webinterface

[bendixsonnenberg]

I would really like it if this was done soon, so that linus can do all the stuff by himself

[christoph-fricke]

I want to do biology first before I join the next big project...

[bendixsonnenberg]

i did not think of such a narrow timeline this has got quite a bit of time

[bendixsonnenberg]

we will have to take a look at robot.txt files so that crawlers form google dont mess with the webinterface

[christoph-fricke]

I also red the you can handle the crawlers in a meta tag so I am not sure which is the right way... Maybe we should do both... ;D

[christoph-fricke]

As far as I can the it we have an admin page now where you get to after you entered your password etc. And the admin page has links to sub pages for each topic where you can do your stuff...

I thought that it maybe would be a better UX if the current content of the admin page is the navbar and depending on which page you choose it gets displayed in the body... So we would basically have one admin page which provide the user a better experience when navigating around.

I created a little concept art for the new admin page:

[bendixsonnenberg]

i like the idea but i think it would be a little bit to much effort for this project i tought more along the lines of giving the current pages some css and then tell linus and jorina to learn to deal with it unless you want to spend some time on this one.

[christoph-fricke]

Well a simple solution might be to include them as iframes but I am not sure how that would work out...

[bendixsonnenberg]

nice idea and that would also minimize the work we would have to do

[christoph-fricke]

We just have to see how much it works out responsive...

[bendixsonnenberg]

we could scale the iframe and that would scale the page inside

[bendixsonnenberg]

do you think we should use the backend names for labels?

[christoph-fricke]

That is what I was thinking to do... I mean we already have the names in place and ready to use through the json file, so why not use them...

They are meaningful enough in my opinion, expect "quotee" could get some work (maybe "quoter"?)...

[bendixsonnenberg]

https://www.merriam-webster.com/dictionary/quotee

[christoph-fricke]

Still sounds strange and they are saying that it is referring to the person who gets quoted not to the person who quotes someone...

[bendixsonnenberg]

it is the person who gets quoted

[bendixsonnenberg]

i just got an email from our webhosting service. they are willing and able to give us a ssl certificat.

[christoph-fricke]

That's cool... Did they give you a date?

[bendixsonnenberg]

right now. it is self signed so i would not recommend using it for the main page we should just use it for the webinterface

[bendixsonnenberg]

is there anything left that we should do before we pull the webinterface?

[christoph-fricke]

I am not sure... I mean we have:

• A log in page
• Feedback on wrong log in (sucess redirects directly to board, so no feedback needed here)
• Admin board
• Navbar for editing achievments, sponsores, news and team
• Options to edit, remove, change order or add a new one
• inputs to do the edits
• save function
• inputs getting removed when topic is changed or element is got saved

I think I have listed everything what we have and I do not think the we need more stuff? So I guess the Webinterface is finished... Maybe we could just rename the folder to something like admin (is optional)...

The only think we can think about is a little button on the main page, leading to the webinterface, however I do not think that is needed as long as we have a folder name that everybody who have to can remember...

And I am not sure if they are able to create their own user, even with your nicely written instructions. I mean they were also not able to edit the content json files... 😞

I am not sure if it is a security problem or not, but everybody who reads the instructions on github or plays around a little bit is able to see the users.json (also on live server). Since we are using the default hash (aren't we?) they might be able to recreate the password out of the hash... Might be that I am wrong and it is not possible, but that would be a big problem...

[bendixsonnenberg]

it would be possible but only through bruteforcing their way into the system because the reason we use hashes is that the are only one way conversions of strings. as far as i know there are also no rainbow tables for the php hashing algorithm

even so, it would be better if we could deny access to the .json files all together. maybe through the .htaccess?

i would say that we can expect Linus and Jorina to remember a simple path. renaming is a goog idea

[christoph-fricke]

Is it possible to simply rename the folder? I think so or do you have any path into the folder? I will just use the refactor feature of my editor.... Safety first... xD

[christoph-fricke]

The idea with blocking the json files is a good idea...

[christoph-fricke]

@quannten24 is there anything left or can we merge it? There is still a project about making the php constants editable? Is that still a thing?

[bendixsonnenberg]

not really

i think we can merge

On 14/04/2017 15:01, Christoph Fricke wrote:

@quannten24 https://github.com/quannten24 is there anything left or can we merge it? There is still a project about making the php constants editable? Is that still a thing?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/christoph-fricke/shpioneers.de/issues/73#issuecomment-294149875, or mute the thread https://github.com/notifications/unsubscribe-auth/AYyb3fLmeeS1ATZyBybU0eK-3pr-JHX_ks5rv24ygaJpZM4MpjPi.