k15z / bayms.web Goto Github PK
View Code? Open in Web Editor NEWThis is the final iteration of the Bay Area Youth Music Society's 2015 user management system.
License: MIT License
This is the final iteration of the Bay Area Youth Music Society's 2015 user management system.
License: MIT License
This is a major feature which will require making significant changes to the entire application stack. A new column must be added to the users
table to store Google's "id_token" values, and the entire apply/login process must be reorganized.
Problem: Due to inconsistencies in the way HTML5 sessionStorage is handled, Microsoft Edge and Internet Explorer users are unable to see the carpool map; instead, they are redirected to the login screen.
Temporary Fix (todo): Remove the redirect; overlay an error message on the map.
Permanent Fix (todo): Embed the map itself in the main application, instead of putting it on a separate page. The map should be just like any other tab; it really should get its own div and ng-controller. (In case you hadn't noticed, the carpool map was a poorly planned out last minute addition.)
The javascript code used to set the "piece_order" value is amazingly inefficient and looks really ugly. It should be modified up to send as few requests as possible, and the setTimeout used to buffer the requests to prevent the database from locking up should be changed to $timeout or completely removed.
Make required field red if they are not filled. (Profile page.)
Add support for Angular-style AJAX requests. Unlike typical jQuery-style AJAX requests, Angular requests are not automatically parsed by PHP and need to be manually decoded from the php://input stream. This issue is not critical, but fixing it would make the web application code much cleaner and more consistent with Angular design patterns.
Problem:
See the discussion here for details on the problem. This issue has been temporary addressed using a setTimeout, but the result is a really clunky user experience.
Proposed Fix:
latitude_longitude
column to users
table.Allow users who authenticate using the traditional username/password to add Google Sign-In to their accounts, and vice versa. This will involve adding new functions to the BAYMS.php file to manipulate the users
table, specifically the user_name
, user_pass
, and user_google_id
columns.
Hashing and salting isn't enough to protect against users who use pathetic passwords. Come up with and enforce a decent password policy. (6+ chars, alphanumeric?)
Allow admins to retrieve student/parent emails, including filtering by group (and maybe even searching by name/instruments).
SELECT student_email FROM users WHERE student_email <> ""
SELECT parent_email FROM users WHERE parent_email <> ""
SELECT student_email, ensemble_choir FROM users WHERE ensemble_solo
SELECT student_email, ensemble_choir FROM users WHERE ensemble_choir
SELECT student_email, ensemble_choir FROM users WHERE ensemble_woodwind
SELECT student_email, ensemble_choir FROM users WHERE ensemble_orchestra
Teacher Ma's request: add student_birthday and parent_2_* fields to the profile.
Instead of using file_get_contents, use the PHP class provided by Google to verify the oauth token. This should lead to minor speed increases.
There are only 3 tabs to move between, so the url routing can be as simple as a single switch statement or as complex as the angular ng-route module. This will replace using sessionStorage to save/restore the current tab.
I suspect this has something to do with the Chakra JavaScript engine, but it may also be related to how Microsoft's browsers handle pop-up windows.
Function deleteEvent($event_id) in bayms.php does not remove pieces linked with this $event_id. It may leave some orphan pieces in the database. Can we remove them when remove the event?
Add a field to the database, want_carpool
. If set to true, add a link to a page which shows nearby BAYMS members who also want_carpool
. This pulls data from the home_address
field and geocodes it to longitude and latitude; since we don't live anywhere near eastern Russia or Alaska, the distance between two home_address
is trivial to compute. Since there are only ~50 members to worry about, a brute force algorithm will work fine for computing nearest neighbors, no need for heuristics.
On older browsers without support for sessionStorage, the basic authentication values (user_id, user_name, etc.) should be stored using cookies. In fact, even in newer browsers, it might be better to save the authentication fields in cookies so they get automatically sent to the server instead of manually sending them with every request.
allow each member to have a profile picture
Right now, the program.htm page is vulnerable to javascript injection. This should be fixed by blocking all html tags except for a few tightly controlled choices such as
and .
Add a profanity filter on the server side, preferably in api.PHP, which filters all user supplied fields.
maybe email the user with a new randomized password
Search by name/biography, filter by ensemble, etc.
Record all user-performed actions. Not just for analytics, but also to kick out malicious users. The easiest way to implement this would be to configure the nginx server to log all POST request data (except plain-text passwords, of course).
The title says it all. Build something to let users change their password.
Right now, essentially all of the operations concerning pieces (ordering, editing, deleting) are poorly implemented and the user interface for handling pieces is inconsistent and feels unnatural. The two main things to change are:
Teacher Ma's request: add piece_length to pieces table
Get a local copy of angular-sanitize so users in China don't run into the great firewall. (Or convince China to support freedoms of expression...)
Need to put some internal doc for members to check, such as ensemble practice schedule, room usage for every week.
Need a way to control the access to internal doc and folder.
Allow admin users to promote regular members to admin status.
new website must be the face of BAYMS but also integrate login system,
probably a home page with a button to log in in the corner
Anything irreversible - delete piece, delete user, delete event, etc. - should have a "confirm" prompt before the API call is executed. This can be as simple as
if (confirm("Are you sure?")) { /* Do something! */ }
Or as complex as a beautiful modal with parallax animations.
Use datalist to provide autocomplete functionality for the instrument input fields. However, make it clear that other instruments are also accepted.
Allow users to edit their piece submissions. The back-end is already set up for this, just add some CSS and JS to make this happen on the client side.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.