Registration form update

[mirrors/Kyberia-bloodline.git] / doc / TODO

- Registration process -> Add welcome texts & move them to one file/node
  Temporary requests node does not exists.
  Nodes are created with bad vector
  (during registration we should generate GnuPG keypair 
   to user_gpg_prv and user_gpg_pub fields in table users) (harvie)


- User mail -> can't delete the mails...
  Anyway move whole mail handling out of nodes.php (?)

- SQL injections (many fixed, but some should be still there)

- remove absolute paths from all source files (!)
- convert to some more inteligent path system... eg.:
        define('SYSTEM_ROOT',           '/srv/kyberia/');
        define('SYSTEM_WWWROOT',        SYSTEM_ROOT.'/wwwroot/');
        define('SYSTEM_URL',            '/'); //or https://dev.kyberia.cz/
        define('SYSTEM_DATA',           '_data/');
        define('SYSTEM_IMAGES',         '_images/');
  because right now we can't determine both: filesystem path and URL of the same directory. this SUX!
- when we will be doing this we should make kyberia compatible with "./" PHP open base dir.
  i think that it's really nice philosophy when PHP script is never accessing files that are not in the same directory (or it's subdirectory) as the script itself (especialy when it cannot do this - it can be good security improvement).

- remove hard-coded hostname from:
  ( registration mails )
  ( scripts in "scripts" directory (system paths))

- Fix https vs http problem (url) 

- Uploading user images works, but resizing? 

- Suspected security holes:
  ( cron/process-img.sh )
  ( ./inc/eventz/spamuj_ubik.inc )
  ( ./inc/eventz/upload_own_template.inc ) (is even needed?)

- Remove/fix not working eventz
  ( ./inc/eventz/addClass.inc  )
  ( ./inc/eventz/addEvent.inc )
  ( ./inc/eventz/addAjax.inc )
  ( ./inc/eventz/addPlugin.inc )
  ( ./inc/eventz/kyberia.inc ) (wtf)
 
- Refactor directory structure

- Deprecated PHP features
  ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 )

- keep fixing XSS

- Test & scale logarithmic threading

- Remove templates from git (they should be only in sql)

- Clean code => fix uninitialized variables

- documentation/installation guide (see README)

- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite)
- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)

- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
  (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)

- Rename all files&directories that should not be rewrited to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-")
  (Rename images to _images - and fix hardcoded stuff...)

- Fix /(id|k)/*/download
  (ERROR: Empty file to download.)
  (I think this should be implemented as template (and smarty method for download). template can be ID down in base36 = 638807 in base10)