opencfp / opencfp Goto Github PK

Once the CFP end date has passed, there is no visual indicaton on the homepage. The only indication I see is when someone tries to login or create an account.

Also I think we should still probably let people create accounts and login after the CFP is closed, but just not let them submit talks. For example, how is an administrator supposed to login to perform administrative tasks?

Admins should have the ability to list talks from all users.

The list should be filterable by:
User
Talk Type
Date Submitted (from, to)

I haven't coded PHP in over 10 years, but the installation guide got me a working setup except for one issue. Documenting here in case someone else runs into the issue. I was getting an error of not able to find "/login" in my opencfp installation. The fix was to enable mod_rewrite for Apache, and also change in the apache config this: "AllowOverride all".

Text entered during registration does not get retrieved in My Profile. Attempting to re-save text from My Profile results in:

MethodNotAllowedHttpException: No route found for "POST /": Method Not Allowed (Allow: GET)

Let's remove all the email activation code and put it into a separate branch.

Error! Missing passwords<br>The submitted password must be at least 5 characters<br>First name cannot be blank
Missing passwords<br>The submitted password must be at least 5 characters<br>First name cannot be blank

I do not know if there is any hard-coded expiry date in the application itself, but I am able to submit sessions even though the expiry date for True North PHP has passed.

If there is no explicit expiry date feature, then I hereby suggest that it be added. If there is one, it failed for the True North PHP implementation.

I think it would be easier to have one single cache/ directory that contains the compiled twig templates, config and htmlpurifier data.

For example:

cache/twig
cache/htmlpurifier
cache/...

This will simplify cache clearing.

Enable public visitors to rate talks, to help indicate what community/public would like to see.

Would need to include some sort of logic to reduce duplicate ratings on the same talks. (no ballot stuffing)

When a user is logged in, they should see a logout button.

Steps to reproduce:

1. Create a talk
2. Click on Edit
3. Put an invalid value in the description (for example, put some html)
   You will get redirected to dashboard. If you go back into the entry, you will see that your changes did not get applied. So, the validation is working it is just doing the wrong thing. It should instead display a validation message and stay on the edit form.

Normally this wouldn't be a problem, but it looks like Symfony is catching all exceptions and spitting out a generic "Whoops, looks like something went wrong".

We are relying on Sentry's exceptions as normal validation (which I am not really a fan of), so if they get intercepted prematurely it's a bad thing.

This is a recent issue, so not sure if this is due to some recent code changes or some composer updates.

Click submit on a blank signup form and nothing seems to happen. Click again and you get an error message (full with escaped
's).

I think this is probably to do with the flash message code we are using. I assume it is not visible until the next page load after it is set.

They cannot edit their email address because we use it for login via Sentry, but they should be able to change the info and bio fields for sure.

Steps to reproduce.

Go to edit profile. Change something, hit save. Nothing seems to happen. Hit save again and you get an error.

Error! We were unable to update the speaker information

The app needs more structure, not just for us but for those who wish to extend it...

The validation functions for TalkForm seem to have a lot of redundant code. For example $this->sanitize() will run several times when running validateAll(). Also, the code for validateDescription() is full of redundancies. Specifics below:

if (empty($santizedData['description']) || !isset($santizedData['description'])) {
    return false;
}

empty() already checks isset() so isset() is not necessary

$description = $santizedData['description'];

if ($description !== $this->_data['description']) {
    return false;
}

pointless declaration of a variable. You could easily use the array version in the comparison. Also, this could be combined with the previous if statement.

if (empty($description) || $description === null) {
    return false;
}

since $sanitizedData['description'] is the same as $description, this code is completely unneccessary as we have already checked for empty().

Once you make all these changes, you will likely find that 11 lines of code could be reduced to 1 line. Eg.

return !empty($sanitizedData['description']) && ($sanitizedData['description'] == $this->_data['description']);

Whether a user is logged in or not, they currently only see 3 menu items, Home, About and Contact. We should have items such as Dashboard (maybe this could just replace Home), My Profile, Logout. It would also be nice to list the user's name near the menu so they can remember who they are :)

When a user forgets their login details, they should be able to click a link entitled something like "Forgot password?". This would bring the user to a page where they can enter their email address and click a button. Here is some sample verbiage:

Lost passwords cannot be recovered, however if you enter your email address below, we will send you a link that will allow you to setup a new password.

Email: _____________________ [Send Password Change Link]

Upon clicking the link an email will get sent to the email address associated with the user. Here is some sample verbiage:

Subject: [{system name}] Forgotten password
Hi {firstname},

You are receiving this message because someone (hopefully you) submitted a Forgot Password request on {system name}. If this was not you, please ignore this message.

If you wish to setup a new password, click the link below:
{link to change password}

Thank you,
The {system name} team

Upon clicking the link, the user will be taken to a special page that is only accessible via the link in the email. The link will only be good for 12 hours or until a change of password has been performed.

The page will have fields for new password and confirm password. The newly created password should adhere to the password requirements of the system.

Upon entering the new password and the matching confirm, the password of the user who originally was sent the email will be changed. The user can then be redirected to the login screen to login, or can be immediately logged in and sent to the dashboard.

Using the information in the screenshots below, trying to create an account fails. You can see the information I use, and then I click the button, and the page submits and loads the page again.

In this screenshot, you can see the headers from the form submit.

I see no errors in console for javascript (or anything).

I've also included the session cookie I was provided.

Using Google Chrome on Mac, Version 27.0.1453.116

Also fails in Firefox for Mac, 22.0, same result as Chrome.

Several users on twitter have reported that they are filling in the title, description and type, but are receiving the error:
"You must have a title, description and select a talk type"

I have asked each of them to confirm whether this is still an issue and add the values they are trying to submit to this issue.

Some users experience issues where they were not able to update talk info after initial submission. (mostly the talk type dropdown, but affected other fields as well)

My guess is that certain security related browser plugins are at fault.

Should be set to false as default

Just letting you guys know. I saw an error related to session_gc (no screenshot, sorry) show up on the live site. I'd provide a PR for it but I still suck at puppet.

There are no errors displayed to users when they enter a bad username or password. Instead the username & password fields are cleared. I would expect typical behaviour to be:

• An error message indicating you entered a bad username or password.
• Username remains, but password field gets cleared

Steps to reproduce:

1. Access the homepage (ie. http://cfp.dev/)
2. Without logging in, navigate to http://cfp.dev/submit_talk.php. You will see the page.

This is probably caused by the fact that the page is using Sentry::getUser(). According to the documentation for getUser:
"Returns the user that's set with Sentry, does not check if a user is logged in or not. To do that, use check() instead."

ref: http://docs.cartalyst.com/sentry-2/users/find

I've merged my activation code, but I can't run the tests. In findByUserIdCorrectlyHandlesBadUserId I'm getting:

Fatal error: Call to a member function prepare() on a non-object in /Users/vic/Sites/opencfp/classes/OpenCFP/Speaker.php on line 58
$stmt = $this->_db->prepare($sql);

The test looks like this:

    $db = null;
    $speaker = new \OpenCFP\Speaker($db);

    $this->assertFalse(
        $speaker->findByUserId($user_id),
        "Speaker::findByUserId() did not correctly handle bad user_id values"
    );

Without a mock or some kind of real db like a sqlite memory db I can't see how this would run.

Am I missing something obvious?

Thanks.

I wanted to favourite talks for this year's conference, but the indicator toggles without updating the database.

I fixed the issue on a branch in my repo, but unearthed a few issues on the way.

The schema spells it favourite, but the php and twig spell it favorite. We need to pick one. I vote for favourite because we're Canadian here in the True North, and because then we don't have to update the schema for updates. I'd like to normalize that spelling everywhere.

Because of the spelling difference the SQL failed. The PHP wasn't checking for SQL errors so the error was silent. I now look for SQL errors and throw them, and then have the controller put them into a JSON response, and have the front end alert the user so they know that the operation failed - even if the message is cryptic. Hopefully the approach allows us to more easily catch errors before they make it into the wild.

What are your thoughts on this approach? If good, I'd like to apply it to the rest of the app.

While we're on the topic, I think that the approach needs to change, which means we'll need a schema update anyway... I think favourites should belong to the user and the talk (many-to-many) instead of directly to the talk, so that different admins can have different favourites. Let me know what you think. For now I'll track my favourites on my own snapshot of the database.

Finally - a nitpick, but I'm no fan of 2 space indentation which we're using in the javascript. I know indentation can get deep in JS, but I consider that a code smell and I don't like 2 space indentation masking that. I'd love to re-format the JS for 4 space indentation.

Let me know what you think.

Send an email to speaker after talk submission.

Right now, we just have some fake content there. Before launch we should either remove those pages altogether or fill them in with some content, most likely just linking back to truenorthphp.ca

The code is all there, just needs to be Implemented the same way the account creation code does it

Admins should be able to list all users and optionally delete them.

Sentry::getUser() can return null without throwing an exception, which passes our login test.

In my case I was authenticated, then re-imported the schema for updates, re-signed up and activated, and then my old cookie didn't match the new secret, and getUser() returned null.

There's a lot of duplication of the login code, so I'm going to move it into a controller which can be included by any of the /web/*.php scripts which need it, or by their controllers. Then I'll apply the fix for this in one place.

I'm now working on this instead of #20 so I can log in.

use the dashboard real estate a bit better. Could put profile info on the dashboard, and talks. So speakers would notice if items were missing from their profile.

When running the install command, Composer uses the composer.lock file first to install dependencies exactly as they are in this file. This is useful to have this file in the repository in order to always install a stable version of OpenCFP.

they are pointing to a template called create_talk.twig, which does not exist. I think they are supposed to be pointing to submit_talk.twig.

Once we approve a talk we can ask users to fill it out

The “Full-Day Tutorial” option inside of the “talk_form” template 0 contains a typo which leads to a text node containing “selected Full-day tutorial” being created if that particular option is selected. The culprit is a premature right angle bracket.

Original Code:

<option value="full-day-tutorial"> {% if type == 'full-day-tutorial' %}selected {% endif %}Full-day Tutorial</option>

Amended Code:

<option value="full-day-tutorial" {% if type == 'full-day-tutorial' %}selected {% endif %}>Full-day Tutorial</option>

If I were any good at pull requests, I would have just made one. I apologise for any inconveniences.

Some users experiencing missing speaker data (bio, headshot, other info) after creating profile. It was very patchy, and was almost 50% of users had this happen. Only the initial creation is having problems. The updating of a profile works all the time, from info I gathered.

My guess would lean toward the new headshot upload when the user is initially created. Not sure why that would be, but it is a starting point.

When a user is logged in, they should be able to access a page to change their password. They could optionally change their email too.

I removed WebTest.php as it was failing when running on the CLI but I could clearly log in my dev environment during development. A better set of integration tests are needed later on

By default, HTMLPurifier caches in the library directory. For purifier to work, this directory needs to be writeable. Since the library is being created by composer and nested within the vendor directory, a better option is to set the cache directory to something that is controllable by the developer.

Solution: we can add an HTMLPurifier section in the config.ini file where you can specify the cache directory. It will have to be part of the install instructions to create that folder and make it writeable.

ref: http://htmlpurifier.org/live/configdoc/plain.html#Cache.SerializerPath

Administrators need to be able to login after CFP has closed. Currently they are presented with a message "Error: Sorry, the call for papers has ended."

Ugh, broke something. Will fix it.

Add one, so people can explain why you should accept it, point to previous videos, joind.ins, general random comments and whatnot.

The Airport field in the user info is not clear. It needs to be the 3 character airport code, not the city or other info.

My idea is that a lot of conferences will use this "tool", so it would be cool to create a centralized API which stored users, talks etc. so you, as a speaker, doesn't need to create the same profile on all the conference sites, the same talks. etc.