How are you planning on getting rid of "/cgi-bin/"? Can we make it so both of the following end up in the login page?
www.hostname.com/qmailadmin/index.cgi
www.hostname.com/qmailadmin/
WITHOUT changes to the default httpd.conf?
Well, perhaps we should stick to a default that will work for everyone, with a single configure option for my (personal) preferred method. Putting everything in a single directory would make it easy to add to multiple virtual domains, and ease management.
>> Then, it would be possible to just go to >> http://www.hostname.com/qmailadmin/ and log in. For this to work >> though, the URLs need to be built slightly differently. Instead of >> appending "/com/showmenu?user=##U...", it should append >> "?com=showmenu&user=##U...".
That's pretty easy now. One of my changes in the templates replaces the
common "user=##U&dom=##D&modu=##A&time=##T" with "##W". We can do this
in just ##W now. Moving that info to the session file would be even better.
I have a pretty good handle on PHP session handling, and what you
described sounds very similar. One thing, they assure me time is not a
good choice, and prefer a MD-5 hash of several items to make the session
keys harder to guess. I agree.
I'm more than happy to replace time with a random session "token" and agree that it's more secure. Do we need to support session timeouts (require re-authentication after a certain amount of time)?
Perhaps the .qw file would be named with the random key, and the code could "touch" it on each access. If the file is older than x minutes, then it's deleted and the user is asked to log in again.
>> Also note that the two cases of that huge if/then/else have a lot of >> common code.
I have! That _is_ on my list. I already have too many changes at one
time, and want to get what I've done recorded in CVS before I do too much more.
I'm undecided on whether to branch the code, or to add a separate project called "qmailadmin-stable". I'll have to take a look at the pros and cons, and perhaps compare how other projects do it before committing to one over the other.
>> I've wanted to pull that out so it's only called once. >> Again, it should be possible to collapse the first and last cases >> after(removing the second) into a single bit of code. You just go >> through the last code case if the com parameter isn't set.
One thing that is very important to me is making sure header.html and footer.html are ALWAYS sent. This probably involves breaking up send_template(), and using send_template_now() instead. (Then rename send_template_now() to send_template().)
Agreed.
Overall, I think we have similar ideas. How about branching CVS and
giving me write access to the development branch. 1.2.0 should be a
branch, and development should be HEAD. I think that's how they do it
in the PHP project, and it seems to work well. (I hope you know how to do it, I'm pretty
new to CVS too.
A branch is probably a better way to go. I'll see what I can do.
>> The filename is built from the 'time' parameter in the URL.
Login time or last access time? Is this what is used to limit the duration of unused session?
Login time.
>>>> Is the color table something that is being added, or ignored? Some
>>>> existing code uses it, but not much. Should I expand its use or
>>>> remove it?
>
>>
>> It should probably be removed and the HTML should be updated extensively
>> to use CSS.
YES!!
Philipp Wagner posted some comments on this thread. I am thinking that once the new templates are stable we should ask him to modify the templates and build a plain jane .css file for QmailAdmin that would become the official distribution template. I am not up to doing the .css stuff, but I don't object to having it, as long as it doesn't require Javascript to render the page properly.
I'll release 1.2.0 as stable (pending any new bug reports) at the end of the week, and we can get started on 1.3.0. I think that the only thing that needs to go into the final release is a note to use 'gmake' instead of 'make' on certain platforms.
-- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
