Website

Interface Security

Login session variables

REMEMBER that these variables also needs to be set (or at least managed) when emulating and unemulating.

Is user logged in?	['usrinfo']['logged_in']
Username (e-mail)	['usrinfo']['username']
E-mail	['usrinfo']['email']
Person/div./un./conf. ID (Local ID)	['usrinfo']['localID'] (MUST correspond to $accesslevel in order to identify the user on his own level - certain users from ext_logins has to be "mapped" to an existing record in the table for his level, so that it will actually just be an alias. We cannot transfer the localID field from ext_logins to localID field in temp_users, because we would not have the reverse identification of that user in temp_users then, so we have to manually check the session variable to see if the user comes from ext_logins table and lookup the localID manually. If we are only concerned about the current user the localID can be found in "user_eff_localID" though.)
Ext. logins loginID	['usrinfo']['ext_logins_loginID'] (only made for logins in main_ext_logins. Saves the loginID as the localID will only contain the mapped localID - if any)
Effective local ID	['usrinfo']['eff_localID'] (holds the effective local ID for the current user. For ext. logins that means the value of ['usrinfo']['ext_logins_loginID'] and for all other user the value of ['usrinfo']['localID'])
Access levels (number)	['usrinfo']['accesslevels_num']  (array) ['usrinfo']['accesslevels_num_max']  (number - the highest in the array)
Access levels (text)	['usrinfo']['accesslevels']
From table	['usrinfo']['fromtable'] (values are as MySQL table names except without the "main_" part)
Full name	['usrinfo']['fullname']
If admin is superadmin	['usrinfo']['is_superadmin']
If admin is associate admin	['usrinfo']['is_assoc_admin']
Is homeland division/union/conference organizer	['usrinfo']['is_conf_organizer'] (true, false) ['usrinfo']['is_un_organizer'] (array of unionIDs they are organizer for) ['usrinfo']['is_div_organizer'] (array of divisionIDs they are organizer for) ['usrinfo']['is_field_organizer'] (true, false) If user is a conference/union/division organizer for homeland campaigns. 'is_field_organizer' will be true if ANY of the other 3 is true.
Access level for homeland field organizers	['usrinfo']['conf_organizer_accesslevel'] ('manage', 'reporting') ['usrinfo']['un_organizer_accesslevel'] ('manage', 'reporting') ['usrinfo']['div_organizer_accesslevel'] ('manage', 'reporting')
Is conference organizer for sectors	['usrinfo']['is_conf_organizer_for_sectors'] Array of sectors a conference organizer is limited to. Non-existing if no limits.
Is pastor	['usrinfo']['is_pastor'] (true, false)
Is editor	['usrinfo']['is_editor'] ('executive','associative','text','graphics', or false)
User's active event	['usrinfo']['active_personeventID']
Emulating mode	['usrinfo']['is_emulating'] (true or not set) (whether the current login is being emulated)
Responsible date blocks	['usrinfo']['resp_dateblocks'] (array of dateblockIDs that this coadmin is responsible for/has access to maintain. Only used for 'coadmin' access level, otherwise it's an empty array)
Contact for colleges	['usrinfo']['contact_for_collegeIDs'] (array of collegeIDs that this person is contact person for)
Recommenders	['usrinfo']['rec_divisionIDs'] - array of divisions that person is recommender for ['usrinfo']['recommenderIDs'] - array of the person's recommender records
Verfied/authenticated OpenID	verified_openid
Verfied/authenticated OpenID short version	verified_openid_short

Other session variables generally used

Only lasting during the page execution for all pages that goes through the security check.

Dateblock ID

$dateblockID (the date block that an administrator is currently working in)

Other global variables generally used

Cached data

$GLOBALS['_cache']

Associative array with data we want to cache for later reuse. Eg. $GLOBALS['_cache']['groups'][###] contain group info.

Note that the Centralizer system uses $GLOBALS['runtime']['cache']

Access levels

Each usergroup must also have a numeric value because of the login system's way of behaviour.

Access levels from 70-79 and 0-10 should on the pages be set specifically (in $requiredUserLevel) to avoid unwanted inherited permissions.

Group	Abbrev.	Range	General (if range)
System	system		899
Administrators	admin	70+     90+	100
Campaign managers * Equipment managers	coadmin equipman	70-89	80 79
Divisions	div	60-69	65
Unions	un	50-59	55
Conferences/missions	conf	40-49	45
People (clusters, groups, college leaders)	people	26-39	30
Recommenders	intlrecom	15
Colleges	collegect	14
ShareSynch Technical Supporter (OBS! Probably not fully configured in set_pw.php...!)	ssynchsupp	9
**External shipper Actually already implemented but not using access level, only a db lookup in main_ext_shippers each time we need to know.	extshipper	8
**Travel agents	travelag	7
Insurance agents	insuragent	6

• *) mostly same as administrators but only within selected date blocks, and no access to certain system wide features
• **) planned access levels - but probably just make it an extension to their main_people record - to avoid multiple l

When creating new access levels use this checklist:

• try to make unique abbreviations/access level names so they can be searched for
• add to table list_accesslevels
• add to get_user_main_menu(), format_accesslevel(), get_common_table_info()
• add to js_functions_phpmaker.js (syncLocalToAccesslevel() function)
• add to main_ext_loginslist.php (in section "Show mappings/localID")
• add to temp_userslist.php (add to switch() making the $emulate_qstr variable)
• add to php_functions_login.php => format_accesslevel()
• add permission and setup in set_pw.php to emulate and set user/password (if emulation should be possible)

Table permissions

Important notes: No records must be deleted if it has attached records in underlying levels Divisions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level

	View	Edit	Add	Delete
Admin	x	x	x	x
Divisions	x	x
Unions	x
Conferences/missions	x
People	x
External logins	x

Date blocks From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level

	View	Edit	Add	Delete
Admin	x	x	x	x
Divisions	x
Unions	x
Conferences/missions	x
People	x
External logins	x

Unions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level

	View	Edit	Add	Delete
Admin	x	x	x	x
Divisions	x	x	x	x
Unions	x	x
Conferences/missions	x
People	x
External logins	x

Conferences/missions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level

	View	Edit	Add	Delete
Admin	x	x	x	x
Divisions	x	x	x	x
Unions	x	x	x	x
Conferences/missions	x	x
People	x
External logins	x

Orientations sites From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level

	View	Edit	Add	Delete
Admin	x	x	x	x
Divisions	x	x
Unions	x	x
Conferences/missions	x	x
People	x
External logins	x

Note: Only admin can edit orientation date and city Hotel cities From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level

	View	Edit	Add	Delete
Admin	x	x	x	x
Divisions	x	x	x	x
Unions	x	x	x	x
Conferences/missions	x	x	x	x
People	x
External logins	x

Campaign sites From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level

	View	Edit	Add	Delete
Admin	x	x	x	x
Divisions	x	x	x	x
Unions	x	x	x	x
Conferences/missions	x	x	x	x
People	x
External logins	x

Field permissions

- only admin is allowed to change Active-fields - password field may never be entered/changed manually

File and folder permissions

Modify (666): php/files/*.* except index.php

Modify (777): php/files/logs_scheduled_jobs

Modify (777): php/files/satellite_exports

Modify (777): php/files/temp

Modify (777): php/files/uploads_shortlife

Modify (777): php/files/var_dumps

Modify (777): php/docs

Modify (777): php/docs -ALL SUBFOLDERS-

Modify (666): php/docs/exec_directors_B84H81BN8KBS8F/*Planning_Form*.xls

Modify (777): php/multimedia/ -ALL SUBFOLDERS -

Modify (666): php/multimedia/ -ALL FILES except index.php -

Modify (777): php/pdf_generated/ -ALL SUBFOLDERS-

Modify (666): php/pdf_generated/ -ALL FILES IN SUBFOLDERS- (in order to be able to overwrite them)

Modify (666): php/supportchat/log.txt

Modify (666): php/includes/jensenfw/*.js|*.js.php -ALL FILES - (for phpJSO to obfuscate the files)

Modify (666): php/includes/*.js|*.js.php -ALL FILES except those skipped in _obfuscate_js.php - (for phpJSO to obfuscate the files)

Modify (666): php/error_log (PHP's error logging (warnings, parse errors etc))

Modify ??? : OpenID filestorage location

Scheduler

• checking if we have all necessary information in time before campaigns begin
• sending reminders to people

Design concept

General guidelines

• if information is missing write something like "Awaiting information..."
• hide all e-mail addresses for public users and also for logged in users where they don't need to know the address

Date block branding images

• Trip detail page banner: 960 x 389 (larger is okay as long as ratio is kept)
• Trip overview page thumbnail (https://sharehim.org/upcoming-trips/): 290 x 170 (exact required)
• Email header banner: 564 x 168 (exact required)

They are uploaded to the WordPress Media Library as any other image there.

Rules, standards, notes, etc.

Abbreviations & definitions (terminology/glossary)

STM	support team member
OLT	Outreach Leadership Team
div (not the HTML tag)	division
un	union
conf	conference/mission
lang	language
local ID	ID from div, un, conf etc.
equipment	= 1 case
co-speaker	associate speaker
conf org / conforg	conference organizer
n/a	not applicable
shcfg	name of global variable that is an array with hardcoded configuration/settings for the entire project
shrun	name of global variable that is an array with values that have been set at runtime, usually in ini.php
acl	Access Control Layer (permissions)
NAD	North-American Division
number of open sites for a dateblock	number of sites minus applicants that has been approved by admin but not necessarily assigned to a site yet
event request	when a person requests to go to another campaign (paraphrased: "applying a second time at Global Evangelism" or technically "applying using eventrequest.php instead of apply.php)
date block	one series of mettings in a specific geographical area, with an opening date and a closing date
campaign	same as date block
application amount / deposit	These two terms are being used interchangeably and starting 2013 refers to the initial application amount that all international applicants must donate - except in connection with groups where we still call it a deposit.
participation amount	The terms used for referring to the total amount all international applicants (starting 2013) must donate, and is the sum of the application amount, 2nd donation amount, and final donation amount.
NWM	Not Worth Mentioning
curr	current
valerr valerrHTML	used in naming convention for variables holding validation error message for a field/piece of information - in plain text and HTML
hub city	exactly the same as a hotel city. We renamed the term hotel city to hub city.
ccard	credit card
authnet	Authorize.net
Centralizer	a system developed by Allan Jensen to easily set up webpages for maintaining data in database tables
pid	Person ID
offid	Officer ID
wrkid	Worker ID
choffid	Church office ID
did / divid	Division ID
uid / unid	Union ID
cid / confid	Conference ID
chid	Church ID
insttid	Institution ID
evbdgid	Event budget ID
pavid	Person availability ID
pcacid	Person/conference acceptance ID
pceid	Pre-campaign event ID
stid	Story ID
teid	Training Entity ID
taid	Training Accept ID
conforgid	Conference organizer ID
pressynch	Presentaion Synchronizer/Sermon Synchronizer (software)
collegect	College contact
ws	webservice
cspd	correspondent
site-fund	people or groups who needs to contribute financially to their own campaigns (1,200 $/site). REMEMBER! Instead of using the word "pay" we must always phrase it as "contributing" (or "donating") for tax-deductible reasons (see note in format_sitefund_indicatorHTML() ).
pre-funded	sites that are being funded by ShareHim or somebody else with the $1,200, that is, the speaker is not responsible for providing the funds
normal deadline	the latest date we will accept site-funding (the $1,200) before a campaign without adding the $100 rush processing fee. The date is fixed at 3 months before. The date is inclusive so that payments on this date does not enforce the extra fee.
TQH	The Quiet Hour / Quiet Hour Ministries
ARM	Adventist Risk Management

Applicant categories

A description of the different categories of applicants (IMPORTANT: Remember to consider co-speaker option, too).

Notation in brackets means is for a co-speaker in that category. Only used where applicable and where there is a difference.

	pastor	layman	academy	college	stm (support team member)	organizer
Table containing date block reference field	main_personevents	main_personevents	main_personevents	main_collegedateblocks	main_personevents	main_personevents
Can be co-speaker?	Yes	Yes	Yes	Yes	No	No
Can be team leader? (record in main_teams)	Yes [No]	Yes [No]	Yes [No]	Yes [No]	No	No
Can be team member? (use teamID field)	No [Yes]	No [Yes]	No [Yes]	No [Yes]	Yes	No
Can be group member (and group leader)?	Yes [No]	Yes [No]	Yes [No]	Yes [No]	No	Yes
Facilitator value?	Yes	Yes	Yes	Yes	No	No
Needs recommendation for international campaigns?	Yes	Yes	Yes	Not applicable	No	No
Needs acceptance for homeland campaigns?	Yes	Yes	Yes	Not applicable	No	No
Allow standby event?	Yes	Yes	Yes	Yes	No	No
Recommender value?	If NAD division: RecommenderID	If NAD division: RecommenderID	If NAD division: RecommenderID	CollegedateblockID	No	No
Recommender comments value?	Yes	Yes	Yes	Yes	No	No
Reference	Ministerial secretary	Pastor	Academy	-none-	-none-	-none-
Reference value?	Yes	Yes	Yes	Yes	No	No
Ranking value?	Yes [No]	Yes [No]	Yes [No]	Yes [No]	No	No
Flight information?	Yes	Yes	Yes	Yes	Yes	Possible
Room sharing value?	Yes	Yes	Yes	Yes	Yes	Possible
Subject to cluster, group, and date block size limitations?	Yes [No]	Yes [No]	Yes [No]	Yes [No]	No	No
Can have graphics equipment booking?	Yes	Yes	Yes	Yes	No	Yes???
Table with possible related records	main_teams [no] main_groups [no] main_sites [no] main_equip_booking [no] main_campaign_material main_report main_experiences main_pwquestions	main_teams [no] main_groups [no] main_sites [no] main_equip_booking [no] main_campaign_material main_report main_experiences main_pwquestions	main_teams [no] main_groups [no] main_sites [no] main_equip_booking [no] main_campaign_material main_report main_experiences main_pwquestions	main_teams [no] - main_sites [no] main_equip_booking [no] main_campaign_material main_report main_experiences main_pwquestions	- - - - - main_report main_experiences main_pwquestions	- - - - - - - main_pwquestions

Common for all:

• a record in main_personevents

Operations allowed at the different stages in the application process

	Waiting for recommendation	Waiting for acceptance	Waiting for approval	Waiting on standby
Select as active event (eventchange.php)	No	No	No	No
Enter flight arrival info (menupeople.php)	Yes	Yes	Yes	Yes
Select room sharing preferences (menupeople.php)	Yes	Yes	Yes	Yes
People themselves delete the event (eventdelete.php)	No	No	Yes	Yes

Possible combinations of 'category' and 'cospeaker' and their allowed selection of dateblocks

This analyses is done to make sure that we have encompassed all possible combinations and their differences and validity.

Some general definitions of which the following analyses is based on:

• we have 3 different definitions of allowed dateblock selections:
  • dateblocks within a college
  • dateblocks that still has open sites (see definition above under 'Abbreviation & definitions')
  • dateblocks that has not passed their closing date, and therefore still accepts applications
• a cospeaker from a college, can only select date blocks defined for that same college (similar to a def. in next analyses)

Complete definition table

	cospeaker = 0	cospeaker = 1
pastor	open sites	unclosed
layman	open sites	unclosed
college	college defined	college defined
academy	open sites	unclosed
stm	unclosed	-
organizer	unclosed	-

Definitions encompassing all derived conclusions from the above table

category = college & cospeaker = 0|1	Only dateblocks defined for that college	Note: Since cospeaker doesn't matter, we don't consider that when dealing with a category=college.
category = pastor|layman|academy & cospeaker = 0	Only dateblocks that still has open sites
category = pastor|layman|academy & cospeaker = 1	All unclosed dateblocks
category = stm|organizer & cospeaker = 0	All unclosed dateblocks
category = stm|organizer &	-invalid combination-	Note: Since this is an invalid combination, we don't consider cospeaker when dealing with stm & organizers

Possible combinations of speaker's support team members and their dateblock link (for when selecting members)

This analyses is done to make sure that we have encompassed all possible combinations and their differences and validity.

Some general definitions of which the following analyses is based on:

• a cospeaker from a college, can only be a cospeaker to a speaker from that same college (similar to a def. in former analyses)
• a speaker can have 2 types of support team members:
  • stm (normal)
  • pastor|layman|academy (but not college) cospeakers
• of course a non-cospeaker cannot be a support team member
• of course stm & organizers cannot be cospeakers - the dateblock link of college students is, contrary to the other types, stored in collegedateblocks

Complete definition table

Speaker	Possible support team members	Speaker dateblock link table	STM dateblock link table
pastor	- pastor|layman|academy & cospeaker - stm	personevents	personevents
layman	- pastor|layman|academy & cospeaker - stm	personevents	personevents
college	- pastor|layman|academy & cospeaker - stm	collegedateblocks	personevents
college	- college & cospeaker	collegedateblocks	collegedateblocks
academy	- pastor|layman|academy & cospeaker - stm	personevents	personevents

Definitions encompassing all derived conclusions from the above table Note: keeping the dateblockID link in collegedateblocks makes it possible to move all college students from one college to another dateblock with a simple change (considering strict normalization of databases this is the correct way to do it). On the other hand it complicates when dealing with dateblockID for speakers. (At the point of time of writing this the question is whether to do one or the other - whether I already have figured out the ways to go about this difference - which I think I have... since I have made SQL queries for both finding all speakers within a dateblock and finding all stm within a dateblock)

speaker category = pastor|layman|academy	All has the same possible dateblock link tables
speaker category = college & stm category <> college & cospeaker = 1	Speaker dateblock link is in 'collegedateblocks', stm dateblock link is in either 'personevents' or 'collegedateblocks'
speaker category = college & stm category = college & cospeaker = 1
speaker category = [any] & stm category = [any] & cospeaker = 0	-invalid combination-	Note: Since this is an invalid combination, we don't consider cospeaker when dealing with category=college

Update: To simplify the SQL statement the field eff_dateblockID (effective dateblockID)

Organizer's responsibility group/scope

NOTE: This is our goal but it doesn't mean that the system is working exactly like this yet! Some development probably needed in this area. An organizer can be responsible for the following groups of people depending on his setup:

Setting	Responsibility group
Not in any group or cluster	All people in date block
Member of a group	All people in the same group
Member of a cluster	All people in the same cluster

For his group of people the areas he can work in include (but is not limited to):

- maintaining their personal record
- entering flight information
- making hotel room reservation
- booking or unbooking graphics equipment
- probably also assigning/unassigning team members???

Multiple events

- on the people's own menu they work with one event at a time - they select themselves which one they want to work with

Website Layout & Coding Format

• generally aim at a minimum screen resolution of 1024x768 pixels
• most website users use IE so it's must be compatible with the newest versions
  • but most browsers can be expected (because of a large user group)
• a menu area and a main area
• light background color/texture
• use default font sizes/families and styles unless something needs to be emphasized or de-emphasized
  • use < b >
  • use or the CSS class "dimmed" for less important text
• don't follow coding structure of main_*.php and list_*.php (generated by PHPMaker) but rather story_menu_admin.php
  • complexity of search and sorting features needs to be considered for every case (sometimes needed, otherwise just simple)
• standard date format: mm/dd/yyyy
  • started writing LOCAL-DATE places where we eventually will localize the date format for user's country
    • consider if strftime() (or strftime_new() in adventsangerne.no) can be used for something
• standard number format: ##,###,###.##
• always use require_function() for defining functions to use. Never include file directly.
• when validating date use $err_occurs_on_page to count how many errors occur. The validation functions also uses this variable.
• recommended to use query string variable "act" when requesting a page with a command to do some operation
• see additional coding format specifications in "Programming principles - Allan.txt"

E-mails

• e-mail addresses must never be shown to the public. They must be presented with a form to be filled out instead.
• general e-mails should bounce to bounce@sharehim.org, while all other e-mails should bounce to the sender address
• format of the unique Mailer ID that can be used in e-mails: X-Mailer-ID: #SRCID#MAIL#FEST07-2#PID686#

Check queries

• IMPORTANT: check that all speakers in a college within a cluster have personevents.clusterID filled out accordingly
• check that all homeland date blocks have at least one conference defined in main_dateblockconfs
  • SELECT main_dateblocks.* FROM main_dateblocks LEFT JOIN main_dateblockconfs USING (dateblockID) WHERE homeland = 1 AND main_dateblockconfs.conferenceID IS NULL ORDER BY title
• conferences, unions etc. have their upper level record
• orphaned group members
• speakers both being group leader and group member
• check that group date block matches the members date blocks
• speaker who haven't been issued any material (use code from _db-query.php)
• check that STMs that are member of teams are also member of that date block
• check that no delete-marked events are found in main_people.active_personeventID
• delete active_personeventIDs that do not exist in main_personevents (maybe obsolete now)
  • _db-query.php: "CLEAR ACTIVE_PERSONEVENTIDs THAT ARE NOT EXISTING IN PERSONEVENTS"
• check that all people in homeland campaigns are members of clusters
• check date block dates:

SELECT dateblockID, title, opening_date, appl_closed_date, data_lock_date, TO_DAYS(closing_date) - TO_DAYS(opening_date) AS days_duration, TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) AS days_before_appl_close, TO_DAYS(closing_date) - TO_DAYS(data_lock_date) AS days_lock_date_before_closingdate
FROM main_dateblocks
WHERE
    TO_DAYS(closing_date) - TO_DAYS(opening_date) <> 15 /* days_duration */
    OR TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) < 0 /* days_before_appl_close */
    OR TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) > 90 /* days_before_appl_close */
    OR TO_DAYS(closing_date) - TO_DAYS(data_lock_date) < -10 /* days_lock_date_before_closingdate */
ORDER BY opening_date

• check pe_eff_siteID integrity:

SELECT main_personevents.personeventID, main_personevents.personID, main_sites.siteID, pe_eff_siteID, main_personevents.categorymoved, main_personevents.cospeaker, main_personevents.eff_dateblockID
FROM main_personevents
LEFT JOIN main_sites ON main_personevents.personeventID = main_sites.personeventID 
WHERE (main_personevents.pe_eff_siteID <> main_sites.siteID
OR (main_personevents.pe_eff_siteID IS NULL AND main_sites.siteID IS NOT NULL) 
OR (main_personevents.pe_eff_siteID IS NOT NULL AND main_sites.siteID IS NULL))
AND cospeaker = 0 AND categorymoved NOT IN ('stm', 'organizer')

• check if we have any visits with any of the user agents currently listed in class webstory -> $skip_useragent_keywords
• occasionally removed unused queries:
  • delete_query(false, array('queryID' => 0, 'queryID_compare' => '>=')); //it will auto probibit deleting used queries
• check that pastor e-mail addresses match e-mail address in our records (system should prohibit it though so any records shown here might be a result of a problem in the system. Also see e-mails with subject "E-mail changed" of 2010-09-06 and 2011-03-10):
  • SELECT main_people.personID, legal_firstname, legal_lastname, main_people.email, main_officers.email AS conf_email, pw FROM main_people INNER JOIN main_officers ON main_people.personID = main_officers.personID WHERE main_people.email <> main_officers.email

Dropdowns

• dropdowns binding a record to it's upper level must only show the upper level values within that branch of the tree

Boolean fields

All boolean fields (yes/no) have the field type TINYINT.

• 1 = yes / true
• 0 = no / false

This makes it easier to determine false and true in PHP.

Some fields also have additional special values like -1 or 2.

Use the label "- not set -" if the boolean value has not been set.

Adding/removing fields for, or links to, person record in main_people

• when deleting a person (main_persondelete.php and delete_person() ) consider this new field
• when merging a person (merge_person() ) consider this new field
• for foreign keys linking to main_people.personID, add a reference in person_alldata.php
• consider necessary changes to ShareHim Satellite

Deleting applicants

Deleting an applicant (meaning that he doesn't want to participate in the program anyway or he has been denied) does not result in an actual removal of the person from the database. We only delete the personevent record.

Deactivating records

To deactivate a record would be a very rare occurrence, only for example if a division re-organizes it's unions. In that case we deactive the unions that are no longer existing and by that we also cancel all current activities for those unions, like equipment booking and scheduled material shipments. This must/can then be re-booked and re-scheduled for the new unions created in stead. This is an example of the principle of deactivating records and theirs effects on the system.

User menus

• Procedures (= links) that aren't applicable at present should be grayed out
  • e.g.: only make active link to match speakers if there are any speakers that need to be matched
  • This will make an easy todo-list overview for the user
  • Group these kind of procedures together on the menu

External links and webservice consumers

The following external places link into pages on the website:

/add-new-campaign	NOT YET IMPLEMENTED ShareSynch software (for people to apply for a homeland Speaker-Initiated Campaign)
/sharesynch	ShareSynch software (for manual activation and for manually downloading updates if the automatic fails)
/hiswayofhope-order-new-disc	NOT YET IMPLEMENTED ShareSynch software (for upgrade to newer version where they need new disc)

The following systems are calling webservices on our website:

/php/sharesynch_activate_online.php	ShareSynch software (automatic activation)
/php/sharesynch_data_exchange.php	ShareSynch software
http://update-check-ss4.sharehim.org/?os=###&ver=#.#.### http://update-check-ss4.sharehim.org/#.#.###.msi (Windows) http://update-check-ss4.sharehim.org/#.#.###.zip (Mac)	ShareSynch software checking for updates (versions 4.0.106 and earlier are checking http://www.translatesermons.com/ss4/curver.txt, version 4.0.107 is checking http://software.sharehim.org/ss4/curver.txt but that version was never really used by anyone) "#.#.###" is the version number found in the curver.txt file.
/php/system_twilio_callback.php (callback specified in each request) /php/_twilio_receive.php (specified on Twilio account)	Twilio.com (SMS and voice service)
/php/system_authorize_net_callback.php	Authorize.net (payment processor)
/php/run_scheduled_daily_save.php	Called from cron jobs on server itself and from allanville.com
https://sharehim.org/ http://sharehim.org/contact	Facebook app (under the account "ShareHim Idea Network") is referring to these URLs (https://developers.facebook.com/apps/475912035761756/settings/)
/php/ws.php?ws=add_goodsalt_order&f=json	GoodSalt order system (NO LONGER USED)

Address formats

3 different formats (currently not differencing USA/Canada):

• USA
  • Street/PO
  • City, State, Zip
  • Country
• Canada
  • Street/PO
  • City, Province, X#X-#X#
  • Country
• Other
  • Street/PO
  • Postal information
  • Country

Telephone formats

On forms where people enter their phone number they need to enter the number WITHOUT country code and WITH area number.

On forms where people edit their phone number we will show a plus (+) and the country code in front of that number. We can do that since we have the country code for all countries in the table list_countries.

Log actions

Used in `sharehim_log` database in table `system_operations`, fields `action` and `subaction`

person	added deleted updated merged name corrected changed recommendation status acceptance requested (= e-mail requesting acceptance has been sent to the conference) accepted (by receiving field => homeland conference) rejected (by receiving field => homeland conference) acceptance reverted acceptance request cancelled
person event	updated activated (standby event was activated) downgrade to standby (actual event was downgraded to standby event) changed main speaker
site-funding	fulfilled revoked
event	added standby added deleted standby deleted undeleted moved (so far only used in move_college_group() )
email sent	[blank] site-funding reminder pastor passwords
category changed
application	new recommendation requested (= e-mail requesting recommendation has been sent) recommended (by sending field => specified recommendators) unrecommended (by sending field => specified recommendators) NO LONGER ISSUED: acceptance requested (= e-mail requesting acceptance has been sent) NO LONGER ISSUED: accepted (by receiving field => homeland cluster leader) NO LONGER ISSUED: rejected (by receiving field => homeland cluster leader) approved (by ShareHim administrator) denied (= event denied) (by ShareHim administrator) status reverted
availability	added deleted moved
people search
login	success failed emulated
logout
password	generated/changed
group	created deleted (not yet implemented as of 8/4-05) leader changed
cluster	leader changed
college dateblock	leader changed
campaign site	added (type=speaker-init comes under this as well) moved approved (used for speaker-init events) declined (used for speaker-init events)
dateblock	added modified deleted hub city/sites moved
story	deleted
donation	deleted
equipment	caseID replaced
equipment booking	created deleted changed
serial-no	deleted

Table might not yet be complete. (use SQL from file "Code pieces/SQL statements.txt" to make it complete)

IMPORTANT NOTE:

• to minimize number of records the following log actions are deleted once in a while (after taking a local backup of the whole database so we have the information just in case we need it):

DELETE FROM system_operations WHERE `action` = 'campaign site' AND subaction = 'added'; /* date added is registered in main_sites anyway */

DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'success';

DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'failed';

DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'emulated';

DELETE FROM system_operations WHERE `action` = 'logout' AND subaction IS NULL;

Change Log prefixes

The following prefixes are used when entering comments in the CVS repository (see notes below the table):

ADD: When features/functional behaviours are added

CHG: When features/functional behaviours are changed

FIX: When a bug has been fixed

IMPROV: When features/functional behaviours have been improved (and it's neither a decided FIX, CHG, or ADD)

REMOVE: When a functional behaviour or out-dated code has been removed

UNDO: Undo a previous commit (usually the previous one of that file)

Any prefix can have " NWM" appended when it is a change that is "Not Worth Mentioning".

Any prefix can have " MAJOR" appended when it involves a major functionality change or upgrade.

The prefix is following by a colon, a space, and then the description. Examples:

ADD: link to change password

FIX NWM: corrected spelling

ADD MAJOR: donation management system

In very rare cases a prefix is not applicable and therefore not used.

If only functions have been changed we write a comma-seperated list of their names with "()" appended. For example:

ADD: get_dateblocks(), get_dateblock_info(): also return mediafolder field

If both functions and code in other places have been changed, we write the description normaly, but in the end list the functions that have been changed and/or added. For example:

ADD: interface for the new date block field mediafolder. Functions modified: get_dateblocks(), set_dateblock(). Functions added: get_mediafolder()

The same applies for JavaScript functions, but then we write "JS" with the parenthesis, for example: get_field_value(JS)

For PHP classes we write like this: 'class webservice_server'

The point here is to always add the names of functions and classes that are changed, so that it's possible to search CVS for all changes regarding those functions/classes.

Possible improvement (=not yet used): there should actually also be a keyword for deciding whether or not the entry should be seen for the general users of the website, so they know which changes have been made to the website that affect their work. Eg. "technical modification" or "functional modification".

Code-related tags

Codes that are put different places in the source code to link together different pieces of code that are related - to make it easier to maintain it and remember other places where we are dealing with the same thing. It's important that these tags are unique through ALL text files in the project so that they are easy to search for. Always write them in upper case.

INTL-EVENT-EMAIL	Places in code where we send e-mails related to international events.
KOREAN-EXCEPTION	Code dealing with the Korean Council customization in NAD division.
SHOW-CURRENT-DATES-FOR-MASTER-SITE	The places that we show current existing campaign dates for a master site.
TERMS-FOR-ASSIGNING-HOMELAND-SPEAKER	Places where we write the terms for assigning a speaker to a homeland campaign date
DIALOGBOX-LIKE-MESSAGE
LIST-CHURCH-PASTORS
CHECK-STORIES-LINKED-TO-SITE
CHECK-STATS-LINKED-TO-SITE
SEND_EMAIL_WHEN_ACCEPTED
DETERMINE-SENIOR-PASTOR	Places where we determine who is the senior pastor for a church
BLOCK-SAME-DIVISION-APPLICANTS	Block applicants from applying to date blocks in their own residence division
NOTIFY-NON-EUD-HOMELAND-APPLICANTS	Code for notifying non-EUD applicants about homeland campaigns in EUD
HOMELAND-JESUSVIDEO-USES	Places where we determine if we should deal with the Jesus video language in the homeland
OPENID-ENTRY-CODE	Places with code for OpenID that public users see. Can hide these pieces in case we want to disable it.
PROHIBIT-LOGIN	Places with code for prohibiting login from users who signed up for international trips from summer 2015 forward. We don't want them to think they have a user with us.
SKIPPED-TRANSL	Places in homeland system where I have skipped translating something
QUEST or QUEST-EXPERT	Questions I have for other (expert) programmers about issues I'm unsure about.
WATCHFUTURE	Things we need to keep an eye on in the future as project develops
TODO	Places in the code where I need to do something.

System entry points

Places where user will enter this system (might not be a complete list - check also with login.php)

• index.php
• login.php
• menu*.php
• recommend.php (recommenders go directly to here)

SQL sentences

Relationships up through the main line:

main_translations

INNER JOIN main_sites ON main_translations.siteID = main_sites.sideID

INNER JOIN main_hotels ON main_sites.hotelID = main_hotels.hotelID

INNER JOIN main_conferences ON main_hotels.conferenceID = main_conferences.conferenceID

INNER JOIN main_unions ON main_conferences.unionID = main_unions.unionID

INNER JOIN main_dateblocks ON main_unions.dateblockID = main_dateblocks.dateblockID

INNER JOIN main_divisions ON main_dateblocks.divisionID = main_divisions.divisionID

Return all sites for a orientation/dateblock (the opposite direction of above):

SELECT main_sites.*

FROM main_orientations

INNER JOIN main_dateblocks ON main_orientations.dateblockID = main_dateblocks.dateblockID

INNER JOIN main_unions ON main_dateblocks.dateblockID = main_unions.dateblockID

INNER JOIN main_conferences ON main_unions.unionID = main_conferences.unionID

INNER JOIN main_hotels ON main_conferences.conferenceID = main_hotels.conferenceID

INNER JOIN main_sites ON main_hotels.hotelID = main_sites.hotelID

UNION query to obtain all users:

SELECT coord_email AS email, coord_pw AS pw, 'div' AS accesslevel FROM main_divisions WHERE coord_email is not null AND coord_pw is not null

UNION ALL

SELECT coord_email AS email, coord_pw AS pw, 'un' AS accesslevel FROM main_unions WHERE coord_email is not null AND coord_pw is not null

UNION

SELECT coord_email AS email, coord_pw AS pw, 'conf' AS accesslevel FROM main_conferences WHERE coord_email is not null AND coord_pw is not null

UNION

SELECT email, pw, 'people' AS accesslevel FROM main_people WHERE email is not null AND pw is not null

UNION

SELECT email, pw, accesslevel FROM main_ext_logins WHERE email is not null AND pw is not null

When mail provider changes IP (eg. causing mail queue just filling up)

Emails from the website is sent via Google Apps but system emails are still sent using this.

Steps to fix:

1. Get IP of nslookup yourmailserver.com
2. If IP has changed, stop postfix sudo /etc/init.d/postfix stop
3. sudo nano /etc/postfix/main.cf to update relayhost with new IP address and/or port
4. sudo nano /etc/postfix/sasl_passwd to add new IP/port
5. Delete old encoded sasl database: sudo rm /etc/postfix/sasl_passwd.db
6. Generate new encoded database: sudo postmap hash:/etc/postfix/sasl_passwd
7. Start postfix sudo /etc/init.d/postfix start
8. Send test message by: mail -s testing allan@sharehim.org. Next, type a line of text and then press Ctrl+D to send it.
9. Verify log file looks correct
10. Verify email made it though
11. If good, then lets try to resend and flush the queue: postqueue -f
12. View log file to see if messages start going out OK while checking status of postqueue -p to verify queue is decreasing

Servers

Sub-domains

Domain Name	Usage description
app.sharehim.org	Used by the Prayer & Friendship smart phone app
festival.sharehim.org	Site with info about the festival events use used to have. Currently redirects to main domain.
moore.sharehim.org	Pointing to Benny's house but not used for anything specifically
newsletter.sharehim.org	Holding some content (images) for the newsletters sent in the period 2012-2013
secure.sharehim.org	Used to be the domain for https but since we changed everything to https in beginning of 2016 this domain can be removed once all search engines have updated all their links to it
software.sharehim.org	Used by ShareHim Presenter and ShareSynch to check for and download updates
support.sharehim.org	Pointing to John Lucas. He has some documentation etc there.
svn.sharehim.org	Used by the Subversion server
test.sharehim.org	The testing site of the main site
tn1.sharehim.org	Distribution server for downloading sermon material
update-check-ss4.sharehim.org	ShareSynch uses this domain for checking for updates (see this for details)
webserver.sharehim.org	For sending email to the main sharehim.org server (only for internal use, it might not even be set up for receiving mail from the outside even though an MX record has been set up for it)
calendar.sharehim.org drive.sharehim.org mail.sharehim.org sites.sharehim.org	Domains related to our Google for Business account which handles all our email
*.365.sharehim.org	Domains required for the setup of our Office365 account (that we currently don't use at all, it just sits there)

Server setup

Main webserver installation

• Apache/PHP and all the domains
• Subversion (probably good instructions: http://stackoverflow.com/questions/60736/how-to-setup-a-subversion-svn-server-on-gnu-linux-ubuntu)
• Fail2ban
• Iptables
• Clamav?
• Postfix?
• SpamAssassin? (currently installed?)
• Dovecot? (is currently not installed)

• FTP: Uninstalled ProFTPp on 2016-04-10 after Chuck no longer needed to access the server. The configuration files are still there in /etc/proftpd and /etc/proftpd.orig though.

Installing WordPress

• To make WordPress not require use of FTP for updating, plugin and theme installs, www-data must be the owner all files and directories. Just setting even 777/666 permissions is not enough.

Installing updates

For Debian-based distributions do the following, all as root:

• apt-get update
• apt-get -dy dist-upgrade

After all packages have been downloaded successfully, then perform the actual install:

• apt-get dist-upgrade

Installing Let's Encrypt SSL certificates for https

(Source)

Do the following in your home folder:

git clone https://github.com/letsencrypt/letsencrypt

cd letsencrypt

./letsencrypt-auto --apache -d subdomain.domain.com

Syncing between Linux and Google Drive/S3/other cloud services with rclone

WARNING! rclone is not stable enough, at least as of 2016-11. It fails uploading some files and uploads some files twice. So I ended up using Total Commander with Cloud plugin instead - and it's folder sync tool. Mac alternative could maybe be: http://www.expandrive.com/, https://itunes.apple.com/us/app/sync-folders/id530573877?mt=12 These tools doesn't work for making backups though...

• Download rclone from http://rclone.org/downloads/
• Extract and put "rclone" in /usr/local/bin/ (and give it execute permissions)
• Run "rclone config" and create a new remote.
  • Google Drive:
    • Name: type an appropriate name (eg. "SharehimGDrive")
    • Client ID: leave blank
    • Client secret: leave blank
    • Use auto config?: no
    • Open the link it provides in a browser and paste the resulting code
    • Test with eg. "rclone lsd SharehimGDrive:" to list root content
    • If you get the error "The domain policy has disabled third-party Drive apps" following these directions: http://stackoverflow.com/a/14502443/2404541
  • Amazon S3:
    • Get access key, secret key, and region from pw manager.
    • Test with eg. "rclone lsd SharehimS3:sharehim" to show files in the root of the "sharehim" bucket.

It can even sync between two cloud services (= remotes). We use it to backup S3 to Google Drive, as well as backing up tn1 to Google Drive.

Note that when sync'ing the current version 1.28 doesn't delete folders on the destination that have been deleted on the source side. Only all the deleted files are being removed. Watch here for updates: https://github.com/ncw/rclone/issues/100#issuecomment-206783804

See also http://wiki.linuxquestions.org/wiki/Rsync_with_Google_Drive

Automated systems accessing the server via SSH

• External database backup system (at developer's location)
• Developer's file upload systems

Server data breach procedures

• Change server user account passwords
• Change database user account passwords
• Change AWS S3 access key (ini_serverconfig.php)
• Change eAdventist account password (ini_serverconfig.php)
• Change AdventistDirectory account password (ini_serverconfig.php)
• Change DYMO Endicia account password (ini_serverconfig.php)
• Change MaxMind access key (is this possible?!) (ini_serverconfig.php)
• Change Authorize.net transaction key (ini_serverconfig.php)
• Change password for email account receiving bounces (ini.php)
• Anything we can do with sermon software private key? (ini_sharesynchconfig.php)

Software

Generic documentation

Signing the installers with a code signing certificate

Getting the required files

On 2016-04-18 we purchased a 5-year certificate from http://codesigning.ksoftware.net/ (we found cheaper prices elsewhere (here) but they matched that and gave us a discount code for $56.94/yr for a 5-year period).

When making the purchase the default options are fine. Choose:

• "Microsoft Enhanced Cryptographic Provider v1.0"
• Key size of 2048
• Exportable (CHECKED)
• NOT user protected (DO NOT CHECK)

Export the certificate after going through the process. It is auto-installed to IE. To export the certificate, follow the directions here: https://www.godaddy.com/help/exporting-a-code-signing-certificate-from-internet-explorer-or-firefox-4782 Make sure to choose to export the private key. Do NOT select any options to delete the private key if the export is successful.

Do the following to convert the exported PFX code signing file to PVK and SPC (source):

1. Ensure OpenSSL is installed (get here or here).
2. Download the PVK Transform Utility (Allan has a local copy).

3. openssl pkcs12 ‐in ShareHim.pfx ‐nocerts ‐nodes ‐out tmp_file1.pem

   Allan has the pw in pw manager.

4. pvk ‐in tmp_file1.pem ‐topvk ‐out ShareHim.pvk

   Enter password to be used for signing files (Allan has it in pw manager).

5. openssl pkcs12 ‐in ShareHim.pfx ‐nokeys ‐out tmp_file2.pem

6. openssl crl2pkcs7 ‐nocrl ‐certfile tmp_file2.pem ‐outform DER ‐out ShareHim.spc

7. Delete the temporary .pem files (I believe there is no need for them anymore)

Signing on Windows

http://stackoverflow.com/questions/1451959/where-do-you-download-signcode-exe-and-other-tools

K Software also provide a tool for signing files: http://codesigning.ksoftware.net/#ksign

Signing on Linux

http://stackoverflow.com/questions/18287960/signing-windows-application-on-linux-based-distros

Using osslsigncode

The advantage of osslsigncode is that the password can be specified as a command line option, so it's easier to automate. It also works on both .exe and .msi files.

For it to work with .msi you need to run the configure command as ./configure --with-gsf, which will require you to do apt-get install libgsf-1-dev. If you don't need support for .msi you don't need gsf.

Also, if configure complains about Curl you need to install the package libcurl4-openssl-dev (source).

osslsigncode sign -certs /home/allan/code_signing_files/ShareHim.spc -key /home/allan/code_signing_files/ShareHim.pvk -pass <pvk-password> -n "ShareHim Presenter" -i https://sharehim.org/ -in /var/www/ShareHim-Presenter-xxxxxxxxx.exe -out /var/www/ShareHim-Presenter-xxxxxxxxx-signed.exe

The -n parameter should be the name of the program. It is shown to the end-user in User Account Control dialog box when the installer is executed.

Using Mono's signcode

Make sure you follow all the directions for Debian 8+ for adding the package repositories. Only need to install the mono-devel package. Run the following command to sign the .exe file:

signcode -spc /home/allan/code_signing_files/ShareHim.spc -v /home/allan/code_signing_files/ShareHim.pvk -a sha1 -$ commercial -n "ShareHim Presenter" -i https://sharehim.org/ -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 10 /var/www/ShareHim-Presenter-xxxxxxxxx.exe

The -n parameter should be the name of the program. It is shown to the end-user in User Account Control dialog box when the installer is executed.

It cannot sign .msi files though.

ShareHim Presenter

Compiling sermons

ShareSynch

Services

Salesforce

Basic setup

1. Add fields to Contacts (Setup > Customize > Contacts > Fields):
   • ShareHim_Person_ID
   • ShareHim_LastModified
   • JobTitle
   • Company
   • Spouse
   • Email Invalid
   • Receive newsletter? (Picklist)
   • Do Not Contact Reason (Text)
   • No General Mailings (Checkbox)
   • Hide person from public? (Checkbox)
2. Fields Contacts page layout (Setup > Customize > Contacts > Page Layouts)
   • Remove these:
     • Do Not Call
     • Email Opt Out
     • Fax Opt Out
   • Add these:
     • Do Not Contact (a field defined in NPSP)
3. Enable picklist for State and Country fields: http://resources.docs.salesforce.com/204/14/en-us/sfdc/pdf/state_country_picklists_impl_guide.pdf
   • Synchronize their default list of countries with ours.
     • The integration value may NOT be the same as the code. I used the full name value instead.
4. Add custom object ContactAddress (for storing additional addresses for Contacts) (Setup > Create > Objects)
   • The standard field with Field Name "Name" should be made an AutoNumber field instead of Text field.
   • Fields to add (see used field names in the WSDL):
     • Contact (Master-Detail)
     • Type (Picklist)
     • Label (Text)
     • Address (Text)
     • City (Text)
     • State (Picklist - from global list "States & Provinces" that we created)
     • Zip (Text)
     • Country (Picklist - from global list "Countries" that we created)
     • ShareHim PersonAddress ID (Number) (only visible by Admins)
     • ShareHim LastModified (Date/Time) (only writable by Admins)
5. Add custom object ContactPhone (for storing additional phone numbers for Contacts) (Setup > Create > Objects)
   • The standard field with Field Name "Name" should be made an AutoNumber field instead of Text field.
   • Fields to add (see used field names in the WSDL):
     • Contact (Master-Detail)
     • Type (Picklist)
     • Label (Text)
     • Country (Number)
     • Phone Number (Text)
     • ShareHim PersonPhone ID (Number) (only visible by Admins)
     • ShareHim LastModified (Date/Time) (only writable by Admins)
6. Edit the page layout for contacts (Setup > Customize > Contacts > Page Layouts > Contact Layout) and add the fields for the custom objects we created.
7. Add custom objects for dropdown fields where we want to use separate values and labels (instead of using picklists)
   • "OptionList Receive Newsletter"
   • Add the label field to the lookup dialog (Setup > Create > Objects > [name of object] > Search Layouts section > edit the "Lookup Dialogs" layout)
8. Add custom objects to the list of tabs, so you can get to manage the data (https://help.salesforce.com/apex/HTViewHelpDoc?id=creating_custom_object_tabs.htm&language=en)
9. Set up outbound messaging to send Contact to sharehim.org every time a Contact is created or edited
   • Make outbound message to https://sharehim.org/php/system_salesforce_callback.php (Setup > Create > Workflow & Approvals > Outbound Messages)
   • Create rule for Contact object, evaluate on create and every time it's edited, and use a formula for rule criteria which is "1=1" (Setup > Create > Workflow & Approvals > Workflow Rules)
10. Set password to API user to never expire
    • Go to Setup > Manage Users > Profiles
    • If you can't change the profile the API user is using, clone it and click it, then select System Permissions > Edit > Password Never Expires > put a checkmark
    • Then assign this profile to the API user
11. IF USING SOAP API: Generate new WSDL (Setup > Develop > API > Generate Enterprise WSDL)
    • Put it in /php/includes/salesforce_toolkit/enterprise.wsdl.xml
12. Enable truncating custom objects (Setup > Customize > User Interface > put checkmark at "Enable Custom Object Truncate")

Installing MailChimp for Salesforce

• Get it: https://appexchange.salesforce.com/listingDetail?listingId=a0N3000000B3byfEAB&tab=g
• Setup guide: http://kb.mailchimp.com/integrations/salesforce/install-mailchimp-for-salesforce

Backup

Database backup on webserver

• Script /var/www/sharehim.org/mysql-backup.phpcli run by cron daily at 04:00 and 20:00 EST.
• User/pass config file used by this script is located at /etc/mysqlbackup.cnf

(Ideas: https://www.everythingcli.org/secure-mysqldump-script-with-encryption-and-compression/ )

Files backed up from webserver

• /etc
• /home
• /root
• /usr/local/bin
• /var/log
• /var/www

Using CrashPlan. See installation and managing instructions at https://support.code42.com/CrashPlan/4/Configuring/Using_CrashPlan_On_A_Headless_Computer (maybe also https://www.liquidstate.net/installing-crashplan-on-a-headless-linux-server/)

Files backed up from tn1.sharehim.org

• rclone sync /var/www/ "SharehimGDrive:/backup/tn1_server/-var-www-/"
• rclone sync /storage/ "SharehimGDrive:/backup/tn1_server/-storage-/"

See here for setup of rclone.

Files backed up from Amazon S3 bucket

• rclone sync SharehimS3:sharehim SharehimGDrive:/backup/s3_sharehim/

See here for setup of rclone.

System Log Book

• 2003-07-18: Launched new dynamic website for public
• 2004-04-29: Installed and activated new logo/design from JCG
• 2004-07-15: Started attaching PDF files to insurance/service req/sending fields reminders
• 2004-08-16 14:37: Switched to new 2.6 Ghz server
• 2004-08-22: System ready to handle homeland date blocks
• 2004-09-13: Deleted teamIDs that didn't have a personeventID or event for the speaker was deleted
• 2004-09-19: Starting registering categorymoved and collegedateblockIDmoved in main_personevents
• 2005-01  : Switched to new server (dual xeon). Old CGI counter stopped at 195577
• 2005-01-31: Started sending out event reminders to people
• 2005-03-24: Activated WebStory visitor statistics
• 2005-04-17: Restructure category, phase 1/4 completed: confirmed no problems with setting both category and categorymoved
• 2005-06-07: Restructure of room sharing preferences implemented
• 2005-06-07: Disabled CGI counter and started using WebStory information (CGI stopped at 230840 counts)
• 2005-06-19: Restructure category, phase 2/4 completed: rewritten all code to use the new category and collegedateblockID fields (big job!)
• 2005-06-23: Restructure category, phase 3/4 completed: rewritten all code handle multiple categories for one person
• 2005-06-23: Restructure category, phase 4/4 completed: delete all collegedateblockID values from the recommender field, and rewritten rest of code
• 2005-08-02: Enabled MySQL Query Cache
• 2005-08-05: Standby events, phase 1/4 completed: add database field and adjust all code for the new fields
• 2005-08-17: Restructure of approval process (from this date recommend_status, date_approved, is_eventrequest are accurate)
• 2005-09-12: Standby events completed
• 2006-03-16 16:34: Implemented/committed "Reports & Stories" section (took like 3-4 months to develop!)
• 2006-05-07: Campaign Site Statistics system
• 2006-05-24: Production server upgraded to PHP 5 but downgraded again!
• 2006-06-19: Code count: 133351 lines of code, 18290 lines of comments, 8832 blank lines
• 2006-06-23: Login: only check login once and use session variables to know if user is logged in validly
• 2006-10-11: Change term "hotel city" to "hub city". Functions renamed: get_hotelcity_info() to get_hubcity_info(), get_hotelcity_people() to get_hubcity_people(), get_hotelcitys_orientation_info() to get_hubcitys_orientation_info(), get_hotelcities() to get_hubcities(), get_dateblockhotel_info() to get_dateblockhubcity_info(), get_incomplete_hotel_info() to get_incomplete_hubcity_info(), get_person_hotelcity() to get_person_hubcity(), add_hotelcity_to_cluster() to add_hubcity_to_cluster(), get_dateblock_hotelcities() to get_dateblock_hubcities(), link_hotel_to_dateblock() to link_hubcity_to_dateblock(), compose_group_from_hotelcity() to compose_group_from_hubcity(), get_orientation_hotelcities() to get_orientation_hubcities(), link_orientation_and_dateblockhotel() to link_orientation_and_dateblockhubcity(), get_organizer_hotelcity() to get_organizer_hubcity()
• 2007-04-11: Donation system
• 2007-05-31: Weekly scheduled system to notify about floating support team members
• 2007-05-15: Started separating management of the homeland system from the international system (started on menu_clusterleader.php and add under that)
• 2007-06-13: Added Master sites
• 2007-07-03 17:46: New super-dynamic front page with latest updates
• 2007-07-12: Switched to new server (4 CPU)
• 2007-08-07: OpenID implemented, phase 1/2 completed: beginning testing period
• 2007-08-07: Realized all mails sent _from the website_ to sharehim.org addresses never arrived and was lost, because Darryl had forgot to change something when we moved the site on 2007-07-12
• 2007-08-16: Code count: 190064 lines of code, 29261 lines of comments, 13437 blank lines, 725 files (php;htm;js;css;txt) (lines of code excludes libraries like JanRain OpenID, FCKeditor, htmlarea etc, otherwise it would be 224913/37507/18762/876). Official tables: 89
• 2007-08-29 11:50: Restructured homeland system to register availability, do acceptances per conference, automatically approve homeland applicants when assigned to a site
• 2007-10-01: All output from webservice system is now being UTF-8 encoded
• 2007-11-08: Current disk space usage: Files: 835 Mb, MySQL: 173 Mb
• 2007-12-14: Restructured international program to require team funding of 1,200 USD per site (starting from year 2008) (decided at Carolina meeting 2007-12-11)
• 2007-12-19 16:08 EST: Changed application form to require payment of $1200 by all applicants by default
• 2008-05-22: Set applications closing date for all international date blocks to 1 month before opening date
• 2008-06-05: Major code clean-up, streamlined function names, clean up of global variables, clean up of left-side menu, improved compatibility with future PHP versions
• 2008-08-06: Added MVC functions
• 2008-09-23: Change all homeland date block titles to be generated automatically
• 2008-12-08: Code count: 224106 lines of code, 38529 lines of comments, 17964 blank lines, 796 files (php;htm;js;css;txt) (including libraries FCKeditor, htmlarea, netoffice folder, it would be 261945/47269/24296/995). Official tables: 91 (ALL tables on sharehim.org main database excl the other databases). With 32 chars per line on average => 1400 pages of text to keep track of.
• 2009-01-28: Problem occured with switching between SSL and non-SSL: Darryl had installed Suhosin on server, and this setting suhosin.session.cryptdocroot being On caused the problem (because docroot is different for SSL and non-SSL scenarios) (see Suhosin config options: http://www.hardened-php.net/suhosin/configuration.html)
• 2009-02-05: Session problem occured when using Aurigma Image Uploader: Darryl had installed Suhosin on server, and this setting suhosin.session.cryptua being On caused the problem (because Image Uploader sends it own user agent to the receiving script)
• 2009-02-18: Major step of 3rd homeland website structure change, where conference organizers can do long-term planning and basically set up their own date blocks
• 2009-02-26: Major overhaul of homeland system (probably greatest changes this round). Changed from a date block based system to a master site/church based system.
• 2009-03-09: Changed application to match new homeland structure (no longer ask for date blocks they are available for)
• 2009-03-25: Implemented the system for asking acceptance consent from applicant's pastors
• 2009-04-23: Implemented option for setting up a login for pastors, and for them to manage their master sites and their OLT members
• 2009-08-24: Require $100 USD deposit for international campaigns
• 2010-02-04: Divide groups into 3 types of funding sources for site-funding: ShareHim responsible, individually responsible, and collectively responsible
• 2010-02-11: System to handle sending site-funds to local fields
• 2010-04-01 10:00 EST: Switched to sharehim.org as main domain, without www. to make URLs as short as possible (all cookies 'cook_uniqueuserid' were being copied since 2008-09-11)
• 2010-06-17: System for non-eAdventist conferences to manage their list of pastor on our website
• 2010-09-14: Switched to new server (8 cores)
• 2010-09-28: Went through bounced e-mails and invalidated about 1300 e-mail addresses in main_people!
• 2010-10-05: Separated files for Jensen Framework out into a separate folder
• 2010-11-01: Delete many obsolete fields in main_master_sites and main_sites
• 2010-11-11: Started tracking when OLT members are added and removed, and thereby keep history
• 2011-03-21: Cleaned up manually entered GoodSalt orders of ShareSynch Serial Numbers
• 2011-12-16 13:13 EST: Completely separate homeland campaigns from main_dateblocks table
• 2012-01-31 05:30 EST: Implemented Centralizer functions add_person() and edit_person()
• 2012-02-07 04:20 EST: Moved production website to vpsfarm (our own server) (Hosford charged us $106.95 per month for sharehim.org and folkenberg.net)
• 2012-04-03: Fixed some Googlebot problems that caused it to hammer our website. In Webmaster Tools Googlebot lately had crawled 4-7000 pages per day, ~70000 Kb downloaded per day, and spent ~250 msec per page. Watch if this decreases!
• 2012-05-22 10:10 EST: Implemented new login system
• 2012-05-22: Reached 3000 commits to Subversion
• 2012-06-13 16:00 EST: Implemented bcrypt hashing of user passwords
• 2012-08-01: Code count: 362482 lines of code, 59873 lines of comments, 27717 blank lines, 981 files (php;htm;js;css;txt) (lines of code excludes libraries like JanRain OpenID, FCKeditor, htmlarea etc, otherwise it would be 556960/103412/43067/1413). Official tables: 132 tables+WordPress tables+Wiki tables (temporarily moved everything out that was not part of the code for the website)
• 2012-08-03: Started using jQote2 JS templating engine and common.js
• 2012-08-14: Cleaned up system_operations using SQL in "SQL statements.txt"
• 2012-09-07: Option to use social logins (Google, Facebook, PayPal, OpenID etc via rpxnow.com)
• 2012-10-09: Restructured hub cities so that they are now permanent per date block
• 2012-11-13: Restructured site-funding system for STMs to pay as well and for 3 donation deadlines
• 2012-12-04: Restructured orientations so that they are now permanent per date block (only one orientation site record per orientation date)
• 2013-01-21: First specific use of HTML5 by using sessionStorage in menu_pastor.js
• 2013-03-22 04:00 EST: Moved all 3 vps servers to one vps server at linode (vpsfarm went out of business)
• 2013-11-04 09:00 EST: Change entire website into using charcter encoding UTF-8
• 2014-02-06: Upgraded Debian server from squeeze to wheezy
• 2014-06-23: Upgraded MediaWiki from version 1.14.0 to 1.23.0
• 2014-07-22: Change to use personal logins for campaign managers, instead of separate coadmin login
• 2015-02-20: Started using the new application form seriously (STMs now also go through recommendation process)
• 2015-09-30 04:30 EST: New design implemented site-wide
• 2016-03-03: Changed DNS for tn1.sharehim.org from 173.247.17.13 to 173.247.17.138 (because Benny's Internet connection was changed)
• 2016-08-29: Deleted admins from main_ext_logins (only div/conf/un is remaining but as of today we have disabled their login ability)
• 2016-09-08: Changed cron job for daily tasks #4 to run every 20 minutes dues to limits imposed by eAdventist
• 2017-01-16: disabled password SSH authentication (only allow with SSH keys) -Allan
• 2017-01-16: CrashPlan service had terminated for some reason. Started it again. (https://support.code42.com/CrashPlan/4/Troubleshooting/Stopping_And_Starting_The_CrashPlan_Service) -Allan
• 2017-01-27: Patched servers, both sharehim.org and tn1.sharehim.org
• 2017-01-31: Moved crontab to /etc/cron.d instead of using symlink to /var/www/sharehim.org/crontab - since it didn't work after the patching 4 days ago!
• 2017-02-17: Changed postfix to route emails through Allan's Meebox mail server