-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhome.tex
59 lines (51 loc) · 6.24 KB
/
home.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
% !TEX root = Documentation.tex
\section{home.php}
The home.php page serves as the central page of the whole project, providing basic information on the use of the frontend and showing all navigation entries to refer to other pages
within the frontend. To ensure that users with insufficient permissions can not access pages such as \hyperref[create-user.php]{create-user.php}, these entries are just shown to users with roles
higher than 1 or 2. The same happens for the dropdown menu, which is included in all pages, to allow easy navigation.
\section{traffic.php}
The traffic page is the evaluation page to the logdb database, which keeps track of users accessing the login.php page and successful logins. As these data are highly sensitive and
not important for the daily use of the database, the access to this page is limited to users with the role admin (role code 4). The presented data are split into different tables,
one for the login.php page, displaying amount of accesses, time and IP address. Within that table, there is one line for all accesses, ordered by IP address corresponding to that access.
Another table displays the data for the logged in users, showing IP address, time of login and user invoked. Just as a fency feature, to check, who is making use of the database, the page also
shows all users, who logged in the last week and the amount of their logins. And finally there is a table displaying all login attempts, which failed due to
incorrect credentials. This table should enable the recognition of brute force attacks on given accounts.\\
The different table lines rely on different SQL queries, to gain there results, even if they request the same table.
\section{database-update.php}
The database-update.php provides the graphical interface to import external data into the database. Therefore, it is the only way, the users of the interface can modify the database
on a larger scale, than in the manual inputs, which are provided in the other pages. For the upload the user has to choose the appropriate requirements for the file, which include the
measurement procedure applied during the data collection of the data in the file. For upload, only text based formats, such as ADIS, csv and txt files are allowed, as their processing is more
efficient and safer. Checks on the file type are done by requesting the mime type of the files during upload and again during processing. Unknown files, will be discharged.
The processing of the files takes place in the following upload.php file. Similar to the create-user.php page, the database-update.php page can just be accessed by users with higher roles.
\section{upload.php}
The upload.php script processes the files selected in the database-update.php file and pastes them into the files database table in the agri\_star\_001 database. Before the actual upload,
the user is requested to select the type of the file, which should be uploaded to the database. According to the user choice, the entries are set in the file database and the file is processed
in such a way. If there are errors during entering the file type, the file might not be processed correctly and be dropped during the reading process.
\paragraph{File processing}
As files are transmitted in the \$\_FILES array, the script basically checks on the array submitted. The steps with the \$\_FILES array are the following:
\begin{itemize}
\item Check, whether the array contains a value, as otherwise the upload has failed
\item Check, whether errors occurred during the upload
\item Assign the file to a variable, using\\ \texttt{file\_get\_contents(\$\_FILES["upload\_name"]["tmp\_name"])}, the file is also escaped using \texttt{mysqli::real\_escape\_string()}
\item The file's mime type is retrieved with the \texttt{\$\_FILES["upload\_name"]["type"]}
\item The mime type is checked again an array of allowed mime types. If the mime type of the file is not in the array, the process is interrupted and the user referred back to the
\emph{database-update.php} page.
\item If the file's mime type is accepted, the file is inserted into a SQL query and again, as the query is processed as a prepared statement, sent to the database with
\texttt{mysqli::send\_long\_data()} again. The double insertion ensures that the file is transferred into the database, even if the file size exceeds the size for the prepared statement.
\end{itemize}
\section{REST API}
To allow access to external webservices, the user can set up the REST API to connect to external servers. Currently this just works for \url{https://api-staging.smaxtec.com/api/v1/}. To increase security and to ensure proper separation of the different processes, the API is accessed using a Python3 script. The user input, from \emph{database-update.php} is stored in the credential database with a PHP script. To create a connection to the service, receive the credentials and write the input into the fact tables, a Python3 script is used. Further information is provided in the interfaces chapter.
\section{create-measurement.php}
In order to map results of trials to secific measurements, measurement procedures are stored in a specific database, which is then linked to the results. The whole page is just accessible to users with
role rights higher than 2. On the left side, the user can create a new measurement method, by entering the required data, such as which physical unit is measured, a name to the measurement and some
description, which can either be provided as a separate link or as a text. After submitting the data entered here, the \emph{measurement\_script.php} script pastes the data into the corresponding
Dim\_Gage table in the agri\_star\_001 database.\\
On the right side of the page, are the measurement methods of the representing group presented in a table, where the lower row contains the description text. As all measurement methods are defined by
the individual groups, methods might come up several time, if defined again by another group. The structure of the table should allow a quick overview over the existing measurement methods, as displayed
below:
\begin{figure}[h!]
\centering
\includegraphics[width=10cm,keepaspectratio=true]{./Measurements_Table.png}
% Measurements_Table.png: 0x0 pixel, 300dpi, 0.00x0.00 cm, bb=
\caption{Table to display the measurement methods of each group}
\end{figure}