Difference between revisions of "Userlevel:Admin:Technical Documentation - Websites:Misc documentation"
(→Signing on Linux) |
(→Signing on Windows) |
||
Line 1,913: | Line 1,913: | ||
http://stackoverflow.com/questions/1451959/where-do-you-download-signcode-exe-and-other-tools | http://stackoverflow.com/questions/1451959/where-do-you-download-signcode-exe-and-other-tools | ||
+ | K Software also provide a tool for signing files: http://codesigning.ksoftware.net/#ksign | ||
===== Signing on Linux ===== | ===== Signing on Linux ===== |
Revision as of 13:07, 19 April 2016
Contents
- 1 Website
- 1.1 Interface Security
- 1.2 Scheduler
- 1.3 Design concept
- 1.4 Rules, standards, notes, etc.
- 1.4.1 Abbreviations & definitions (terminology/glossary)
- 1.4.2 Applicant categories
- 1.4.3 Operations allowed at the different stages in the application process
- 1.4.4 Possible combinations of 'category' and 'cospeaker' and their allowed selection of dateblocks
- 1.4.5 Possible combinations of speaker's support team members and their dateblock link (for when selecting members)
- 1.4.6 Organizer's responsibility group/scope
- 1.4.7 Multiple events
- 1.4.8 Website Layout & Coding Format
- 1.4.9 E-mails
- 1.4.10 Check queries
- 1.4.11 Dropdowns
- 1.4.12 Boolean fields
- 1.4.13 Adding/removing fields for, or links to, person record in main_people
- 1.4.14 Deleting applicants
- 1.4.15 Deactivating records
- 1.4.16 User menus
- 1.4.17 External links and webservice consumers
- 1.4.18 Address formats
- 1.4.19 Telephone formats
- 1.4.20 Log actions
- 1.4.21 Change Log prefixes
- 1.4.22 Code-related tags
- 1.4.23 System entry points
- 1.4.24 SQL sentences
- 1.4.25 When mail provider changes IP (eg. causing mail queue just filling up)
- 2 Servers
- 3 Software
- 4 Backup
Website
Interface Security
Login session variables
REMEMBER that these variables also needs to be set (or at least managed) when emulating and unemulating.
Is user logged in? | ['usrinfo']['logged_in'] |
Username (e-mail) | ['usrinfo']['username'] |
['usrinfo']['email'] | |
Person/div./un./conf. ID
(Local ID) |
['usrinfo']['localID'] (MUST correspond to $accesslevel in order to identify the user on his own level - certain users from ext_logins has to be "mapped" to an existing record in the table for his level, so that it will actually just be an alias. We cannot transfer the localID field from ext_logins to localID field in temp_users, because we would not have the reverse identification of that user in temp_users then, so we have to manually check the session variable to see if the user comes from ext_logins table and lookup the localID manually. If we are only concerned about the current user the localID can be found in "user_eff_localID" though.) |
Ext. logins loginID | ['usrinfo']['ext_logins_loginID']
(only made for logins in main_ext_logins. Saves the loginID as the localID will only contain the mapped localID - if any) |
Effective local ID | ['usrinfo']['eff_localID']
(holds the effective local ID for the current user. For ext. logins that means the value of ['usrinfo']['ext_logins_loginID'] and for all other user the value of ['usrinfo']['localID']) |
Access levels (number) |
['usrinfo']['accesslevels_num'] (array) ['usrinfo']['accesslevels_num_max'] (number - the highest in the array) |
Access levels (text) | ['usrinfo']['accesslevels'] |
From table | ['usrinfo']['fromtable']
(values are as MySQL table names except without the "main_" part) |
Full name | ['usrinfo']['fullname'] |
If admin is superadmin | ['usrinfo']['is_superadmin'] |
If admin is associate admin | ['usrinfo']['is_assoc_admin'] |
Is homeland division/union/conference organizer |
['usrinfo']['is_conf_organizer'] (true, false) If user is a conference/union/division organizer for homeland campaigns.
|
Access level for homeland field organizers | ['usrinfo']['conf_organizer_accesslevel'] ('manage', 'reporting') ['usrinfo']['un_organizer_accesslevel'] ('manage', 'reporting') ['usrinfo']['div_organizer_accesslevel'] ('manage', 'reporting') |
Is conference organizer for sectors |
['usrinfo']['is_conf_organizer_for_sectors'] Array of sectors a conference organizer is limited to. Non-existing if no limits. |
Is pastor |
['usrinfo']['is_pastor'] (true, false) |
Is editor | ['usrinfo']['is_editor']
('executive','associative','text','graphics', or false) |
User's active event | ['usrinfo']['active_personeventID'] |
Emulating mode | ['usrinfo']['is_emulating'] (true or not set)
(whether the current login is being emulated) |
Responsible date blocks | ['usrinfo']['resp_dateblocks']
(array of dateblockIDs that this coadmin is responsible for/has access to maintain. Only used for 'coadmin' access level, otherwise it's an empty array) |
Contact for colleges | ['usrinfo']['contact_for_collegeIDs']
(array of collegeIDs that this person is contact person for) |
Recommenders |
|
Verfied/authenticated OpenID | verified_openid |
Verfied/authenticated OpenID short version | verified_openid_short |
Other session variables generally used
Only lasting during the page execution for all pages that goes through the security check.
Dateblock ID | $dateblockID
(the date block that an administrator is currently working in) |
Other global variables generally used
Cached data | $GLOBALS['_cache'] | Associative array with data we want to cache for later reuse. Eg. $GLOBALS['_cache']['groups'][###] contain group info. |
Note that the Centralizer system uses $GLOBALS['runtime']['cache']
Access levels
Each usergroup must also have a numeric value because of the login system's way of behaviour.
Access levels from 70-79 and 0-10 should on the pages be set specifically (in $requiredUserLevel) to avoid unwanted inherited permissions.
Group | Abbrev. | Range | General
(if range) |
System | system | |
899 |
Administrators | admin |
70+ 90+ |
100 |
Campaign managers * Equipment managers |
coadmin equipman |
70-89 |
80 79 |
Divisions | div | 60-69 | 65 |
Unions | un | 50-59 | 55 |
Conferences/missions | conf | 40-49 | 45 |
People (clusters, groups, college leaders) | people | 26-39 | 30 |
Recommenders | intlrecom | 15 | |
Colleges | collegect | 14 | |
ShareSynch Technical Supporter (OBS! Probably not fully configured in set_pw.php...!) |
ssynchsupp | 9 | |
**External shipper
Actually already implemented but not using access level, only a db lookup in main_ext_shippers each time we need to know. |
extshipper | 8 | |
**Travel agents | travelag | 7 | |
Insurance agents | insuragent | 6 | |
- *) mostly same as administrators but only within selected date blocks, and no access to certain system wide features
- **) planned access levels - but probably just make it an extension to their main_people record - to avoid multiple l
When creating new access levels use this checklist:
- try to make unique abbreviations/access level names so they can be searched for
- add to table list_accesslevels
- add to get_user_main_menu(), format_accesslevel(), get_common_table_info()
- add to js_functions_phpmaker.js (syncLocalToAccesslevel() function)
- add to main_ext_loginslist.php (in section "Show mappings/localID")
- add to temp_userslist.php (add to switch() making the $emulate_qstr variable)
- add to php_functions_login.php => format_accesslevel()
- add permission and setup in set_pw.php to emulate and set user/password (if emulation should be possible)
Table permissions
Important notes: No records must be deleted if it has attached records in underlying levels Divisions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | |
|
Unions | x | |
|
|
Conferences/missions | x | |
|
|
People | x | |
|
|
External logins | x | |
|
|
Date blocks From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | |
|
|
Unions | x | |
|
|
Conferences/missions | x | |
|
|
People | x | |
|
|
External logins | x | |
|
|
Unions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | x | x |
Unions | x | x | |
|
Conferences/missions | x | |
|
|
People | x | |
|
|
External logins | x | |
|
|
Conferences/missions From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | x | x |
Unions | x | x | x | x |
Conferences/missions | x | x | |
|
People | x | |
|
|
External logins | x | |
|
|
Orientations sites From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | |
|
Unions | x | x | |
|
Conferences/missions | x | x | |
|
People | x | |
|
|
External logins | x | |
|
|
Note: Only admin can edit orientation date and city Hotel cities From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | x | x |
Unions | x | x | x | x |
Conferences/missions | x | x | x | x |
People | x | |
|
|
External logins | x | |
|
|
Campaign sites From divisions and down these permissions are only allowable within their dateblock, and only themselves on the same level
|
View | Edit | Add | Delete |
Admin | x | x | x | x |
Divisions | x | x | x | x |
Unions | x | x | x | x |
Conferences/missions | x | x | x | x |
People | x | |
|
|
External logins | x | |
|
|
Field permissions
- only admin is allowed to change Active-fields - password field may never be entered/changed manually
File and folder permissions
Modify (666): php/files/*.* except index.php
Modify (777): php/files/logs_scheduled_jobs
Modify (777): php/files/satellite_exports
Modify (777): php/files/temp
Modify (777): php/files/uploads_shortlife
Modify (777): php/files/var_dumps
Modify (777): php/docs
Modify (777): php/docs -ALL SUBFOLDERS-
Modify (666): php/docs/exec_directors_B84H81BN8KBS8F/*Planning_Form*.xls
Modify (777): php/multimedia/ -ALL SUBFOLDERS -
Modify (666): php/multimedia/ -ALL FILES except index.php -
Modify (777): php/pdf_generated/ -ALL SUBFOLDERS-
Modify (666): php/pdf_generated/ -ALL FILES IN SUBFOLDERS- (in order to be able to overwrite them)
Modify (666): php/supportchat/log.txt
Modify (666): php/includes/jensenfw/*.js|*.js.php -ALL FILES - (for phpJSO to obfuscate the files)
Modify (666): php/includes/*.js|*.js.php -ALL FILES except those skipped in _obfuscate_js.php - (for phpJSO to obfuscate the files)
Modify (666): php/error_log (PHP's error logging (warnings, parse errors etc))
Modify ??? : OpenID filestorage location
Scheduler
- checking if we have all necessary information in time before campaigns begin
- sending reminders to people
Design concept
General guidelines
- if information is missing write something like "Awaiting information..."
- hide all e-mail addresses for public users and also for logged in users where they don't need to know the address
Date block branding images
- Trip detail page banner: 960 x 389 (larger is okay as long as ratio is kept)
- Trip overview page thumbnail (https://sharehim.org/upcoming-trips/): 290 x 170 (exact required)
- Email header banner: 564 x 168 (exact required)
They are uploaded to the WordPress Media Library as any other image there.
Rules, standards, notes, etc.
Abbreviations & definitions (terminology/glossary)
STM | support team member |
OLT | Outreach Leadership Team |
div (not the HTML tag) |
division |
un | union |
conf | conference/mission |
lang | language |
local ID | ID from div, un, conf etc. |
equipment | = 1 case |
co-speaker | associate speaker |
conf org / conforg | conference organizer |
n/a | not applicable |
shcfg | name of global variable that is an array with hardcoded configuration/settings for the entire project |
shrun | name of global variable that is an array with values that have been set at runtime, usually in ini.php |
acl | Access Control Layer (permissions) |
NAD | North-American Division |
number of open sites for a dateblock | number of sites minus applicants that has been approved by admin but not necessarily assigned to a site yet |
event request | when a person requests to go to another campaign (paraphrased: "applying a second time at Global Evangelism" or technically "applying using eventrequest.php instead of apply.php) |
date block | one series of mettings in a specific geographical area, with an opening date and a closing date |
campaign | same as date block |
application amount / deposit | These two terms are being used interchangeably and starting 2013 refers to the initial application amount that all international applicants must donate - except in connection with groups where we still call it a deposit. |
participation amount | The terms used for referring to the total amount all international applicants (starting 2013) must donate, and is the sum of the application amount, 2nd donation amount, and final donation amount. |
NWM | Not Worth Mentioning |
curr | current |
valerr |
used in naming convention for variables holding validation error message for a field/piece of information - in plain text and HTML |
hub city | exactly the same as a hotel city. We renamed the term hotel city to hub city. |
ccard | credit card |
authnet | Authorize.net |
Centralizer | a system developed by Allan Jensen to easily set up webpages for maintaining data in database tables |
pid | Person ID |
offid | Officer ID |
wrkid | Worker ID |
choffid | Church office ID |
did / divid | Division ID |
uid / unid | Union ID |
cid / confid | Conference ID |
chid | Church ID |
insttid | Institution ID |
evbdgid | Event budget ID |
pavid | Person availability ID |
pcacid | Person/conference acceptance ID |
pceid | Pre-campaign event ID |
stid | Story ID |
teid | Training Entity ID |
taid | Training Accept ID |
conforgid | Conference organizer ID |
pressynch | Presentaion Synchronizer/Sermon Synchronizer (software) |
collegect | College contact |
ws | webservice |
cspd | correspondent |
site-fund | people or groups who needs to contribute financially to their own campaigns (1,200 $/site).
REMEMBER! Instead of using the word "pay" we must always phrase it as "contributing" (or "donating") for tax-deductible reasons (see note in format_sitefund_indicatorHTML() ). |
pre-funded | sites that are being funded by ShareHim or somebody else with the $1,200, that is, the speaker is not responsible for providing the funds |
normal deadline | the latest date we will accept site-funding (the $1,200) before a campaign without adding the $100 rush processing fee. The date is fixed at 3 months before. The date is inclusive so that payments on this date does not enforce the extra fee. |
TQH | The Quiet Hour / Quiet Hour Ministries |
ARM | Adventist Risk Management |
Applicant categories
A description of the different categories of applicants (IMPORTANT: Remember to consider co-speaker option, too).
Notation in brackets means is for a co-speaker in that category. Only used where applicable and where there is a difference.
|
pastor | layman | academy | college | stm
(support team member) |
organizer |
Table containing date block reference field | main_personevents | main_personevents | main_personevents | main_collegedateblocks | main_personevents | main_personevents |
Can be co-speaker? | Yes | Yes | Yes | Yes | No | No |
Can be team leader?
(record in main_teams) |
Yes [No] |
Yes [No] |
Yes [No] |
Yes [No] |
No |
No |
Can be team member? (use teamID field) | No [Yes] | No [Yes] | No [Yes] | No [Yes] | Yes | No |
Can be group member (and group leader)? | Yes [No] | Yes [No] | Yes [No] | Yes [No] | No | Yes |
Facilitator value? | Yes | Yes | Yes | Yes | No | No |
Needs recommendation for international campaigns? | Yes | Yes | Yes | Not applicable | No | No |
Needs acceptance for homeland campaigns? | Yes | Yes | Yes | Not applicable | No | No |
Allow standby event? | Yes | Yes | Yes | Yes | No | No |
Recommender value? |
If NAD division: |
If NAD division: RecommenderID |
If NAD division: RecommenderID |
CollegedateblockID |
No |
No |
Recommender comments value? | Yes | Yes | Yes | Yes | No | No |
Reference | Ministerial secretary | Pastor | Academy | -none- | -none- | -none- |
Reference value? | Yes | Yes | Yes | Yes | No | No |
Ranking value? | Yes [No] | Yes [No] | Yes [No] | Yes [No] | No | No |
Flight information? | Yes | Yes | Yes | Yes | Yes | Possible |
Room sharing value? | Yes | Yes | Yes | Yes | Yes | Possible |
Subject to cluster, group, and date block size limitations? | Yes [No] | Yes [No] | Yes [No] | Yes [No] | No | No |
Can have graphics equipment booking? | Yes | Yes | Yes | Yes | No | Yes??? |
|
|
|
|
|
|
|
Table with possible related records |
main_teams [no] |
main_teams [no] |
main_teams [no] main_groups [no] main_sites [no] main_equip_booking [no] main_campaign_material main_report main_experiences main_pwquestions |
main_teams [no] |
- |
- |
Common for all:
- a record in main_personevents
Operations allowed at the different stages in the application process
|
Waiting for recommendation | Waiting for acceptance | Waiting for approval | Waiting on standby |
Select as active event (eventchange.php) |
No | No | No | No |
Enter flight arrival info (menupeople.php) |
Yes | Yes | Yes | Yes |
Select room sharing preferences (menupeople.php) |
Yes | Yes | Yes | Yes |
People themselves delete the event (eventdelete.php) |
No | No | Yes | Yes |
Possible combinations of 'category' and 'cospeaker' and their allowed selection of dateblocks
This analyses is done to make sure that we have encompassed all possible combinations and their differences and validity.
Some general definitions of which the following analyses is based on:
- we have 3 different definitions of allowed dateblock selections:
- dateblocks within a college
- dateblocks that still has open sites (see definition above under 'Abbreviation & definitions')
- dateblocks that has not passed their closing date, and therefore still accepts applications
- a cospeaker from a college, can only select date blocks defined for that same college (similar to a def. in next analyses)
Complete definition table
|
cospeaker = 0 | cospeaker = 1 | |
pastor | open sites | unclosed | |
layman | open sites | unclosed | |
college | college defined | college defined | |
academy | open sites | unclosed | |
stm | unclosed | - | |
organizer | unclosed | - | |
Definitions encompassing all derived conclusions from the above table
category = college & cospeaker = 0|1 |
Only dateblocks defined for that college |
Note: Since cospeaker doesn't matter, we don't consider that when dealing with a category=college. |
category = pastor|layman|academy & cospeaker = 0 |
Only dateblocks that still has open sites |
|
category = pastor|layman|academy & cospeaker = 1 |
All unclosed dateblocks |
|
category = stm|organizer & cospeaker = 0 |
All unclosed dateblocks |
|
category = stm|organizer &
|
-invalid combination- |
Note: Since this is an invalid combination, we don't consider cospeaker when dealing with stm & organizers |
Possible combinations of speaker's support team members and their dateblock link (for when selecting members)
This analyses is done to make sure that we have encompassed all possible combinations and their differences and validity.
Some general definitions of which the following analyses is based on:
- a cospeaker from a college, can only be a cospeaker to a speaker from that same college (similar to a def. in former analyses)
- a speaker can have 2 types of support team members:
- stm (normal)
- pastor|layman|academy (but not college) cospeakers
- of course a non-cospeaker cannot be a support team member
- of course stm & organizers cannot be cospeakers - the dateblock link of college students is, contrary to the other types, stored in collegedateblocks
Complete definition table
Speaker |
Possible support team members |
Speaker dateblock link table |
STM dateblock link table |
pastor |
- pastor|layman|academy & cospeaker - stm |
personevents |
personevents |
layman |
- pastor|layman|academy & cospeaker - stm |
personevents |
personevents |
college |
- pastor|layman|academy & cospeaker - stm |
collegedateblocks |
personevents |
college |
- college & cospeaker |
collegedateblocks |
collegedateblocks |
academy |
- pastor|layman|academy & cospeaker - stm |
personevents |
personevents |
Definitions encompassing all derived conclusions from the above table Note: keeping the dateblockID link in collegedateblocks makes it possible to move all college students from one college to another dateblock with a simple change (considering strict normalization of databases this is the correct way to do it). On the other hand it complicates when dealing with dateblockID for speakers. (At the point of time of writing this the question is whether to do one or the other - whether I already have figured out the ways to go about this difference - which I think I have... since I have made SQL queries for both finding all speakers within a dateblock and finding all stm within a dateblock)
speaker category = pastor|layman|academy | All has the same possible dateblock link tables | |
speaker category = college & stm category <> college & cospeaker = 1 |
Speaker dateblock link is in 'collegedateblocks', stm dateblock link is in either 'personevents' or 'collegedateblocks' |
|
speaker category = college & stm category = college & cospeaker = 1 |
||
speaker category = [any] & stm category = [any] & cospeaker = 0 |
-invalid combination- | Note: Since this is an invalid combination, we don't consider cospeaker when dealing with category=college |
Update: To simplify the SQL statement the field eff_dateblockID (effective dateblockID)
Organizer's responsibility group/scope
NOTE: This is our goal but it doesn't mean that the system is working exactly like this yet! Some development probably needed in this area. An organizer can be responsible for the following groups of people depending on his setup:
Setting | Responsibility group |
Not in any group or cluster | All people in date block |
Member of a group | All people in the same group |
Member of a cluster | All people in the same cluster |
For his group of people the areas he can work in include (but is not limited to):
- maintaining their personal record
- entering flight information
- making hotel room reservation
- booking or unbooking graphics equipment
- probably also assigning/unassigning team members???
Multiple events
- on the people's own menu they work with one event at a time - they select themselves which one they want to work with
Website Layout & Coding Format
- generally aim at a minimum screen resolution of 1024x768 pixels
- most website users use IE so it's must be compatible with the newest versions
- but most browsers can be expected (because of a large user group)
- a menu area and a main area
- light background color/texture
- use default font sizes/families and styles unless something needs to be emphasized or de-emphasized
- use < b >
- use or the CSS class "dimmed" for less important text
- don't follow coding structure of main_*.php and list_*.php (generated by PHPMaker) but rather story_menu_admin.php
- complexity of search and sorting features needs to be considered for every case (sometimes needed, otherwise just simple)
- standard date format: mm/dd/yyyy
- started writing LOCAL-DATE places where we eventually will localize the date format for user's country
- consider if strftime() (or strftime_new() in adventsangerne.no) can be used for something
- started writing LOCAL-DATE places where we eventually will localize the date format for user's country
- standard number format: ##,###,###.##
- always use require_function() for defining functions to use. Never include file directly.
- when validating date use $err_occurs_on_page to count how many errors occur. The validation functions also uses this variable.
- recommended to use query string variable "act" when requesting a page with a command to do some operation
- see additional coding format specifications in "Programming principles - Allan.txt"
E-mails
- e-mail addresses must never be shown to the public. They must be presented with a form to be filled out instead.
- general e-mails should bounce to bounce@sharehim.org, while all other e-mails should bounce to the sender address
- format of the unique Mailer ID that can be used in e-mails: X-Mailer-ID: #SRCID#MAIL#FEST07-2#PID686#
Check queries
- IMPORTANT: check that all speakers in a college within a cluster have personevents.clusterID filled out accordingly
- check that all homeland date blocks have at least one conference defined in main_dateblockconfs
- SELECT main_dateblocks.* FROM main_dateblocks LEFT JOIN main_dateblockconfs USING (dateblockID) WHERE homeland = 1 AND main_dateblockconfs.conferenceID IS NULL ORDER BY title
- conferences, unions etc. have their upper level record
- orphaned group members
- speakers both being group leader and group member
- check that group date block matches the members date blocks
- speaker who haven't been issued any material (use code from _db-query.php)
- check that STMs that are member of teams are also member of that date block
- check that no delete-marked events are found in main_people.active_personeventID
- delete active_personeventIDs that do not exist in main_personevents (maybe obsolete now)
- _db-query.php: "CLEAR ACTIVE_PERSONEVENTIDs THAT ARE NOT EXISTING IN PERSONEVENTS"
- check that all people in homeland campaigns are members of clusters
- check date block dates:
SELECT dateblockID, title, opening_date, appl_closed_date, data_lock_date, TO_DAYS(closing_date) - TO_DAYS(opening_date) AS days_duration, TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) AS days_before_appl_close, TO_DAYS(closing_date) - TO_DAYS(data_lock_date) AS days_lock_date_before_closingdate FROM main_dateblocks WHERE TO_DAYS(closing_date) - TO_DAYS(opening_date) <> 15 /* days_duration */ OR TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) < 0 /* days_before_appl_close */ OR TO_DAYS(opening_date) - TO_DAYS(appl_closed_date) > 90 /* days_before_appl_close */ OR TO_DAYS(closing_date) - TO_DAYS(data_lock_date) < -10 /* days_lock_date_before_closingdate */ ORDER BY opening_date
- check pe_eff_siteID integrity:
SELECT main_personevents.personeventID, main_personevents.personID, main_sites.siteID, pe_eff_siteID, main_personevents.categorymoved, main_personevents.cospeaker, main_personevents.eff_dateblockID FROM main_personevents LEFT JOIN main_sites ON main_personevents.personeventID = main_sites.personeventID WHERE (main_personevents.pe_eff_siteID <> main_sites.siteID OR (main_personevents.pe_eff_siteID IS NULL AND main_sites.siteID IS NOT NULL) OR (main_personevents.pe_eff_siteID IS NOT NULL AND main_sites.siteID IS NULL)) AND cospeaker = 0 AND categorymoved NOT IN ('stm', 'organizer')
- check if we have any visits with any of the user agents currently listed in class webstory -> $skip_useragent_keywords
- occasionally removed unused queries:
- delete_query(false, array('queryID' => 0, 'queryID_compare' => '>=')); //it will auto probibit deleting used queries
- check that pastor e-mail addresses match e-mail address in our records (system should prohibit it though so any records shown here might be a result of a problem in the system. Also see e-mails with subject "E-mail changed" of 2010-09-06 and 2011-03-10):
- SELECT main_people.personID, legal_firstname, legal_lastname, main_people.email, main_officers.email AS conf_email, pw FROM main_people INNER JOIN main_officers ON main_people.personID = main_officers.personID WHERE main_people.email <> main_officers.email
Dropdowns
- dropdowns binding a record to it's upper level must only show the upper level values within that branch of the tree
Boolean fields
All boolean fields (yes/no) have the field type TINYINT.
- 1 = yes / true
- 0 = no / false
This makes it easier to determine false and true in PHP.
Some fields also have additional special values like -1 or 2.
Use the label "- not set -" if the boolean value has not been set.
Adding/removing fields for, or links to, person record in main_people
- when deleting a person (main_persondelete.php and delete_person() ) consider this new field
- when merging a person (merge_person() ) consider this new field
- for foreign keys linking to main_people.personID, add a reference in person_alldata.php
- consider necessary changes to ShareHim Satellite
Deleting applicants
Deleting an applicant (meaning that he doesn't want to participate in the program anyway or he has been denied) does not result in an actual removal of the person from the database. We only delete the personevent record.
Deactivating records
To deactivate a record would be a very rare occurrence, only for example if a division re-organizes it's unions. In that case we deactive the unions that are no longer existing and by that we also cancel all current activities for those unions, like equipment booking and scheduled material shipments. This must/can then be re-booked and re-scheduled for the new unions created in stead. This is an example of the principle of deactivating records and theirs effects on the system.
- Procedures (= links) that aren't applicable at present should be grayed out
- e.g.: only make active link to match speakers if there are any speakers that need to be matched
- This will make an easy todo-list overview for the user
- Group these kind of procedures together on the menu
External links and webservice consumers
The following external places link into pages on the website:
/add-new-campaign | NOT YET IMPLEMENTED
ShareSynch software (for people to apply for a homeland Speaker-Initiated Campaign) |
/sharesynch | ShareSynch software (for manual activation) |
/hiswayofhope-order-new-disc | NOT YET IMPLEMENTED
ShareSynch software (for upgrade to newer version where they need new disc) |
The following systems are calling webservices on our website:
/php/sharesynch_activate_online.php | ShareSynch software (automatic activation) |
/php/sharesynch_data_exchange.php | ShareSynch software |
http://software.sharehim.org/ss4/curver.txt
http://software.sharehim.org/ss4/#.#.###.msi (Windows) http://software.sharehim.org/ss4/#.#.###.zip (Mac) |
ShareSynch software checking for updates (versions before 4.0.107 are checking http://www.translatesermons.com/ss4/curver.txt)
"#.#.###" is the version number found in the curver.txt file. |
/php/system_twilio_callback.php (callback specified in each request)
/php/_twilio_receive.php (specified on Twilio account) |
Twilio.com (SMS and voice service) |
/php/system_authorize_net_callback.php | Authorize.net (payment processor) |
/php/run_scheduled_daily_save.php | Called from cron jobs on server itself and from allanville.com |
https://sharehim.org/ | Facebook app (under the account "ShareHim Idea Network") is referring to these URLs (https://developers.facebook.com/apps/475912035761756/settings/) |
/php/ws.php?ws=add_goodsalt_order&f=json | GoodSalt order system (NO LONGER USED) |
Address formats
3 different formats (currently not differencing USA/Canada):
- USA
- Street/PO
- City, State, Zip
- Country
- Canada
- Street/PO
- City, Province, X#X-#X#
- Country
- Other
- Street/PO
- Postal information
- Country
Telephone formats
On forms where people enter their phone number they need to enter the number WITHOUT country code and WITH area number.
On forms where people edit their phone number we will show a plus (+) and the country code in front of that number. We can do that since we have the country code for all countries in the table list_countries.
Log actions
Used in `sharehim_log` database in table `system_operations`, fields `action` and `subaction`
person | added deleted updated merged name corrected changed recommendation status acceptance requested (= e-mail requesting acceptance has been sent to the conference) accepted (by receiving field => homeland conference) rejected (by receiving field => homeland conference) acceptance reverted acceptance request cancelled |
person event | updated activated (standby event was activated) downgrade to standby (actual event was downgraded to standby event) changed main speaker |
site-funding | fulfilled revoked |
event | added standby added deleted standby deleted undeleted moved (so far only used in move_college_group() ) |
email sent | [blank] site-funding reminder pastor passwords |
category changed | |
application |
new |
availability | added deleted moved |
people search | |
login | success failed emulated |
logout | |
password | generated/changed |
group | created deleted (not yet implemented as of 8/4-05) leader changed |
cluster | leader changed |
college dateblock | leader changed |
campaign site | added (type=speaker-init comes under this as well) moved approved (used for speaker-init events) declined (used for speaker-init events) |
dateblock | added modified deleted hub city/sites moved |
story | deleted |
donation | deleted |
equipment | caseID replaced |
equipment booking | created deleted changed |
serial-no | deleted |
Table might not yet be complete. (use SQL from file "Code pieces/SQL statements.txt" to make it complete)
IMPORTANT NOTE:
- to minimize number of records the following log actions are deleted once in a while (after taking a local backup of the whole database so we have the information just in case we need it):
DELETE FROM system_operations WHERE `action` = 'campaign site' AND subaction = 'added'; /* date added is registered in main_sites anyway */
DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'success';
DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'failed';
DELETE FROM system_operations WHERE `action` = 'login' AND subaction = 'emulated';
DELETE FROM system_operations WHERE `action` = 'logout' AND subaction IS NULL;
Change Log prefixes
The following prefixes are used when entering comments in the CVS repository (see notes below the table):
ADD: When features/functional behaviours are added
CHG: When features/functional behaviours are changed
FIX: When a bug has been fixed
IMPROV: When features/functional behaviours have been improved (and it's neither a decided FIX, CHG, or ADD)
REMOVE: When a functional behaviour or out-dated code has been removed
UNDO: Undo a previous commit (usually the previous one of that file)
Any prefix can have " NWM" appended when it is a change that is "Not Worth Mentioning".
Any prefix can have " MAJOR" appended when it involves a major functionality change or upgrade.
The prefix is following by a colon, a space, and then the description. Examples:
ADD: link to change password
FIX NWM: corrected spelling
ADD MAJOR: donation management system
In very rare cases a prefix is not applicable and therefore not used.
If only functions have been changed we write a comma-seperated list of their names with "()" appended. For example:
ADD: get_dateblocks(), get_dateblock_info(): also return mediafolder field
If both functions and code in other places have been changed, we write the description normaly, but in the end list the functions that have been changed and/or added. For example:
ADD: interface for the new date block field mediafolder. Functions modified: get_dateblocks(), set_dateblock(). Functions added: get_mediafolder()
The same applies for JavaScript functions, but then we write "JS" with the parenthesis, for example: get_field_value(JS)
For PHP classes we write like this: 'class webservice_server'
The point here is to always add the names of functions and classes that are changed, so that it's possible to search CVS for all changes regarding those functions/classes.
Possible improvement (=not yet used): there should actually also be a keyword for deciding whether or not the entry should be seen for the general users of the website, so they know which changes have been made to the website that affect their work. Eg. "technical modification" or "functional modification".
Codes that are put different places in the source code to link together different pieces of code that are related - to make it easier to maintain it and remember other places where we are dealing with the same thing. It's important that these tags are unique through ALL text files in the project so that they are easy to search for. Always write them in upper case.
INTL-EVENT-EMAIL | Places in code where we send e-mails related to international events. |
KOREAN-EXCEPTION | Code dealing with the Korean Council customization in NAD division. |
SHOW-CURRENT-DATES-FOR-MASTER-SITE | The places that we show current existing campaign dates for a master site. |
TERMS-FOR-ASSIGNING-HOMELAND-SPEAKER | Places where we write the terms for assigning a speaker to a homeland campaign date |
DIALOGBOX-LIKE-MESSAGE | |
LIST-CHURCH-PASTORS | |
CHECK-STORIES-LINKED-TO-SITE | |
CHECK-STATS-LINKED-TO-SITE | |
SEND_EMAIL_WHEN_ACCEPTED | |
DETERMINE-SENIOR-PASTOR | Places where we determine who is the senior pastor for a church |
BLOCK-SAME-DIVISION-APPLICANTS | Block applicants from applying to date blocks in their own residence division |
NOTIFY-NON-EUD-HOMELAND-APPLICANTS | Code for notifying non-EUD applicants about homeland campaigns in EUD |
HOMELAND-JESUSVIDEO-USES | Places where we determine if we should deal with the Jesus video language in the homeland |
OPENID-ENTRY-CODE | Places with code for OpenID that public users see. Can hide these pieces in case we want to disable it. |
PROHIBIT-LOGIN | Places with code for prohibiting login from users who signed up for international trips from summer 2015 forward. We don't want them to think they have a user with us. |
SKIPPED-TRANSL | Places in homeland system where I have skipped translating something |
QUEST or QUEST-EXPERT | Questions I have for other (expert) programmers about issues I'm unsure about. |
WATCHFUTURE | Things we need to keep an eye on in the future as project develops |
TODO | Places in the code where I need to do something. |
System entry points
Places where user will enter this system (might not be a complete list - check also with login.php)
- index.php
- login.php
- menu*.php
- recommend.php (recommenders go directly to here)
SQL sentences
Relationships up through the main line:
main_translations
INNER JOIN main_sites ON main_translations.siteID = main_sites.sideID
INNER JOIN main_hotels ON main_sites.hotelID = main_hotels.hotelID
INNER JOIN main_conferences ON main_hotels.conferenceID = main_conferences.conferenceID
INNER JOIN main_unions ON main_conferences.unionID = main_unions.unionID
INNER JOIN main_dateblocks ON main_unions.dateblockID = main_dateblocks.dateblockID
INNER JOIN main_divisions ON main_dateblocks.divisionID = main_divisions.divisionID
Return all sites for a orientation/dateblock (the opposite direction of above):
SELECT main_sites.*
FROM main_orientations
INNER JOIN main_dateblocks ON main_orientations.dateblockID = main_dateblocks.dateblockID
INNER JOIN main_unions ON main_dateblocks.dateblockID = main_unions.dateblockID
INNER JOIN main_conferences ON main_unions.unionID = main_conferences.unionID
INNER JOIN main_hotels ON main_conferences.conferenceID = main_hotels.conferenceID
INNER JOIN main_sites ON main_hotels.hotelID = main_sites.hotelID
UNION query to obtain all users:
SELECT coord_email AS email, coord_pw AS pw, 'div' AS accesslevel FROM main_divisions WHERE coord_email is not null AND coord_pw is not null
UNION ALL
SELECT coord_email AS email, coord_pw AS pw, 'un' AS accesslevel FROM main_unions WHERE coord_email is not null AND coord_pw is not null
UNION
SELECT coord_email AS email, coord_pw AS pw, 'conf' AS accesslevel FROM main_conferences WHERE coord_email is not null AND coord_pw is not null
UNION
SELECT email, pw, 'people' AS accesslevel FROM main_people WHERE email is not null AND pw is not null
UNION
SELECT email, pw, accesslevel FROM main_ext_logins WHERE email is not null AND pw is not null
When mail provider changes IP (eg. causing mail queue just filling up)
(NOW THAT WE HAVE SWITCHED TO USING Google Apps WE NO LONGER ARE SENDING VIA sh.zmailcloud.com)
Steps to fix:
- Get IP of
nslookup sh.zmailcloud.com
- If ip has changed, stop postfix
/etc/init.d/postfix stop
- Take new ip and update "relayhost" in
/etc/postfix/main.cf
- Edit
/etc/postfix/sasl_passwd
to add new ip - Delete old encoded sasl database:
rm /etc/postfix/sasl_passwd.db
- Generate new encoded database:
postmap hash:/etc/postfix/sasl_passwd
- Start postfix
- Send test message by:
mail -s testing john@sharehim.org
. Next, type a line of text and then to send, CTRL+d - Verify log file looks correct
- Verify email made it though
- If good, then lets try to resend and flush the queue:
postqueue -f
- View log file to see if messages start going out OK while checking status of
postqueue -p
to verify queue is decreasing
Servers
Sub-domains
Domain Name | Usage description |
---|---|
app.sharehim.org | Used by the Prayer & Friendship smart phone app |
coachapp.sharehim.org | Used by the preaching coaching smart phone app |
festival.sharehim.org | Site with info about the festival events use used to have. Currently redirects to main domain. |
ga1.sharehim.org | Server we have at the Southern Union for ShareHim's use (one of their old servers that we got and set up). But they told us they don't have enough bandwidth into it (100 Mbit) so we are not suppose to use it for heavy-bandwidth stuff.
|
legacymedia.sharehim.org | The old media.sharehim.org which Jill needed access to so we set up this domain instead |
moore.sharehim.org | Pointing to Benny's house but not used for anything specifically |
newsletter.sharehim.org | Holding some content (images) for the newsletters sent in the period 2012-2013 |
secure.sharehim.org | Used to be the domain for https but since we changed everything to https in beginning of 2016 this domain can be removed once all search engines have updated all their links to it |
software.sharehim.org | Used by ShareHim Presenter and ShareSynch to check for and download updates |
support.sharehim.org | Pointing to John Lucas. He has some documentation etc there. |
svn.sharehim.org | Used by the Subversion server |
test.sharehim.org | The testing site of the main site |
tn1.sharehim.org | Distribution server for downloading sermon material |
vidyo.sharehim.org | For the video conferencing software the Southern Union provided for us. We asked them to turn it off but it still seems to be running. |
webserver.sharehim.org | For sending email to the main sharehim.org server (only for internal use, it might not even be set up for receiving mail from the outside even though an MX record has been set up for it) |
calendar.sharehim.org
drive.sharehim.org mail.sharehim.org sites.sharehim.org |
Domains related to our Google for Business account which handles all our email |
*.365.sharehim.org | Domains required for the setup of our Office365 account (that we currently don't use at all, it just sits there) |
Server setup
- FTP: Uninstalled ProFTPp on 2016-04-10 after Chuck no longer needed to access the server. The configuration files are still there in /etc/proftpd and /etc/proftpd.orig though.
Installing updates
For Debian-based distributions do the following, all as root:
-
apt-get update
-
apt-get -dy dist-upgrade
After all packages have been downloaded successfully, then perform the actual install:
-
apt-get dist-upgrade
Syncing between Linux and Google Drive/S3/other cloud services with rclone
- Download rclone from http://rclone.org/downloads/
- Extract and put "rclone" in /usr/local/bin/ (and give it execute permissions)
- Run "rclone config" and create a new remote.
- Google Drive:
- Name: type an appropriate name (eg. "SharehimGDrive")
- Client ID: leave blank
- Client secret: leave blank
- Use auto config?: no
- Open the link it provides in a browser and paste the resulting code
- Test with eg. "rclone lsd SharehimGDrive:" to list root content
- If you get the error "The domain policy has disabled third-party Drive apps" following these directions: http://stackoverflow.com/a/14502443/2404541
- Amazon S3:
- Get access key, secret key, and region from pw manager.
- Test with eg. "rclone lsd SharehimS3:sharehim" to show files in the root of the "sharehim" bucket.
- Google Drive:
It can even sync between two cloud services (= remotes). We use it to backup S3 to Google Drive, as well as backing up tn1 to Google Drive.
Note that when sync'ing the current version 1.28 doesn't delete folders on the destination that have been deleted on the source side. Only all the deleted files are being removed. Watch here for updates: https://github.com/ncw/rclone/issues/100#issuecomment-206783804
See also http://wiki.linuxquestions.org/wiki/Rsync_with_Google_Drive
Software
Generic documentation
Signing the installers with a code signing certificate
Getting the required files
On 2016-04-18 we purchased a 5-year certificate from http://codesigning.ksoftware.net/ (we found cheaper prices elsewhere (here) but they matched that and gave us a discount code for $56.94/yr for a 5-year period).
When making the purchase the default options are fine. Choose:
- "Microsoft Enhanced Cryptographic Provider v1.0"
- Key size of 2048
- Exportable (CHECKED)
- NOT user protected (DO NOT CHECK)
Export the certificate after going through the process. It is auto-installed to IE. To export the certificate, follow the directions here: https://www.godaddy.com/help/exporting-a-code-signing-certificate-from-internet-explorer-or-firefox-4782 Make sure to choose to export the private key. Do NOT select any options to delete the private key if the export is successful.
Do the following to convert the exported PFX code signing file to PVK and SPC (source):
- Ensure OpenSSL is installed (get here or here).
- Download the PVK Transform Utility (Allan has a local copy).
-
openssl pkcs12 ‐in ShareHim.pfx ‐nocerts ‐nodes ‐out tmp_file1.pem
Allan has the pw in pw manager. -
pvk ‐in tmp_file1.pem ‐topvk ‐out ShareHim.pvk
Enter password to be used for signing files (Allan has it in pw manager). -
openssl pkcs12 ‐in ShareHim.pfx ‐nokeys ‐out tmp_file2.pem
-
openssl crl2pkcs7 ‐nocrl ‐certfile tmp_file2.pem ‐outform DER ‐out ShareHim.spc
- Delete the temporary .pem files (I believe there is no need for them anymore)
Signing on Windows
http://stackoverflow.com/questions/1451959/where-do-you-download-signcode-exe-and-other-tools
K Software also provide a tool for signing files: http://codesigning.ksoftware.net/#ksign
Signing on Linux
http://stackoverflow.com/questions/18287960/signing-windows-application-on-linux-based-distros
Make sure you follow all the directions for Debian 8+ for adding the package repositories. Only need to install the mono-devel package. Run the following command to sign the .exe file:
signcode -spc /home/allan/code_signing_files/ShareHim.spc -v /home/allan/code_signing_files/ShareHim.pvk -a sha1 -$ commercial -n "ShareHim Presenter" -i https://sharehim.org/ -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 10 /var/www/ShareHim-Presenter-xxxxxxxxx.exe
The -n parameter should be the name of the program. It is shown to the end-user in User Account Control dialog box when the installer is executed.
It cannot sign .msi files though.
Using osslsigncode instead
When building osslsigncode you need to install the package libcurl4-gnutls-dev
if ./configure
complains about Curl (source).
osslsigncode sign -certs /home/allan/code_signing_files/ShareHim.spc -key /home/allan/code_signing_files/ShareHim.pvk -pass <pvk-password> -n "ShareHim Presenter" -i https://sharehim.org/ -in /var/www/ShareHim-Presenter-xxxxxxxxx.exe -out /var/www/ShareHim-Presenter-xxxxxxxxx-signed.exe
It worked signing an .exe but could not sign an .msi (it said "libgsf is not available, msi support is disabled").
Compiling sermons
Backup
Files backed up from webserver
- /etc
- /home
- /root
- /usr/local/bin
- /var/log
- /var/www
Using CrashPlan. See installation and managing instructions at https://support.code42.com/CrashPlan/4/Configuring/Using_CrashPlan_On_A_Headless_Computer (maybe also https://www.liquidstate.net/installing-crashplan-on-a-headless-linux-server/)
- rclone sync /var/www/ "SharehimGDrive:/backup/tn1_server/-var-www-/"
- rclone sync /storage/ "SharehimGDrive:/backup/tn1_server/-storage-/"
Files backed up from Amazon S3 bucket
- rclone sync SharehimS3:sharehim SharehimGDrive:/backup/s3_sharehim/