Assignment 4: Creating Your Own Electronic Auction Site

Description -

In this assignment, you will create your own local access electronic auction site, similar to the example that can be found by clicking HERE.

For an auction site, a lot of contents need to be generated dynamically. For this purpose, we need CGI (Common Gate Interface) programming. There are tons of on-line tutorials for CGI programming. Just use your favorite search engine and type in "CGI". You can use the Arizona and CGI servers here on campus to host your static web pages and CGI programs, respectively. It would be better if you had your own web server hosting the auction site so that you could have full control and less trouble. Just make sure that you can keep your web server up most of the time for the ease of testing. Following discussion will assume that you use the OIT servers.

Your auction site will consist of a main page, a registration page, a page explaining bidding rules, a page explaining the user agreement, and whatever other pages and CGI programs you deem necessary for your site. Choose some reasonable bidding rules. For starters, we can just use eBay's rules. An example item has also been provided, which is a fictional copy of "Ferris Bueller's Day Off". So if you have nothing better to sell, start by selling it.

The point of this assignment is to allow you to understand some of the basic requirements needed to get an auction site up and running, as well as understand what further work would be needed to create a more sophisticated commercial site. Also, we can use these home-made auction sites as test-beds to try out different auction rules and different bidding behaviors, such as "sniping", which might be our next programming assignment.

Requirement -

The auction site should, at the minimum,

Be up and running with reasonable robustness;
Hold auctions successfully, that is, based on the bidding rules you have chosen, show necessary info about an item, update bidding history according to incoming bids, give bidders correct responses and finally decide the winner and price correctly;
Anything beyond what is stated above could become extra credit. E.g. you can provide web pages to allow on-line submission of items to be sold.

For submission, please hand in a reasonably detailed description of your auction site and its internal mechanism, and a URL link to your running auction site. No hard copy of code is needed unless you feel it is necessary for explaining your work. You may be called on to supply working code in digital form. Again, the program and methodology is up to you.

Getting Started -

If you have not already done so, make sure to take care of these administrative tasks that need to be completed before you can use the CGI at Princeton. Some are specific to this course and this programming assignment, so even if you have a CGI account already, please be sure to read through these instructions anyway.

Creating The Site -

1) Choose your bidding rules

Now you will need to create your own file called rules.html, in your ~/public_html/auction directory. rules.html should be a simple web page explaining the rules of the auction. After you have created the new page, set the permissions of the file to 644.

2) Write your own CGI programs

First of all, make sure that you understand what CGI programming is about and how it works. If not, read more on-line tutorials.

To write CGI programs, you can choose different programming languages, Perl, shell script or C. For the example CGIs: Register.cgi and Bid.cgi, I used standard C. I also used a CGI library in C from http://www.harding.motd.ca/cgl/ to take care of routines like parsing form data. I used following files to generate the two CGIs: Register.c, Bid.c, cgl.h (the header file for the CGI library), libcgl.a (the library itself) and Makefile. Just putting them under a same directory and typing "make" in that directory should create the two example CGIs. For more information about make utility, see http://www.gnu.org/software/make/manual/make.html.

Any CGI program you create should have its permissions set to 711 using the chmod command and move to some appropriate subdirectory under /usr/campuscgi/your_netid/auction.

NOTE: One bad thing about C is that its executable is not platform-independent, which means you'd better make sure that the machine you use to compile your C code is platform-compatible with your target machine. In our case, the target machine campuscgi.princeton.edu runs Solaris on some Sun Architecture. Arizona machines are platform-compatible with it. So please do compile your code on Arizona machines if you want to use campuscgi.princeton.edu. If you choose to run your own web server on machine with diff. platform, please download the source code from http://www.harding.motd.ca/cgl/ to create your own version of libcgl.a.

3) Data Management and Synchronization

An auction cite needs to manage a lot of data about items being sold. Ideally, we should use a database as the backend to manage those data. But for simplicity, we can just use files for our assignment. However, file system doesn't automatically guarantee synchronized operations on files. So if two instances of a CGI program want to muck around a file simultaneously (which is very possible, considering bidding behaviors like "sniping") and there is no precaution taken in the CGI code, you are most likely to be screwed up in the end. For this purpose, I used fcntl() system call in Register.c to guarantee that there is only one instance of Register.cgi updating the password file at any given moment.

NOTE: Since the password file (automatically generated during the first registration) will also be accessed by the CGI server for user authentication, it is possible (though no very likely) that the CGI server will read the password file while it is half-way in a update. To prevent this from happening, another trick in Register.c is that Register.cgi will first update a temporary file, and then rename the temporary file to replace the original file. File system guarantees that the rename operation is atomic.

NOTE: If you are using the scheme of updating a temporary file and then renaming it to update a file, DON'T lock the original file directly with fcntl(). In stead, lock a separate lock file, like what I did in Register.c.

4) User Authentication

By putting the sample .htaccess inside /usr/campuscgi/your_netid/auction, the CGI server will enforce user authentication before accessing anything inside that directory, including all your CGI programs for this assignment. This is the good way to force a user to provide his/her username (like bidder IDs in eBay) before s/he can bid. The way to extract this piece of information is demonstrated in Bid.c. A username is created by the registration process.

Credits: Created by Damian Petrone and Jamie Feinberg. Revised by Fengzhou Zheng.