NeoSoft Support Forum

[cp4w]

I have an NB quiz program (exe) that a class of students take online. After a student finishes, all the quiz data (# correct, specific answers, etc) is contained in a variable (JohnsData). I would like a routine to have each student's variable written to a common location or file so that each student's data can be imported into a database. I don't know how to get the variables into a common location.

One idea was to write the data to a Google document that can be shared by multiple users. It would be easy to do a Filewrite except for the specification of the destination file which requires a drive and path.

Basic question: how to get the variables into a common location from which they can be processed/parsed?

[Gaev]

cp4w:

You don't say what the network environment is ... i.e. is the common location connected via a LAN or the Internet ?

If it is a LAN connection, you should be able to copy (write) the information to a file on this common location ... users' Name/ID information can be used to differentiate the various files (names) from each of them.

If it is an Internet connection, you would need a php/asp/perl kind of script on the server to accept the result of an InternetGet or InternetSet command.

[cp4w]

Thanks Gaev. At the moment I'm using an elearning platform called BlackBoard (BB). I don't know if BB is on the university network (lan?) or if the connection is to a BB server via the internet.

[dpayer]

Thanks Gaev. At the moment I'm using an elearning platform called BlackBoard (BB). I don't know if BB is on the university network (lan?) or if the connection is to a BB server via the internet.

If people are using a NB app to respond to questions and these people are on various locations then why don't you simply have the results emailed to you and you continuously monitor the appropriate mailbox for new input and then post the results (automated via NB application?) on the appropriate site?

David P.

[cp4w]

Thanks for the suggestion. I did have the students' exam data emailed to me at one time, but it was tedious to open 40+ emails and copy them to a "master" file for processing. I want to get all the data directly into a "master" file which can then be imported into db. The university computer people tell me that there's a way to have data from individual (remote) computers written to a file on the university's server, using an ftp utility. I'm not knowledgable at this level (yet) but I hope they're right.

[carlos torres]

Dear cp4w

On a LAN I thhink it will be "easier"...

- Open your db as multiuser
- collect each final result/marks in predefined file (name and path)

Using a LAN I personally keep the resaults in tow ways: in a zip file the rtf with complete test and plain txtfile just with code, name, grade, group

Hopefully it helps

carlost

[Neosoft Support]

You can use a simple php script and NeoBook's InternetPost action to append data to a file on a web server. This idea comes from a customer in France:

First, create an ASCII text file called datainput.php (or some other name if you prefer) containing the following lines:

Code: Select all

<?
$file=fopen( $fname, 'a' );
fputs( $file, "$data \n" );
fclose( $file );
?>

Upload this file to your server.

You can then pass data from NeoBook to the server like this:

Code: Select all

SetVar "[Score]" "Data to send to server..."
InternetPost "http://yourserverpath/datainput.php"
"fname=testresults.txt&data=[Score]" "" ""

This will append the contents of the variable [Score] to the end of a file called testresult.txt on the server.

[cp4w]

Thanks very much for the php information. Under the assumption that I can properly implement the code to append, is there a comparable "snippet" for reading the file's data back into NB? Thanks again

[Wrangler]

If the file is not located in a password protected directory, you can use:

DownloadFile "http://www.yourdomain.com/testresults.txt" "testresults.txt" ""
FileRead "testresults.txt" "All" "[testresults]"

The contents of the file will be contained in [testresults]. You then have various options of displaying the data, depending on how you would want to process it.

If the file is in a password protected area, you will have to use one of the ftp plugins available to retrieve the file.

[dpayer]

You can use a simple php script and NeoBook's InternetPost action to append data to a file on a web server. This idea comes from a customer in France:

First, create an ASCII text file called datainput.php (or some other name if you prefer) containing the following lines:

.

If the world were a nice place, this may be a good solution.

As it is, as soon as someone finds out your methodology, they can write a file with a PHP extension that will allow them to take control of many functions on your server. They would be able to create PHP files to upload and execute other files on your server. The server could be taken over completely in a short period of time.

This would work if you have some sort of password protection for accessing that php file and only if you absolutely trusted the people who would use it. In short it could still cause a problem.

Why don't you set up a database on the server and have a form submit to update the database? You could have the NB application create a page that submits to the database when they are done inputing their information.

David P.

[Wrangler]

They would be able to create PHP files to upload and execute other files on your server. The server could be taken over completely in a short period of time.

How would one upload a php file without server access? They would need to hack into the server to do this. If they did do that, they would have control over your server anyway, regardless of the security measures in place. Any server should have maximum security installed to prevent hacking as much as technology will allow. You can't stop the determined, experienced hacker anyway.

Do you know something I don't?

[dpayer]

They would be able to create PHP files to upload and execute other files on your server. The server could be taken over completely in a short period of time.

How would one upload a php file without server access? They would need to hack into the server to do this. If they did do that, they would have control over your server anyway, regardless of the security measures in place. Any server should have maximum security installed to prevent hacking as much as technology will allow. You can't stop the determined, experienced hacker anyway.

Do you know something I don't?

Dave @ Neosoft gave the example of how to create a PHP file that would allow him to upload a file to the server. He gave the example of making it a TXT file but you could easily use that to make a php file.

This could contain any php code. This could cause a problem.

That was my point.

David

[Wrangler]

I think you may have misunderstood Dave. The nb program wouldn't create the php file. You would create the php file, and upload it to the server with ftp, where it would reside until needed. Using internetpost to the php file, it would append data to the text file located on the server. Don't know if php would create the text file if it didn't exist. If not, a blank txt file would have to be uploaded as well. To secure the data in the text file, it should not have public access permissions set.

Even if the program DID create the php file and upload it, which I wouldn't recommend, surely you wouldn't give the user access to that function. It would be done behind the scenes, and compiled into the exe.

[dpayer]

Even if the program DID create the php file and upload it, which I wouldn't recommend, surely you wouldn't give the user access to that function. It would be done behind the scenes, and compiled into the exe.

Here is my point. What if someone discovered the methodology of that file. A php file you could push data to and have the server save it as a file with any extension you wanted on it. One may think that it is highly unlikely anyone would find out such information but you will be astounded at the types of things done by hackers. If this were built into a program, you can still see which file it accesses and the data it gets sent if you monitor a proxy that is inbetween sender and receiver. If it were not done within the program but simply as data shared by email (hey, go to the www.mydomain.com/something.php and put your data in there.) there are issues if that email is 'shared' accidentaly.

Security by obfuscation is very weak.

The file to upload, as described by Dave, wasn't the best example (and I don't think it was mean to be definative but to simply give ideas to the person). I only wanted to bring to the surface the issue I saw if someone were to use this example literally and then others were able to access their site/server.

I have had compromised servers, and it aint pretty.

David P.

[Gaev]

Wrangler:

I agree with what DavidP is cautioning about ... one reason I don't post php script solutions here is because unless one knows the security setup at the server end, you can end up compromising the entire server.

In the particular example ... which was probably given as a "directional suggestion" ... if implemented "as posted", would enable someone to ...

a) SetVar "[Score]" "{php script commands to erase all files on the server/folder}"

b) InternetPost "http://yourserverpath/datainput.php" "fname=EraseEverything.php&data=[Score]" "" ""

c) And then invoke the malicious php script using URL of "http://yourserverpath/EraseEverything.php"

At the very least, the php script should be designed to append its own file extension (.dat or something) for the file saved on the server.


To get back to the original enquiry ...

If server people allow ftp access ...

i) each user's application should upload a uniquely defined file into the reserved folder using the assigned login/password

ii) cp4w would then have a collector pub that would download each uniquely defined file and extract+accumulate all required data


If php support exists ...

i) one php script should be designed to accept form data (via InternetPost) ... and save the data in a file or database

ii) and another php script to allow saved data to be downloaded

... both scripts would check for user/password values in the form data.