How-To Tutorials - Server-Side Web Development

Getting started with Moodle tests To start with, we need to select a topic or theme for our test. We are going to choose general science, since the subject matter will be easy to incorporate each of the item types we have seen previously. Now that we have an idea of what our topic is going to be, we will get started in the creation of the test. We will be creating all new questions for this test, which will give us the added benefit of a bit more practice in item creation. So, let's get started and work on making our first real test! Let's open our Moodle course, go to the Activity drop-down, and select Create a new Quiz. Once it has been selected, we will be taken to the Quiz creation page and we'll be looking at the General section. The General section Here need to give the test a name that describes what the test is going to cover. Let's call it 'General Science Final Exam' as it describes what we will be doing in the test. The introduction is also important.this is a test students will take and an effective description of what they will be doing is an important point for them. It helps get their minds thinking about the topic at hand, which can help them prepare, and a person who is prepared can usually perform better. For our introduction, we will write the following, 'This test will see how much you learned in our science class this term. The test will cover all the topics we have studied, including, geology, chemistry, biology, and physics. In this test, there are a variety of question types (True/False, Matching, and others). Please look carefully at the sample questions before you move on. If you have any questions during the test, raise your hand. You will have 'x' attempts with the quiz. We have now given the test an effective name and we have given the students a description of what the test will cover. This will be shown in the Info tab to all the students before they take the test, and if we want in the days running up to the test. That's all we need to do in this section. Timing In this section, we need to make some decisions about when we are going to give the test to the students. We will also need to make a decision about how long we will give the students to complete the test. These are important decisions, and we need to make sure we give our students enough time to complete the test. The default Timing section is shown in the next screenshot: We probably know when our final exam will be. So, when we are creating the test, we can set the date that the test will be available to the students and the date it will stop being accessible to them. Because this is our final exam, we only want it to be available for one day, for a specified time period. We will start by clicking on the Disable checkboxes next to Open the Quiz and Close the Quiz dates. This step will enable the date/time drop-down menus and allow us to set them for the test. For us, our test will start on March 20, 2010 at 16:55 p.m. and it will end the same day, one hour later. So we will change the appropriate menus to reflect our needs. If these dates are not set, a student in the course will be able to take the quiz any time after you finish creating it. We will need to give the students time to get in class, settle down, and have their computers ready. However, we also need to make sure the students finish the test in our class, so we have decided to create a time limit of 45 minutes. This means that the test will be open for one hour, and in that one hour time frame, once they start the test, they will have 45 minutes to finish it. To do this, we need to click on the Enable checkbox next to the Time Limit (minutes) textbox. Clicking on this will enable the textbox, and in it we will enter 45. This value will limit the quiz time to 45 minutes, and will show a floating, count-down timer in the test, causing it to auto-submit 45 minutes after it is started. It is good to note that many students get annoyed by the floating timer and its placement on the screen. The other alternative is to have the test proctor have the students submit the quiz at a specified time. Now, we have decided to give a 45 minute time limit on the test, but without any open-ended questions, the test is highly unlikely to take that long. There is also going to be a big difference in the speed at which different students work. The test proctor should explain to the students how much time they should spend on each question and reviewing their answers. Under the Time Limit (minutes) we see the Time delay between first and second attempt and Time delay between later attempts menus. If we are going to offer the test more than once, we can set these, which would force the students to wait until they could try again. The time delays range from 30 minutes to 7 days, and the None setting will not require any waiting between attempts on the quiz. We are going to leave these set to None because this is a final exam and we are only giving it once. Once all the information has been entered into the Timing section, this dialog box is what we have, as shown in the next screenshot: Display Here, we will make some decisions about the way the quiz will look to the students. We will be dividing questions over several pages, which we will use to create divisions in the test. We will also be making decisions about the shuffle questions and shuffle within questions here. Firstly, as the test creators, we should already have a rough idea of how many questions we are going to have on the test. Looking at the Questions Per Page drop-down menu, we have the option of 1 to 50 questions per page. We have decided that we will be displaying six questions per page on the test. Actually, we will only have five questions the students will answer, but we also want to include a description and a sample question for the students to see how the questions look and how to answer them' thus we will have six on each page. We have the option to shuffle questions within pages and within questions. By default, Shuffle Questions is set to No and Shuffle within Questions is set to Yes. We have decided that we want to have our questions shuffled. But wait, we can't because we are using Description questions to give examples, and if we chose shuffle, these examples would not be where they need to be. So, we will leave the Shuffle Questions setting at the default No. However, we do want to shuffle the responses within the question, which will give each student a slightly different test using the same questions and answers. When the display settings are finished, we can see the output shown in the next screenshot: Attempts In this section, we will be setting the number of attempts possible and how further attempts are dealt with. We will also make a decision about the Adaptive Mode. Looking at the Attempts allowed drop-down menu, we have the option to set the number from 1 to 10 or we can set it to Unlimited attempts. For our test, we have already decided to set the value to 1 attempt, so we will select 1 from the drop-down menu. We have the option of setting the Each Attempt Builds on the Last drop-down menu to Yes or No. This feature does nothing now, because we have only set the test to have a single attempt. If we had decided to allow multiple attempts, a Yes setting would have shown the test taker all the previous answers, as if the student were taking the test again, as well as indicating whether he or she were correct or not. If we were giving our students multiple attempts on the test, but we did not want them to see their previous answers, we would set this to No. We are also going to be setting Adaptive mode to No. We do not want our students to be able to immediately see or correct their responses during the test; we want the students to review their answers before submitting anything. However, if we did want the students to check their answers and correct any mistakes during the test, we would set the Attempts Allowed to a number above 1 and the Adaptive Mode to Yes, which would give us the small Submit button where the students would check and correct any mistakes after each question. If multiple attempts are not allowed, the Submit button will be just that, a button to submit your answer. Here is what the Attempts section looks like after we have set our choices: Grades In this section, we will set the way Moodle will score the student. We see three choices in this section, Grading method, Apply penalties, and Decimal digits in grades; however, because we have only selected a single attempt, two of these options will not be used. Grading Method allows us to determine which of the scores we want to give our student after multiple tries. We have four options here: Highest Grade, Average Grade, First Attempt, and Last Attempt. Highest Grade uses the highest grade achieved from any attempt on any individual question. The Average Grade will take the total number of tries and grades and average them. The First Attempt will use the grade from the first attempt and the Last Attempt will use the grade from the final attempt. Since we are only giving one try on our test, this setting has no function and we will leave it set at its default, Highest Grade, because either option would give the same result. Apply penalties is similar to Grading method, in that it does not function because we have turned off Adaptive Mode. If we had set Adaptive Mode to Yes, then this feature would give us the option of applying penalties, which are set in the individual question setup pages. If we were using Adaptive Mode and this option feature set to No, then there would be no penalties for mistakes as in previous attempts. If it were set to Yes, the penalty amount decided on in the question would be subtracted for each incorrect response from the total points available on the question. However, our test is not set to Adaptive Mode, so we will leave it at the default setting, Yes. It is important to note here that no matter how often a student is penalized for an incorrect response, their grade will never go below zero. The Decimal digits in grades shows the final grade the student receives with the number of decimal places selected here. There are four choices available in this setting: 0, 1, 2, and 3. If, for example, the number is set to 1, the student will receive a score calculated to 1 decimal place, and the same follows for 2 and 3. If the number is set to 0, the final score will be rounded. We will set our Decimal digits in grades to 0. After we have finished, the Grades section appears as shown in the next screenshot: Review options This sectopm is where we set when and what our students will see when they look back at the test. There are three categories: Immediately after the attempt; Later, while quiz is still open; and After the quiz is closed. The first category, Immediately after the attempt, will allow students to see whatever feedback we have selected to display immediately after they click on the Submit all and finish button at the end of the test, or Submit, in the case of Adaptive mode. The second category, Later, while quiz is still open, allows students to view the selected review options any time after the test is finished, that is, when no more attempts are left, but before the test closes. Using the After the quiz is closed setting will allow the student to see the review options after the test closes, meaning that students are no longer able to access the test because a close date was set. The After the quiz is closed option is only useful if a time has been set for the test to close, otherwise the review never happens because the test doesn't ever close. Each of these three categories contains the same review options: Responses, Answers, Feedback, General feedback, Scores, and Overall feedback.Here is what these options do: Responses are the student's response to the question and whether he or she were wrong or correct. Answers are the correct response to the question. Feedback is the feedback you enter based on the answer the student gives. This feedback is different from the General quiz feedback they may receive. General feedback are the comments all students receive, regardless of their answers. Scores are the scores the student received on the questions. Overall feedback are the comments based on the overall grade on the test. We want to give our students all of this information, so they can look it over and find out where they made their mistakes, but we don't want someone who finishes early to have access to all the correct answers. So, we are going to eliminate all feedback on the test until after it closes. That way there is no possibility for the students to see the answers while other students might still be taking the test. To do remove such feedback, we simply unclick all the options available in the categories we don't want. Here is what we have when we are finished: Regardless of the options and categories we select in the Review options, students will always be able to see their overall scores. Looking at our settings, the only thing a student will be able to view immediately after the test is complete is the score. Only after the test closes, will the student be able to see the full range of review material we will be providing. If we had allowed multiple attempts, we would want to have different settings. So, instead of After the quiz is closed, we would want to set our Review options to Immediately after the attempt, because this setting would let the student know where he or she had problems and which areas of the quiz need to be focussed on. One final point here is that even a single checkbox in any of the categories will allow the student to open and view the test, giving the selected review information to the student. This option may or may not be what you want. Be careful to ensure that you have only selected the options and categories you want to use. Security This section is where we can increase quiz security, but it is important to note that these settings will not eliminate the ability of tech-savvy students to cheat. What this section does is provide a few options that make cheating a bit more difficult to do. We have three options in this section: Browser security, Require password, and Require network address. The Browser security drop-down has two options: None and Full screen popup with some JavaScript security. The None option is the default setting and is appropriate for most quizzes. This setting doesn't make any changes in browser security and is the setting you will most likely want to use for in-class quizzes, review quizzes, and others. Using the fullscreen option will create a browser that limits the options for students to fiddle things. This option will open a fullscreen browser window with limited navigation options. In addition to limiting the number of navigation options available, this option will also limit the keyboard and mouse commands available. This option is more appropriate for high-stakes type tests and shouldn't be used unless there is a reason. This setting also requires that JavaScript is used. Browser security is more a safety measure against students pressing the wrong button than preventing cheating, but can help reduce it. The Require password does exactly what you think it would. It requires the students to enter a password before taking the test. To keep all your material secure, I recommend using a password for all quizzes that you create. This setting is especially important if you are offering different versions of the quiz to different classes or different tests in the same class and you want to make sure only those who should be accessing the quiz can. There is also an Unmask checkbox next to the password textbox. This option will show you the password, just in case you forget! Finally, we have the Require network address option, which will only allow those at certain IP Addresses to access the test. These settings can be useful to ensure that only students in the lab or classroom are taking the test. This setting allows you to enter either complete IP Addresses (for example. 123.456.78.9), which require that specific address to begin the test; partial IP Addresses (for example 123.456), which will accept any address as long as it begins with the address prefixes; and what is known as Classless Inter-Domain Routing (CIDR) notation, (for example 123.456.78.9/10), which only allows specific subnets. You might want to consult with your network administrator if you want to use this security option. By combining these settings, we can attempt to cut down on cheating and improper access to our test. In our case here, we are only going to use the fullscreen option. We will be giving the test in our classroom, using our computers, so there is no need to turn on the IP Address function or require a password. When we have finished, the Security section appears as shown in the next screenshot:

  Science Teaching with Moodle 2.0 Create interactive lessons and activities in Moodle to enhance your students' understanding and enjoyment of science         Read more about this book       (For more resources on Moodle 2.0, see here.) One of the biggest things to come out of the UK in terms of modern education practice is Assessment for Learning (AfL). This is a phrase coined by Paul Black and Dylan Wiliam in the late 1990s. If this is the first time you have heard the phrase "assessment for learning" then refer to:Inside the Black Box: Raising standards through classroom assessment King's College, London. Black, P.J. & Wiliam, D. (1998).It's a great place to start and a reference you'll regularly go back to, again and again. Assessment for learning Let's begin by looking at what good assessment is; then we'll go through how you can apply this to your Moodle course. Assessment for learning informs you as to what your students have learned, gives an idea what topics, concepts, or areas they find hard and, most importantly, gives you and them an idea of how to improve. Assessment can unfortunately have a negative effect on people. It can make a huge difference when students are involved in their own assessments, but serves very little purpose when it is used by pupils for comparisons or to boost ego. It is important for learners to understand the reasons behind assessment, whether it is to help them understand something, a summative test designed to award a level of competency, or just a quick review so they can see how they are doing. It is vital, however, that all learners can 'do well' in assessments, which may sound contradictory. Progress is much faster for learners who are confident, secure, and happy with trying new ideas. Without that, little learning can happen. This may mean creating different levels of assessment for a particular task so that all pupils can access it. Assessment comes in three main types—teacher/tutor assessment, self assessment, and peer assessment. The latter two will be covered in later articles. The focus of this article will be teacher assessment to provide feedback to students. In the next article, we will be drilling down deeper into the analysis of assessments to inform your teaching. Feedback The most important thing a teacher can provide is to let their students know how they are doing. Moodle is great for this. You could, for instance, create a multiple-choice quiz and give your learners detailed responses for every incorrect answer, even giving them a link to another resource or website that would help them learn from their mistakes. The feedback cycle The feedback cycle is something you could use when creating tasks designed to provide feedback to your students on their learning. The following image shows you the three phases of the feedback cycle: Learning is a continual process of attempting tasks, finding out if you can do them, and then working out what you need to do to get even better. If you want to find out more about the current teaching methodologies in the UK, there are some great videos and good practice at https://www.ssatrust.org.uk/Pages/home.aspx. Using ratings in forums It is important that students get feedback on their work. Without it, they will never know how to improve. This feedback could be from the teacher, by reflection after comparing their work to some criteria, or from their peers. This last reason is why, more often than not, it is useful to include some sort of ratings in the forums you set up, along with comments for improvement. Why use ratings? It can be a good idea initially to force pupils to use the rating systems in forums. To do this, you could set some specific homework, asking them to post their replies to a discussion point. It should require them to read and reply to at least two other posts, providing ratings and written feedback. Interestingly, pupils tend to be very fair and will often do much more than the minimum. It's a good idea to be quite specific when using ratings. For instance, what does 5 out of 5 actually mean? Criterionbased judgments give the learner a much better idea of specifically what needs to be done to improve. These criteria could be agreed on beforehand and form part of your forum introduction. Again, for written comments, it is best to be specific. "Great post" doesn't really help the learner much, apart from a bit of an ego boost. Of course, there are times where you may wish to do this but there is lots of evidence that it doesn't help their understanding of scientific ideas, (see Inside the Black Box: Black, P.J. & Wiliam, D. 1998). You could ask your learners to suggest two things that were really good about the post, and one thing that could be improved. They should phrase the feedback "perhaps next time you could…". A polite suggestion, rather than a criticism that doesn't make the student giving the advice sound bigheaded. It's also good practice to get the person receiving the feedback to say "thank you", as it will encourage the person giving the feedback to do it more often. Aggregate of ratings In forums, there are five ways in which ratings are totaled (or aggregated), described as follows. These can be set by clicking on the edit icon alongside the forum link on the main course page. Average: This is the mean of all the ratings. Count: This gives you the sum of the number of posts. There are not many examples where this might be useful, other than to check that users have contributed a certain number of times. Max: This is the highest rating given for a persons post. Useful when you wish to get your users to display certain levels of competency. Min: It is the lowest rating given for a persons post. Sum: This is all the ratings combined to give a total. It is useful when you want to encourage participation and quality responses.This is different than count, as the total cannot exceed the maximum rating for the forum. In a set up forum(download here -ch:2) we will set the aggregate type and give the rating a scale. The scale chosen here gives a maximum of 5 for each post. Before setting this forum take the time to go through the scale and share a rubric with your learners, which explains what a post must include to be given a 1, or a 2, and so on. It is usually good to show them examples of different posts so they get an idea of what makes a great post that is a 5. Another way you could use ratings is to use a scale to indicate how strongly the reader agrees or disagrees with the post. You could do this by creating a custom grade scale with words to represent the level of agreement. An example of this would be a scale that pupils can award the following values: Agree totally Agree somewhat Neither agree nor disagree Disagree with some points Disagree totally Grade scales There are two standard grade scales in Moodle. One is called Separate and Connected ways of knowing. It has the following choices that you could award for a discussion post: Mostly separate knowing Separate and connected Mostly connected knowing A person who is in the 'mostly separate knowing' category has their opinions based on fact and is very objective. A person who is in the 'mostly connected knowing' category is empathetic and tries to see the other person's point of view. The other standard scale is called Satisfactory and allows users to choose from the following labels: Not satisfactory Satisfactory Outstanding You can set up custom scales, which could be anything; grade letters, levels, or even colors could be awarded to posts to represent de Bono's Thinking Hats. Here is a link if you are not familiar with the concept: http://en.wikipedia.org/wiki/Six_Thinking_Hats. To set up custom scales, click the Grades link in the settings block followed by Scales. Assignments Assignment activities are a nice introduction to getting users submitting more traditional types of work on Moodle. They are very easy to set up and provide the added benefit of organizing all of the submitted work in one place. There are a number of different assessment types that you can set up in Moodle. Some of these involve users submitting a file or files online, or even offline. There are: Online text Upload a single file Advanced uploading of files Offline Think of an assignment in the same way you would have students hand in or e-mail you a piece of written work. Online text The online text assignment allows you to set up an assignment where your users are required to type or copy and paste their work directly into the browser. The really useful thing about online text assignments is that you can choose to be able to comment on their work inline. This means that you will be able to give them feedback that they can use to improve their work and resubmit it. However, if students are typing more than a paragraph of text there is the chance that the web page might timeout, so they would lose their work. Like grading forums, you can also specify how many marks the assignment is worth, or specify a particular scale that the work will be judged against. A lot of the time a simple scale can be used to assess the piece of work, for instance unsatisfactory, satisfactory or outstanding. This would be paired with some detailed feedback for improvement. The assignment that is going to be set up here will be for the third topic "movement in and out of cells". To add an online text activity, choose it from the Add an activity drop-down menu. This activity would be a lead up to an experiment investigating how osmosis acts on pieces of potato in sugar solutions. The aim here is to get your users to justify their predictions. You can follow these same steps to set up any activity in Moodle. As with all things in Moodle it needs a name and description. Set the activity available for one week although users will not be prevented from handing it in late. Use the Satisfactory scale for grading and allow resubmitting with comments inline. It's also nice to set the e-mail alerts to teachers to yes so that you will get an e-mail when a new piece of work is submitted. For this to work properly, you must remember to add yourself to the course as a teacher and also add yourself to a group. Here are the assignment settings. The other settings can be left as standard: As a teacher, if you click the link View submitted assignments at the top-right-hand side of the activity, you'll be taken to the screen where you can grade and comment on the work. It should look a little like the following image. You can also download all assignments as a ZIP file. Upload a single file The 'upload a single file' activity, as the name suggests, is an assignment where you require the user to upload a single file. This file can be nearly any format (as long as it doesn't pose a threat to the server). Let's take an example of how you can use this activity type in a very standard way. Later, you will learn to do this more creatively using the 'advanced uploading of files' activity. Here are the settings that you could choose if you are asking your users to keep a food diary and submit it as an assignment. This is something that you would not give a grade for, just some written feedback. Again, the common module settings will be left on the default settings. Advanced uploading of files With this activity, you are able to specify a maximum number of upload files and there is a button labeled Send for marking that allows students to let you know when work is ready for marking. You can also set up draft and submission stages and it is the only assignment type where teachers can send back a file (for example, a Word document) as a response to the student. If you are a fan of getting pupils to use their cell phones in science lessons, you could get them to video their experiments or take photos to include in lab reports. Given next are the settings to use for a video assignment: Offline activity The offline activity is really useful if you want to keep records of class work or assessments on Moodle. The set up is very similar to the other activity types, but allows you to input a series of grades using any of the different scales. So rather than keeping grades from bookwork or tests in a separate spreadsheet or mark book they can be stored in the gradebook in Moodle. This means that your students can refer to them at any time and like the other types of activity the users are notified by e-mail of any grade or comments that you give them. For any assignment that you give, it is important to remember to let your students know what the marking criteria is that they are working towards. Students need to know what is good work, so you could even show exemplar work from last year as a resource that they would look at before attempting your assignment.

  Moodle 1.9: The English Teacher's Cookbook 80 simple but incredibly effective recipes for teaching reading comprehension, writing, and composing using Moodle 1.9 Creating a tree diagram using Microsoft Word A tree diagram is used to compare two different situations, topics, persons, or ideas in the same category. As opposed to a Venn diagram, in a tree diagram there are no similarities, so we are going to try to deal with two different topics to explore as many differences as possible. We can work with vocabulary, adjectives, and linking devices. A suitable piece of writing in this case would be an essay or article expressing the different views. As regards the drawing of the tree diagram, it may be either horizontal or vertical, so we are going to carry out both of them. Let's get ready to work! Getting ready We are going to draw a tree diagram about two different cultures and create two links to websites so that students can finish the diagrams. In this case, we are going to design them using Microsoft Word, but you are free to choose any other editor. In this recipe, we will be dealing with two countries whose customs are totally different—Egypt and Greenland. How to do it... You will be designing the tree diagram in Microsoft Word and comparing several aspects of both countries. The students are to complete the information provided by the websites from where they are to take the information. Therefore, in the following activity we are going to design a reading comprehension activity, a prewriting activity, and a writing one. Open Microsoft Word and follow these steps: Click on Insert and choose SmartArt, then choose Hierarchy, and select Horizontal Hierarchy, as shown in the next screenshot: Insert two diagrams, one for Egypt and another one for Greenland, as shown in the following screenshot: Save the file. How it works... We are going to create a writing activity in our Moodle course, so select the Weekly outline section where you want to place it. We will design it through an Essay within a Quiz, so these are the steps that you have to follow: Click on Add an activity and select Advanced uploading of files. Complete the Assignment name block. Complete the Description block and create links to the two websites, one about Greenland and another one about Egypt. Insert a link for the tree diagram file. Click on Save and return to course. The activity appears as shown in the next screenshot: Pictures in a tree diagram—creating a tree diagram using creately.com We are going to create a tree diagram using images instead of words. Students are free to combine the pictures in their future writing, though we have to be very careful in choosing the right pictures. In this case, we are going to use the following website: http://creately.com, which is an excellent resource from our wonderful Web 2.0. Getting ready We are going to enter the website that we have mentioned before and we are going to sign in. Afterwards, we are going to choose a template to work with. In this case, we can select Decision Tree 1 or Blank Diagram to create it ourselves. Here I have decided to work with the first mentioned template. How to do it... These are the steps that you have to follow in order to create the tree diagram with images using the http://creately.com website: Write a name for the document in the Document Name block. Choose the template that you want to work with, as shown in the next screenshot: Click on Create document. Drag and drop the images on the left-hand side and complete the diagram with pictures. Save the diagram. How it works... After virtually drawing the diagram, we are going to get into our Moodle course and choose the Weekly outline section where we want to place the activity. In this case, we are going to create a Forum activity in which students can choose a title for this story, that is to say they are going to brainstorm using this diagram. These are the steps that you have to follow: Click on Add an activity and select Forum. Complete the Forum name and Forum introduction. Go back to the website of the tree diagram and click on Embed image, as shown in the next screenshot: Click on Select and Copy, as shown in the next screenshot: Go back to the Moodle course and click on the Toggle HTML Source icon and paste the embedding code. Then click on the same icon again. Click on Save and return to course. The activity appears as shown in the next screenshot: There's more... You can also design a writing activity since the prewriting process was carried out by the Forum activity. Students brainstormed among themselves and gathered a lot of data in order to write a story. Designing a writing activity out of the tree diagram You can create an Upload a single file activity or an Offline one in which students write what they have discussed in the Forum. They may have written the story while discussing, but that is the first part of the process of writing. So the final draft is what you are going to design here.

        Read more about this book       (For more resources on Moodle, see here.) It is very important to highlight that there exist some education privacy issues in different countries, which teachers have to be aware of before advising students to sign up for social networking. For instance, Family Educational Rights and Privacy Act (FERPA) protects students' rights and privacy. For more information, enter the following website: http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html. Introduction In this article, you will learn how to use Web 2.0 to help students interact amongst themselves in the virtual classroom using Twitter and Facebook. In addition, the students will also learn to perform difficult tasks in Moodle 1.9.5. We are going to use Twitter when we need keywords, few facts, and short statements. We are going to use Facebook to get more data, longer sentences, a short paragraph, some pictures, and so on. You will also be able to design several types of Exercises after adding social material to the Moodle course. We are going to include two popular social networks. We are going to incorporate these networks into the Moodle course and we are also going to include different types of methodologies. This is done so that our students have several options to gather ideas for their pieces of writing. We are going to use Facebook and Twitter as resources from Web 2.0. Afterwards, we are also going to design the activities in Wikis and Forums. This allows the students to interact amongst themselves within the Moodle course. In this virtual classroom, we are going to enrich the use of several well-known techniques using popular resources. Instead of sitting around a round table, we are going to ask our students to debate their ideas through Twitter as you will see in the first recipe. We are also going to incorporate management theories into education—for example, Fishbone fact fish or Ishikawa diagram, which is mainly used in business administration. We are going to teach it to our students so that they can create excellent pieces of writing, taking into account cause and effect. We are going to deal with many topics, which may lead to discussion. Therefore, students can start writing argumentative essays without even realizing it. The most important detail is that we hand them the right tools to work with. In that way, they will be using keywords or phrases, which they will gather from Twitter or Facebook and they will create excellent pieces of writing. Let's Moodle it! Debating a topic In this task, we are going to use a methodology that we have already used many times in a debate, though it will be used virtually using resources from Web 2.0. In this recipe, we are going to use Twitter because what we need are simple statements. We are going to ask our students to debate on the following topic: what similarities or differences do they find between The Lord of the Rings, and Chronicles of Narnia. We are going to create a link to a website, which illustrates some differences and similarities. Afterwards, we are to use Twitter, and finally they are going to write their opinion in a Journal in Moodle. So, let's get started! Getting ready We can create an account in Twitter using the name of the subject, activity, or just our name, but let's use the account only to carry out the activities in the Moodle course. Therefore, students can follow the activities and nobody should change the course of the activity. They only have to focus on the activity. How to do it... Enter the Twitter webpage—http://twitter.com—create an account or use the one you have, it's your choice. If you want to create an account, click on Sign up now and complete the required information. Afterwards, you are going to write on what students are going to debate on as shown in the next screenshot: Click on Home. Complete the What's happening? block, as shown in the previous screenshot. Click on Update. The debate activity in Twitter is ready to work with! How it works... We are going to choose the Weekly outline section where we want to add the activity in the Moodle course. Afterwards, we are going to create the rest of the activity in a Journal. Follow these steps: Complete the Journal name block: Debating using Twitter. Complete the Journal question block by writing the instructions that students have to follow in order to carry out the activity, as shown in the screenshot that follows. You will create a link to the Twitter account webpage, where the students are going to debate. Change Days available to 2 weeks, due to the fact that they are debating and it may take more than seven days, as shown in the next screenshot: Later, click on Save and return to course. There's more... Instead of creating a link to the Twitter website, we can include a Twitter button in our Moodle course. Inserting a Twitter button in Moodle It is very simple. In order to add a Twitter button, you have to follow these steps: Go to the website: http://twitterbuttons.org/. Complete the block with your ID, as shown in the next screenshot: Enter your ID and click on GO, as shown in the next screenshot: Select the Twitter button that you like most and click on Select Code, as shown in the next screenshot: If the chosen button is the one on the right-hand side, then right-click and select Copy in the context menu that appears. Go to the Moodle course. Update the Journal activity, and click on the Toggle HTML Source icon, (which looks like this: <>). Paste that code. The button will appear as shown in the next screenshot: Inserting a Twitter button in the HTML block in the Moodle course You can also insert the Twitter button in the HTML block in the Moodle course, following the previous steps instead of inserting it in the activity. The difference is that students can see the Twitter button in the Moodle course, as shown in the next screenshot:

Moodle Security Learn how to install and configure Moodle in the most secure way possible Basics of authentication Authentication is the process of confirming that something or someone is really who they claim to be. The ways in which someone may be authenticated fall into three categories, based on what are known as the factors of authentication: Knowledge (something you know): password, PIN code, etc. Ownership (something you have): security token, phone, etc. Inherence (something you are): fingerprint, signature, various biometric identifiers Following the path of most computer systems, Moodle offers basic authentication based on a knowledge factor. This means that in order to operate in Moodle any person must have a user account. A user account consists of a username, password, and other personal information. Both username and password are used to authenticate a person who wishes to access the platform. Based on the outcome of an authentication, a user will be given or declined access to the platform. The authentication is performed (usually) by comparing provided data from the person trying to access the platform with the data located in the Authoritative Data Source (of user identity). Moodle supports 13 different types of authentication and this actually means that it has support for consulting 13 different types of Authoritative Data Sources. An Authoritative Data Source is a recognized or official data production source with a designated mission statement or source/product to publish reliable and accurate data for subsequent use by users or by other computer programs. Logon procedure Logon in Moodle is implemented using a HTML form that submits supplied data over HTTP or HTTPS to the server where it is being processed. Hypertext Transfer Protocol (HTTP) is a networking protocol used for transferring and rendering content on the World Wide Web. HTTP Secure (HTTPS) is a combination of a HTTP protocol and SSL/TLS (Security Socket Layer/ Transport Layer Security) protocol that offers encrypted and thus secures communication and identification between two computers on the Internet. HTTPS connections are often used for payments transactions and other sensitive information's transfer. The user enters his assigned credentials into the supplied fields on the login form and presses Login. That sends data to Moodle for processing. Common authentication attacks Any type of security attack is directed toward potential weak spots in the system that is under attack. The most common weaknesses related to the authentication and ways of protecting from them are as follows: Weak passwords A password that is easily guessed and does not provide an effective defense against unauthorized access to a resource is considered weak. Such passwords are usually: Short Set to dictionary word or name Set to be the same as username Set to some predefined value When we have a platform with weak passwords it can be attacked using brute force login technique (also known as dictionary attack). Dictionary attack is a technique for defeating authentication mechanism by trying to determine its pass-phrase by searching likely possibilities. In practice this means that a bot (automated script) constantly tries to log on by sending various usernames and passwords from a predefined list of words (usually a dictionary list of words—hence the name dictionary attack). Enforcing a good password policy In order to prevent this attack, make sure you have enabled the password policy. Visit Administration | Security | Site policies and locate the Password Policy checkbox. You should arrive at the following screenshot: Password policy is enabled by default starting from Moodle 1.9.7. This applies to both new installs and upgrades. Protecting user login By default, Moodle is configured to use unencrypted HTTP as the main communication protocol between client and server. This is fine for general usage of the platform but it also exposes credential information to the potential eavesdropper who can intercept and read it. This is a common case known as man-in-the-middle attack. The perpetrator makes a separate connection with the client (user's computer) and server (Moodle), forcing all communication to go over his connection. That permits him to look at the entire communication and even inject his own version of messages and responses. Closing the security breach We need to make sure that credential transmission is performed using secure HTTP (HTTPS) because that prevents (or makes it really hard) for anybody to hook into a protected conversation. Here are the steps: Firstly, you should install and configure a valid SSL (Secure Sockets Layer) certificate on your web-server. It is important to do this properly before doing anything else in Moodle; otherwise you might block yourself from accessing the platform. The procedure for installing an SSL certificate is beyond the scope of this book since it involves too many different factors that depend on your server configuration, OS type, and the way you manage it. Please refer to the manual for your particular web server and/or particular procedure of your hosting provider. Valid SSL certificates can be obtained only from certified root authorities—companies with a license for issuing certificates. VeriSign, Thawte, and Comodo are one of the several certificate providers. You need to specify which web server you are using since some of them prefer particular formats. Secondly, you should activate HTTPS log-in in your Moodle. You can do that by going to Administration | Security | HTTP security page and checking Use HTTPS for logins. If everything is configured properly you should see a login page that shows a valid certificate box (see following screenshot) in your browser. This means that a certificate is issued by a valid root authority and that communication between your browser and Moodle is secure which is what we wanted to accomplish in the first place. Every time a user tries to login in Moodle they will be redirected to the secure version of the login page which effectively prevents the interception of user credentials. Password change By default, all newly created users in Moodle (excluding admin) are assigned the Authenticated user role. The authenticated user role by default has permission to change their own password. This feature can be utilized by accessing user profile page. Recover a forgotten password Forgetting a username and/or password is a common situation in which many users find themselves. Moodle offers a procedure for getting a username and resetting the password. The user will be presented with a form where he can enter his username or his e-mail. If the username or email exists in the database, a mail with a reset link will be sent to that user. By clicking on that link, the user is offered a chance to enter a new password. If not configured properly, this feature can be used for determining valid user emails or user-names. See the following screenshot: An attacker would be able to tailor a script that could probe for usernames and, based on the response, can determine valid users.  

  Moodle 2.0 First Look Discover what's new in Moodle 2.0, how the new features work, and how it will impact you         Read more about this book       (For more resources on Moodle, see here.) Blogs—before and after There has always been a blogging option in a standard Moodle install. However, some users have found it unsatisfactory because of the following reasons: The blog is attached to the user profile so you can only have one blog There is no way to attach a blog or blog entry to a particular course There is no way for other people to comment on your blog For this reason, alternative blog systems (such as the contributed OU blog module) have become popular as they give users a wider range of options. The standard blog in Moodle 2.0 has changed, and now: A blog entry can optionally be associated with a course It is possible to comment on a blog entry Blog entries from outside of Moodle can be copied in It is now possible to search blog entries Where's my blog? Last year when Emma studied on Moodle 1.9, if she wanted to make a blog entry she would click on her name to access her profile and she'd see a blog tab like the one shown in following screenshot: Alternatively, if her tutor had added the blog menu block, she could click on Add a new entry and create her blog post there as follows: The annoyance was that if she added a new entry in the blog menu of her ICT course, her classmates in her Art course could see that entry (even, confusingly, if the blog menu had a link to entries for just that course). If we follow Emma into the Beginners' French course in Moodle 2.0, we see that she can access her profile from the navigation block by clicking on My profile and then selecting View Profile. (She can also view her profile by clicking on her username as she could in Moodle 1.9). If she then clicks on Blogs she can view all the entries she made anywhere in Moodle and can also add a new entry: As before, Emma can also add her entry through the blog menu, so let's take a look at that. Her tutor, Stuart needs to have added this block to the course. The Blog Menu block To add this to a course a teacher such as Stuart needs to turn on the editing and select Blog menu from the list of available blocks: The Blog menu displays the following links: View all entries for this course: Here's where Emma and others can read blog entries specific to that course. This link shows users all the blog posts for the course they are currently in. View my entries about this course: Here's where Emma can check the entries she has already made associated with this course. This link shows users their own blog posts for the course they are currently in. Add an entry about this course: Here's where Emma can add a blog entry related only to this course. When she does that, she is taken to the editing screen for adding a new blog entry, which she starts as shown in the following screenshot: Just as in Moodle 1.9, she can attach documents, choose to publish publicly or keep to herself and add tags. The changes come as we scroll down. At the bottom of the screen is a section which associates her entry with the course she is presently in: Once she has saved it, she sees her post appear as follows: View all of my entries: Here Emma may see every entry she has made, regardless of which course it was in or whether she made it public or private. Add a new entry: Emma can choose to add a new blog entry here (as she could from her profile) which doesn't have to be specific to any particular course. If she sets it to "anyone on this site", then other users can read her blog wherever they are in Moodle. Search: At the bottom of the Blog menu block is a search box. This enables users to enter a word or phrase and see if anyone has mentioned it in a blog entry The Recent Blog Entries block As our teacher in the Beginners' French course Stuart has enabled the Recent Blog Entries block, there is also a block showing the latest blog entries. Emma's is the most recent entry on the course so hers appears as a link, along with all other recent course entries. Course specific blogs Just to recap and double check—if Emma now visits her other course, How to Be Happy and checks out the View my entries about this course entries link in the Blog menu, she does not see her French course blog post, but instead, sees an entry she has associated with this course: The tutor for this course, Andy, has added the blog tags block. The blog tags block This block is not new; however, it's worth pointing out that the tags are NOT course-specific, and so Emma sees the tags she added to the entries in both courses alongside the tags from other users:  

Moodle Security Learn how to install and configure Moodle in the most secure way possible User information protection Every user within Moodle has a profile which can contain information we may or may not want to show to other users, or at least not to all of them. The level of exposure will depend on the privacy policy we want to adopt. For example, we may want to completely isolate users within a course so that nobody knows who else is participating, or we may want to expose just the user names and nothing else, and so on. Let us first describe how Moodle handles presentation of user profiles. This is important as it will expose internal workings of that subsystem and identify all access points and ways of disabling them if that is what we want to do. User profile page User profile page is used to define personal information about a user within a Moodle. It can contain name, surname, address, telephone, etc. The user profile page is reached by <Moodle URL>/user/view.php?id=<userid>&course=<courseid> where userid and courseid are identifiers of user and course as they are stored in database. This is how Moodle determines whether to show or not the profile page for a particular user:     Logged-on user User to see Condition Show profile User Other user Other user is teacher in at least one course yes     User is teacher in at least one course yes       User has View user profiles capability enabled in current context yes     None of the above no User User None yes When we say teacher we refer to the Moodle roles Teacher and Non-editing teacher. Reaching profile page There are several ways a user can reach the profile page for a particular user. We are presenting them here in order to help the administrator to block potentially unwanted access points to user information. People block Every course upon creation gets a set of predefined blocks. One of these blocks is the people block. When present and visible it gives every user an opportunity to browse all users participating in the current course. This block is visible to any user that has the View participants capability enabled. This capability exists for system and course level. In Moodle 1.9.8 and later, by default this capability is enabled only for the Administrator role on both levels. That way no user other than Administrator will be able to see participants on the system level or in specific course. If by any chance you use an older version of Moodle, then most likely you have this capability enabled on the course level for all standard roles except for guest and authenticated user. Unless you want to open privacy policy on your site we recommend you to disable this capability. Visit the Administration Users | Permissions | Define roles| page, then locate and modify that capability by setting it to "Not set". Apply this at least on the Student role. Forum topics Forum topic offers another way of accessing the user profile. Regardless of the forum type, Moodle displays the author name for every post. This name is actually linked to the profile page for that user. Messaging system Moodle offers a messaging system for internal communications between users. The Messaging system can be accessed from three locations—personal profile page, platform front page, and course content page.   Moodle page Conditions Displayed Profile page Send message to any user capability is enabled Yes Front page Message block is added by Administrator Yes Course content page Message block is added to the course by Administrator or teacher Yes If any of these conditions are fulfilled users will be able to access the messaging system. By default none of these conditions are present for Students and therefore there is no danger of any privacy intrusion. However, it is a common practice in various installations of Moodle to add a messaging block to one or more courses. Any user will be able to communicate with other users within same context (course). The problem with messaging is that it enables any user to locate any other user registered in the platform. We can demonstrate this easily. Open the messaging dialog and switch to the Search tab. In the Name field enter one letter and press the Search button. You will get ALL user accounts that have the specified letter either in name or surname as a result. The search result apart from the actual names of the users also offers a direct link to their personal profile. This is a potentially dangerous feature that can expose more information than we are willing to permit. If messaging is called from a context in which the users have permission to view user profiles he will be able to see any profile in the system. This way user names and profiles are completely open. There is no way to modify this behavior (listing all users) other than disabling the messaging system. Having a messaging system enabled can be a problem if you have a malicious user within your system that wants to get names of all users or a spam-bot that wishes to harvest e-mail addresses. That is the reason we should do something about that. Protecting user profile information We have several options available for protecting access to private information located in personal user profile. You can choose one that is most appropriate for your particular use case. Limit information exposed to all users If we do not have a problem exposing some information of the user in their profile then we can then just hide some fields. To do that visit the Administration Users | Permissions | User policies| page and locate the Hide user fields section. Using this approach you still cannot hide the user e-mail or his actual name which is good for cases where you want users to communicate with each other without knowing too many personal details. Completely block ability to view profiles If you want to completely block access to the user's profiles you have several options explained as follows: Disable View participants capability We already explained that by default every Moodle as of version 1.9.8 has this disabled by default. We are listing it here just for the sake of being complete. Hide messaging system Hiding messaging system means removing access points from user's reach. This means do not add Messages block on the front page and in any course where you wish to avoid users from knowing the other participants. This is useful where you want to have mixed messaging policy for different courses—set of users. Have in mind that this setup gives sort of a false sense of separation. Users from courses which do not have Messages block can still access Messaging system if they type the URL by hand. Disable Messaging system If you do not care for Messaging in your Moodle site you can completely disable it. To do that visit the Administration Security | Site policies| page and uncheck Enable messaging system option. Not using general forums If you have a website where you want to completely isolate only part of users within a course, among other things you can adopt the policy of not adding general forums inside such courses and on the site front page. That way you can still use forums in other courses where you do not have security concerns. Disable View user profiles capability If you want to completely block any possibility of viewing user profiles for specific role(s) you need to modify the View user profile capability and set it to "Not set". Visit the Administration Users | Permissions | Define roles| page, locate and modify that capability for every role you wish to prevent from viewing user profiles.

Apache Axis2 Web Services, 2nd Edition Create secure, reliable, and easy-to-use web services using Apache Axis2. Extensive and detailed coverage of the enterprise ready Apache Axis2 Web Services / SOAP / WSDL engine. Attain a more flexible and extensible framework with the world class Axis2 architecture. Learn all about AXIOM - the complete XML processing framework, which you also can use outside Axis2. Covers advanced topics like security, messaging, REST and asynchronous web services. Written by Deepal Jayasinghe, a key architect and developer of the Apache Axis2 Web Service project; and Afkham Azeez, an elected ASF and PMC member.      Q: How did SOA change the world view? A: The era of isolated computers is over. Now "connected we stand, isolated we fall" is becoming the motto of computing. Networking and communication facilities have connected the world in a way as never before. The world has hardware that could support the systems that connect thousands of computers, and these systems have the capacity to wield power that was once only dreamed of. Yet, computer science lacked the technologies and abstraction to utilize the established communication networks. The goal of distributed computing is to provide such abstractions. RPC, RMI, IIOP, and CORBA are a few proposals that provide abstractions over the network for the developers to build upon. These proposals fail to consider one critical nature of the problem. The systems are a composition of numerous heterogeneous subsystems, but these proposals require all the participants to share a programming language or a few languages. Service Oriented Architecture (SOA) provides the answer by defining a set of concepts and patterns to integrate homogenous and heterogeneous components together. SOA provides a better way to achieve loosely coupled systems, and hence more extensibility and flexibility. In addition, similar to object-oriented programming (OOP), SOA enables a high degree of reusability. There are three main ways one can enable SOA capabilities in their systems and applications: Existing messaging systems: for example, JMS, IBM MQSeries, Tibco, and so on Plain Old XML (POX): for example, REST, XML/HTTP and so on Web services: for example, SOAP, WSDL, WS-* Q: What are the shortcomings of Java Messaging Service (JMS)? A: Among the commonly used messaging systems, Java Messaging Service (JMS) plays a major role in the industry and has become a common API for messaging systems. We can find a number of different message types of JMS, such as Text, Bytes, Name-Value pair, Stream, and Object. One of the main disadvantages of these types of messaging systems is that they do not have a single wire format (serialization format). As a result, interoperability is a big issue: if two applications are using JMS to communicate, then they must be on the same implementation. Sonic, Tibco, and IBM are the leaders in the commercial markets, and JBoss, Manta, and ActiveMQ are the commonly used open source implementations. Q: What is POX and how does it serve the web? A: Plain Old XML or POX is another way of exposing functionality and enabling SOA in the system. With the widespread use of the Web, the POX approach has become more popular. Most of the web applications expose the XML APIs, where we can develop components and communicate with them. Google Maps, Auto complete, and Amazon services are a few examples of applications that heavily use XML APIs to expose the functionality. In most cases, POX is used in combination with REST (Representational State Transfer). REST is a model of an underlying architecture of the Web, and it is based on the concept that every URL identifies resources. GET, PUT, POST, and DELETE are the verbs that are used in the REST architecture. REST is often associated with the theoretical standpoints, and for this reason, REST is generally not used for complex interactions. Q: What are web services? A: The fundamental concept behind web services is the SOA where an application is no longer a large monolithic program, but it is divided into smaller, loosely coupled programs. The provided services are loosely coupled together with standardized and well-defined interfaces. These loosely coupled programs make the architecture very extensible due to the possibility to add or remove services with limited costs. Therefore, new services can be created by combining existing services. To understand loose coupling clearly, it is better to understand the opposite, which is tight coupling, and its problems: Errors, delays, and downtime spread through the system The resilience of the whole system is based on the weakest part Cost of upgrading or migrating spreads It's hard to evaluate the useful parts from the dead weight The benefits a web service provides are listed below: Increased interoperability, resulting in lower maintenance costs Increased reusability and composablity (for example, use publicly available services and reuse them or integrate them to provide new services) Increased competition among vendors, resulting in lower product costs Easy transition from one product to another, resulting in lower training costs Greater degree of adoption and longevity for a standard, a large degree of usage from vendors and users leading to a higher degree of acceptance Q: What contributes to the popularity of web services? A: Among the three commonly used methods to enable SOA, a web service can be considered as the most standard and flexible way. Web services extend the idea of POX and add additional standards to make the communication more organized and standardized. There are several reasons behind the web services being the most popular SOA-enabled mechanism, as stated here: Web services are described using WSDL, and WSDL can capture any complex application and the required quality of services. Web services use SOAP as the message transmission mechanism, as SOAP is a special type of XML. It gains all the extensibility features from XML. There are a number of standard bodies to create and enforce the standards for web services. There are multiple open source and commercial web service implementations. By using the standards and procedures, web services provide application and programming language-independent mechanism to integrate and communicate. Different programming languages may define different implementations for web services, yet they interoperate because they all agree on the format of the information they share. Q: What are the standard bodies for web services? A: In web services, there are three main standard bodies that helped to improve the interoperability, quality of service, and base standards: WS-I OASIS W3C Q: How do organizations move into web services? A: There are three ways in which an organization could possibly use to move into the web services, listed next: Create a new web service from scratch. The developer creates the functionalities of the services as well as the description (i.e., WSDL). Expose the existing functionality through a web service. Here the functionalities of the service already exist. Only the service description needs to be implemented. Integrate web services from other vendors or business partners. There are occasions when using a service implemented by another is more cost effective than building from the scratch. On these occasions, the organization will need to integrate others' or even business partners' web services. The real usage of web service concepts is for the second and third methods, which enables other web services and applications to use the existing applications. Web services describe a new model for using the web; the model allows publication of business functions to the Web and provides universal access to those business functions. Both developers and end users benefit from web services. The web service model simplifies business application development and interoperation. Q: How does a Web services model look like? A: Web service model consists of a set of basic functionalities such as describe, publish, discover, bind, invoke, update, and unpublish. In the meantime, the model also consists of three actors—service provider, service broker, and service requester. Both the functionalities as well as actors are shown in the next figure. Service provider is the individual (organization) that provides the service. The service provider's job is to create, publish, maintain, and unpublish their services. From a business point of view, a service provider is the owner of the service. From an architectural view, a service provider is the platform that holds the implementation of the service. Google API, Yahoo! Financial services, Amazon Services, and Weather services are some examples of service providers. Service broker provides a repository of service descriptions (WSDL). These descriptions are published by the service provider. Service requesters will search the repository to identify the required service and obtain the binding information for these services. Service broker can be either public, where the services are universally accessible, or private, where only a specified set of service requesters are able to access the service. Service requester is the party that is looking for a service to fulfill its requirements. A requester could be a human accessing the service or an application program (a program could also be a service). From a business view, this is the business that wants to fulfill a particular service. From an architectural view, this is the application that is looking for and invoking a service. Q: What are web services standards? A: So far we have discussed SOA, standard bodies of web services, and the web service model. Here, we are going to discuss more about standards, which make web services more usable and flexible. In the past few years, there has been a significant growth in the usage of web services as application integration mechanism. As mentioned earlier, a web service is different from other SOA exposing mechanisms because it consists of various standards to address issues encountered in the other two mechanisms. The growing collection of WS-* (for example, Web Service security, Web Service reliable messaging, Web Service addressing, and others) standards, supervised by the web services governing bodies, define the web service protocol stack shown in the following figure. Here we will be looking at the standards that have been specified in the most basic layers: messaging and description, and discovery. The messaging standards are intended to give the framework for exchanging information in a distributed environment. These standards have to be reliable so that the message will be sent only once and only the intended receiver will receive it. This is one of the primary areas where research is being conducted, as everything depends on the messaging ability. Q: Describe the web services standards, XML-RPC and SOAP? A: The web services standards; XML-RPC and SOAP are described below. XML-RPC: The XML-RPC standard was created by Dave Winer in 1998 with Microsoft. That time the existing RPC systems were very bulky. Therefore, to create a light-weight system, the developer simplified it by specifying only the essentials and defined only a handful of data types and commands. This protocol uses XML to encode its calls to HTTP as a transport mechanism. The message is sent as a POST request in which the body of the request is in XML. A procedure is executed on the server and the value it returns is also formatted into XML. The parameters can be scalars, numbers, strings, dates, as well as complex record and list structures. As new functionalities were introduced, XML-RPC evolved into what is now known as SOAP, which is discussed next. Still, some people prefer using XML-RPC because of its simplicity, minimalism, and the ease of use. SOAP: The concept of SOAP is a stateless, one-way message exchange. However, applications can create more complex interaction patterns—such as request-response, request-multiple responses, and so on—by combining such one-way exchanges with features provided by an underlying protocol and application-specific information. SOAP is silent on the semantics of any application-specific data it conveys as it is on issues such as routing of SOAP messages, reliable data transfer, firewall traversal, and so on. However, SOAP provides the framework by which application-specific information may be conveyed in an extensible manner. The developers had chosen XML as the standard message format because of its widespread use by major organizations and open source initiatives. Also, there is a wide variety of freely available tools that ease the transition to a SOAP-based implementation. Q: Define the scope of Web Services Addressing (WS-Addressing)? A: The standard provides transport independent mechanisms to address messages and identifies web services, corresponding to the concepts of address and message correlation described in the web services architecture. The standard defines XML elements to identify web services endpoints and to secure end-to-end endpoint identification in messages. This enables messaging systems to support message transmission through networks that include processing nodes such as endpoint managers, firewalls, and gateways in a transport-neutral manner. Thus, WS-Addressing enables organizations to build reliable and interoperable web service applications by defining a standard mechanism for identifying and exchanging Web Services messages between multiple end points. Q: What is Web Services Description Language (WSDL)? A: WSDL developed by IBM, Ariba, and Microsoft is an XML-based language that provides a model for describing web services. The standard defines services as network endpoints or ports. WSDL is normally used in combination with SOAP and XML schema to provide web services over networks. A service requester who connects to a web service can read the WSDL to determine what functions are available in the web service. Special data types are embedded in the WSDL file in the form of XML Schema. The client can then use SOAP to call functions listed in the WSDL. The standard enables one to separate the description of the abstract functionality offered by a service from the concrete details of a service description such as how and where that functionality is offered. This specification defines a language for describing the abstract functionality of a service as well as a framework for describing the concrete details of a service description. The abstract definition of ports and messages is separated from their concrete use, allowing the reuse of these definitions.

Clustering for high availability and scalability is one of the main requirements of any enterprise deployment. This is also true for Apache Axis2. High availability refers to the ability to serve client requests by tolerating failures. Scalability is the ability to serve a large number of clients sending a large number of requests without any degradation to the performance. Many large scale enterprises are adapting to web services as the de facto middleware standard. These enterprises have to process millions of transactions per day, or even more. A large number of clients, both human and computer, connect simultaneously to these systems and initiate transactions. Therefore, the servers hosting the web services for these enterprises have to support that level of performance and concurrency. In addition, almost all the transactions happening in such enterprise deployments are critical to the business of the organization. This imposes another requirement for production-ready web services servers, namely, to maintain very low downtime. It is impossible to support that level of scalability and high availability from a single server, despite how powerful the server hardware or how efficient the server software is. Web services clustering is needed to solve this. It allows you to deploy and manage several instances of identical web services across multiple web services servers running on different server machines. Then we can distribute client requests among these machines using a suitable load balancing system to achieve the required level of availability and scalability. Setting up a simple Axis2 cluster Enabling Axis2 clustering is a simple task. Let us look at setting up a simple two node cluster: Extract the Axis2 distribution into two different directories and change the HTTP and HTTPS ports in the respective axis2.xml files. Locate the "Clustering" element in the axis2.xml files and set the enable attribute to true. Start the two Axis2 instances using Simple Axis Server. You should see some messages indicating that clustering has been enabled. That is it! Wasn't that extremely simple? In order to verify that state replication is working, we can deploy a stateful web service on both instances. This web service should set a value in the ConfigurationContext in one operation and try to retrieve that value in another operation. We can call the set value operation on one node, and next call the retrieve operation on the other node. The value set and the value retrieved should be equal. Next, we will look at the clustering configuration language in detail. Writing a highly available clusterable web service In general, you do not have to do anything extra to make your web service clusterable. Any regular web service is clusterable in general. In the case of stateful web services, you need to store the Java serializable replicable properties in the Axis2 ConfigurationContext, ServiceGroupContext, or ServiceContext. Please note that stateful variables you maintain elsewhere will not be replicated. If you have properly configured the Axis2 clustering for state replication, then the Axis2 infrastructure will replicate these properties for you. In the next section, you will be able to look at the details of configuring a cluster for state replication. Let us look at a simple stateful Axis2 web service deployed in the soapsession scope: public class ClusterableService { private static final String VALUE = "value"; public void setValue(String value) { MessageContext.getCurrentMessageContext().getServiceContext(); serviceContext.setProperty(VALUE, value); } public String getValue() { MessageContext.getCurrentMessageContext().getServiceContext(); return (String) serviceContext.getProperty(VALUE); } } You can deploy this service on two Axis2 nodes in a cluster. You can write a client that will call the setValue operation on the first, and then call the getValue operation on the second node. You will be able to see that the value you set in the first node can be retrieved from the second node. What happens is, when you call the setValue operation on the first node, the value is set in the respective ServiceContext, and replicated to the second node. Therefore, when you call getValue on the second node, the replicated value has been properly set in the respective ServiceContext. As you may have already noticed, you do not have to do anything additional to make a web service clusterable. Axis does the state replication transparently. However, if you require control over state replication, Axis2 provides that option as well. Let us rewrite the same web service, while taking control of the state replication: public class ClusterableService { private static final String VALUE = "value"; public void setValue(String value) { MessageContext.getCurrentMessageContext().getServiceContext(); serviceContext.setProperty(VALUE, value); Replicator.replicate(serviceContext); } public String getValue() { MessageContext.getCurrentMessageContext().getServiceContext(); return (String) serviceContext.getProperty(VALUE); } } Replicator.replicate() will immediately replicate any property changes in the provided Axis2 context. So, how does this setup increase availability? Say, you sent a setValue request to node 1 and node 1 failed soon after replicating that value to the cluster. Now, node 2 will have the originally set value, hence the web service clients can continue unhindered. Stateless Axis2 Web Services Stateless Axis2 Web Services give the best performance, as no state replication is necessary for such services. These services can still be deployed on a load balancer-fronted Axis2 cluster to achieve horizontal scalability. Again, no code change or special coding is necessary to deploy such web services on a cluster. Stateless web services may be deployed in a cluster either to achieve failover behavior or scalability. Setting up a failover cluster A failover cluster is generally fronted by a load balancer and one or more nodes that are designated as primary nodes, while some other nodes are designated as backup nodes. Such a cluster can be set up with or without high availability. If all the states are replicated from the primaries to the backups, then when a failure occurs, the clients can continue without a hitch. This will ensure high availability. However, this state replication has its overhead. If you are deploying only stateless web services, you can run a setup without any state replication. In a pure failover cluster (that is, without any state replication), if the primary fails, the load balancer will route all subsequent requests to the backup node, but some state may be lost, so the clients will have to handle some degree of that failure. The load balancer can be configured in such a way that all requests are generally routed to the primary node, and a failover node is provided in case the primary fails, as shown in the following figure: Increasing horizontal scalability As shown in the figure below, to achieve horizontal scalability, an Axis2 cluster will be fronted by a load balancer (depicted by LB in the following figure). The load balancer will spread the load across the Axis2 cluster according to some load balancing algorithm. The round-robin load balancing algorithm is one such popular and simple algorithm, and works well when all hardware and software on the nodes are identical. Generally, a horizontally scalable cluster will maintain its response time and will not degrade performance under increasing load. Throughput will also increase when the load increases in such a setup. Generally, the number of nodes in the cluster is a function of the expected maximum peak load. In such a cluster, all nodes are active.

Apache Axis2 Web Services, 2nd Edition Create secure, reliable, and easy-to-use web services using Apache Axis2. Extensive and detailed coverage of the enterprise ready Apache Axis2 1.5 Web Services / SOAP / WSDL engine. Attain a more flexible and extensible framework with the world class Axis2 architecture. Learn all about AXIOM - the complete XML processing framework, which you also can use outside Axis2. Covers advanced topics like security, messaging, REST and asynchronous web services. Written by Deepal Jayasinghe, a key architect and developer of the Apache Axis2 Web Service project; and Afkham Azeez, an elected ASF and PMC member. Web services are gaining a lot of popularity in the industry and have become one of the major enabler for application integration. In addition, due to the flexibility and advantages of using web services, everyone is trying to enable web service support for their applications. As a result, web service frameworks need to support new and more custom requirements. One of the major goals of a web service framework is to deliver incoming messages into the target service. However, just delivering the message to the service is not enough; today's applications are required to have reliability, security, transaction, and other quality services. In our approach, we will be using code sample to help us understand the concepts better. Brief history of the Axis2 module Looking back at the history of Apache Web Services, the Handler concept can be considered as one of the most useful and interesting ideas. Due to the importance and flexibility of the handler concept, Axis2 has also introduced it into its architecture. Notably, there are some major differences in the way you deploy handlers in Axis1 and Axis2. In Axis1, adding a handler requires you to perform global configuration changes and for an end user, this process may become a little complex. In contrast, Axis2 provides an easy way to deploy handlers. Moreover, in Axis2, deploying a handler is similar to deploying a service and does not require global configuration changes. At the design stage of Axis2, one of the key considerations was to have a mechanism to extend the core functionality without doing much. One of the main reasons behind the design decision was due to the lesson learned from supporting WS reliable messaging in Axis1. The process of supporting reliable messaging in Axis1 involved a considerable amount of work, and part of the reason behind the complex process was due to the limited extensibility of Axis1 architecture. Therefore, learning from a session in Axis1, Axis2 introduced a very convenient and flexible way of extending the core functionality and providing the quality of services. This particular mechanism is known as the module concept. Module concept One of the main ideas behind a handler is to intercept the message flow and execute specific logic. In Axis2, the concept of a module is to provide a very convenient way of deploying service extension. We can also consider a module as a collection of handlers and required resources to run the handlers (for example, third-party libraries). One can also consider a module as an implementation of a web service standard specification. As an illustration, Apache Sandesha is an implementation of WS-RM specification. Apache Rampart is an implementation of WS-security; likewise, in a general module, is an implementation of a web service specification. One of the most important features and aspects of the Axis2 module is that it provides a very easy way to extend the core functionality and provide better customization of the framework to suit complex business requirements. A simple example would be to write a module to log all the incoming messages or to count the number of messages if requested. Module structure Axis1 is one of the most popular web service frameworks and it provides very good support for most of the web service standards. However, when it comes to new and complex specifications, there is a significant amount of work we need to do to achieve our goals. The problem becomes further complicated when the work we are going to do involves handlers, configuration, and third-party libraries. To overcome this issue, the Axis2 module concept and its structure can be considered as a good candidate. As we discussed in the deployment section, both Axis2 services and modules can be deployed as archive files. Inside any archive file, we can have configuration files, resources, and the other things that the module author would like to have. It should be noted here that we have hot deployment and hot update support for the service; in other words, you can add a service when the system is up and running. However, unfortunately, we cannot deploy new modules when the system is running. You can still deploy modules, but Axis2 will not make the changes to the runtime system (we can drop them into the directory but Axis2 will not recognize that), so we will not use hot deployment or hot update. The main reason behind this is that unlike services, modules tend to change the system configurations, so performing system changes at the runtime to an enterprise-level application cannot be considered a good thing at all. Adding a handler into Axis1 involves global configuration changes and, obviously, system restart. In contrast, when it comes to Axis2, we can add handlers using modules without doing any global level changes. There are instances where you need to do global configuration changes, which is a very rare situation and you only need to do so if you are trying to add new phases and change the phase orders. You can change the handler chain at the runtime without downer-starting the system. Changing the handler chain or any global configuration at the runtime cannot be considered a good habit. This is because in a production environment, changing runtime data may affect the whole system. However, at the deployment and testing time this comes in handy. The structure of a module archive file is almost identical to that of a service archive file, except for the name of the configuration file. We know that for a service archive file to be a valid one, it is required to have a services.xml. In the same way, for a module to be a valid module archive, it has to have a module.xml file inside the META-INF directory of the archive. A typical module archive file will take the structure shown in the following screenshot. We will discuss each of the items in detail and create our own module in this article as well. Module configuration file (module.xml) The module archive file is a self-contained and self-described file. In other words, it has to have all the configuration required to be a valid and useful module. Needless to say, that is the beauty of a self-contained package. The Module configuration file or module.xml file is the configuration file that Axis2 can understand to do the necessary work. A simple module.xml file has one or more handlers. In contrast, when it comes to complex modules, we can have some other configurations (for example, WS policies, phase rules) in a module.xml. First, let's look at the available types of configurations in a module.xml. For our analysis, we will use a module.xml of a module that counts all the incoming and outgoing messages. We will be discussing all the important items in detail and provide a brief description for the other items: Handlers alone with phase rules Parameters Description about module Module implementation class WS-Policy End points Handlers and phase rules A module is a collection of handlers, so a module could have one or more handlers. Irrespective of the number of handlers in a module, module.xml provides a convenient way to specify handlers. Most importantly, module.xml can be used to provide enough configuration options to add a handler into the system and specify the exact location where the module author would like to see the handler running. Phase rules can be used as a mechanism to tell Axis2 to put handlers into a particular location in the execution chain, so now it is time to look at them with an example. Before learning how to write phase rules and specifying handlers in a module.xml, let's look at how to write a handler. There are two ways to write a handler in Axis2: Implement the org.apache.axis2.engine.Handler interface Extend the org.apache.axis2.handlers.AbstractHandler abstract class In this article, we are going to write a simple application to provide a better understanding of the module. Furthermore, to make the sample application easier, we are going to ignore some of the difficulties of the Handler API. In our approach, we will extend the AbstractHandler. When we extend the abstract class, we only need to implement one method called invoke. So the following sample code will illustrate how to implement the invoke method: public class IncomingCounterHandler extends AbstractHandler implements CounterConstants { public InvocationResponse invoke(MessageContext messageContext) throws AxisFault { //get the counter property from the configuration context ConfigurationContext configurationContext = messageContext. getConfigurationContext(); Integer count = (Integer) configurationContext.getProperty(INCOMING_ MESSAGE_COUNT_KEY); //increment the counter count = Integer.valueOf(count.intValue() + 1 + «»); //set the new count back to the configuration context configurationContext.setProperty(INCOMING_MESSAGE_COUNT_KEY, count); //print it out System.out.println(«The incoming message count is now « + count); return InvocationResponse.CONTINUE; } } As we can see, the method takes MessageContext as a method parameter and returns InvocationResponse as the response. You can implement the method as follows: First get the configurationContext from the messageContext. Get the property value specified by the property name. Then increase the value by one. Next set it back to configurationContext. In general, inside the invoke method, as a module author, you have to do all the logic processing, and depending on the result you get, we can decide whether you let AxisEngine continue, suspend, or abort. Depending on your decision, you can return to one of the three following allowed return types: InvocationResponse.CONTINUE Give the signal to continue the message InvocationResponse.SUSPEND The message cannot continue as some of the conditions are not satisfied yet, so you need to pause the execution and wait. InvocationResponse.ABORT Something has gone wrong, therefore you need to drop the message and let the initiator know about it. The message cannot continue as some of the conditions are not satisfied yet, so you need to pause the execution and wait. InvocationResponse.ABORT Something has gone wrong, therefore you need to drop the message and let the initiator know about it. The corresponding CounterConstants class a just a collection of constants and will look as follows: public interface CounterConstants { String INCOMING_MESSAGE_COUNT_KEY = "incoming-message-count"; String OUTGOING_MESSAGE_COUNT_KEY = "outgoing-message-count"; String COUNT_FILE_NAME_PREFIX = "count_record"; } As we already mentioned, the sample module we are going to implement is for counting the number of request coming into the system and the number of messages going out from the system. So far, we have only written the incoming message counter and we need to write the outgoing message counter as well, and the implementation of the out message count hander will look like the following: public class OutgoingCounterHandler extends AbstractHandler implements CounterConstants { public InvocationResponse invoke(MessageContext messageContext) throws AxisFault { //get the counter property from the configuration context ConfigurationContext configurationContext = messageContext. getConfigurationContext(); Integer count = (Integer) configurationContext.getProperty(OUTGOING_ MESSAGE_COUNT_KEY); //increment the counter count = Integer.valueOf(count.intValue() + 1 + «»); //set it back to the configuration configurationContext.setProperty(OUTGOING_MESSAGE_COUNT_KEY, count); //print it out System.out.println(«The outgoing message count is now « + count); return InvocationResponse.CONTINUE; } } The implementation logic will be exactly the same as the incoming handler processing, except for the property name used in two places. Module implementation class When we work with enterprise-level applications, it is obvious that we have to initialize various settings such as database connections, thread pools, reading property, and so on. Therefore, you should have a place to put that logic in your module. We know that handlers run only when a request comes into the system but not at the system initialization time. The module implementation class provides a way to achieve system initialization logic as well as system shutdown time processing. As we mentioned earlier, module implementation class is optional. A very good example of a module that does not have a module implementation class is the Axis2 addressing module. However, to understand the concept clearly in our example application, we will implement a module implementation class, as shown below: public class CounterModule implements Module, CounterConstants { private static final String COUNTS_COMMENT = "Counts"; private static final String TIMESTAMP_FORMAT = "yyMMddHHmmss"; private static final String FILE_SUFFIX = ".properties"; public void init(ConfigurationContext configurationContext, AxisModule axisModule) throws AxisFault { //initialize our counters System.out.println("inside the init : module"); initCounter(configurationContext, INCOMING_MESSAGE_COUNT_KEY); initCounter(configurationContext, OUTGOING_MESSAGE_COUNT_KEY); } private void initCounter(ConfigurationContext configurationContext, String key) { Integer count = (Integer) configurationContext. getProperty(key); if (count == null) { configurationContext.setProperty(key, Integer. valueOf("0")); } } public void engageNotify(AxisDescription axisDescription) throws AxisFault { System.out.println("inside the engageNotify " + axisDescription); } public boolean canSupportAssertion(Assertion assertion) { //returns whether policy assertions can be supported return false; } public void applyPolicy(Policy policy, AxisDescription axisDescription) throws AxisFault { // Configuure using the passed in policy! } public void shutdown(ConfigurationContext configurationContext) throws AxisFault { //do cleanup - in this case we'll write the values of the counters to a file try { SimpleDateFormat format = new SimpleDateFormat(TIMESTAMP_ FORMAT); File countFile = new File(COUNT_FILE_NAME_PREFIX + format. format(new Date()) + FILE_SUFFIX); if (!countFile.exists()) { countFile.createNewFile(); } Properties props = new Properties(); props.setProperty(INCOMING_MESSAGE_COUNT_KEY, configurationContext.getProperty(INCOMING_MESSAGE_ COUNT_KEY).toString()); props.setProperty(OUTGOING_MESSAGE_COUNT_KEY, configurationContext.getProperty(OUTGOING_MESSAGE_ COUNT_KEY).toString()); //write to a file props.store(new FileOutputStream(countFile), COUNTS_ COMMENT); } catch (IOException e) { //if we have exceptions we'll just print a message and let it go System.out.println("Saving counts failed! Error is " + e.getMessage()); } } } As we can see, there are a number of methods in the previous module implementation class. However, notably not all of them are in the module interface. The module interface has only the following methods, but here we have some other methods for supporting our counter module-related stuff: init engageNotify applyPolicy shutdown At the system startup time, the init method will be called, and at that time, the module can perform various initialization tasks. In our sample module, we have initialized both in-counter and out-counter. When we engage this particular module to the whole system, to a service, or to an operation, the engageNotify method will be called. At that time, a module can decide whether the module can allow this engagement or not; say for an example, we try to engage the security module to a service, and at that time, the module finds out that there is a conflict in the encryption algorithm. In this case, the module will not be able to engage and the module throws an exception and Axis2 will not engage the module. In this example, we will do nothing inside the engageNotify method. As you might already know, WS-policy is one of the key standards and plays a major role in the web service configuration. When you engage a particular module to a service, the module policy should be applied to the service and should be visible when we view the WSDL of that service. So the applyPolicy method sets the module policy to corresponding services or operations when we engage the module. In this particular example, we do not have any policy associated with the module, so we do not need to worry about this method as well. As we discussed in the init method, the method shutdown will be called when the system has to shut down. So if we want to do any kind of processing at that time, we can add this logic into that particular method. In our example, for demonstration purposes, we have added code to store the counter values in a file.

Moodle Security Moodle is an open source CMS (Course Management System)/LMS (Learning Management System)/VLE (Virtual Learning Environment). Its primary purpose is to enable educational institutions and individuals to create and publish learning content in a coherent and pedagogically valuable manner, so that it can be used for successful knowledge transfer towards students. That sounds harmless enough. Why would anybody want to illegally access an educational platform? There are various motives of computer criminals. In general, they are people committed to the circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via a communication network such as the Internet. Some of the motives could be: Financial: Stealing user and/or course information and selling it to other third-parties Personal: Personal grudge, infantile display of power, desire to alter assigned grades, and so on Weak points Moodle is a web application and as such must be hosted on a computer connected to some kind of network (private or public—Internet / Intranet). This computer must have the following components: Operating System (OS) Web server PHP Database server Moodle Each of these pieces can be used as a point of attack by a malicious user(s) in order to obtain access to the protected information. Therefore, it is our task to make all of them as secure as possible. The main focus will be directed towards our Moodle and PHP configuration. The secure installation of Moodle In this section we follow a secure installation of Moodle. In case you do not already have an installed instance of Moodle, we will show you the quickest way to do that, and at the same time focus on security. If you already have Moodle installed, go to the following section where you will see how to secure an existing installation of Moodle Starting from scratch In order to install Moodle on your server you need to install and configure the web server with support for PHP and the database server. We will not go into the specifics of setting up a particular web server, PHP, and/or database server right now, since it depends on the OS your server has installed. Also we will not explain in detail tasks like creating directories, setting up file permissions, etc as they are OS specific and out of the scope of this article. This section assumes you already know about your OS and have already configured your web server with an empty database. Every installation of Moodle must have: Web server with PHP support Dedicated database Two dedicated directories—one for Moodle and another for platform data We assume that your web server is Apache (Linux) or IIS (Windows), and that you use PHP 5.1.x or later and MySQL 5.0 or later. Installation checklist The following checklist will guide you through the basic installation procedure for Moodle. Download the latest stable version of Moodle from http://download. moodle.org/. (At the time of writing this article it is 1.9.8+). You have two options available on the download page—moodle-weekly-19.tgz or moodle-weekly-19.zip archive. In case you use Linux you can choose either. In case of Windows, ZIP file is the preferred choice. The reason for this is simple. Every Windows server comes, by default, with installed support for managing Zip archives. On the other hand, TGZ is readily available on every Linux distribution. Unpack the compressed file you just downloaded. This will produce a directory with the name moodle which contains all of the platform files. Move that directory to the web-root of your web server. After doing that it is recommended to make all files read-only for safety reasons. Create a directory called moodledata somewhere on the disk. Make sure that it is not in the web-root of your web server since that would incur a serious security breach. Doing that might expose all platform files submitted by course participants and teachers together with the course content to the outside world. Create an empty database (we suggest the name moodle or moodledb). The default database character set must be configured to utf8 and collation set to utf8_general_ci. It is recommended to have a special user for accessing this database with limited permissions. In case of credentials theft, a malicious user could only operate on data from one database, minimizing the potential damage. That database user account will need permissions for creating, altering, and deleting the tables, creating/dropping the indexes and reading/writing the data. Here is what you need to execute in your MySQL console for creating a database and user: CREATE DATABASE moodle CHARSET 'utf8' COLLATION 'utf8_general_ ci'; CREATE USER 'moodle'@'localhost' IDENTIFIED BY 'somepass'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON loomdb.* TO loom@localhost IDENTIFIED BY 'somepass'; FLUSH PRIVILEGES; Start the installation by opening the http://url to local installation of the moodle (for example http://localhost/moodle) in your browser. Make sure it is a more recent browser with pop ups and JavaScript enabled. We recommend Internet Explorer 8+ or Firefox 3.6+. You will see the following screenshot. On the next screen, we need to specify the web address of the platform and the location of the moodle directory on the disk. Now, we must configure database access. Choose MySQL as database type, localhost as host server, set the name of the database (moodle), database user, and its password (moodle/moodle). You should leave the table prefix as is. Moodle checks the server configuration on this screen and displays the outcome. We can proceed with the installation only if all of the minimal requirements are met. During installation, Moodle generates a configuration file within the moodle directory called config.php. It is important to make this file read-only after installation for security reasons. In case Moodle cannot save config.php it will offer to download or copy content of the file and manually place it in the appropriate location on the server. See the following screenshot: We are now presented with terms of usage and license agreement. To proceed click yes. We can now start the installation itself. During that process Moodle will create all of the tables in the database, session files in the moodledata directory, and load some initial information. Make sure you check Unattended operation at the bottom. That way, the process will be executed without user intervention. After the database setup is finished, we are offered a new screen where we must configure the administrative account. With this user you manage your platform, so be careful about disclosing this information to other users. Field name Description Recommended action Username Defines user name inside the Moodle. By default it is admin. We recommend leaving the default value unchanged. New password Defines user logon password. Must supply valid password. First name Defines name of the admin. Must supply valid name. Surname Defines surname of the admin. Must supply valid name. E-mail address Defines user e-mail address. Must supply valid e-mail. E-mail display Define the visibility of your e-mail address within the platform. We recommend leaving it as is (visible to all). E-mail active Defines whether e-mail is activated or not. Set it to enable. City/Town Defines name of the city where you live. Moodle requires this value. Select Country Name of your country. Set it to your country name. Timezone Sets your time zone so that server can display time calculated for your location in some reports. If not sure what your time zone is, leave it as is.   Preferred language Choose the platform language. By default, Moodle comes only with support for English language. If you want to add more languages visit http://download.moodle.org/ lang16/ and download and install the appropriate files.   After configuring administrative user there is just one more step to complete and that is setting up the site title and short name. In the Full site name field, place the long name you would like to set for your website; it can have multiple words. In the Short name for the site field put one word without spaces which will represent your website. In the Front Page Description field put a longer description (one paragraph) that explains in more detail the purpose of your site. This is optional and does not affect the Moodle functionality at all You have now finished installing Moodle and should see the following screenshot:

  Facebook Graph API Development with Flash Build social Flash applications fully integrated with the Facebook Graph API Build your own interactive applications and games that integrate with Facebook Add social features to your AS3 projects without having to build a new social network from scratch Learn how to retrieve information from Facebook's database A hands-on guide with step-by-step instructions and clear explanation that encourages experimentation and play Accessing the Graph API through a Browser We'll dive right in by taking a look at how the Graph API represents the information from a public Page. When I talk about a Page with a capital P, I don't just mean any web page within the Facebook site; I'm referring to a specific type of page, also known as a public profile. Every Facebook user has their own personal profile; you can see yours by logging in to Facebook and clicking on the "Profile" link in the navigation bar at the top of the site. Public profiles look similar, but are designed to be used by businesses, bands, products, organizations, and public figures, as a way of having a presence on Facebook. This means that many people have both a personal profile and a public profile. For example, Mark Zuckerberg, the CEO of Facebook, has a personal profile at http://www.facebook.com/zuck and a public profile (a Page) at http://www.facebook.com/markzuckerberg. This way, he can use his personal profile to keep in touch with his friends and family, while using his public profile to connect with his fans and supporters. There is a second type of Page: a Community Page. Again, these look very similar to personal profiles; the difference is that these are based on topics, experience, and causes, rather than entities. Also, they automatically retrieve information about the topic from Wikipedia, where relevant, and contain a live feed of wall posts talking about the topic. All this can feel a little confusing – don't worry about it! Once you start using it, it all makes sense. Time for action – loading a Page Browse to http://www.facebook.com/PacktPub to load Packt Publishing's Facebook Page. You'll see a list of recent wall posts, an Info tab, some photo albums (mostly containing book covers), a profile picture, and a list of fans and links. That's how website users view the information. How will our code "see" it? Take a look at how the Graph API represents Packt Publishing's Page by pointing your web browser at https://graph.facebook.com/PacktPub. This is called a Graph URL – note that it's the same URL as the Page itself, but with a secure https connection, and using the graph sub domain, rather than www. What you'll see is as follows: { "id": "204603129458", "name": "Packt Publishing", "picture": "http://profile.ak.fbcdn.net/hprofile-ak-snc4/ hs302.ash1/23274_204603129458_7460_s.jpg", "link": "http://www.facebook.com/PacktPub", "category": "Products_other", "username": "PacktPub", "company_overview": "Packt is a modern, IT focused book publisher, specializing in producing cutting-edge books for communities of developers, administrators, and newbies alike.nnPackt published its first book, Mastering phpMyAdmin for MySQL Management in April 2004.", "fan_count": 412 } What just happened? You just fetched the Graph API's representation of the Packt Publishing Page in your browser. The Graph API is designed to be easy to pick up – practically self-documenting – and you can see that it's a success in that respect. It's pretty clear that the previous data is a list of fields and their values. The one field that's perhaps not clear is id; this number is what Facebook uses internally to refer to the Page. This means Pages can have two IDs: the numeric one assigned automatically by Facebook, and an alphanumeric one chosen by the Page's owner. The two IDs are equivalent: if you browse to https://graph.facebook.com/204603129458, you'll see exactly the same data as if you browse to https://graph.facebook.com/PacktPub. Have a go hero – exploring other objects Of course, the Packt Publishing Page is not the only Page you can explore with the Graph API in your browser. Find some other Pages through the Facebook website in your browser, then, using the https://graph.facebook.com/id format, take a look at their Graph API representations. Do they have more information, or less? Next, move on to other types of Facebook objects: personal profiles, events, groups. For personal profiles, the id may be alphanumeric (if the person has signed up for a custom Facebook Username at http://www.facebook.com/username/), but in general the id will be numeric, and auto-assigned by Facebook when the user signed up. For certain types of objects (like photo albums), the value of id will not be obvious from the URL within the Facebook website. In some cases, you'll get an error message, like: { "error": { "type": "OAuthAccessTokenException", "message": "An access token is required to request this resource." } } Accessing the Graph API through AS3 Now that you've got an idea of how easy it is to access and read Facebook data in a browser, we'll see how to fetch it in AS3. Time for action – retrieving a Page's information in AS3 Set up the project. Check that the project compiles with no errors (there may be a few warnings, depending on your IDE). You should see a 640 x 480 px SWF, all white, with just three buttons in the top-left corner: Zoom In, Zoom Out, and Reset View: This project is the basis for a Rich Internet Application (RIA) that will be able to explore all of the information on Facebook using the Graph API. All the code for the UI is in place, just waiting for some Graph data to render. Our job is to write code to retrieve the data and pass it on to the renderers. I'm not going to break down the entire project and explain what every class does. What you need to know at the moment is a single instance of the controllers. CustomGraphContainerController class is created when the project is initialized, and it is responsible for directing the flow of data to and from Facebook. It inherits some useful methods for this purpose from the controllers.GCController class; we'll make use of these later on. Open the CustomGraphContainerController class in your IDE. It can be found in srccontrollersCustomGraphContainerController.as, and should look like the listing below: package controllers { import ui.GraphControlContainer; public class CustomGraphContainerController extends GCController { public function CustomGraphContainerController (a_graphControlContainer:GraphControlContainer) { super(a_graphControlContainer); } } } The first thing we'll do is grab the Graph API's representation of Packt Publishing's Page via a Graph URL, like we did using the web browser. For this we can use a URLLoader. The URLLoader and URLRequest classes are used together to download data from a URL. The data can be text, binary data, or URL-encoded variables. The download is triggered by passing a URLRequest object, whose url property contains the requested URL, to the load() method of a URLLoader. Once the required data has finished downloading, the URLLoader dispatches a COMPLETE event. The data can then be retrieved from its data property. Modify CustomGraphContainerController.as like so (the highlighted lines are new): package controllers { import flash.events.Event; import flash.net.URLLoader; import flash.net.URLRequest; import ui.GraphControlContainer; public class CustomGraphContainerController extends GCController { public function CustomGraphContainerController (a_graphControlContainer:GraphControlContainer) { super(a_graphControlContainer); var loader:URLLoader = new URLLoader(); var request:URLRequest = new URLRequest(); //Specify which Graph URL to load request.url = "https://graph.facebook.com/PacktPub"; loader.addEventListener(Event.COMPLETE, onGraphDataLoadComplete); //Start the actual loading process loader.load(request); } private function onGraphDataLoadComplete(a_event:Event):void { var loader:URLLoader = a_event.target as URLLoader; //obtain whatever data was loaded, and trace it var graphData:String = loader.data; trace(graphData); } } } All we're doing here is downloading whatever information is at https://graph.facebook.com/PackPub and tracing it to the output window. Test your project, and take a look at your output window. You should see the following data: {"id":"204603129458","name":"Packt Publishing","picture":"http:// profile.ak.fbcdn.net/hprofile-ak-snc4/hs302. ash1/23274_204603129458_7460_s.jpg","link":"http://www.facebook. com/PacktPub","category":"Products_other","username":"PacktPub", "company_overview":"Packt is a modern, IT focused book publisher, specializing in producing cutting-edge books for communities of developers, administrators, and newbies alike.nnPackt published its first book, Mastering phpMyAdmin for MySQL Management in April 2004.","fan_count":412} If you get an error, check that your code matches the previously mentioned code. If you see nothing in your output window, make sure that you are connected to the Internet. If you still don't see anything, it's possible that your security settings prevent you from accessing the Internet via Flash, so check those.  

Replication is an interesting feature of MySQL that can be used for a variety of purposes. It can help to balance server load across multiple machines, ease backups, provide a workaround for the lack of fulltext search capabilities in InnoDB, and much more. The basic idea behind replication is to reflect the contents of one database server (this can include all databases, only some of them, or even just a few tables) to more than one instance. Usually, those instances will be running on separate machines, even though this is not technically necessary. Traditionally, MySQL replication is based on the surprisingly simple idea of repeating the execution of all statements issued that can modify data—not SELECT—against a single master machine on other machines as well. Provided all secondary slave machines had identical data contents when the replication process began, they should automatically remain in sync. This is called Statement Based Replication (SBR). With MySQL 5.1, Row Based Replication (RBR) was added as an alternative method for replication, targeting some of the deficiencies SBR brings with it. While at first glance it may seem superior (and more reliable), it is not a silver bullet—the pain points of RBR are simply different from those of SBR. Even though there are certain use cases for RBR, all recipes in this chapter will be using Statement Based Replication. While MySQL makes replication generally easy to use, it is still important to understand what happens internally to be able to know the limitations and consequences of the actions and decisions you will have to make. We assume you already have a basic understanding of replication in general, but we will still go into a few important details. Statement Based Replication SBR is based on a simple but effective principle: if two or more machines have the same set of data to begin with, they will remain identical if all of them execute the exact same SQL statements in the same order. Executing all statements manually on multiple machines would be extremely tedious and impractical. SBR automates this process. In simple terms, it takes care of sending all the SQL statements that change data on one server (the master) to any number of additional instances (the slaves) over the network. The slaves receiving this stream of modification statements execute them automatically, thereby effectively reproducing the changes the master machine made to its data originally. That way they will keep their local data files in sync with the master's. One thing worth noting here is that the network connection between the master and its slave(s) need not be permanent. In case the link between a slave and its master fails, the slave will remember up to which point it had read the data last time and will continue from there once the network becomes available again. In order to minimize the dependency on the network link, the slaves will retrieve the binary logs (binlogs) from the master as quickly as they can, storing them on their local disk in files called relay logs. This way, the connection, which might be some sort of dial-up link, can be terminated much sooner while executing the statements from the local relay-log asynchronously. The relay log is just a copy of the master's binlog. The following image shows the overall architecture: Filtering In the image you can see that each slave may have its individual configuration on whether it executes all the statements coming in from the master, or just a selection of those. This can be helpful when you have some slaves dedicated to special tasks, where they might not need all the information from the master. All of the binary logs have to be sent to each slave, even though it might then decide to throw away most of them. Depending on the size of the binlogs, the number of slaves and the bandwidth of the connections in between, this can be a heavy burden on the network, especially if you are replicating via wide area networks. Even though the general idea of transferring SQL statements over the wire is rather simple, there are lots of things that can go wrong, especially because MySQL offers some configuration options that are quite counter-intuitive and lead to hard-to-find problems. For us, this has become a best practice: "Only use qualified statements and replicate-*-table configuration options for intuitively predictable replication!" What this means is that the only filtering rules that produce intuitive results are those based on the replicate-do-table and replicate-ignore-table configuration options. This includes those variants with wildcards, but specifically excludes the all-database options like replicate-do-db and replicate-ignore-db. These directives are applied on the slave side on all incoming relay logs. The master-side binlog-do-* and binlog-ignore-* configuration directives influence which statements are sent to the binlog and which are not. We strongly recommend against using them, because apart from hard-to-predict results they will make the binlogs undesirable for server backup and restore. They are often of limited use anyway as they do not allow individual configurations per slave but apply to all of them. Setting up automatically updated slaves of a server based on a SQL dump In this recipe, we will show you how to prepare a dump file of a MySQL master server and use it to set up one or more replication slaves. These will automatically be updated with changes made on the master server over the network. Getting ready You will need a running MySQL master database server that will act as the replication master and at least one more server to act as a replication slave. This needs to be a separate MySQL instance with its own data directory and configuration. It can reside on the same machine if you just want to try this out. In practice, a second machine is recommended because this technique's very goal is to distribute data across multiple pieces of hardware, not place an even higher burden on a single one. For production systems you should pick a time to do this when there is a lighter load on the master machine, often during the night when there are less users accessing the system. Taking the SQL dump uses some extra resources, but unless your server is maxed out already, the performance impact usually is not a serious problem. Exactly how long the dump will take depends mostly on the amount of data and speed of the I/O subsystem. You will need an administrative operating system account on the master and the slave servers to edit the MySQL server configuration files on both of them. Moreover, an administrative MySQL database user is required to set up replication. We will just replicate a single database called sakila in this example. Replicating more than one database In case you want to replicate more than one schema, just add their names to the commands shown below. To replicate all of them, just leave out any database name from the command line. How to do it... At the operating system level, connect to the master machine and open the MySQL configuration file with a text editor. Usually it is called my.ini on Windows and my.cnf on other operating systems. On the master machine, make sure the following entries are present and add them to the [mysqld] section if not already there: server-id=1000 log-bin=master-bin If one or both entries already exist, do not change them but simply note their values. The log-bin setting need not have a value, but can stand alone as well. Restart the master server if you need to modify the configuration. Create a user account on the master that can be used by the slaves to connect: master> grant replication slave on *.* to 'repl'@'%' identified by 'slavepass'; Using the mysqldump tool included in the default MySQL install, create the initial copy to set up the slave(s): $ mysqldump -uUSER -pPASS --master-data --single-transaction sakila > sakila_master.sql Transfer the sakila_master.sql dump file to each slave you want to set up, for example, by using an external drive or network copy. On the slave, make sure the following entries are present and add them to the [mysqld] section if not present: server-id=1001 replicate-wild-do-table=sakila.% When adding more than one slave, make sure the server-id setting is unique among master and all clients. Restart the slave server. Connect to the slave server and issue the following commands (assuming the data dump was stored in the /tmp directory): slave> create database sakila; slave> use sakila; slave> source /tmp/sakila_master.sql; slave> CHANGE MASTER TO master_host='master.example.com', master_port=3306, master_ user='repl', master_password='slavepass'; slave> START SLAVE; Verify the slave is running with: slave> SHOW SLAVE STATUSG ************************** 1. row *************************** ... Slave_IO_Running: Yes Slave_SQL_Running: Yes ... How it works... Some of the instructions discussed in the previous section are to make sure that both master and slave are configured with different server-id settings. This is of paramount importance for a successful replication setup. If you fail to provide unique server-id values to all your server instances, you might see strange replication errors that are hard to debug. Moreover, the master must be configured to write binlogs—a record of all statements manipulating data (this is what the slaves will receive). Before taking a full content dump of the sakila demo database, we create a user account for the slaves to use. This needs the REPLICATION SLAVE privilege. Then a data dump is created with the mysqldump command line tool. Notice the provided parameters --master-data and --single-transaction. The former is needed to have mysqldump include information about the precise moment the dump was created in the resulting output. The latter parameter is important when using InnoDB tables, because only then will the dump be created based on a transactional snapshot of the data. Without it, statements changing data while the tool was running could lead to an inconsistent dump. The output of the command is redirected to the /tmp/sakila_master.sql file. As the sakila database is not very big, you should not see any problems. However, if you apply this recipe to larger databases, make sure you send the data to a volume with sufficient free disk space—the SQL dump can become quite large. To save space here, you may optionally pipe the output through gzip or bzip2 at the cost of a higher CPU load on both the master and the slaves, because they will need to unpack the dump before they can load it, of course. If you open the uncompressed dump file with an editor, you will see a line with a CHANGE MASTER TO statement. This is what --master-data is for. Once the file is imported on a slave, it will know at which point in time (well, rather at which binlog position) this dump was taken. Everything that happened on the master after that needs to be replicated. Finally, we configure that slave to use the credentials set up on the master before to connect and then start the replication. Notice that the CHANGE MASTER TO statement used for that does not include the information about the log positions or file names because that was already taken from the dump file just read in. From here on the slave will go ahead and record all SQL statements sent from the master, store them in its relay logs, and then execute them against the local data set. This recipe is very important because the following recipes are based on this! So in case you have not fully understood the above steps yet, we recommend you go through them again, before trying out more complicated setups.

A key component of any quality educational program is its ability to facilitate communication among all of the parties involved in the program. Communication and the subsequent relaying of information and knowledge between instructional faculty, administrators, students, and support personnel must be concise, efficient, and, when so desired, as transparent as possible. Using Moodle as a hub for internal information distribution, collaboration, and communication Moodle's ability to facilitate information flow and communication among users within the system, who are registered users such as students and teachers, is a capability that has been a core function of Moodle since its inception. The module most often used to facilitate communication and information flow is the forum and we will thus focus primarily on creative uses of forums for communication within an educational program. Facilitating intra- or inter-departmental or program communication, collaboration, and information flow Many educational programs comprise sub-units such as departments or programs. These units usually consist of students, teachers, and administrators who interact with one another at varying levels in terms of the type of communication, its frequency, and content. The following example will demonstrate how a sub-unit—the reading program within our language program example—might set up a communication system, using a meta course in Moodle, that accomplishes the following: Allows the program to disseminate information to all students, teachers, and administrators involved in the program. The system must, of course, allow for settings enabling dissemination to only selected groups or to the entre group, if so desired. Establishes a forum for communication between and among teachers, students, and administrators. Again, this system must be fine-tunable such that communication can be limited to specific parties within the program. The example will also demonstrate, indirectly, how a meta course could be set up to facilitate communication and collaboration between individuals from different programs or sub-units. In such a case, the meta course would function as an inter-departmental communication and collaboration system. Time for action – setting up the meta course To set up a communication system that can be finely tuned to allow specific groups of users to interact with each other, follow these steps: We are going to set up a communication system using a meta course. Log in to your site as admin and click on the Show all courses link found at the bottom of your MyCourses block on the front page of your site. At the bottom of the subsequent Course Categories screen, click on the Add a new course button. Change the category from Miscellaneous to Reading and enter a Full name and Short name such as Reading Program and ReadProg. Enter a short description explaining that the course is to function as a communication area for the reading program. Use the drop-down menu next to the meta course heading, shown in the following screenshot, to select Yes in order to make this course a meta course: Change the Start date as you see fit. You don't need to add an Enrollment key under the Availability heading to prevent users who are not eligible to enter the course because the enrollment for meta courses is taken from child courses. If you've gotten into the habit of entering enrollment keys just to be safe however, doing so here won't cause any problems. Change the group setting, found under the Groups heading, to Separate. Do not force this setting however, in order to allow it to be set on an individual activity basis. This will allow us to set up forums that are only accessible to teachers and/or administrators. Other forums can be set up to allow only student and teacher access, for example. Click on the Save changes button found at the bottom of the screen and on the next screen, which will be the Child courses screen, search for all reading courses by entering Reading in the search field. After clicking on the Search button to initiate the search, you will see all of the reading courses, including the meta course we have just created. Add all of the courses, except the meta course, as shown in the following screenshot. Use the short name link found in the breadcrumb path at the top-left of the window, shown in the following screenshot, to navigate to the course after you have added all of the reading child courses: What just happened? We just created a meta course and included all of the reading courses as child courses of the meta course. This means that all of the users enrolled in the reading child courses have been automatically enrolled in the meta course with the same roles that they have in the child courses. It should be noted here that enrollments in meta courses are controlled via the enrollments in each of the child courses. If you wish to unenroll a user from a meta course, he or she must be unenrolled from the respective child course. In the next step, we'll create the groups within the meta course that will allow us to create targeted forums. Time for action – creating a group inside the meta course We are now going to create groups within our meta course in order to allow us to specify which users will be allowed to participate in, and view, the forums we set up later. This will allow us to control which sets of users have access to the information and communication that will be contained in each forum. Follow these steps to set up the forums: Log in to your Moodle site as admin and navigate to the meta course we just created. It will be located under the Reading heading from the MyCourses block and titled Reading Program if you followed the steps outlined earlier in this article. Click on the Groups link found inside the Administration block. The subsequent screen will be titled ReadingProg Groups. The ReadingProg portion of the title is from the short name of our course. From this screen, click on the Create group button. Title the group Teachers and write a short description for the group. Ignore the enrollment key option as enrollments for meta courses are controlled by the child course enrollments. Leave the picture field blank unless you would like to designate a picture for this group. Click on the Save changes button to create the group. You will now see the ReadingProg Groups screen again and it will now contain the Teachers group, we just created. Click once on the group name to enable the Add/remove users button. Click on the Add/remove users button to open the Add/remove users window. From this window, enter the word Teacher in the search window and click on the Search button. Select all of the teachers by clicking once on the first teacher and then scrolling to the last teacher and, while holding down the shift button on your keyboard, click on the last teacher. This will highlight all of the teachers in the list. Click on the Add button to add the selected teachers to the Existing members list on the left. Click on the Back to groups button to return to the ReadingProg Groups screen. The Teachers group will now appear as Teachers(20) and, when selected, the list of teachers will appear in the Members of: list found on the right side of the screen, as shown in the following screenshot: Next, navigate to the front page of your site and from the Site Administration block, click on the Miscellaneous heading link and then on the Experimental link. Scroll down to the Enable groupings setting and click the tickbox to enable this setting. This setting enables you to group multiple groups together and also to make activities exclusively available to specific groupings. We'll need this capability when we set up the forums later. For a more detailed explanation of the groupings feature, visit the associated Moodle Docs page at: http://docs.moodle.org/en/Groupings. What just happened? We just created a group, within our Reading Program meta course, for all of the teachers enrolled in the course. Because the enrollments for a meta course are pulled from the child courses associated with a meta course, the teachers are all teachers who are teaching reading courses in our program. Later in this article, we'll see how we can use this group when we set up forums that we only want our teachers to have access to.

  Moodle as a Curriculum and Information Management System   Use Moodle to manage and organize your administrative duties; monitor attendance records, manage student enrolment, record exam results, and much more Transform your Moodle site into a system that will allow you to manage information such as monitoring attendance records, managing the number of students enrolled for a particular course, and inter-department communication Create courses for all subjects in no time with the Bulk Course Creation tool Create accounts for hundreds of users swiftly and enroll them in courses at the same time using a CSV file. Part of Packt's Beginner's Guide series: Readers are walked through each task as they read through the book with the end result being a sample CIMS Moodle site         Read more about this book       (For more resources on Moodle, see here.) Course categories Categorization is an innate human behavior that allows us to perceive and understand the environment that surrounds us. Moodle designers must have recognized our tendency to categorize, because Moodle contains a flexible categorization system that allows for the creation of categories in which you may house additional categories and courses. Any educational program that offers courses of various varieties will invariably be using a categorization system like this for grouping courses into specific categories. A language program, for example, might group courses into skill-specific categories such as those of listening, speaking, reading, and writing. A larger entity, such as a college, would likely group courses into content-specific categories such as literature, sciences, speech communications, and the like, with additional subcategories used inside each of those main categories. No matter what the categorization system, Moodle is well-equipped to accommodate via its intuitive user-friendly course category creation interface. Manual creation of course categories We will quickly walk through the manual creation of a simple categorization system in the next few pages. It should be noted however, that course categories can be created automatically via the use of the Bulk Course Upload tool that will be introduced later in the next article. While the automated creation process is certainly a more efficient one, it is a good idea to understand how to create, edit, and adjust categories manually as the need to make adjustments may arise after categories have been created automatically, and at that point, the only practical method may be via the manual process. Using the language program sample as an example, we will set up a categorization system that uses the traditional language skills (listening, speaking, reading, and writing) as the highest level in the categorization system with subcategories for levels. In our example, our program will have four levels: Advanced, Intermediate, Beginner, and Basic, so we will set up each skill category such that it contains subcategories that coincide with the four levels. Time for action – manually creating course categories Let's get started by first taking a look at the courses and categories that exist in the default installation of our MAMP package. We'll proceed by manually creating the categories and subcategories we need for our language program example. Log in to your Moodle site as admin, or as a user with administrative permissions, and click on the All courses link found at the bottom of the Course categories block from your front page. An alternative method for accessing the Course category window is to simply type the word 'course' into your browser at the end of your website address from the front page of your Moodle site. This will direct your browser to the default file, index.php, located in the course directory (for example, for the XAMPP package, it will look like this http://localhost/moodle19/course). The following screenshot is of a default MAMP installation. For Windows XAMPP installations, no courses or categories will exist. You will see the two default courses that are created in the MAMP package and no category. As shown in the following screenshot, the full name of the course will appear on the left side of the screen with a small icon of a person, below it. The icon, shown with an arrow pointing to it in the following screenshot, signifies that the course is set to allow guest users to access it. On the right side of the screen is the course summary. Click on the Turn editing on button from the All courses screen, shown in the previous screenshot, to reveal the course category as shown in the next screenshot. This editing screen displays the categories and the number of courses contained in each category. The category was not listed in the course view window in the previous screenshot because there is currently only one category. With editing on, now click on the Add new category button and, on the subsequent screen, type in the desired category title. For this example, we are going to enter the four skills mentioned previously. Also, as we want these to be our four main categories, we will set the Parent category to Top. Enter a category description and click on the Create category button to finish the process. The following screenshot shows our setup prior to creating the category: After clicking on the Create category button, the screen that you will see next will be an editing screen that will allow you to edit from within the Listening category you just created. As a result, you will not see the Add new category button. Instead, you will see an Add a sub-category button. Click on this button to access the screen that allows you to create a new category. After doing so, you will simply need to change the Parent category to Top. Repeat this process until you have created all of your top-level categories. After you have created all categories, turn the editing feature off and click on the Course categories breadcrumb link, found at the top-left of the screen, to see the result. It will look like the following screenshot: If you wish to change the order in which the categories appear, you can turn editing back on and use the up and down arrows to move categories. In the following screenshot, which is the same screen as the previous one, with editing turned on, we have moved the Miscellaneous category to the bottom and rearranged the main categories into a different order. Next, we will create the four level categories using the same process explained for the main categories. The only difference is that we will create each of the four levels inside the main categories by designating the main category as the Parent category. From the editing screen shown in the previous screenshot, click on one of the categories and then on the subsequent Add a sub-category button, as shown in the following screenshot. Creating the category in this fashion will result in the parent category being automatically set to the main category to which you are adding the sub-category. In the same fashion as earlier when we created multiple categories in succession however, after adding the first sub-category, if you click on Add a sub-category again, you will need to then adjust the Parent category. If you do not do so, you will be effectively burying sub-categories within sub-categories. The alternative is to click on the Course categories pull-down menu prior to clicking on Add a sub-category. Create all four levels, Advanced, Intermediate, Beginner, and Basic, using this process, for each of the four skills (Listening, Reading, Speaking, and Writing). When you have finished adding all of the subcategories to the main categories and have returned to the main Course Categories window, your screen should look like the following screenshot: What just happened? You have just created a simple categorization system with four main skills (Listening, Speaking, Reading, and Writing). Next you created four subcategories—levels, inside each of the main categories (Advanced, Intermediate, Beginner, and Basic). As you followed the example used here or maybe created an even more intricate categorization scheme, you may have felt that the process was a bit time consuming and required quite a few mouse clicks. As mentioned in the beginning of this explanation, creating categories via the Bulk Course Upload tool is much more efficient and recommended when possible. There will be times however, when you need to create new categories after courses have already been made or to edit or rearrange categories. On these occasions, you may find it necessary to use the manual procedure so it is a good idea to be familiar with the process.