Kevin Day [Wed, 14 Feb 2018 00:32:34 +0000 (18:32 -0600)]
Cleanup: prefix private constants with 'p_'
I have mixed feelings about this, but it makes the behavior of prefixing p_ to private class parts and pr_ to protected class parts.
Stick to lower case for the prefix but continue to use upper case for the constant name.
Kevin Day [Sun, 11 Feb 2018 22:39:21 +0000 (16:39 -0600)]
Update: always return and assign a copy of objects by default, but provide a trait to use references
The default behavior is to favor security and separation between different objects.
Everytime an object is assigned or returned via a c_base_return class type, use a copy (clone) of that object.
This is good practice for security and data integrity.
In the event that a reference is needed (generally a good practice for performance and resource reasons), a trait is provided.
This trait must be manually assigned to each class.
This functionality must use distinct functions for assigning and retreiving the references to guarantee consistency in design and avoidance of accidents.
It is very important to note that this design can cause performance issues if this particular design is not understood.
This previous designs intended this behavior, but was not consistent.
This behavior should now be more consistent.
Kevin Day [Sat, 3 Feb 2018 21:38:59 +0000 (15:38 -0600)]
Feature: add 'database_user_public_default' option to not use public/anonymous account access to the database
This allows for database-less connections by default.
Some sites may use this, but the primary design of the project focuses on public/anonymous database access.
More work may be necessary.
Kevin Day [Sat, 3 Feb 2018 21:09:47 +0000 (15:09 -0600)]
Update: partial improvements to error presentation, including passing error_message to now reserved ':{error_message}' replacement parameter
Process and pass the error message to the string.
It seems that this was not happening.
There are a few other issues:
- arrays were being passed, increasing complexity (unnecessarily).
- use preg_match() instead of direct string comparisons on postgresql error messages to be consistent.
- ':{failure_reasons} array is no longer neded with this change.
While reviewing and making these changes, I noticed that the entire error message process is a bit inconsistent.
I suspect that I had changed how I was processing errors along the process.
More work needs to be done, but that is being put off to later.
Kevin Day [Sat, 3 Feb 2018 18:39:13 +0000 (12:39 -0600)]
Bugfix: inconsistency in c_base_error's s_false() and s_true() NULL value handling
The comments designate that when NULL is specified, no error should be assigned.
The previous behavior was instead creating a new, empty error.
The error classes also seem to accept NULL values, which will create an empty error array (clearing existing values).
By passing NULL instead of creating an error object makes the behavior consistent with other code.
Kevin Day [Sat, 3 Feb 2018 03:56:14 +0000 (21:56 -0600)]
Update: implement account not available or access not available in database
When the account is not in the database or the account has insufficient privileges to access the database, an error needs to be reported.
A new error category is created to handle this with a separate message.
Kevin Day [Sat, 3 Feb 2018 03:51:46 +0000 (21:51 -0600)]
Bugfix: set_error() must accept an array of errors
This is considered a bug because the current design of get_error() returns an array if errors.
Prior to this, calling set_error($some_class->get_error()) would result in no error being reported because the array value gets ignored.
With this change, the entire array contents are appended, only if the given array value is a valid error class instance.
Kevin Day [Wed, 31 Jan 2018 04:36:04 +0000 (22:36 -0600)]
Update: add necessary defines to fix problems with ldap deprecation and <sched.h> include issues
On some systems, including <sched.h> does not result in all of tbe necessary defines being enabled without additional defines.
Newer versions of ldap deprecatd and removed currently used functions.
Kevin Day [Tue, 31 Oct 2017 21:22:21 +0000 (16:22 -0500)]
Progress: organize some files and some additional markup generation
Move some of the user login code to the parent class.
- I can see reason for moving it to the parent's parent class, but I decided to hold off for now until I implement more classes.
Added additional markup generation classes.
- Some other constants where expanded from their HTML names to be more verbose.
Kevin Day [Fri, 22 Sep 2017 01:21:33 +0000 (20:21 -0500)]
Update: Use PHP namespaces
This enables the use of PHP namespaces.
The namespaces must be prefixed with 'n_'.
The parent namespace for koopa is 'n_koopa'.
I intend to only use a single depth namespace of n_koopa to keep it simple.
All other names remain unchanged.
This introduces a few problems/caveats:
1) Functions being stored as strings to be called dynamically now need to have '/n_koopa/' in front of them.
2) The standard index file in implementing projects, such as reservations, must still use namespace 'n_koopa' even if their project is different.
- This is because the base classes will call the c_base_defaults_global class.
- All other implementing project files can have their own namespace.
3) Core PHP classes very likely need to have '\' prefixed to them (will update as I encounter them).
This introduced new resolutions:
1) Using namespaces revealed a bug in my code where a class function get_roles() is called on an object that may potentially be a c_base_return_false object.
- I have to review the code and confirm whether or not the code should always be returning the appropriate class or allow other returns.
- For now, I am just adding a quick instance check.
Kevin Day [Mon, 4 Sep 2017 11:17:22 +0000 (06:17 -0500)]
Progress: User Profile / User View Page
The profile images should be file ids and not byteas.
- These columns should also be foreign keys to the file table.
Enable use of profile image in the user object.
Update/Fix the Japanese related translations.
The User Profile / User View page is intended to be a simpler version of the User Settings page with a focus on user information and less focus on user settings values.
Kevin Day [Mon, 4 Sep 2017 03:57:35 +0000 (22:57 -0500)]
Progress: user page settings
Fix a logic flaw in the regular expression handling of wildcard paths.
- paths with multiple '/%' where not being properly stripped and such paths (like 'u/view/%/%' where being incorrectly stripped into 'u/view%').
- This resulted in incorrect 'path not found' issues.
Move repeated user content into the core path, adding new class variables as necessary.
Make the default behavior in 'c_standard_path' to include $output_format as well as $arguments.
- $output_format represents the requested output format, the standard being 'html'.
- mime type integers are used, but strings are supported for non-mimetype presentations, such as 'print' for printer-friendly html.
- This will allow for every single path to potentially be presented in other formats.
- The most common formats being 'html', 'print', and 'pdf'.
- More advanced usage can be used via 'json', which is essentially for AJAX.
- Because all content may be represented in 'json', it also makes it possible for 3rd-party clients to render a complete page following a standard format without having to parse HTML.
- This allows for incredibly advanced functionality which can be later utilized by custom clients such as phone-apps that wish to present the data to the user.
- Furthermore, more advanced accessibility (in the context of ADA) can be used so that HTML does not need to be parsed and more content-specific material may be used with less overhead.
- This includes allowing for a client, such as a screen-reader, to make explicit content requests.
- I may, in the near future, implement a raspberry pi screen reader that utilizes this as a proof of concept.
- $arguments represents the processed arguments.
Kevin Day [Sun, 3 Sep 2017 03:38:27 +0000 (22:38 -0500)]
Progress: work on user pages
This makes the PATH_SELF constant for c_standard_path public.
Add new user session handling class.
Add a generic user-specific version of the c_standard_path and have most user path classes extend it.
Populate a basic version of the content menu for user paths.
User paths should accept user ids, handle the arguments.
The print, pdf, and ps paths are also in the url arguments as well as in a separate class path (I need to review the possibilities and pick only 1 method).
Just about all of the user paths, in their current form, are stubs and need to be implemented.
Kevin Day [Thu, 31 Aug 2017 23:07:34 +0000 (18:07 -0500)]
Update: use late static binding for class constants
This is done to encourage the use of classes that extend a parent class that only need to change a single constant.
This is done by replacing self:: with static:: for class constants.
Kevin Day [Thu, 31 Aug 2017 21:16:44 +0000 (16:16 -0500)]
Progress: continued work on user settings
Remove meaningless trailing semicolon.
Organize user page handler constants in alphabetic order.
Add missing user page handler constants, classes, and files.
Use static:: in place of self:: (more to come on why in a follow up commit).
Move the user_view.php contents into user_settings.php and have the user_view class extend the user_settings class.
Kevin Day [Thu, 31 Aug 2017 07:59:10 +0000 (02:59 -0500)]
Cleanup: restructure user dashboard, login, and logout links to be more consistent with the 'user_*' naming
Having all the dashboards called just 'dashboard' is convenient in the general sense, but is more inconsistent when I have a notable amount of 'user_*' names.
Be consistent with the 'user_*' names and have the login, logout, and (user) dashboard files renamed to user_login, user_logout, and user_dashboard.
The other users of 'dashboard' will be updated as needed and as I get to them.
Kevin Day [Thu, 31 Aug 2017 07:19:37 +0000 (02:19 -0500)]
Bugfix: preserve current login path instead of always redirecting to /u/dashboard
If at a given path, such as '/u/view', on login, the default behavior should be to login at that location instead of redirecting to the dashboard.
Add missing include file.
Use c_standard_paths::URI_DASHBOARD_USER instead of the string '/u/dashboard'.
Kevin Day [Wed, 26 Jul 2017 22:13:09 +0000 (17:13 -0500)]
Progress: continue working on user view and related
Add missing functions to relevant tag generation functions.
Add additional text and translations.
Add user access history.
Error handling in user view generation is incomplete.
Kevin Day [Wed, 26 Jul 2017 17:24:58 +0000 (12:24 -0500)]
Progress: continued work on user and login, also miscellaneous fixes
Be sure to write to the connection log only after the session information has been loaded so that a valid session expires value is used.
The public user log table needs to have database-specific role and not standard role for insert access checks.
Process the database password failure string on login.
The table caption and caption tag code was not fully completed.
Style cleanups.
Kevin Day [Wed, 26 Jul 2017 02:17:47 +0000 (21:17 -0500)]
Progress: add table markup, populate user history information, fix time-related issues, and other fixes
Add basic support for generating table markup.
- This might be extra unnecessary code, but then again it allows for the functions to be extended so that <table> could potentially be replaced with <div>.
- Some of the markup tags are being renamed to improve readability.
Build a basic history information using the table markup.
- This is initially created as an example/concept and I intend to come back and finish it in the future.
Functions like s_get_date() should render localtime from a UTC timestamp, instead of UTC time from a UTC timestamp.
Kevin Day [Tue, 25 Jul 2017 21:30:32 +0000 (16:30 -0500)]
Cleanup: rename and relocate request path statistics database table
The context of the statistics is misleading, so rename the database and all related content to have HTTP in the name.
Move the code into the standard statistics sql file.
Kevin Day [Tue, 25 Jul 2017 18:11:06 +0000 (13:11 -0500)]
Bugfix: problems with cookies and related functions
The get_max_age() and get_expires() functions should support returning NULL.
The set_expires() function parameter tests are incorrect.
Try to return 0 for max age and expires.
- My documentation states that if both expires and max age are 0, then a session cookie is used.
- Therefore, avoid that until I have to double check the standards and my code.
I missed a few underscore to dash conversions in the HTTP header processing code.
Added a 'response_encoding' parameter so that I could quickly test and confirm if the encoding is causing any problems.
Kevin Day [Thu, 13 Jul 2017 03:04:23 +0000 (22:04 -0500)]
Bugfix: The global s_get_timestamp() function is returning current time instead of requested time
It looks like I copied the s_get_date() function and forgot to properly updated it (or got confused and forgot what I was working on).
Either way, the implementation is incorrect and does not produce the correct timestamp.
The function is rewritten to only support a time string to be formatted into a unix timestamp float.
The base_defaults_global implementation is also not consistent with the one in reservation_defaults_global.
The base_defaults_global is intended to be a default example implementation where reservation_defaults_global is an implementation specific to the reservation system.
The postgresql default datetime string format is provided as a global constant in the database class for consistency.
Kevin Day [Thu, 13 Jul 2017 02:07:38 +0000 (21:07 -0500)]
Update: Do not force '-' into '_' in HTTP Header names, handle extra names, update comments
Apache may provide header names with '_' in place of '-', causing problems.
The standard allows for '_' and as such '_' and '-' should be mutually exclusive.
My previous behavior is to force all '-' to '_', but I believe this to be bad practice as a default behavior.
I may come back and either provide commented out code, apache-specific tests, or an example patch to apache source code.
Each approach has its problems and advantages.
I will address that issue at a later time.
Handle additional known PHP-provided HTTP headers when getallheaders() is unavailable.
Update the comments in the header processing function.
Kevin Day [Thu, 15 Jun 2017 05:08:11 +0000 (00:08 -0500)]
Update: provide breadcrumbs at current path and plan on having login-specific path handling
This provides breadcrumbs 'at feet' instead of 'behind feet'.
The idea is that the breadcrumbs will show the current path as well as the path history (based on site structure, not browser/navigation history).
Plan on having the login handler provide (and possibly conditionally so) the path of the current page instead of the login page.
The login handler will show up on different pages than just 'u/login'.
Those pages should display their breadcrumb path instead of the login path (unless otherwise hidden).
One possible method is to pass the parent handler's path to the child path.
Kevin Day [Sat, 27 May 2017 02:40:52 +0000 (21:40 -0500)]
Progress: rolling out the roler, the "can manage roles" role
Using "can manage roles" was inconsistent with how I use the "is_X" role behavior but it is also similar enough that I feel that it should be an "is_X".
To try to make it consistent, I decided to invent a new word that fits the behavior: roler (Not to be confused with roller).
Just like how I abused the word "administrator" as "administer", I am abusing the words "role manager" as "roler".
Kevin Day [Sat, 27 May 2017 02:05:41 +0000 (21:05 -0500)]
Progress: further work on user view page, documentation changes, more global constants, try to get more consistent return types
One of the downsides of my design is the complex return type handling.
The code because easier when tests do not have to be performed.
I want to provide a way to return a class as a default but provide a way to say that there was no value stored.
Instead of returning the NULL return type class, return the preferred class with an error flag set to "not defined".
This simplifies the code, especially some of the code used on the user view page.
Kevin Day [Tue, 23 May 2017 02:15:10 +0000 (21:15 -0500)]
Bugfix: add missing column 'can_manage_roles' in public.v_users_self
I originally intended to only provide the necessary columns.
However, in an attempt to simplify the PHP end of this, I decided to add NULL columns for such cases.
When I did this, I overlooked the 'can_manage_roles' column.
Looking at this, I might also be better of setting the values to FALSE instead of null::bool where is can be easily determined to be FALSE.
I ended up creating a new class called c_base_array when implementing the breadcrumb functionality.
I plan to eventually convert all related/similar types into this class.
User setting pages have some initial work completed.
Kevin Day [Wed, 3 May 2017 21:01:21 +0000 (16:01 -0500)]
Progress: standard path structure and functionality and other changes
Made changes to the standard path structure and functionality.
It should be more extensible because the create html function has been exploded into multiple sub-parts via protected functions.
Kevin Day [Wed, 3 May 2017 02:54:16 +0000 (21:54 -0500)]
Cleanup: re-structure the database sql for standard and reservation
To avoid having duplicate queries, I moved all the permission related information for standard into a separate sql file.
- This allows for referencing the standard sql files as part of the install, without having to modify them for name changes.
The only files that should need to be replaced from standard are standard-first.sql, standard-permissions.sql, and standard-last.sql.
I changed all references of u_standard and r_standard to u_reservation and r_reservation to generate the reservation specific versions of standard-first.sql, standard-permissions.sql, and standard-last.
- These changes were saved in their respective reservation equivalent files: reservation-first.sql, reservation-permissions.sql, and reservation-last.
While making these changes, I noticed that there is a way to disable all triggers for a table so that I can alter content without a trigger being 'triggered'.
- This made it easy for me to move some special cases to the standard-permissions.sql file.
Kevin Day [Tue, 2 May 2017 21:42:03 +0000 (16:42 -0500)]
Progress: standard path design, database accounts, database logging, and other fixes
Move all of the execute parameters into the c_standard_path class so that it does not have to be passed to every function.
- Down the road, I may just have the execution function without parameters and use a separate function for assigning the parameters to the class.
Make sure the database accounts exist in the user table.
- Ldap synchronization on login is now functioning.
- Non-LDAP does not synchronize or change account settings on login.
- There is currently no 3rd-party database/structure/design to use as a basis for auto-assigning roles, therefore roles must be manually assigned to the each user.
- This manual assignment will still auto-update the postgresql roles, so only the is_* columns need to be altered and postgresql roles will automatically follow via triggers.
The first part of the database logging is setup and working.
- There is much more work to do.
Kevin Day [Tue, 2 May 2017 19:12:14 +0000 (14:12 -0500)]
Progress: log tables and related code out of sync and other fixes
The log settings became noticably out of date between the code and the database.
Significant changes are made, dealing with the database and its usage.
Switched to timezone that supports timezone by default and then set standard behavior to use UTC timezone.
Kevin Day [Tue, 2 May 2017 05:08:52 +0000 (00:08 -0500)]
Progress: move code from reservation to standard and other fixes
I've now determined what would be a good basis for using a 'standard' structure.
Standard would be a minimal website used by most of my projects here, but it is not part of the base so that other developers do not have to use it at all.
This allows for more development flexibility while still providing a common default.
Most of the reservation example program code was moved into standard, including sql code.
Kevin Day [Fri, 28 Apr 2017 03:28:43 +0000 (22:28 -0500)]
Progress: more development with paths, additional html processing,
More work with paths.
Add additional data to HTML, restructuring code as necessary.
- Now includes class names by date and path (assigned to <body>).
- Add sanitizer, I used drupal 7's css sanitizer as a reference (just their preg_replace() part).
Functions like get_is_root() is a bit awkward, change the behavior and name to be more suitable.
- get_is_root() and set_is_root() are both now is_root() such that is_root() functions as get_is_root() when no parameters are specified and functions as set_is_root() when parameters are specified.
- this is repeated for all other similar functions.
I decided to separate /a/ paths into two paths:
- /a/ - administrative paths (for advanced and technical administration).
- /m/ - management paths (which is where most of the non-user related website logged in access will be involved in).
Kevin Day [Wed, 26 Apr 2017 13:21:32 +0000 (08:21 -0500)]
Bugfix: internal pages were not processing language after redesign and use fix paths output handling
When I wrote the language handling into the initial setting load function and then changed the output handling to be more dynamic, I forgot to update p_include_path().
Get rid of the loop when deciding the language include file suffix and only use the last entry in the aliases array (generally the shortest).
There were some cases where I was still using $this->html instead of $this->content.
Be more consistent by using $this->output instead of $this->content.
Kevin Day [Wed, 26 Apr 2017 03:25:00 +0000 (22:25 -0500)]
Progress: more path management changes, imrpove languages support, and other fixes
Continue developing path handling functionality.
I've decided to implement language handling as sub-classes, using japanese as the first language to test with.
Other bugfixes and tweaks.
Kevin Day [Wed, 19 Apr 2017 18:53:47 +0000 (13:53 -0500)]
Progress: improve language support when using global data, add headers in some tests programs, and fix language related issues
When I moved languages into the global defaults class, I missed a few chunks of code that needed to be updated.
I noticed that some of the tests were not printing any headers.
Allow for setting content-language with multiple languages, as is the case with one of the tests using japanese and english.
Kevin Day [Wed, 19 Apr 2017 14:52:33 +0000 (09:52 -0500)]
Update: implement and use more global values, simplify http response return values, implement content-range, other changes/fixes
The time functions have been moved into the global default class.
The http language class has been moved into the global default class.
The return values for HTTP response functions have been set to their specific type, instead of always FALSE.
This makes it easier to handle the return value without caring about errors.
Any unsupported functionality continues to return FALSE until such time I read the appropriate part of the standards and implement the functionality.
Content-Range response is now implemented.
I noticed that I have been inconsistently using $ps_ and $s_ for private static class variables.
I removed $ps_ that in favor of $s_ only because it was the simpler change.
I may end up coming back later and changing all private static to $ps_ (or not..).
While making the time values global, I noticed that PHP does not always guarantee microseconds to be populated.
Special handling is necessary and so I created more global static functions to handle this complicated situation.
I've observed and fixed some simple mistakes, bugs, typos, etc...
Kevin Day [Fri, 7 Apr 2017 05:32:59 +0000 (00:32 -0500)]
Progress: work on path handling, other minor changes
I changed my approach half-way through this and will need to come back and clean out a lot of unecessary code.
Some decisions still need to be made on certain aspects.
Kevin Day [Wed, 5 Apr 2017 02:52:23 +0000 (21:52 -0500)]
Update: improve return values used in c_base_utf8 class functions (and related)
I believe I was returning TRUE/FALSE types out of habit and for consistency.
For string processing functions, it makes far more sense to always return a c_base_return_string.
This simplifies the code the caller has to write.
The caller can still identify errors using the c_base_return::s_has_error() function.
The caller need only to call ->get_value_exact() if they do not care whether an error occured.
This will always return a string (and on error, it returns an empty string).
Kevin Day [Sat, 1 Apr 2017 06:05:11 +0000 (01:05 -0500)]
Update: rework access control to be automatic based on is_* roles in the t_users table
Instead of trying to use select queries on every statement based on a users role, have the database automatical grant/revoke roles based on column settings in the s_tables.t_users table.
u_public and r_public have been renamed to be u_reservation_public and r_reservation_public to keep all roles self-contained.
name_machine fields should now only allow word characters.
Kevin Day [Thu, 30 Mar 2017 17:34:35 +0000 (12:34 -0500)]
Progress: improve access control database structure and other changes
Numerous changes, but there has been a huge focus on access control changes.
It occurred to me that if an account was locked or deleted, then they should be denied access to all of the views (with exception of the current user views).
This required a notable structural change.
The tables are now stored in the s_table schema.
In case accounts get locked, even administer accounts, access should be disabled.
I did not get the time to convert all of the administer and manager roles to be restricted to views but will eventually do so.
Kevin Day [Sat, 4 Mar 2017 04:45:15 +0000 (22:45 -0600)]
Progress: continuing development, http headers work
There is still a lot more to go, but this resolves some of the @todo's in the http headers class.
I have noticed that in some cases I called a prepare_token function and the return value has parsed in the name.
- The parsed name is used for parsing functions and generally returns an array.
- Based on the name, I could easily mistake the purpose of the return value for the prepare_token (or similar) functions.
- These prepare functions now use prepared in place of parsed to make reading the code more consistent.
- There are some functions that make this incorrect interpretation and they must be rewritten accordingly.