My good friend Mayank Sharma had done some work with web forms and CGI for the main IIT-D home page. That inspired me. I got hold of a soft copy of O’Reilly’s CGI Programming on the World Wide Web and went through the basics of CGI. I was in Baroda for the end-semester break in December 1999 and I could foresee a lot of issues:
- I did not have an internet connection at home, so there was no way I could test out my stuff live.
- Where would the yearbook be hosted? How would I be able to access it?
- I was not familiar with databases. How would I manage the different data? This presented some related issues
- We did not have access to IIT’s PostgreSQL database and I was not aware of a MySQL database either. Even if I learnt stuff about databases, where would I use it? I figured out later that the kind of work I wanted to do needed rudimentary database knowledge, so if I had access I would definitely have used this option.
- There was another problem regarding access control, which I shall present shortly.
- What kind of permissions did I have to provide on the pages? One important aspect to note is that the entire source code would be on my home folder, which was accessible to everyone else. If I blocked write access then HTTP wouldn’t be able to write to them and if I allowed write access then everyone would be able to write to them.
I resolved to tackle problems beyond my purview once I got back to IIT. In the meanwhile I got cracking. I made a few decisions:
- I drew up the list of fields for each person – Name, Date of Birth etc.
- I decided that each person would be able to enter some general stuff about himself / herself and comment about others
- Each person would be able to upload a photo that would go into the profile picture.
- There would be an additional section that the administrator (I) would be able to write to, for each person. This section would have things like humorous posts made on mailing lists by people and so on.
- There would be no editing. You could modify things you have said about yourself, but not things that you said about others or others said about you. In fact even the administrator would not do things like correct spellings. Not allowing a user to edit comments previously entered actually resolved some technical challenges, as I will explain later.
With the requirements decided I got down to do the coding. There were 2 sets of files
- The main CGI code to capture inputs. There were three of them:
- Login (using shadow passwords)
- Modify your own page
- Add a comment to another person’s page
- The file-based simulation of a database. This took care of challenge #3, to an extent. For each user xxxxxxxx there were 5 files:
- xxxxxxxx-self.txt – This had details provided by the user. The fields were separated from their values using delimiters. Think of each such file as a record in a database table, where each field has a value and some fields may be null.
- xxxxxxxx-others.txt – This had comments made by other users about xxxxxxxx. Whenever a new comment was added, the name of the person and the comment would get appended to the end of this file. Think of each such file as a grouping of records in a comments table.
- xxxxxxxx-admin.txt – Ths had entries made by the administrator (me).
- xxxxxxxx.gif / xxxxxxxx.jpg – A photo uploaded by the user.
- xxxxxxxx.html – Where it all came together. This file was essentially an HTML representation of the other 4 put together (like a database query). I pulled a nifty trick here. What I did is that in my CGI code, whenever made an update for a particular user I regenerated the HTML.
Luckily I had Linux and Apache on my computer at home, so I could install my own Apache server and play with things a bit. That took care of challenge #1. Full-blown tests were not possible, however, since I didn’t know what IIT’s environment looked like. With the code more or less in place and my vacation finished I went back to IIT, to see how this code could be deployed.
Within the first few weeks after the vacation I took Mayank’s help and firmed up the CGI part of it. I also got Avneesh Sud to test it out for security, because earlier that year one of my juniors had caused serious damage by installing a login prompt simulator on other people’s machines and had managed to get hold of 80+ passwords. I let Sud sit on the scripts for a few hours to certify that all was well. Mayank and Sud also suggested that I use the private_html folder on “poorvi” to host the scripts. Challenge #2 was down. Sud also helped me address challenge #4 by setting me as the file owner and allowing write permissions to a group, and the group had the HTTP protocol. This seems a lot simpler now, but in those days of programming assignments such tasks were left to the System Administrators. Sud happened to be one. So the script was all set and it went live in the middle of January 2000.