Location: PHPKode > projects > Web Application Gateway > wagateway/CHANGE_LOG.txt
CHANGE LOG

$Revision: 56 $
$LastChangedDate: 2008-01-16 09:52:29 -0700 (Wed, 16 Jan 2008) $
$LastChangedBy: gpeangel $
-------------------------------------------------------------------------------

Release 1.0.1
---------------

* Included very simple example application in core distribution.

* Included apps/create_guid.php script in core distribution. This is helpful in
  creating custom WAG applications.
   
Bug Fixes

* init.php should now correctly determine WAG's installation directory 
  regardless of whether or not it has been installed in the root web directory
  or a sub-directory under the root web directory

* Copyright notice in all files should now refer to "Web Application Gateway 
  package" rather than "Web Application Gateway (WAG) Accounting Application"
  (Sometimes, cut-and-paste is NOT your friend.)

Release 1.0.0
---------------

* Substantial changes to the underlying architecture. Sessions are no longer 
  maintained by the application through custom functions and database storage
  of session IDs. WAG session expiration is maintained by a client side 
  JavaScript object. This has resulted in more consistent and user friendly
  session expiration functionality. Asynchronous calls are made via JavaScript
  to add, modify or delete and WAG settings, groups, users and applications.

Release 0.6.4
---------------

*  Several cosmetic changes due to Firefox 1.5 HTML rendering changes.

*  Added check for orphaned and manually installed applications on
   apps.php script (Administration > Applications)
   
Bug Fixes

*  Fixed error in app_install.php which prevented applications with apostrophes
   in either the name or description from being installed properly.

*  Fixed issues in access_tail.php and access_tail_child.php which caused anoying 
   message box regarding session error in Internet Explorer.

Release 0.6.3
---------------

*  Added application specific handlers to the wagErrorHandler function.

*  Added is_email() function to functions.php which checks if a a given e-mail
   address is valid. It checks for all top level domains including the new ones 
   (.biz, .info, .museum etc.) and the special ones (.arpa, .int etc.) as well 
   as with e-mail addresses based on IPs (e.g. hide@address.com).
   (Function derived from PHP user contributed notes.)

*  Enhanced the error reporting for both WAG and application database errors
   to include the server name and user name/id. This will help admins target
   problems if they are responsible for multiple WAG installations.
   
*  Added "Date Added" and "Date Last Login" information to Administration > 
   Users screen.
   
*  Made style sheet changes related to form field fonts.
   
Bug Fixes

*  Validation of user e-mail addresses was not performed correctly and
   causing any valid e-mail address to be flagged as invalid.

*  When admin changes a user's password, the e-mail password, if configured, is
   also changed. This allows the admin to "lockout" a user from both WAG and 
   e-mail if needed.
   
Release 0.6.2
---------------

*  Enhanced form and HTTP request handlers to minimize risk of SQL injection
   attacks.

*  Added check for valid user email address format in User Detail screen.

*  Added code to override "magic_quote" settings in the php.ini file.  Returning 
   control of the "magic_quote" settings to the application eliminates the
   possiblity of data being stored with multiple backslashes, the need to replace 
   two single quotes with one single quote (in the case of magic_quotes_sybase), 
   and the need to use the stripslashes function on data you retrieve from a form 
   or database.
   
Bug Fixes

*  Selecting an existing group or user for modification always resulted in the
   presentation of the "Add Group" or "Add User" screen - effectively preventing
   existing groups or users from being modified.
   
Release 0.6.1
---------------

*  Enhanced form and HTTP request handlers to minimize risk of cross-site 
   request forgeries.
   
Bug Fixes

*  Added demo mode checks to installing and uninstalling applications.
  
Release 0.6.0
---------------

*  Added initial functionality for uploading and installing WAG hosted 
   applications.  This makes use of the PclTar library from Vincent Blavet
   (http://www.phpconcept.net)

*  With this release, all but one of the example applications will be bundled 
   separately and not included with the core WAG application. In CVS, example 
   applications will continue to carry the wagateway-core tag in addition to
   an application specific tag. This will provide a way to determine which 
   application version is best suited to which wagateway-core version.

*  Enhanced the session timeout capabilities by adding client side code to check
   for user idle time.  If the idle time matches the session life span entered
   for WAG, the browser will initiate a logout and redirect the browser to the
   login screen.  This happens without user interaction.
   
*  Added a query string parameter, $process_date, to the process_daily.php script 
   for the Bill Planner example application.  If specified, the script with use
   the $process_date value rather than the current calendar date.

*  Enhanced formatting and sorting to the email results generated by the Bill 
   Planner example application process_daily.php script.
   
Bug Fixes

*  Deleting a quote from the Quote Database example application redirects
   properly to the Quote Database index page.
   
*  Bill Planner example application process_daily.php script was not properly
   entering recurring monthly transactions if the user had changed the 
   transaction date on the most recently entered transaction. 
   
Release 0.5.1
---------------

*  Added ability for WAG to synchronize WAG account password with user's email 
   account.  This requires the user's email login information be held in an 
   RDBMS that can be accessed given server, database, table and field names.  
   See on-line help for more details.

*  Added label tags to checkboxes so clicking on the lebel checks/unchecks the
   checkbox.

*  Added "close window" link to all the popup help screens.

*  Added favicon.ico file

*  Several cosmetic changes related to consistent font sizes and control grouping
   in WAG.

*  Removed debugging code used in previous release.
   
Bug Fixes

*  Fixed focus bug that prevented cursor from being placed in the first available
   text box, password box or selection list when a form is first displayed.
   
Release 0.5.0
---------------

*  Refactored session handler to use a custom session handler with session
   data being stored in the RDBMS.  This will allow for effective load balancing
   in situations where WAG is deployed in a web farm or cluster environment.  It
   also allow greater control over session timeouts.  As a result, hosted
   applications no longer need session_start() at the beginning of each script
   in the application.  In fact, including a call to session_start() will
   likely result in the application's failure to function properly.

*  Renamed WAGConfig.conf_session_timeout to WAGConfig.conf_session_lifespan to
   better reflect the nature of the data stored in the filed.  This reduces
   coding confusion.

*  Session Timeout accepts a value of zero to effectively disable session
   timeouts.

*  The WAG config file has changed.  The following session variables have been 
   replaced by PHP variables (See config_example.php):
    
        $wag_db_server replaces $_SESSION["WAGATEWAY"]["DB_SERVER"]
        $wag_db_database replaces $_SESSION["WAGATEWAY"]["DB_DATABASE"]
        $wag_db_username replaces $_SESSION["WAGATEWAY"]["DB_USERNAME"]
        $wag_db_password replaces $_SESSION["WAGATEWAY"]["DB_PASSWORD"]
        $wag_db_table_prefix replaces $_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]
   
   The $_SESSION["WAGATEWAY"] session variables are set when the the session is 
   initiated so they are still available to hosted applications.
   
*  Refactored the error handling to provide more targeted feedback when errors
   occur.
   
*  Redesigned the data presentation for the admin screen to simplify coding,
   i.e. use fewer HTML tables and more fieldsets.  This will be especially
   helpful as application installation functionality is developed.

*  Added warning message to Bill Planner example applicationwhen attempting to 
   delete an account.
   
*  Added code to prevent deletion of installation System Administrator user.

*  Added Upgrade Notes and Instructions link on Gateway Settings screen.
   Selecting this link pops up a window with detailed notes on what a particular
   upgrade includes and any special instructions which may be required to
   complete the upgrade

*  Several cosmetic changes to example applications.

Bug Fixes

*  Installation process failed to properly report permission issue which
   prevented web server from creating WAG configuration file.
      
*  Uncommented code in the Bill Planner example application which prevented new
   transactions from being entered and modification of existing transactions.

*  Unable to delete accounts in Bill Planner example application.

*  Incorrect balances display on Bill Planner example application main account
   summary page when accounts without transactions exist.

Release 0.4.1
---------------

*  Fixed bug with session handler that essentially hard coded the session timeout
   to 5 minutes.

Release 0.4.0
---------------

*  Added conf_session_timeout field to wagateway_WAGConfig table to hold number
   of minutes of inactivity before a session expires.  Default value is 60
   seconds (1 hour).

*  Added Session Timout field to Administration > Gateway screen for managing
   wagateway_WAGConfig.conf_session_timeout value.
   
*  Refined session timeout handler so user is consistently re-directed to logon
   screen if session times out
   
*  Added logic to process_daily.php and transaction.php for handling weekly, 
   bi-weekly, bi-monthly and yearly recurring transactions

*  Added error checking to the Bill Planner example application Add/Modify
   Transaction screen.  Checks are made for blank descriptions and date
   validation for recurring transactions.

*  Cosmetic changes to example applications

Release 0.3.8
---------------

*  Added application description column to Administration > Applications screen.

*  Created documentation repository in "docs" subdirectory.  Added documentation
   for how to create a WAG hosted application, initial documentation for WAG
	 Application Variables.

*  Added app_menu_title to wagateway_Applications table.  This field holds values
   previously held by the app_description field in the same table.
   
*  Modified app_description in the wagateway_Applications table to hold 255
   characters.

*  Added status bar/flyover text descriptors for WAG specific menu items and links.

*  Expanded Quotes.quot_text field size from 50 to 255 characters for the Quotes
   Database example application.

*  Change password expiration warning from 7 to 14 days.

Bug Fixes

*  Popup windows opened from one application would loose that applications' 
   configuration session values if another application was accessed while the 
   first applications' popup window was still open.  This was generating a 
   database error report for applications that required database access from
   the popup window.  The fix involved a change to each of the example 
   applications and clarification to the documents.
   
   If you are using any of the example applications for real (Gad!), you will
   need to modify the old configuration files to use a session array for the
   configuration values.  For example, change
   
   $_SESSION["APPDB_SERVER"] = "localhost";
   
   to read
   
   $_SESSION[$app_guid]["APPDB_SERVER"] = "localhost";

Release 0.3.7
---------------

*  Added createGUID() function to common/functions.php

*  Small cosmetic changes

*  Updated FAQ

*  Mihai Bazon's DHTML Calendar is included under the "common" directory.  See
   http://dynarch.com/mishoo/calendar.epl for documentation and details.  A
   demonstration can be seen with the Bill Planner > Add Transaction sample
   application.

Bug Fixes

*  Fixed onload focus issue for pages where the initial field is a password
   field.
   
Release 0.3.6
---------------

*  Added on-line help for admin screens.

*  Numerous UI changes to WAG to make the overall look-and-feel more consistent.

Release 0.3.5
---------------

*  Use of MySQL's PASSWORD() function has been removed due to compatibility 
issues in future MySQL releases and to enhance compatibility with other DBMS's.
The code has been re-factored to use PHP's md5() function for password 
"encryption".  Reference:

http://www.mysql.com/doc/en/Password_hashing.html

IMPORTANT - IMPORTANT - IMPORTANT - IMPORTANT - IMPORTANT - IMPORTANT

THE DEFAULT SYSTEM ADMINISTRATOR'S PASSWORD WILL  BE CHANGED DURING THE UPGRADE 
PROCESS.  The new password will be shown in the text of the upgrade results.  
This will store the default System Administrator's password using PHP's md5() 
function.  Additionally, all users, other than the default System Administrator, 
will have the "User is forced to change password on next logon" flag set.  This 
will ensure all user passwords are updated to the new format at next logon.

*  Clarified the installation instructions.  A database for holding WAG's data
structures must be created/identified prior to installing WAG.  A user with 
CREATE, ALTER, INDEX, SELECT, INSERT, UPDATE, DELETE privileges must be 
configured for this database.

*  Moved the generatePassword PHP function from admin/users_detail.php to 
common/functions.php  This makes the function available to hosted applications.

*  Added check for allowed field lengths when adding/modifying a user's first 
name, last name, logon ID, group description, site name.

*  Several minor cosmetic changes.

Bug Fixes

*  Users other than the default System Administrator who are members of the 
System Administrator's group are now able to add/modify a users first name,
last name and logon ID.

Release 0.3.4
---------------

*  Added example config.php file (config_example.php).  This example will
provide a way to manually create a configuration file in the event the automatic
installation process fails.

*  Completed code for enforcing password length and alphanumeric constraints.

*  Several minor cosmetic changes to make fonts consistent.

Bug Fixes

*  Modifying any account information other than the password for an existing
user no longer resets the user's password to a randomly generated value.

Release 0.3.3
---------------

*  Added "default" flag to Groups.  When a new user is added, and groups 
flagged as "default" automatically be included in the "Group Memberships > 
Members" list.  Any existing users must be deliberately added to any new 
groups, whether or not they are flagged as "default".

Bug Fixes

*  Under a specific set of circumstances, new project task in the Project
Management example application were not being displayed when viewed in project
tree mode.

Release 0.3.2
---------------

*  Added initial upgrade functionality.  If upgrade information is detected when
an administrator logs on, they are so notified on the Home screen.  Upgrades
are made via the Administration > Gateway screen.

*  Added ability on the modify user screen for admin to force a user to change
their password at next logon.  Users so flagged cannot access any applications
for which they have permissions until their password is changed.

*  Added check for whether or not current password == new password when users
change their own passwords.

*  Refactored code for handling session timeout errors.

*  Added Bill Planner sample application, a simple cash flow application
for tracking when bills are due and how much cash is on hand.

Bug Fixes

*  User's password expiration date is now properly set when users elect to
change their own passwords.

*  "Logon ID Exists" error message no longer generated when admin is changing
an existing User's record.

Release 0.3.1
---------------

*  Added random password generator button on Administration > Users > Add/Modify
User screen.

*  Added ability to delete quotes from On-line Quote Database example
application.

*  Improved error handling/reporting on Administration > Users > Add/Modify
User screen.  Check for existing User ID is made, currently entered values
are retained if errors occur, errors are reported.

*  Improved error handling/reporting on Administration > Groups > Add/Modify
Group screen.  Currently entered values are retained if errors occur, errors 
are reported.

*  Improved error handling/reporting on Administration > Gateway screen.

*  Added code to insure User's logon ID is case insensitive

*  Added unique key for table Users.usr_logon_id 

*  Added Project Managment sample application

Bug Fixes

*  Users were not being deleted from Administration > Users > Modify User
screen

*  Fixed erronious report of password expiration on "Home" page for users for
whom passwords are set to never expire.

*  Fixed password expiration calculation bug
 
*  Fixed misnamed field in install/upgrade_0.3.0.sql script

Release 0.3.0
---------------

*  Added password expiration functionality for users.  Users are warned on the
"Home" page if their password is going to expire in 7 days or less.  The default
admin account (con_id = 1) cannot be set to expire.  If a user's password
expires, the user is locked out of the system until an admin resets their
password.

*  Added WAGConfig table to hold site-wide administrative settings.

    *  WAG version installed (used to assist with upgrades)
    *  Site name
    *  Server root directory
    *  Demo mode setting
    *  Debug setting
    *  Default user password expiration time (in days, default 90)
    *  Password length field (default between 6 and 15 characters)
    *  Force alpha-numeric password (default true)

The only parameters that remain in the config.php file are those required
for database connectivity and configuration confirmation.  All others have
been move to the WAGConfig table.

*  Added Gateway configuration screen to manage WAGConfig values.

*  Added usr_password_exp field to Users tables.  This is a boolean value
indicating whether or not the user's password ever expires.  A value of
one (1) indicates the user's password is subject to the password
expiration specified in WAGConfig.conf_password_exp

Bug Fixes

*  On session timeout, logon screen was appearing within  the main_frame
frame of main.php and not the "top" window.  Added javascript check to remedy
this behavior so that logon screen replaces top window href.

*  User passwords were not being saved when changed by system administrators.
 
Release 0.2.2
---------------

*  Cleaned up screens to begin providing a consistent, easy to navigate look
and feel.

*  Users are not allowed to change their first name, last name or logon id.
This must be done by the admin.

*  Added additional error handling around WAG and application database error
handling to report any errors to the screen in the event there is a mailing error

*  Added "#!/usr/bin/php -q" reference to beginning of apps/create_guid.php
script.

*  Added option for overwriting existing database tables on install.

Bug Fixes

*  ADMIN_EMAIL session variable was not correctly populated when user logs on
to the system.

*  Example application (quotes database) will show subsequent errors if
they exist and the "Retry" button is selected during configuration.

Release 0.2.1
---------------

*  Added $app_description variable to application inf.php file.

*  Polished Quote Database example application so it is a better representation
of how an application might behave from within WAG.

*  init.php was moved from root directory to common directory.

*  Added SERVER_ROOT_DIR session variable to config.php.  The value of this
variable is determined at installation.

*  Added check to install.php for whether or not the installation scripts had
already been run (config.php file exists and $config_integrity_check == 1).  If
everything checks out OK, the browser is redirected to the login page.

Bug Fixes

*  apps.php correctly handles the case where an application has been
removed from the web server but not uninstalled from within WAG.  The application
and all it's references are removed from the database if the application
can no longer be found on the server.

*  Modified init.php to better determine SERVER_ROOT_DIR session variable
dynamically and properly handle session timeout display of logon screen.

*  Database escape characters no longer appear in search results for example
applicaton, Quote Database

Release 0.2.0
---------------

*  Completed initial coding for the example application, Quote Database.
Substantial refactoring and commenting needs to be complete before this
application can server as an application shell/tutor for how to write an
application for WAG.

*  Added DEBUG_ON session variable to config.php.  Default on install is set
to zero (0) for "off".  Set value to one (1) for extra debug information.

*  Changed dbconnect.DBError to send error messages to the admin e-mail address
rather than the current user's e-mail address.

Bug Fixes

*  Admin's group and application associations were being deleted if any of the
admin's information was changed from the Administration > Users > Modify
screen.

*  Fixed USR_LOGON_ID session unset issue on user log off.

Release 0.1.2
---------------

*  Completed code for assigning specific applications to specific users.

*  Added initial code required to add and remove applications from within the
gateway.  There are two fictitious applications which also represent the initial
effort at developing a gateway API for writing WAG compatible applications.

*  Added GATEWAY_VERSION session variable to config.php file.  This will help
keep consistent gateway version information where ever it needs to be displayed.

*  Added DEMO_MODE session variable to config.php file.  If set to a value of
one (1), visitors will not be able to change the admin's password or user
information.

*  Added app_guid field to Applications table.  app_guid hold a unique 32 byte
value to uniquely identify a particular application.

*  Added app_status field to Applications table.  Initially, valid values for
this filed will be 1 == active, 0 == inactive.

*  Modified the field names for the following tables to include references
to table name:

    UserGroups
    AppGroups
    UserApps

This was done for code readability and maintenance.

*  Added NOT NULL constraint to grp_description field in Groups

*  Added NOT NULL constraint to app_description field in Applications

*  Added create_guid.php script (apps directory) for generating unique application
GUID values

Release 0.1.1
---------------

*  "Home" page includes a link to "My Account", allowing the currently logged
on user to change their password.

*  Replaced GroupMembers table with UserGroups (which users belong to which 
groups), AppGroups (which applications belong to which groups) and UserApps 
(which users have access to which applications) tables.

*  Added Applications table to hold names of installed applications

*  Completed initial code to add/modify/delete groups and users

*  Completed initial code to assign users to groups

Bug Fixes

*  Added check in init.php to account for instances where WAG has been installed
as the root web rather than a sub-directory off of the root web (eg. wagdemo.javazen.org
vs. wagdemo.javazen.org/demo)

*  Modified replacement pattern code in inst_30_inc.php designed to remove CVS
"Revision" keyword from install.sql.  Code now uses straightforward string 
replacement to remove the "$" character.

*  Administrator account user's first name was not being saved on install.

Release 0.1.0
---------------

This is the initial release.  There isn't much to the application.  The 
principle development effort was directed at getting WAG "out of the box".
Meaning, providing a set of configuration scripts, logon screen and basic
set of menus.
Return current item: Web Application Gateway