NOCCC web site

motherlamentationInternet και Εφαρμογές Web

7 Δεκ 2013 (πριν από 3 χρόνια και 4 μήνες)

71 εμφανίσεις

NOCCC web site
as of March 16, 2008
work in process
demonstration site: http:rdksoftware.com/noccc
Site basics
The NOCCC site is based on the open source content management system Drupal because it is a good

starting point that can be improved with little or no programming knowledge. Those extensions include

blogs, forums, language translations, and ecommerce. A small wiki or blogging system can be up and

running in less than a week.
Drupal is used by several international corporations including AOL, Sony, and The Onion. It is

estimated that recreating the 200,000 lines of code (core and extensions) would cost about $300,000. It

has been around since 2002 but the extensions available have increased by 300% in 2007.
If you have any questions about Drupal, visit Drupal.org
login
Most everybody referred to in the January 2008 copy of the Orange Bytes has an account with the

appropriate roles. All officers, volunteers, SIG leaders, and members on the help list have an account

named <first letter of first name><last name>. For example my name is "Dave Keays" so my account is

"dkeays". The password is the same as the account name and is always in lower case. The first time

you login you should change your password.
The login screen is a standard input account name, password, a link to create a new account, and a link

to reset the password.
A user that has not logged in will be simply a guest and have no more power than to just look at

information already on the site and to leave comments that need to be approved by someone with a

valid account.
The menu will look different for each user and each user will have different powers to change items on

the web site depending on the permissions given to the account.
security
This discussion is rather technical so you may want to go on to the next sub-section unless you want to

know some of the inner workings of the site.
Roles
One of the many security methods used is a role based system (RBAC) which allows for an easy to

administer permission system. An account will not be able to access or change information not allowed

according to the roles. To change one's ability to access information the administrator would simply

change their role with all the pre-defined permissions.
This site uses six different roles: guest, an authenticated user (someone that logged-in correctly), a

"content manager" (someone in charge of content like the president), a member of the club, a SIG

leader, an officer, and a volunteer. There are things that the administrator can do that no one else can.

The "content manager" is in charge of all the content and can change something they think is

inappropriate, but cannot change the overall layout of the web-site. The SIG leaders can change

descriptions of their own SIGs but they can't change any other SIG and they can't change the time,

room, or leader of the SIG. That requires permissions normally given to the officer that is in charge of

SIG groups.
Again, the SIG leader has more permissions than a regular member but not as many as the officer in

charge of SIGs, the content manager, or the administrator.
password security
Password security is maintained since no passwords are available in plain text. They are stored as MD5

digests. This is adequate for a simple information site such as this. However but we may want to

consider other options if we start storing personal information or use ecommerce functions. Those other

functions being a stronger digest (SHA-256 for example) and using SSL (Secure Sockets Layer).
spam
At the moment spam postings are not a worry since only those with an account (members) can create

content and post comments without moderation. A guest can only read content and leave comments to

be approved by a site moderator. When we allow guests to create context or leave unmoderated

comments we will have to consider using a CAPTCHA which is what asks you for the answer to a

distorted picture.
captcha
There are several forms of CAPTCHAs available for use in Drupal. Some with more difficult images,

some with an audio component to read the CAPTCHA out loud, and others to ask a simple question

("what do you get when you reduce 7 by 4") that a computer would have a hard time decifering.
sessions
Sneaking information inside a financial transaction is a standard way of hacking. Drupal uses tokens at

every point of the transaction that allows the program to know that the information came from form X

in transaction batch Y.
miscellaneous
As mentioned above, hacking can be sneaking information in ("injecting"). Drupal does a good job of

cleaning all input so that information like program codes can't be "injected".
theme
The site is skinnable or themeable meaning that members can change the sites "look and feel" for their

specific account only. There are several themes on the site right now but we will probably settle on

three: a bare-bones theme for administrative uses, a modern looking design, and a conservative yet nice

design, and another for those with seeing concerns.
content
All information on the site is grouped into different type of "content". There is a separate type of

content type for blog entries, simple pages, sig groups, and events. Later we may add the time "forum

topics", "glossary term", or "gallery entry".
To enter a new page, sig, event, or whatever you need to use the menu section "create content".

Everybody will see a different set of menu options depending on the role given to that account. Only

the administrator, content manager, or SIG officer will see the option "SIG".
categorization or taxonomy
The categorization of items is referred to as "taxonomy". It is done here with a series of terms that can

be choosen; report type (SIG minutes, board minutes, etc), SIG or committee name, date.
Some menu items depends on the postings being properly categorized by the author. For example;

finding all the SIG minutes
menu items
The menu items will be presented to a guest differently than to a member depending on the theme they

have chosen but they will have the same basic functions:
guests will see:

the next meeting date

street and freeway maps to Chapman University

a list of gurus (members that are willing to answer questions)

a list sigs with a brief description of the sig, where it meets, and when

up coming events
A member will also see a menu section call the "members corner" which includes items like:

Bytes PDF archive

various member lists:

SIG leaders

officers

volunteers and committee chairs

additional upcoming events (not ready yet)
An officer, SIG leader, or volunteer will see the same menu as a member but will have more

permissions to add, edit, or delete content when they get to the content itself.
When the user has chosen to display a piece of content, if they have permissions to edit the site or see

tracking statistics they will see their choice of actions in tabs above the content.
changing the site
changing content
With only a few exceptions (the administrator for example), only the original author of each posting

can edit a posting. When the author accesses a posting that they authored, there will be a tab just above

it that states "view" and "edit". When edit is chosen they can alter the text and add file attachments as

necessary. At the bottom of the page there is a selection to "preview", "submit", or "cancel". Preview

shows the content and how it will be presented but nothing is saved until the submit button is clicked.

See "teasers" below.
Files can be attached in the "file attachment" sub selection. You will presented with a list of files

already attached and the option to delete that file and whether or not it should be listed in the body

itself. To add to the list choose "browse", select a file from your hard disk, and then choose "attach".
No changes will be made unless you select "submit".
Administers and accounts with the role "content manager" can edit other members postings through the

administrative menu:
administer >> content management >> content >> [content type]
To organize the different pieces of content there are four different topics that may need to be set if you

want the content to be included in club reports or lists that categorization. There is a "type" to discern

what the content is, "group" to keep track of which SIG the content is attached to, "office" to keep track

of the office, "committee", "month", and "year".
teasers
The body includes a small preview or teaser of the posting. That way when a list of postings are given

(all minutes for example), the sites user can see the title and the teaser of all posts and select "read

more" to see the full posting. The first 200 words with automatically be chosen as the teaser length but

the author can choose where the teaser ends by putting a line "<!--break-->" into the body of the post

where you want it to break.
meeting announcement
The president owns the front page so as soon as the president logs there will be an edit tab available.
The announcement is stored in the title of that page and any other information about the meeting can be

added in the body.
Anybody with content manager permissions can change the announcement through the administrative

menu.
changing the PDF archive
A list of PDF files is maintained by the editor. When the editor accesses the page that lists the PDF

files, he will be presented with an edit tab for that page.
To add a file to the list:
file attachments -> browse -> attach -> submit
To remove a file from the list and the server:
file attachments -> select "delete" -> submit
To remove a file from the list but not delete it from the server:
file attachments -> deselect "list" -> submit
adding members
The content manager or administrator can add members through the administrative pages.
administration -> user management -> user -> add user and give the correct role.
adding events
Any officer can add a new event through "create content".
create content -> event -> add
officer changes
NOTE: to be improved
If the officer changes:
Administer -> user management -> user -> [previous officers account] -> remove role "officer"
Administer -> user management -> user -> [new officers account] -> add role "officer"
Administer -> content management -> page -> [front page] -> authorship... -> [new president]
Administer -> content management -> page -> [Bytes archive] -> authorship... -> [editor]
adding SIG
create content -> sig
The user must be logged in as the administrator or a content manager.
changing SIG description or next topic
Choose the sig in the "sig schedule"
sig schedule -> sig to be changed -> edit
The user must either be the owner of this sig, the administrator, or a content manager to be able to do

this.
filing committee minutes
Note: whether or not this function will be available is currently in question but instructions on how to

do it are listed below.
create content -> enter content -> type = "minutes", committee = ..., month = ..., year = .... ->submit
filing sig minutes
Note: whether or not this function will be available is currently in question but instructions on how to

do it are listed below.
create content -> enter content -> type = "minutes", sig = ..., month = ..., year = .... ->submit
technical documentation
Drupal 5.5 was installed via Godaddy.
PHP 4.3.11
features; magic quotes GPC, XML, ZIP
library; GD2
MySQL 5.0.45
Content Types
Type
Description
blog
A blog is a regularly updated journal or diary made up of individual posts shown in reversed

chronological order. Each member of the site may create and maintain a blog.
event
An event is a story which can be given a start and end date, thus appearing in the events

calendar.
page
If you want to add a static page, like a contact page or an about page, use a page.
story
Stories are articles in their simplest form: they have a title, a teaser and a body, but can be

extended by other modules. The teaser is part of the body too. Stories may be used as a personal

blog or for news articles.
sig
A SIG (Special Interest Group) is a meeting of people who are interested in one specific topic.

In this case it is centrally organized and not viral which spreads on its own and requires no

central control.
Modules
Name
Version
Description
Backup and

Migrate
5.x-1.x-
dev
Backup or migrate the Drupal Database quickly and without unnecessary data.
Blog
5.5
Enables keeping easily and regularly updated user web pages or blogs.
Color
5.5
Allows the user to change the color scheme of certain themes.
Comment
5.5
Allows users to comment on and discuss published content.
Contact
5.5
Enables the use of both personal and site-wide contact forms.
Menu
5.5
Allows administrators to customize the site navigation menu.
Profile
5.5
Supports configurable user profiles.
Statistics
5.5
Logs access statistics for your site.
Taxonomy
5.5
Enables the categorization of content.
Upload
5.5
Allows users to upload and attach files to content.
Block
5.5
Controls the boxes that are displayed around the main content.
Filter
5.5
Handles the filtering of content in preparation for display.
Node
5.5
Allows content to be submitted to the site and displayed on pages.
sig
1.0
automate maintenance of sig groups
System
5.5
Handles general site configuration for administrators.
User
5.5
Manages the user registration and login system.
Watchdog
5.5
Logs and records system events.
Name
Version
Description
Basic event
5.x-1.0
A story-like node that implements the event API automatically.
Event
5.x-1.0
Calendaring API, calendar display and export
Event All Day
5.x-1.0
Allows creation of all-day events.
Gallery
5.x-1.0
Embeds Gallery2 into Drupal.
Glossary
5.x-1.7
Maintain a glossary on your site.
IMCE
5.x-1.0
An image/file uploader and browser supporting personal directories and user quota.
Site

Documentation
5.x-1.3
Displays various pieces of information about this Drupal installation.
System info
5.x-1.1
Displays information of the drupal install and system environment.
Vardump
5.x-1.0
Enables priviledged users to dump the variables table in a variety of formats
Views
5.x-1.5
The views module creates customized views of node lists.
Views Theme

Wizard
5.x-1.5
The views theme wizard helps create stub theming for views.
Views UI
5.x-1.5
The Views UI module allows you to create and edit views.
Theme
Theme
Enlight
Fancy; default
Garland; good
Itheme; see below
Orange
Terrafirma_theme
Bluemarine
Chameleon; administration account
Marvin
Minnelli
Pushbutton
Theme_engine
phptemplate
Roles and Permissions
Name
Permissions
authenticated user
·
access comments
·
post comments without approval
·
access site-wide contact form
·
access gallery
·
access content
·
select different theme
Name
Permissions
·
upload files
·
view uploaded files
·
access user profiles
·
change own username
anonymous user
·
access comments
·
post comments
·
access site-wide contact form
·
access gallery
·
access imce
·
access content
·
view uploaded files
·
access user profiles
SIG leader
·
edit own blog
·
administer comments
·
access gallery
·
create page content
·
create story content
·
edit own page content
·
edit own story content
·
view post access counter
·
access user profiles
officer
·
edit own blog
·
administer comments
·
access gallery
·
create page content
·
create story content
·
edit own page content
·
edit own story content
·
view post access counter
·
access user profiles
volunteer
·
edit own blog
·
administer comments
·
access gallery
·
create page content
·
create story content
·
edit own page content
·
edit own story content
·
view post access counter
·
access user profiles
member
·
access gallery
Name
Permissions
·
access user profiles
content manager
·
create events
·
edit own events
·
edit own blog
·
administer comments
·
access gallery
·
access content
·
administer nodes
·
create page content
·
edit page content
·
revert revisions
·
view revisions
·
access statistics
·
view post access counter
·
access administration pages
·
administer taxonomy
·
upload files
·
view uploaded files
·
access user profiles
·
administer access control
·
administer users
important nodes:
1- front page, announcement and "smok'n" image are owned by the president
2- street map, image
3- freeway map, image
12- PDF archive, attachments for PDF files , owned by the newsletter editor
Side notes
forum vs blog
I was asked by a member of the board what the difference in a blog and a forum was. I couldn't answer

that question of the cuff because there are so many qualifications. I'll try to address it here.
They all are forms of conversation that are available for all to read for certain period of time. To some

degree the difference gets kind of blurry. For example, after a while all the comments in a one blog

posting starts to look like a forum. For the purpose here, a posting is basically a complete statement

inside a previous conversation or the statement that starts a new conversation. A comment however is

supposed to be a simple remark to a posting. However, postings can be used like comments ("Me too",

"thank you", etc) and a comment can be a complete statement just like a posting.
If you are familiar with NNTP newsgroups, it is easy to understand a forum which is basically a HTTP

or web based version of a newsgroup. They both maintain several conversations at the same time and

let people join in the conversation when they want to. The main two differences is that a forum can be

read with a browser but individual conversations are harder to discern in a forum. Most newsgroup

readers let you see things in a "threaded view", meaning that any statement that relate to each other are

grouped together, so it is easy to see who is commenting about what. This is usually done by indenting

a sub-conversation caused by someone commenting on another. A forum however usually lists the

statements in the order they are received.
The difference really depends on where the conversation starts.
In a forum the conversation is started by any poster and other posters make comments or posts about

that previous post. Or they can start another conversation.
A blog the conversation starts when a specific person writes an article and puts it on line for others to

comment on. But then those comments can become a conversation like in a forum. At

GuitarPlayer.com there is a blog that is several years old and thousands of comments big. Many of the

comments are comments not about the original post, but about previous comments.
is simply a place people can get together to discuss issues they find interesting. Others can then add

another
future improvements

automate officer management

improve the member lists (list gurus, list officers, list SIG leaders) menu

allow for mass mailings

track membership like when a membership expires

create an online newsletter and automatically create the PDF

add a photo gallery

add ecommerce functions (dues, donations, auctions, store)

use an encrypted transport (SSL)

use a stronger password digest (SHA-256)

enforce a stronger password (14 characters+, at least 1 number, 1 symbol, 1 letter)

combat spam posting (CAPTCHA)

add a member based wiki (see wikipedia.com)

add a discussion group or forum