PwP: Promotion with Peers

Promotion with Peers (PwP) is an online discussion platform provided for students to improve their efficiency. Team members are students from the ELEC3609 Internet Software Platforms subject. The main technologies involves: JavaScript, Vue.js, Python3, Django, MySQL, Redis.

Project Introduction

Since March 2020, due to the outbreak of COVID-19, study in University of Sydney have moved fully online, and most of the libraries in the university are shut down temporarily, or allowing only a limited number of people to enter. It led to the problem that a certain number of students claimed that their studies were not as efficient as before.

It is a common phenomenon in the university that students would find themselves more engaged in studying or working when they are in the library than at home, which could be supported by the data from the Australasian Survey of Student Engagement(AUSSE) demonstrating a link between the frequency of student's using library and the student's academic performances

This phenomenon can be explained by social psychology theories named intergroup discrimination and social categorization published by Henri Tajfel. Because according to Henri's theory, students have the cognitive intention to categorize students who are studying in the library as the “hard-working” peers, and when they feel that they are “supervised” by the hard-working peers, the students could be easily motivated to do the same as their peers are doing.

Promotion with Peers (PwP) is an online discussion platform provided for students only, where students can share their studying objectives and plans as well as some key results(Goal) with their peer users, so that they can simulate the atmosphere of the library, and students could be motivated when they could perceive that their study plans are “supervised” by their peers.

Key Techonlogies

• Python3 - Django
• JavaScript - Vue.js
• MySQL
• Redis

System Data Model (ERD)

The Entity-Relationship Diagram demosntrates the overall structure and the relationships among data model in PwP.

Key Features

User management

PwP provides secure user verification when users are trying to create their accounts (registration). It will requires the users to enter the verification code sent to their student email. In order to enable the system to handle massive verification requests, the verification code is stored in cache using Redis.

After registration, PwP can authenticate the user account and distinguish the user types of the account (student or admin) and then direct to the corresponding pages providing different functionalities

Profile Update

After a user logged in, he or she will be able to enter the Profile page, where he or she can view their current profile information, including their First Name, Last Name, Username, Gender, Department, and Email.

On the Profile page, the user is also able to update the profile information of the account, including their First Name, Last Name, Department, and Gender.

Goal and Task Management

PwP allows all active users to setup their own goals, and they can decide to publish their goals by setting the goal to "public", or if they want to keep something to themselves, they can hide it by setting the goal to "private".

Once a user setup a goal, the system encourages the users to breakdown the goal into specific tasks. Users can then keep track of the progress of each task. More importantly, PwP will help visualize the progress by automatically compute the percentage of "finished" tasks under each goal.

Forum

The Forum Page is the most important web page in the scope of PwP, which integrates most of the functions and data in the system.

All users are able to view all "public" goals posted by their peers and themselves, and by clicking on the "goal" button under each post, the task list and progress of that goal will be demonstrated on the left hand side.

By entering the url, users can still visit this page without logged in, but they will not be able to interact with other users by commenting,liking, or reporting.

Comments Under Posts

After a user logs in, he or she can leave comments under public posts displayed on the forum.

Admin User Interface

To help manage the users and published contents, we specify a special type of user called "admin". This type of users cannot be registered by aforementioned process. "admin" user can only be granted by updating the database directly.

The login process for admin users will be the same, and once the user is logged in as an admin user, he or she will be able to see more content on the forum page, including

• The posts posted by other admin users will be highlighted with an "admin" token under their profile photo.
• Goals and tasks set to "private" will still be displayed.

Admin Users: Banning Reported Users

Any users could report inappropriate content published on forum by clicking on the "report" button in red on the rightmost of the post.

Admin users will be able to manage those reported users by entering the "Admin" web page (which could not be accessed by student users).

On the "Admin User Management" page, all the active users will be listed, and admin users can access their posts by clicking on their name or photo.

Each of their posts will be provided with the number of "likes" and "reported times" to help admins make decisions. If the admin user finds out that the posts are indeed inappropriate, he or she can ban the post by clicking on the "Ban" button in red on the right.

The post banning could be undone by clicking on the "Restore" in green.

Moreover, if the admin user finds that a certain user has published too much inappropriate contents, this user will be considered as a "Malicious User". The admin user can ban his or her user account by clicking on the "Ban" button in red right next to the user account, which could also be undone by clicking on the "Restore" button in green.

Subscription

After a user logged in, he or she could subscribe the Goal that he or she finds interesting by clicking on the "subscribe" button right next to the post.

By subscribing, the subscribed posts will be displayed on top of the forum, so that any progress made to these goals will be noticed by the user as soon as possible.

The Subscription could also be undone by clicking on the "unsubscribe" button in blue.

Security

In PwP project, we have applied several methods to ensure the private information could not be stolen, which included the use of the POST method, CSRF token, ORM prevention, password encryption, and email verification.

• POST method

For responses that contain private information, we use the POST method to ensure that no information leakage occurs. Because the information stored in the body is encrypted, it protects against most cyber attacks. This plays a very positive role in protecting users' passwords and personal information.

• CSRF token

If a user opens a malicious site, and a misleading piece of content contains important APIs on our platform, then when the user clicks on the link, he or she is unknowingly doing something, such as sending malicious content, deleting data, etc. This is because malicious websites use users' cookies saved in the browser.

Therefore, in order to prevent such problems, we store the CSRF tokens in the front end so that malicious websites cannot imitate our API by inducing entry only. CSRF tokens are generated in the back end, and if the back end receives a request that does not have or contains the wrong token, it will deny access, which greatly improves user security.

• Password Encryption

We used the built-in encryption method in Django to improve the safety of the password. Then the password field in the database is encrypted. Even if the database is connected by the others, they could not know what exactly the password is.

• Email Verification

We had an email verification mechanism to protect the security of the accounts. When a user tries to sign up or forget his/her password, our system will send an email to check whether he/she is a malicious user or the operation is made by himself/herself. In this case, it can avoid the user's malicious multiple signups as well.

• ORM Prevention

In our database system, we made an ORM prevention to ensure the security of the database. By adhering to ORM we only need to interact with the object, instead of operating SQL language. In this case, we can protect our database from SQL injection threats.

Accknowledgement

I would like to express my sincere gratitude to all the contributors to this project.
Particularly in this project, everyone on the team takes responsibilities and development tasks equally, so contributors are listed below in alphabetical order only (without roles specification).

• Baocheng Wang (He/him)
• Jian Kang (He/him)
• Yanhao Xu (He/him)

Related

• ELEC3609: Internet Software Platforms
• Django Docs: The web framework for perfectionists with deadlines.
• Vue.js v2 Docs: Guide
• Google Python Style Guide
• Google HTML/CSS Style Guide
• Google JavaScript Style Guide
• Google C++ coding style
• Vaughan, Graham M.. "Henri Tajfel". Encyclopedia Britannica, 18 Jun. 2021
• Redis Docs: an in-memory database that persists on disk