Commit 45d5af74 authored by William Paul Liggett's avatar William Paul Liggett

App Settings: A site-wide settings file has now been defined to ensure the app...

App Settings: A site-wide settings file has now been defined to ensure the app works on different web servers to avoid configuration headaches.
parent 57a4789a
......@@ -71,7 +71,8 @@
// Logs into the OpenVigilance Task tests database to control and alter user tests.
// `$pdo' is defined as the database connection.
require_once "../../../../protected_site_configs/openvigilance_db_connection_admin.php";
require_once "../settings.php";
require_once "../" . PROTECTED_SITE_CONFIGS_DIR . "openvigilance_db_connection_admin.php";
// Test Control: Active tests.
$sql = "SELECT sk, subject_id, test_condition, login_code FROM test_control WHERE test_scheduled=1 ORDER BY subject_id";
......
......@@ -56,7 +56,8 @@ if(isset($_POST['ov_user_account'])) {
if(!isset($_SESSION['ov_database_user_sk'])) {
// Logs into the OpenVigilance Task tests database to verify the person is allowed to take a test.
// `$pdo' is defined as the database connection.
require_once "../../../../protected_site_configs/openvigilance_db_connection_user.php";
require_once "../settings.php";
require_once "../" . PROTECTED_SITE_CONFIGS_DIR . "/openvigilance_db_connection_user.php";
// Confirms whether the login is valid and sets the boolean `$valid_login_user' variable.
// Also, the user's full account details acquired from the database are stored in `$account_found'.
......
......@@ -45,7 +45,8 @@ else if($test_condition > 4) {
// Logs into the OpenVigilance Task tests database to control and alter user tests.
// `$pdo' is defined as the database connection.
require_once "../../../../../protected_site_configs/junktext.com/openvigilance_db_connection_admin.php";
require_once "../settings.php";
require_once "../" . PROTECTED_SITE_CONFIGS_DIR . "openvigilance_db_connection_admin.php";
// Auto-generate the subject's (user's) login code.
$login_code = "";
......
......@@ -51,7 +51,8 @@ else if($sk <= 0) {
// Logs into the OpenVigilance Task tests database to control and alter user tests.
// `$pdo' is defined as the database connection.
require_once "../../../../../protected_site_configs/junktext.com/openvigilance_db_connection_admin.php";
require_once "../settings.php";
require_once "../" . PROTECTED_SITE_CONFIGS_DIR . "openvigilance_db_connection_admin.php";
// Uses MySQL transactions to be atomic.
// MySQL Command: START TRANSACTION;
......
......@@ -51,7 +51,8 @@ else if(strlen($login_code) !== 4) {
// Logs into the OpenVigilance Task tests database to control and alter user tests.
// `$pdo' is defined as the database connection.
require_once "../../../../../protected_site_configs/junktext.com/openvigilance_db_connection_admin.php";
require_once "../settings.php";
require_once "../" . PROTECTED_SITE_CONFIGS_DIR . "openvigilance_db_connection_admin.php";
// Test Control: Remove the OV test in the database.
$sql = "DELETE FROM test_control WHERE sk=:sk AND subject_id=:subject_id AND test_condition=:test_condition AND login_code=:login_code";
......
......@@ -12,7 +12,8 @@
$valid_login_admin = false;
// Sets the `$ov_admin_username' and the `$ov_admin_password_hash' variables.
require_once "../../../../protected_site_configs/openvigilance_admin_account.php";
require_once "../settings.php";
require_once "../" . PROTECTED_SITE_CONFIGS_DIR . "openvigilance_admin_account.php";
// The `$submitted_username' and `$submitted_password' variables are from the calling PHP script.
// Also, the `$error_msg' is a standardized variable in all calling scripts to output the login error found.
......
......@@ -17,7 +17,8 @@ $valid_login_user = false;
// ************************************************************************************************************
// Logs into the OpenVigilance Task tests database to verify the person is allowed to take a test.
// `$pdo' is defined as the database connection.
//require_once "../../../protected_site_configsopenvigilance_db_connection_user.php";
// require_once "settings.php";
// require_once "PROTECTED_SITE_CONFIGS_DIR . "openvigilance_db_connection_user.php";
// Confirms the person's temporary account is valid.
// The `$submitted_username' and `$submitted_password' variables are from the calling PHP script.
......
......@@ -49,7 +49,16 @@
However, I could create the ability to download all of the files as a ZIP archive if desired. Therefore, this
is an <em>optional</em> feature [Estimate: 0-2 hours]</li>
</ol>
<p class="version_info">Version 1.7.5 (2018-03-19):</p>
<p><em>Estimated labor time: <span id="hours_logged_for_update_16">0.25</span> hours.</em></p>
<ul>
<li>
App Settings: A site-wide settings file has now been defined to ensure the app works on different web
servers to avoid configuration headaches.
</li>
</ul>
<p class="version_info">Version 1.7.4 (2018-03-18):</p>
<p><em>Estimated labor time: <span id="hours_logged_for_update_15">0.5</span> hours.</em></p>
<ul>
......@@ -207,7 +216,8 @@
parseFloat($("#hours_logged_for_update_12").html()) +
parseFloat($("#hours_logged_for_update_13").html()) +
parseFloat($("#hours_logged_for_update_14").html()) +
parseFloat($("#hours_logged_for_update_15").html());
parseFloat($("#hours_logged_for_update_15").html()) +
parseFloat($("#hours_logged_for_update_16").html());
// Displays the total labor hours at the top of the page.
$("#total_labor_hours").html(calculated_labor_time);
......
......@@ -60,7 +60,8 @@
// Logs into the OpenVigilance Task tests database to verify the person is allowed to take a test.
// `$pdo' is defined as the database connection.
require_once "../../../protected_site_configs/openvigilance_db_connection_user.php";
require_once "settings.php";
require_once PROTECTED_SITE_CONFIGS_DIR . "openvigilance_db_connection_user.php";
// Confirms whether the login is valid and sets the boolean `$valid_login_user' variable.
// Also, the user's full account details acquired from the database are stored in `$account_found'.
......
<?php
/* --------------------------------------------------------------------------------------------------------------
* Copyright (C) 2018 by William Paul Liggett (junktext@junktext.com)
* This Source Code Form is subject to the terms of the Mozilla Public License (MPL), v. 2.0.
* If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/.
*
* Filename: settings.php
*
* Purpose: General settings that affect the functionality of the OpenVigilance Task application.
*
* Details: This file should be referenced via a `require_once' for each main page, not for every sub-page
* (such as sub-pages that are meant to be used via an `include' or `require' themselves).
* -------------------------------------------------------------------------------------------------------------- */
// --------------------------------
// Protected Site Config Directory:
// --------------------------------
// These are meant to be placed ABOVE the main WWW-accesible directory so that an attacker from the Internet
// could not easily inject a capability to browse the contents of the files if a vulnerability (system or app) was
// exploitable. For example, if the web server had all of its Internet-facing content in the "public_html" folder
// and the main OpenVigilance Task directory is located at: /home/web_server/public_html/openvigilance-task
//
// Then, it would be better to place the protected site config directory here: /home/web_server/protected_site_configs
// This way, an outside attacker couldn't simply do: www.yoursite.com/../protected_site_configs (the ".." wouldn't work!)
define("PROTECTED_SITE_CONFIGS_DIR", "../../../protected_site_configs/");
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment