EECS 339 Project A DindaProject A: Extending MicroblogIn this first project, you will spend an intensive three weeks understanding theimplementation of a small web log (“blog”) application, Microblog, and extending it toadd additional functionality. The project must be done individually, although you are strongly encouraged to ask forhelp from the TAs, classmates, and friends. The goal here is for you to understand, top-to-bottom how a database-backed web application works. In project B, you will designand implement your own database-backed web application from scratch.Before you startRead the handout “Using Oracle in the TLAB and VLAB Environments”. This willexplain how to log in to the server, how to configure your environment, and how toaccess oracle using SQL*Plus. Make sure that your environment is working correctly. Getting and installing MicroblogTo install Microblog, log into your account on the server and do the following:cd ~/public_htmltar xvfz ~cs339/HANDOUT/microblog/microblog.tgzcd microblogmore READMEThe README file will give you detailed instructions on how to configure Microblog andverify that it is working. You should be able to visit your Microblog viahttp://339.cs.northwestern.edu/~you/microblog/blog.html. At this point, you should beable to log in as the root user and do the following: add and delete users, add and revokeuser permissions, write messages, see a summary of all messages, and see all themessages.Note that we do expect that your blog system will be running and visible athttp://339.cs.northwestern.edu/~you/microblog/blog.html. We will have a master list ofthe blogs available on the course web site so that you’ll be able to check out the progressof other student’s blogs. We will provide you with a mechanism that will not permitother students to see your code, only its execution.Page 1 of 7EECS 339 Project A DindaHow does Microblog work?The state of Microblog (users, their permissions, and the messages) lives entirely in thedatabase. That state consists of a sequence and three tables (see blog.sql). Theblog_users table contains the username, password, and email address of each Microbloguser. The password is stored in cleartext, which is insecure. The blog_actions tablecontains the names of all the possible actions that a user may take in Microblog. Theblog_permissions table maps from Microblog usernames to the actions that they havepermission to take. An action should only be taken if the action exists in the blog_actionstable, the user exists in the blog_users table, and the user has permission for the action inthe blog_permissions table. By default, the following actions are made available:manage-users, query-messages, delete-any-messages, delete-own-messages, and write-messages. Two users are added by default: root, with password rootroot, who can doanything, and none, with password nonenone, who can do nothing.The blog_message_id sequence provides a way of getting a unique number for taggingeach message (the message id). The blog_messages table contains the actual messages.In addition to a message id, each message has an author (who must exist in theblog_messages blog_users table), a subject, a timestamp, and the text of the message(which can be HTML). A message also has a field called “respid”, which is the id of themessage to which it is responding. This referential behavior means that the messagesform a tree. By default, there is a message with id zero, written by user none, andreferring to itself that is installed into the database. This message, which is neverdisplayed, is the root of the message tree.Microblog has a notion of user sessions. The state of a session is kept in the webbrowser, in a cookie named MicroblogSession. When users log into Microblog they aregiven a cookie that contains their login name and password in cleartext (this is notsecure) and is set to expire in about one hour. Without a cookie, the user can only log in.When presented with a cookie, Microblog uses its contents to authenticate the user andcheck to see if he has the necessary permissions (authorization) to do what he wants.The following is a more detailed description of a Microblog session:ð The user visits http://339.cs.northwestern.edu/~you/microblog/blog.htmlð blog.html is loadedo It creates an HTML frameset, consisting of a left frame and a right frameo The left frame is filled with actions.html, whose different links aretargeted at the right frame.Page 2 of 7EECS 339 Project A Dindao The right frame is filled by executing blog.pl with the “act” parameter setto “query” o blog.pl notices that there is no cookie and so forces the “login” action.o The login form is displayed.ð The user fills out the login form and hits submit.ð blog.pl is invoked with the “act” parameter set to “login”, and the “loginrun”parameter set to one.o blog.pl extracts the “user” and “password” parameters provided by theform, and does a SQL query to see if the combination exists in thedatabase.o If the combination exists, it creates a cookie with the combination andpasses it back to the user’s browser. Next, it displays the query form(provided the user is permitted query-messages).o If the combination does not exist, blog.pl complains, does not return acookie, and displays the login form again.ð At this point, the user’s browser has the cookie, which is good for one hour.ð The default “query” action, if there is a cookie, and the user/passwordcombination in the cookie is valid, and the user has query-messages permission,displays the query form and then does a SQL query to generate a summary of allthe messages in the database which it then displays as an HTML table.ð The user fills out the query form and hits submit.ð Seeing that the “queryrun” parameter exists, blog.pl, if there is a cookie, and theuser/password combination in the cookie is valid, and the user has query-messages permission, executes a SQL query that fetches all the matchingmessages. It then prints them formatted in HTML.ð On every interaction, the cookie is refreshed, so the one hour time limit on thecookie is basically the maximum idle time before the user is logged out.ð The other actions are very similar to the query action.Project StepsIn this project, you will extend Microblog to provide the following functionality. Eachextension is marked with a percentage that is intended to reflect its perceived