rationale: not enough time for the person whose reservation is promoted
|
1825 |
to react).
|
1826 |
\item FBO staff may change active reservations to standby reservations and may promote a
|
1827 |
given standby reservation to active (thus changing all conflicting active
|
1828 |
reservations to standby reservations),
|
1829 |
\textbf{but standby reservations may not have their priority reordered}.
|
1830 |
The relative priority of multiple standby reservations is determined by the
|
1831 |
creation SGUID---this is an automatic assignment and cannot be changed manually.
|
1832 |
\end{enumerate}
|
1833 |
|
1834 |
|
1835 |
E-mail notifications are sent whenever:
|
1836 |
|
1837 |
\begin{itemize}
|
1838 |
\item Standby reservations are automatically or manually
|
1839 |
promoted to active reservations.
|
1840 |
\item A standby reservation can't be promoted to an active reservation
|
1841 |
because an active reservation was modified or deleted too close
|
1842 |
to the reservation time.
|
1843 |
\end{itemize}
|
1844 |
|
1845 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1846 |
|
1847 |
\subsection{Query Complexity}
|
1848 |
\label{stdd0:sqcx0}
|
1849 |
|
1850 |
It needs to be verified that all of the intended queries and maintenance
|
1851 |
operations are approximately $O(\log N)$ (see \S{}\ref{stbg0:sonn0}, p.
|
1852 |
\pageref{stbg0:sonn0}). In this section, the major queries are
|
1853 |
examined in detail.
|
1854 |
|
1855 |
|
1856 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1857 |
|
1858 |
\subsubsection{Resource Scheduling Views}
|
1859 |
\label{stdd0:sqcx0:ssvw0}
|
1860 |
|
1861 |
Scheduling views are perhaps the most important query. Users expect
|
1862 |
``snappy'' response (near-instant display of scheduling information).
|
1863 |
|
1864 |
A scheduling view is parameterized by:
|
1865 |
|
1866 |
\begin{itemize}
|
1867 |
\item The set of resources whose schedules are to be displayed.
|
1868 |
\item The time window, identified by a lower and an upper bound.
|
1869 |
\end{itemize}
|
1870 |
|
1871 |
The set of resources whose scheduling information is to be displayed is a
|
1872 |
linear constant. It tends to be either of size one or every resource schedulable.
|
1873 |
In any case, it is a small number ($<$100).
|
1874 |
|
1875 |
The time window is parameterized for an SQL query on key fields.
|
1876 |
|
1877 |
$O(\log N)$.
|
1878 |
|
1879 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1880 |
|
1881 |
\subsubsection{User Views}
|
1882 |
\label{stdd0:sqcx0:suvw0}
|
1883 |
|
1884 |
All conceivable user views and edits (alphabetical, uid, whatever) are
|
1885 |
$O(\log N)$. There may be a few deceptive queries that become $O(N)$, but these
|
1886 |
can be massaged.
|
1887 |
|
1888 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1889 |
|
1890 |
\subsubsection{Standby Reservations}
|
1891 |
\label{stdd0:sqcx0:ssby0}
|
1892 |
|
1893 |
|
1894 |
|
1895 |
|
1896 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1897 |
|
1898 |
\subsection{Session Management}
|
1899 |
\label{stdd0:ssmg0}
|
1900 |
|
1901 |
TBD.
|
1902 |
|
1903 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1904 |
|
1905 |
\subsection{Mutual Exclusion and Database and Table Locking}
|
1906 |
\label{stdd0:sdbl0}
|
1907 |
|
1908 |
\index{locking (database}\index{database locking}\emph{MySQL} guarantees that
|
1909 |
each SQL statement will execute atomically. In many cases, necessary actions
|
1910 |
can be phrased as a single SQL statement, and no locking is required. However, in
|
1911 |
other cases, complex database updates must be completed atomically and locking
|
1912 |
is required.
|
1913 |
|
1914 |
In addition to database design issues, editing collisions due to the nature
|
1915 |
of HTTP must be handled appropriately.\footnote{Among web developers, these collisions
|
1916 |
are sometimes called \emph{midair collisions}\@. I don't believe
|
1917 |
this is suitable nomenclature in an aviation environment, and so the
|
1918 |
term \emph{HTTP editing collision} is used.}
|
1919 |
An HTTP editing collision occurs when two [or more] users obtain copies of data
|
1920 |
in web browser forms, one user commits changed data back, and the second user
|
1921 |
commits different changes, with no knowledge of the changes made by the first user,
|
1922 |
and thus may overwrite the first user's changes.
|
1923 |
|
1924 |
The strategy for mutual exclusion and database/table locking should meet
|
1925 |
these requirements and constraints:
|
1926 |
|
1927 |
\begin{itemize}
|
1928 |
\item The strategy must allow a database maintenance script to run concurrently
|
1929 |
with web access to the database.
|
1930 |
\item The strategy must not block web page views for too long (never longer than 1-4 seconds,
|
1931 |
and no delay for the vast majority of web page accesses).
|
1932 |
\item The strategy must be fair: no process should block indefinitely.
|
1933 |
\item The strategy should be simple.
|
1934 |
\item The strategy must at least detect and optionally correct HTTP editing collisions.
|
1935 |
\end{itemize}
|
1936 |
|
1937 |
The strategy employed is:
|
1938 |
|
1939 |
\begin{itemize}
|
1940 |
\item Any process (either maintenance or web access) that has mutual exclusion needs
|
1941 |
locks the entire database (rather than locking individual tables).
|
1942 |
\begin{itemize}
|
1943 |
\item This strategy is very simple.
|
1944 |
\item This strategy prevents the possibility of deadlock (due to ordering of table locks).
|
1945 |
\item This strategy inherently serializes and is fair (because of \emph{MySQL}'s behavior).
|
1946 |
\item Maintenance scripts can be written to check and correct the database
|
1947 |
incrementally and to lock the database only for short periods of time,
|
1948 |
thus not blocking web users for too long.
|
1949 |
\end{itemize}
|
1950 |
\item In any scenario where an HTTP editing collision is a potential problem:
|
1951 |
\begin{itemize}
|
1952 |
\item An SGUID is stored on a database record commit.
|
1953 |
\item The SGUID is provided as a hidden form field on editing pages.
|
1954 |
\item At the time a commit is attempted, if the SGUID held by the browser is different than the
|
1955 |
one in the database, there has been an editing collision. In this case, at minimum
|
1956 |
notification is made.
|
1957 |
\end{itemize}
|
1958 |
\end{itemize}
|
1959 |
|
1960 |
Finally, database locking has the standard software problem of how to embed a critical
|
1961 |
section within another critical section. The pseudo-code below should suffice.
|
1962 |
|
1963 |
\begin{verbatim}
|
1964 |
local_lock_var = global_lock_var;
|
1965 |
lock_database();
|
1966 |
global_lock_var = TRUE;
|
1967 |
|
1968 |
...
|
1969 |
Take action, perhaps calling sub-functions with
|
1970 |
identical pseudo-code.
|
1971 |
...
|
1972 |
|
1973 |
if (! local_lock_var)
|
1974 |
{
|
1975 |
unlock_database();
|
1976 |
global_lock_var = FALSE;
|
1977 |
}
|
1978 |
\end{verbatim}
|
1979 |
|
1980 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1981 |
|
1982 |
\section{Web Pages}
|
1983 |
\label{swpg0}
|
1984 |
|
1985 |
TBD.
|
1986 |
|
1987 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1988 |
|
1989 |
\subsection{\texttt{index.php} (Scheduler Entry Page / All Scheduling Views)}
|
1990 |
\label{swpg0:siph0}
|
1991 |
|
1992 |
TBD.
|
1993 |
|
1994 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
1995 |
|
1996 |
\subsection{\texttt{logview.php} (Action / Event / Exception Log View)}
|
1997 |
\label{swpg0:slvw0}
|
1998 |
|
1999 |
TBD.
|
2000 |
|
2001 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2002 |
|
2003 |
\subsection{\texttt{resourceadd.php} (Resource Addition)}
|
2004 |
\label{swpg0:srad0}
|
2005 |
|
2006 |
TBD.
|
2007 |
|
2008 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2009 |
|
2010 |
\subsection{\texttt{resourceedit.php} (Resource Edit)}
|
2011 |
\label{swpg0:sred0}
|
2012 |
|
2013 |
TBD.
|
2014 |
|
2015 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2016 |
|
2017 |
\subsection{\texttt{resourcemanage.php} (Resource List / Select Action)}
|
2018 |
\label{swpg0:srmg0}
|
2019 |
|
2020 |
TBD.
|
2021 |
|
2022 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2023 |
|
2024 |
\subsection{\texttt{resourceview.php} (Resource View)}
|
2025 |
\label{swpg0:srvw0}
|
2026 |
|
2027 |
TBD.
|
2028 |
|
2029 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2030 |
|
2031 |
\subsection{\texttt{signupadd.php} (Signup Addition)}
|
2032 |
\label{swpg0:ssad0}
|
2033 |
|
2034 |
TBD.
|
2035 |
|
2036 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2037 |
|
2038 |
\subsection{\texttt{signupedit.php} (Signup Edit)}
|
2039 |
\label{swpg0:ssed0}
|
2040 |
|
2041 |
TBD.
|
2042 |
|
2043 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2044 |
|
2045 |
\subsection{\texttt{signupmanage.php} (Signup List / Select Action)}
|
2046 |
\label{swpg0:ssmg0}
|
2047 |
|
2048 |
TBD.
|
2049 |
|
2050 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2051 |
|
2052 |
\subsection{\texttt{signupview.php} (Signup View)}
|
2053 |
\label{swpg0:ssvw0}
|
2054 |
|
2055 |
TBD.
|
2056 |
|
2057 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2058 |
|
2059 |
\subsection{\texttt{useradd.php} (User Addition)}
|
2060 |
\label{swpg0:susd0}
|
2061 |
|
2062 |
TBD.
|
2063 |
|
2064 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2065 |
|
2066 |
\subsection{\texttt{useredit.php} (User Edit)}
|
2067 |
\label{swpg0:suse0}
|
2068 |
|
2069 |
TBD.
|
2070 |
|
2071 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2072 |
|
2073 |
\subsection{\texttt{useremail.php} (Send Mass E-mail / Announcement to Users)}
|
2074 |
\label{swpg0:seus0}
|
2075 |
|
2076 |
TBD.
|
2077 |
|
2078 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2079 |
|
2080 |
\subsection{\texttt{usermanage.php} (User List / Select Action)}
|
2081 |
\label{swpg0:sumg0}
|
2082 |
|
2083 |
TBD.
|
2084 |
|
2085 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2086 |
|
2087 |
\subsection{\texttt{userview.php} (User View)}
|
2088 |
\label{swpg0:suvw0}
|
2089 |
|
2090 |
TBD.
|
2091 |
|
2092 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2093 |
|
2094 |
\section{Standalone Scripts}
|
2095 |
\label{ssas0}
|
2096 |
|
2097 |
TBD.
|
2098 |
|
2099 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2100 |
|
2101 |
\subsection{\texttt{adminforce.php} (Emergency Administrator Password Reset)}
|
2102 |
\label{ssas0:samf0}
|
2103 |
|
2104 |
TBD.
|
2105 |
|
2106 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2107 |
|
2108 |
\subsection{\texttt{dbconncheck.php} (Database Connectivity and Authentication Check)}
|
2109 |
\label{ssas0:sdbc0}
|
2110 |
|
2111 |
\index{dbconncheck.php@\texttt{dbconncheck.php}}The \texttt{dbconncheck.php}
|
2112 |
script takes the following actions:
|
2113 |
|
2114 |
\begin{itemize}
|
2115 |
\item Attempts to connect and authenticate to the \emph{MySQL} daemon
|
2116 |
using the information in
|
2117 |
\index{config.inc@\texttt{config.inc}}\texttt{config.inc}.
|
2118 |
\item Attempts to select the database specified in the
|
2119 |
\texttt{config.inc}.
|
2120 |
\item Attempts to close the \emph{MySQL} connection.
|
2121 |
\item Announces failure or success and provides details.
|
2122 |
\end{itemize}
|
2123 |
|
2124 |
The \texttt{dbconncheck.php} can be used to verify \emph{MySQL} database connectivity
|
2125 |
during the \emph{\productbasename{}} setup process.
|
2126 |
|
2127 |
The \texttt{dbconncheck.php} script takes no command-line parameters (it receives
|
2128 |
the \emph{MySQL} connection it requires by including \emph{PHP} library files).
|
2129 |
|
2130 |
|
2131 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2132 |
|
2133 |
\subsection{\texttt{dbinit.php} (Database Initialization and Upgrade)}
|
2134 |
\label{ssas0:sdbi0}
|
2135 |
|
2136 |
TBD.
|
2137 |
|
2138 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2139 |
|
2140 |
\subsection{\texttt{mainthot.php} (In-Service Daily Database Maintenance)}
|
2141 |
\label{ssas0:smah0}
|
2142 |
|
2143 |
TBD.
|
2144 |
|
2145 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2146 |
|
2147 |
\subsection{\texttt{phplibset.php} (Source File PHP Library Path Modification)}
|
2148 |
\label{ssas0:sphl0}
|
2149 |
|
2150 |
TBD.
|
2151 |
|
2152 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2153 |
|
2154 |
\subsection{\texttt{sitehashkeygen.php} (Source Hash Key Generation)}
|
2155 |
\label{ssas0:shkg0}
|
2156 |
|
2157 |
The \index{sitehashkeygen.php@\emph{sitehashkeygen.php}}\texttt{sitehashkeygen.php}
|
2158 |
script generates a suitable site hash key as a constant in a PHP include file
|
2159 |
and places it in a file named \emph{sitehashkey.inc}.
|
2160 |
|
2161 |
By default, the \emph{sitehashkey.inc} is placed in the current working directory.
|
2162 |
However, the \texttt{sitehashkeygen.php} script accepts an optional parameter,
|
2163 |
the directory in which to place the file.
|
2164 |
|
2165 |
\begin{figure}
|
2166 |
\begin{scriptsize}
|
2167 |
\begin{verbatim}
|
2168 |
<?php
|
2169 |
//This PHP include file contains the FboPrime site hash key. This key is
|
2170 |
//normally automatically generated at the time the software is set up.
|
2171 |
//This key can be edited by hand safely--it is just an ordinary string of
|
2172 |
//arbitrary length. However, if it is manually edited, it should be
|
2173 |
//edited only at the time the system is set up. Modifying this key on a
|
2174 |
//working system will invalidate every user password and may have other ill
|
2175 |
//effects as well.
|
2176 |
//
|
2177 |
//Permissions on this file should be set so that FboPrime users cannot view
|
2178 |
//its contents (it should be private to the Apache server). If FboPrime
|
2179 |
//users can view this key, it may enable some security attacks on the
|
2180 |
//FboPrime software (as users may be able to forge some data).
|
2181 |
//
|
2182 |
//Generating program: $RCSfile: manual.tex,v $
|
2183 |
//Generating program CVS revision: $Revision: 1.36 $
|
2184 |
//Generating program CVS revision date: $Date: 2006/04/10 04:28:07 $
|
2185 |
//Time of key generation: 05-Feb-2006 14:15:26 (UTC -0500)
|
2186 |
//------------------------------------------------------------------------------------------
|
2187 |
define("SITEHASHKEY_SITEHASHKEY", "5bc9fc5b2fafd50c5ac9c267f03fecb1668cf4de80f37f392b" .
|
2188 |
"2fbe0fefd0e5f76G[o6BCR.pitb[z-GOgdk=3GzdwU=I2)8>ff" .
|
2189 |
"vS(s17Wc,f?F*fS70WOz<3dUMfLV9=<FCZ[D(OQ/-PtQ*5Y*=w" .
|
2190 |
"nUzAy5Q3_Z*ToqCg*r*DgRbJq?O8*zEad.LL2kO-3CGr+1HPtv" );
|
2191 |
?>
|
2192 |
\end{verbatim}
|
2193 |
\end{scriptsize}
|
2194 |
\caption{Format of Automatically-Generated \emph{sitehashkey.inc} File}
|
2195 |
\label{fig:ssas0:shkg0:00}
|
2196 |
\end{figure}
|
2197 |
|
2198 |
A typical automatically-generated
|
2199 |
\emph{sitehashkey.inc} file is shown in Figure \ref{fig:ssas0:shkg0:00}.
|
2200 |
|
2201 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2202 |
|
2203 |
\subsection{\texttt{sbyrespromote.php} (Promotion of Standby Reservations)}
|
2204 |
\label{ssas0:spsr0}
|
2205 |
|
2206 |
TBD.
|
2207 |
|
2208 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2209 |
|
2210 |
\section{PHP Library Files}
|
2211 |
\label{sphl0}
|
2212 |
|
2213 |
TBD.
|
2214 |
|
2215 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2216 |
|
2217 |
\subsection{\texttt{config.inc} (Global Configuration Constants)}
|
2218 |
\label{sphl0:siph0}
|
2219 |
|
2220 |
\index{config.inc@\texttt{config.inc}}The \texttt{config.inc} file contains particulars
|
2221 |
of the FBO and the installation, including:
|
2222 |
|
2223 |
\begin{itemize}
|
2224 |
\item FBO location and contact information (mailing address, phone numbers, etc.).
|
2225 |
\item Database connection information (host, database, userid, and password information).
|
2226 |
\item Behavioral constants (scheduling and data retention policy).
|
2227 |
\end{itemize}
|
2228 |
|
2229 |
This file must be customized as part of the
|
2230 |
\emph{\productbasename{}} installation process.
|
2231 |
|
2232 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2233 |
|
2234 |
\subsection{\texttt{confighard.inc} (Global Unmodifyable Configuration Constants)}
|
2235 |
\label{sphl0:scfh1}
|
2236 |
|
2237 |
\index{confighard.inc@\texttt{confighard.inc}}The \texttt{confighard.inc} file contains
|
2238 |
global configuration constants that either:
|
2239 |
|
2240 |
\begin{itemize}
|
2241 |
\item Would not need to be configured by the FBO, or
|
2242 |
\item Are bound tightly to the code and so can't be changed without also
|
2243 |
changing the code.
|
2244 |
\end{itemize}
|
2245 |
|
2246 |
The constants in this file should not be changed by the users of the
|
2247 |
\emph{\productbasename{}} software.
|
2248 |
|
2249 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2250 |
|
2251 |
\subsection{\texttt{crhsh.inc} (Cryptographic Hash Functions)}
|
2252 |
\label{sphl0:schf0}
|
2253 |
|
2254 |
\index{crhsh.inc@\texttt{crhsh.inc}}The \texttt{crhsh.inc} file
|
2255 |
contains functions dealing with cryptographic hashes.
|
2256 |
|
2257 |
See \S{}\ref{stbg0:smdf0}, \S{}\ref{stbg0:sfch0}, and \S{}\ref{stbg0:spst0}.
|
2258 |
|
2259 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2260 |
|
2261 |
\subsection{\texttt{datefunc.inc} (Date Calculation and Related Functions)}
|
2262 |
\label{sphl0:sdfc0}
|
2263 |
|
2264 |
\index{datefunc.inc@\texttt{datefunc.inc}}The \texttt{datefunc.inc} file
|
2265 |
contains functions that perform date calculations
|
2266 |
(for example, date differences and the day of the week corresponding
|
2267 |
to an arbitrary date). Many of the calculations are based on modulo
|
2268 |
arithmetic.
|
2269 |
|
2270 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2271 |
|
2272 |
\subsection{\texttt{sitehashkey.inc} (Site Hash Key)}
|
2273 |
\label{sphl0:sshk0}
|
2274 |
|
2275 |
\index{sitehaskey.inc@\texttt{sitehashkey.inc}}The \texttt{sitehashkey.inc} file contains
|
2276 |
the site hash key. This file is normally automatically generated by the
|
2277 |
\index{sitehashkeygen.php@\emph{sitehashkeygen.php}}\texttt{sitehashkeygen.php}
|
2278 |
script as part of the \emph{\productbasename{}} installation process.
|
2279 |
|
2280 |
Please see:
|
2281 |
|
2282 |
\begin{itemize}
|
2283 |
\item \S{}\ref{sins0:sssi0:sgsh0} (p. \pageref{sins0:sssi0:sgsh0})
|
2284 |
for instructions about how to execute the \texttt{sitehashkeygen.php}
|
2285 |
script to generate the \texttt{sitehashkey.inc} file.
|
2286 |
\item \S{}\ref{ssas0:shkg0} (p. \pageref{ssas0:shkg0})
|
2287 |
for a description of the \texttt{sitehashkeygen.php}
|
2288 |
script.
|
2289 |
\item Fig. \ref{fig:ssas0:shkg0:00} (p. \pageref{fig:ssas0:shkg0:00})
|
2290 |
for the typical format of a site hash key.
|
2291 |
\end{itemize}
|
2292 |
|
2293 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2294 |
|
2295 |
\subsection{\texttt{timeraw.inc} (Raw Time Acquisition)}
|
2296 |
\label{sphl0:strw0}
|
2297 |
|
2298 |
\index{timeraw.inc@\texttt{timeraw.inc}}The \texttt{timeraw.inc} file contains
|
2299 |
functions that obtain the raw time from the server's clock.
|
2300 |
|
2301 |
Functions that obtain the raw time are localized in one file to ease
|
2302 |
Unix epoch issue changes if they have to be made.
|
2303 |
|
2304 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2305 |
|
2306 |
\subsection{\texttt{utime.inc} (UTIME Acquisition and Operations)}
|
2307 |
\label{sphl0:sutm0}
|
2308 |
|
2309 |
\index{utime.inc@\texttt{utime.inc}}The \texttt{utime.inc} file contains
|
2310 |
functions that:
|
2311 |
|
2312 |
\begin{itemize}
|
2313 |
\item Obtain the raw time from the server's clock in the UTIME
|
2314 |
format (described in \S{}\ref{stdd0:sdty0:sutm0}).
|
2315 |
\item Perform operations on the UTIME data type
|
2316 |
(described in \S{}\ref{stdd0:sdty0:sutm0}).
|
2317 |
\end{itemize}
|
2318 |
|
2319 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2320 |
|
2321 |
\clearpage{}
|
2322 |
\section{\emph{MySQL} Database Tables and Fields}
|
2323 |
\label{sdtf0}
|
2324 |
|
2325 |
This section provides a detailed description of each \emph{MySQL} database table
|
2326 |
and field. Documentation is maintained in this document rather than in
|
2327 |
the software source code.
|
2328 |
|
2329 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2330 |
\subsection{\emph{usrs} (Users) Table}
|
2331 |
\label{sdtf0:susr0}
|
2332 |
|
2333 |
The \emph{usrs} table contains information about each user, with each user stored in
|
2334 |
one database row.
|
2335 |
|
2336 |
\begin{docdbtblfielddef}
|
2337 |
|
2338 |
\item \index{uidx@\emph{uidx}}\textbf{\emph{uidx} (int)}
|
2339 |
|
2340 |
An integer index identifying the user, automatically assigned by the
|
2341 |
\emph{MySQL} database.
|
2342 |
|
2343 |
In many contexts (GET and POST parameters, for example), this index is
|
2344 |
used to identify a user. It provides a generally shorter way to identify
|
2345 |
a user than the \emph{userid}.
|
2346 |
|
2347 |
\item \index{userid@\emph{userid}}\textbf{\emph{userid} (varchar[20])}
|
2348 |
|
2349 |
The text string used to log in to the
|
2350 |
\emph{\productbasename{}} software. In the database table,
|
2351 |
this string is always stored in lower-case, but the software treats
|
2352 |
this string as case-insensitive when it is entered by a user.
|
2353 |
|
2354 |
This string must begin with a letter, and may contain letters and
|
2355 |
digits only.
|
2356 |
|
2357 |
The FBO may assign this text string arbitrarily. Common conventions
|
2358 |
are to use the first initial and last name (example: \emph{dashley}),
|
2359 |
first and middle initial and last name (example: \emph{dtashley}),
|
2360 |
or a nickname (example: \emph{womanizer}).
|
2361 |
\end{docdbtblfielddef}
|
2362 |
|
2363 |
|
2364 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2365 |
\subsection{\emph{resv} (Reservations) Table}
|
2366 |
\label{sdtf0:srsv0}
|
2367 |
|
2368 |
\index{resv@\emph{resv}}The
|
2369 |
\emph{resv} table contains one record for each reservation.
|
2370 |
|
2371 |
\begin{docdbtblfielddef}
|
2372 |
\item \index{ridx@\emph{ridx}}\textbf{\emph{ridx} (int64)}
|
2373 |
|
2374 |
An integer index identifying the reservation, automatically
|
2375 |
assigned by the \emph{MySQL} database.
|
2376 |
|
2377 |
\item \index{sstime@\emph{sstime}}\textbf{\emph{sstime} (char[14])}
|
2378 |
|
2379 |
An STIME string identifying the start time of the reservation. This is
|
2380 |
necessarily the minimum of the start times of any of the \emph{slot}s linked
|
2381 |
to the reservation, and is used to facilitate more efficient queries.
|
2382 |
|
2383 |
\item \index{estime@\emph{estime}}\textbf{\emph{estime} (char[14])}
|
2384 |
|
2385 |
An STIME string identifying the end time of the reservation. This is
|
2386 |
necessarily the maximum of the end times of any of the \emph{slot}s linked
|
2387 |
to the reservation, and is used to facilitate more efficient queries.
|
2388 |
|
2389 |
\item \index{csguid@\emph{csguid}}\textbf{\emph{csguid} (SGUID)}
|
2390 |
|
2391 |
An SGUID assigned at the time the reservation is created. This provides
|
2392 |
information about when the reservation is created, and also provides a
|
2393 |
guaranteed unique sort order for standby reservations.
|
2394 |
|
2395 |
\item \index{msguid@\emph{msguid}}\textbf{\emph{msguid} (SGUID)}
|
2396 |
|
2397 |
An SGUID assigned at the time the reservation is created or modified.
|
2398 |
This is used to prevent editing collisions and double-commits.
|
2399 |
|
2400 |
\item \index{isactive@\emph{isactive}}\textbf{\emph{isactive} (BOOLEAN)}
|
2401 |
|
2402 |
TRUE if the reservation is an
|
2403 |
\index{active reservation}\index{reservation!active}active reservation,
|
2404 |
or FALSE if the reservation is a standby reservation.
|
2405 |
\end{docdbtblfielddef}
|
2406 |
|
2407 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2408 |
\subsection{\emph{slot} (Slots) Table}
|
2409 |
\label{sdtf0:sslt0}
|
2410 |
|
2411 |
\index{slot@\emph{slot}}
|
2412 |
|
2413 |
TBD.
|
2414 |
|
2415 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2416 |
\subsection{\emph{rscs} (Resources) Table}
|
2417 |
\label{sdtf0:srsc0}
|
2418 |
|
2419 |
\index{rscs@\emph{rscs}}
|
2420 |
|
2421 |
TBD.
|
2422 |
|
2423 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2424 |
\subsection{\emph{sper} (Scheduling Permissions) Table}
|
2425 |
\label{sdtf0:sspr0}
|
2426 |
|
2427 |
\index{sper@\emph{sper}}
|
2428 |
|
2429 |
TBD.
|
2430 |
|
2431 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2432 |
\subsection{\emph{sess} (Sessions) Table}
|
2433 |
\label{sdtf0:sses0}
|
2434 |
|
2435 |
\index{sess@\emph{sess}}
|
2436 |
|
2437 |
TBD.
|
2438 |
|
2439 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2440 |
\subsection{\emph{loge} (Log Entries) Table}
|
2441 |
\label{sdtf0:slge0}
|
2442 |
|
2443 |
\index{loge@\emph{loge}}
|
2444 |
|
2445 |
TBD.
|
2446 |
|
2447 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2448 |
\subsection{\emph{dpar} (Database Parameters) Table}
|
2449 |
\label{sdtf0:sdpr0}
|
2450 |
|
2451 |
\index{dpar@\emph{dpar}}
|
2452 |
|
2453 |
TBD.
|
2454 |
|
2455 |
|
2456 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2457 |
|
2458 |
\clearpage{}
|
2459 |
\section{User Permission Flags and Values}
|
2460 |
\label{supf0}
|
2461 |
|
2462 |
\begin{docdbtblfielddef}
|
2463 |
|
2464 |
\item \index{slvl@\emph{slvl}}\textbf{\emph{slvl} (Security Level)}
|
2465 |
|
2466 |
The general security level of the user. Security levels are in descending
|
2467 |
security order. In general, a user at security level $n$
|
2468 |
cannot modify the settings of users with security level $<n$.
|
2469 |
|
2470 |
The levels used are:
|
2471 |
|
2472 |
\begin{itemize}
|
2473 |
\item \textbf{0:}
|
2474 |
System administrators.
|
2475 |
\item \textbf{1:}
|
2476 |
FBO management and senior staff.
|
2477 |
\item \textbf{2:}
|
2478 |
Flight instructors and mechanics.
|
2479 |
\item \textbf{3:}
|
2480 |
Line employees.
|
2481 |
\item \textbf{4:}
|
2482 |
Customers.
|
2483 |
\end{itemize}
|
2484 |
|
2485 |
\end{docdbtblfielddef}
|
2486 |
|
2487 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2488 |
|
2489 |
\clearpage{}
|
2490 |
\section{Glossary of Database Parameters}
|
2491 |
\label{sgld0}
|
2492 |
|
2493 |
This glossary describes the parameters that may be stored in the
|
2494 |
\emph{dpar} database table (see \S{}\ref{sdtf0:sdpr0}).
|
2495 |
|
2496 |
\begin{docglossaryenum}
|
2497 |
\item \index{MAINT_SCRIPT_ACTIVE@\emph{MAINT\_SCRIPT\_ACTIVE}}\textbf{MAINT\_SCRIPT\_ACTIVE}
|
2498 |
|
2499 |
Has the value of `0' if the maintenance script is not active, or
|
2500 |
the value of a UTIME (described in \S{}\ref{stdd0:sdty0:sutm0}) representing
|
2501 |
the time at which the maintenance script was started if the
|
2502 |
maintenance script is active.
|
2503 |
|
2504 |
This parameter is used
|
2505 |
so that a second instance of the maintenance script cannot be started while
|
2506 |
an earlier invocation is still in progress.
|
2507 |
|
2508 |
This parameter is also used to detect when a maintenance script has
|
2509 |
been terminated abormally, so that future invocations are not
|
2510 |
blocked indefinitely. The criterion used is that the maintenance
|
2511 |
script has apparently been active for too long (this can easily
|
2512 |
be determined from the UTIME value).
|
2513 |
|
2514 |
\item \index{FBOPRIME_VERSION@\emph{FBOPRIME\_VERSION}}\textbf{FBOPRIME\_VERSION}
|
2515 |
|
2516 |
The version number of \emph{\productbasename{}} that created the database.
|
2517 |
This version number is used only for database upgrades.
|
2518 |
The version of \emph{\productbasename{}} described by this document is
|
2519 |
\emph{\productversion{}}.
|
2520 |
\end{docglossaryenum}
|
2521 |
|
2522 |
|
2523 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2524 |
|
2525 |
\clearpage{}
|
2526 |
\section{Glossary of GET/POST Parameters}
|
2527 |
\label{sglo0}
|
2528 |
|
2529 |
TBD.
|
2530 |
|
2531 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2532 |
|
2533 |
\clearpage{}
|
2534 |
\section{Glossary of Terms, Acronyms, and Nomenclature}
|
2535 |
\label{sglo1}
|
2536 |
|
2537 |
\begin{docglossaryenum}
|
2538 |
|
2539 |
\item \index{GMT}\textbf{GMT}
|
2540 |
|
2541 |
See \emph{UTC} in this section.
|
2542 |
|
2543 |
\item \textbf{MAC}\index{MAS@\emph{MAC}}
|
2544 |
|
2545 |
Marshall Aviation Center.
|
2546 |
|
2547 |
\item \textbf{MAS}\index{MAS@\emph{MAS}}
|
2548 |
|
2549 |
Metzger's Aircraft Services.
|
2550 |
|
2551 |
\item \index{UTC}\textbf{UTC}
|
2552 |
|
2553 |
\emph{UTC} (universal time)
|
2554 |
is the time kept on the Greenwich meridian (longitude zero), and is
|
2555 |
normally five hours ahead of
|
2556 |
\index{Eastern Standard Time}Eastern Standard Time (\index{EST}EST).
|
2557 |
UTC is sometimes also called
|
2558 |
\index{GMT}GMT (\index{Greenwich Mean Time}Greenwich Mean Time)
|
2559 |
or \index{Zulu time}Zulu time.
|
2560 |
|
2561 |
\end{docglossaryenum}
|
2562 |
|
2563 |
|
2564 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2565 |
\clearpage{}
|
2566 |
\addcontentsline{toc}{section}{References}
|
2567 |
|
2568 |
\begin{thebibliography}{000}
|
2569 |
\bibitem{bibref:com:kalsoft}
|
2570 |
\index{Kalamazoo Software}\emph{Kalamazoo Software}\\
|
2571 |
\texttt{http://www.kal-soft.com}
|
2572 |
\bibitem{bibref:i:masternakdawn}
|
2573 |
\index{Masternak, Dawn}\emph{Dawn Masternak}\\
|
2574 |
\texttt{d\_masternak@hotmail.com}
|
2575 |
\bibitem{bibref:i:whitingtheresa}
|
2576 |
\index{Whiting, Theresa}\emph{Theresa Whiting}\\
|
2577 |
\texttt{limeshoes@yahoo.com}
|
2578 |
\bibitem{bibref:i:wynjadaniel}
|
2579 |
\index{Wynja, Daniel}\emph{Daniel Wynja}\\
|
2580 |
\texttt{danielwynja@hotmail.com}
|
2581 |
\bibitem{bibref:i:metzgereric}
|
2582 |
\index{Metzger, Eric}\emph{Eric Metzger}\\
|
2583 |
\texttt{ericmetzger@charter.net}
|
2584 |
\bibitem{bibref:i:ashleydavidt}
|
2585 |
\index{Ashley, David}\emph{Ashley, David}\\
|
2586 |
\texttt{dta@e3ft.com}
|
2587 |
\bibitem{bibref:p:ors}
|
2588 |
\index{ORS@\emph{ORS}}\emph{ORS} (\emph{O}nline \emph{R}esource \emph{S}cheduler)\\
|
2589 |
\texttt{http://ors.sourceforge.net}
|
2590 |
\bibitem{bibref:hagenhostingweb}
|
2591 |
\index{Hagen Hosting}\emph{Hagen Hosting}\\
|
2592 |
\texttt{http://www.hagenhosting.com}
|
2593 |
\bibitem{bibref:c:mysql}
|
2594 |
\index{MySQL@\emph{MySQL}}\emph{MySQL} \\
|
2595 |
\texttt{http://www.mysql.com}
|
2596 |
\bibitem{bibref:annarboraviationcenterweb}
|
2597 |
\emph{Ann Arbor Aviation Center} \\
|
2598 |
\texttt{http://www.aviationcenter.aero}
|
2599 |
\bibitem{bibref:gnuorgweb}
|
2600 |
\emph{GNU} \\
|
2601 |
\texttt{http://www.gnu.org}
|
2602 |
\bibitem{bibref:rfc1321}
|
2603 |
\index{RFC 1321}\index{MD5 message digest algorithm}\emph{RFC 1321---The MD5 Message-Digest Algorithm} \\
|
2604 |
\texttt{http://www.faqs.org/rfcs/rfc1321.html}
|
2605 |
\bibitem{bibref:i:rostamianrouben}
|
2606 |
\index{Rostamian, Rouben}\emph{Rouben Rostamian}\\
|
2607 |
\texttt{rouben@pc18.math.umbc.edu}
|
2608 |
\end{thebibliography}
|
2609 |
|
2610 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2611 |
\clearpage{}
|
2612 |
\addcontentsline{toc}{section}{Index}
|
2613 |
\printindex
|
2614 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
2615 |
\end{document}
|
2616 |
%
|
2617 |
%$Log: manual.tex,v $
|
2618 |
%Revision 1.36 2006/04/10 04:28:07 dashley
|
2619 |
%Edits.
|
2620 |
%
|
2621 |
%Revision 1.35 2006/04/08 04:03:02 dashley
|
2622 |
%Edits.
|
2623 |
%
|
2624 |
%Revision 1.34 2006/04/08 00:25:11 dashley
|
2625 |
%Edits.
|
2626 |
%
|
2627 |
%Revision 1.33 2006/04/05 02:04:35 dashley
|
2628 |
%Edits.
|
2629 |
%
|
2630 |
%Revision 1.32 2006/04/02 23:18:42 dashley
|
2631 |
%Edits.
|
2632 |
%
|
2633 |
%End of $RCSfile: manual.tex,v $.
|
2634 |
|