Commit bee7af1d authored by William Paul Liggett's avatar William Paul Liggett

The server-side aspect to process the essential two raw CSV files now works....

The server-side aspect to process the essential two raw CSV files now works. Also, if the network dies, there's a way for a participant to save their test data locally. And a few security enhancements were made.
parent 7034c44b
...@@ -50,8 +50,8 @@ ...@@ -50,8 +50,8 @@
// Note: I am specifically defining an `else if' clause since REQUEST_METHOD could be: GET, POST, HEAD, or PUT // Note: I am specifically defining an `else if' clause since REQUEST_METHOD could be: GET, POST, HEAD, or PUT
else if($_SERVER['REQUEST_METHOD'] === "POST") { else if($_SERVER['REQUEST_METHOD'] === "POST") {
// Grabs what the user submitted and sanitizes the input to avoid an SQL injection or XSS attack. // Grabs what the user submitted and sanitizes the input to avoid an SQL injection or XSS attack.
$submitted_username = htmlspecialchars($_POST['username']); $submitted_username = htmlspecialchars($_POST['username'], ENT_QUOTES, 'UTF-8');
$submitted_password = htmlspecialchars($_POST['password']); $submitted_password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
// Confirms whether the login is valid and sets the boolean `$valid_login_admin' variable. // Confirms whether the login is valid and sets the boolean `$valid_login_admin' variable.
require_once "valid_login_admin.php"; require_once "valid_login_admin.php";
...@@ -71,7 +71,7 @@ ...@@ -71,7 +71,7 @@
// Logs into the OpenVigilance Task tests database to control and alter user tests. // Logs into the OpenVigilance Task tests database to control and alter user tests.
// `$pdo' is defined as the database connection. // `$pdo' is defined as the database connection.
require_once "../../../../../protected_site_configs/junktext.com/openvigilance_db_connection_admin.php"; require_once "../../../../protected_site_configs/openvigilance_db_connection_admin.php";
// Test Control: Active tests. // Test Control: Active tests.
$sql = "SELECT sk, subject_id, test_condition, login_code FROM test_control WHERE test_scheduled=1 ORDER BY subject_id"; $sql = "SELECT sk, subject_id, test_condition, login_code FROM test_control WHERE test_scheduled=1 ORDER BY subject_id";
......
...@@ -22,9 +22,9 @@ function output_json_response($successful = false, $error_message = "Incorrect u ...@@ -22,9 +22,9 @@ function output_json_response($successful = false, $error_message = "Incorrect u
} }
// Gets rid of potentially harmful injection characters. // Gets rid of potentially harmful injection characters.
$error_message = htmlspecialchars($error_message); $error_message = htmlspecialchars($error_message, ENT_QUOTES, 'UTF-8');
$extra_data1 = htmlspecialchars($extra_data1); $extra_data1 = htmlspecialchars($extra_data1, ENT_QUOTES, 'UTF-8');
$extra_data2 = htmlspecialchars($extra_data2); $extra_data2 = htmlspecialchars($extra_data2, ENT_QUOTES, 'UTF-8');
// JSON array to output as a web service. // JSON array to output as a web service.
$json_data = [ $json_data = [
......
This diff is collapsed.
This diff is collapsed.
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
$valid_login_admin = false; $valid_login_admin = false;
// Sets the `$ov_admin_username' and the `$ov_admin_password_hash' variables. // Sets the `$ov_admin_username' and the `$ov_admin_password_hash' variables.
require_once "../../../../../protected_site_configs/junktext.com/openvigilance_admin_account.php"; require_once "../../../../protected_site_configs/openvigilance_admin_account.php";
// The `$submitted_username' and `$submitted_password' variables are from the calling PHP script. // The `$submitted_username' and `$submitted_password' variables are from the calling PHP script.
// Also, the `$error_msg' is a standardized variable in all calling scripts to output the login error found. // Also, the `$error_msg' is a standardized variable in all calling scripts to output the login error found.
......
...@@ -11,9 +11,13 @@ ...@@ -11,9 +11,13 @@
$valid_login_user = false; $valid_login_user = false;
// ************************************************************************************************************
// *** Ensure that the calling PHP script has the following `require_once' directive.
// *** Also, the number of "../" may need to be more or less depending on where the calling script is located.
// ************************************************************************************************************
// Logs into the OpenVigilance Task tests database to verify the person is allowed to take a test. // Logs into the OpenVigilance Task tests database to verify the person is allowed to take a test.
// `$pdo' is defined as the database connection. // `$pdo' is defined as the database connection.
require_once "../../../../protected_site_configs/junktext.com/openvigilance_db_connection_user.php"; //require_once "../../../protected_site_configsopenvigilance_db_connection_user.php";
// Confirms the person's temporary account is valid. // Confirms the person's temporary account is valid.
// The `$submitted_username' and `$submitted_password' variables are from the calling PHP script. // The `$submitted_username' and `$submitted_password' variables are from the calling PHP script.
......
...@@ -3,6 +3,9 @@ ...@@ -3,6 +3,9 @@
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
<title>OpenVigilance Task: Change Log</title> <title>OpenVigilance Task: Change Log</title>
<!-- Copyright (C) 2018 by William Paul Liggett (junktext@junktext.com)
This Source Code Form is subject to the terms of the Mozilla Public License (MPL), v. 2.0.
If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/. -->
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<style> <style>
h1 { h1 {
...@@ -37,22 +40,39 @@ ...@@ -37,22 +40,39 @@
<ol> <ol>
<li>Test Conditions #1, 3, and 4: Visually show the correct durations for the tasks and break depending on the test <li>Test Conditions #1, 3, and 4: Visually show the correct durations for the tasks and break depending on the test
condition. [Estimate: 3 hours]</li> condition. [Estimate: 3 hours]</li>
<li>Log Data to CSV: Convert the submitted user activity data as three CSV files per test on the server. This will
consist of two raw CSV files (random letter time and the user's activity) along with a single, collated CSV file <li>Log Data to CSV: Using the two raw CSV files, build a single, collated CSV to produce a data analysis report.
that hopefully is accurate enough for analysis. However, the collated portion can be tweaked later and will be [Estimate: 2 hours remaining]</li>
recreated from the original two raw CSV files. This was there is no data loss and the analysis can be adjusted
as required. [Estimate: 5 hours remaining]</li> <li>Download CSV Files: All of the user data CSV files are stored under the 'user-data-files' directory, beneath the
<li>Admin Page: Add a section to show the stored CSV files so that they can be downloaded at will. This section will main OpenVigilance Task URL. At present, this is nothing fancy, as it just contains a link to each CSV file.
not be fancy, as it will just be a bunch of links However, I could create the ability to download all of the files as a ZIP archive if desired. Therefore, this
and maybe an ability to download all of the files as a ZIP archive. [Estimate: 0-2 hours]</li> is an <em>optional</em> feature [Estimate: 0-2 hours]</li>
</ol> </ol>
<p class="version_info">Version 1.7.3 (2018-03-09 to 2018-09-17):</p>
<p><em>Estimated labor time: <span id="hours_logged_for_update_14">3</span> hours.</em></p>
<ul>
<li>Log Data to CSV: More time was spent on this feature than the hours listed, as I am providing a free feature
to detect when there is a network problem when a participant finishes a test. Meaning, that the data can be saved
locally and emailed to me (William) for manual processing. This way a bad network connection shouldn't make a test
worthless :-).
</li>
<li>
Log Data to CSV: The two essential raw CSV files are now properly processed by the server! This took a lot of
effort to nail down, as I needed to re-design the way all of the data for the random letter times were submitted
to the server since there was so much data that it reached PHP's max_input_vars setting, which was not obvious
until lots of bug hunting. Anyways, the problem was solved and things seem to work as expected now.
</li>
<li>Improved some security aspects in terms of how the data is processed.</li>
</ul>
<p class="version_info">Version 1.7.2 (2018-03-05 to 2018-03-08):</p> <p class="version_info">Version 1.7.2 (2018-03-05 to 2018-03-08):</p>
<p><em>Estimated labor time: <span id="hours_logged_for_update_13">6</span> hours.</em></p> <p><em>Estimated labor time: <span id="hours_logged_for_update_13">6</span> hours.</em></p>
<ul> <ul>
<li><em>Summary: Essentially, all of the client-side code should be completed with regards to recording the user's <li>Summary: Essentially, all of the client-side code should be completed with regards to recording the user's
activity data! Now, the remaining aspect is getting the server-side portions to process the data into CSV files. activity data! Now, the remaining aspect is getting the server-side portions to process the data into CSV files.
</em></li> </li>
<li>Log Data to CSV: Embedded more JS vars to an authorized OV user to help make the web app more resilient to PHP <li>Log Data to CSV: Embedded more JS vars to an authorized OV user to help make the web app more resilient to PHP
session timeout issues.</li> session timeout issues.</li>
<li>Log Data to CSV: The raw data has been broken down into two JS arrays to allow more flexibility in terms of <li>Log Data to CSV: The raw data has been broken down into two JS arrays to allow more flexibility in terms of
...@@ -174,7 +194,8 @@ ...@@ -174,7 +194,8 @@
parseFloat($("#hours_logged_for_update_10").html()) + parseFloat($("#hours_logged_for_update_10").html()) +
parseFloat($("#hours_logged_for_update_11").html()) + parseFloat($("#hours_logged_for_update_11").html()) +
parseFloat($("#hours_logged_for_update_12").html()) + parseFloat($("#hours_logged_for_update_12").html()) +
parseFloat($("#hours_logged_for_update_13").html()); parseFloat($("#hours_logged_for_update_13").html()) +
parseFloat($("#hours_logged_for_update_14").html());
// Displays the total labor hours at the top of the page. // Displays the total labor hours at the top of the page.
$("#total_labor_hours").html(calculated_labor_time); $("#total_labor_hours").html(calculated_labor_time);
......
...@@ -9,7 +9,8 @@ ...@@ -9,7 +9,8 @@
<title>OpenVigilance Task</title> <title>OpenVigilance Task</title>
<!-- Copyright (C) 2018 by William Paul Liggett (junktext@junktext.com) <!-- Copyright (C) 2018 by William Paul Liggett (junktext@junktext.com)
This Source Code Form is subject to the terms of the Mozilla Public License (MPL), v. 2.0. This Source Code Form is subject to the terms of the Mozilla Public License (MPL), v. 2.0.
If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/. --> If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/.
-->
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="description" content="Sustained attention tasks using random letters of O, D, and backwards D to help determine what influences a person's reaction time." /> <meta name="description" content="Sustained attention tasks using random letters of O, D, and backwards D to help determine what influences a person's reaction time." />
<link rel="stylesheet" type="text/css" href="css/style.css" /> <link rel="stylesheet" type="text/css" href="css/style.css" />
...@@ -55,7 +56,11 @@ ...@@ -55,7 +56,11 @@
else if($_SERVER['REQUEST_METHOD'] === "POST") { else if($_SERVER['REQUEST_METHOD'] === "POST") {
// Grabs what the user submitted and sanitizes the input to avoid an SQL injection or XSS attack. // Grabs what the user submitted and sanitizes the input to avoid an SQL injection or XSS attack.
$submitted_username = intval($_POST['username']); // Regular users only have numeric account names. $submitted_username = intval($_POST['username']); // Regular users only have numeric account names.
$submitted_password = htmlspecialchars($_POST['password']); $submitted_password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
// Logs into the OpenVigilance Task tests database to verify the person is allowed to take a test.
// `$pdo' is defined as the database connection.
require_once "../../../protected_site_configs/openvigilance_db_connection_user.php";
// Confirms whether the login is valid and sets the boolean `$valid_login_user' variable. // Confirms whether the login is valid and sets the boolean `$valid_login_user' variable.
// Also, the user's full account details acquired from the database are stored in `$account_found'. // Also, the user's full account details acquired from the database are stored in `$account_found'.
......
This diff is collapsed.
%%% This is a preliminary version, barring acceptance from the %%% This is a preliminary version, barring acceptance from the
%%% LaTeX Project Team and other feedback, of the GUST Font Source %%% LaTeX Project Team and other feedback, of the GUST Font Source
%%% License. This license is for use with free fonts distributed %%% License. This license is for use with free fonts distributed
%%% with source code. %%% with source code.
%%% %%%
%%% For the most recent version of this license see %%% For the most recent version of this license see
%%% http://www.gust.org.pl/projects/e-foundry/licenses/GUST-FONT-SOURCE-LICENSE.txt/view %%% http://www.gust.org.pl/projects/e-foundry/licenses/GUST-FONT-SOURCE-LICENSE.txt/view
%%% or %%% or
%%% http://tug.org/fonts/licenses/GUST-FONT-SOURCE-LICENSE.txt %%% http://tug.org/fonts/licenses/GUST-FONT-SOURCE-LICENSE.txt
% %
% This work may be distributed and/or modified under the conditions % This work may be distributed and/or modified under the conditions
% of the LaTeX Project Public License, either version 1.3a of this % of the LaTeX Project Public License, either version 1.3a of this
% license or (at your option) any later version, provided that the % license or (at your option) any later version, provided that the
% following additional clauses are observed: % following additional clauses are observed:
% %
% 1) Due to the nature of fonts, clause 6a of the LaTeX Project Public % 1) Due to the nature of fonts, clause 6a of the LaTeX Project Public
% License, version 1.3a, does not apply. A later version of the % License, version 1.3a, does not apply. A later version of the
% LaTeX Project Public License may number or word this clause % LaTeX Project Public License may number or word this clause
% differently; it is the substance that is important. % differently; it is the substance that is important.
% 2) It is requested, but not legally required, that derived works be % 2) It is requested, but not legally required, that derived works be
% distributed only after changing the names of the fonts comprising % distributed only after changing the names of the fonts comprising
% this work and given in the accompanying file MANIFEST.txt, and % this work and given in the accompanying file MANIFEST.txt, and
% that the files comprising the Work, as listed in MANIFEST.txt also % that the files comprising the Work, as listed in MANIFEST.txt also
% be given new names. Any exceptions to this request are also given % be given new names. Any exceptions to this request are also given
% in MANIFEST.txt. % in MANIFEST.txt.
% %
% The latest version of the LaTeX Project Public License is in % The latest version of the LaTeX Project Public License is in
% http://www.latex-project.org/lppl.txt and version 1.3a or later % http://www.latex-project.org/lppl.txt and version 1.3a or later
% is part of all distributions of LaTeX version 2004/10/01 or later. % is part of all distributions of LaTeX version 2004/10/01 or later.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment