Commit bee7af1d authored by William Paul Liggett's avatar William Paul Liggett

The server-side aspect to process the essential two raw CSV files now works....

The server-side aspect to process the essential two raw CSV files now works. Also, if the network dies, there's a way for a participant to save their test data locally. And a few security enhancements were made.
parent 7034c44b
......@@ -50,8 +50,8 @@
// Note: I am specifically defining an `else if' clause since REQUEST_METHOD could be: GET, POST, HEAD, or PUT
else if($_SERVER['REQUEST_METHOD'] === "POST") {
// Grabs what the user submitted and sanitizes the input to avoid an SQL injection or XSS attack.
$submitted_username = htmlspecialchars($_POST['username']);
$submitted_password = htmlspecialchars($_POST['password']);
$submitted_username = htmlspecialchars($_POST['username'], ENT_QUOTES, 'UTF-8');
$submitted_password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
// Confirms whether the login is valid and sets the boolean `$valid_login_admin' variable.
require_once "valid_login_admin.php";
......@@ -71,7 +71,7 @@
// Logs into the OpenVigilance Task tests database to control and alter user tests.
// `$pdo' is defined as the database connection.
require_once "../../../../../protected_site_configs/junktext.com/openvigilance_db_connection_admin.php";
require_once "../../../../protected_site_configs/openvigilance_db_connection_admin.php";
// Test Control: Active tests.
$sql = "SELECT sk, subject_id, test_condition, login_code FROM test_control WHERE test_scheduled=1 ORDER BY subject_id";
......
......@@ -22,9 +22,9 @@ function output_json_response($successful = false, $error_message = "Incorrect u
}
// Gets rid of potentially harmful injection characters.
$error_message = htmlspecialchars($error_message);
$extra_data1 = htmlspecialchars($extra_data1);
$extra_data2 = htmlspecialchars($extra_data2);
$error_message = htmlspecialchars($error_message, ENT_QUOTES, 'UTF-8');
$extra_data1 = htmlspecialchars($extra_data1, ENT_QUOTES, 'UTF-8');
$extra_data2 = htmlspecialchars($extra_data2, ENT_QUOTES, 'UTF-8');
// JSON array to output as a web service.
$json_data = [
......
This diff is collapsed.
This diff is collapsed.
......@@ -12,7 +12,7 @@
$valid_login_admin = false;
// Sets the `$ov_admin_username' and the `$ov_admin_password_hash' variables.
require_once "../../../../../protected_site_configs/junktext.com/openvigilance_admin_account.php";
require_once "../../../../protected_site_configs/openvigilance_admin_account.php";
// The `$submitted_username' and `$submitted_password' variables are from the calling PHP script.
// Also, the `$error_msg' is a standardized variable in all calling scripts to output the login error found.
......
......@@ -11,9 +11,13 @@
$valid_login_user = false;
// ************************************************************************************************************
// *** Ensure that the calling PHP script has the following `require_once' directive.
// *** Also, the number of "../" may need to be more or less depending on where the calling script is located.
// ************************************************************************************************************
// Logs into the OpenVigilance Task tests database to verify the person is allowed to take a test.
// `$pdo' is defined as the database connection.
require_once "../../../../protected_site_configs/junktext.com/openvigilance_db_connection_user.php";
//require_once "../../../protected_site_configsopenvigilance_db_connection_user.php";
// Confirms the person's temporary account is valid.
// The `$submitted_username' and `$submitted_password' variables are from the calling PHP script.
......
......@@ -3,6 +3,9 @@
<head>
<meta charset="utf-8" />
<title>OpenVigilance Task: Change Log</title>
<!-- Copyright (C) 2018 by William Paul Liggett (junktext@junktext.com)
This Source Code Form is subject to the terms of the Mozilla Public License (MPL), v. 2.0.
If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/. -->
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
h1 {
......@@ -37,22 +40,39 @@
<ol>
<li>Test Conditions #1, 3, and 4: Visually show the correct durations for the tasks and break depending on the test
condition. [Estimate: 3 hours]</li>
<li>Log Data to CSV: Convert the submitted user activity data as three CSV files per test on the server. This will
consist of two raw CSV files (random letter time and the user's activity) along with a single, collated CSV file
that hopefully is accurate enough for analysis. However, the collated portion can be tweaked later and will be
recreated from the original two raw CSV files. This was there is no data loss and the analysis can be adjusted
as required. [Estimate: 5 hours remaining]</li>
<li>Admin Page: Add a section to show the stored CSV files so that they can be downloaded at will. This section will
not be fancy, as it will just be a bunch of links
and maybe an ability to download all of the files as a ZIP archive. [Estimate: 0-2 hours]</li>
<li>Log Data to CSV: Using the two raw CSV files, build a single, collated CSV to produce a data analysis report.
[Estimate: 2 hours remaining]</li>
<li>Download CSV Files: All of the user data CSV files are stored under the 'user-data-files' directory, beneath the
main OpenVigilance Task URL. At present, this is nothing fancy, as it just contains a link to each CSV file.
However, I could create the ability to download all of the files as a ZIP archive if desired. Therefore, this
is an <em>optional</em> feature [Estimate: 0-2 hours]</li>
</ol>
<p class="version_info">Version 1.7.3 (2018-03-09 to 2018-09-17):</p>
<p><em>Estimated labor time: <span id="hours_logged_for_update_14">3</span> hours.</em></p>
<ul>
<li>Log Data to CSV: More time was spent on this feature than the hours listed, as I am providing a free feature
to detect when there is a network problem when a participant finishes a test. Meaning, that the data can be saved
locally and emailed to me (William) for manual processing. This way a bad network connection shouldn't make a test
worthless :-).
</li>
<li>
Log Data to CSV: The two essential raw CSV files are now properly processed by the server! This took a lot of
effort to nail down, as I needed to re-design the way all of the data for the random letter times were submitted
to the server since there was so much data that it reached PHP's max_input_vars setting, which was not obvious
until lots of bug hunting. Anyways, the problem was solved and things seem to work as expected now.
</li>
<li>Improved some security aspects in terms of how the data is processed.</li>
</ul>
<p class="version_info">Version 1.7.2 (2018-03-05 to 2018-03-08):</p>
<p><em>Estimated labor time: <span id="hours_logged_for_update_13">6</span> hours.</em></p>
<ul>
<li><em>Summary: Essentially, all of the client-side code should be completed with regards to recording the user's
<li>Summary: Essentially, all of the client-side code should be completed with regards to recording the user's
activity data! Now, the remaining aspect is getting the server-side portions to process the data into CSV files.
</em></li>
</li>
<li>Log Data to CSV: Embedded more JS vars to an authorized OV user to help make the web app more resilient to PHP
session timeout issues.</li>
<li>Log Data to CSV: The raw data has been broken down into two JS arrays to allow more flexibility in terms of
......@@ -174,7 +194,8 @@
parseFloat($("#hours_logged_for_update_10").html()) +
parseFloat($("#hours_logged_for_update_11").html()) +
parseFloat($("#hours_logged_for_update_12").html()) +
parseFloat($("#hours_logged_for_update_13").html());
parseFloat($("#hours_logged_for_update_13").html()) +
parseFloat($("#hours_logged_for_update_14").html());
// Displays the total labor hours at the top of the page.
$("#total_labor_hours").html(calculated_labor_time);
......
......@@ -9,7 +9,8 @@
<title>OpenVigilance Task</title>
<!-- Copyright (C) 2018 by William Paul Liggett (junktext@junktext.com)
This Source Code Form is subject to the terms of the Mozilla Public License (MPL), v. 2.0.
If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/. -->
If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/.
-->
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="description" content="Sustained attention tasks using random letters of O, D, and backwards D to help determine what influences a person's reaction time." />
<link rel="stylesheet" type="text/css" href="css/style.css" />
......@@ -55,7 +56,11 @@
else if($_SERVER['REQUEST_METHOD'] === "POST") {
// Grabs what the user submitted and sanitizes the input to avoid an SQL injection or XSS attack.
$submitted_username = intval($_POST['username']); // Regular users only have numeric account names.
$submitted_password = htmlspecialchars($_POST['password']);
$submitted_password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
// Logs into the OpenVigilance Task tests database to verify the person is allowed to take a test.
// `$pdo' is defined as the database connection.
require_once "../../../protected_site_configs/openvigilance_db_connection_user.php";
// Confirms whether the login is valid and sets the boolean `$valid_login_user' variable.
// Also, the user's full account details acquired from the database are stored in `$account_found'.
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment