vphantom / pyritephp Goto Github PK

We need to polyfill with:

Number.isInteger = Number.isInteger || function(value) {
  return typeof value === "number" &&
    isFinite(value) &&
    Math.floor(value) === value;
};

In some broken e-mail setups, log reports do not reach their destination. Let's offer users of Watchdog.php the option of saving to a log file in addition to (or instead of) e-mailing.

If we add text in an outgoing e-mail, it will not be saved to the DB, and consequently the send operation that follows will send the unedited version.

It makes no sense to add them to our own test suite, so now's a good time to publish them separately. It'll be easier to modernize their documentation that way as well.

This will break PyritePHP-Example and PyriteView, so it is pushed back to the next major release. Right now our API is a majority of events and a minority of OO. With events, we solved problems of caller not knowing the handler, of prioritizing multiple handlers for a single trigger and of cascading handlers as content filters.

Because of these, I guess event-driven wins over OO. We need to clean up accordingly and create more robust structure and documentation for those. I'd hope we can do better than Class::bootstrap().

All forms use NONCE validation. We need to create a means for some forms to ignore NONCE if some other condition is met. Perhaps #12 could set an ephemeral variable in the session, which says "bypass NONCE for the very next form". NONCE validation would notice this variable, delete it, and succeed.

All of assets/ should be moved downstream to PyritePHP-Example and PyriteView. This might involve some cleaning up in src/globals.php as well.

I have a second project which could benefit from PyritePHP, but it'll be using PureCSS or SemanticUI, not Bootstrap, so PyritePHP should provide the CGI service, sure, but not a sample functional GUI.

• The Makefile should set $(COMPOSER) to which composer if it is available and only resort to installing bin/composer if it is not found.

• In the update section, skip self-update if composer isn't bin/composer.

It's a known bug with PHP, which like many other such things is a "won't fix" on their side: explode("") does not return array() but actually array("") that is, an array with one element.

Therefore, we need to refactor all uses of explode() to produce an empty array when given an empty string. The easiest way should probably be to create a global function that wraps around it.

Significant omission in v1.0: users.email should be stored in lowercase and lookups should also be made lowercase at all times.

We need a safe way for administrators to spoof logins as any other user for test purposes. A backdoor which is normally disabled doesn't sound quite safe enough, because it could be forgotten in an active state.

• In config.ini, create global.admin_backdoor_date and global.admin_backdoor_password.

• In Pyrite\User::login(), before invoking password_verify() on a valid user, check if today is the backdoor date and password matches the backdoor password first.

I usually develop in [documentation, test, code] cycles, but time ran short for PyriteView. Let's start with an analogy with what I do on the Node side:

• "make test" runs Istanbul which is a code coverage reporter. It runs all my test scripts in find-like fashion and generates an HTML tree of pretty reports and some data files.

• Each test script depends on Tape for producing TAP output.

• For CLI usage, I pass TAP through Faucet to make it pretty.

• For Travis-CI, I don't. Travis-CI is also configured to invoke Coveralls to send Coveralls.IO a copy of Istanbul's "lcov.info".

In PHP, PHPUnit is probably the closest, although not nearly as simple as Perl's Test::More and Node's Tape. I'm tempted to do like TestTAP and update my old Test.inc to offer a Test::More/Tape style API wrapped in php-code-coverage.

• Install Linux distribution package php7.0-xdebug. This probably means composer.json adds its first dev requirement, for "xdebug ~2.5".

• Install PHPUnit stable: composer require --dev phpunit/phpunit ^6.0

• Create at least one test to confirm that reporting works, fine-tune Makefile for options I prefer.

• Install PHP-Coveralls: composer require --dev satooshi/php-coveralls to convert/send PHPUnit's coverage report (which is in "Clover" format?) to Coveralls.IO.

• Set up repo with Travis-CI:

language: php

php:
 - 5.6
 - 7.0

before_script:
 - wget http://getcomposer.org/composer.phar
 - php composer.phar install --dev --no-interaction

script:
 - mkdir -p build/logs
 - phpunit --coverage-clover build/logs/clover.xml

after_script:
 - [php?] vendor/bin/coveralls -v

Tag along a redirect URL to login links, somehow hashed to prevent tampering along the way.