Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Looking to deploy this locally?

Note

This uses the PHP mail() function, not PHPMailer. It is not vulnerable to this.

How to update for the next year

  1. Prepare the new images
    1. Full size images should be 437x622px or 622x437px
    2. Thumbnails should be 216x152px or 152x216px
    3. VC full size image should be 700px wide
    4. VC thumbnail should be 216px wide
  2. Update the card images in the current year folders:
    1. /seasonal/images/cards/2013/
    2. /seasonal/vc/images/cards/2013/
  3. Copy the cards folders for the current year and rename them for next year (this ensures it continues to work over the Christmas holiday):
    1. /seasonal/images/cards/2014/
    2. /seasonal/vc/images/cards/2014/
  4. Make any other changes if required

Setup

Location

http://www.bath.ac.uk/seasonal/

Code and resources

Code is in an svn repository:

...

Code Block
/common/includes/seasonal/

Logs

These are on the w: drive (a location that the web server can write to) at:

...

They are locked down to www:info-webed.

Functionality

http://www.bath.ac.uk/seasonal/index.php

  • A web page displaying thumbnails of the cards
    • If not signed in to SSO, displays a button to log in to send a card
    • If signed in to SSO, displays a simple form for sending a card to a single email address
    • Has an option to preview the card
Technical

http://www.bath.ac.uk/seasonal/preview.php

  • A page that provides a preview of the card that will be sent
  • Displays the chosen image, recipient's name, message and sender's name (passed in as parameters from index.php)
Technical
  • Uses phpCAS

http://www.bath.ac.uk/seasonal/process_index.php

  • A script to process the form submission
Technical
  • Uses phpCAS
  • Process the form data
  • Tests if the data is valid
    • If valid data, sends the email and sets a message to be displayed
    • If bad data, sets a status variable
  • Redirects to the index.php page

http://www.bath.ac.uk/seasonal/site-components/php/functions.php

  • A script with functions used in the other PHP files
    • Form data processing code
    • Email creation and sending code
Technical

Contains functions which:

  • Restrict access to the VC system
  • Process and validate the form data
  • Test email addresses for validity
  • Remove possible XSS code
  • Construct and send emails

Sending cards from the VC

There is a separate system to allow the VC's office to send a card from the VC to many email addresses at once.

...

  • The access is restricted to specific usernames
  • The card is a pre-made image so no custom text is used
  • The form has one input, a textarea, for a comma separated list of email addresses
  • The form processing checks for invalid email addresses
    • Emails are sent to valid email addresses
    • Bad email addresses are displayed to the user after submitting the form

Going live

Moving from test to live we need to:

...

  • Uncomment the rules for /seasonal/ in /opt/www/apache2/conf/cms-aliases.conf
  • Comment out the rule for /seasonal/ in /opt/www/apache2/conf/httpd-vhosts.conf

Taking offline

  • Comment out the rules for /seasonal/ in /opt/www/apache2/conf/cms-aliases.conf

...