phpwebsite-developers — For our development team.

Re: [Phpwebsite-developers] Key documentation written (badly)

[Matthew M. <ma...@tu...>]

This is the first I have seen of it.

I am looking into your concerns and will write up my thoughts tomorrow.

Real quick:

>From what I have looked at the most common queries to phpws_key are:

where id = ?
where module = ?
where id = ? and restricted = ?

Understand rewriting key is a major undertaking so I must be positive
the delay would be worth it.

More tomorrow,
Matt


On Tue, 2006-05-02 at 14:46 -0500, Eloi George wrote:
> Hi Matt!
> I never heard a reply on this message.  Just wanted to make sure you 
> didn't miss it.
> Cheers, Eloi
> 
> 
> 
> Eloi George wrote:
> > Matthew McNaney wrote:
> >> Seriously, I'm not sure. However, this table is indexed by the id and
> >> modules using the key class keep this value in their own table. That
> >> should be the only column searched on a regular basis. I am certainly
> >> not an expert on optimization, but it would seem faster to have one
> >> table of items than several tables with duplicate information.
> >
> > It's only faster for this query:
> > SELECT * FROM keys WHERE key_id IN (8,434,353543,...,4434322)
> > where the records involved have different module names (but you can't 
> > search on that).  If they're all from the same module, all efficiency 
> > is lost because of the unnecessarily large index.
> >
> > On a very large Key table phpWS will slow down when any of the 
> > following happens:
> > - you include anything other than an integer-indexed column in the 
> > WHERE clause,
> > - you include more than one column in the WHERE clause,
> > - your db server uses a hard drive that's optimized for high 
> > throughput instead of fast seeks.
> >
> > It's more efficient to break the table up into module-specific 
> > subsets, eg. "mod_<module_name>_key" because the majority of queries 
> > generated are for either 1) a specific key_id where the module is 
> > known or 2) a search across key records (for active,
> > create_date, update_date, etc.) where the module is known.
> > Only a couple modules will search across different modulenames and 
> > even then they only need results from a subset of the installed 
> > modules on the site.  These searches can still be done just as 
> > efficiently with UNION ALL clauses.  *More* efficiently if you count 
> > the fact that indexes for unwanted modules are automatically excluded.
> >
> >>> Why are we not using the user ids of the author & editors?  I think 
> >>> we should because I've had to change the usernames of 3 people over 
> >>> the last 2 years, and it was a very long process.  I think it breaks 
> >>> some sort of database normilization rule as well.
> >>>   
> >> Two reasons I did it this way. First, if I store the id, I have to join
> >> with the users table to grab the display name. Not a big deal, but it is
> >> certainly easier for developers to just have that information local.
> >> Second, I was worried about deleted users. If a user has been removed,
> >> their name will still be associated with the key. With an id, I would
> >> get a FALSE when trying to pull the display name.
> >>   
> >
> > But, users should never be deleted, just made inactive.  Let's say you 
> > delete user "jack33" & a year later someone else registers with that 
> > name.  That person automatically inherits all forum posts, articles, 
> > calendar entries, etc. of the previous "jack33".  Chances are that 
> > they'll start deleting/changing all that old content, because its not 
> > theirs.  Indexing content on user_id will assure that that doesn't 
> > happen.  Even if the siteadmin decides to reuse names, a JOINed query 
> > would still be able to tell the difference between "jack33" and 
> > "jack33 (dead user)"
> >
> >> I can change it, but then getting the display name would require an
> >> extra database query per key listing. I am open to discussing options.
> >> For example, perhaps just adding creator_id and updater_id columns?
> >
> > That sounds great!  "creator" and "updater" could remain as cached 
> > data as long as the Coding Practices indicate that ownership & 
> > permissions checks must always be made against "creator_id", as the 
> > username held in "creator" may be incorrect, obsolete or a duplicate.
> >
> > creator_id should be indexed though, as many queries use this in the 
> > WHERE clause.
> >
> > -Eloi George-
> >
> 
> 
> 
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] Key documentation written (badly)

[Eloi G. <el...@re...>]

Hi Matt!
I never heard a reply on this message.  Just wanted to make sure you 
didn't miss it.
Cheers, Eloi



Eloi George wrote:
> Matthew McNaney wrote:
>> Seriously, I'm not sure. However, this table is indexed by the id and
>> modules using the key class keep this value in their own table. That
>> should be the only column searched on a regular basis. I am certainly
>> not an expert on optimization, but it would seem faster to have one
>> table of items than several tables with duplicate information.
>
> It's only faster for this query:
> SELECT * FROM keys WHERE key_id IN (8,434,353543,...,4434322)
> where the records involved have different module names (but you can't 
> search on that).  If they're all from the same module, all efficiency 
> is lost because of the unnecessarily large index.
>
> On a very large Key table phpWS will slow down when any of the 
> following happens:
> - you include anything other than an integer-indexed column in the 
> WHERE clause,
> - you include more than one column in the WHERE clause,
> - your db server uses a hard drive that's optimized for high 
> throughput instead of fast seeks.
>
> It's more efficient to break the table up into module-specific 
> subsets, eg. "mod_<module_name>_key" because the majority of queries 
> generated are for either 1) a specific key_id where the module is 
> known or 2) a search across key records (for active,
> create_date, update_date, etc.) where the module is known.
> Only a couple modules will search across different modulenames and 
> even then they only need results from a subset of the installed 
> modules on the site.  These searches can still be done just as 
> efficiently with UNION ALL clauses.  *More* efficiently if you count 
> the fact that indexes for unwanted modules are automatically excluded.
>
>>> Why are we not using the user ids of the author & editors?  I think 
>>> we should because I've had to change the usernames of 3 people over 
>>> the last 2 years, and it was a very long process.  I think it breaks 
>>> some sort of database normilization rule as well.
>>>   
>> Two reasons I did it this way. First, if I store the id, I have to join
>> with the users table to grab the display name. Not a big deal, but it is
>> certainly easier for developers to just have that information local.
>> Second, I was worried about deleted users. If a user has been removed,
>> their name will still be associated with the key. With an id, I would
>> get a FALSE when trying to pull the display name.
>>   
>
> But, users should never be deleted, just made inactive.  Let's say you 
> delete user "jack33" & a year later someone else registers with that 
> name.  That person automatically inherits all forum posts, articles, 
> calendar entries, etc. of the previous "jack33".  Chances are that 
> they'll start deleting/changing all that old content, because its not 
> theirs.  Indexing content on user_id will assure that that doesn't 
> happen.  Even if the siteadmin decides to reuse names, a JOINed query 
> would still be able to tell the difference between "jack33" and 
> "jack33 (dead user)"
>
>> I can change it, but then getting the display name would require an
>> extra database query per key listing. I am open to discussing options.
>> For example, perhaps just adding creator_id and updater_id columns?
>
> That sounds great!  "creator" and "updater" could remain as cached 
> data as long as the Coding Practices indicate that ownership & 
> permissions checks must always be made against "creator_id", as the 
> username held in "creator" may be incorrect, obsolete or a duplicate.
>
> creator_id should be indexed though, as many queries use this in the 
> WHERE clause.
>
> -Eloi George-
>

[Phpwebsite-developers] HTML_QuickForm

[Ken N. <ke...@co...>]

I came across this Pear class (HTML_QuickForm) today (an older version
of which is included with phpWebsite) and it has a couple of neat
validation functions (addRule and addGroupRule) which would be a nice
addition to Fallout.

Has anyone seen this before?  What are everyone's thoughts?

Ken

[Phpwebsite-developers] phpWebSite 1.0 beta release and conversions

[Matthew M. <ma...@tu...>]

Hello,

After a server explosion setback our timeline on having a phpWebSite 1.0
Beta release has been pushed back.

While Kevin fixed on the server, I was able to convert Phatform for 1.0.
I took notes while converting it and they are in Phatform's doc
directory.
You will also see the Photo Album conversion. I plan on revisiting it
later to make sure it is still working.
http://res.stddev.appstate.edu/cvs/conversions/

Here is a list of phpwebsite modules pre-1.0 and plans for them under
1.0.

announce - using Blog module instead. Although features differ, I will
be adding more to Blog as time goes on.

approval - Gone. Replaced with version module. Version is missing some
features (email notice, note mod support) but is operational

boost - rewritten and functional. The update links (link to a mod devs
page and tell you what version you should be running) need refreshing
and testing

branch - recently rewritten and seemingly function. added ability to
decided what modules a branch can use

calendar - still needs work. unfinished

comments - rewritten and functional. needs a once over

controlpanel - rewritten

debug - not even sure what this did. too lazy to look. gone anyway :)

documents - rewritten as filecabinet. much easier to put files into
content now

faq - will probably be rewritten.

fatcat - rewritten as categories. 

help - rewritten to be a real simple app. need to look at again

language - gone forever. using gettext instead. tested gettext using
French locale settings and "redneck" language files. only works with
core, users, blog. Still some more work to do. I want viewed
translations according to viewer and logged translations to use default
language.

layout - rewritten and very sturdy

linkman - rewritten then dropped. Will get back to it

menuman - rewritten as menu. rocks all over old version

modmaker - dropped

notes - rewritten but kinda just hanging out right now. I have plans for
it but I haven't gotten back to it.

pagemaster - rewritten as webpage. Functional

phatform - as said earlier: converted. Needs more testing

photoalbum - converted but needs testing

poll - no plans for it yet. may let community create, assign a student
or if I get spare time (ha) write it myself

scheduler - probably dropped and incorporated with calendar rewrite

search - rewritten. needs a little work because it isn't i18n compatible
right now. does some cool stuff though

security - gone. Access module does the same thing and better

skeleton - it's included but needs a treatment to be more helpful

stats - no plans right now. maybe we can get Darren in the dungeon one
more summer so update it.

users - rewritten

So that is the status of the modules.

I have also updated and written several docs. Conversion scripts have
been written for users, announcements to blog, and pagemaster to
webpage.

My plan is for Kevin and I to go over phpWebSite 1.0 next week and
squash bugs. We will then release a beta version on our site AND
sourceforge, hotscripts, freshmeat, etc.

Long term goals are a final release (of course), new themes, finish
calendar, and convert phpwebsite home page over to 1.0.

Have a good weekend and give cvs a try.

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] User Support Question: Problem with PageMaster not appearing in boost.

[James <ja...@sa...>]

Hi Greg,

Thanks for the info, but guys you *really* have to update your help file 
with this name change, or put it on the site somewhere obvious 'web pages 
is the new name for pagemaster'

<http://www.google.co.uk/search?hl=en&q=pagemaster+webpages+name+change+site%3Aphpwebsite.appstate.edu&btnG=Google+Search&meta=>

1 un-obvious reference (or am i blind somehow?)

surely a regex with perl on the help files wouldn't be too hard???

thanks again for your help

James



At 04:44 25/04/2006, you wrote:
>James,
>The "Web Pages" module is the pagemaster module.  Find Web Pages in
>boost and install.
>
>Hope that helps,
>Greg
>
>
>On 4/24/06, James <ja...@sa...> wrote:
> > Hello
> >
> > Yesterday I installed phpwebsite. I found no pagemaster module listed in
> > the boost section of my control panel, the module is present in my mod
> > folder, [phpwebsite/images is writeable by all (chmod 777) and so are the
> > subfolders (as instructed)].
> >
> > How do I make the pagemakes module appear in my control panel?
> >
> > I am using Core Version: 0.10.2, I am not entirely sure which flavour of
> > Linux I am running (host is register1.net). I am running Apache 2.0.52
> > (CentOS), PHP 4.3.9, MySQL 4.1.18 and am currently viewing the admin pages
> > with Firefox 1.0.7
> >
> > I notice the same problem has occured to another user, reported in the
> > forums at:
> > <http://www.phpwsforums.com/showthread.php?p=16510#post16510>
> >
> > Further googling and code sniffing have unfortunately revealed nothing.....
> >
> > my phpinfo page can be found here:
> > http://www.afunnyfarm.org.uk/phpinfo.php
> >
> > When installing these were my options for module install and the
> > conformation screen text:
> >
> > -------------------sample copy/pasted from installer
> > screen------------------------------
> >
> > -Click the checkbox next to the modules you wish to install, then click the
> > Install Selected Modules button.
> > -If you do not wish to install any extra modules at this time, click the
> > Install Core Only button.
> > -
> > -Form Generator
> > -Calendar
> > -Documents
> > -Branch Creator
> > -Block Maker
> > -Admin Stats
> > -Announcements
> > -Photo Albums
> > -Menu Manager
> > -Web Pages
> > -Steven's Scheduler
> > -FAQ
> > -RSS News Feeds
> > -Notes
> > -Comment Manager
> > -Module Maker
> > -Poll
> > -phpWebSite Debugger
> > -Bulletin Board
> > -Skeleton Module
> > -Link Manager
> > 
> -------------------------------------------------------------------------------------------------------------------------
> >
> > ------------------- second sample copy/pasted from installer
> > screen------------------------------
> >
> > -Core tables successfully installed!
> > -Building required modules
> > ***** Boost Module Upgrader installation successful! *****
> >
> > ***** Layout Manager installation successful! *****
> >
> > -All Control Panel tables successfully written.
> > ***** Control Panel installation successful! *****
> >
> > ***** Site Search installation successful! *****
> >
> > ***** Help System installation successful! *****
> >
> > ***** Language Administrator installation successful! *****
> >
> > ***** Approval installation successful! *****
> >
> > ***** User Manager installation successful! *****
> >
> > ***** Apache Settings installation successful! *****
> >
> > -FatCat image directories successfully created!
> > ***** FatCat Categorizer installation successful! *****
> >
> > -Registering Default Language
> > -Checking language file for Boost Module Upgrader:
> > * English language file installed
> > -Checking language file for Layout Manager:
> > * English language file installed
> > -Checking language file for Control Panel:
> > * English language file installed
> > -Checking language file for Site Search:
> > * English language file installed
> > -Checking language file for Help System:
> > * English language file installed
> > -Checking language file for Language Administrator:
> > * English language file installed
> > -Checking language file for Approval:
> > * English language file installed
> > -Checking language file for User Manager:
> > * English language file installed
> > -Checking language file for Apache Settings:
> > * English language file installed
> > -Checking language file for FatCat Categorizer:
> > * English language file installed
> > -Post Installation Procedures
> > -Layout Manager post-installation successful!
> >
> > -Control Panel post-installation successful!
> >
> > -Help System post-installation successful!
> >
> > -Language Administrator post-installation successful!
> >
> > -User Manager post-installation successful!
> >
> > -Building extra modules
> > -All Announcement tables successfully written.
> > -Announcements image directory ../images/announce successfully created!
> > -Checking language file for Announcements:
> > * English language file installed
> >
> > ***** Announcements installation successful! *****
> >
> > -All Menu Manager tables successfully written.
> > -Menuman image directory ../images/menuman successfully created!
> > -Checking language file for Menu Manager:
> > * English language file installed
> >
> > ***** Menu Manager installation successful! *****
> >
> > 
> --------------------------------------------------------------------------------------------------------------------------
> >
> > All help of course much appreciated, although there is a bit of a time
> > pressure for me (and I really don't want to have to install and write a
> > custom theme for Mambo!!)
> >
> > Thankyou
> >
> > James
> >
> >
> >
> > -------------------------------------------------------
> > Using Tomcat but need to do more? Need to support web services, security?
> > Get stuff done quickly with pre-integrated technology to make your job 
> easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > _______________________________________________
> > Phpwebsite-developers mailing list
> > Php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
> >
>
>
>-------------------------------------------------------
>Using Tomcat but need to do more? Need to support web services, security?
>Get stuff done quickly with pre-integrated technology to make your job easier
>Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>http://sel.as-us.falkag.net/sel?cmdk&kid0709&bid&3057&dat1642
>_______________________________________________
>Phpwebsite-developers mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers

Re: [Phpwebsite-developers] User Support Question: Problem with PageMaster not appearing in boost.

[Gregory M. <gre...@gm...>]

James,
The "Web Pages" module is the pagemaster module.  Find Web Pages in
boost and install.

Hope that helps,
Greg


On 4/24/06, James <ja...@sa...> wrote:
> Hello
>
> Yesterday I installed phpwebsite. I found no pagemaster module listed in
> the boost section of my control panel, the module is present in my mod
> folder, [phpwebsite/images is writeable by all (chmod 777) and so are the
> subfolders (as instructed)].
>
> How do I make the pagemakes module appear in my control panel?
>
> I am using Core Version: 0.10.2, I am not entirely sure which flavour of
> Linux I am running (host is register1.net). I am running Apache 2.0.52
> (CentOS), PHP 4.3.9, MySQL 4.1.18 and am currently viewing the admin page=
s
> with Firefox 1.0.7
>
> I notice the same problem has occured to another user, reported in the
> forums at:
> <http://www.phpwsforums.com/showthread.php?p=3D16510#post16510>
>
> Further googling and code sniffing have unfortunately revealed nothing...=
..
>
> my phpinfo page can be found here:
> http://www.afunnyfarm.org.uk/phpinfo.php
>
> When installing these were my options for module install and the
> conformation screen text:
>
> -------------------sample copy/pasted from installer
> screen------------------------------
>
> -Click the checkbox next to the modules you wish to install, then click t=
he
> Install Selected Modules button.
> -If you do not wish to install any extra modules at this time, click the
> Install Core Only button.
> -
> -Form Generator
> -Calendar
> -Documents
> -Branch Creator
> -Block Maker
> -Admin Stats
> -Announcements
> -Photo Albums
> -Menu Manager
> -Web Pages
> -Steven's Scheduler
> -FAQ
> -RSS News Feeds
> -Notes
> -Comment Manager
> -Module Maker
> -Poll
> -phpWebSite Debugger
> -Bulletin Board
> -Skeleton Module
> -Link Manager
> -------------------------------------------------------------------------=
------------------------------------------------
>
> ------------------- second sample copy/pasted from installer
> screen------------------------------
>
> -Core tables successfully installed!
> -Building required modules
> ***** Boost Module Upgrader installation successful! *****
>
> ***** Layout Manager installation successful! *****
>
> -All Control Panel tables successfully written.
> ***** Control Panel installation successful! *****
>
> ***** Site Search installation successful! *****
>
> ***** Help System installation successful! *****
>
> ***** Language Administrator installation successful! *****
>
> ***** Approval installation successful! *****
>
> ***** User Manager installation successful! *****
>
> ***** Apache Settings installation successful! *****
>
> -FatCat image directories successfully created!
> ***** FatCat Categorizer installation successful! *****
>
> -Registering Default Language
> -Checking language file for Boost Module Upgrader:
> * English language file installed
> -Checking language file for Layout Manager:
> * English language file installed
> -Checking language file for Control Panel:
> * English language file installed
> -Checking language file for Site Search:
> * English language file installed
> -Checking language file for Help System:
> * English language file installed
> -Checking language file for Language Administrator:
> * English language file installed
> -Checking language file for Approval:
> * English language file installed
> -Checking language file for User Manager:
> * English language file installed
> -Checking language file for Apache Settings:
> * English language file installed
> -Checking language file for FatCat Categorizer:
> * English language file installed
> -Post Installation Procedures
> -Layout Manager post-installation successful!
>
> -Control Panel post-installation successful!
>
> -Help System post-installation successful!
>
> -Language Administrator post-installation successful!
>
> -User Manager post-installation successful!
>
> -Building extra modules
> -All Announcement tables successfully written.
> -Announcements image directory ../images/announce successfully created!
> -Checking language file for Announcements:
> * English language file installed
>
> ***** Announcements installation successful! *****
>
> -All Menu Manager tables successfully written.
> -Menuman image directory ../images/menuman successfully created!
> -Checking language file for Menu Manager:
> * English language file installed
>
> ***** Menu Manager installation successful! *****
>
> -------------------------------------------------------------------------=
-------------------------------------------------
>
> All help of course much appreciated, although there is a bit of a time
> pressure for me (and I really don't want to have to install and write a
> custom theme for Mambo!!)
>
> Thankyou
>
> James
>
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job ea=
sier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronim=
o
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=
=3D121642
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
>

[Phpwebsite-developers] User Support Question: Problem with PageMaster not appearing in boost.

[James <ja...@sa...>]

Hello

Yesterday I installed phpwebsite. I found no pagemaster module listed in 
the boost section of my control panel, the module is present in my mod 
folder, [phpwebsite/images is writeable by all (chmod 777) and so are the 
subfolders (as instructed)].

How do I make the pagemakes module appear in my control panel?

I am using Core Version: 0.10.2, I am not entirely sure which flavour of 
Linux I am running (host is register1.net). I am running Apache 2.0.52 
(CentOS), PHP 4.3.9, MySQL 4.1.18 and am currently viewing the admin pages 
with Firefox 1.0.7

I notice the same problem has occured to another user, reported in the 
forums at:
<http://www.phpwsforums.com/showthread.php?p=16510#post16510>

Further googling and code sniffing have unfortunately revealed nothing.....

my phpinfo page can be found here:
http://www.afunnyfarm.org.uk/phpinfo.php

When installing these were my options for module install and the 
conformation screen text:

-------------------sample copy/pasted from installer 
screen------------------------------

-Click the checkbox next to the modules you wish to install, then click the 
Install Selected Modules button.
-If you do not wish to install any extra modules at this time, click the 
Install Core Only button.
-
-Form Generator
-Calendar
-Documents
-Branch Creator
-Block Maker
-Admin Stats
-Announcements
-Photo Albums
-Menu Manager
-Web Pages
-Steven's Scheduler
-FAQ
-RSS News Feeds
-Notes
-Comment Manager
-Module Maker
-Poll
-phpWebSite Debugger
-Bulletin Board
-Skeleton Module
-Link Manager
-------------------------------------------------------------------------------------------------------------------------

------------------- second sample copy/pasted from installer 
screen------------------------------

-Core tables successfully installed!
-Building required modules
***** Boost Module Upgrader installation successful! *****

***** Layout Manager installation successful! *****

-All Control Panel tables successfully written.
***** Control Panel installation successful! *****

***** Site Search installation successful! *****

***** Help System installation successful! *****

***** Language Administrator installation successful! *****

***** Approval installation successful! *****

***** User Manager installation successful! *****

***** Apache Settings installation successful! *****

-FatCat image directories successfully created!
***** FatCat Categorizer installation successful! *****

-Registering Default Language
-Checking language file for Boost Module Upgrader:
* English language file installed
-Checking language file for Layout Manager:
* English language file installed
-Checking language file for Control Panel:
* English language file installed
-Checking language file for Site Search:
* English language file installed
-Checking language file for Help System:
* English language file installed
-Checking language file for Language Administrator:
* English language file installed
-Checking language file for Approval:
* English language file installed
-Checking language file for User Manager:
* English language file installed
-Checking language file for Apache Settings:
* English language file installed
-Checking language file for FatCat Categorizer:
* English language file installed
-Post Installation Procedures
-Layout Manager post-installation successful!

-Control Panel post-installation successful!

-Help System post-installation successful!

-Language Administrator post-installation successful!

-User Manager post-installation successful!

-Building extra modules
-All Announcement tables successfully written.
-Announcements image directory ../images/announce successfully created!
-Checking language file for Announcements:
* English language file installed

***** Announcements installation successful! *****

-All Menu Manager tables successfully written.
-Menuman image directory ../images/menuman successfully created!
-Checking language file for Menu Manager:
* English language file installed

***** Menu Manager installation successful! *****

--------------------------------------------------------------------------------------------------------------------------

All help of course much appreciated, although there is a bit of a time 
pressure for me (and I really don't want to have to install and write a 
custom theme for Mambo!!)

Thankyou

James

[Phpwebsite-developers] Patch update

[Matthew M. <ma...@tu...>]

After some feedback, the patch has gone through some revision. Get the
update here:

http://phpwebsite.appstate.edu/downloads/security/phpws_patch_20060419.2.tgz

Special thanks to Shaun for continually highlighting my shortcomings.

Matt

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] Stopping Spam

[Shaun M. <sh...@ae...>]

On 19 Apr 2006, at 15:23, Matthew McNaney wrote:

> The akismet solution looks nice however it requires a Wordpress API  
> key.
> They are filtering off site on their own servers. Is there an more  
> open
> solution out there?
>

The code itself is GPLd but running servers to keep track of spam  
signatures isn't likely to ever be a free thing. It's free for non- 
commercial use though. As a plugin thing that you can choose to use  
or not it'd be useful. I'd personally have no problem paying for a  
decent service.

> As to combating this locally:
>
> Should matching be performed on suspect phrases?

Maybe. The problem is, spambots often mess about with spellings and  
such. Could be a never ending task. That's what the akismet solution  
does for you.

Some kind of flood control is the other method I've seen used so bots  
can't keep hammering the comment system.


> Should we implement ip and account banning to comments and
> announcements/blog?

yep. phpwsbb already does that. It'd of course be better if it was  
centrally done so that if someone is banned in one module, they're  
banned elsewhere too. Can it be done such that any module  
automatically picks up the ban?


Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

[Phpwebsite-developers] Re: Security vuln

[Matthew M. <ma...@tu...>]

No it should not. That was some testing on my part.

Remove that line or download the file again. Kevin fixed it while I was
out :)

Thanks Shaun,

Matt


On Wed, 2006-04-19 at 14:31 +0100, Shaun Murray wrote:
> Should it have a path in there...
> 
>  From the source...
> 
> /* Check to make sure $hub_dir is not set to an address */
> $hub_dir = '/var/www/html/hubs/student_development/';
> if (!preg_match ("/:\/\//i", $hub_dir)) {
>      loadConfig($hub_dir);
> } else {
>      exit('FATAL ERROR! Hub directory was malformed.');
> }
> 
> 
> 
> On 19 Apr 2006, at 13:56, Matthew McNaney wrote:
> 
> > Shaun,
> >
> > I just tested the index.php file and it was flawed. A new one has been
> > submitted. I have also posted to the security and developer list as  
> > well
> > as the home page.
> >
> > Matt
> >
> > On Tue, 2006-04-18 at 12:51 +0100, Shaun Murray wrote:
> >> Translated from Russian...
> >>
> >> http://www.worldlingo.com/wl/translate?wl_lp=RU-
> >> EN&wl_fl=2&wl_rurl=http%3A%2F%2Fhttp%3A%2F%2Fwww.securitylab.ru%
> >> 2Fvulnerability%2F265748.php%2F&wl_url=http%3A%2F% 
> >> 2Fwww.securitylab.ru
> >> %2Fvulnerability%2F265748.php&wlg_table=-3
> >>
> >>
> >> Is this fixed already in index.php in cvs?
> >>
> >> Shaun
> >> aegis design - http://www.aegisdesign.co.uk
> >> aegis hosting - http://www.aegishosting.co.uk
> > -- 
> > Matthew McNaney
> > Electronic Student Services
> > Appalachian State University
> > http://phpwebsite.appstate.edu
> >
> 
> Shaun
> aegis design - http://www.aegisdesign.co.uk
> aegis hosting - http://www.aegishosting.co.uk
-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] Stopping Spam

[Matthew M. <ma...@tu...>]

The akismet solution looks nice however it requires a Wordpress API key.
They are filtering off site on their own servers. Is there an more open
solution out there?

As to combating this locally:

Should matching be performed on suspect phrases?

Should we implement ip and account banning to comments and
announcements/blog?

Matt


On Tue, 2006-04-18 at 23:05 +0100, Shaun Murray wrote:
> We're probably still, mostly, below the radar but there were a few  
> reports today of both comment spam and anonymous announcement  
> submissions. The former can be a real problem, the latter more a  
> nuisance as they go to the approval queue.
> 
> In cvs for 0.10.x I've already patched the announce module to allow  
> users to switch off anonymous submission if they so desire but we  
> need some kind of solution to spambots. Wordpress and Moveable Type  
> are using a 3rd party anti-spam plugin - http://akismet.com/
> 
> Anyone fancy porting that? or have another idea?
> 
> 
> Shaun
> aegis design - http://www.aegisdesign.co.uk
> aegis hosting - http://www.aegishosting.co.uk
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

[Phpwebsite-developers] Security patch

[Matthew M. <ma...@tu...>]

Phpwebsite 0.10.x. has a security flaw.

You should download this small patch to correct it:
http://phpwebsite.appstate.edu/downloads/security/phpws_patch_20060419.tgz

We would like to thank user retrogod for bring it to our attention.
Normally, I would review the patch with the submitter, but the issue is
public. It is better to go ahead and make the patch available.

We were unable to test the issue with register_globals = 0. Having
register globals active seems to be a condition of it working.

The patch tries to ini_set the register global variable to 0. It also
parses a directory address for characters that are not alphanumeric,
underlines, slashes, or periods.

This patch has been tested successfully with branch sites and their hub.
Of course if there are any problems or deficiencies with the patch, we
will update it immediately.

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

[Phpwebsite-developers] Stopping Spam

[Shaun M. <sh...@ae...>]

We're probably still, mostly, below the radar but there were a few  
reports today of both comment spam and anonymous announcement  
submissions. The former can be a real problem, the latter more a  
nuisance as they go to the approval queue.

In cvs for 0.10.x I've already patched the announce module to allow  
users to switch off anonymous submission if they so desire but we  
need some kind of solution to spambots. Wordpress and Moveable Type  
are using a 3rd party anti-spam plugin - http://akismet.com/

Anyone fancy porting that? or have another idea?


Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

Re: [Phpwebsite-developers] Joomla devs talk about v1.5

[Shaun M. <sh...@ae...>]

On 12 Apr 2006, at 19:51, Matthew McNaney wrote:

> 9) Salary - I get paid per line of code.
>

Hopefully that includes comments. :-)

I once work as a support programmer where we got a bonus for the  
number of bugs closed. Of course, the number of bugs filed went up  
dramatically in the two months we had that bonus scheme in place.


Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

Re: [Phpwebsite-developers] Fallout core status

[Matthew M. <ma...@tu...>]

> Could you give us a quick status on the core?  Is it settled down
> enough where it makes sense to start to develop for it?

I think so Greg. We are running a large project here at the university
off of it. So problems yet.

The core libs are stable. I tend to add features but I veer away from
total reworks.

The last big change I believe was in Layout but I am happy with that.

The biggest change today to the core is I am throwing out the Crutch
stuff. Modules will need to be "tweaked" to work under 1.0.

Here is what is left:
Branch       - almost done with this.
Calendar     - we will probably release before this is done, but until
               people can convert old events over, 1.0 won't be
               considered "finished".
Conversion   - I have converted Photoalbum (though I need to double
               check it). Phatform needs reworking. Conversions from
               announce > blog, users and web pages are written but
               largely untested. Users permission conversion is not
               done.
Global login - Not written yet. Once Branch is finished, I will get to
               work on this.
Heartbeat    - Module for performing "cron job" type actions.
Documentation- I need to spend a week going through and commenting code
               and updating the documentation in the docs/ directory.

Probably next week, I will try and post phpwebsite 1.0 beta files and
news to Sourceforge, Hotscripts, etc. Mike pointed out that we haven't
updated any of our sites since April 2005 (yikes).

Thanks,
Matt

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] Joomla devs talk about v1.5

[Eloi G. <el...@re...>]

I see you've given this some thought Matt -- especially to reason #9 ! LOL

You guys keep up the good work!
-Eloi George-

Re: [Phpwebsite-developers] Joomla devs talk about v1.5

[Matthew M. <ma...@tu...>]

> I've been wondering the same thing about PHPWS_Database / PHPWS_DB.  No 
> big deal, really -- just an intellectual curiosity.

1) Security - db class attempts to strip unfriendly elements

2) Ease of use - sometimes it is easier to write a quick sql query. A
majority of the time however I find it easier to use my class. Setting
multiple values and using ->update() is much easier that creating the
query with sprintf. Also, it is easier to have conditionals shape the
query in the db object (i.e. if ($foo) $db->addWhere('foo', 1);)

3) Less error - I tend to not have to worry about typos and form when
using the object over raw queries. Also, I find it easier to bug check
my code using the db object than to look over a raw query.

4) Multiple DB PEAR compatibility - running under different databases is
not as easy as piping information into the pear class. It sometimes
requires some massaging.

5) Error checking - Easier to control and log errors using the class.

6) Table prefixing - Unfortunately, still requested. Again easier to
manage in the class.

7) Connecting - Do you really want to pipe in the DSN everytime you make
a db connection?

8) Formatted results - getObjects, loadObject and saveObject are great
time savers in my opinion. setIndexBy is nice as well.

9) Salary - I get paid per line of code.

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] Joomla devs talk about v1.5

[Eloi G. <el...@re...>]

Shaun Murray wrote:
> http://arstechnica.com/news.ars/post/20060411-6575.html
> Sounds like they've got an even bigger rewrite than fallout on their 
> hands.

 >>*Mitch:* Yeah, when we started implementing it, we actually had a 
reference platform running and we realized "Why are we abstracting the 
abstraction of the database?"<<

I've been wondering the same thing about PHPWS_Database / PHPWS_DB.  No 
big deal, really -- just an intellectual curiosity.

 From the article it looks like version 1.5 (feature-wise) will 
basically be phpws 0.10.2 created from scratch w/ backward compatibilty 
for Joomla 1.0.   Based on what they're saying about the Access Control 
Lists, they'll approach Fallout capability "sometime later". 

It's unfortumate that it sounds like they're going to keep mixing PHP 
code in the template files, though -- although stripping it out does 
seem to be pretty easy though!  <grin>

"Events" sounds cool, though.  But don't we do that with runtime.php?

[Phpwebsite-developers] Fallout core status

[Gregory M. <gre...@gm...>]

Matt,
I saw in the IRC channel today that you mentioned there has been
little interest in fallout so far.  I know one of the reasons I
haven't explored it much yet is because I was waiting for the APIs to
"settle down".  I didn't want to have to relearn the new core every
week.

Could you give us a quick status on the core?  Is it settled down
enough where it makes sense to start to develop for it?

Thanks for all the work you've put into fallout.

Greg Meiste
blindman1344

[Phpwebsite-developers] Joomla devs talk about v1.5

[Shaun M. <sh...@ae...>]

http://arstechnica.com/news.ars/post/20060411-6575.html

Sounds like they've got an even bigger rewrite than fallout on their  
hands.


Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

Re: [Phpwebsite-developers] Key documentation written (badly)

[Eloi G. <el...@re...>]

Matthew McNaney wrote:
> Seriously, I'm not sure. However, this table is indexed by the id and
> modules using the key class keep this value in their own table. That
> should be the only column searched on a regular basis. I am certainly
> not an expert on optimization, but it would seem faster to have one
> table of items than several tables with duplicate information.

It's only faster for this query:
SELECT * FROM keys WHERE key_id IN (8,434,353543,...,4434322)
where the records involved have different module names (but you can't 
search on that).  If they're all from the same module, all efficiency is 
lost because of the unnecessarily large index.

On a very large Key table phpWS will slow down when any of the following 
happens:
- you include anything other than an integer-indexed column in the WHERE 
clause,
- you include more than one column in the WHERE clause,
- your db server uses a hard drive that's optimized for high throughput 
instead of fast seeks.

It's more efficient to break the table up into module-specific subsets, 
eg. "mod_<module_name>_key" because the majority of queries generated 
are for either 1) a specific key_id where the module is known or 2) a 
search across key records (for active,
create_date, update_date, etc.) where the module is known. 

Only a couple modules will search across different modulenames and even 
then they only need results from a subset of the installed modules on 
the site.  These searches can still be done just as efficiently with 
UNION ALL clauses.  *More* efficiently if you count the fact that 
indexes for unwanted modules are automatically excluded.

>> Why are we not using the user ids of the author & editors?  I think we 
>> should because I've had to change the usernames of 3 people over the 
>> last 2 years, and it was a very long process.  I think it breaks some 
>> sort of database normilization rule as well.
>>   
> Two reasons I did it this way. First, if I store the id, I have to join
> with the users table to grab the display name. Not a big deal, but it is
> certainly easier for developers to just have that information local.
> Second, I was worried about deleted users. If a user has been removed,
> their name will still be associated with the key. With an id, I would
> get a FALSE when trying to pull the display name.
>   

But, users should never be deleted, just made inactive.  Let's say you 
delete user "jack33" & a year later someone else registers with that 
name.  That person automatically inherits all forum posts, articles, 
calendar entries, etc. of the previous "jack33".  Chances are that 
they'll start deleting/changing all that old content, because its not 
theirs.  Indexing content on user_id will assure that that doesn't 
happen.  Even if the siteadmin decides to reuse names, a JOINed query 
would still be able to tell the difference between "jack33" and "jack33 
(dead user)"

> I can change it, but then getting the display name would require an
> extra database query per key listing. I am open to discussing options.
> For example, perhaps just adding creator_id and updater_id columns?

That sounds great!  "creator" and "updater" could remain as cached data 
as long as the Coding Practices indicate that ownership & permissions 
checks must always be made against "creator_id", as the username held in 
"creator" may be incorrect, obsolete or a duplicate.

creator_id should be indexed though, as many queries use this in the 
WHERE clause.

-Eloi George-

[Phpwebsite-developers] Fallout changes

[Matthew M. <ma...@tu...>]

Hi folks,

I just committed a large collection of file location changes. Basically
I move a LOT of stuff out of the conf/ directory.

The changes:

- If a file is only used in the installation or registration of a
  module, it is put in the boost/ directory. Some examples of files
  moved to boost/ are boost.php, permissions.php, dependency.xml, and
  controlpanel.php.

- If a file contains configuration options or needs to be accessed by
  another module outside of installation, it is place in the inc/
  directory. Files that were moved were settings.php and various others.

- If a file might be altered by a site admin, it stays in the conf/
  directory.

We decided to remove files from the conf/ directory which shouldn't
require editing by a site admin. This will clear up the local config/
directory copied on to hub and, mainly, branch sites.

Also, I have committed the "rough draft" of the Demographics module and
some of the documentation. Basically, you extend a demographics user
class, initialize your object with help from the demo class and you get
the shared information. It will be better explained once I finish the
documentation. It is currently working with comments for the signature
and avatar.

Please note that there MAY still be some bugginess with all the above so
be warned. I will test a fresh installation tomorrow morning.

Peace,
Matt



-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] Key documentation written (badly)

[Matthew M. <ma...@tu...>]

On Mon, 2006-03-27 at 19:06 -0500, Eloi George wrote:
> Will there be a problem 2 years down the road when we start having sites 
> with 500,000 key records?  How much longer will it take to search the 
> Key table then?

500,000 times longer than if there was just one record ;-)

Seriously, I'm not sure. However, this table is indexed by the id and
modules using the key class keep this value in their own table. That
should be the only column searched on a regular basis. I am certainly
not an expert on optimization, but it would seem faster to have one
table of items than several tables with duplicate information.

> Is there a way we can decrease the indexing space requirements for the 
> "module" field?  Internal integer-based moduile ids?  Using an 
> enumeration field?  (well, that would be pretty much the same thing)

This would be a huge change and set me back a ways. Many processes
depend on the module title and I would have restructure the program to
use an integer index instead.

> Why are we not using the user ids of the author & editors?  I think we 
> should because I've had to change the usernames of 3 people over the 
> last 2 years, and it was a very long process.  I think it breaks some 
> sort of database normilization rule as well.

Two reasons I did it this way. First, if I store the id, I have to join
with the users table to grab the display name. Not a big deal, but it is
certainly easier for developers to just have that information local.
Second, I was worried about deleted users. If a user has been removed,
their name will still be associated with the key. With an id, I would
get a FALSE when trying to pull the display name.

I can change it, but then getting the display name would require an
extra database query per key listing. I am open to discussing options.
For example, perhaps just adding creator_id and updater_id columns?

Thanks for the feedback Eloi,
Matt

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] Key documentation written (badly)

[Eloi G. <el...@re...>]

Hi, Matt!

I reviewed the file and some (probably stupid) questions came up:

Will there be a problem 2 years down the road when we start having sites 
with 500,000 key records?  How much longer will it take to search the 
Key table then?

Is there a way we can decrease the indexing space requirements for the 
"module" field?  Internal integer-based moduile ids?  Using an 
enumeration field?  (well, that would be pretty much the same thing)

Why are we not using the user ids of the author & editors?  I think we 
should because I've had to change the usernames of 3 people over the 
last 2 years, and it was a very long process.  I think it breaks some 
sort of database normilization rule as well.

-Eloi George-

Re: [Phpwebsite-developers] Recent security warning

[Matthew M. <ma...@tu...>]

To tell the truth, I am not sure there is a security risk.
Here is the warning: (thanks Kenneth)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1330

Of course the details of the hack are not listed nor has anyone
contacted us about it, but recently they have appeared on security
lists. Heck, I don't even know what 'friends.php' is.

Here is article.php:

if ($_REQUEST['sid']){
  $sid = $_REQUEST['sid'];
  $module = 'announce';
}
include('mod.php');

Ok so it changes the $sid to a global variable $sid;

Look at mod.php.

I won't cut and paste, but basically the $module variable goes into a
switch. Nothing is run through the database.

It goes into the announce case and builds a new address. The old id is
compared to its upgrade array and the new id is added to the address.

Finally the new address is sent to the header function and the browser
is sent to the new url.

If the $sid variable had some db injection in it, it should get cleaned
out on the reroute by the Announce module.

Now there may be something I am missing but so far I don't see any
possible hack. Just to be sure though, I put up a notice to just delete
those files.

Matt


On Mon, 2006-03-27 at 09:29 -0500, Verdon Vaillancourt wrote:
> I had a couple questions about the recent security warning in regards 
> to article.php and friend.php.
> 
> 1) article.php is still in the .10.2 distro... just trash it?
> 
> 2) what sort of risk are these files? I still have a few sites running 
> .8.x code with both these files. These sites are unlikely to be updated 
> in the near future. Does the risk extend beyond the individual site, or 
> is it a larger risk to the server?
> 
> Thanks,
> verdon
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu