support Tree of the Year competition

[KitWallace]

1. Ensure all contenders are in the data with descriptive text and the supporting group - data
2. Create TreeofYear collection and tag each candidate. Collection description contains the terms of the competition 3 Conditional code for a tree in this collection to present voting form - POST form back or use javascript to post it 4 Add a file to record the votes - not to be visible 5 Agree a test for repeat voting - might be based on IP address but multiple votes from eg WIFI locations possible, and multiple family member votes inhibited - best approach would be to use email address and confirmation - will need to get email client running on the server but that's been needed for a long time - might have to hash email addresses to eliminate gmail multiple ? is there a simpler way? 6 when voting closes , use votes to rank the candidates and display the result.

[KitWallace]

email now configured and simple to send an email with the mail:send-mail() function) straightforward

[KitWallace]

Prototype voting script implemented. The voter can change their vote . The voting file is not encrypted but its not visible online either (unlike all our other files) and email addresses are encrypted
Not sure how this works with data protection - check wording on voting applciations

Needs some blurb

[KitWallace]

case/dot/+ ignore in gmail/googlemail addresses implemented but presumably other email services have similar issues domain name is always case insensitive but the email address is typically sensitive except for gmail sending with the supplied address

[KitWallace]

would we want the option to retain the email address for mail-out purposes?

[KitWallace]

There is a table of email variants +/1 tagging is common https://en.wikipedia.org/wiki/Comparison_of_webmail_providers#Features

[KitWallace]

Found a list of Disposable email Address domains https://github.com/MattKetmo/EmailChecker and these are now included so that DEAs are rejected - guidance updated

However anyone with their own domain can add as many aliases as they like. This really points to the need to store the email address in clear or reversibly encrypted so that voting irregularities can be detected. Basic authentication security may be enough anyway on this file

[KitWallace]

https works

[KitWallace]

prototype is http://kitwallace.co.uk/trees/treeoftheyear.xq

[KitWallace]

prototype working

remainder of candidates to be coded up

[KitWallace]

To do: proof-reading styling testing ? fulll integration with bristoltrees link from BTOTY18 collection to the voting page ballot backup

[KitWallace]

Mark reports failures in registering votes - not an access rights issue - the canoinical email was only the base of the address, so actually his vote was being registered but with the same hash as my vote - should have looked at it more carefully

[KitWallace]

ballot file made unreadable to public

[KitWallace]

Review with Mark: Enhance wording on web when voting -done Enhance wording on emails to include tree names and advice on cancelling -done Enhance appearance - somewhat

[KitWallace]

Vassilli suggests just the full list

[KitWallace]

The poll ran very well but there were a lot on unconfirmed votes but analysis showed that they had the same preference order as the confirmed votes. The reason for this is likely to be that they ended in spam due to inattention to setting the mail headers properly - see http://www.velvetblues.com/web-development-blog/avoid-spam-filters-with-php-mail-emails/

More could have been learnt about the behaviour if we had not promised not to retain the email - change this to retention only for auditing purposes.

Otherwise I think the sofware will run the 2019 poll ok.

[KitWallace]

Only two trees proposed for the 2019 poll so abandoned

[KitWallace]

BTOTY19 abandoned - remove from site