Terminus Logo  Secured by phpPhobos

Shadow Family   
  Login  - No Account?  Create One   
Search 
 Friday, 26 April 2024  -
News FeedRSS Feed
rss rdf  
  Home 
  Authentication 
 Documentation 
    Site Documentation 
    About me 
  Legal Notice 
 Applications 
    Web Links 
 Hobbies 
    RC Models 
    RC Batteries 
    Build blogs 
 Modules 
    Downloads 
    Weblinks 
 Blacklists 
    Blacklist 
    Blockout 
    DNS Blacklist 
 Registered Bloggers 
  Joerg's Blog 
 Gallery [Listing]
  > Diving 
  > Steampunk 
  > RC Planes 
  > FPV Drones 
  > Indy travels 
 FAQ  [ Topics  ]
 Common Linux problem... 
 Routerboard RBxxxAH 
 Apple Mac-mini 
 PHP Phobos 
 Stargate's Backup sc... 
 eBook Reader / PRS-5... 
 RC Models 
 Server in SolLan 
Documentation for
images/smurphtools.gif
phpPhobos V2.0-446		 The phpPhobos web-site is the attempt to create a Web-site with security in mind (actually, in the design, structure and programming of the software). Everything is done using the pessimistic approach (Everything is denied by default, and specifically allowed to happen. This way, forgotten things cannot harm). Also, a way for the site to defend itself has been implemented into the very structure of it by the means of Harvester trap and dynamic blacklisting. Very fine grained ACL allow users to divulge their data, but they have to explicitly allow it. And in the end, everything is logged, even deleted data is kept through the logger function in the Database.
Author Joerg Mertin  smurphy(-AT-)solsys(-DOT-)org 
Website  http://www.solsys.org 
Documentation    Main   License   FAQ   Changelog   TODO 
Last change: January 17 2024 13:49:38.

Actively started / e.g. Working on

To Fix / To Check

  • write a search function for the admin content interface.
  • Write function to identify referer - and return a link (5sec) for returning to refering page.
  • Content edit/Blog Edit - add a content_view on top - and make a preview button.

Todo List

  • dyntbl function - when deleting a row, jump back to current search/position if existing.
  • Write a testing interface - that will provide links to test for security - acl - etc. - loads a file with informations in csv-format. (AUDIT handler)
  • clean content.php function -> Use check_env function, do_url function instead of own stuff.
  • Write data-handler for DNS SOA Hijacking functionality (DNS Blacklist)
  • Write remote handler for Blockout functiality (Extension)
  • Add capability to filter on remote IP for admin-access on certain functions Limit blacklist handling to certain IP's only. (ADPR Handler)
  • dyntbl
    • Add color choice function depending keyword, make line go to color
  • Authentication Addition
    • Add possibility to use Temporary Access Keys to access predefined Data. E.g. provide a Link with an Auth-Key to access the CV ...
  • Menu function
    • add delete option
  • delete Yes/No function Write function that is able to catch all parameters of a delete operation, and ask for Yes/No (really sure). Actual implementation is straight ... e.g. deletion is hapening - no asking.
  • Stats page - as for search function - provide stats for core and modules.
  • Misc
    • Documentation Extractor - extract Function descriptions from all php/inc files
    • Make sure that the automatic E-Mail Stealth function is applied everywhere !
    • make sure the Type_change function respects the user-configuration ACL
    • add Class-Configuration to the menu edit interface using the dropdowns - and make sure the color codes are used to show the entries access...
  • Authentication function
    • Write function to check password strength (type_check function) type-check for it.
    • user Info View. This one could be reworked - layoutwyse
    • Function to generally identify user access status (Almost finished - to be tested with user_access function)
    • Adapt user_access identification function to all existing functions requiring it.
  • Admin functions
    • Separate module-administration from Site-Administration in 2 Switches.
    • Dynamic Admin-Generation Menu
    • user-access administration GUI
    • weblinks admin manipulation GUI
    • mainpage admin GUI
    • MOTD admin GUI
  • User Functions
    • Comment function
    • Link the User-Function to the Drop-Down DB ... Still using separated arrays for data description and classes !
  • Logger
    • Add function to delete logs
  • Address book - with VCF export function
  • Add troubleshoot Interface (Traceroute, Ping, Whois etc.).
  • General banner function
  • Forum
    • Write a forum Module !

Done

  • icons.inc - folder_open_icon exists twice. remove one and check references.
  • content Admin Interface - add number of Hits for every entry
  • Blacklisting to eventually handle /mod.php?mod=faq&op=view&id=103
    • mail() function seems to work out the ' signes in subject lines, e.g. convert these...
    • Modify the logger function to accept non Integer ID's for string informations.
  • write a template module function to add into the template.inc file - and document it correclty. - 200809xx
  • Who's Online Block - 200801xx
  • Weblinks submit function - 200710xx
  • block handler function - 20070921
    • The blocks are to be placed left and right etc... We need to be able to manipulate the positioning of the different blocks.
    • Harvester Trap - Centered links - make them left aligned.
    • Move logger Submit button to content ID Tags ... (contens/blogs/faq)
    • Mail send/reply differe in handling from Mail
    • Fix the Disclaimer display - it's shown only if no submenu is called.
    • back-link if search was issued ...
    • In edit mode - make sure the submit has the expand tag set.
    • harvester width needs to be fixed.
    • Mail-Sent notification width needs to be fixed.
    • Add support for real pixel width in the Table-definitions (table_box/table_start)
    • display the User Picture if it exists - in the user profile
    • If a user enters a Blog Entry - the Management Interface sends an E-Mail to the Site-Admin. Should be deactivated.
    • slashes can be seen in ACL Edit mode.
    • Interface to send a Mail to the User/Author of an Article.
    • Fix the RDF part of the News-Feed function. RSS is working - RDF not - Why ?
    • goBack through referer - do not check the validity of the URL. Not required.
    • Check why some functions are executed double ? -> Solution: If a function is named as the class and executed from within the class of the same name - it is executed twice.
    • Add informations to the MOTD (user.inc -> user_welcome).
    • Add a Send-Mail/News function for registered users.
    • Add a print-view for all functions.
      • make sure the previews look nice. Have to test it on a printer.
    • Menu-edit - Add Group options does not yet work ... (empty addition) Issue with
    • Add "Impressum"/"Legal Notice" page - that registers all data of poeple going on it.
    • Add referrer DB entries
    • Bug reporting Tool !!! (Online)
    • Add a "Report Error" - Generate a Error-Report
    • Make a small: Report-View function/Management function
    • Make sure the Error-reporting functionality is available to all Errormessages
    • make sure te picture Img_Icon is used in the content_submit function.
  • Old Article Block
  • General FAQ Module
  • Add a Download Link inside the bin-Listing interface
  • Make sure the bin-listing shows only files linked to the specified function_id, but give the possibility to show function specific or all files.
  • Documentation
    • general module configuration table
      • All details incl. version nr. and where to get new version
      • make it modular - so it shows all available documentation
    • docs.inc(info) Add a Dropdown for available modules
    • docs.php(info): Remember the documentation entry that was viewed (changelog etc.).
  • General File download function
    • Done
  • User Profile Interface
    • Add user_pic_id to user Interface.
  • Search function
    • recursive search function - calls search subunction of different registered components. Every registered component requires a function called search accepting 1 argument ($search) and returning the results per line.
    • Access-levels will have to be respected ! Check the search function for that.
  • addOn function.
    • Write a Management Interface for the AddOn function.
  • DropDown function.
    • Write a Management Interface for the Drop-Down content-DB.
    • Add the possibility to view Log-entries.
    • Add possibility to add new entries (empty ones) to Definitions Tab and Edir Interface.
    • Add the possibility to Delete entries
  • General Binary data table_form, bin_get done
    • Have to add a deep Edit function for the Bin_data stuff. Edit filename/description.
    • bin GUI - have the possibility to remove a picture
  • User Functions
    • News Submit GUI
  • Misc
    • Make menu function slashes-safe.
    • add the limits function (For max number of news per page: mainpage.inc).
    • Write a RSS-Module (Contents function).
    • Comment Moderation GUI (done through content function)
    • Write general Error-Page function. Partially done... Some functions need to be adapted.
    • Define a standard Menu-Scheme for all apps. (Admin Menu/Others)
    • Write function to write menu-selections for generating popular pages etc. included in main. Have to add in user-menu-functions and sub_menus.
    • Adapt documentation to redefined standard
    • Show User Data - Add "Dedicated User" and add support in auth DB...
    • Make sure that the email-address can be used only once in the addon-DB ...
    • Write small function to load URL - removing the menu-stuff... and loading the remote page (external links)
    • rewrite the code for cookies/session data - to encrypt the cookie and deposit the key into the session-data on the server DB.
    • Wrote a function to handle bbcode - very simple - only a very small subset is supported.
    • Add option to Display a Notify-Bug link at the bottom of the page.
  • Error-Loggin function (Reporting Function)
    • Define a database were all errors are logged
    • write function that will display all existing Errors to admin
    • write function that will send report on logged Errors once a configured timeframe
  • content add function
    • Make sure error messages are shown inline...
    • Add Images-preview in content_submit function
    • Add Link capabilities to the content interface. e.g. [URL][/URL] for adding URL's ...
    • Add filter to Logos (Section name)/mainpage, test limits function.
    • Eventually add a grouping function the content-stuff, Subject and Section ?
    • Make sure the content section is able to identify the different users.
    • Make sure the content section can add new entries
    • In case the user is not Admin and we are in submit/insert mode - ews has to be locked - e.g. Do not display the news message to all.
    • add Logger DB Support to the content_add2db function
    • Content section should not stripe all html-tags if Admin entry is done. Solved through POST striptags function
    • Move the Icons on the Lower-Right side of the News - as on the old layout.
  • Add Harvester Trap adding functionality
    • Website-Theme inclusion
    • Blacklist DB with exclusion if Bot goes onto the website even if not allowed
    • View/Config interface - Done through Blacklist
  • modules
    • Write the module-caller function
    • Write a module-menu generating function (Feed it with an array ??? to display a module-menu, maybe for administration)
  • Check in the session.inc file - that all session-Data is beeing checked against correct escaping etc. use mysql_real_check function to verify the validity of these.
  • logger DB to be entered
    • Add function to List available Logs - without showing the content (deferred)
    • Add manipulation token detector into search form (Done)
    • Find alternative to the eval command
  • Admin functions
    • menu-db manipulation GUI
    • menu-function needs to have data dropped into the Logger. (Done)
  • Authentication
    • type-check for token ...
    • Make sure the system reuses the Auth-Data from client Cookie.
    • Add title of User-Submenu to the title-bar
    • Enable Encryption/Decription on Cookie/Session data.
    • Function to change passwords (Done). Changes have to be written to logger-DB. !!! (Done)
    • Function to edit user-profile (Done)
    • Make sure - if someone logs in - the auth-data is set before Page/Header display
    • Previous applies also to logout.
    • Write Admin User Manipulation UI (Done)
    • Adapt Moderated Access to user_registration / Write Moderator manipulation UI (Done)
    • finalize reset password request
  • Documentation
    • write function to show the different types of Doc. Documentation, Changelog and TODO files (Done)
    • General phobos-site version information table with About page / Info page (Done)
 
Problems to  webmaster(-AT-)solsys(-DOT-)org  - best viewed @ 1920bpp
This site is powered by phpPhobos v2.0b446
© J. Mertin smurphy(-AT-)solsys(-DOT-)org 
Icons - Copyright Breeze artists GPL 2+