Caltech Biology Division auction system

  30-JUN-1997
  David Mathog, Biology Division, Caltech
  mathog@seqaxp.bio.caltech.edu

Source:
   http://seqaxp.bio.caltech.edu:8000/pub/SOFTWARE/auction.zip

This is a simple auction system, appropriate for the sale of a relatively 
small number of items, by sale to the highest bidder.  Since some other 
sites may have use for a similar system, it is being made publicly 
available.  It is designed to work with the OSU web server, but would 
probably work with some minor tweaks with other OpenVMS web servers.

Installation instructions:

1. Unpack the disbribution into a scratch area.  Subdirectories [.bin],
   [.documents], [.auction] will be created.
2. If you don't want everything stamped "biology division", do a global
   search and replace on the .COM and .HTML files - replace with a string
   appropriate for your site.
3. Edit the [.auction]itemcount.dat file, and set it to 0000000000, or just 
   do:

$ create [.auction]itemcount.dat
0000000000
^Z

   (The record must be exactly that size or the system won't work.)

4. If you want to restrict the auction to just your site, modify your
   HTTP_PATHS.CONF file to add the following lines, then restart the server.

hostprot /www/add_item.html www_root:[system]level1.prot
hostprot /www/check_item.html www_root:[system]level1.prot
hostprot /www/delete_item.html www_root:[system]level1.prot
hostprot /www/sell_item.html www_root:[system]level1.prot
hostprot /htbin/add_item.com www_root:[system]level1.prot
hostprot /htbin/bid_item.com www_root:[system]level1.prot
hostprot /htbin/delete_item.com www_root:[system]level1.prot
hostprot /htbin/display_item.com www_root:[system]level1.prot
hostprot /htbin/retrieve_item.com www_root:[system]level1.prot
hostprot /htbin/sell_item.com www_root:[system]level1.prot

    You should also verify that your paths configuration precludes
    direct reads into the [.auction] directory.

5.  Change the mailto on the SELL_ITEM.HTML page to somebody
    at your site (anybody but me!!!).

6.  When you have completed your changes, move the files to your real
    web server area.

The system has certain known limitations.  The biggest problem is that it
is completely insecure, and you have to trust that the bidders won't mess
up the system by specifying a bogus bid/name/username.  Assuming that your
users are well behaved, there is also a scaling limitation.  The
/htbin/display_item.com script has to read all of the FORSALE*.DAT files in
the [.AUCTION] directory, which would be a significant overhead if your
system had a lot of queries and a lot of things for sale. There is
currently nothing to prevent a user from embedding HTML tags into the
description text area when submitting a description of an item.  That is
bad, since if those tags are ill formed it may mess up the entire item
display.  If this worries you, modify the display_item script to put
a <PRE></PRE> pair around the text item description.

Hopefully for small auctions, the intended target, it should be adequate.

Please report any bugs encountered.

Regards,

David Mathog
mathog@seqaxp.bio.caltech.edu
Manager, sequence analysis facility, biology division, Caltech 
