Difference between revisions of "Userlevel:Admin:Technical Documentation - Websites:Misc documentation"
(→System Log Book) |
(→System Log Book) |
||
(142 intermediate revisions by the same user not shown) | |||
Line 609: | Line 609: | ||
==== File and folder permissions ==== | ==== File and folder permissions ==== | ||
+ | |||
+ | * File permissions are now authoritatively determined in /var/www/sharehim.org/permission-cleanup.sh | ||
Modify (666): php/files/*.* except index.php | Modify (666): php/files/*.* except index.php | ||
Line 646: | Line 648: | ||
Modify ??? : OpenID filestorage location | Modify ??? : OpenID filestorage location | ||
− | <br> | + | <br> |
== Scheduler == | == Scheduler == | ||
Line 1,770: | Line 1,772: | ||
==== When mail provider changes IP (eg. causing mail queue just filling up) ==== | ==== When mail provider changes IP (eg. causing mail queue just filling up) ==== | ||
− | + | Emails from the website is sent via Google Apps but system emails are still sent using this. | |
Steps to fix: | Steps to fix: | ||
− | # Get IP of <code>nslookup | + | # Get IP of <code>nslookup yourmailserver.com</code> |
− | # If | + | # If IP has changed, stop postfix <code>sudo /etc/init.d/postfix stop</code> |
− | # | + | # <code>sudo nano /etc/postfix/main.cf</code> to update <code>relayhost</code> with new IP address and/or port |
− | # | + | # <code>sudo nano /etc/postfix/sasl_passwd</code> to add new IP/port |
− | # Delete old encoded sasl database: <code>rm /etc/postfix/sasl_passwd.db</code> | + | # Delete old encoded sasl database: <code>sudo rm /etc/postfix/sasl_passwd.db</code> |
− | # Generate new encoded database: <code> postmap hash:/etc/postfix/sasl_passwd</code> | + | # Generate new encoded database: <code>sudo postmap hash:/etc/postfix/sasl_passwd</code> |
− | # Start postfix | + | # Start postfix <code>sudo /etc/init.d/postfix start</code> |
− | # Send test message by: <code>mail -s testing | + | # Send test message by: <code>mail -s testing allan@sharehim.org</code>. Next, type a line of text and then press Ctrl+D to send it. |
# Verify log file looks correct | # Verify log file looks correct | ||
# Verify email made it though | # Verify email made it though | ||
− | # If good, then lets try to resend and flush the queue: | + | # If good, then lets try to resend and flush the queue: <code>postqueue -f</code> |
# View log file to see if messages start going out OK while checking status of <code>postqueue -p</code> to verify queue is decreasing | # View log file to see if messages start going out OK while checking status of <code>postqueue -p</code> to verify queue is decreasing | ||
= Servers = | = Servers = | ||
+ | |||
+ | === Domains === | ||
+ | |||
+ | |||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Domain Name !! Usage description | ||
+ | |- | ||
+ | | sharehim.org || Main domain | ||
+ | Registered through Carolina Conference (managed at networksolutions.com). | ||
+ | |- | ||
+ | | global-evangelism.org || Legacy domain which points to our main server and redirects to sharehim.org | ||
+ | Registered on ShareHim's hover.com account. | ||
+ | |- | ||
+ | | global-evangelism.com || Legacy domain which points to our main server and redirects to sharehim.org | ||
+ | Registered on ShareHim's hover.com account. | ||
+ | |} | ||
=== Sub-domains === | === Sub-domains === | ||
Line 1,809: | Line 1,828: | ||
| support.sharehim.org || Pointing to John Lucas. He has some documentation etc there. | | support.sharehim.org || Pointing to John Lucas. He has some documentation etc there. | ||
|- | |- | ||
− | | svn.sharehim.org || Used by the Subversion server | + | | svn.sharehim.org || Used by the Subversion server (NO LONGER USED - WE HAVE MIGRATED TO GIT - SEE "SUBVERSION INSTALL" SECTION) |
|- | |- | ||
| test.sharehim.org || The testing site of the main site | | test.sharehim.org || The testing site of the main site | ||
Line 1,832: | Line 1,851: | ||
=== Server setup === | === Server setup === | ||
+ | |||
+ | ==== Minimum requirements ==== | ||
+ | '''OBS!!''' Reflect changes in _test_server.php | ||
+ | |||
+ | * PHP 5.x | ||
+ | * PHP Extensions: mysql, mysqli, gd, imap, soap (not yet used), sqlite3 (not yet used and not installed) | ||
+ | ** More that should be installed: Mcrypt, cURL, mbstring | ||
+ | * MySQL 5.x (reason: DECIMAL type in CAST(), bug with field lengths in UNION queries, INSERT ... ON DUPLICATE) | ||
+ | * See _test_server.php for more. | ||
+ | |||
==== Main webserver installation ==== | ==== Main webserver installation ==== | ||
− | + | ====== Apache/PHP and all the domains ====== | |
− | * | + | * Basic Debian server setup according to Allan Jensen's document "Installing Debian server - step-by-step.txt" |
− | * | + | ** Includes ssh config, iptables firewall, fail2ban, postfix, Apache, MySQL, PHP, Let's Encrypt |
− | * | + | ** Set system timezone to <code>America/New_York</code> (alternatively we could set it for PHP and MySQL specifically) (needed because most timestamps in the database unfortunately are stored in this timezone) |
− | * | + | *** <code>sudo dpkg-reconfigure tzdata</code> |
− | * | + | ** Added custom fail2ban filter for banning numerous requests to /wp-login.php |
− | * | + | *** See <code>/etc/fail2ban/filter.d/apache-wordpress-login.conf</code> and <code>/etc/fail2ban/jail.local</code> |
+ | ** Also followed the Linode docs for optimizing [https://www.linode.com/docs/websites/hosting-a-website#optimize-apache-for-a-linode-2gb Apache], [https://www.linode.com/docs/websites/hosting-a-website#optimize-mysql-for-a-linode-2gb MySQL] and PHP for 2GB RAM | ||
+ | *** <code>sudo nano /etc/apache2/apache2.conf</code> | ||
+ | <pre> | ||
+ | KeepAlive Off | ||
+ | ... | ||
+ | <IfModule mpm_prefork_module> | ||
+ | StartServers 4 | ||
+ | MinSpareServers 20 | ||
+ | MaxSpareServers 40 | ||
+ | MaxClients 200 | ||
+ | MaxRequestsPerChild 4500 | ||
+ | </IfModule></pre> | ||
+ | *** <code>sudo nano /etc/mysql/conf.d/sharehim-mysql.cnf</code> | ||
+ | <pre> | ||
+ | [mysqld] | ||
+ | max_allowed_packet = 1M | ||
+ | thread_stack = 128K | ||
+ | max_connections = 75 | ||
+ | table_open_cache = 32M | ||
+ | key_buffer_size = 32M | ||
+ | </pre> | ||
+ | ** Users beside the root user: | ||
+ | *** allan (has sudo rights) | ||
+ | *** techexec1 (has sudo rights) | ||
+ | * Upload "99-sharehim.sh" with customized directory aliases to /etc/profile.d/ | ||
+ | ** See backup or folder "sharehim.org\_other_server_files\" folder on developer machine | ||
+ | * Upload "sharehim_logrotate" to /etc/logrotate.d/ | ||
+ | ** See backup or folder "sharehim.org\_other_server_files\" folder on developer machine | ||
+ | * Upload "sharehim-mysql.cnf" with disabled ONLY_FULL_GROUP_BY to /etc/mysql/conf.d/ | ||
+ | ** See backup or folder "sharehim.org\_other_server_files\" folder on developer machine | ||
+ | * Install rsync | ||
+ | ** <code>sudo apt-get install rsync</code> | ||
+ | * Install git (used by PHP Composer package system to retrieve packages) | ||
+ | ** <code>sudo apt-get install git</code> | ||
+ | * Synchronize all /var/www/ files from old to new server | ||
+ | * Copy all databases from old to new server, including the users | ||
+ | * To accept the self-signed SSL certificate (don't think this is self-signed anymore though) for the SVN repository at "https://svn.winternet.no/svn/jensenfw2" (used in composer.json) execute the command "svn list https://svn.winternet.no/svn/jensenfw2" once and accept the certificate permanently. | ||
+ | * Install CrashPlan (NO LONGER USED AND HAS BEEN UNINSTALLED - THEY DONT SUPPORT DEBIAN, ONLY UBUNTU - as of 2021-05 I don't think we replaced it with anything - but I do database backups on allanville.com - and have code repos there) | ||
+ | ** Install a GUI for Linux (LXDE seems to be the least resource intensive of the main ones) | ||
+ | ** Log into you CrashPlan Small Business account and find the Linux installation file under App Downloads. | ||
+ | ** Unpack it and run the install.sh script from within the GUI. Accept all the default directories etc. | ||
+ | ** It recommends to raise the number of watches from the default 8192 (don't know if the later versions that I downloaded once we had switched to Small Business accoutn also needs this): | ||
+ | *** Add line <code>fs.inotify.max_user_watches=1048576</code> to <code>/etc/sysctl.conf</code> according to https://htpcbuildguide.com/crashplan-installation/ | ||
+ | *** To put it into effect without rebooting run <code>echo 1048576 > /proc/sys/fs/inotify/max_user_watches</code> | ||
+ | ** Wait to adopt the old computer until you have completed the setup and switched to the new server | ||
+ | ** The tray application no longer seems to be necessary - backup settings can be controlled from within the web interface of the account. | ||
+ | ** Debugging: log files are located in <code>/usr/local/crashplan/log/</code> | ||
+ | ** Connecting to the app: | ||
+ | *** (see Allan's file "Using GUI (graphical desktop) on a server.txt") | ||
+ | *** Log into SSH session that forwards port 5901 to localhost:5901 | ||
+ | *** Ensure vnc is running. Check with <code>ps aux | grep vnc</code>. If not running, run <code>vncserver :1</code>. | ||
+ | *** Connect with a VNC client to <code>localhost:1</code> (it will automatically add 5900 to the number) | ||
+ | ** Restarting Crashplan service (https://support.code42.com/CrashPlan/6/Troubleshooting/Stop_and_start_the_Code42_app_service): | ||
+ | *** <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> | ||
+ | * Additional PHP configuration (<code>sudo nano /etc/php/7.1/apache2/conf.d/99-sharehim.ini</code>): | ||
+ | ** <code>post_max_size=200M</code> | ||
+ | ** <code>upload_max_filesize=200M</code> | ||
+ | * Install additional PHP extensions: | ||
+ | ** <code>sudo apt-get install php7.1-gd php7.1-imap php7.1-xml php7.1-zip php7.1-soap</code> | ||
+ | ** <code>sudo apt-get install php7.1-bcmath</code> (because of at least bcmod() in php_functions_sharesynch_activation.php) | ||
+ | ** <code>sudo apt-get install php7.1-xmlrpc</code> (because of /allan-temp/invoice) | ||
+ | * Additional PHP CLI configuration (<code>sudo nano /etc/php/7.1/cli/conf.d/99-sharehim-cli.ini</code>): | ||
+ | ** <code>error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_WARNING & ~E_NOTICE</code> | ||
+ | |||
+ | ====== Subversion ====== | ||
+ | |||
+ | ==== WE HAVE MIGRATED TO GIT AT https://git.winternet.no SO THIS IS NO LONGER USED ==== | ||
+ | |||
+ | Source: http://stackoverflow.com/questions/60736/how-to-setup-a-subversion-svn-server-on-gnu-linux-ubuntu | ||
+ | |||
+ | * <code>apt-get install subversion libapache2-mod-svn</code> | ||
+ | * <code>mkdir /var/www/svn.sharehim.org/svnrepo && cd $_ </code> | ||
+ | * Create a repository:<br><code>svnadmin create firstrepo</code> (not needed if you just sync the files from the old server) | ||
+ | * Set permissions:<br><code>chown -R www-data:www-data /var/www/svn.sharehim.org/svnrepo</code><br><code>chmod -R g+ws /var/www/svn.sharehim.org/svnrepo</code> | ||
+ | * Add user: (the .passwd file can also be put somewhere else)<br><code>htpasswd -c -m /var/www/svn.sharehim.org/dav_svn.passwd yourusername</code> | ||
+ | * Add this to the virtual host of <code>svn.sharehim.org</code> (<code>/etc/apache2/sites-available/110-svn.sharehim.org.conf</code>) ([http://svnbook.red-bean.com/en/1.7/svn.ref.mod_dav_svn.conf.html documentation]): | ||
+ | <pre> | ||
+ | <VirtualHost> | ||
+ | ... | ||
+ | <Location /svn> | ||
+ | DAV svn | ||
+ | SVNParentPath /var/www/svn.sharehim.org/svnrepo | ||
+ | AuthType Basic | ||
+ | AuthName "Subversion Repository" | ||
+ | AuthUserFile /var/www/svn.sharehim.org/dav_svn.passwd | ||
+ | Require valid-user | ||
+ | # Outcomment next line if not using https | ||
+ | SSLRequireSSL | ||
+ | </Location> | ||
+ | ... | ||
+ | </VirtualHost> | ||
+ | </pre> | ||
+ | * If it should be publicly accessible, see the StackOverflow refence. | ||
+ | * Restart Apache:<br><code>service apache2 restart</code> | ||
+ | * Browse to <code>https://svn.sharehim.org/svn/firstrepo</code> | ||
+ | |||
+ | ====== Postfix ====== | ||
+ | * For routing mail send through an SMTP, not for receiving email | ||
+ | |||
+ | |||
+ | * <code>myhostname = webserver.sharehim.org</code> (may NOT just be sharehim.org as we want mail to the domain delivered externally) | ||
+ | * for the same reason mydestination may NOT include sharehim.org (but it could include webserver.sharehim.org I guess??) | ||
+ | |||
+ | ====== If installing mail server (we currently use Google's G Suite) ====== | ||
+ | * Dovecot (is currently not installed) | ||
+ | * ClamAV (is currently not installed) | ||
+ | * SpamAssassin (is currently not installed) | ||
+ | |||
+ | <br><br><br> | ||
* FTP: Uninstalled ProFTPp on 2016-04-10 after Chuck no longer needed to access the server. The configuration files are still there in /etc/proftpd and /etc/proftpd.orig though. | * FTP: Uninstalled ProFTPp on 2016-04-10 after Chuck no longer needed to access the server. The configuration files are still there in /etc/proftpd and /etc/proftpd.orig though. | ||
Line 1,849: | Line 1,987: | ||
* To make WordPress not require use of FTP for updating, plugin and theme installs, www-data must be the owner all files and directories. Just setting even 777/666 permissions is not enough. | * To make WordPress not require use of FTP for updating, plugin and theme installs, www-data must be the owner all files and directories. Just setting even 777/666 permissions is not enough. | ||
+ | * To install WordPress updates the file permissions-for-wordpress-update.sh should first be run. After update run permission-cleanup.sh. | ||
===== Installing updates ===== | ===== Installing updates ===== | ||
Line 1,864: | Line 2,003: | ||
([https://letsencrypt.org/getting-started/ Source]) | ([https://letsencrypt.org/getting-started/ Source]) | ||
− | Do the following in | + | Do the following in the /root folder: |
− | <pre> | + | <pre>sudo apt-get install python-certbot-apache</pre> |
− | <pre> | + | <pre>sudo certbot --apache</pre> |
− | <pre>./ | + | Setup cron job to execute (you can test it with <code>sudo certbot renew --dry-run</code>): |
+ | |||
+ | <pre>certbot renew</pre> | ||
+ | |||
+ | ==== Checklist - before switching to new server ==== | ||
+ | |||
+ | * Use temporary subdomain <code>new.sharehim.org</code> for the new server | ||
+ | ** Make DNS entry | ||
+ | ** Add to .htaccess | ||
+ | *** <code>RewriteCond %{HTTP_HOST} !new.sharehim.org</code> | ||
+ | ** Add Apache ServerAlias in config file for the sharehim.org site | ||
+ | * Setup subdomain <code>old.sharehim.org</code> for the current server (so we still have a domain we can use after switching DNS for all other domains) | ||
+ | * Configure Apache for global-evangelism.org, global-evangelism.com and sharehim.org and any other domains/subdomains | ||
+ | * Synchronize files from old website to new website | ||
+ | ** <code>rsync -larvzi --checksum --delete-during -e 'ssh -p 22022' /var/www/sharehim.org/ allan@new.sharehim.org:/var/www/sharehim.org/</code> | ||
+ | ** Add these two lines to the end of sshd_config to allow password authentication from IP of the old machine: | ||
+ | *** <code>Match address xx.xx.xx.xx</code> | ||
+ | *** <code>____PasswordAuthentication yes</code> | ||
+ | * Configure ini files: | ||
+ | ** /php/ini_serverconfig.php | ||
+ | ** /wp-config.php | ||
+ | ** /help/ini_server.php | ||
+ | * Run _test_server.php | ||
+ | ** 'server_ip' : for knowing if the script is called by the server itself (NOT whether or not it's the production server) | ||
+ | *** It must always be set to the IP that $_SERVER['REMOTE_ADDR'] returns when a script is called by the server itself | ||
+ | *** For NAT server setups this usually means a different IP than $_SERVER['SERVER_ADDR'] | ||
+ | * Run _unittests.php | ||
+ | * Check settings in ini.php | ||
+ | * File permissions (see a section on this wiki page and the script <code>permission-cleanup.sh</code>) | ||
+ | * Test PDF generation, making zip archives, use of XML extension | ||
+ | * Test sending email | ||
+ | ** Especially to the sharehim.org addresses | ||
+ | * Copy <code>/etc/sudoers.d/sharehim-sudo</code> to new server | ||
+ | * NOT USED ANYMORE? Test PHP script that accesses the bounces email account | ||
+ | * See file documentation for <code>upload_multimedia.php</code> for requirements on Apache | ||
+ | |||
+ | ==== Checklist - right before/during switching to new server ==== | ||
+ | |||
+ | * Ensure system/apache/php etc is up-to-date on new server | ||
+ | * Lock both old and new website by setting <code>$GLOBALS['shcfg']['testsite_is_open'] = false</code> in <code>ini.php</code> | ||
+ | * Set wiki to read-only by adding this line in LocalSettings.php: <code>$wgReadOnly = 'System is locked due to server maintenance.';</code> | ||
+ | * Set WordPress to read-only - google how to do it | ||
+ | * Delete cron jobs from old server (/etc/cron.d/sharehim-cron) | ||
+ | * Sync databases (use mysqldump (with compression) to do it fast, but it is easier to use HeidiSQL though it will be a lot slower) | ||
+ | ** Using mysqldump directly to new host: <code>mysqldump --opt db_name | mysql --host=remote_host -C db_name</code> | ||
+ | ** Using mysqldump to file: | ||
+ | *** <code>mysqldump -u root -p --opt sharehim_main > BACKUP_sharehim_main.sql</code> | ||
+ | *** <code>gzip BACKUP_sharehim_main.sql</code> | ||
+ | *** Transfer file to new server (easiest to use <code>mc</code>'s Shell link functionality to avoid slow transfer speeds on SFTP) | ||
+ | *** <code>gzip -d BACKUP_sharehim_main.gz</code> | ||
+ | *** <code>mysql -h localhost -u root -p --compress sharehim_main < BACKUP_sharehim_main.sql</code> | ||
+ | ** Make sure that databases are copied completely => compare number of records in old and new | ||
+ | ** Check system_settings "label" that it hasn't lost the first letter of each folder (probably because of the backslash) (discovered on 2007-12-02 that these first letters had disappeared from the value field and Bob had trouble getting the printer to work!) | ||
+ | * Sync files, espacially: (EXCEPT ini_serverconfig.php) | ||
+ | ** php/pdf_generated/*.* -r | ||
+ | ** php/multimedia/*.* -r | ||
+ | ** docs/*.* -r | ||
+ | ** - use _allfiles.php to check if they are sync (by comparing a report from old and new server) | ||
+ | * Change $main_domain in ini_serverconfig.php and WordPress options 'siteurl' and 'home' in table wp_options to the correct domain | ||
+ | * Make sure $enable_usage_statistics in ini_serverconfig.php is enabled | ||
+ | * Change DNS for all related domains | ||
+ | |||
+ | ==== Checklist - after switching to new server ==== | ||
+ | |||
+ | * Setup https for all domains after DNS has effectively changed (using Let's Encrypt <code>certbot</code>) | ||
+ | * Change to new server IP address in G Suite SMTP Relay (or add authentication info in ini_hooks.php instead) | ||
+ | * Run _test_server.php | ||
+ | * Open new website by setting <code>$GLOBALS['shcfg']['testsite_is_open'] = true</code> in <code>ini.php</code> | ||
+ | * Open and test wiki | ||
+ | * Open and test WordPress | ||
+ | * Check both domains: sharehim.org and global-evangelism.org (with and without "www.") | ||
+ | * Test other domains (fx. test. and software. and .legacy) | ||
+ | * Ensure scheduled jobs (cron jobs) were removed from old server, and set up on new server and is running (set root:root ownership and 644) | ||
+ | * NOT USED ANYMORE? Check that bounces end up in the mailbox we have specified in ini.php | ||
+ | * Re-check file permissions (because of the final file synchronization we did) | ||
+ | * Re-check sending emails, both to sharehim.org domain and other domains (since we have made DNS changes plus are sending from new IP) | ||
+ | ** Check that also cron result emails sent to sharehim.org email address (using MAILTO in the cron file) are routed correctly | ||
+ | * Test uploading pictures, both for stories and personal portraits | ||
+ | * Test and relocate TortoiseSVN sandbox if address to repository is different | ||
+ | * Test that generation of http://test.sharehim.org/sharehim_changelog.xml still works (run by a cron job) | ||
+ | * Make log entry in logbook.txt | ||
+ | * Check that internal and external backups are being done | ||
+ | ** Check the cron job running backup-mysql.phpcli | ||
+ | ** Check automatic downloads by developer | ||
+ | * Notify the Outblaze.com postmaster (postmaster@outblaze.com) about any IP address change (to avoid spam blocking of our emails) | ||
+ | ** When I did this last time (around 2009/2010) they said: "We're not currently blocking either your old or your new IP. You should be good to go." | ||
+ | * Remove use of new.sharehim.org | ||
+ | ** DNS entry | ||
+ | ** Apache ServerAlias | ||
+ | ** .htaccess | ||
+ | ** Remove temporary Match config in bottom of sshd_config file | ||
+ | * Remove DNS entry for old.sharehim.org once that server has been eradicated | ||
+ | |||
+ | ===== Changing domain ===== | ||
+ | |||
+ | * change $GLOBALS['shcfg']['main_domain'] in ini_serverconfig.php | ||
+ | * change option names 'siteurl' and 'home' in WordPress table wp_options | ||
=== Syncing between Linux and Google Drive/S3/other cloud services with rclone === | === Syncing between Linux and Google Drive/S3/other cloud services with rclone === | ||
− | + | '''''Windows alternative could be Total Commander with Cloud plugin instead - and it's folder sync tool. Mac alternative could maybe be: http://www.expandrive.com/, https://itunes.apple.com/us/app/sync-folders/id530573877?mt=12 | |
− | ''''' | + | |
These tools doesn't work for making backups though...''''' | These tools doesn't work for making backups though...''''' | ||
− | * Download rclone from http://rclone.org/downloads/ | + | * Download rclone from http://rclone.org/downloads/ (AMD64 - the zip file, not the .deb or .rpm) |
* Extract and put "rclone" in /usr/local/bin/ (and give it execute permissions) | * Extract and put "rclone" in /usr/local/bin/ (and give it execute permissions) | ||
* Run "rclone config" and create a new remote. | * Run "rclone config" and create a new remote. | ||
** Google Drive: | ** Google Drive: | ||
*** Name: type an appropriate name (eg. "SharehimGDrive") | *** Name: type an appropriate name (eg. "SharehimGDrive") | ||
− | *** Client ID: leave blank | + | *** Client ID: leave blank (or create our own according to rclone's instructions if we are going to use it a lot) |
*** Client secret: leave blank | *** Client secret: leave blank | ||
+ | *** Scope: 1 ("drive") | ||
+ | *** root_folder_id: leave blank (rclone should autofill it) | ||
*** Use auto config?: no | *** Use auto config?: no | ||
*** Open the link it provides in a browser and paste the resulting code | *** Open the link it provides in a browser and paste the resulting code | ||
*** Test with eg. "rclone lsd SharehimGDrive:" to list root content | *** Test with eg. "rclone lsd SharehimGDrive:" to list root content | ||
*** If you get the error "The domain policy has disabled third-party Drive apps" following these directions: http://stackoverflow.com/a/14502443/2404541 | *** If you get the error "The domain policy has disabled third-party Drive apps" following these directions: http://stackoverflow.com/a/14502443/2404541 | ||
+ | *** If you get an error, check that the token in the config hasn't expired. If so go through the config again to create new token. | ||
** Amazon S3: | ** Amazon S3: | ||
*** Get access key, secret key, and region from pw manager. | *** Get access key, secret key, and region from pw manager. | ||
Line 1,896: | Line 2,133: | ||
It can even sync between two cloud services (= remotes). We use it to backup S3 to Google Drive, as well as backing up tn1 to Google Drive. | It can even sync between two cloud services (= remotes). We use it to backup S3 to Google Drive, as well as backing up tn1 to Google Drive. | ||
− | Note that when sync'ing the current version 1. | + | Note that when sync'ing the current version 1.37 doesn't delete folders on the destination that have been deleted on the source side. Only all the deleted files are being removed. Watch here for updates: https://github.com/ncw/rclone/issues/100#issuecomment-206783804 |
+ | |||
+ | Also, dupes can occur. So you want to first run the <code>sync</code> command, then the <code>dedupe</code> command, and then the script <code>sync_empty_directories_rclone.phpcli</code> I have made to delete folders in the destination that have been deleted in the source (to make an exact copy). | ||
See also http://wiki.linuxquestions.org/wiki/Rsync_with_Google_Drive | See also http://wiki.linuxquestions.org/wiki/Rsync_with_Google_Drive | ||
Line 2,004: | Line 2,243: | ||
==== Basic setup ==== | ==== Basic setup ==== | ||
− | # Add fields to Contacts | + | # Add fields to Contacts: |
#* ShareHim_Person_ID | #* ShareHim_Person_ID | ||
+ | #** Do not allow duplicate values | ||
+ | #** Set this field as the unique record identifier from an external system | ||
#* ShareHim_LastModified | #* ShareHim_LastModified | ||
+ | #** Don't always require a value | ||
+ | #** Only writable by "System Administrator" and "System Admin COPY for API" profiles | ||
#* JobTitle | #* JobTitle | ||
#* Company | #* Company | ||
Line 2,015: | Line 2,258: | ||
#* No General Mailings (Checkbox) | #* No General Mailings (Checkbox) | ||
#* Hide person from public? (Checkbox) | #* Hide person from public? (Checkbox) | ||
+ | # Add fields to Opportunity: | ||
+ | #* ShareHim_Donation_ID (Number) | ||
+ | #** Do not allow duplicate values | ||
+ | #** Set this field as the unique record identifier from an external system | ||
+ | #** Only writable by "System Administrator" and "System Admin COPY for API" profiles | ||
+ | #* ShareHim_LastModified (Date/Time) | ||
+ | #** Don't always require a value | ||
+ | #** Only writable by "System Administrator" and "System Admin COPY for API" profiles | ||
+ | # Add fields to Payment: | ||
+ | #* ShareHim_Donation_ID (Number) | ||
+ | #** Do not allow duplicate values | ||
+ | #** Set this field as the unique record identifier from an external system | ||
+ | #** Only writable by "System Administrator" and "System Admin COPY for API" profiles | ||
+ | #* ShareHim_LastModified (Date/Time) | ||
+ | #** Don't always require a value | ||
+ | #** Only writable by "System Administrator" and "System Admin COPY for API" profiles | ||
+ | #* Add Picklist items to existing field "Payment_Method" | ||
+ | #** eCheck | ||
+ | #** Online | ||
+ | #** Other | ||
+ | #** (Cash and Check were already in the list) | ||
+ | # Add fields to Opportunity Product (DIDN'T GET IT WORK WITH SYNC'ING THIS TABLE): | ||
+ | #* ShareHim_AcctTransaction_ID (Number) | ||
+ | #** Do not allow duplicate values | ||
+ | #** Set this field as the unique record identifier from an external system | ||
+ | #** Only writable by "System Administrator" and "System Admin COPY for API" profiles | ||
+ | #* ShareHim_LastModified (Date/Time) | ||
+ | #** Don't always require a value | ||
+ | #** Only writable by "System Administrator" and "System Admin COPY for API" profiles | ||
# Fields Contacts page layout (Setup > Customize > Contacts > Page Layouts) | # Fields Contacts page layout (Setup > Customize > Contacts > Page Layouts) | ||
#* Remove these: | #* Remove these: | ||
Line 2,087: | Line 2,359: | ||
* /var/www | * /var/www | ||
− | Using CrashPlan | + | Using CrashPlan (NO LONGER THOUGH - SEE OTHER NOTES ABOUT CRASHPLAN). |
=== Files backed up from tn1.sharehim.org === | === Files backed up from tn1.sharehim.org === | ||
− | * rclone sync /var/www/ "SharehimGDrive:/backup/tn1_server/-var-www-/" | + | * <code>rclone sync /var/www/ "SharehimGDrive:/backup/tn1_server/-var-www-/" --exclude=pdf/** -v</code> |
− | * rclone sync /storage/ "SharehimGDrive:/backup/tn1_server/-storage-/" | + | * <code>rclone dedupe "SharehimGDrive:/backup/tn1_server/-var-www-/" -v</code> |
+ | * <code>/home/allan/sync_empty_directories_rclone.phpcli</code> after configuring its settings | ||
+ | * <code>rclone sync /storage/ "SharehimGDrive:/backup/tn1_server/-storage-/" --exclude=pdf-backup/** --exclude=pdf-beta/** -v</code> | ||
+ | * <code>rclone dedupe "SharehimGDrive:/backup/tn1_server/-storage-/" -v</code> | ||
+ | * <code>/home/allan/sync_empty_directories_rclone.phpcli</code> after configuring its settings | ||
See [[Userlevel:Admin:Technical_Documentation_-_Websites:Misc_documentation#Syncing_between_Linux_and_Google_Drive.2FS3.2Fother_cloud_services_with_rclone|here for setup of rclone]]. | See [[Userlevel:Admin:Technical_Documentation_-_Websites:Misc_documentation#Syncing_between_Linux_and_Google_Drive.2FS3.2Fother_cloud_services_with_rclone|here for setup of rclone]]. | ||
Line 2,098: | Line 2,374: | ||
=== Files backed up from Amazon S3 bucket === | === Files backed up from Amazon S3 bucket === | ||
− | * rclone sync SharehimS3:sharehim SharehimGDrive:/backup/s3_sharehim/ | + | * <code>rclone sync SharehimS3:sharehim SharehimGDrive:/backup/s3_sharehim/</code> |
See [[Userlevel:Admin:Technical_Documentation_-_Websites:Misc_documentation#Syncing_between_Linux_and_Google_Drive.2FS3.2Fother_cloud_services_with_rclone|here for setup of rclone]]. | See [[Userlevel:Admin:Technical_Documentation_-_Websites:Misc_documentation#Syncing_between_Linux_and_Google_Drive.2FS3.2Fother_cloud_services_with_rclone|here for setup of rclone]]. | ||
− | |||
− | |||
= System Log Book = | = System Log Book = | ||
Line 2,198: | Line 2,472: | ||
* 2017-01-27: Patched servers, both sharehim.org and tn1.sharehim.org | * 2017-01-27: Patched servers, both sharehim.org and tn1.sharehim.org | ||
* 2017-01-31: Moved crontab to /etc/cron.d instead of using symlink to /var/www/sharehim.org/crontab - since it didn't work after the patching 4 days ago! | * 2017-01-31: Moved crontab to /etc/cron.d instead of using symlink to /var/www/sharehim.org/crontab - since it didn't work after the patching 4 days ago! | ||
+ | * 2017-02-17: Changed postfix to route emails through Allan's Meebox mail server | ||
+ | * 2017-03-29: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine start</code> -Allan | ||
+ | * 2017-05-11: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine start</code> -Allan | ||
+ | * 2017-07-19: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2017-08-08: Built new main webserver to upgrade from Debian Wheezy (PHP 5.4, MySQL 5.5) to Debian Stretch (PHP 7.1, MySQL 5.7) (still hosted by linode.com) (old IP: IP 66.228.62.173, new IP: 45.79.197.161, new IPv6: 2600:3c02::f03c:91ff:fe3e:51d) | ||
+ | * 2017-09-04: Started synchronizing all people records to Salesforce | ||
+ | * 2017-09-04: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine start</code> -Allan | ||
+ | * 2017-09-04: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2017-09-12: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2017-12-13: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2018-01-03: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine start</code> -Allan | ||
+ | * 2018-02-16: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2018-03-21: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2018-05-08: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2018-07-11: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2018-07-20: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine start</code> -Allan | ||
+ | * 2018-07-26: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine start</code> -Allan | ||
+ | * 2018-10-19: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2018-10-19: Installed LXDE GUI on server and then CrashPlan for Small Business 6.8.3. Backup resumed. | ||
+ | * 2018-10-29: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2018-12-17: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2018-12-21: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2019-03-06: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2019-04-14: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2019-04-14: Patched sharehim.org and tn1.sharehim.org (had issues on tn1 where I had to deactivate some reps in sources.list) | ||
+ | * 2019-05-08: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2019-07-15: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2019-07-15: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2019-07-23: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2019-08-04: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2019-08-13: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2019-08-13: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2019-08-29: CrashPlan service had again terminated for some reason. Started it again with: <code>sudo /usr/local/crashplan/bin/CrashPlanEngine restart</code> -Allan | ||
+ | * 2020-01-24: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2020-04-21: Patched sharehim.org and tn1.sharehim.org | ||
+ | * 2020-05-07: Patched sharehim.org | ||
+ | * 2020-12-31: Patched sharehim.org | ||
+ | * 2021-05-16: Uninstalled CrashPlan (it has been disabled for about a year). Followed this: https://mikebeach.org/2010/07/05/how-to-uninstall-crashplan/ | ||
+ | * 2022-01-28: Patched sharehim.org |
Latest revision as of 11:00, 28 January 2022
Contents
- 1 Website
- 1.1 Interface Security
- 1.2 Scheduler
- 1.3 Design concept
- 1.4 Rules, standards, notes, etc.
- 1.4.1 Abbreviations & definitions (terminology/glossary)
- 1.4.2 Applicant categories
- 1.4.3 Operations allowed at the different stages in the application process
- 1.4.4 Possible combinations of 'category' and 'cospeaker' and their allowed selection of dateblocks
- 1.4.5 Possible combinations of speaker's support team members and their dateblock link (for when selecting members)
- 1.4.6 Organizer's responsibility group/scope
- 1.4.7 Multiple events
- 1.4.8 Website Layout & Coding Format
- 1.4.9 E-mails
- 1.4.10 Check queries
- 1.4.11 Dropdowns
- 1.4.12 Boolean fields
- 1.4.13 Adding/removing fields for, or links to, person record in main_people
- 1.4.14 Deleting applicants
- 1.4.15 Deactivating records
- 1.4.16 User menus
- 1.4.17 External links and webservice consumers
- 1.4.18 Address formats
- 1.4.19 Telephone formats
- 1.4.20 Log actions
- 1.4.21 Change Log prefixes
- 1.4.22 Code-related tags
- 1.4.23 System entry points
- 1.4.24 SQL sentences
- 1.4.25 When mail provider changes IP (eg. causing mail queue just filling up)
- 2 Servers
- 2.1 Domains
- 2.2 Sub-domains
- 2.3 Server setup
- 2.3.1 Minimum requirements
- 2.3.2 Main webserver installation
- 2.3.3 WE HAVE MIGRATED TO GIT AT https://git.winternet.no SO THIS IS NO LONGER USED
- 2.3.4 Checklist - before switching to new server
- 2.3.5 Checklist - right before/during switching to new server
- 2.3.6 Checklist - after switching to new server
- 2.4 Syncing between Linux and Google Drive/S3/other cloud services with rclone
- 2.5 Automated systems accessing the server via SSH
- 2.6 Server data breach procedures
- 3 Software
- 4 Services
- 5 Backup
- 6 System Log Book
Website
Interface Security
Login session variables
REMEMBER that these variables also needs to be set (or at least managed) when emulating and unemulating.
Is user logged in? | ['usrinfo']['logged_in'] |
Username (e-mail) | ['usrinfo']['username'] |
['usrinfo']['email'] | |
Person/div./un./conf. ID
(Local ID) |
['usrinfo']['localID'] (MUST correspond to $accesslevel in order to identify the user on his own level - certain users from ext_logins has to be "mapped" to an existing record in the table for his level, so that it will actually just be an alias. We cannot transfer the localID field from ext_logins to localID field in temp_users, because we would not have the reverse identification of that user in temp_users then, so we have to manually check the session variable to see if the user comes from ext_logins table and lookup the localID manually. If we are only concerned about the current user the localID can be found in "user_eff_localID" though.) |
Ext. logins loginID | ['usrinfo']['ext_logins_loginID']
(only made for logins in main_ext_logins. Saves the loginID as the localID will only contain the mapped localID - if any) |
Effective local ID | ['usrinfo']['eff_localID']
(holds the effective local ID for the current user. For ext. logins that means the value of ['usrinfo']['ext_logins_loginID'] and for all other user the value of ['usrinfo']['localID']) |
Access levels (number) |
['usrinfo']['accesslevels_num'] (array) ['usrinfo']['accesslevels_num_max'] (number - the highest in the array) |
Access levels (text) | ['usrinfo']['accesslevels'] |
From table | ['usrinfo']['fromtable']
(values are as MySQL table names except without the "main_" part) |
Full name | ['usrinfo']['fullname'] |
If admin is superadmin | ['usrinfo']['is_superadmin'] |
If admin is associate admin | ['usrinfo']['is_assoc_admin'] |
Is homeland division/union/conference organizer |
['usrinfo']['is_conf_organizer'] (true, false) If user is a conference/union/division organizer for homeland campaigns.
|
Access level for homeland field organizers | ['usrinfo']['conf_organizer_accesslevel'] ('manage', 'reporting') ['usrinfo']['un_organizer_accesslevel'] ('manage', 'reporting') ['usrinfo']['div_organizer_accesslevel'] ('manage', 'reporting') |
Is conference organizer for sectors |
['usrinfo']['is_conf_organizer_for_sectors'] Array of sectors a conference organizer is limited to. Non-existing if no limits. |
Is pastor |
['usrinfo']['is_pastor'] (true, false) |
Is editor | ['usrinfo']['is_editor']
('executive','associative','text','graphics', or false) |
User's active event | ['usrinfo']['active_personeventID'] |
Emulating mode | ['usrinfo']['is_emulating'] (true or not set)
(whether the current login is being emulated) |
Responsible date blocks | ['usrinfo']['resp_dateblocks']
(array of dateblockIDs that this coadmin is responsible for/has access to maintain. Only used for 'coadmin' access level, otherwise it's an empty array) |
Contact for colleges | ['usrinfo']['contact_for_collegeIDs']
(array of collegeIDs that this person is contact person for) |
Recommenders |
|
Verfied/authenticated OpenID | verified_openid |
Verfied/authenticated OpenID short version | verified_openid_short |
Other session variables generally used
Only lasting during the page execution for all pages that goes through the security check.
Dateblock ID | $dateblockID
(the date block that an administrator is currently working in) |
Other global variables generally used
Cached data | $GLOBALS['_cache'] | Associative array with data we want to cache for later reuse. Eg. $GLOBALS['_cache']['groups'][###] contain group info. |
Note that the Centralizer system uses $GLOBALS['runtime']['cache']
Access levels
Each usergroup must also have a numeric value because of the login system's way of behaviour.
Access levels from 70-79 and 0-10 should on the pages be set specifically (in $requiredUserLevel) to avoid unwanted inherited permissions.
Group | Abbrev. | Range | General
(if range) |
System | system | |
899 |
Administrators | admin |
70+ 90+ |
100 |
Campaign managers * Equipment managers |
coadmin equipman |
70-89 |
80 79 |
Divisions | div | 60-69 | 65 |
Unions | un | 50-59 | 55 |
Conferences/missions | conf | 40-49 | 45 |
People (clusters, groups, college leaders) | people | 26-39 | 30 |
Recommenders | intlrecom | 15 | |
Colleges | collegect | 14 | |
ShareSynch Technical Supporter (OBS! Probably not fully configured in set_pw.php...!) |
ssynchsupp | 9 | |
**External shipper
Actually already implemented but not using access level, only a db lookup in main_ext_shippers each time we need to know. |
extshipper | 8 | |
**Travel agents | travelag | 7 | |
Insurance agents | insuragent | 6 | |
- *) mostly same as administrators but only within selected date blocks, and no access to certain system wide features
- **) planned access levels - but probably just make it an extension to their main_people record - to avoid multiple l
When creating new access levels use this checklist:
- try to make unique abbreviations/access level names so they can be searched for
- add to table list_accesslevels
- add to get_user_main_menu(), format_accesslevel(), get_common_table_info()
- add to js_functions_phpmaker.js (syncLocalToAccesslevel() function)
- add to main_ext_loginslist.php (in section "Show mappings/localID")
- add to temp_userslist.php (add to switch() making the $emulate_qstr variable)
- add to php_functions_login.php => format_accesslevel()
- add permission and setup in set_pw.php to emulate and set user/password (if emulation should be possible)
Table permissions
Important notes: No records must be deleted if it has attached records in underlying levels Divisions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | |
|
Unions | x | |
|
|
Conferences/missions | x | |
|
|
People | x | |
|
|
External logins | x | |
|
|
Date blocks From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | |
|
|
Unions | x | |
|
|
Conferences/missions | x | |
|
|
People | x | |
|
|
External logins | x | |
|
|
Unions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | x | x |
Unions | x | x | |
|
Conferences/missions | x | |
|
|
People | x | |
|
|
External logins | x | |
|
|
Conferences/missions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | x | x |
Unions | x | x | x | x |
Conferences/missions | x | x | |
|
People | x | |
|
|
External logins | x | |
|
|
Orientations sites From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | |
|
Unions | x | x | |
|
Conferences/missions | x | x | |
|
People | x | |
|
|
External logins | x | |
|
|
Note: Only admin can edit orientation date and city Hotel cities From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | x | x |
Unions | x | x | x | x |
Conferences/missions | x | x | x | x |
People | x | |
|
|
External logins | x | |
|
|
Campaign sites From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | x | x |
Unions | x | x | x | x |
Conferences/missions | x | x | x | x |
People | x | |
|
|
External logins | x | |
|
|
Field permissions
- only admin is allowed to change Active-fields - password field may never be entered/changed manually
File and folder permissions
- File permissions are now authoritatively determined in /var/www/sharehim.org/permission-cleanup.sh
Modify (666): php/files/*.* except index.php
Modify (777): php/files/logs_scheduled_jobs
Modify (777): php/files/satellite_exports
Modify (777): php/files/temp
Modify (777): php/files/uploads_shortlife
Modify (777): php/files/var_dumps
Modify (777): php/docs
Modify (777): php/docs -ALL SUBFOLDERS-
Modify (666): php/docs/exec_directors_B84H81BN8KBS8F/*Planning_Form*.xls
Modify (777): php/multimedia/ -ALL SUBFOLDERS -
Modify (666): php/multimedia/ -ALL FILES except index.php -
Modify (777): php/pdf_generated/ -ALL SUBFOLDERS-
Modify (666): php/pdf_generated/ -ALL FILES IN SUBFOLDERS- (in order to be able to overwrite them)
Modify (666): php/supportchat/log.txt
Modify (666): php/includes/jensenfw/*.js|*.js.php -ALL FILES - (for phpJSO to obfuscate the files)
Modify (666): php/includes/*.js|*.js.php -ALL FILES except those skipped in _obfuscate_js.php - (for phpJSO to obfuscate the files)
Modify (666): php/error_log (PHP's error logging (warnings, parse errors etc))
Modify ??? : OpenID filestorage location
Scheduler
- checking if we have all necessary information in time before campaigns begin
- sending reminders to people
Design concept
General guidelines
- if information is missing write something like "Awaiting information..."
- hide all e-mail addresses for public users and also for logged in users where they don't need to know the address
Date block branding images
- Trip detail page banner: 960 x 389 (larger is okay as long as ratio is kept)
- Trip overview page thumbnail (https://sharehim.org/upcoming-trips/): 290 x 170 (exact required)
- Email header banner: 564 x 168 (exact required)
They are uploaded to the WordPress Media Library as any other image there.
Rules, standards, notes, etc.
Abbreviations & definitions (terminology/glossary)
STM | support team member |
OLT | Outreach Leadership Team |
div (not the HTML tag) |
division |
un | union |
conf | conference/mission |
lang | language |
local ID | ID from div, un, conf etc. |
equipment | = 1 case |
co-speaker | associate speaker |
conf org / conforg | conference organizer |
n/a | not applicable |
shcfg | name of global variable that is an array with hardcoded configuration/settings for the entire project |
shrun | name of global variable that is an array with values that have been set at runtime, usually in ini.php |
acl | Access Control Layer (permissions) |
NAD | North-American Division |
number of open sites for a dateblock | number of sites minus applicants that has been approved by admin but not necessarily assigned to a site yet |
event request | when a person requests to go to another campaign (paraphrased: "applying a second time at Global Evangelism" or technically "applying using eventrequest.php instead of apply.php) |
date block | one series of mettings in a specific geographical area, with an opening date and a closing date |
campaign | same as date block |
application amount / deposit | These two terms are being used interchangeably and starting 2013 refers to the initial application amount that all international applicants must donate - except in connection with groups where we still call it a deposit. |
participation amount | The terms used for referring to the total amount all international applicants (starting 2013) must donate, and is the sum of the application amount, 2nd donation amount, and final donation amount. |
NWM | Not Worth Mentioning |
curr | current |
valerr |
used in naming convention for variables holding validation error message for a field/piece of information - in plain text and HTML |
hub city | exactly the same as a hotel city. We renamed the term hotel city to hub city. |
ccard | credit card |
authnet | Authorize.net |
Centralizer | a system developed by Allan Jensen to easily set up webpages for maintaining data in database tables |
pid | Person ID |
offid | Officer ID |
wrkid | Worker ID |
choffid | Church office ID |
did / divid | Division ID |
uid / unid | Union ID |
cid / confid | Conference ID |
chid | Church ID |
insttid | Institution ID |
evbdgid | Event budget ID |
pavid | Person availability ID |
pcacid | Person/conference acceptance ID |
pceid | Pre-campaign event ID |
stid | Story ID |
teid | Training Entity ID |
taid | Training Accept ID |
conforgid | Conference organizer ID |
pressynch | Presentaion Synchronizer/Sermon Synchronizer (software) |
collegect | College contact |
ws | webservice |
cspd | correspondent |
site-fund | people or groups who needs to contribute financially to their own campaigns (1,200 $/site).
REMEMBER! Instead of using the word "pay" we must always phrase it as "contributing" (or "donating") for tax-deductible reasons (see note in format_sitefund_indicatorHTML() ). |
pre-funded | sites that are being funded by ShareHim or somebody else with the $1,200, that is, the speaker is not responsible for providing the funds |
normal deadline | the latest date we will accept site-funding (the $1,200) before a campaign without adding the $100 rush processing fee. The date is fixed at 3 months before. The date is inclusive so that payments on this date does not enforce the extra fee. |
TQH | The Quiet Hour / Quiet Hour Ministries |
ARM | Adventist Risk Management |
Applicant categories
A description of the different categories of applicants (IMPORTANT: Remember to consider co-speaker option, too).
Notation in brackets means is for a co-speaker in that category. Only used where applicable and where there is a difference.
|
pastor | layman | academy | college | stm
(support team member) |
organizer |
Table containing date block reference field | main_personevents | main_personevents | main_personevents | main_collegedateblocks | main_personevents | main_personevents |
Can be co-speaker? | Yes | Yes | Yes | Yes | No | No |
Can be team leader?
(record in main_teams) |
Yes [No] |
Yes [No] |
Yes [No] |
Yes [No] |
No |
No |
Can be team member? (use teamID field) | No [Yes] | No [Yes] | No [Yes] | No [Yes] | Yes | No |
Can be group member (and group leader)? | Yes [No] | Yes [No] | Yes [No] | Yes [No] | No | Yes |
Facilitator value? | Yes | Yes | Yes | Yes | No | No |
Needs recommendation for international campaigns? | Yes | Yes | Yes | Not applicable | No | No |
Needs acceptance for homeland campaigns? | Yes | Yes | Yes | Not applicable | No | No |
Allow standby event? | Yes | Yes | Yes | Yes | No | No |
Recommender value? |
If NAD division: |
If NAD division: RecommenderID |
If NAD division: RecommenderID |
CollegedateblockID |
No |
No |
Recommender comments value? | Yes | Yes | Yes | Yes | No | No |
Reference | Ministerial secretary | Pastor | Academy | -none- | -none- | -none- |
Reference value? | Yes | Yes | Yes | Yes | No | No |
Ranking value? | Yes [No] | Yes [No] | Yes [No] | Yes [No] | No | No |
Flight information? | Yes | Yes | Yes | Yes | Yes | Possible |
Room sharing value? | Yes | Yes | Yes | Yes | Yes | Possible |
Subject to cluster, group, and date block size limitations? | Yes [No] | Yes [No] | Yes [No] | Yes [No] | No | No |
Can have graphics equipment booking? | Yes | Yes | Yes | Yes | No | Yes??? |
|
|
|
|
|
|
|
Table with possible related records |
main_teams [no] |
main_teams [no] |
main_teams [no] main_groups [no] main_sites [no] main_equip_booking [no] main_campaign_material main_report main_experiences main_pwquestions |
main_teams [no] |
- |
- |
Common for all:
- a record in main_personevents
Operations allowed at the different stages in the application process
|
Waiting for recommendation | Waiting for acceptance | Waiting for approval | Waiting on standby |
Select as active event (eventchange.php) |
No | No | No | No |
Enter flight arrival info (menupeople.php) |
Yes | Yes | Yes | Yes |
Select room sharing preferences (menupeople.php) |
Yes | Yes | Yes | Yes |
People themselves delete the event (eventdelete.php) |
No | No | Yes | Yes |
Possible combinations of 'category' and 'cospeaker' and their allowed selection of dateblocks
This analyses is done to make sure that we have encompassed all possible combinations and their differences and validity.
Some general definitions of which the following analyses is based on:
- we have 3 different definitions of allowed dateblock selections:
- dateblocks within a college
- dateblocks that still has open sites (see definition above under 'Abbreviation & definitions')
- dateblocks that has not passed their closing date, and therefore still accepts applications
- a cospeaker from a college, can only select date blocks defined for that same college (similar to a def. in next analyses)
Complete definition table
|
cospeaker = 0 | cospeaker = 1 | |
pastor | open sites | unclosed | |
layman | open sites | unclosed | |
college | college defined | college defined | |
academy | open sites | unclosed | |
stm | unclosed | - | |
organizer | unclosed | - | |
Definitions encompassing all derived conclusions from the above table
category = college & cospeaker = 0|1 |
Only dateblocks defined for that college |
Note: Since cospeaker doesn't matter, we don't consider that when dealing with a category=college. |
category = pastor|layman|academy & cospeaker = 0 |
Only dateblocks that still has open sites |
|
category = pastor|layman|academy & cospeaker = 1 |
All unclosed dateblocks |
|
category = stm|organizer & cospeaker = 0 |
All unclosed dateblocks |
|
category = stm|organizer &
|
-invalid combination- |
Note: Since this is an invalid combination, we don't consider cospeaker when dealing with stm & organizers |
Possible combinations of speaker's support team members and their dateblock link (for when selecting members)
This analyses is done to make sure that we have encompassed all possible combinations and their differences and validity.
Some general definitions of which the following analyses is based on:
- a cospeaker from a college, can only be a cospeaker to a speaker from that same college (similar to a def. in former analyses)
- a speaker can have 2 types of support team members:
- stm (normal)
- pastor|layman|academy (but not college) cospeakers
- of course a non-cospeaker cannot be a support team member
- of course stm & organizers cannot be cospeakers - the dateblock link of college students is, contrary to the other types, stored in collegedateblocks
Complete definition table
Speaker |
Possible support team members |
Speaker dateblock link table |
STM dateblock link table |
pastor |
- pastor|layman|academy & cospeaker - stm |
personevents |
personevents |
layman |
- pastor|layman|academy & cospeaker - stm |
personevents |
personevents |
college |
- pastor|layman|academy & cospeaker - stm |
collegedateblocks |
personevents |
college |
- college & cospeaker |
collegedateblocks |
collegedateblocks |
academy |
- pastor|layman|academy & cospeaker - stm |
personevents |
personevents |
Definitions encompassing all derived conclusions from the above table Note: keeping the dateblockID link in collegedateblocks makes it possible to move all college students from one college to another dateblock with a simple change (considering strict normalization of databases this is the correct way to do it). On the other hand it complicates when dealing with dateblockID for speakers. (At the point of time of writing this the question is whether to do one or the other - whether I already have figured out the ways to go about this difference - which I think I have... since I have made SQL queries for both finding all speakers within a dateblock and finding all stm within a dateblock)
speaker category = pastor|layman|academy | All has the same possible dateblock link tables | |
speaker category = college & stm category <> college & cospeaker = 1 |
Speaker dateblock link is in 'collegedateblocks', stm dateblock link is in either 'personevents' or 'collegedateblocks' |
|
speaker category = college & stm category = college & cospeaker = 1 |
||
speaker category = [any] & stm category = [any] & cospeaker = 0 |
-invalid combination- | Note: Since this is an invalid combination, we don't consider cospeaker when dealing with category=college |
Update: To simplify the SQL statement the field eff_dateblockID (effective dateblockID)
Organizer's responsibility group/scope
NOTE: This is our goal but it doesn't mean that the system is working exactly like this yet! Some development probably needed in this area. An organizer can be responsible for the following groups of people depending on his setup:
Setting | Responsibility group |
Not in any group or cluster | All people in date block |
Member of a group | All people in the same group |
Member of a cluster | All people in the same cluster |
For his group of people the areas he can work in include (but is not limited to):
- maintaining their personal record
- entering flight information
- making hotel room reservation
- booking or unbooking graphics equipment
- probably also assigning/unassigning team members???
Multiple events
- on the people's own menu they work with one event at a time - they select themselves which one they want to work with
Website Layout & Coding Format
- generally aim at a minimum screen resolution of 1024x768 pixels
- most website users use IE so it's must be compatible with the newest versions
- but most browsers can be expected (because of a large user group)
- a menu area and a main area
- light background color/texture
- use default font sizes/families and styles unless something needs to be emphasized or de-emphasized
- use < b >
- use or the CSS class "dimmed" for less important text
- don't follow coding structure of main_*.php and list_*.php (generated by PHPMaker) but rather story_menu_admin.php
- complexity of search and sorting features needs to be considered for every case (sometimes needed, otherwise just simple)
- standard date format: mm/dd/yyyy
- started writing LOCAL-DATE places where we eventually will localize the date format for user's country
- consider if strftime() (or strftime_new() in adventsangerne.no) can be used for something
- started writing LOCAL-DATE places where we eventually will localize the date format for user's country
- standard number format: ##,###,###.##
- always use require_function() for defining functions to use. Never include file directly.
- when validating date use $err_occurs_on_page to count how many errors occur. The validation functions also uses this variable.
- recommended to use query string variable "act" when requesting a page with a command to do some operation
- see additional coding format specifications in "Programming principles - Allan.txt"
E-mails
- e-mail addresses must never be shown to the public. They must be presented with a form to be filled out instead.
- general e-mails should bounce to bounce@sharehim.org, while all other e-mails should bounce to the sender address
- format of the unique Mailer ID that can be used in e-mails: X-Mailer-ID: #SRCID#MAIL#FEST07-2#PID686#
Check queries
- IMPORTANT: check that all speakers in a college within a cluster have personevents.clusterID filled out accordingly
- check that all homeland date blocks have at least one conference defined in main_dateblockconfs
- SELECT main_dateblocks.* FROM main_dateblocks LEFT JOIN main_dateblockconfs USING (dateblockID) WHERE homeland = 1 AND main_dateblockconfs.conferenceID IS NULL ORDER BY title
- conferences, unions etc. have their upper level record
- orphaned group members
- speakers both being group leader and group member
- check that group date block matches the members date blocks
- speaker who haven't been issued any material (use code from _db-query.php)
- check that STMs that are member of teams are also member of that date block
- check that no delete-marked events are found in main_people.active_personeventID
- delete active_personeventIDs that do not exist in main_personevents (maybe obsolete now)
- _db-query.php: "CLEAR ACTIVE_PERSONEVENTIDs THAT ARE NOT EXISTING IN PERSONEVENTS"
- check that all people in homeland campaigns are members of clusters
- check date block dates:
SELECT dateblockID, title, opening_date, appl_closed_date, data_lock_date, TO_DAYS(closing_date) - TO_DAYS(opening_date) AS days_duration, TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) AS days_before_appl_close, TO_DAYS(closing_date) - TO_DAYS(data_lock_date) AS days_lock_date_before_closingdate FROM main_dateblocks WHERE TO_DAYS(closing_date) - TO_DAYS(opening_date) <> 15 /* days_duration */ OR TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) < 0 /* days_before_appl_close */ OR TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) > 90 /* days_before_appl_close */ OR TO_DAYS(closing_date) - TO_DAYS(data_lock_date) < -10 /* days_lock_date_before_closingdate */ ORDER BY opening_date
- check pe_eff_siteID integrity:
SELECT main_personevents.personeventID, main_personevents.personID, main_sites.siteID, pe_eff_siteID, main_personevents.categorymoved, main_personevents.cospeaker, main_personevents.eff_dateblockID FROM main_personevents LEFT JOIN main_sites ON main_personevents.personeventID = main_sites.personeventID WHERE (main_personevents.pe_eff_siteID <> main_sites.siteID OR (main_personevents.pe_eff_siteID IS NULL AND main_sites.siteID IS NOT NULL) OR (main_personevents.pe_eff_siteID IS NOT NULL AND main_sites.siteID IS NULL)) AND cospeaker = 0 AND categorymoved NOT IN ('stm', 'organizer')
- check if we have any visits with any of the user agents currently listed in class webstory -> $skip_useragent_keywords
- occasionally removed unused queries:
- delete_query(false, array('queryID' => 0, 'queryID_compare' => '>=')); //it will auto probibit deleting used queries
- check that pastor e-mail addresses match e-mail address in our records (system should prohibit it though so any records shown here might be a result of a problem in the system. Also see e-mails with subject "E-mail changed" of 2010-09-06 and 2011-03-10):
- SELECT main_people.personID, legal_firstname, legal_lastname, main_people.email, main_officers.email AS conf_email, pw FROM main_people INNER JOIN main_officers ON main_people.personID = main_officers.personID WHERE main_people.email <> main_officers.email
Dropdowns
- dropdowns binding a record to it's upper level must only show the upper level values within that branch of the tree
Boolean fields
All boolean fields (yes/no) have the field type TINYINT.
- 1 = yes / true
- 0 = no / false
This makes it easier to determine false and true in PHP.
Some fields also have additional special values like -1 or 2.
Use the label "- not set -" if the boolean value has not been set.
Adding/removing fields for, or links to, person record in main_people
- when deleting a person (main_persondelete.php and delete_person() ) consider this new field
- when merging a person (merge_person() ) consider this new field
- for foreign keys linking to main_people.personID, add a reference in person_alldata.php
- consider necessary changes to ShareHim Satellite
Deleting applicants
Deleting an applicant (meaning that he doesn't want to participate in the program anyway or he has been denied) does not result in an actual removal of the person from the database. We only delete the personevent record.
Deactivating records
To deactivate a record would be a very rare occurrence, only for example if a division re-organizes it's unions. In that case we deactive the unions that are no longer existing and by that we also cancel all current activities for those unions, like equipment booking and scheduled material shipments. This must/can then be re-booked and re-scheduled for the new unions created in stead. This is an example of the principle of deactivating records and theirs effects on the system.
- Procedures (= links) that aren't applicable at present should be grayed out
- e.g.: only make active link to match speakers if there are any speakers that need to be matched
- This will make an easy todo-list overview for the user
- Group these kind of procedures together on the menu
External links and webservice consumers
The following external places link into pages on the website:
/add-new-campaign | NOT YET IMPLEMENTED
ShareSynch software (for people to apply for a homeland Speaker-Initiated Campaign) |
/sharesynch | ShareSynch software (for manual activation and for manually downloading updates if the automatic fails) |
/hiswayofhope-order-new-disc | NOT YET IMPLEMENTED
ShareSynch software (for upgrade to newer version where they need new disc) |
The following systems are calling webservices on our website:
/php/sharesynch_activate_online.php | ShareSynch software (automatic activation) |
/php/sharesynch_data_exchange.php | ShareSynch software |
http://update-check-ss4.sharehim.org/?os=###&ver=#.#.###
http://update-check-ss4.sharehim.org/#.#.###.msi (Windows) http://update-check-ss4.sharehim.org/#.#.###.zip (Mac) |
ShareSynch software checking for updates (versions 4.0.106 and earlier are checking http://www.translatesermons.com/ss4/curver.txt, version 4.0.107 is checking http://software.sharehim.org/ss4/curver.txt but that version was never really used by anyone)
"#.#.###" is the version number found in the curver.txt file. |
/php/system_twilio_callback.php (callback specified in each request)
/php/_twilio_receive.php (specified on Twilio account) |
Twilio.com (SMS and voice service) |
/php/system_authorize_net_callback.php | Authorize.net (payment processor) |
/php/run_scheduled_daily_save.php | Called from cron jobs on server itself and from allanville.com |
https://sharehim.org/ | Facebook app (under the account "ShareHim Idea Network") is referring to these URLs (https://developers.facebook.com/apps/475912035761756/settings/) |
/php/ws.php?ws=add_goodsalt_order&f=json | GoodSalt order system (NO LONGER USED) |
Address formats
3 different formats (currently not differencing USA/Canada):
- USA
- Street/PO
- City, State, Zip
- Country
- Canada
- Street/PO
- City, Province, X#X-#X#
- Country
- Other
- Street/PO
- Postal information
- Country
Telephone formats
On forms where people enter their phone number they need to enter the number WITHOUT country code and WITH area number.
On forms where people edit their phone number we will show a plus (+) and the country code in front of that number. We can do that since we have the country code for all countries in the table list_countries.
Log actions
Used in `sharehim_log` database in table `system_operations`, fields `action` and `subaction`
person | added deleted updated merged name corrected changed recommendation status acceptance requested (= e-mail requesting acceptance has been sent to the conference) accepted (by receiving field => homeland conference) rejected (by receiving field => homeland conference) acceptance reverted acceptance request cancelled |
person event | updated activated (standby event was activated) downgrade to standby (actual event was downgraded to standby event) changed main speaker |
site-funding | fulfilled revoked |
event | added standby added deleted standby deleted undeleted moved (so far only used in move_college_group() ) |
email sent | [blank] site-funding reminder pastor passwords |
category changed | |
application |
new |
availability | added deleted moved |
people search | |
login | success failed emulated |
logout | |
password | generated/changed |
group | created deleted (not yet implemented as of 8/4-05) leader changed |
cluster | leader changed |
college dateblock | leader changed |
campaign site | added (type=speaker-init comes under this as well) moved approved (used for speaker-init events) declined (used for speaker-init events) |
dateblock | added modified deleted hub city/sites moved |
story | deleted |
donation | deleted |
equipment | caseID replaced |
equipment booking | created deleted changed |
serial-no | deleted |
Table might not yet be complete. (use SQL from file "Code pieces/SQL statements.txt" to make it complete)
IMPORTANT NOTE:
- to minimize number of records the following log actions are deleted once in a while (after taking a local backup of the whole database so we have the information just in case we need it):
DELETE FROM system_operations WHERE `action` = 'campaign site' AND subaction = 'added'; /* date added is registered in main_sites anyway */
DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'success';
DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'failed';
DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'emulated';
DELETE FROM system_operations WHERE `action` = 'logout' AND subaction IS NULL;
Change Log prefixes
The following prefixes are used when entering comments in the CVS repository (see notes below the table):
ADD: When features/functional behaviours are added
CHG: When features/functional behaviours are changed
FIX: When a bug has been fixed
IMPROV: When features/functional behaviours have been improved (and it's neither a decided FIX, CHG, or ADD)
REMOVE: When a functional behaviour or out-dated code has been removed
UNDO: Undo a previous commit (usually the previous one of that file)
Any prefix can have " NWM" appended when it is a change that is "Not Worth Mentioning".
Any prefix can have " MAJOR" appended when it involves a major functionality change or upgrade.
The prefix is following by a colon, a space, and then the description. Examples:
ADD: link to change password
FIX NWM: corrected spelling
ADD MAJOR: donation management system
In very rare cases a prefix is not applicable and therefore not used.
If only functions have been changed we write a comma-seperated list of their names with "()" appended. For example:
ADD: get_dateblocks(), get_dateblock_info(): also return mediafolder field
If both functions and code in other places have been changed, we write the description normaly, but in the end list the functions that have been changed and/or added. For example:
ADD: interface for the new date block field mediafolder. Functions modified: get_dateblocks(), set_dateblock(). Functions added: get_mediafolder()
The same applies for JavaScript functions, but then we write "JS" with the parenthesis, for example: get_field_value(JS)
For PHP classes we write like this: 'class webservice_server'
The point here is to always add the names of functions and classes that are changed, so that it's possible to search CVS for all changes regarding those functions/classes.
Possible improvement (=not yet used): there should actually also be a keyword for deciding whether or not the entry should be seen for the general users of the website, so they know which changes have been made to the website that affect their work. Eg. "technical modification" or "functional modification".
Codes that are put different places in the source code to link together different pieces of code that are related - to make it easier to maintain it and remember other places where we are dealing with the same thing. It's important that these tags are unique through ALL text files in the project so that they are easy to search for. Always write them in upper case.
INTL-EVENT-EMAIL | Places in code where we send e-mails related to international events. |
KOREAN-EXCEPTION | Code dealing with the Korean Council customization in NAD division. |
SHOW-CURRENT-DATES-FOR-MASTER-SITE | The places that we show current existing campaign dates for a master site. |
TERMS-FOR-ASSIGNING-HOMELAND-SPEAKER | Places where we write the terms for assigning a speaker to a homeland campaign date |
DIALOGBOX-LIKE-MESSAGE | |
LIST-CHURCH-PASTORS | |
CHECK-STORIES-LINKED-TO-SITE | |
CHECK-STATS-LINKED-TO-SITE | |
SEND_EMAIL_WHEN_ACCEPTED | |
DETERMINE-SENIOR-PASTOR | Places where we determine who is the senior pastor for a church |
BLOCK-SAME-DIVISION-APPLICANTS | Block applicants from applying to date blocks in their own residence division |
NOTIFY-NON-EUD-HOMELAND-APPLICANTS | Code for notifying non-EUD applicants about homeland campaigns in EUD |
HOMELAND-JESUSVIDEO-USES | Places where we determine if we should deal with the Jesus video language in the homeland |
OPENID-ENTRY-CODE | Places with code for OpenID that public users see. Can hide these pieces in case we want to disable it. |
PROHIBIT-LOGIN | Places with code for prohibiting login from users who signed up for international trips from summer 2015 forward. We don't want them to think they have a user with us. |
SKIPPED-TRANSL | Places in homeland system where I have skipped translating something |
QUEST or QUEST-EXPERT | Questions I have for other (expert) programmers about issues I'm unsure about. |
WATCHFUTURE | Things we need to keep an eye on in the future as project develops |
TODO | Places in the code where I need to do something. |
System entry points
Places where user will enter this system (might not be a complete list - check also with login.php)
- index.php
- login.php
- menu*.php
- recommend.php (recommenders go directly to here)
SQL sentences
Relationships up through the main line:
main_translations
INNER JOIN main_sites ON main_translations.siteID = main_sites.sideID
INNER JOIN main_hotels ON main_sites.hotelID = main_hotels.hotelID
INNER JOIN main_conferences ON main_hotels.conferenceID = main_conferences.conferenceID
INNER JOIN main_unions ON main_conferences.unionID = main_unions.unionID
INNER JOIN main_dateblocks ON main_unions.dateblockID = main_dateblocks.dateblockID
INNER JOIN main_divisions ON main_dateblocks.divisionID = main_divisions.divisionID
Return all sites for a orientation/dateblock (the opposite direction of above):
SELECT main_sites.*
FROM main_orientations
INNER JOIN main_dateblocks ON main_orientations.dateblockID = main_dateblocks.dateblockID
INNER JOIN main_unions ON main_dateblocks.dateblockID = main_unions.dateblockID
INNER JOIN main_conferences ON main_unions.unionID = main_conferences.unionID
INNER JOIN main_hotels ON main_conferences.conferenceID = main_hotels.conferenceID
INNER JOIN main_sites ON main_hotels.hotelID = main_sites.hotelID
UNION query to obtain all users:
SELECT coord_email AS email, coord_pw AS pw, 'div' AS accesslevel FROM main_divisions WHERE coord_email is not null AND coord_pw is not null
UNION ALL
SELECT coord_email AS email, coord_pw AS pw, 'un' AS accesslevel FROM main_unions WHERE coord_email is not null AND coord_pw is not null
UNION
SELECT coord_email AS email, coord_pw AS pw, 'conf' AS accesslevel FROM main_conferences WHERE coord_email is not null AND coord_pw is not null
UNION
SELECT email, pw, 'people' AS accesslevel FROM main_people WHERE email is not null AND pw is not null
UNION
SELECT email, pw, accesslevel FROM main_ext_logins WHERE email is not null AND pw is not null
When mail provider changes IP (eg. causing mail queue just filling up)
Emails from the website is sent via Google Apps but system emails are still sent using this.
Steps to fix:
- Get IP of
nslookup yourmailserver.com
- If IP has changed, stop postfix
sudo /etc/init.d/postfix stop
-
sudo nano /etc/postfix/main.cf
to updaterelayhost
with new IP address and/or port -
sudo nano /etc/postfix/sasl_passwd
to add new IP/port - Delete old encoded sasl database:
sudo rm /etc/postfix/sasl_passwd.db
- Generate new encoded database:
sudo postmap hash:/etc/postfix/sasl_passwd
- Start postfix
sudo /etc/init.d/postfix start
- Send test message by:
mail -s testing allan@sharehim.org
. Next, type a line of text and then press Ctrl+D to send it. - Verify log file looks correct
- Verify email made it though
- If good, then lets try to resend and flush the queue:
postqueue -f
- View log file to see if messages start going out OK while checking status of
postqueue -p
to verify queue is decreasing
Servers
Domains
Domain Name | Usage description |
---|---|
sharehim.org | Main domain
Registered through Carolina Conference (managed at networksolutions.com). |
global-evangelism.org | Legacy domain which points to our main server and redirects to sharehim.org
Registered on ShareHim's hover.com account. |
global-evangelism.com | Legacy domain which points to our main server and redirects to sharehim.org
Registered on ShareHim's hover.com account. |
Sub-domains
Domain Name | Usage description |
---|---|
app.sharehim.org | Used by the Prayer & Friendship smart phone app |
festival.sharehim.org | Site with info about the festival events use used to have. Currently redirects to main domain. |
moore.sharehim.org | Pointing to Benny's house but not used for anything specifically |
newsletter.sharehim.org | Holding some content (images) for the newsletters sent in the period 2012-2013 |
secure.sharehim.org | Used to be the domain for https but since we changed everything to https in beginning of 2016 this domain can be removed once all search engines have updated all their links to it |
software.sharehim.org | Used by ShareHim Presenter and ShareSynch to check for and download updates |
support.sharehim.org | Pointing to John Lucas. He has some documentation etc there. |
svn.sharehim.org | Used by the Subversion server (NO LONGER USED - WE HAVE MIGRATED TO GIT - SEE "SUBVERSION INSTALL" SECTION) |
test.sharehim.org | The testing site of the main site |
tn1.sharehim.org | Distribution server for downloading sermon material |
update-check-ss4.sharehim.org | ShareSynch uses this domain for checking for updates (see this for details) |
webserver.sharehim.org | For sending email to the main sharehim.org server (only for internal use, it might not even be set up for receiving mail from the outside even though an MX record has been set up for it) |
calendar.sharehim.org
drive.sharehim.org mail.sharehim.org sites.sharehim.org |
Domains related to our Google for Business account which handles all our email |
*.365.sharehim.org | Domains required for the setup of our Office365 account (that we currently don't use at all, it just sits there) |
Server setup
Minimum requirements
OBS!! Reflect changes in _test_server.php
- PHP 5.x
- PHP Extensions: mysql, mysqli, gd, imap, soap (not yet used), sqlite3 (not yet used and not installed)
- More that should be installed: Mcrypt, cURL, mbstring
- MySQL 5.x (reason: DECIMAL type in CAST(), bug with field lengths in UNION queries, INSERT ... ON DUPLICATE)
- See _test_server.php for more.
Main webserver installation
Apache/PHP and all the domains
- Basic Debian server setup according to Allan Jensen's document "Installing Debian server - step-by-step.txt"
- Includes ssh config, iptables firewall, fail2ban, postfix, Apache, MySQL, PHP, Let's Encrypt
- Set system timezone to
America/New_York
(alternatively we could set it for PHP and MySQL specifically) (needed because most timestamps in the database unfortunately are stored in this timezone)-
sudo dpkg-reconfigure tzdata
-
- Added custom fail2ban filter for banning numerous requests to /wp-login.php
- See
/etc/fail2ban/filter.d/apache-wordpress-login.conf
and/etc/fail2ban/jail.local
- See
- Also followed the Linode docs for optimizing Apache, MySQL and PHP for 2GB RAM
-
sudo nano /etc/apache2/apache2.conf
-
KeepAlive Off ... <IfModule mpm_prefork_module> StartServers 4 MinSpareServers 20 MaxSpareServers 40 MaxClients 200 MaxRequestsPerChild 4500 </IfModule>
-
sudo nano /etc/mysql/conf.d/sharehim-mysql.cnf
-
[mysqld] max_allowed_packet = 1M thread_stack = 128K max_connections = 75 table_open_cache = 32M key_buffer_size = 32M
- Users beside the root user:
- allan (has sudo rights)
- techexec1 (has sudo rights)
- Users beside the root user:
- Upload "99-sharehim.sh" with customized directory aliases to /etc/profile.d/
- See backup or folder "sharehim.org\_other_server_files\" folder on developer machine
- Upload "sharehim_logrotate" to /etc/logrotate.d/
- See backup or folder "sharehim.org\_other_server_files\" folder on developer machine
- Upload "sharehim-mysql.cnf" with disabled ONLY_FULL_GROUP_BY to /etc/mysql/conf.d/
- See backup or folder "sharehim.org\_other_server_files\" folder on developer machine
- Install rsync
-
sudo apt-get install rsync
-
- Install git (used by PHP Composer package system to retrieve packages)
-
sudo apt-get install git
-
- Synchronize all /var/www/ files from old to new server
- Copy all databases from old to new server, including the users
- To accept the self-signed SSL certificate (don't think this is self-signed anymore though) for the SVN repository at "https://svn.winternet.no/svn/jensenfw2" (used in composer.json) execute the command "svn list https://svn.winternet.no/svn/jensenfw2" once and accept the certificate permanently.
- Install CrashPlan (NO LONGER USED AND HAS BEEN UNINSTALLED - THEY DONT SUPPORT DEBIAN, ONLY UBUNTU - as of 2021-05 I don't think we replaced it with anything - but I do database backups on allanville.com - and have code repos there)
- Install a GUI for Linux (LXDE seems to be the least resource intensive of the main ones)
- Log into you CrashPlan Small Business account and find the Linux installation file under App Downloads.
- Unpack it and run the install.sh script from within the GUI. Accept all the default directories etc.
- It recommends to raise the number of watches from the default 8192 (don't know if the later versions that I downloaded once we had switched to Small Business accoutn also needs this):
- Add line
fs.inotify.max_user_watches=1048576
to/etc/sysctl.conf
according to https://htpcbuildguide.com/crashplan-installation/ - To put it into effect without rebooting run
echo 1048576 > /proc/sys/fs/inotify/max_user_watches
- Add line
- Wait to adopt the old computer until you have completed the setup and switched to the new server
- The tray application no longer seems to be necessary - backup settings can be controlled from within the web interface of the account.
- Debugging: log files are located in
/usr/local/crashplan/log/
- Connecting to the app:
- (see Allan's file "Using GUI (graphical desktop) on a server.txt")
- Log into SSH session that forwards port 5901 to localhost:5901
- Ensure vnc is running. Check with
ps aux | grep vnc
. If not running, runvncserver :1
. - Connect with a VNC client to
localhost:1
(it will automatically add 5900 to the number)
- Restarting Crashplan service (https://support.code42.com/CrashPlan/6/Troubleshooting/Stop_and_start_the_Code42_app_service):
-
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-
- Additional PHP configuration (
sudo nano /etc/php/7.1/apache2/conf.d/99-sharehim.ini
):-
post_max_size=200M
-
upload_max_filesize=200M
-
- Install additional PHP extensions:
-
sudo apt-get install php7.1-gd php7.1-imap php7.1-xml php7.1-zip php7.1-soap
-
sudo apt-get install php7.1-bcmath
(because of at least bcmod() in php_functions_sharesynch_activation.php) -
sudo apt-get install php7.1-xmlrpc
(because of /allan-temp/invoice)
-
- Additional PHP CLI configuration (
sudo nano /etc/php/7.1/cli/conf.d/99-sharehim-cli.ini
):-
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_WARNING & ~E_NOTICE
-
Subversion
WE HAVE MIGRATED TO GIT AT https://git.winternet.no SO THIS IS NO LONGER USED
Source: http://stackoverflow.com/questions/60736/how-to-setup-a-subversion-svn-server-on-gnu-linux-ubuntu
-
apt-get install subversion libapache2-mod-svn
-
mkdir /var/www/svn.sharehim.org/svnrepo && cd $_
- Create a repository:
svnadmin create firstrepo
(not needed if you just sync the files from the old server) - Set permissions:
chown -R www-data:www-data /var/www/svn.sharehim.org/svnrepo
chmod -R g+ws /var/www/svn.sharehim.org/svnrepo
- Add user: (the .passwd file can also be put somewhere else)
htpasswd -c -m /var/www/svn.sharehim.org/dav_svn.passwd yourusername
- Add this to the virtual host of
svn.sharehim.org
(/etc/apache2/sites-available/110-svn.sharehim.org.conf
) (documentation):
<VirtualHost> ... <Location /svn> DAV svn SVNParentPath /var/www/svn.sharehim.org/svnrepo AuthType Basic AuthName "Subversion Repository" AuthUserFile /var/www/svn.sharehim.org/dav_svn.passwd Require valid-user # Outcomment next line if not using https SSLRequireSSL </Location> ... </VirtualHost>
- If it should be publicly accessible, see the StackOverflow refence.
- Restart Apache:
service apache2 restart
- Browse to
https://svn.sharehim.org/svn/firstrepo
Postfix
- For routing mail send through an SMTP, not for receiving email
-
myhostname = webserver.sharehim.org
(may NOT just be sharehim.org as we want mail to the domain delivered externally) - for the same reason mydestination may NOT include sharehim.org (but it could include webserver.sharehim.org I guess??)
If installing mail server (we currently use Google's G Suite)
- Dovecot (is currently not installed)
- ClamAV (is currently not installed)
- SpamAssassin (is currently not installed)
- FTP: Uninstalled ProFTPp on 2016-04-10 after Chuck no longer needed to access the server. The configuration files are still there in /etc/proftpd and /etc/proftpd.orig though.
Installing WordPress
- To make WordPress not require use of FTP for updating, plugin and theme installs, www-data must be the owner all files and directories. Just setting even 777/666 permissions is not enough.
- To install WordPress updates the file permissions-for-wordpress-update.sh should first be run. After update run permission-cleanup.sh.
Installing updates
For Debian-based distributions do the following, all as root:
-
apt-get update
-
apt-get -dy dist-upgrade
After all packages have been downloaded successfully, then perform the actual install:
-
apt-get dist-upgrade
Installing Let's Encrypt SSL certificates for https
(Source)
Do the following in the /root folder:
sudo apt-get install python-certbot-apache
sudo certbot --apache
Setup cron job to execute (you can test it with sudo certbot renew --dry-run
):
certbot renew
Checklist - before switching to new server
- Use temporary subdomain
new.sharehim.org
for the new server- Make DNS entry
- Add to .htaccess
-
RewriteCond %{HTTP_HOST} !new.sharehim.org
-
- Add Apache ServerAlias in config file for the sharehim.org site
- Setup subdomain
old.sharehim.org
for the current server (so we still have a domain we can use after switching DNS for all other domains) - Configure Apache for global-evangelism.org, global-evangelism.com and sharehim.org and any other domains/subdomains
- Synchronize files from old website to new website
-
rsync -larvzi --checksum --delete-during -e 'ssh -p 22022' /var/www/sharehim.org/ allan@new.sharehim.org:/var/www/sharehim.org/
- Add these two lines to the end of sshd_config to allow password authentication from IP of the old machine:
-
Match address xx.xx.xx.xx
-
____PasswordAuthentication yes
-
-
- Configure ini files:
- /php/ini_serverconfig.php
- /wp-config.php
- /help/ini_server.php
- Run _test_server.php
- 'server_ip' : for knowing if the script is called by the server itself (NOT whether or not it's the production server)
- It must always be set to the IP that $_SERVER['REMOTE_ADDR'] returns when a script is called by the server itself
- For NAT server setups this usually means a different IP than $_SERVER['SERVER_ADDR']
- 'server_ip' : for knowing if the script is called by the server itself (NOT whether or not it's the production server)
- Run _unittests.php
- Check settings in ini.php
- File permissions (see a section on this wiki page and the script
permission-cleanup.sh
) - Test PDF generation, making zip archives, use of XML extension
- Test sending email
- Especially to the sharehim.org addresses
- Copy
/etc/sudoers.d/sharehim-sudo
to new server - NOT USED ANYMORE? Test PHP script that accesses the bounces email account
- See file documentation for
upload_multimedia.php
for requirements on Apache
Checklist - right before/during switching to new server
- Ensure system/apache/php etc is up-to-date on new server
- Lock both old and new website by setting
$GLOBALS['shcfg']['testsite_is_open'] = false
inini.php
- Set wiki to read-only by adding this line in LocalSettings.php:
$wgReadOnly = 'System is locked due to server maintenance.';
- Set WordPress to read-only - google how to do it
- Delete cron jobs from old server (/etc/cron.d/sharehim-cron)
- Sync databases (use mysqldump (with compression) to do it fast, but it is easier to use HeidiSQL though it will be a lot slower)
- Using mysqldump directly to new host:
mysqldump --opt db_name | mysql --host=remote_host -C db_name
- Using mysqldump to file:
-
mysqldump -u root -p --opt sharehim_main > BACKUP_sharehim_main.sql
-
gzip BACKUP_sharehim_main.sql
- Transfer file to new server (easiest to use
mc
's Shell link functionality to avoid slow transfer speeds on SFTP) -
gzip -d BACKUP_sharehim_main.gz
-
mysql -h localhost -u root -p --compress sharehim_main < BACKUP_sharehim_main.sql
-
- Make sure that databases are copied completely => compare number of records in old and new
- Check system_settings "label" that it hasn't lost the first letter of each folder (probably because of the backslash) (discovered on 2007-12-02 that these first letters had disappeared from the value field and Bob had trouble getting the printer to work!)
- Using mysqldump directly to new host:
- Sync files, espacially: (EXCEPT ini_serverconfig.php)
- php/pdf_generated/*.* -r
- php/multimedia/*.* -r
- docs/*.* -r
- - use _allfiles.php to check if they are sync (by comparing a report from old and new server)
- Change $main_domain in ini_serverconfig.php and WordPress options 'siteurl' and 'home' in table wp_options to the correct domain
- Make sure $enable_usage_statistics in ini_serverconfig.php is enabled
- Change DNS for all related domains
Checklist - after switching to new server
- Setup https for all domains after DNS has effectively changed (using Let's Encrypt
certbot
) - Change to new server IP address in G Suite SMTP Relay (or add authentication info in ini_hooks.php instead)
- Run _test_server.php
- Open new website by setting
$GLOBALS['shcfg']['testsite_is_open'] = true
inini.php
- Open and test wiki
- Open and test WordPress
- Check both domains: sharehim.org and global-evangelism.org (with and without "www.")
- Test other domains (fx. test. and software. and .legacy)
- Ensure scheduled jobs (cron jobs) were removed from old server, and set up on new server and is running (set root:root ownership and 644)
- NOT USED ANYMORE? Check that bounces end up in the mailbox we have specified in ini.php
- Re-check file permissions (because of the final file synchronization we did)
- Re-check sending emails, both to sharehim.org domain and other domains (since we have made DNS changes plus are sending from new IP)
- Check that also cron result emails sent to sharehim.org email address (using MAILTO in the cron file) are routed correctly
- Test uploading pictures, both for stories and personal portraits
- Test and relocate TortoiseSVN sandbox if address to repository is different
- Test that generation of http://test.sharehim.org/sharehim_changelog.xml still works (run by a cron job)
- Make log entry in logbook.txt
- Check that internal and external backups are being done
- Check the cron job running backup-mysql.phpcli
- Check automatic downloads by developer
- Notify the Outblaze.com postmaster (postmaster@outblaze.com) about any IP address change (to avoid spam blocking of our emails)
- When I did this last time (around 2009/2010) they said: "We're not currently blocking either your old or your new IP. You should be good to go."
- Remove use of new.sharehim.org
- DNS entry
- Apache ServerAlias
- .htaccess
- Remove temporary Match config in bottom of sshd_config file
- Remove DNS entry for old.sharehim.org once that server has been eradicated
Changing domain
- change $GLOBALS['shcfg']['main_domain'] in ini_serverconfig.php
- change option names 'siteurl' and 'home' in WordPress table wp_options
Syncing between Linux and Google Drive/S3/other cloud services with rclone
Windows alternative could be Total Commander with Cloud plugin instead - and it's folder sync tool. Mac alternative could maybe be: http://www.expandrive.com/, https://itunes.apple.com/us/app/sync-folders/id530573877?mt=12 These tools doesn't work for making backups though...
- Download rclone from http://rclone.org/downloads/ (AMD64 - the zip file, not the .deb or .rpm)
- Extract and put "rclone" in /usr/local/bin/ (and give it execute permissions)
- Run "rclone config" and create a new remote.
- Google Drive:
- Name: type an appropriate name (eg. "SharehimGDrive")
- Client ID: leave blank (or create our own according to rclone's instructions if we are going to use it a lot)
- Client secret: leave blank
- Scope: 1 ("drive")
- root_folder_id: leave blank (rclone should autofill it)
- Use auto config?: no
- Open the link it provides in a browser and paste the resulting code
- Test with eg. "rclone lsd SharehimGDrive:" to list root content
- If you get the error "The domain policy has disabled third-party Drive apps" following these directions: http://stackoverflow.com/a/14502443/2404541
- If you get an error, check that the token in the config hasn't expired. If so go through the config again to create new token.
- Amazon S3:
- Get access key, secret key, and region from pw manager.
- Test with eg. "rclone lsd SharehimS3:sharehim" to show files in the root of the "sharehim" bucket.
- Google Drive:
It can even sync between two cloud services (= remotes). We use it to backup S3 to Google Drive, as well as backing up tn1 to Google Drive.
Note that when sync'ing the current version 1.37 doesn't delete folders on the destination that have been deleted on the source side. Only all the deleted files are being removed. Watch here for updates: https://github.com/ncw/rclone/issues/100#issuecomment-206783804
Also, dupes can occur. So you want to first run the sync
command, then the dedupe
command, and then the script sync_empty_directories_rclone.phpcli
I have made to delete folders in the destination that have been deleted in the source (to make an exact copy).
See also http://wiki.linuxquestions.org/wiki/Rsync_with_Google_Drive
Automated systems accessing the server via SSH
- External database backup system (at developer's location)
- Developer's file upload systems
Server data breach procedures
- Change server user account passwords
- Change database user account passwords
- Change AWS S3 access key (ini_serverconfig.php)
- Change eAdventist account password (ini_serverconfig.php)
- Change AdventistDirectory account password (ini_serverconfig.php)
- Change DYMO Endicia account password (ini_serverconfig.php)
- Change MaxMind access key (is this possible?!) (ini_serverconfig.php)
- Change Authorize.net transaction key (ini_serverconfig.php)
- Change password for email account receiving bounces (ini.php)
- Anything we can do with sermon software private key? (ini_sharesynchconfig.php)
Software
Generic documentation
Signing the installers with a code signing certificate
Getting the required files
On 2016-04-18 we purchased a 5-year certificate from http://codesigning.ksoftware.net/ (we found cheaper prices elsewhere (here) but they matched that and gave us a discount code for $56.94/yr for a 5-year period).
When making the purchase the default options are fine. Choose:
- "Microsoft Enhanced Cryptographic Provider v1.0"
- Key size of 2048
- Exportable (CHECKED)
- NOT user protected (DO NOT CHECK)
Export the certificate after going through the process. It is auto-installed to IE. To export the certificate, follow the directions here: https://www.godaddy.com/help/exporting-a-code-signing-certificate-from-internet-explorer-or-firefox-4782 Make sure to choose to export the private key. Do NOT select any options to delete the private key if the export is successful.
Do the following to convert the exported PFX code signing file to PVK and SPC (source):
- Ensure OpenSSL is installed (get here or here).
- Download the PVK Transform Utility (Allan has a local copy).
-
openssl pkcs12 ‐in ShareHim.pfx ‐nocerts ‐nodes ‐out tmp_file1.pem
Allan has the pw in pw manager. -
pvk ‐in tmp_file1.pem ‐topvk ‐out ShareHim.pvk
Enter password to be used for signing files (Allan has it in pw manager). -
openssl pkcs12 ‐in ShareHim.pfx ‐nokeys ‐out tmp_file2.pem
-
openssl crl2pkcs7 ‐nocrl ‐certfile tmp_file2.pem ‐outform DER ‐out ShareHim.spc
- Delete the temporary .pem files (I believe there is no need for them anymore)
Signing on Windows
http://stackoverflow.com/questions/1451959/where-do-you-download-signcode-exe-and-other-tools
K Software also provide a tool for signing files: http://codesigning.ksoftware.net/#ksign
Signing on Linux
http://stackoverflow.com/questions/18287960/signing-windows-application-on-linux-based-distros
Using osslsigncode
The advantage of osslsigncode is that the password can be specified as a command line option, so it's easier to automate. It also works on both .exe and .msi files.
For it to work with .msi you need to run the configure
command as ./configure --with-gsf
, which will require you to do apt-get install libgsf-1-dev
. If you don't need support for .msi you don't need gsf.
Also, if configure
complains about Curl you need to install the package libcurl4-openssl-dev
(source).
osslsigncode sign -certs /home/allan/code_signing_files/ShareHim.spc -key /home/allan/code_signing_files/ShareHim.pvk -pass <pvk-password> -n "ShareHim Presenter" -i https://sharehim.org/ -in /var/www/ShareHim-Presenter-xxxxxxxxx.exe -out /var/www/ShareHim-Presenter-xxxxxxxxx-signed.exe
The -n parameter should be the name of the program. It is shown to the end-user in User Account Control dialog box when the installer is executed.
Using Mono's signcode
Make sure you follow all the directions for Debian 8+ for adding the package repositories. Only need to install the mono-devel package. Run the following command to sign the .exe file:
signcode -spc /home/allan/code_signing_files/ShareHim.spc -v /home/allan/code_signing_files/ShareHim.pvk -a sha1 -$ commercial -n "ShareHim Presenter" -i https://sharehim.org/ -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 10 /var/www/ShareHim-Presenter-xxxxxxxxx.exe
The -n parameter should be the name of the program. It is shown to the end-user in User Account Control dialog box when the installer is executed.
It cannot sign .msi files though.
Compiling sermons
Services
Salesforce
Basic setup
- Add fields to Contacts:
- ShareHim_Person_ID
- Do not allow duplicate values
- Set this field as the unique record identifier from an external system
- ShareHim_LastModified
- Don't always require a value
- Only writable by "System Administrator" and "System Admin COPY for API" profiles
- JobTitle
- Company
- Spouse
- Email Invalid
- Receive newsletter? (Picklist)
- Do Not Contact Reason (Text)
- No General Mailings (Checkbox)
- Hide person from public? (Checkbox)
- ShareHim_Person_ID
- Add fields to Opportunity:
- ShareHim_Donation_ID (Number)
- Do not allow duplicate values
- Set this field as the unique record identifier from an external system
- Only writable by "System Administrator" and "System Admin COPY for API" profiles
- ShareHim_LastModified (Date/Time)
- Don't always require a value
- Only writable by "System Administrator" and "System Admin COPY for API" profiles
- ShareHim_Donation_ID (Number)
- Add fields to Payment:
- ShareHim_Donation_ID (Number)
- Do not allow duplicate values
- Set this field as the unique record identifier from an external system
- Only writable by "System Administrator" and "System Admin COPY for API" profiles
- ShareHim_LastModified (Date/Time)
- Don't always require a value
- Only writable by "System Administrator" and "System Admin COPY for API" profiles
- Add Picklist items to existing field "Payment_Method"
- eCheck
- Online
- Other
- (Cash and Check were already in the list)
- ShareHim_Donation_ID (Number)
- Add fields to Opportunity Product (DIDN'T GET IT WORK WITH SYNC'ING THIS TABLE):
- ShareHim_AcctTransaction_ID (Number)
- Do not allow duplicate values
- Set this field as the unique record identifier from an external system
- Only writable by "System Administrator" and "System Admin COPY for API" profiles
- ShareHim_LastModified (Date/Time)
- Don't always require a value
- Only writable by "System Administrator" and "System Admin COPY for API" profiles
- ShareHim_AcctTransaction_ID (Number)
- Fields Contacts page layout (Setup > Customize > Contacts > Page Layouts)
- Remove these:
- Do Not Call
- Email Opt Out
- Fax Opt Out
- Add these:
- Do Not Contact (a field defined in NPSP)
- Remove these:
- Enable picklist for State and Country fields: http://resources.docs.salesforce.com/204/14/en-us/sfdc/pdf/state_country_picklists_impl_guide.pdf
- Synchronize their default list of countries with ours.
- The integration value may NOT be the same as the code. I used the full name value instead.
- Synchronize their default list of countries with ours.
- Add custom object ContactAddress (for storing additional addresses for Contacts) (Setup > Create > Objects)
- The standard field with Field Name "Name" should be made an AutoNumber field instead of Text field.
- Fields to add (see used field names in the WSDL):
- Contact (Master-Detail)
- Type (Picklist)
- Label (Text)
- Address (Text)
- City (Text)
- State (Picklist - from global list "States & Provinces" that we created)
- Zip (Text)
- Country (Picklist - from global list "Countries" that we created)
- ShareHim PersonAddress ID (Number) (only visible by Admins)
- ShareHim LastModified (Date/Time) (only writable by Admins)
- Add custom object ContactPhone (for storing additional phone numbers for Contacts) (Setup > Create > Objects)
- The standard field with Field Name "Name" should be made an AutoNumber field instead of Text field.
- Fields to add (see used field names in the WSDL):
- Contact (Master-Detail)
- Type (Picklist)
- Label (Text)
- Country (Number)
- Phone Number (Text)
- ShareHim PersonPhone ID (Number) (only visible by Admins)
- ShareHim LastModified (Date/Time) (only writable by Admins)
- Edit the page layout for contacts (Setup > Customize > Contacts > Page Layouts > Contact Layout) and add the fields for the custom objects we created.
- Add custom objects for dropdown fields where we want to use separate values and labels (instead of using picklists)
- "OptionList Receive Newsletter"
- Add the label field to the lookup dialog (Setup > Create > Objects > [name of object] > Search Layouts section > edit the "Lookup Dialogs" layout)
- Add custom objects to the list of tabs, so you can get to manage the data (https://help.salesforce.com/apex/HTViewHelpDoc?id=creating_custom_object_tabs.htm&language=en)
- Set up outbound messaging to send Contact to sharehim.org every time a Contact is created or edited
- Make outbound message to https://sharehim.org/php/system_salesforce_callback.php (Setup > Create > Workflow & Approvals > Outbound Messages)
- Create rule for Contact object, evaluate on create and every time it's edited, and use a formula for rule criteria which is "1=1" (Setup > Create > Workflow & Approvals > Workflow Rules)
- Set password to API user to never expire
- Go to Setup > Manage Users > Profiles
- If you can't change the profile the API user is using, clone it and click it, then select System Permissions > Edit > Password Never Expires > put a checkmark
- Then assign this profile to the API user
- IF USING SOAP API: Generate new WSDL (Setup > Develop > API > Generate Enterprise WSDL)
- Put it in /php/includes/salesforce_toolkit/enterprise.wsdl.xml
- Enable truncating custom objects (Setup > Customize > User Interface > put checkmark at "Enable Custom Object Truncate")
Installing MailChimp for Salesforce
- Get it: https://appexchange.salesforce.com/listingDetail?listingId=a0N3000000B3byfEAB&tab=g
- Setup guide: http://kb.mailchimp.com/integrations/salesforce/install-mailchimp-for-salesforce
Backup
Database backup on webserver
- Script /var/www/sharehim.org/mysql-backup.phpcli run by cron daily at 04:00 and 20:00 EST.
- User/pass config file used by this script is located at /etc/mysqlbackup.cnf
(Ideas: https://www.everythingcli.org/secure-mysqldump-script-with-encryption-and-compression/ )
Files backed up from webserver
- /etc
- /home
- /root
- /usr/local/bin
- /var/log
- /var/www
Using CrashPlan (NO LONGER THOUGH - SEE OTHER NOTES ABOUT CRASHPLAN).
-
rclone sync /var/www/ "SharehimGDrive:/backup/tn1_server/-var-www-/" --exclude=pdf/** -v
-
rclone dedupe "SharehimGDrive:/backup/tn1_server/-var-www-/" -v
-
/home/allan/sync_empty_directories_rclone.phpcli
after configuring its settings -
rclone sync /storage/ "SharehimGDrive:/backup/tn1_server/-storage-/" --exclude=pdf-backup/** --exclude=pdf-beta/** -v
-
rclone dedupe "SharehimGDrive:/backup/tn1_server/-storage-/" -v
-
/home/allan/sync_empty_directories_rclone.phpcli
after configuring its settings
Files backed up from Amazon S3 bucket
-
rclone sync SharehimS3:sharehim SharehimGDrive:/backup/s3_sharehim/
System Log Book
- 2003-07-18: Launched new dynamic website for public
- 2004-04-29: Installed and activated new logo/design from JCG
- 2004-07-15: Started attaching PDF files to insurance/service req/sending fields reminders
- 2004-08-16 14:37: Switched to new 2.6 Ghz server
- 2004-08-22: System ready to handle homeland date blocks
- 2004-09-13: Deleted teamIDs that didn't have a personeventID or event for the speaker was deleted
- 2004-09-19: Starting registering categorymoved and collegedateblockIDmoved in main_personevents
- 2005-01 : Switched to new server (dual xeon). Old CGI counter stopped at 195577
- 2005-01-31: Started sending out event reminders to people
- 2005-03-24: Activated WebStory visitor statistics
- 2005-04-17: Restructure category, phase 1/4 completed: confirmed no problems with setting both category and categorymoved
- 2005-06-07: Restructure of room sharing preferences implemented
- 2005-06-07: Disabled CGI counter and started using WebStory information (CGI stopped at 230840 counts)
- 2005-06-19: Restructure category, phase 2/4 completed: rewritten all code to use the new category and collegedateblockID fields (big job!)
- 2005-06-23: Restructure category, phase 3/4 completed: rewritten all code handle multiple categories for one person
- 2005-06-23: Restructure category, phase 4/4 completed: delete all collegedateblockID values from the recommender field, and rewritten rest of code
- 2005-08-02: Enabled MySQL Query Cache
- 2005-08-05: Standby events, phase 1/4 completed: add database field and adjust all code for the new fields
- 2005-08-17: Restructure of approval process (from this date recommend_status, date_approved, is_eventrequest are accurate)
- 2005-09-12: Standby events completed
- 2006-03-16 16:34: Implemented/committed "Reports & Stories" section (took like 3-4 months to develop!)
- 2006-05-07: Campaign Site Statistics system
- 2006-05-24: Production server upgraded to PHP 5 but downgraded again!
- 2006-06-19: Code count: 133351 lines of code, 18290 lines of comments, 8832 blank lines
- 2006-06-23: Login: only check login once and use session variables to know if user is logged in validly
- 2006-10-11: Change term "hotel city" to "hub city". Functions renamed: get_hotelcity_info() to get_hubcity_info(), get_hotelcity_people() to get_hubcity_people(), get_hotelcitys_orientation_info() to get_hubcitys_orientation_info(), get_hotelcities() to get_hubcities(), get_dateblockhotel_info() to get_dateblockhubcity_info(), get_incomplete_hotel_info() to get_incomplete_hubcity_info(), get_person_hotelcity() to get_person_hubcity(), add_hotelcity_to_cluster() to add_hubcity_to_cluster(), get_dateblock_hotelcities() to get_dateblock_hubcities(), link_hotel_to_dateblock() to link_hubcity_to_dateblock(), compose_group_from_hotelcity() to compose_group_from_hubcity(), get_orientation_hotelcities() to get_orientation_hubcities(), link_orientation_and_dateblockhotel() to link_orientation_and_dateblockhubcity(), get_organizer_hotelcity() to get_organizer_hubcity()
- 2007-04-11: Donation system
- 2007-05-31: Weekly scheduled system to notify about floating support team members
- 2007-05-15: Started separating management of the homeland system from the international system (started on menu_clusterleader.php and add under that)
- 2007-06-13: Added Master sites
- 2007-07-03 17:46: New super-dynamic front page with latest updates
- 2007-07-12: Switched to new server (4 CPU)
- 2007-08-07: OpenID implemented, phase 1/2 completed: beginning testing period
- 2007-08-07: Realized all mails sent _from the website_ to sharehim.org addresses never arrived and was lost, because Darryl had forgot to change something when we moved the site on 2007-07-12
- 2007-08-16: Code count: 190064 lines of code, 29261 lines of comments, 13437 blank lines, 725 files (php;htm;js;css;txt) (lines of code excludes libraries like JanRain OpenID, FCKeditor, htmlarea etc, otherwise it would be 224913/37507/18762/876). Official tables: 89
- 2007-08-29 11:50: Restructured homeland system to register availability, do acceptances per conference, automatically approve homeland applicants when assigned to a site
- 2007-10-01: All output from webservice system is now being UTF-8 encoded
- 2007-11-08: Current disk space usage: Files: 835 Mb, MySQL: 173 Mb
- 2007-12-14: Restructured international program to require team funding of 1,200 USD per site (starting from year 2008) (decided at Carolina meeting 2007-12-11)
- 2007-12-19 16:08 EST: Changed application form to require payment of $1200 by all applicants by default
- 2008-05-22: Set applications closing date for all international date blocks to 1 month before opening date
- 2008-06-05: Major code clean-up, streamlined function names, clean up of global variables, clean up of left-side menu, improved compatibility with future PHP versions
- 2008-08-06: Added MVC functions
- 2008-09-23: Change all homeland date block titles to be generated automatically
- 2008-12-08: Code count: 224106 lines of code, 38529 lines of comments, 17964 blank lines, 796 files (php;htm;js;css;txt) (including libraries FCKeditor, htmlarea, netoffice folder, it would be 261945/47269/24296/995). Official tables: 91 (ALL tables on sharehim.org main database excl the other databases). With 32 chars per line on average => 1400 pages of text to keep track of.
- 2009-01-28: Problem occured with switching between SSL and non-SSL: Darryl had installed Suhosin on server, and this setting suhosin.session.cryptdocroot being On caused the problem (because docroot is different for SSL and non-SSL scenarios) (see Suhosin config options: http://www.hardened-php.net/suhosin/configuration.html)
- 2009-02-05: Session problem occured when using Aurigma Image Uploader: Darryl had installed Suhosin on server, and this setting suhosin.session.cryptua being On caused the problem (because Image Uploader sends it own user agent to the receiving script)
- 2009-02-18: Major step of 3rd homeland website structure change, where conference organizers can do long-term planning and basically set up their own date blocks
- 2009-02-26: Major overhaul of homeland system (probably greatest changes this round). Changed from a date block based system to a master site/church based system.
- 2009-03-09: Changed application to match new homeland structure (no longer ask for date blocks they are available for)
- 2009-03-25: Implemented the system for asking acceptance consent from applicant's pastors
- 2009-04-23: Implemented option for setting up a login for pastors, and for them to manage their master sites and their OLT members
- 2009-08-24: Require $100 USD deposit for international campaigns
- 2010-02-04: Divide groups into 3 types of funding sources for site-funding: ShareHim responsible, individually responsible, and collectively responsible
- 2010-02-11: System to handle sending site-funds to local fields
- 2010-04-01 10:00 EST: Switched to sharehim.org as main domain, without www. to make URLs as short as possible (all cookies 'cook_uniqueuserid' were being copied since 2008-09-11)
- 2010-06-17: System for non-eAdventist conferences to manage their list of pastor on our website
- 2010-09-14: Switched to new server (8 cores)
- 2010-09-28: Went through bounced e-mails and invalidated about 1300 e-mail addresses in main_people!
- 2010-10-05: Separated files for Jensen Framework out into a separate folder
- 2010-11-01: Delete many obsolete fields in main_master_sites and main_sites
- 2010-11-11: Started tracking when OLT members are added and removed, and thereby keep history
- 2011-03-21: Cleaned up manually entered GoodSalt orders of ShareSynch Serial Numbers
- 2011-12-16 13:13 EST: Completely separate homeland campaigns from main_dateblocks table
- 2012-01-31 05:30 EST: Implemented Centralizer functions add_person() and edit_person()
- 2012-02-07 04:20 EST: Moved production website to vpsfarm (our own server) (Hosford charged us $106.95 per month for sharehim.org and folkenberg.net)
- 2012-04-03: Fixed some Googlebot problems that caused it to hammer our website. In Webmaster Tools Googlebot lately had crawled 4-7000 pages per day, ~70000 Kb downloaded per day, and spent ~250 msec per page. Watch if this decreases!
- 2012-05-22 10:10 EST: Implemented new login system
- 2012-05-22: Reached 3000 commits to Subversion
- 2012-06-13 16:00 EST: Implemented bcrypt hashing of user passwords
- 2012-08-01: Code count: 362482 lines of code, 59873 lines of comments, 27717 blank lines, 981 files (php;htm;js;css;txt) (lines of code excludes libraries like JanRain OpenID, FCKeditor, htmlarea etc, otherwise it would be 556960/103412/43067/1413). Official tables: 132 tables+WordPress tables+Wiki tables (temporarily moved everything out that was not part of the code for the website)
- 2012-08-03: Started using jQote2 JS templating engine and common.js
- 2012-08-14: Cleaned up system_operations using SQL in "SQL statements.txt"
- 2012-09-07: Option to use social logins (Google, Facebook, PayPal, OpenID etc via rpxnow.com)
- 2012-10-09: Restructured hub cities so that they are now permanent per date block
- 2012-11-13: Restructured site-funding system for STMs to pay as well and for 3 donation deadlines
- 2012-12-04: Restructured orientations so that they are now permanent per date block (only one orientation site record per orientation date)
- 2013-01-21: First specific use of HTML5 by using sessionStorage in menu_pastor.js
- 2013-03-22 04:00 EST: Moved all 3 vps servers to one vps server at linode (vpsfarm went out of business)
- 2013-11-04 09:00 EST: Change entire website into using charcter encoding UTF-8
- 2014-02-06: Upgraded Debian server from squeeze to wheezy
- 2014-06-23: Upgraded MediaWiki from version 1.14.0 to 1.23.0
- 2014-07-22: Change to use personal logins for campaign managers, instead of separate coadmin login
- 2015-02-20: Started using the new application form seriously (STMs now also go through recommendation process)
- 2015-09-30 04:30 EST: New design implemented site-wide
- 2016-03-03: Changed DNS for tn1.sharehim.org from 173.247.17.13 to 173.247.17.138 (because Benny's Internet connection was changed)
- 2016-08-29: Deleted admins from main_ext_logins (only div/conf/un is remaining but as of today we have disabled their login ability)
- 2016-09-08: Changed cron job for daily tasks #4 to run every 20 minutes dues to limits imposed by eAdventist
- 2017-01-16: disabled password SSH authentication (only allow with SSH keys) -Allan
- 2017-01-16: CrashPlan service had terminated for some reason. Started it again. (https://support.code42.com/CrashPlan/4/Troubleshooting/Stopping_And_Starting_The_CrashPlan_Service) -Allan
- 2017-01-27: Patched servers, both sharehim.org and tn1.sharehim.org
- 2017-01-31: Moved crontab to /etc/cron.d instead of using symlink to /var/www/sharehim.org/crontab - since it didn't work after the patching 4 days ago!
- 2017-02-17: Changed postfix to route emails through Allan's Meebox mail server
- 2017-03-29: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine start
-Allan - 2017-05-11: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine start
-Allan - 2017-07-19: Patched sharehim.org and tn1.sharehim.org
- 2017-08-08: Built new main webserver to upgrade from Debian Wheezy (PHP 5.4, MySQL 5.5) to Debian Stretch (PHP 7.1, MySQL 5.7) (still hosted by linode.com) (old IP: IP 66.228.62.173, new IP: 45.79.197.161, new IPv6: 2600:3c02::f03c:91ff:fe3e:51d)
- 2017-09-04: Started synchronizing all people records to Salesforce
- 2017-09-04: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine start
-Allan - 2017-09-04: Patched sharehim.org and tn1.sharehim.org
- 2017-09-12: Patched sharehim.org and tn1.sharehim.org
- 2017-12-13: Patched sharehim.org and tn1.sharehim.org
- 2018-01-03: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine start
-Allan - 2018-02-16: Patched sharehim.org and tn1.sharehim.org
- 2018-03-21: Patched sharehim.org and tn1.sharehim.org
- 2018-05-08: Patched sharehim.org and tn1.sharehim.org
- 2018-07-11: Patched sharehim.org and tn1.sharehim.org
- 2018-07-20: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine start
-Allan - 2018-07-26: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine start
-Allan - 2018-10-19: Patched sharehim.org and tn1.sharehim.org
- 2018-10-19: Installed LXDE GUI on server and then CrashPlan for Small Business 6.8.3. Backup resumed.
- 2018-10-29: Patched sharehim.org and tn1.sharehim.org
- 2018-12-17: Patched sharehim.org and tn1.sharehim.org
- 2018-12-21: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2019-03-06: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2019-04-14: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2019-04-14: Patched sharehim.org and tn1.sharehim.org (had issues on tn1 where I had to deactivate some reps in sources.list)
- 2019-05-08: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2019-07-15: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2019-07-15: Patched sharehim.org and tn1.sharehim.org
- 2019-07-23: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2019-08-04: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2019-08-13: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2019-08-13: Patched sharehim.org and tn1.sharehim.org
- 2019-08-29: CrashPlan service had again terminated for some reason. Started it again with:
sudo /usr/local/crashplan/bin/CrashPlanEngine restart
-Allan - 2020-01-24: Patched sharehim.org and tn1.sharehim.org
- 2020-04-21: Patched sharehim.org and tn1.sharehim.org
- 2020-05-07: Patched sharehim.org
- 2020-12-31: Patched sharehim.org
- 2021-05-16: Uninstalled CrashPlan (it has been disabled for about a year). Followed this: https://mikebeach.org/2010/07/05/how-to-uninstall-crashplan/
- 2022-01-28: Patched sharehim.org