News

1. Smileys!

   Added code to transform some grammatical mark combinations into smileys. Now you can type :) and it shows up as 🙁. So far only a small limited set of smileys is supported happy, sad, open mouth, heart and broken heart. The full functionality will be "coming later".

2. Social Login Reintegration

   Social Logins have been re-integrated. Currently only facebook is supported and due to the issues of running external scripts this is a feature I'm spending far more time on than I should be since I'm not keen on having much to do with facebook but its an eponymous thing that seems supported in alot of the most important sites so as a minimum the full web application has to support it somehow. I've put in a switch for it so even though it's not a regular module like chat or social share, it can be switched off at any time.

3. Room Selection

   Improved the chatroom so that now there are a variety of chatrooms for users to choose from, each with their own set of read and write permissions. Meaning you can have rooms which can be seen by a level of membership but only writable by members of a different level. It allows for a room that can be seen by the public but only written to by members, rooms which can only be seen and written to by members and rooms which are only available to paid members or members who are part of the website team.

4. More to be added ... (See the next section).

1. Profile Editing

   This almost essential feature will initially allow users to change their username and password and any variables that add on modules may allow them to set (e.g. default chat colour) but this will be the interface for providing additional details like email address, billing address for pre-filling paywall credit card forms and the button which starts the process of buying or renewing a subscription once these features are implemented.

2. Admin Screen

   Members with a high enough privelege level have access to a page which allows them to do website administration tasks according to their privelege level. The facebook reintegration was hampered somewhat by the need to delete newly created test users across several tables so a simple joint table where you click a button over a single user to perform whatever tasks need to be done for a specific user seems to be in order to save having to go across several tables to access the same user recorded in different places.

1. Chat Ban

   Members with a high enough privelege can block chat users from a particular chat room or from all of them.

2. Chat Block / Highlight

   Members can hide or highlight comments from specific members they choose to hide or highlight.

3. Smileys revisited

   Smileys now work but only a very limited subset of smileys. Later there will be a full set together with a listing of them in the help page.

1. Immediate Messages

   Unsure whether to implement this as a feature specific to the chat rooms or as a general site feature. Perhaps do both or just do the chat version temporarily.

   Immediate messages display immediately whenever a user types to a specific user as opposed to the room itself. It is akin to the facebook chat interface when the chat tabs have been turned on. Obviously there has to be some means to manage the IM's so that a user doesnt get flooded in a way that makes their use of the site impossible in certain cirumstances.

2. Text Editor

   At the moment pages are being created using the operating systems text editor which needs to be uploaded to the site by ftp/cpanel together with any content like images which need to be uploaded to the uploads directory and have unique file names there which are referenced by the page which is written offline. A proper text editor fully functioning will allow the user to drag images onto a page they are editing and do all the work for them so its wysiwyg to the point the user can just get creative and not worry about any of the technosophistiplexity involved in having their creations appear when they click the post button.

3. Comments

   Allow users create and view comments pated below articles which are published.

4. Paypal Payments

   A means for users to upgrade permissions to view or take part in premium content by paying a small subscription fee for the week.

5. Twitter and Instagram OAuth Login Integration

   At the current time OAuth-client is integrated in the form of login using facebook. Its taken two days to fulfil this and thats not including the time spent doing the original integration and noticing the inherent flaw of allowing the possibility of XSS attacks from the OAuth server. I dont want to spend too much time on external authentication as directly logging in with the site is preferred but since it might attract more interaction I'm hoping to include this feature for OAuths which are generic rather than professional or specialised. I'm not sure if what I've dont already will make Oauths for other vendors easier or whether their Oauth processes will mean I have to rewrite the Oauth generally meaning I have to rewrite the login ... again ... which is something I had so "completed" many moons ago. (Ive still to finish off the fb integration in the form of the actual sandboxing of the iframe I allow it to run on and Ive no idea how Im going to tell the host window that I'm done. This is way too much time catering for corporate whoredom!!!

6. ...and all other great ideas as they arise!

1. User Hierarchy

   Added support for membership levels which range from the pseudo membership of anonymous members of the public just browsing the web and semi-membership status of people who have signed up or logged in using third party authentication providers like facebook or twitter to more higher forms of membership which include validated, trusted, paid, team members, team leaders, chiefs and site owners.

   The following is taken from todo.txt which is a document I have on the localhost I'm converting to this section of the news page here. It describes the ranks which dictate the general privelege levels.

   0	-	Pseudo clearance level representing users who dont even have an account.
   
   1	-	Social - Membership for those who only authenticate by third parties.
   
   2	-	Basic - anyone who signs up gets this level.
   
   3	-	Validated - we have validated by email or phone.
   
   4	-	Trustee - respectful frequent visitor who may not need to be validated.
   		
   5	-	Premium - paid subscription membership
   
   6	-	Staff	-	anyone who is working for us in any capacity has premium + staff
   
   7	-	Assistant	-	can block and delete content for members less than premium
   
   8	-	Editor	-	can block and delete content for members less than editor
   
   9	-	Chief	-	can hire, promote, demote and fire staff, assistants and editors.
   
   10	-	Boss	-	can hire, promote, demote and fire chiefs with all their staff.
   

2. Social Share Buttons

   Added share buttons so that visitors can share the page they are viewing

3. Login Keys

   Improved the login mechanism to make "remember me" logins more secure.

4. Chatroom

   Theres now a chatroom which can be accessed from the menu causing half the screen to be covered with a chatroom interface in such a way that it isnt occluded by a 40% high onscreen keyboard or does a repaint when the OSK changes the screen dimensions meaning this is a chatroom which will work on mobile phones.

5. Facebook Deprecated

   Ive decided to scrap facebook logins since I have no guarantee that Mark Zuckerberg wont execute dodgy javascript or scripts that cause unneccessary page delays or such like.

   There is a PHP version of the facebook login procedure I have documented on my arc drive but its just a bunch of instructions that need to be implemented in PHP so until thats done, facebook logins seems to me something I cannot make intrinsically safe to run.

   The You can trust facebook! means of ensuring security has gone with google and apple deciding to install movement tracking software on every phone they provided operating systems for. These big corporations cannot be trusted and I think I'm going to alot of extra effort to ensure the security of my users that alot of the big corporations outside of banks will not be.

   I still want to allow facebook logins but I dont want facebook running any of their own scripts on this site so the facebook login is being binned.

Previous Update

1. Global CSS

   Created a new global CSS file which makes all the standard HTML elements look nice. For instance when you look at a button its not just gray but has a gradient of colour running through almost as though the button had a curved surface. Well thats just one of the many specially designed HTML elements which include input boxes of various kinds and their hover and focus looks, range sliders, meters and a whole host of other HTML elements even I didn't know existed.

2. Encrypted Logins

   Logins have been redesigned to provide better security of user passwords. Theres a design choice of storing the password on the server so that we can challenge the client to produce spaghetti to prove they know the password and send us the spaghetti so that the password is never transmitted in a way that can be decrypted, that is to say the spaghetti is one way encrypted. To do this we need to store an actual copy of the password on the server and since we dont control the server we host on, we consider the storage of a password that root could access to be security hole that could affect a user who may be using the same password for accounts elsewhere.

   We have thus opted not to store the password so that people who can read the users file will only get pasta which has been cooked at the time the user signed up. Sending us spaghetti is not an option since we only have pasta to test the spaghetti against and if we provide clients with the pasta recipe then we may as well just accept the unencrypted password.

   So the user types a password which is encrypted by the client and sent to the server. The server decrypts the password live then cooks it into pasta using the secret in house pasta recipe. If the pasta tastes exactly the same as the pasta that was made with the same password when the user signed up then the user knows the password and is considered logged in. The password which was only ever in ram is naturally dumped to null at unalloc.

3. Menu

   Theres now a "hamburger" menu on the top right corner enabling users to login, logout, change the theme, and visit special pages like help and privacy directly from the menu.

4. Facebook Authentication

   I've chosen facebook authentication and cobbled that together so that you can now log in using facebook.

   I'm using the javascript facebook API to do the OAuth and I'm feeling a bit uncomfortable that facebook runs an external script on my webpage. I've dunked the login into an iFrame so as to isolate the external scripts as much as possible but I realise that facebook could still go parent.document.body.innerHTML=null and pwn the users ass regardless of whether they even use facebook or not.

5. Themes

   Theres now a choice of themes which are currently just dark theme and light theme and this seems to be the limits I intend for it but it is potentially expandable by multiple themes since each theme simply contains a set of colours to be use for elements which need to be told what colour they are from the theme selected.

6. elgg looks

   Disheartened at the data loss when I erased the archive drive trying to install an operating system that wouldnt eat almost my entire fast drive, I tried a variety of a softalicious web apps that the host made available and I looked at elgg and though it looked beautiful. Its rounded fonts its colour scheme and even the way the header just looks sat there at the top. The only problem was that it didnt support my specifications which I was searching through the softalicious apps database to see if anything could provide all the things I wanted in a web application. Namely, chatrooms, external authentication and a paywall.

   Elgg had the looks but couldnt meet the specifications in its latest release and which the older releases could meet the specs, they could only do so in the past prior to changes with the external OAuth providers and there was little support for the older versions.

   Despite that everyone and their auntie appears to support these three specifications, the nearest I could cobble together was drupal using a fourth part external authentication provider who seem like a great way to provide third party authentication if you dont know what your doing but Ive chosen to reinvent the wheel here and provide for all the specifications by myself without relying on a fourth party to the third parties of external authentication requirements.

   I've found a nice rounded font and I've written some content with a nice background which looks very elgg like in appearance.

7. Scrapped the Old Website

   Well I had got as far of upgrading from http post based mechanics for chatrooms (which forms a core mechanism of what I'm trying to achieve initially with the app. The http post style of chat room went out with the dinosaurs when ajax was stepping out of infancy so I decided to upgrade to an ajax version of the old chat mechanism and I managed to get one user to test it with and lo and behold it showed up mince on a mobile phone. Something I had taken little account of when designing the app.

   I did a little bit of tinkering and got it to look okay on a phone but I begun to realise the whole structure was wrong and set about creating the auranos web application version 2. This is it.

   I've learned so much in the creation of this version of the web application that I'm thinking I should write a third version which is structured in such a way that adding bits and pieces will be much easier due to a more clearly specified formula which is only in this version being worked out. It is planned that a third version will be backward compatible with this version so that the users can just be cut and pasted from the version 2 user folder into a version 3 user folder and the users would never notice anything but the site looking more stylish and up to date.

   This should be the oldest previous update of the older updates section of the new news page which has been added to keep myself abreast on what Im doing as well as keep readers informed. It serves better than the old todo lists I've been working with and provides content for anyone interested enough to have a look. Now about all the work I've been doing since I scrapped version 1, I hope I can remember enough to fill in some of the sections I've provided for myself for future expansion.