phpsecurityadm-devel Mailing List for SecurityAdmin for PHP (Page 2)
Brought to you by:
koivi
Menu
▾
▴
phpsecurityadm-devel — Developer's mailing list for phpSecurityAdm
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
(9) |
Apr
|
May
(18) |
Jun
(5) |
Jul
(3) |
Aug
(16) |
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Albert L. <al...@pl...> - 2003-06-05 14:56:02
|
Hi Justin, Are you feeling confident about the documentation I've updated? I just added a bit about the password recovery Q&A. If so, let's release version 3.1 to sourceforge.net. I'm still researching the xml sitemaps. I definitely do not want to re-invent the wheel. Thanks, Alby |
|
From: Albert L. <al...@pl...> - 2003-05-30 16:10:30
|
On 5/30/03 10:59 AM, "Justin Koivisto" <ju...@ko...> wrote: > OK, I have tested and made a few changes. I had a few problems with > using the wildcards and SITE_PATH at first. I have added entries in the > config for SitePath and SiteOldPath. > > If the app is moved, the SiteOldPath would hold the previous value of > the SitePath, and SitePath would then hold the new site or app root > (based on URI). Doing this elminimated problems of files having the same > name in different folders being applied the same access rights. Very smart. > I am thinking that the XML file idea would work much better for this > stuff because once you updated the file, you could run an update method > that would actually update the database, eliminating the need for the > stuff that I just hacked in. That's not exactly what I was thinking but it makes sense. The sitemap is usually transformed and cached - I guess the db structure could be the "cache". I'll have to think about this some more. > I won't commit to CVS just yet, I want to check out about using the XML > file for initializing/updating the structure instead. We should hold off on integrating this right now. I just wanted to see if you would consider doing so as we move forward and it sounds like you will. It will be smart to do as it make it easier to integrate with newer style web app architectures. It is complicated though and we should consider the different possibilities. I'll spend some more time thinking about how this can work and get back to you. For now, lets just release a well tested version 3.1 that is solid. I'll try to bring in some other developers to improve discussions for the sitemap considerations. Lets stay with SF for now, the problem with CVS is for the translations? You want to make lang accessible to other developers? I don't think you can have different groups of developers, can you? |
|
From: Justin K. <ju...@ko...> - 2003-05-30 14:59:51
|
OK, I have tested and made a few changes. I had a few problems with using the wildcards and SITE_PATH at first. I have added entries in the config for SitePath and SiteOldPath. If the app is moved, the SiteOldPath would hold the previous value of the SitePath, and SitePath would then hold the new site or app root (based on URI). Doing this elminimated problems of files having the same name in different folders being applied the same access rights. I am thinking that the XML file idea would work much better for this stuff because once you updated the file, you could run an update method that would actually update the database, eliminating the need for the stuff that I just hacked in. I won't commit to CVS just yet, I want to check out about using the XML file for initializing/updating the structure instead. |
|
From: Justin K. <ju...@ko...> - 2003-05-30 14:46:46
|
Albert Lash wrote: >>>Have you thought any more about the idea of replacing the site structure >>>with an xml document? >> >>Hmm.. I forgot about that... Run it by me again to refresh my memory. > > Rather than having the db define > the site structure, you can have an xml document that specifies the site > structure. Often called a sitemap. This concept is tried and true - used in > Cocoon (a Java CMS), Popoon (a php CMS framework used in BitFlux), and > Nexista (a php application platform). PSA would then read the sitemap file > rather that the page urls from the db. The best part of this is that > developers could then use the sitemap file to also specify class includes > based on uri, and much much more. It does sound like a good idea. I don't know how you'd go about using wildcards in a site map though - especially if your site uses the XML file to generate it as a navigation point for users. I can see how this would be good for initializing and updating the site structure. However, we'd have to add functionality to automatically determine how to create wildcard entries where they want them in a way that it wouldn't effect the site map XML file if it is being used for the site itself. I will take a look into this some more and post a few ideas of how it can work. Once the plan is laid out, we could proceed from there. > I would have to suggest checking out Nexista. http://www.nexista.com/ The > code is very clean and well thought out though a little nebulous and tries > to be everything to everyone. It at least is a very good example of how a > sitemap is used. I will try to check this out. >>That reminds me... do have experience with the SourceForge CVS? >>Specifically setting up write access for developers to certain directories? > > I don't! And I'm getting a bit frustrated at Sourceforge in general. There > is also Tigris which seems very nice. http://www.tigris.org/ This is where > Nexista will be hosted once the developer releases the most up to date > version to the public. I will check this out as well. |
|
From: Albert L. <al...@pl...> - 2003-05-30 14:07:07
|
>> Have you thought any more about the idea of replacing the site structure >> with an xml document? > > Hmm.. I forgot about that... Run it by me again to refresh my memory. > Also, if you post it to the list, maybe we'll be able to get some more > input from other developers... However, it does seem like it is just the > two of us right now ;) True, but I'm sure in time they will come. Rather than having the db define the site structure, you can have an xml document that specifies the site structure. Often called a sitemap. This concept is tried and true - used in Cocoon (a Java CMS), Popoon (a php CMS framework used in BitFlux), and Nexista (a php application platform). PSA would then read the sitemap file rather that the page urls from the db. The best part of this is that developers could then use the sitemap file to also specify class includes based on uri, and much much more. I would have to suggest checking out Nexista. http://www.nexista.com/ The code is very clean and well thought out though a little nebulous and tries to be everything to everyone. It at least is a very good example of how a sitemap is used. > That reminds me... do have experience with the SourceForge CVS? > Specifically setting up write access for developers to certain directories? I don't! And I'm getting a bit frustrated at Sourceforge in general. There is also Tigris which seems very nice. http://www.tigris.org/ This is where Nexista will be hosted once the developer releases the most up to date version to the public. |
|
From: Justin K. <ju...@ko...> - 2003-05-30 13:40:46
|
Albert Lash wrote: > That's the right idea. I updated some of the documentation a little today, > just to get started. Has the GetText for translations been implemented? Yes, gettext is being used... (Man that documentation must be old! LOL) > I've been testing out the problem I had with manual password change and it > appears to have been fixed. I've prepended all the variables in > user_passwordreset with psa_. Cool. > Have you thought any more about the idea of replacing the site structure > with an xml document? Hmm.. I forgot about that... Run it by me again to refresh my memory. Also, if you post it to the list, maybe we'll be able to get some more input from other developers... However, it does seem like it is just the two of us right now ;) That reminds me... do have experience with the SourceForge CVS? Specifically setting up write access for developers to certain directories? |
|
From: Albert L. <al...@pl...> - 2003-05-30 12:54:06
|
> > OK, so now I have in config.php: > > $PSA_SCR=array( > 'Type' => 'mysql', > 'Host' => 'localhost', > 'User' => 'user', > 'Password' => 'pass', > 'Database' => 'psa_db', > 'Language' => 'en', > 'SiteName' => 'www.your_domain.com', > 'SitePath' => $_SERVER['DOCUMENT_ROOT'], > 'IncludePath' => dirname(__FILE__).'/../../metabase', > 'MbSchemaDir' => dirname(__FILE__).'/..' > ); > > in the constructor: > > if(isset($PSA_SCR['SitePath'])){ > $this->SITE_PATH=$PSA_SCR['SitePath']; > }else{ > $this->SITE_PATH=$_SERVER['DOCUMENT_ROOT']; > } > > and the hasRights method: > > function hasRights($url,$url2=''){ > $this->ERROR=array(); > // Make sure that the database will contain the full URI for > the page > > $url=preg_replace('/(\?|&)'.session_name().'=[A-Z0-9]{32}/i','',$url); > > $url2=preg_replace('/(\?|&)'.session_name().'=[A-Z0-9]{32}/i','',$url2); > $url3=$this->scr['SitePath'].$url; > $url4=$this->scr['SitePath'].$url2; > $query="SELECT groups FROM psa_users WHERE > id=".$this->db->GetTextFieldValue($_SESSION['PSA_psaun']); > $result=$this->db->Query($query); > if(!$result){ > $this->ERROR[]=$this->db->Error(); > return FALSE; > } > $groups=explode(',',$this->db->FetchResult($result,0,0,0)); > > $query='SELECT id FROM psa_pages WHERE > page='.$this->db->GetTextFieldValue($url). > ' OR page='.$this->db->GetTextFieldValue($url2). > ' OR page='.$this->db->GetTextFieldValue($url3). > ' OR page='.$this->db->GetTextFieldValue($url4); > > $tmp=explode('/',$url2); > $running=''; > $running2=$this->SITE_PATH; > foreach($tmp as $part){ > $running.=$part.'/'; > $running2.=$part.'/'; > $query.=' OR page='.$this->db->GetTextFieldValue($running.'*'). > ' OR page='.$this->db->GetTextFieldValue($running2.'*'); > } > $result=$this->db->Query($query); > if(!$result){ > $this->ERROR[]=$this->db->Error(); > return FALSE; > } > for($i=0;$i<$this->db->NumberOfRows($result);++$i){ > $pageid=$this->db->FetchResult($result,$i,0); > reset($groups); > while(list($k,$gid)=@each($groups)){ > $rightsar=$this->getProfile($gid); > $page_rights=unserialize($rightsar['rights']); > if(isset($page_rights[$pageid])) > return TRUE; > } > } > // no match in the database > $this->ERROR[]=_("You do not have access rights to this content"); > return FALSE; > } > > I haven't tested these yet, but I will sometime today That's the right idea. I updated some of the documentation a little today, just to get started. Has the GetText for translations been implemented? I've been testing out the problem I had with manual password change and it appears to have been fixed. I've prepended all the variables in user_passwordreset with psa_. Have you thought any more about the idea of replacing the site structure with an xml document? Albert |
|
From: Justin K. <ju...@ko...> - 2003-05-29 19:12:36
|
Albert Lash wrote:
> On 5/29/03 12:22 PM, "Justin Koivisto" <ju...@ko...> wrote:
>
>>Albert Lash wrote:
>>
>>>What's next for PSA? Do you want to keep testing CVS before we release?
>>
>>There are still some things that can be cleaned up with the password
>>reset. Really, they are minor, but all the form fields and variables
>>used in the GUI pages should be prefixed with PSA_ so it doesn't clash
>>with other applications. Other than that, it is time to start doing some
>>documentation.
>>
>>>Some small additions we should include now are a prefix setting so
>>the app
>>>can be moved to different folders with reference to the security folder.
>>
>>Do you mean like $PSA_PATH in index.php on line 24 and _restrict.php on
>>line 4?
>
> No, that's not what I'm talking about. If I built the site structure off the
> document root as is done now, but then realized I wanted to put in into
> another folder on a different server, I would have to add that folder name
> to the beginning of every page in the site structure. I hacked it in using
> this:
>
> $PSA_page = $_SERVER['PHP_SELF'];
> $PSA_page = str_replace("$MMHOME", "", $PSA_page);
>
> Where $MMHOME points to the root of the app. It would be nice if this were a
> part of the config file.
>
> I'm not talking about if you move psa, but if you move the app that it is
> controlling the access to.
Gotcha.
OK, so now I have in config.php:
$PSA_SCR=array(
'Type' => 'mysql',
'Host' => 'localhost',
'User' => 'user',
'Password' => 'pass',
'Database' => 'psa_db',
'Language' => 'en',
'SiteName' => 'www.your_domain.com',
'SitePath' => $_SERVER['DOCUMENT_ROOT'],
'IncludePath' => dirname(__FILE__).'/../../metabase',
'MbSchemaDir' => dirname(__FILE__).'/..'
);
in the constructor:
if(isset($PSA_SCR['SitePath'])){
$this->SITE_PATH=$PSA_SCR['SitePath'];
}else{
$this->SITE_PATH=$_SERVER['DOCUMENT_ROOT'];
}
and the hasRights method:
function hasRights($url,$url2=''){
$this->ERROR=array();
// Make sure that the database will contain the full URI for
the page
$url=preg_replace('/(\?|&)'.session_name().'=[A-Z0-9]{32}/i','',$url);
$url2=preg_replace('/(\?|&)'.session_name().'=[A-Z0-9]{32}/i','',$url2);
$url3=$this->scr['SitePath'].$url;
$url4=$this->scr['SitePath'].$url2;
$query="SELECT groups FROM psa_users WHERE
id=".$this->db->GetTextFieldValue($_SESSION['PSA_psaun']);
$result=$this->db->Query($query);
if(!$result){
$this->ERROR[]=$this->db->Error();
return FALSE;
}
$groups=explode(',',$this->db->FetchResult($result,0,0,0));
$query='SELECT id FROM psa_pages WHERE
page='.$this->db->GetTextFieldValue($url).
' OR page='.$this->db->GetTextFieldValue($url2).
' OR page='.$this->db->GetTextFieldValue($url3).
' OR page='.$this->db->GetTextFieldValue($url4);
$tmp=explode('/',$url2);
$running='';
$running2=$this->SITE_PATH;
foreach($tmp as $part){
$running.=$part.'/';
$running2.=$part.'/';
$query.=' OR page='.$this->db->GetTextFieldValue($running.'*').
' OR page='.$this->db->GetTextFieldValue($running2.'*');
}
$result=$this->db->Query($query);
if(!$result){
$this->ERROR[]=$this->db->Error();
return FALSE;
}
for($i=0;$i<$this->db->NumberOfRows($result);++$i){
$pageid=$this->db->FetchResult($result,$i,0);
reset($groups);
while(list($k,$gid)=@each($groups)){
$rightsar=$this->getProfile($gid);
$page_rights=unserialize($rightsar['rights']);
if(isset($page_rights[$pageid]))
return TRUE;
}
}
// no match in the database
$this->ERROR[]=_("You do not have access rights to this content");
return FALSE;
}
I haven't tested these yet, but I will sometime today
> Good point, but I really suck at documentation and I had forgot you had
> suggested that. I'll hack some stuff together - do you want me to work off
> the documentation that exists?
Yes, you can start with that. There shouldn't be a whole lot to change,
but maybe some re-phrasing is in order.
> I like the $PSA_ prepend for the variables, very smart.
SuperAlberT suggested that one a while back. ;)
> Are wildcards already included?
In the documentation? I think so... In the app, yes, I've been using it
for my mod-rewrite sites ;)
|
|
From: Justin K. <ju...@ko...> - 2003-05-29 16:22:56
|
Albert Lash wrote: > What's next for PSA? Do you want to keep testing CVS before we release? There are still some things that can be cleaned up with the password reset. Really, they are minor, but all the form fields and variables used in the GUI pages should be prefixed with PSA_ so it doesn't clash with other applications. Other than that, it is time to start doing some documentation. > Some small additions we should include now are a prefix setting so the app > can be moved to different folders with reference to the security folder. Do you mean like $PSA_PATH in index.php on line 24 and _restrict.php on line 4? > Also, it would be cool to add wildcards to the site structure. We both like > mod_rewrite so we should also think about how to take care of that. This is what I mean about documentation... That's already done and implemented. In fact, I think it was even in the last release. ;) |
|
From: Albert L. <al...@pl...> - 2003-05-29 15:23:06
|
Hi Justin, What's next for PSA? Do you want to keep testing CVS before we release? Some small additions we should include now are a prefix setting so the app can be moved to different folders with reference to the security folder. Also, it would be cool to add wildcards to the site structure. We both like mod_rewrite so we should also think about how to take care of that. Albert |
|
From: Justin K. <ju...@ko...> - 2003-05-27 13:10:34
|
Albert Lash wrote: >>Well, I have updated the config file for a little better explanation. I >>don't think that this is a big deal since if you run the install_db from >>command line like suggested, then all you need to do is point it to any >>directory that you can write to. Using a web browser is when it becomes >>a pain in the arse. > Unfortunately not that many people have the cgi version of php installed. If > they have to load it up in the browser it should still work as long as there > isn't any copying going on and the file is in a webserver accessible > directory which it probably would be since they are going to access the > admin pages. Actually, anyone using Windows will have the cli version installed, and I'm not sure, but the newest php builds the cli version from source by default as well (located in the php-4.3.x/sapi/cli directory). When Metabase parses an XML schema file, it writes a copy of it in order to use it if there are updates run at a later time. This would make it easier to update from previous versions if we change the field types or make other changes. >>Maybe we should concentrate on the documentation for the package to help >>explain how things work and how to get them to work. >> > You're right. I'm horrible at writing docs and usually make things more > complicated than they need to be but will give it a shot when I get a > second. >>OK, I see that the password was changing, but the user kept getting set >>to inactive - if you weren't an admin. I fixed that in the >>user_edit_conection.php script so that should stop happening. > Hmm, for me its not changing at all. I'll update to see if your change fixes > it for me. It had to do with the user not being shown the "activate" checkbox in the form. When the form was posted, it always assumed that it was there, so when the values wasn't set, it deactivated a user any time they tried to update their password. *Note* when sending a reply, bottom post rather than top post, it will keep the natural flow of the conversation. ;) |
|
From: Albert L. <al...@pl...> - 2003-05-24 16:46:01
|
Unfortunately not that many people have the cgi version of php installed. If they have to load it up in the browser it should still work as long as there isn't any copying going on and the file is in a webserver accessible directory which it probably would be since they are going to access the admin pages. > Well, I have updated the config file for a little better explanation. I > don't think that this is a big deal since if you run the install_db from > command line like suggested, then all you need to do is point it to any > directory that you can write to. Using a web browser is when it becomes > a pain in the arse. You're right. I'm horrible at writing docs and usually make things more complicated than they need to be but will give it a shot when I get a second. > Maybe we should concentrate on the documentation for the package to help > explain how things work and how to get them to work. > Hmm, for me its not changing at all. I'll update to see if your change fixes it for me. > OK, I see that the password was changing, but the user kept getting set > to inactive - if you weren't an admin. I fixed that in the > user_edit_conection.php script so that should stop happening. |
|
From: Justin K. <ju...@ko...> - 2003-05-23 20:32:02
|
Albert Lash wrote: > On testing, first thing I've noticed is that installing the db is a serious > pain even for people who know what they are doing. I'd like to get rid of > the part that takes the schema from the include path. For a first time > install you shouldn't have to change the permissions on a folder. Well, I have updated the config file for a little better explanation. I don't think that this is a big deal since if you run the install_db from command line like suggested, then all you need to do is point it to any directory that you can write to. Using a web browser is when it becomes a pain in the arse. Maybe we should concentrate on the documentation for the package to help explain how things work and how to get them to work. > Second, the manual update of the password isn't working. Haven't looked that > far into the problem but thought I should report it. OK, I see that the password was changing, but the user kept getting set to inactive - if you weren't an admin. I fixed that in the user_edit_conection.php script so that should stop happening. |
|
From: Albert L. <al...@pl...> - 2003-05-23 19:53:10
|
On testing, first thing I've noticed is that installing the db is a serious pain even for people who know what they are doing. I'd like to get rid of the part that takes the schema from the include path. For a first time install you shouldn't have to change the permissions on a folder. Second, the manual update of the password isn't working. Haven't looked that far into the problem but thought I should report it. Alby On 5/23/03 1:06 PM, "Justin Koivisto" <ju...@ko...> wrote: > OK, I have now updated the CVS (major update). I finished cleaning up > the password reset functionality (test it out). I also slightly changed > the API of the Error() method to facilitate for multiple error messages > (using arrays). > > Be sure to start with a fresh database structure from the schema file > because there were a couple small changes there. > > Also, all the PO files have been updated, so I will post an > anncouncement for translators to check out the latest files on the > sourceforge web site. > > Also, if anyone on the list knows how to set the damn write access for > sourceforge CVS, please let me know how! I want each translator to be > able to update their PO file as necessary, but that's all they need > access to. The sf.net docs are confusing to me for some reason. > > Well, that's all.. big CVS update - start from scratch when testing - > we'll worry about upgrade stuff later. > > Anyone wanna tackle doc writing? ;) > > Happy testing!! > > Justin Koivisto |
|
From: Justin K. <ju...@ko...> - 2003-05-23 17:06:15
|
OK, I have now updated the CVS (major update). I finished cleaning up the password reset functionality (test it out). I also slightly changed the API of the Error() method to facilitate for multiple error messages (using arrays). Be sure to start with a fresh database structure from the schema file because there were a couple small changes there. Also, all the PO files have been updated, so I will post an anncouncement for translators to check out the latest files on the sourceforge web site. Also, if anyone on the list knows how to set the damn write access for sourceforge CVS, please let me know how! I want each translator to be able to update their PO file as necessary, but that's all they need access to. The sf.net docs are confusing to me for some reason. Well, that's all.. big CVS update - start from scratch when testing - we'll worry about upgrade stuff later. Anyone wanna tackle doc writing? ;) Happy testing!! Justin Koivisto |
|
From: Justin K. <ju...@ko...> - 2003-05-22 15:37:15
|
OK, I finally got a chance to start working on the password reset stuff. I will be working on it today, and hopefully have it all cleaned up and committed to CVS before I go home today. (Or course, if depends on what else I have going on here. I find it really nice to be able to work on what started as a personal project and be able to use and debug it at work ;) |
|
From: Albert L. <al...@pl...> - 2003-05-16 20:54:41
|
Justin, The password reset function is working. It needs cleaning up, but everything is there. For some reason the password change wasn't working either - the GetBoolean(1) wasn't working - the field is a char field and active is Y, not 1. Maybe this is something about metabase I am not aware of. I say let's release it ASAP after a little more testing and then inch it along. Or do you prefer perfecting it before release? Maybe we can release an alpha? It works but needs polishing. I've also added the logic to update the password reset table when you manually update your password. I think we need another update password function for when the user is not logged in, but is authorized to change it. I'd really be interested to hear what you think of the solution. Albert |
|
From: Albert L. <al...@pl...> - 2003-05-15 20:22:14
|
Hi Koivi, I've made several updates to the code. The framework is there. It needs two additional db verifications and then we should be good to link up to the reset password function that already exists. Its turning into a mess now though I feel and would like you to take a half an hour and run through it. Please let me know what you think. Also, I'd like to add another setting to the psa settings table. A path prepend variable to be able to drop an app into another folder without having to change up the site structure. Let me know what you think, would the db calls slow it down too much? Al |
|
From: Justin K. <ju...@ko...> - 2003-05-08 13:20:28
|
Where do we stand on the password retrieval stuff? I haven't had time to check on the project for a while because I have been so busy with other things. Is the code placed in the class and working (or being tested)? Is the database schema updated to work with the class code? What was changed? Has there been any links for the recovery added to the GUI and/or the login form? Other pages been made for the recovery? I'd like to try and get this together to make another release for testing soon. THanks, Justin |
|
From: Justin K. <ju...@ko...> - 2003-03-26 13:55:41
|
Albert Lash wrote: > In user_passwordreset.php, I've got this type of email info: > > If you have lost your password, we will do > out best to return your account to your control. But first, > we need a little input from you to assure that you are indeed who > you say you are.</P><P>We have a quick and easy two step password > recovery process. First, we will send an email to the account listed > with your registration information. Second, we will ask the personal > question that you chose upon registration. You will then have the > opportunity to reset your password. > > This is somewhat generic so should this be given some gettext instructions? > Or should this simply go into the config.php file also? Change "</P><P>" to "<br><br>" because none of the other text on the site uses the <p> tag. I think can be put into the file for gettext to parse. However, be sure to check that if the user is an admin that a form simply appears so they can manually reset it. |
|
From: Justin K. <ju...@ko...> - 2003-03-26 13:51:55
|
Albert Lash wrote:
> I'm also going to include the email registration part for account
> verification, user registers, system sends email, user clicks on link in
> email -> account is verified. There should be some settings for whether the
> admin will require this as well as the password question and answer. I'll
> add these to the settings section interface and the settings part of the db,
> as well as the schema.
This sound alright. Implement it as a separate class method. Then in the
addUser method, we can add a flag that when true will send out the
verification. We can have the flag set in the config file for easy access.
The reson behind this is that there are times when the user isn't
requesting the account, so you'd want to leave control to the admin.
This is the way that I use PSA mostly for CMS programming where I choose
who can have an account, and whether it is active or not. I'm sure that
I can't be the only one to do it this way.
> This increases the complexity of it, but I won't add anything else until all
> these issues are fully implemented.
So right now, the development is focused on password recovery and
account verification methods. Now all I need to do is get some more time
to actually look into what you have got going on. When you have working
(or nearly working) code, let me know and I will try to find time to
look it over and be sure that everything is fitting into the class and
GUI as expected.
Also, one other note on coding. Don't use the orphan brackets like:
if ($condition)
{
// code
}
Use the old C style like:
if($condition){
// code
}
I can't stand the other mehtod for some reason.
|
|
From: Albert L. <al...@pl...> - 2003-03-25 14:01:00
|
Great. I've made a couple of changes but got real busy recently - need to finish up later. Also I have some questions about how to get the random link into the message body if its configured from another file. I'll follow up. > For sendMailConfirm: > > * don't use global statements. Instead, have an array passed that > contains the required variables. > > * don't hardcode parameters for the mail message. Let the user pass the > subject, message, etc. so that it can be customized. > > * might want to allow the activation link to be sent as a separate array > element so the format can be checked in the function. > > * this array would then go into the config.php file so the users can > easily see what the default values are and can easily edit them. In this > case, I don't think it would be necessary to use gettext on the > variables since the user will set them to what they want anyway. |
|
From: Justin K. <ju...@ko...> - 2003-03-24 14:33:03
|
Albert Lash wrote: > Did you get a chance to check out the stuff I added to the PSA class? I just > wanted a nod from you to make sure I was going in the right direction. You > don't need to work on it at all just review it real quick. Just glanced at it, and here's a couple notes: In user_passwordreset.php: * Don't use $user = $_GET['id']; Use the value from the _GET array instead. * all the variables in psa should be pre-pended with PSA_, so use PSA_user or something similar For the class itself, I did start looking into that a bit more. I started editing a couple of the functions, so be sure the check over what I have done. For sendMailConfirm: * don't use global statements. Instead, have an array passed that contains the required variables. * don't hardcode parameters for the mail message. Let the user pass the subject, message, etc. so that it can be customized. * might want to allow the activation link to be sent as a separate array element so the format can be checked in the function. * this array would then go into the config.php file so the users can easily see what the default values are and can easily edit them. In this case, I don't think it would be necessary to use gettext on the variables since the user will set them to what they want anyway. PS - when you reply-all, remove my email address from the to field so I only get one copy of the message ;) |
|
From: Albert L. <al...@pl...> - 2003-03-24 14:07:21
|
Hi Justin, Did you get a chance to check out the stuff I added to the PSA class? I just wanted a nod from you to make sure I was going in the right direction. You don't need to work on it at all just review it real quick. Albert |
|
From: Albert L. <al...@pl...> - 2003-03-19 23:03:33
|
Hi Justin, Still haven't tested the queries but in trying to I added a bunch of stuff required for the system to work properly. Can you take a look at the class and the file user_passwordreset.php? I've added several functions to the class - is that alright? Furthermore I'm wondering if its OK to have so much logic in the password reset include file. Thanks. Al |
