Menu
▾
▴
phpesp-devel — Discussion of the development of phpESP
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
(103) |
Apr
(37) |
May
(45) |
Jun
(49) |
Jul
(55) |
Aug
(11) |
Sep
(47) |
Oct
(55) |
Nov
(47) |
Dec
(8) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(43) |
Feb
(85) |
Mar
(121) |
Apr
(37) |
May
(33) |
Jun
(33) |
Jul
(14) |
Aug
(34) |
Sep
(58) |
Oct
(68) |
Nov
(31) |
Dec
(9) |
| 2004 |
Jan
(13) |
Feb
(57) |
Mar
(37) |
Apr
(26) |
May
(57) |
Jun
(14) |
Jul
(8) |
Aug
(12) |
Sep
(32) |
Oct
(10) |
Nov
(7) |
Dec
(12) |
| 2005 |
Jan
(8) |
Feb
(25) |
Mar
(50) |
Apr
(20) |
May
(32) |
Jun
(20) |
Jul
(83) |
Aug
(25) |
Sep
(17) |
Oct
(14) |
Nov
(32) |
Dec
(27) |
| 2006 |
Jan
(24) |
Feb
(15) |
Mar
(46) |
Apr
(5) |
May
(6) |
Jun
(9) |
Jul
(12) |
Aug
(5) |
Sep
(7) |
Oct
(7) |
Nov
(4) |
Dec
(5) |
| 2007 |
Jan
(4) |
Feb
(1) |
Mar
(7) |
Apr
(3) |
May
(4) |
Jun
|
Jul
|
Aug
(2) |
Sep
(2) |
Oct
|
Nov
(22) |
Dec
(19) |
| 2008 |
Jan
(94) |
Feb
(19) |
Mar
(32) |
Apr
(46) |
May
(20) |
Jun
(10) |
Jul
(11) |
Aug
(20) |
Sep
(16) |
Oct
(12) |
Nov
(13) |
Dec
|
| 2009 |
Jan
|
Feb
(9) |
Mar
(37) |
Apr
(65) |
May
(15) |
Jun
|
Jul
(24) |
Aug
(1) |
Sep
(8) |
Oct
(4) |
Nov
(21) |
Dec
(5) |
| 2010 |
Jan
(35) |
Feb
(6) |
Mar
(8) |
Apr
|
May
(4) |
Jun
(3) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: Matthew G. <mat...@gm...> - 2008-01-15 01:58:49
|
Sounds good except for username,password uniqueness. Currently the way users are assigned to multiple realms is that they will have 2 entries with the same userid/password different realms(yes that is ugly, don't blame me for that :-)). Why not require that all the surveys on the landing page be in the same realm as the user logging in? Does this patch build on the previous patches you've sent? I hope to have time tomorrow to work on reviewing them. On Mon, 2008-01-14 at 20:39 -0500, Bishop Bettini wrote: > All, > > Attached is a preliminary patch to support a "landing page" for > respondents. Here's how it works: If use_landing = true in > configuration, then public/landing.php opens up. That pages shows a > login box and any public surveys available in the system. > > A respondent enters their username and password, and if valid, goes to > the landing page. The landing page has three sections. The first > section lists the surveys the respondent can currently complete (based > on the same availability logic found elsewhere in the app). The > second section lists the surveys the respondent has had access to, but > does no longer. For example, surveys that have moved to "done" > status. The third section are "tools", where the respondent can > change their password, change their profile, get help, or log out. > > I am not quite done with this. I need to test a little more, > especially the LDAP part. If anyone already has an LDAP environment > configured, I'd appreciate a test of this against your server. I also > need to fill out the help pages. Any review you can provide would be > appreciated. > > I hope to have this patch finished in the next 24 hours. > > Based on how the system is set up, there is one caveat to using the > landing page: <username,password> tuples must be unique throughout the > system. Currently, the database says <username,realm> is unique, so > when entering a <username,password>, it's possible that the same > username in two different realms has the same password, in which case, > it's impossible to tell which user is which. Right now, if the system > detects that case, the user is not allowed to log in. > > > Thoughts? > > bishop > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ phpESP-devel mailing list php...@li... https://lists.sourceforge.net/lists/listinfo/phpesp-devel |
|
From: Bishop B. <ph...@id...> - 2008-01-15 01:39:38
|
All, Attached is a preliminary patch to support a "landing page" for =20 respondents. Here's how it works: If use_landing =3D true in =20 configuration, then public/landing.php opens up. That pages shows a =20 login box and any public surveys available in the system. A respondent enters their username and password, and if valid, goes to =20 the landing page. The landing page has three sections. The first =20 section lists the surveys the respondent can currently complete (based =20 on the same availability logic found elsewhere in the app). The =20 second section lists the surveys the respondent has had access to, but =20 does no longer. For example, surveys that have moved to "done" =20 status. The third section are "tools", where the respondent can =20 change their password, change their profile, get help, or log out. I am not quite done with this. I need to test a little more, =20 especially the LDAP part. If anyone already has an LDAP environment =20 configured, I'd appreciate a test of this against your server. I also =20 need to fill out the help pages. Any review you can provide would be =20 appreciated. I hope to have this patch finished in the next 24 hours. Based on how the system is set up, there is one caveat to using the =20 landing page: <username,password> tuples must be unique throughout the =20 system. Currently, the database says <username,realm> is unique, so =20 when entering a <username,password>, it's possible that the same =20 username in two different realms has the same password, in which case, =20 it's impossible to tell which user is which. Right now, if the system =20 detects that case, the user is not allowed to log in. Thoughts? bishop --=20 Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Bishop B. <ph...@id...> - 2008-01-14 19:27:38
|
Quoting Matthew Gregg <mat...@gm...>: > On Mon, 2008-01-14 at 13:44 -0500, Bishop Bettini wrote: >> I personally prefer to use the gettext tools and manipulate .po files >> by hand, but Launchpad's interface is straightforward and easy to use. >> I am sure our translators will appreciate it. >> > The is the beauty of Launchpads service, you can work with .po and > upload or use a nice web UI. I hope we might see more up to date > translations if it's dead easy to do it. Also, Lauchpad helps you keep > your translations current even when you don't have a translator > available, using translations of the same string from other projects. Yes, I especially like the "share" aspect! Another good reason to =20 keep the _() msgid strings short. >> What problems do you see with the translations in phpESP? >> The number of translations, the quality of the translations, the >> code's use of >> translations? > Quality. Ok. I've only briefly looked through the languages that I know, and I =20 only saw a few things that I would change, but my client is totally =20 English-speaking, so internationalization is way way way down my list. >> I personally see some strange use of _() in the code, >> specifically large blocks of text in _() calls. In other heavily >> multi-lingual projects I've worked in, we've used _() for small bits >> of text in the code, but put most of the UI text into template files >> outside the code. > It would be nice if we did use templates. But since we don't(yet) and I > hope since we only have a few large blocks like this, it can be managed > as is? Yeah, everything as it is now is managable. The only glaring =20 internationalization issue, to me, is the help file: it's not =20 translated at all, that I saw. (It's also raw HTML, instead of being =20 a DocBook or similar.) If that were more modular, translation would =20 be more tenable. As far as templating goes, I prefer smarty. I've used it extensively, =20 know it, and I like its features over many of the other products =20 available. That would be my recommendation moving forward. When I'm working on apps without a templating system, I tend to write =20 functions that render reusable forms/widgets/snippets, then assemble =20 the reusable things in painter functions. That seems to work well: =20 fast, modular, easily migrated one at a time to templates. My landing =20 page enhancement (soon to come) does this. I've attached it for your =20 review to see what I mean. bishop --=20 Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Matthew G. <mat...@gm...> - 2008-01-14 19:02:20
|
On Mon, 2008-01-14 at 13:44 -0500, Bishop Bettini wrote: > I personally prefer to use the gettext tools and manipulate .po files > by hand, but Launchpad's interface is straightforward and easy to use. > I am sure our translators will appreciate it. > The is the beauty of Launchpads service, you can work with .po and upload or use a nice web UI. I hope we might see more up to date translations if it's dead easy to do it. Also, Lauchpad helps you keep your translations current even when you don't have a translator available, using translations of the same string from other projects. > What problems do you see with the translations in phpESP? > The number of translations, the quality of the translations, the > code's use of > translations? Quality. > I personally see some strange use of _() in the code, > specifically large blocks of text in _() calls. In other heavily > multi-lingual projects I've worked in, we've used _() for small bits > of text in the code, but put most of the UI text into template files > outside the code. It would be nice if we did use templates. But since we don't(yet) and I hope since we only have a few large blocks like this, it can be managed as is? > It's all been very modular, but not so modular as > to drive translators crazy (either by having zillions of files or by > breaking context). It's certainly a tight line to walk. > > Not that I'm suggesting it should be done that way, but I've seen it > effectively used on projects from 10k to 10M lines of code. > > bishop > > Quoting Matthew Gregg <mat...@gm...>: > > > Translations have always been a problem with phpESP(probably most > > projects as well). I'm trying out the translation service provided by > > Canonical on Launchpad. You upload a template(.pot) and users can > > contribute translations easily using a web interface. It also allows > > you to get suggested translations from other projects using Launchpad. > > I have uploaded all the current translations(.po's) we have and awaiting > > them to be imported. I'm not sure you can see this without an account > > and permissions but here is the site: > > https://translations.launchpad.net/phpesp > > > > If this works out well, I would like to use this as the official repo. > > for phpESP L10n files and hopefully we can get people to fix and > > contribute translations much more easily. > > > > > > > > ------------------------------------------------------------------------- > > Check out the new SourceForge.net Marketplace. > > It's the best place to buy or sell services for > > just about anything Open Source. > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > > _______________________________________________ > > phpESP-devel mailing list > > php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > > > > |
|
From: Bishop B. <ph...@id...> - 2008-01-14 18:44:48
|
I personally prefer to use the gettext tools and manipulate .po files =20 by hand, but Launchpad's interface is straightforward and easy to use. =20 I am sure our translators will appreciate it. What problems do you see with the translations in phpESP? The number =20 of translations, the quality of the translations, the code's use of =20 translations? I personally see some strange use of _() in the code, =20 specifically large blocks of text in _() calls. In other heavily =20 multi-lingual projects I've worked in, we've used _() for small bits =20 of text in the code, but put most of the UI text into template files =20 outside the code. It's all been very modular, but not so modular as =20 to drive translators crazy (either by having zillions of files or by =20 breaking context). It's certainly a tight line to walk. Not that I'm suggesting it should be done that way, but I've seen it =20 effectively used on projects from 10k to 10M lines of code. bishop Quoting Matthew Gregg <mat...@gm...>: > Translations have always been a problem with phpESP(probably most > projects as well). I'm trying out the translation service provided by > Canonical on Launchpad. You upload a template(.pot) and users can > contribute translations easily using a web interface. It also allows > you to get suggested translations from other projects using Launchpad. > I have uploaded all the current translations(.po's) we have and awaiting > them to be imported. I'm not sure you can see this without an account > and permissions but here is the site: > https://translations.launchpad.net/phpesp > > If this works out well, I would like to use this as the official repo. > for phpESP L10n files and hopefully we can get people to fix and > contribute translations much more easily. > > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketpla= ce > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > --=20 Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Matthew G. <mat...@gm...> - 2008-01-14 17:59:27
|
Translations have always been a problem with phpESP(probably most projects as well). I'm trying out the translation service provided by Canonical on Launchpad. You upload a template(.pot) and users can contribute translations easily using a web interface. It also allows you to get suggested translations from other projects using Launchpad. I have uploaded all the current translations(.po's) we have and awaiting them to be imported. I'm not sure you can see this without an account and permissions but here is the site: https://translations.launchpad.net/phpesp If this works out well, I would like to use this as the official repo. for phpESP L10n files and hopefully we can get people to fix and contribute translations much more easily. |
|
From: SourceForge.net <no...@so...> - 2008-01-14 06:13:25
|
Bugs item #1870884, was opened at 2008-01-13 22:13 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1870884&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Greg, pls explain fix Initial Comment: I'm just a cookbook novice trying to set up a survey. You answered this problem for someone else but I don't know enough to understand your fix. Can you elaborate or point me to any other documentation? Thanks, Rick Perkins ri...@ad... Fatal error: Call to a member function on a non-object in /espdatalib.inc on line 124 Date: 2005-08-08 07:26 Sender: greggmcProject AdminAccepting Donations Logged In: YES user_id=14116 Proper fix for this is to check for and init adodb in handler.php and handler-prefix.php. I've commited this to CVS. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1870884&group_id=8956 |
|
From: Bishop B. <ph...@id...> - 2008-01-13 02:26:08
|
All,
I'm still reviewing the authorization code (to get a better =20
understanding of how I can implement the previously described =20
"landing" page listing a user's surveys, history, etc), and I see this =20
beginning at public/handler-prefix.php:107
if ($_REQUEST['password'] !=3D "") {
$_SESSION['esppass'] =3D $_REQUEST['password'];
}
if (isset($_SESSION['esppass'])) {
$esppass =3D $_SESSION['esppass'];
}
If I'm reading the code correctly, authentication for survey access, =20
both the first and each subsequent time, happens by pushing the user's =20
session-stored, clear text password through survey_auth(). Am I =20
reading that correctly?
If so, anyone with read access to the session data (either =20
misconfigured files or database tables) can read the passwords for all =20
currently authenticated users.
Question: Instead of this approach, can't an authenticated bit be =20
stored and checked by survey_auth()? I'm currently in the process of =20
refactoring survey_auth() in both the authentication mechanisms, so if =20
I'm reading this code right and a bit would work, I can make the =20
change while in the code.
Thanks,
bishop
--=20
Bishop Bettini
ideacode, Inc.
(main) +1 919 341 5170 / (fax) +1 919 521 4100
Visit us on the web at:
ideacode.com Professional software research and development
reviewmysoftware.com Improve sales! Review your software before you release
bytejar.com Solutions to those annoying development problems
|
|
From: Bishop B. <ph...@id...> - 2008-01-13 01:57:21
|
All, Survey purge purports to remove "all traces of a survey from the database." However, survey_purge() does not remove access control values defined in the access table. These access control values should also be removed. See attached patch. This should be applied *after* the patches I sent previously for collecting survey statistics. bishop -- Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Bishop B. <ph...@id...> - 2008-01-13 00:32:22
|
All,
Attached are my finalized patches to support collecting, viewing, and =20
managing per-survey statistics in phpESP. Since the patch I sent last =20
night I:
* initialized statistics at survey creation time
* purged statistics at survey purge time
* tightened the security on the view statistics page, so that you only =20
see statistics for your active & done surveys
* added the help documentation, and linked to it
* added the language catalog msgid values
* added a new statistic -- attempted -- which represents the total =20
number of attempts, regardless of outcome (abandon, suspend, commit)
* added a statistics view refresh button on management page
* consolidated some code (see admin/include/lib/espsurvey.inc)
* cleaned up code with some abnormal spacing
There are three patches in the the attached tgz (tar'd & gzip'd to get =20
through the 40k list wall). Please patch in 1, 2, 3 order. These =20
should patch cleanly against 2.0.2. Please let me know if this patch =20
is acceptable or not -- if not, what do I need to change?
Also, I added one hopefully handy method. This:
esp_require_once('/lib/espcross');
Replaces this:
require_once($ESPCONFIG['include_path']."/lib/espcross".$ESPCONFIG['extensio=
n']);
bishop
PS: I didn't see an official coding standard, so I tried to stick with =20
the coding style of files I was modifying, but I used our (ideacode) =20
standard style for new files. The style seen throughout much of the =20
code is very similar to our standard, but ours just seems to be more =20
formalized. You shouldn't see anything weird. FYI, our standard is =20
documented at:
https://mail.ideacode.com/wicked/display.php?page=3DCodingStandard
PPS:
If anyone is bored, there are todo items listed in =20
admin/include/where/statistic.inc :)
--=20
Bishop Bettini
ideacode, Inc.
(main) +1 919 341 5170 / (fax) +1 919 521 4100
Visit us on the web at:
ideacode.com Professional software research and development
reviewmysoftware.com Improve sales! Review your software before you release
bytejar.com Solutions to those annoying development problems
|
|
From: Bishop B. <ph...@id...> - 2008-01-12 04:06:04
|
All, Attached is a preliminary patch (unit tested, walked-through) that I'd like your feedback on. Please review and let me know if you see anything that needs to change. The only missing items, that I know of, are a little bit of cleanup on the view statistics page (translate the sid into the survey name) and to fill out the language catalogs. To apply: 1. patch -p1 < issue919.patch.diff 2. mysql -u root -p -D phpesp < mysql_update-2.0.2-2.0.3.sql 3. Create surveys, activate them, then go interact (save, submit, reload, etc.) with them 4. Click "View Survey Statistics" Thoughts? bishop -- Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Bishop B. <ph...@id...> - 2008-01-12 01:21:50
|
So... false. That being the case, test.php might be a little =20
misleading, as it checks for the mysql extension.
If I'm going to implement it portably, I might as well do it the hard =20
way for all. MySQL's INSERT ... ON DUPLICATE UPDATE is a convenient =20
short cut so that I don't have to first figure out if a row exists.
MySQL and SQLite support a REPLACE construct that is similar to INSERT =20
... ON DUPLICATE UPDATE, but PostgreSQL doesn't. There's a nasty =20
little T-SQL like construct that PostgreSQL has for equivalency, but =20
I'm not up for all of that.
I'm all for portability, but REPLACE (or INSERT ... ON DUPLICATE =20
UPDATE) should be a part of the blasted SQL standard. :)
bishop
Quoting Matthew Gregg <mat...@gm...>:
> The last time I tested phpESP would work with MySQL, Postgres and sqlite
> using ADODB. That was some time ago so it may not work cleaning against
> anything but MySQL now. However, I would really like to try and keep
> it working against my/post/lite. Is there anyway you can implement what
> you need using something portable? You'd probably need to add a
> function in admin/include/lib/espdatalib.inc to handle the different
> DB's:
> switch ($cfg['adodb_database_type']) {
> case "mysql":
> case "postgres":
> case "sqlite":
>
>
> On Fri, 2008-01-11 at 18:27 -0500, Bishop Bettini wrote:
>> I want to use a MySQL extension to SQL (INSERT ... ON DUPLICATE KEY
>> UPDATE), and I want to make sure that phpESP requires MySQL (even
>> though the underlying ADODB libraries support PostgreSQL, etc.
>>
>> bishop
>>
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketpla=
ce
> _______________________________________________
> phpESP-devel mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-devel
>
--=20
Bishop Bettini
ideacode, Inc.
(main) +1 919 341 5170 / (fax) +1 919 521 4100
Visit us on the web at:
ideacode.com Professional software research and development
reviewmysoftware.com Improve sales! Review your software before you release
bytejar.com Solutions to those annoying development problems
|
|
From: Matthew G. <mat...@gm...> - 2008-01-12 00:19:43
|
The last time I tested phpESP would work with MySQL, Postgres and sqlite
using ADODB. That was some time ago so it may not work cleaning against
anything but MySQL now. However, I would really like to try and keep
it working against my/post/lite. Is there anyway you can implement what
you need using something portable? You'd probably need to add a
function in admin/include/lib/espdatalib.inc to handle the different
DB's:
switch ($cfg['adodb_database_type']) {
case "mysql":
case "postgres":
case "sqlite":
On Fri, 2008-01-11 at 18:27 -0500, Bishop Bettini wrote:
> I want to use a MySQL extension to SQL (INSERT ... ON DUPLICATE KEY
> UPDATE), and I want to make sure that phpESP requires MySQL (even
> though the underlying ADODB libraries support PostgreSQL, etc.
>
> bishop
>
|
|
From: Bishop B. <ph...@id...> - 2008-01-11 23:27:31
|
I want to use a MySQL extension to SQL (INSERT ... ON DUPLICATE KEY UPDATE), and I want to make sure that phpESP requires MySQL (even though the underlying ADODB libraries support PostgreSQL, etc. bishop -- Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: SourceForge.net <no...@so...> - 2008-01-11 23:13:51
|
Bugs item #1498228, was opened at 2006-05-31 06:46 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1498228&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: gettext test fails even though support is 'real' Initial Comment: As stated in docs/TRANSLATIONS: --- Line 31 and 32 If the test fails, and support is 'Real,' please send a bug report along with the entire system test page. --- This is the output of admin/test.php: --- PHP Information Version: 4.4.0-3ubuntu2 OS: Linux SAPI: apache register_globals: No magic_quotes_gpc: No magic_quotes_runtime: No safe_mode: No open_basedir: PHP Extensions dBase: No GD: Yes -- 2.0 or higher GNU Gettext: Yes LDAP: No MySQL: Yes PHP Extension Dir (compiled): /usr/lib/php4/20050606 PHP Extension Dir (run time): /usr/lib/php4/20050606 phpESP Settings Expected ESP_BASE: /home/testbed/public_html/phpesp/ Expected base_url: blackbox.loopback.nu/~testbed/phpesp/ Loading phpESP.ini.php ... ESP_BASE: /home/testbed/public_html/phpesp/ base_url: http://blackbox.loopback.nu/~testbed/phpesp/ Version: 1.8.1 Debug: No phpESP Language Settings GNU Gettext: Real default_lang: en_US current lang: en_US available langs: da_DK, de_DE, el_GR, en_US, es_ES, fi, fi_FI, fr_FR, hu_HU, it_IT, ja_JP, nl_NL, pt_BR, pt_PT, sv_SE (da, de, el, en, es, fi, fr, it, ja, nl, pt, sv) GNU Gettext test: %%%% Gettext Test Failed Catalog Open Test: Yes PHP Session Test session.save_path: /tmp/sessions Counter: 2 --- ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-01-11 15:13 Message: Logged In: NO PHP Information Version: 5.2.5 OS: Linux SAPI: apache2handler register_globals: Yes magic_quotes_gpc: Yes magic_quotes_runtime: No safe_mode: No open_basedir: VIRTUAL_DOCUMENT_ROOT PHP Extensions dBase: No GD: Yes -- bundled (2.0.34 compatible) GNU Gettext: Yes LDAP: No MySQL: Yes PHP Extension Dir (compiled): /usr/lib/php/20060613 PHP Extension Dir (run time): /usr/lib/php/20060613 phpESP Settings Loading phpESP.ini.php ... Version: 2.0.2 Debug: No phpESP Language Settings GNU Gettext: Real default_lang: de_DE current lang: de_DE available langs: fi, da_DK, de_DE, el_GR, en_US, es_ES, fi_FI, fr_FR, hu_HU, ja_JP, it_IT, nl_NL, pt_BR, pt_PT, sv_SE (da, de, el, en, es, fi, fr, it, ja, nl, pt, sv) GNU Gettext test: %%%% Gettext Test Failed Catalog Open Test: Yes PHP Session Test session.save_path: /usr/export/tmp Counter: 1 It's a free funpic.de-Account (in case you need a test-server). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1498228&group_id=8956 |
|
From: Bishop B. <ph...@id...> - 2008-01-11 22:46:32
|
Okay, then I'm going to suggest another enhancement: Update public/survey.php to accept no survey name. When not given a =20 survey name, present a login dialog as well as a list of public =20 surveys. Once logged in, take the user immediately to their first =20 survey (if they have one). Once they take the survey, return them to =20 their list of surveys. The list of surveys will include all the =20 private surveys to which they have access, along with all public =20 surveys. The list will show at least the survey name and status =20 (completed, suspened, etc.), and will provide a link to take surveys =20 that are still viable. A logout link will also be presented. Options/Questions: 1. Perhaps the "take them to first survey immediately after login" is =20 a configuration option. 2. Should the login box be presented if there aren't any active =20 private surveys? My feeling is yes, because that allows surveyors to =20 go in and see the historical surveys they've completed (which can be =20 used as "proof", a requirement I have) 3. If logging in with a given survey name, go directly to that survey. =20 Once complete, return to the list of surveys. Thoughts? bishop Quoting Matthew Gregg <mat...@gm...>: > It only supports logging in to a survey as a respondent. As a designer > of course you login to the "system". > On Fri, 2008-01-11 at 15:33 -0500, Bishop Bettini wrote: >> Follow-up: Maybe there's authfail in both circumstances, when direct >> accessing a survey and when trying to access all your surveys. In >> looking at the code, it definitely looks like there's a slant toward >> "login to survey." >> >> So, is there support for a user logging in and getting a list of their >> surveys? If not, I think there should be. >> >> bishop >> >> PS: In the implementation, I've renamed "authfail" to "loginfail" for >> aesthetic reasons. >> >> >> Quoting Bishop Bettini <ph...@id...>: >> >> >> Hmm... you call a survey from some url like >> >> http://somesite/survey.php?name=3Dfoo, then the login pops for a prote= cted >> >> survey(we do know what survey you tried to access). Won't you still >> >> have access to $_GET['name'] if the login fails? >> > >> > That is one usage, and in that usage, yes you know the survey. But >> > what about the use case where account X has 3 surveys to take? >> > Presumably, they should get a list of surveys they can access, rather >> > than having to know the URL to each one. In that case, they log in >> > with out knowing which survey to do first. >> > >> > (I'm not even sure if "login then get a list of available surveys" is >> > supported; if not, I'll have to add it for my need.) >> > >> > I suppose this boils down to the design question of "are you logging >> > in to a survey" or "logging in to the survey tool". A subtle >> > difference. Right now, access is at the survey level: a private >> > survey requires log in by a registered account for that survey. But >> > if you have access to multiple private surveys, do you have separate >> > accounts for each survey? I don't think so, I think you have one >> > account. That implies that you are logging into the tool, and can >> > access multiple surveys. Thus implying you can get a list of surveys >> > to complete. Thus implying that authentication is to the tool, not to >> > a survey. --=20 Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Matthew G. <mat...@gm...> - 2008-01-11 21:41:45
|
It only supports logging in to a survey as a respondent. As a designer of course you login to the "system". On Fri, 2008-01-11 at 15:33 -0500, Bishop Bettini wrote: > Follow-up: Maybe there's authfail in both circumstances, when direct > accessing a survey and when trying to access all your surveys. In > looking at the code, it definitely looks like there's a slant toward > "login to survey." > > So, is there support for a user logging in and getting a list of their > surveys? If not, I think there should be. > > bishop > > PS: In the implementation, I've renamed "authfail" to "loginfail" for > aesthetic reasons. > > > Quoting Bishop Bettini <ph...@id...>: > > >> Hmm... you call a survey from some url like > >> http://somesite/survey.php?name=foo, then the login pops for a protected > >> survey(we do know what survey you tried to access). Won't you still > >> have access to $_GET['name'] if the login fails? > > > > That is one usage, and in that usage, yes you know the survey. But > > what about the use case where account X has 3 surveys to take? > > Presumably, they should get a list of surveys they can access, rather > > than having to know the URL to each one. In that case, they log in > > with out knowing which survey to do first. > > > > (I'm not even sure if "login then get a list of available surveys" is > > supported; if not, I'll have to add it for my need.) > > > > I suppose this boils down to the design question of "are you logging > > in to a survey" or "logging in to the survey tool". A subtle > > difference. Right now, access is at the survey level: a private > > survey requires log in by a registered account for that survey. But > > if you have access to multiple private surveys, do you have separate > > accounts for each survey? I don't think so, I think you have one > > account. That implies that you are logging into the tool, and can > > access multiple surveys. Thus implying you can get a list of surveys > > to complete. Thus implying that authentication is to the tool, not to > > a survey. > > > > Thoughts? > > > > bishop > > > > -- > > Bishop Bettini > > ideacode, Inc. > > (main) +1 919 341 5170 / (fax) +1 919 521 4100 > > > > Visit us on the web at: > > ideacode.com Professional software research and development > > reviewmysoftware.com Improve sales! Review your software before you release > > bytejar.com Solutions to those annoying development problems > > > |
|
From: Bishop B. <ph...@id...> - 2008-01-11 20:33:14
|
Follow-up: Maybe there's authfail in both circumstances, when direct =20 accessing a survey and when trying to access all your surveys. In =20 looking at the code, it definitely looks like there's a slant toward =20 "login to survey." So, is there support for a user logging in and getting a list of their =20 surveys? If not, I think there should be. bishop PS: In the implementation, I've renamed "authfail" to "loginfail" for =20 aesthetic reasons. Quoting Bishop Bettini <ph...@id...>: >> Hmm... you call a survey from some url like >> http://somesite/survey.php?name=3Dfoo, then the login pops for a protecte= d >> survey(we do know what survey you tried to access). Won't you still >> have access to $_GET['name'] if the login fails? > > That is one usage, and in that usage, yes you know the survey. But > what about the use case where account X has 3 surveys to take? > Presumably, they should get a list of surveys they can access, rather > than having to know the URL to each one. In that case, they log in > with out knowing which survey to do first. > > (I'm not even sure if "login then get a list of available surveys" is > supported; if not, I'll have to add it for my need.) > > I suppose this boils down to the design question of "are you logging > in to a survey" or "logging in to the survey tool". A subtle > difference. Right now, access is at the survey level: a private > survey requires log in by a registered account for that survey. But > if you have access to multiple private surveys, do you have separate > accounts for each survey? I don't think so, I think you have one > account. That implies that you are logging into the tool, and can > access multiple surveys. Thus implying you can get a list of surveys > to complete. Thus implying that authentication is to the tool, not to > a survey. > > Thoughts? > > bishop > > --=20 > Bishop Bettini > ideacode, Inc. > (main) +1 919 341 5170 / (fax) +1 919 521 4100 > > Visit us on the web at: > ideacode.com Professional software research and development > reviewmysoftware.com Improve sales! Review your software before you relea= se > bytejar.com Solutions to those annoying development problems --=20 Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Bishop B. <ph...@id...> - 2008-01-11 20:09:45
|
> Hmm... you call a survey from some url like > http://somesite/survey.php?name=3Dfoo, then the login pops for a protected > survey(we do know what survey you tried to access). Won't you still > have access to $_GET['name'] if the login fails? That is one usage, and in that usage, yes you know the survey. But =20 what about the use case where account X has 3 surveys to take? =20 Presumably, they should get a list of surveys they can access, rather =20 than having to know the URL to each one. In that case, they log in =20 with out knowing which survey to do first. (I'm not even sure if "login then get a list of available surveys" is =20 supported; if not, I'll have to add it for my need.) I suppose this boils down to the design question of "are you logging =20 in to a survey" or "logging in to the survey tool". A subtle =20 difference. Right now, access is at the survey level: a private =20 survey requires log in by a registered account for that survey. But =20 if you have access to multiple private surveys, do you have separate =20 accounts for each survey? I don't think so, I think you have one =20 account. That implies that you are logging into the tool, and can =20 access multiple surveys. Thus implying you can get a list of surveys =20 to complete. Thus implying that authentication is to the tool, not to =20 a survey. Thoughts? bishop --=20 Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Matthew G. <mat...@gm...> - 2008-01-11 19:47:51
|
On Fri, 2008-01-11 at 14:32 -0500, Bishop Bettini wrote: > I'm not sure I was clear. How is the database field to be incremented > when an http 401 has been generated? The only way I know to do that > is to have a custom Error Document assigned to a 401 error (a la > ErrorDocument in apache). That 401 error document must then run the > PHP code necessary to increment the authfail value. > Now that I've looked back over the code, If you increment authfail in espauth-default.php and espauth-ldap.php, survey_auth function, you will handle both form and "basic" auth. so you can ignore me here. > I suppose the best we could do is supply the 401 error document and > the instructions for the end user on how to set it up. > > But, to tie this comment and the previous one together, I don't think > that authfail is a per-survey statistic. If you're not logged in, the > code doesn't know what survey you're trying to get to (bear in mind > the case where a user has access to multiple surveys to take -- > there's no way to disambiguate the destination for authfail recording). Hmm... you call a survey from some url like http://somesite/survey.php?name=foo, then the login pops for a protected survey(we do know what survey you tried to access). Won't you still have access to $_GET['name'] if the login fails? > > bishop |
|
From: Bishop B. <ph...@id...> - 2008-01-11 19:32:54
|
> Hmm... I'm not sure system wide stats like that are useful to the > general phpESP user. Of course if you capture per survey, getting a > global count is trivial. Yes, you're right: we should accumulate per-survey, then just show a =20 summation for global. Going from per to global is easy; going the =20 other way is impossible! Darn that entropy. >> Any idea how to accumulate for Basic Auth (which I'm assuming uses the >> http 401 status code)? > Both auth methods are currently supported(form is default) in the code. I'm not sure I was clear. How is the database field to be incremented =20 when an http 401 has been generated? The only way I know to do that =20 is to have a custom Error Document assigned to a 401 error (a la =20 ErrorDocument in apache). That 401 error document must then run the =20 PHP code necessary to increment the authfail value. I suppose the best we could do is supply the 401 error document and =20 the instructions for the end user on how to set it up. But, to tie this comment and the previous one together, I don't think =20 that authfail is a per-survey statistic. If you're not logged in, the =20 code doesn't know what survey you're trying to get to (bear in mind =20 the case where a user has access to multiple surveys to take -- =20 there's no way to disambiguate the destination for authfail recording). bishop --=20 Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Matthew G. <mat...@gm...> - 2008-01-11 19:19:09
|
On Fri, 2008-01-11 at 14:10 -0500, Bishop Bettini wrote: > > I like the idea of a stats table and the stats you are collecting. The > > way you plan to implement will collect for a survey regardless of how > > many surveyors participate? For survey foo, 10 authfails, 20 abandoned, > > etc....? > > Yes, these statistics will accumulate regardless of the number of > surveyors and, perhaps most importantly, these statistics are not > per-survey, but system wide. > Hmm... I'm not sure system wide stats like that are useful to the general phpESP user. Of course if you capture per survey, getting a global count is trivial. > > >> > I'm thinking of implementing this as follows. Login failure count > >> > will increment each time an authentication failure occurs. > > Make sure this works with both form and "basic auth" login failures. > > Any idea how to accumulate for Basic Auth (which I'm assuming uses the > http 401 status code)? Both auth methods are currently supported(form is default) in the code. > > > > Stats table needs a survey_id field right? > > Not in my initial thought, because the statistics are system-wide, not > per survey. Though my need doesn't require per-survey stats, I > suppose there are cases where collecting per survey would be useful. > However, authfail wouldn't apply per-survey, because there's no way to > know a priori to which survey a log in applies. > > > > >> > An interface would be provided in the administrator section to review > >> > these values and to reset them, as well. > > Would it make sense to expand the survey results viewing page to include > > these stats instead of a new page and add stats reset to the survey > > status page? > > Possibly, but my gut feeling is a separate page is more applicable. I > don't view these statistics as "results," so I don't think > complicating the survey results and status page is warranted. My > recommendation stays to keep all statistics related functionality on a > separate page. > > > bishop > |
|
From: Bishop B. <ph...@id...> - 2008-01-11 19:10:23
|
> I like the idea of a stats table and the stats you are collecting. The > way you plan to implement will collect for a survey regardless of how > many surveyors participate? For survey foo, 10 authfails, 20 abandoned, > etc....? Yes, these statistics will accumulate regardless of the number of =20 surveyors and, perhaps most importantly, these statistics are not =20 per-survey, but system wide. >> > I'm thinking of implementing this as follows. Login failure count >> > will increment each time an authentication failure occurs. > Make sure this works with both form and "basic auth" login failures. Any idea how to accumulate for Basic Auth (which I'm assuming uses the =20 http 401 status code)? > Stats table needs a survey_id field right? Not in my initial thought, because the statistics are system-wide, not =20 per survey. Though my need doesn't require per-survey stats, I =20 suppose there are cases where collecting per survey would be useful. =20 However, authfail wouldn't apply per-survey, because there's no way to =20 know a priori to which survey a log in applies. >> > An interface would be provided in the administrator section to review >> > these values and to reset them, as well. > Would it make sense to expand the survey results viewing page to include > these stats instead of a new page and add stats reset to the survey > status page? Possibly, but my gut feeling is a separate page is more applicable. I =20 don't view these statistics as "results," so I don't think =20 complicating the survey results and status page is warranted. My =20 recommendation stays to keep all statistics related functionality on a =20 separate page. bishop --=20 Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Matthew G. <mat...@gm...> - 2008-01-11 19:02:47
|
See below....
On Fri, 2008-01-11 at 13:47 -0500, Bishop Bettini wrote:
> I would like to make one addition to this thought: there needs to also
> be a "suspended" statistic, to capture the number of users who have
> saved their surveys to come back later. Thus, the logic becomes:
>
> authfail++ if authentication fails
> abandoned++ if starting a survey for the first time
> abandoned-- if submitting a valid survey or suspending
> suspended++ if saving survey for later
> suspended-- if submitting a previously suspended survey
> completed++ if submitting a valid survey
>
> These statistics don't separate first timers from repeat surveyors,
> but I'm not sure that's important. (It's not for my needs, as the
> surveys can be taken only once per user.)
>
> Thoughts?
>
I like the idea of a stats table and the stats you are collecting. The
way you plan to implement will collect for a survey regardless of how
many surveyors participate? For survey foo, 10 authfails, 20 abandoned,
etc....?
> >
> > I'm thinking of implementing this as follows. Login failure count
> > will increment each time an authentication failure occurs.
Make sure this works with both form and "basic auth" login failures.
> Abandoned
> > survey count will increment each time a user starts a survey, then
> > decrements each time a user submits a valid survey (ie, all conditions
> > on responses are satisfied). Completed survey count will increment
> > each time a user submits a valid survey.
> >
> > All of these would be implemented in a single "statistics" table, as follows:
> >
> > CREATE TABLE statistics (
> > metric ENUM ('authfail','abandoned','completed') NOT NULL,
> > value INTEGER NOT NULL DEFAULT 0,
> > PRIMARY KEY (metric)
> > );
> > INSERT INTO statistics VALUES
> > ('authfail', 0),
> > ('abandoned', 0),
> > ('completed', 0)
> > ;
> >
Stats table needs a survey_id field right?
> > An interface would be provided in the administrator section to review
> > these values and to reset them, as well.
Would it make sense to expand the survey results viewing page to include
these stats instead of a new page and add stats reset to the survey
status page?
> >
> > Thoughts?
> >
> > bishop
--
Matthew Gregg <mat...@gm...>
|
|
From: Bishop B. <ph...@id...> - 2008-01-11 18:47:46
|
I would like to make one addition to this thought: there needs to also =20
be a "suspended" statistic, to capture the number of users who have =20
saved their surveys to come back later. Thus, the logic becomes:
authfail++ if authentication fails
abandoned++ if starting a survey for the first time
abandoned-- if submitting a valid survey or suspending
suspended++ if saving survey for later
suspended-- if submitting a previously suspended survey
completed++ if submitting a valid survey
These statistics don't separate first timers from repeat surveyors, =20
but I'm not sure that's important. (It's not for my needs, as the =20
surveys can be taken only once per user.)
Thoughts?
bishop
Quoting Bishop Bettini <ph...@id...>:
> All,
>
> For my surveys, I'm interested in knowing how many people could not
> log in (thus failing to complete their surveys) as well as how many
> people have "given up" while filling out their survey and abandoned
> the process.
>
> I'm thinking of implementing this as follows. Login failure count
> will increment each time an authentication failure occurs. Abandoned
> survey count will increment each time a user starts a survey, then
> decrements each time a user submits a valid survey (ie, all conditions
> on responses are satisfied). Completed survey count will increment
> each time a user submits a valid survey.
>
> All of these would be implemented in a single "statistics" table, as follo=
ws:
>
> CREATE TABLE statistics (
> metric ENUM ('authfail','abandoned','completed') NOT NULL,
> value INTEGER NOT NULL DEFAULT 0,
> PRIMARY KEY (metric)
> );
> INSERT INTO statistics VALUES
> ('authfail', 0),
> ('abandoned', 0),
> ('completed', 0)
> ;
>
> An interface would be provided in the administrator section to review
> these values and to reset them, as well.
>
> Thoughts?
>
> bishop
>
> --=20
> Bishop Bettini
> ideacode, Inc.
> (main) +1 919 341 5170 / (fax) +1 919 521 4100
>
> Visit us on the web at:
> ideacode.com Professional software research and development
> reviewmysoftware.com Improve sales! Review your software before you relea=
se
> bytejar.com Solutions to those annoying development problems
--=20
Bishop Bettini
ideacode, Inc.
(main) +1 919 341 5170 / (fax) +1 919 521 4100
Visit us on the web at:
ideacode.com Professional software research and development
reviewmysoftware.com Improve sales! Review your software before you release
bytejar.com Solutions to those annoying development problems
|
24 messages has been excluded from this view by a project administrator.
