Differences

This shows you the differences between two versions of the page.

--- web:agtek_web_site [2018/04/23 19:29]
mikeclapp [Interfaces for Stakeholder Display of Data]
+++ web:agtek_web_site [2018/04/24 22:34] (current)
mikeclapp [Protected Pages]
@@ Line 12: / Line 12: @@
 PHP - AWS server - SQL for data - SSL protected
+The current test server that will role into the base server is here: [[http://testweb.agtek.com/]] I'll change the DNS when appropriate to reflect the change:
+**NOTE: This server does currently support the active website for form processing so do NOT leave it down and take care on rebooting. Also, the process of turning on certificates caused a problem when originating on the current AGTEK websites. Most likely due to change between hosts**
 ===== Current Structure =====
 ==== Protected Pages ====
+Some pages like videos and downloads require user authentication to be accessed. On any protected page the following php include (protect.php) is placed to both check a session variable 'accessp' for a setting of "yep" or send the user to the login screen while remembering the page the user was attempting to access. Protect.php looks like this right now:
+<code>
+<?php
+session_start();
+$url =  "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
+$escaped_url = htmlspecialchars( $url, ENT_QUOTES, 'UTF-8' );
+$_SESSION["lastpage"] = $escaped_url;
+$access=$_SESSION['accessp'];  // Set the access variable = to the session variable accessp
+		 if($access<>"yep")   // check to see session check is correct
+		 {
+		  //header("Location: /login.html");
+		 header("Location: http://testweb.agtek.com/login.html");
+		 //echo "<span onload='droploginFunction()'></span>";
+		  //echo "<script async='async'>document.getElementById('loginscreen').style.display = 'inline-block';</script>";
+		  // echo "<script >document.getElementById('myDropdown').classList.toggle('show');</script>";
+		  // header("Location: #loginscreen");
+			die();
+          }
+?>
+</code>
+**Authentication server code methods (from Mike A Email)**
+<code>
+Here is theAPI methods you can use to try to log in.
+Login:
+https://beta.agtek.com/AccessWeb/wa2/api/connection/open?userid=mjallison@agtek.com&password=foo
+The response is a JSON object that looks like this:
+{"userid":"mjallison@agtek.com",
+"firstname":"Michael",
+"lastname":"Allison",
+"phone":"925-216-7016",
+"email":"name@example.com",
+"customer":"Agtek", /* this is the customer ID */
+"isadmin":true,"
+isenterprise":true,
+"err":"",
+"operations":null,
+"code":0,
+"events":null}
+If code is zero (0), it's good. Non zero will mean some sort of error occurred.  The value
+of "err" is a string version of the error code. It's more human readable. It has not been
+localized and is server speak. This is what a failure looks like:
+{"err":"Password authentication failed for mjallison@agtek.com",
+"operations":null,
+"code":100,
+"events":null}
+It's most likely you will receive this because of bad user id or password.
+Other errors I can imagine you getting would be for network conditions or
+if a corporate firewall/proxy server gets in the way. I don't know what those
+error values would be. That's what testing is for.
+You can ignore "operations" and "events", it's even possible I will make them go away.
+They are there because of the application machinery getting involved at a very low level.
+Likely these values will always be "null" when you make this call.
+Token login is available via /validate, but since you are not saving tokens, I won't detail it here.
+This code is not yet deployed on Beta, I will do so later today.
+</code>
 === Authentication ===
+Authentication currently uses a SQL database for the comparison but ideally will use the access key system to set session variable. If we find we want a different login page or session variable, changing the code above to reflect that will propagate the change easily.
 ==== SQL Driven Pages ====
+Currently the following pages are SQL driven with individual tables in the "agtekweb" database. Whenever possible I've tried to create a  series of pages (admin pages) that allow adding, deleting, and editing these databases without resorting to the command line.
+Software Download Overview: [[http://testweb.agtek.com/software.html]]
+Individual Program Download: [[http://testweb.agtek.com/programpage.html?program=Earthwork%204D%20Suite]]
+Hardware pages:
+   * Printers [[http://testweb.agtek.com/printers.html]]
+   * Laptop Video[[http://testweb.agtek.com/laptopvideo.html]]
+   * Desktop Video[[http://testweb.agtek.com/desktopvideo.html]]
+   * System requirements Windows [[http://testweb.agtek.com/systemreq.html]]
+Videos: Videos are a single page driven by database for protection, title, program, and link Access files
+The Access Files are stored under the corporate website under Web Materials
+==== Logging ====
+Inquiries and Logins are logged for both errors and sources for viewing just in case. Also logged are webinar views, etc. I have seen issues with forms in the past where having logs has saved me when emails have somehow failed. Also, we had a case where a customer had given out information to Trimble and the IP address created a record showing our site being accessed by Trimble which we called them on.

AGTEK R & D Wiki

User Tools

Site Tools

Differences

Page Tools