osoc13 / code9000 Goto Github PK

As the title says.

$uid = $_SESSION['9K_USERID'];

check on this

Currently, when an error occurs (for instance, when you are not logged in) you are redirected to "/Code9000/login/please login first", which is not optimal.

I propose you replace this by doing this:

In api.php:

 else {
    $_SESSION["msg"] = "Please login first.";
    $app->redirect('/code9000/login');
    }

Check on the page if a message needs to be displayed. If so, show it and empty the session variable (so that upon refresh your message doesn't show again).

if (isset($_SESSION["msg"])){
echo "<ul><li class='danger alert'>" . $_SESSION["loginmsg"] . "</li></ul>";
$_SESSION["msg"] = null;
}

This way messages are handled better than attaching extra text to the URI.

class structure for the objects in javascript

Don't forget to complete your README.md file with installation and other instructions.

Switch to UNIX timestamps
Better coördinates (geoJSON, WKT)
echo int(s)

We still need to find that mascot or funny thing for the 404 page! Suggestions welcome!

We need sample data! It would also be handy if we can get direct data from Ghent officials themselves that we can add.

Test drive the site on code9000.gent.be. Before we can do this we need to put the site live of course!

Check emailaddress on registration for previous account

add token to session and check if this is the same as posted with each form.

1. Add session var TOKEN (randomly generated)
2. Add TOKEN to each form (same as in session)
3. Check if both are the same

This executable should not be inside the repository, everybody needs to install it to test your project. Explain this in the README.

Add it to the .gitinore, and move your composer.phar to a directory in your PATH, so you can execute is with compser instead of php composer.phar ....

Some pages still need styling. (.phtml)

It should also be possible to delete and edit user accounts.

create objects in object classes according to the basic application structure.

Seems to be a problem related to my MAMP setup. Please confirm.

You should be able to create a new user account.

Passwords need to be hashed and salted. (We need to implement security)

It seems that on OS X & Linux the path to connectiondetails.php doesn't seem to be correct.

Warning: include_once(/config/connectiondetails.php): failed to open stream: No such file or directory in /Applications/MAMP/htdocs/Code9000/utils/connectiondb.php on line 21

Here's some improvements:

• Data returned from the database should be escaped, so that injections into the HTML are not possible (URGENT)
• Use Blowfish or at least SHA512 for security algorithm (less important, still recommended)
• Move authentication files (make use of variables in auth)

Status codes need to be added to the API. Working on this right now.

When other issues in milestone are complete you can start

We need to add more API calls to api.php.

For example, when you add a comment, JSON is sent to /api/comments, which you can access using:

$app->post('/api/comments/', function () use ($app){
$requestBody = $app->request()->getBody();
// Do things
});

We need to do this for all major data types, and allow additions, edits, deletions and of course getting the data. Data should be returned in JSON.

Note that we need a partially working front-end with AJAX calls to test out the API.

Front-end additions

• It should be possible to tap on an image in the uploader (when uploading multiple images) to see that image enlarged in the box where the latest uploaded image is right now.
• It should be possible to remove items from the uploaded list.

Back-end additions

• A cronjob should take care of images not found in the database (cleanup procedure)

All spottings need to be sorted by popularity. This has to be done inside the Javascript files spots_all.js & spots_user.js where the spottings are inserted into the DOM. (Branch: api)

We need to add API calls to index.php.

For example, when you add pictures using the uploader, JSON is sent to /api/photo, which you can access using:

$app->post('/api/photo', function () use ($app){
$requestBody = $app->request()->getBody();
// Do things
});

We need to do this for all major data types, and allow additions, edits, deletions and of course getting the data. Data should be returned in JSON.

Create a documentation portal to easily browse the api calls that are possible.

Also description of PUT and POST must be detailed.

Please check the deployment documentation that I uploaded and verify if it is good enough, thanks.

The initial database structure needs to be prepared. This includes tables like "projects", "locations", "proposals," "users", "comments", etc

Add basic functionalities like create, delete, move and rotate to the builder.

The database with sample data needs to be deployed to each dev machine