SMS/Notes.txt at master · Houley01/SMS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
Controller - communicates between the users action and the website.
view - is what the users sees
model - communicates between the database and Controller
Content
1. Work to be done that does not fit a category
2. Database
3. Login
4. Job Form
5. View Jobs
6. Asset Management
7. Home Page
8. Security Issue
9. Solution


***************************
***** WORK TO BE DONE *****
***************************
1.1 Folder Structure [DONE]
1.2 UNSET UserStatus For A New Session [DONE BUT MADE SEQURITY PROBLEM, SEE ISSUE 1] {Repaired}
1.3 Job Form, Getting the data from the Array to the options [DONE]
1.4 Find this '<' and remove. [DONE] {WAS HIDDEN IN include/footer.php file}

*****DATABASE*****
2.1 Populate Database [3 out of 5]
  2.1.1 TABLE Asset     [Upload CSV]
  2.1.2 TABLE Building  [DONE]
  2.1.3 TABLE Job       [USING JOB FORM]
  2.1.4 TABLE Rooms     [DONE]
  2.1.5 TABLE User      [DONE]
2.2 Communicates To Database [DONE]
2.3 Pull Information From Database [DONE]
2.4 Nav Bar switch statement [DONE]
2.5 Body switch statement [DONE]

*****Login*****
3.1 Login Page [DONE]
3.2 Update Session Information [DONE]
3.3 Logout Code [DONE cause security Problem] (unset UserStatus,) {Problem fixed see soloution @ user access problem 1}
3.4 Change input type from "text" to "password"

****************************
*         Job Form         *
****************************
4.1 Required Parts Of A Form
4.2 Room Information. [DONE]
  4.2.1 Gather Information From DATABASE [DONE]
  4.2.2 Change the options of the building depending on what select options is choose at Building [DONE]
4.3 Insert Form Data Into The Database
  4.3.1 DATA clean
  4.3.2 Submit. [DONE]
  4.3.3 Redirect to index with an alert.

****************************
*        View Jobs         *
****************************
5.1 View Jobs (Pull Information From Database into a table)
  5.1.1 Pull Information [DONE]
  5.1.2 Change Numbers into readable Words
    5.1.2.1 Location[DONE]
    5.1.2.2 Job Status[DONE]
5.2 View And Update Button
  5.2.1 Open Model With Information From DATABASE[DONE]
  5.2.2 Update SQL script for database.[DONE]
  5.2.3 Close Job Within Modal [DONE]
  5.2.4 Write Ajax to do the function.
  5.2.5 Write an Alert or an Alert on the website
5.3 Updated Jobs (Updated Database) [DONE]
5.4 Close Jobs  (change Null to todays date, when the job is finished)
5.5

****************************
*     Asset Management     *
****************************
6.1 Pull Information From Database
6.2 Insert Information To Database
  6.2.1 Have csv file upload to Database [DONE]
  6.2.2 Have CSV file add to the write table (Write query)
6.3 Update Information From Database
  6.3.1 Updated Location
  6.3.2 Write Asset Off

****************************
*        Home Page         *
****************************
7.1 JavaScript Current Time [DONE]
7.2 Session Welcome, F.Name (F.Name From Database) [DONE]
7.3 Most Recent New Job Request (Pull the 3 newest Jobs from Database)
7.4 Most Recent closed Job Request (Pull the 3 closed Jobs from Database)

****************************
*      Security Issue      *
****************************
ISSUE 1(SOLUTION NEED) {fixed check user access problem 1 for solution}
User can logout but can use the go back button on the browser to see other pages that where open when the user was logged in.
* Possible Solution
    * using an if statement to on every webpage to check UserStatus, if 0 go back to index.php, other way upload.


ISSUE 2 (Admin Only Area)
  logged in user can access admin pages, (if the URL is know)
* Possible Solution
    * Us an switch statement to only allow user with a certain UserStatus

ISSUE 3
Login
Password Sections displays password, Password Needs to be hased.

****************************
*         Solution         *
****************************

********************************
*     User access ISSUE 1      *
********************************
Solution by using switch statement. e.g.
switch ($_SESSION['UserStatus']) {
  case 1:
    include 'include/Staff_Nav.php';
    break;
  case 2:
    include 'include/Admin_Nav.php';
    break;
  default:
    header('location: index.php');
    break;
}
Meaning if a user does not have a recognised  'UserStatus'
********************************
*       END OF ISSUE 1         *
********************************

********************************
*   Admin Only Pages ISSUE 2   *
********************************
Create a PHP Files called Admin_Access.PHP
which includes

switch ($_SESSION['UserStatus']) {

  case 2:
    include 'include/Admin_Nav.php';
    break;

  default:
    header('location: index.php');
    break;
********************************
*       END OF ISSUE 2         *
********************************