TODO 3.72 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2 3 4 5 6 7 8 9 10
From: Leigh Stoller <>
To: Testbed Operations <>
Subject: Re: web form stuff
Date: Tue, 7 Nov 2000 17:20:42 -0800 (PST)

So, here is my list of things to do. No particular order. Relative
importance should be obvious. Whoever does this work *will* program in the
dominate style of the existing, newly written, 4500 lines of code! Now, if
I could just figure out how to add a php mode to emacs ...

Leigh B. Stoller's avatar
Leigh B. Stoller committed
11 12
* Add password hint for the clueless users who forget their passwords.

13 14 15 16 17
* tbend should work from the database, not the .ir file.

* Put a limit on the number of new users/projects that can be
  unapproved (to prevent DOS attacks on the database).

Leigh B. Stoller's avatar
Leigh B. Stoller committed
18 19 20
* Run arguments through addslashes to quote special characters since
  things like ' in strings mess up database insertion. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
21 22 23 24 25 26 27 28 29 30 31 32
* Decouple root privs from begin experiment privs, as per Jay
  request. Default on for begin experiment, default off for root.

* Fix the "revisit" problem. If you revisit the page after logging in, your
  login is lost. The original index page I started with passed the uid along
  with a URI parameter. If you click "reload" no problem cause it sends the
  same URI to the page, which includes the uid (?stoller). But if you log
  in, go someplace else, and then visit the page again, its lost and you
  have to log in again. The simple fix is to add another cookie, or to
  include the uid in the existing cookie (the one I added to send back the
  hash key).

33 34 35 36
* Look at the 'suexec' program from the Apache distribution and use it
  as the basis for the "run as a user" program.  Instead of checking
  the home directory, it'll check the database.

Leigh B. Stoller's avatar
Leigh B. Stoller committed
37 38 39 40 41
* Fix the email list problem. Right now we add people people to the two
  email list files in /usr/testbed/www/maillist when they apply. We should
  either delay that until they are approved, or make sure they get taken
  back out when denied.

42 43 44
* Add verification for when the user wants to change the email address
  through user mod page, to ensure the email is valid.

Leigh B. Stoller's avatar
Leigh B. Stoller committed
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
* Minor bells and whistles and formatting changes. Or maybe I mean fancy
  things up a tiny bit. I tend to be a minimalist (my favorite example is
  the google search page compared to the Lycos or netscape page), but my
  stuff is probably too minimal.

* Admin pages. Continue to add the admin modes to various pages, or create
  a new set of admin only pages. I prefer admin modes in existing pages.

* Continue on the authentication stuff as per Dave's original suggestion of
  certificates. I'm not too crazy about this unless its easy to do all of it
  on my home machine (apache server).

* Continue to hook up the backend parts of the system, which right now is a
  major unfinished piece of business.

* More linking of information in the forms. There are some obvious places
  where stuff should be presented as hypertext links so that navigation is

* Backup links in all the pages.

* Change to ?uid=stoller&pid=testbed style arguments in all the pages I
  have not yet fixed (that is, get rid of that regex thing at the top of
  the page to find the arguments).

* Admin page to remove a project.

* Admin page to remove a user.

* Admin page to remove an experiment.

* Add confirm buttons in various places. I did one in the end experiments
  page, as a simple button (so you gotta press two things). I think this
  appproach is fine.

* Fix case sensitivity problems in project, user, and experiment names.
  That is, anyplace a user *types* in a username, project name, or an
  experiment name, downcase it. Mac was going to do this, but I don't know
  if he got to it. 

* Get people to go use the pages (including modify user information!).

* Lastly, macrofy the entire thing and get rid the damn frames! I hate