Nicodemo: Ok, I will start the database installation over again.
Davi: hi
Davi: cool.
Davi: I am here. Feel free to ask anything
Nicodemo: Maybe it is my version. I have 7.5.22
Davi: I am using postgresql-8.1 , but I am almost sure it is not due to your version, because of
Davi: gnuherds was using 7.x some time ago.
Davi: The project uses now 8.x instead of 7.x just because 8.x is quicker.
Nicodemo: There are two lines that I edited in  GNUHerds__SQL_Implementation.sql > stdout 2> stderr
Davi: Which ones?  (just curious)
Nicodemo: 578, 581 for the user www-data. That is enclosed in quotes.  psql gnuherds < GNUHerds__SQL_Implementation.sql > stdout 2> stderr
Nicodemo: Whoops.
Nicodemo: GRANT SELECT  -- Note these tables are not modified by the webapp.
ON TABLE LO_Countries, LU_Currencies, LL_Languages, LA_AcademicLevels, LC_Certifications, LK_ContractType, LB_ByPeriod, LM_TimeUnits, LE_Emplo$
TO "www-data" ;
Davi: I think quotes are needed due to PostgreSQL does not escaoe the '-' character.
Davi: That can be your problem,
Davi: if you has not carried out rightly the GRANT command
Davi: the gnuherds webapp will not be able to read and write some of the database tables.

Davi: You could check the content of the stderr and stdout files to see if there were some errors.

Davi:     psql gnuherds < GNUHerds__SQL_Implementation.sql > stdout 2> stderr 

Nicodemo: I think I may have been doing it as root and it is not psql user.
Nicodemo: that command you mentioned
Nicodemo: postgres is denied though.

Davi: Here, at my PC,
Davi: if I type:

Davi: $ psql
psql: FATAL:  database "davi" does not exist

Davi: I get such error due to I do not have a database named "davi".

Davi: If I type, since the same user (my user 'davi'), not root, I get:

Davi: $ psql gnuherds
Welcome to psql 8.1.11, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

gnuherds=#                         

Davi: That is because my davi user has been GRANTed with full permissions on the database "gnuherds".





Davi: The main goal is that the "www-data" user has the right access to the "gnuherds" data base. You can check it as follows:

Davi: 1. Log-in as "www-data". 
Davi: As the "www-data" has not password, you can be root, and then be the "www-data" user:

Davi: su - 
su - postgres 

Davi: Oops!


Davi: su



Nicodemo: do you place your the site into your home directory?
Davi: su www-data


Davi: No.

Davi: As the step 1. of http://savannah.nongnu.org/cookbook/?func=detailitem&item_id=155
Davi: expose:

Davi:   /var/www/gnuherds-app/ 


Davi: mkdir -p /var/www/gnuherds-app/ 
cd /var/www/gnuherds-app/ 


Davi: step 1. of http://savannah.nongnu.org/cookbook/?func=detailitem&item_id=155


Nicodemo: www-data also has permission denied to stdout
Davi: on what directory?
Nicodemo: I go down to Layer-0*/doc

Davi: To execute the below command
Davi:   psql gnuherds < GNUHerds__SQL_Implementation.sql > stdout 2> stderr 
Davi: You cd to /tmp/
Davi: Or just modify such command as:
Davi:   psql gnuherds < GNUHerds__SQL_Implementation.sql > /tmp/stdout 2> /tmp/stderr 

Davi: The www-data user will have permissions to write at /tmp/

Davi: Execute the step one by one, following the guides. stderr 
Davi: After executing the steps above command you should check the content of the: stdout and stderr files
Davi: to see if were errors.

Davi: Rule: Always check the command you executed was done rightly, as you expected.



Nicodemo: Well, it gave me a lot of errors this time.
Davi: Show me the first one
Nicodemo: ERROR:  table "r11_joboffer2fieldprofiles" does not exist
Davi: Execute again the below command
Davi:   psql gnuherds < GNUHerds__SQL_Implementation.sql > /tmp/stdout 2> /tmp/stderr 

Davi: Execute it twice

Nicodemo: in the doc folder?
Davi: If you has added the /tmp/ to /tmp/stdout 2> /tmp/stderr 
Davi: you can execute it at doc folder, yes.

Nicodemo: It gave me different errors, and I am going to execute it again.
Davi: yes, please

Nicodemo: NOTICE:  constraint $1 on table ln_nationalities depends on table lo_countries
Nicodemo: that is the first error
Davi: shit

Davi: Can you execute the below commands?
Davi:   psql 
Davi:    drop database gnuherds;
Davi:     quit
Davi:      createdb gnuherds 

Davi: So we start again,
Nicodemo: dropdb gnuherds # is easier
Davi: cool

Davi: We can execute the http://savannah.nongnu.org/cookbook/?func=detailitem&item_id=154
Davi: guide again from the start.

Nicodemo: I have new mail! Never got that before
Davi: You could write me: "Step 1" done rightly.
Davi: Step 2 done rightly, ... etc.

Davi: new mail? ! 

Davi: A gnuherds related email?
Nicodemo: Instead of doing it as postgres user I did it as www-data and it dropped mail.
Davi: interesting

Davi: So, you can now execute the step 1 of the guide?
Nicodemo: Step 1. Complete did as postgres
Davi: cool

Nicodemo: Step 2. User was already created.
Nicodemo: Step 3. GRANT
Davi: cool

Nicodemo: Step 4. complete. Step 5. failed as postgres user. Denied to /tmp
Nicodemo: actually stderr and stdout
Nicodemo: probably owned by www-data
Davi: !    /tmp/ should be write-able for any user!

Nicodemo: changed that to stderr1 and stdout1
Davi: cool
Nicodemo: yes but the file must have been owned by the other user.
Davi:   I understand now, it was an overwrite permission issue.

Nicodemo: many of the same as errors as before. Maybe I should switch to www-data, but I think it error again because?
Davi: Show the first one
Davi:   Send to address@hidden  and email attaching the stdout and stderr files.
Davi:    Attach too the GNUHerds__SQL_Implementation.sql  file you are using.

Davi: I will execute the same command here, at my PC, and see what is happening.

Nicodemo: Do you know the easier way to  download a file from a remote host using ssh?
Nicodemo: ssh-sftp was giving me a hard time. I use scp, but I do not think that will work.
Davi:   scp address@hidden:/path/file .
Nicodemo: ok

Nicodemo: I sent the .sql file
Davi: I will wait 1 minute to get it.
Davi: It is already here.
Davi: thanks.

Davi: I will tell you the comand, and result I get:

Davi: 0. I copy you file to my home directory /home/davi/

Davi: 1.
Davi: address@hidden:~$ su
Password:
AMD:/home/davi#


Davi: 2.
Davi: AMD:/home/davi# su postgres
address@hidden:/home/davi$


Davi: 3.
Davi: address@hidden:~$ mv GNUHerds__SQL_Implementation.sql /tmp/


Davi: 4.
Davi: address@hidden:/home/davi$ createdb test_gnuherds
could not change directory to "/home/davi"
CREATE DATABASE


Davi: 5.
Davi: address@hidden:/home/davi$ createdb test_gnuherds


Davi: 6. Was already done:    CREATE USER "www-data" CREATEUSER; 



Davi: 7.
Davi: test_gnuherds=# GRANT ALL ON DATABASE test_gnuherds TO "www-data";
GRANT


Davi: \q


Davi: 9.
Davi: address@hidden:/home/davi$ psql test_gnuherds < /tmp/GNUHerds__SQL_Implementation.sql > /tmp/stdout 2> /tmp/stderr


Davi: 10. I check the stdout and stderr files


Davi: Note: I have executed the  "9." command only one time, not twice.

Davi: The /tmp/stdout is normal, reporting the CREATE table success, and the INSERT command success.
Davi: The /tmp/stderr is normal, reporting the DROP commands failed due to initially the database did not have tables
Davi: and successfully reporting the creating of indexes.
Davi:    NOTICE:  CREATE TABLE / UNIQUE will create implicit index "la_academiclevels_la_level_key" for table "la_academiclevels"


Davi: Conclusion: It seems I did not have any problem here.

Davi: I am going to execute the "9." command a second time to check the /tmp/stderr file does not show the DROP table errors.

Davi: You are right:
Davi:    ERROR:  relation "lo_countries" already exists
Davi:   ERROR:  duplicate key violates unique constraint "lo_countries_pkey"

Davi: second time it fails!
Davi: You are right.

Davi: Let me check why it fails.
Nicodemo: Well perhaps, it doesn't completely fail. It does allow me to register a user according to the web app.
Davi: Yes ...

Davi: I am going to send you the fixed SQL file
Davi: It was just change the order of two DROPs

Davi: -- Lists:
DROP TABLE LN_Nationalities; -- Nationalities internationally recognized. That is to say, ISO nationalities.
DROP TABLE LO_Countries;



Davi: You could change the order yourself and try again.
Davi: So we can finish the rest of the steps.

Davi:    (I will commit to Git the modified file)

Nicodemo: you mean LN_Nationaliities should come before LO_Countries?
Davi: yes

Davi: After you check it, as I have already done, I will commit the change to Git.

Nicodemo: NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "ll_languages_pkey" for table "ll_languages" ... I guess this is better
Davi: Yes :)
Davi: That is normal.

Nicodemo: I went straight to using that command.
Davi: Now you get a more clean output?
Nicodemo: Many DROP s Many Creates 2 GRANT s and many INSERT S
Davi: perfect

Davi: You could now execute a command similar to the below one to fill some skills at your database. It is optional:
Davi:     psql gnuherds_dev < dev/skills.sql > stdout 2> stderr 

Nicodemo: alright...

Nicodemo: of course I have to copy that file to /tmp ... It may help to add that to the docs
Davi: I have done a "git commit ...sql"
Davi: and "git push"
Davi: to get:
Davi: http://git.savannah.gnu.org/gitweb/?p=gnuherds-app.git;a=commit;h=02097dfea49d5ef2b2af92d0c1dc18a538c0adfb

Davi: As just tell you that so you can see how we usually work...

Davi: Has you checkout the source code from the Git repository, or downloaded from the gnuherds.org -online.tar.gz ?
Nicodemo: it is the git repository I believe.
Davi: so, is it different to the webapp? Is does not have the "pledge" and "volunteers" sections?
Davi: I meant different to the current webapp on-line at gnuherds.org
Nicodemo: No I do not think I have pledge or volunteers
Nicodemo: that would be viewed on the website?
Nicodemo: note there.
Nicodemo: not*
Davi: You can go to http://gnuherds.org/offers
Davi: You see the three buttons at right, ... job offers, pledges, volunteers?
Nicodemo: yes
Davi: That code is a draft demo on which we are yet working
Davi: We hope finish it, to be able to commit it to Git.
Nicodemo: On my side I do not see it. On your web site I do finish.
Davi: It will be the "phase 1" which add pledges and volunteers sections, but without bank support.
Davi: Yo do not see it at your development environment because it has not been committed yet to Git, due to it is _transitional_ code.
Davi: It is just a demo to get feedback from the people at the gnuherds-app-dev mailing list, and so follow improving it
Davi: up to finish the phase 1 (which add pledges and volunteers sections, but without bank support.)

Davi: Later we will carry out the phase 2, and so on, ...

Davi: There are some specific features which could be developed on the development environment to have
Davi: as for example the "Visitor counter" feature.

Davi: That is to say, we can have phase 2.A (which add pledges and volunteers sections, but without bank support)
Davi: and phase 2.B (Visitor counter)
Davi: under development at the same time

Davi: Actually I have a copy here with a transitional version of the 2.B (Visitor counter).
Davi: I am working now at the phase 2.A instead of on the 2.B because 2.A is more urgent.

Davi: There are other tasks which can be done on parallel too; phase 2.C, 2.D, ...

Nicodemo: Visitor counter being like something counts how many visits to the website?
Davi: no, how many visit to one specific job offer, or to one specific resume/qualifications.
Davi: To count site visits there are already packages out there, as awstats, etc. Anyway we are not using awstats
Davi: or something similar to count the site visits due to
Davi: we know by experience that if the site has not offers, pledged, ... etc. there are few visits.
Davi: We do not need a site visit counter to know that.

Nicodemo: That can be a little amateurish if your are going to report the users. Maybe it would be useful for an administrator?
Davi: However it is good the job posted know how may visits her offer has got, and it it is since some days such job offer is not getting any more visits, so the can close such offer and begin the HR selection process (due to they will not get more job offer subscriptions/applications).

Davi: job offer visit counter is useful for the job offer poster.
Davi: resume/qualifications visit counter is useful for the person who own such resume.

Davi: So, for example, I can know how many visit my resume has got.

Davi: If I post a offer I can know how many visit my offer has got.

Davi: To develop it we add two field more, one to the J1_JobOffers table, and anothe to the Q1_Qualifications table.
Davi: We increment it on a new visit.
Davi: We show the number when the owner of such offer or resume open such offer or resume.

Davi: We show it in a corner of the Offer or Qualification view page.


Davi: There are other task which maybe you could carry out. The project is not in a hurry.
Davi: You can take a look at the code, or just forget about the gnuherds project.
Davi: There is not compromise.

Davi: Feel free to ask anything when you need.
Nicodemo: alright
Davi: You can contact me via chat, here. or send emails with CC to gnuherds-app-dev.
Davi: I very small task would be better as an start to know the source code of the webapp.

Davi: I have an actual job from Monday to Friday. But I will have more free time from 21-06-2008 due to I will finish job at 16:00.

Davi: I think I could help you more if we work 30 minutes connected to chat. Chat is more interactive than email.

Davi: Well, night.
Davi: see you.
Nicodemo: Good Night. I think I will good from now. But I do not know how to register my user as I am using emulation. Registration didn't get to my email.
Davi: Do you get and email from your webapp when you register an email?

Nicodemo: I do not get the email from the application.

Davi: When I register I see:

Davi: Success. An email has been sent to address@hidden with the instructions to activate the account.If you do not receive such email, you can inform about it at address@hidden

Davi: and then I get an email as that:


Davi: GNU Herds: Activate account
From: 
address@hidden
  To: 
address@hidden
  Date: 
Today 01:31:04
   
Your email has been used to create an account at GNU Herds.

To activate it follow the below link. That link will expire in 48 hours. To get a new non-expired link just register at gnuherds.org again.

https://g-10.org/person?action=register&address@hidden&magic=1afe88a0b4dfcc94fa4e5bde398f522a

If you have not asked for this new account, ignore this email.

Note: To avoid 'Spam' you can only get this email at the most once each 48 hours. If this email is Spam for you, please let it knows to  association AT gnuherds.org


Davi: The step "6." of the guide
Davi:   http://savannah.nongnu.org/cookbook/?func=detailitem&item_id=154
Davi: says:
Davi:   * register some user in the data base. You have to have the 'sendmail' interface working in your system. Ask at the "gnuherds-app-dev AT nongnu.org" email list if you need help. 

Davi: You can install the "postfix" package.

Davi: You should have installed to the below packages:
Davi: php-http
Davi: php5
Davi: php5-cgi
Davi: php5-cli
Davi: php5-common
Davi: php5-gd
Davi: php5-imagick
Davi: php5-pgsql


Davi: libapache2-mod-php5


Davi: The "postfix" package provides the "/usr/sbin/sendmail" command which is used by the webapp to send the emails.
Nicodemo: never had php5-gd
Nicodemo: I have sendmail
Davi: Maybe  php5-gd is not needed.
Davi: I advise you to install postfix instead of sendmail due to it is what I have tested.
Davi: Anyway it should be able to send emails too when sendmail is rightly configured.

Davi: To check if your system is able to send an email, you can type the below command:

Davi: $ mail address@hidden
Subject: test - ignore it
hi hi hi hi
Cc:


Davi: If the email you send using the 'mail' command arrive to your Gmail account I think the webapp should be able to send an email to you from your PC.

Nicodemo: I've used mutt to try something like that.
Nicodemo: Right now I thinking which config I want to for postfix
Davi: I think the default config should work without any modification.
Nicodemo: No Configuration?
Davi: just the default one.
Davi: Just   apt-get install postfix
Nicodemo: takes to a config page
Davi: we could try

Davi: I am not sure if you have set up an external SMTP server for mutt. Is so you could be able to send mails with mutt but not with the 'mail' command.

Davi: It would be good idea try with the mail command:
Davi:   $ mail address@hidden

Nicodemo: mail command not found. mailq and mailstat
Nicodemo: is that part of sendmail?
Davi: no
Davi: It seams be part of the   mailx   package
Davi:    apt-get install mailx

Nicodemo: I am getting it.
Davi: I have to go
Davi: night
Nicodemo: good night


Nicodemo: still having some issues with the mail.
Davi: hi
Davi: Are you able to send successfully an email using the below command?
Davi:    mail address@hidden

Nicodemo: mail address@hidden ?
Davi: yes

Davi: For example:

Davi: address@hidden:~$ mail address@hidden
Subject: test
dsfasdf
Cc:
address@hidden:~$


Davi: After writing the body of the email, "dsfasdf..." you have to push 'Ctrl' and the key 'd' to begin to type the next field "Cc:".


Nicodemo: Diagnostic-Code: smtp; 550-5.7.1 [72.70.128.190] The IP you're using to send
    mail is not authorized 550-5.7.1 to send email directly to our servers.
    Please use the SMTP 550-5.7.1 relay at your service provider instead. Learn
    more at     550 5.7.1
    http://mail.google.com/support/bin/answer.py?answer=10336 6si9288937yxg.6


Davi: That is because you are not getting the "Activation account" email when you use your gmail.com email.

Davi: Solution: use another email, for example:  address@hidden

Nicodemo: This is an image I got from the savannah project. Somehow I am using this as the domain: jupiter.interne.cliss21.org
Davi: So, test it as:
Davi:   mail address@hidden
Davi: Anyway the localhost is always defined at the machine.
Davi:   mail address@hidden


Davi: You can look at:
Davi:   cat /etc/hosts

Davi: The localhost "domain name" must be already defined at such file /etc/hosts file.

Davi: I have added by hand the below definition for my GNU Herds development environment:
Davi:   127.0.0.1       g-10.org


Davi: So, I have defined in the Apache virtual host the domain name as "g-10.org" too.


Davi: Note the "127.0.0.1" IP is always the local machine.

Nicodemo: I don't know where that domain is coming from. /etc/hosts has localhost.localdomain localhost savane
Davi: add the below line to the /etc/hosts file
Davi:  127.0.0.1       localhost

Davi: At my file I have this line:
Davi:   127.0.0.1       localhost.localdomain   localhost

Davi: Note it defines both  localhost.localdomain  and  localhost  as being the local IP 127.0.0.1 .

Nicodemo: This is the whole line: 127.0.0.1       localhost.localdomain localhost savane
Nicodemo: I just found /etc/postfix/main.cf and it had that odd domain.
Davi: Cool. It defines three "domain name" identifiers as being the local IP 127.0.0.1
Davi:   localhost.localdomain
Davi:   localhost
Davi:   savane

Davi: You are not forced to use domain names. You can just use:
Davi:    mail address@hidden

Davi: Please, try the below command:
Davi:   mail address@hidden
Davi:   
Davi: Well, address@hidden fails at my system, due to the current postfix configuration reject it.

Davi: address@hidden failed too.

Nicodemo: I've done that before but it's good to check again.

Nicodemo: I am having trouble delivering any mail now.

Nicodemo: maybe I had to start postfix
Davi: I think I know what is the problem:
Davi:   501 5.1.3 Bad recipient address

Davi: I think we should modify the configuration of your postfix.

Davi: You can edit the below file:
Davi:   /etc/postfix/main.cf
Davi: and comment or remove the below line:
Davi:   reject_non_fqdn_hostname,

Davi: You could even remove all the values which get the below configuration option:
Davi:   smtpd_recipient_restrictions =
Davi: leaving it only as:
Davi:    smtpd_recipient_restrictions = permit

Davi: So all is permitted, and we do not get the above error:
Davi:   501 5.1.3 Bad recipient address


Nicodemo: Sorry... lost google page.
Nicodemo: I don't think I have those lines in my /etc/postfix/main.cf
Davi: Could you paste here the content of such file:
Davi: ?

Nicodemo: # See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = savane
#jupiter.interne.cliss21.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.localdomain, localhost
#jupiter.interne.cliss21.org, localhost.interne.cliss21.org, , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
Nicodemo: I changed mydestination and myhostname after I saw jupiter*
Davi: What if the IP of such virtual machine?
Davi: Could you take a look at the output of "ifconfig"?
Nicodemo: # See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = savane
#jupiter.interne.cliss21.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.localdomain, localhost
#jupiter.interne.cliss21.org, localhost.interne.cliss21.org, , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
Davi: Add the below line to your current main.cf configuration and restart postfix:
Davi:     smtpd_recipient_restrictions = permit


Davi: After restarting postfix you can try again the below command:
Davi:    mail address@hidden

Nicodemo: I got it.
Davi: Did you got the email?
Nicodemo: From:
 address@hidden
Davi: cool :)
Nicodemo: ....

Davi: So you can already create account on your development environment following the normal procedure?
Nicodemo: I see what your mean.
Nicodemo: let me try that.
Davi: ok
Nicodemo: I get an invalid email address from the webpage
Davi: could you paste here the output?

Nicodemo: I just it to address@hidden the first time. 2nd time address@hidden was a success but I got a wierd message
Nicodemo: Got a wierd e-mail message that is
Nicodemo: WW91ciBlbWFpbCBoYXMgYmVlbiB1c2VkIHRvIGNyZWF0ZSBhbiBhY2NvdW50IGF0IEdOVSBIZXJk
cy4KClRvIGFjdGl2YXRlIGl0IGZvbGxvdyB0aGUgYmVsb3cgbGluay4gVGhhdCBsaW5rIHdpbGwg
ZXhwaXJlIGluIDQ4IGhvdXJzLiBUbyBnZXQgYSBuZXcgbm9uLWV4cGlyZWQgbGluayBqdXN0IHJl
Z2lzdGVyIGF0IGdudWhlcmRzLm9yZyBhZ2Fpbi4KCmh0dHBzOi8vbG9jYWxob3N0OjUwMDgxL3Bl
cnNvbj9hY3Rpb249cmVnaXN0ZXImZW1haWw9cm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4mbWFn
aWM9OGMyOGY5MjY2ZGIzNDQ5NWJmNzI5NGJkMTJhZWU5ODYKCklmIHlvdSBoYXZlIG5vdCBhc2tl
ZCBmb3IgdGhpcyBuZXcgYWNjb3VudCwgaWdub3JlIHRoaXMgZW1haWwuCgpOb3RlOiBUbyBhdm9p
ZCAnU3BhbScgeW91IGNhbiBvbmx5IGdldCB0aGlzIGVtYWlsIGF0IHRoZSBtb3N0IG9uY2UgZWFj   
aCA0OCBob3Vycy4gSWYgdGhpcyBlbWFpbCBpcyBTcGFtIGZvciB5b3UsIHBsZWFzZSBsZXQgaXQg
a25vd3MgdG8gIGFzc29jaWF0aW9uIEFUIGdudWhlcmRzLm9yZwoK
Nicodemo: Encrypted I guess.
Davi: The webapp does not encrypt emails yet!

Davi: You should get an email as the one I pasted here yesterday.
Nicodemo: well it is doing a good job
Davi: no that!
Nicodemo: Yes I remember something of it.
Davi: Did you get a link to activate the account?
Nicodemo: that was the message.
Nicodemo: want me to send you the message?
Davi: yes please
Nicodemo: address@hidden
Davi: yes
Davi: Maybe your postfix configuration is encrypting all emails by default...?
Nicodemo: did you get it?
Davi: no yet
Davi: 1 minute...
Davi: You are able to open such encrypted email and read it unencrypted?
Nicodemo: I just used mutt and yes I can.
Davi: Maybe mutt is configured to decrypt it...
Nicodemo: Can't follow the link though.
Nicodemo: https://localhost:50081/person?action=register&address@hidden&magic=8c28f9266db34495bf7294bd12aee986
Nicodemo: oh yeah
Davi: You can edit such link to be allow to follow it.
Nicodemo: I haven't setup SSL :0
Davi: ah!, It is easy
Nicodemo: No need. Just delete the s and it went.
Nicodemo: got my password 4 numbers
Davi: The webapp should reject the process if it is not on HTTPS!
Nicodemo: yeah probably.
Davi:    Let me check the source code...
Davi: Ah, I see ...
Davi: I will fix that.
Davi: Thanks for reporting.



Davi: You will have a lot of troubles if you do not configure the Apache SSL support.
Davi: due to the webapp does not accept http, but httpS, at some times.

Nicodemo: google chat keeps crashing.
Nicodemo: I successfully registered using http: and not https at gnuherds.org
Davi: I have pidgin installed at my PC.

Davi: I am going to commit a patch which will force to use https to activate the account
Davi: and so show the password to the user
Davi: using an https secure encrypted communication.

Davi: The patch is easy. I am testing it before commit.
Davi: I will show you it when ready.

Davi: Please, configure HTTPS for your apache.
Davi: I will help you.
Davi: First step: 

Davi: At http://gnuherds.org/doc/conf/apache_virtual_domain.conf
Davi: it is exposed a draft of the configuration which you can copy.

Davi: You should be using the /var/www/gnuherds-app/ directory to keep your webapp.

Davi: You should install for example http://www.pidgin.im/ to avoid the Gmail crashes.


Davi: What is the main Operating System you are using?
Davi: in you main box?
Nicodemo: I will have to add that 483 protocol to qemu start script. Frugalware.
Davi: I did not know such distribution!  http://frugalware.org/
Davi: Every day we learn something new :)
Nicodemo: 443*
Davi: yes

Nicodemo: There are thousands you can't know everyone of them
Davi: you are right :)

Nicodemo: I signed in using pidgin
Davi: cool

Davi: I am developing the fixes to force HTTPS when the password is shown.

Nicodemo: and for the registration?
Davi: for the registration you the user fill an email and click the POST button which send it to the server.
Davi: There is not password involved.
Davi: If we want to preserve the privacy of the email which is sent, maybe we should encrypt such POST.
Davi: I am not sure. We can take note of it and discuss it the next year.

Davi: We could add a task at savannah to take note of such pending task. I am going to add such task.
Nicodemo: To reject all http, when following the registration email?
Davi: let me think a little

Davi: Savannah task created: http://savannah.nongnu.org/task/?8283

Davi: I am thinking that email are sent on blank (not encrypted) over the SMTP protocol.
Davi: So the full internet is sending the email addresses on clean (not encrypted) over the SMTP protocol. So there is not need to protect it at the project webapp.
Davi: when the POST request is sent to the Apache server. 
Davi: because of the 95% of email addresses are not encrypted when it are sent by the internet.

Davi: So, if you do not disagree I will close the task.
Davi: I have to go. I will be back in 3 hours.
Davi: later

Nicodemo: bye bye
Nicodemo has left the conversation.



Davi: hi again
Davi: I have pushed the first commit to force HTTPs when the password is shown along the registration process.
Davi: http://git.savannah.gnu.org/gitweb/?p=gnuherds-app.git;a=commit;h=168ee090030e88b7ec152db702233abaa12b6cfb


Nicodemo: Boy you give me too much credit
Nicodemo: My setup is actually forcing me to use https only
Davi: It is true that the http://gnuherds.org/doc/conf/apache_virtual_domain.conf configuration forces
Davi: always HTTPs.
Davi: It is due to:

Davi: <VirtualHost *:80>  ServerName domain.name   ServerAdmin address@hidden   Redirect / https://domain.name/ </VirtualHost>

Davi: The request on port 80 are always redirected to 
Davi:   Redirect / https://domain.name/ 


Davi: At production and at my development environment it does not work so.
Davi: Forcing HTTPs is a bad idea, if is is not needed due to security subject.
Davi: It is bad idea due to HTTPs transfer is slower due to encryption time, and more bytes to transfer.

Davi: You can copy the   <VirtualHost *:443>   section
Davi: configuration to the     <VirtualHost *:80>   one,
Davi: removing the Redirect / https://domain.name/   , etc.
Davi: So HTTPs will be used only when the webapp request is due to security subjects.


Davi: I have done a  "git commit"  and  "git push"  to offer a apache_virtual_domain.conf file which does not redirect HTTP to HTTPS
Davi: http://git.savannah.gnu.org/gitweb/?p=gnuherds-app.git;a=blob;f=Layer-0__Site_entry_point/doc/conf/apache_virtual_domain.conf;h=ca77561b4ce66a7911b6e4fb4d0b51e88fde6a9f;hb=6891de62c05c09967c8cdee634dc244a90c7dc72
Davi: Reference from: http://git.savannah.gnu.org/gitweb/?p=gnuherds-app.git;a=commit;h=6891de62c05c09967c8cdee634dc244a90c7dc72

Nicodemo: Hello... I am still not able to http instead of https
Davi: hi again


Davi: The below request redirect yet to HTTPS?
Davi:    http://your_domain_name/

Davi: After modifying the configuration you have to restart Apache:
Davi:   /etc/init.d/apache2 restart

Nicodemo: I added listen 443
Davi: It is right.

Nicodemo: They actually say for you to use 80 for HTTP and 443 for SSL
Davi: right.



Davi: Note that
Davi: if you are logged
Davi: you will be always on HTTPS.
Davi: You will came back to HTTP after you log out or your PHP session expires. You can login at gnuherds.org to note it.

Davi: That is to tranfer always over HTTPS (encrypted) the HTTP Cookie which your FireFox send to the Apache server.


Davi: What happens if you do an HTTP request to your domain?
Davi:   http://your_domain_name/

Nicodemo: I think that is where I was making another error, I can not log in because it throws an error trying to connect to https://localhost
Davi: ah, so your HTTPS configuration is not right yet?
Davi: You have to create the HTTPS certificate and
Davi: install it.

Nicodemo: I think I did.
Davi: ah
Davi: Can yo send me an email with:
Davi:   1. your Virtual domain conf file
Nicodemo: I can connect from my remote using lynx but not through my desktop browser
Davi:   2. your two HTTPs certificate files:
Davi:   gnuherds.org.crt
Davi:   gnuherds.org.key

Nicodemo: my browser needs to user https://localhost:50443 or http://localhost:50081
Nicodemo: it tries to redirect me to https://localhost and that fails
Davi: ah!, so you can change the HTTP and HTTPS port of your apache
Davi:   80 --> 50081 (http://localhost:50081)
Davi:   443 --> 50443 (https://localhost:50443) 
Nicodemo: connecting through lynx gives me this error  Fatal error: Uncaught exception 'Exception' with message 'ERROR:<pre> PREPARE query(integer) AS SELECT
   Q1_ProfessionalExperienceSinceYear,Q1_LA_Id,QP_LK_DesiredContractType,QP_DesiredWageRank,QP_LU_WageRankCurrency,QP_LB_WageRankByPerio
   d,QP_CurrentEmployability,QP_AvailableToTravel,QP_AvailableToChangeResidence,Q1_AcademicQualificationDescription,Q1_CompletedEdition
   FROM Q1_Qualifications WHERE Q1_E1_Id=$1; EXECUTE query('5'); </pre> ERROR: column "q1_la_id" does not exist' in
   /var/www/gnuherds-app/gnuherds-app/Layer-5__DB_operation/PostgreSQL.php:57 Stack trace: #0
   /var/www/gnuherds-app/gnuherds-app/Layer-5__DB_operation/Qualifications.php(39): PostgreSQL->getPostgreSQLObject('PREPARE
   query(i...', 1) #1 /var/www/gnuherds-app/gnuherds-app/Layer-4__DBManager_etc/DB_Manager.php(213):
   Qualifications->getQualificationsForEntity('5') #2
   /var/www/gnuherds-app/gnuherds-app/Layer-2__Business_logic/others/Log_form.php(60): DBManager->getQualificationsForEntity('5') #3
   /var/www/gnuherds-app/gnuherds-app/Layer-2__Business_logic/o in
   /var/www/gnuherds-app/gnuherds-app/Layer-5__DB_operation/PostgreSQL.php on line 57


Nicodemo: here let me show you the script I use for qemu
Nicodemo: qemu savane.img -kernel-kqemu -redir tcp:2222::22 -redir tcp:50081::80 -redir tcp:50443::443 $*
Davi:  Let me analyze the above error when you connect via lynx...

Davi: Oops!
Davi: There is another error in the GNUHerds__SQL_Implementation.sql file
Davi: The Q1_Qualifications table needs another field
Davi: let me fix it, so you can create the database again.

Davi: Well, the SQL is right, it is the webapp which is worng.
Davi: You can edit the below file:
Davi:   gnuherds-app/Layer-5__DB_operation/Qualifications.php

Davi: line 38:
Davi:   - Remove the "Q1_LA_Id," string from the SQL query.


Davi: I will fix later the webapp and commit it.


Nicodemo: does it need to be replaced?
Davi: removed.

Davi:     Q1_LA_Id,


Davi: That field is old and was removed from the data base schema some month ago, but I forgot update the webapp code.
Davi: I have to remove it from the database of my development environment and from the gnuherds.org production host!

Nicodemo: well I am getting another error.
Davi: Show it here:

Nicodemo: Fatal error: Uncaught exception 'Exception' with message 'ERROR:<pre> PREPARE query(integer) AS SELECT
   Q1_ProfessionalExperienceSinceYear,QP_LK_DesiredContractType,QP_DesiredWageRank,QP_LU_WageRankCurrency,QP_LB_WageRankByPeriod,QP_Curr
   entEmployability,QP_AvailableToTravel,QP_AvailableToChangeResidence,Q1_AcademicQualificationDescription,Q1_CompletedEdition FROM
   Q1_Qualifications WHERE Q1_E1_Id=$1; EXECUTE query('5'); </pre> ERROR: column "q1_academicqualificationdescription" does not exist'
   in /var/www/gnuherds-app/gnuherds-app/Layer-5__DB_operation/PostgreSQL.php:57 Stack trace: #0
   /var/www/gnuherds-app/gnuherds-app/Layer-5__DB_operation/Qualifications.php(39): PostgreSQL->getPostgreSQLObject('PREPARE
   query(i...', 1) #1 /var/www/gnuherds-app/gnuherds-app/Layer-4__DBManager_etc/DB_Manager.php(213):
   Qualifications->getQualificationsForEntity('5') #2
   /var/www/gnuherds-app/gnuherds-app/Layer-2__Business_logic/others/Log_form.php(60): DBManager->getQualificationsForEntity('5') #3
   /var/www/gnuherds-app/gnuherds-app/Layer-2 in /var/www/gnuherds-app/gnuherds-app/Layer-5__DB_operation/PostgreSQL.php on line 57
Nicodemo: I think that is different
Davi: It is the same rationale. Old field.

Davi: Remove it.

Nicodemo: q1_academicqualif*
Davi: yes

Davi: Additionally you will have to change some more lines of code. That will be your first
Davi: webapp code modification.

Davi: Remove the below lines too:

Davi:    $array[1] = pg_fetch_all_columns($result, 1); // Q1_LA_Id

Davi:    $array[9] = pg_fetch_all_columns($result, 9); // Q1_AcademicQualificationDescription


Nicodemo: well I am about to do it again
Davi: and update the indexes:
Davi:    ($result, XXX);
Davi: as follows:

Davi:   $array[0] = pg_fetch_all_columns($result, 0); // Q1_ProfessionalExperienceSinceYear
  $array[2] = pg_fetch_all_columns($result, 1); // QP_LK_DesiredContractType
  $array[3] = pg_fetch_all_columns($result, 2); // QP_DesiredWageRank
  $array[4] = pg_fetch_all_columns($result, 3); // QP_LU_WageRankCurrency
  $array[5] = pg_fetch_all_columns($result, 4); // QP_LB_WageRankByPeriod
  $array[6] = pg_fetch_all_columns($result, 5); // QP_CurrentEmployability
  $array[7] = pg_fetch_all_columns($result, 6); // QP_AvailableToTravel
  $array[8] = pg_fetch_all_columns($result, 7); // QP_AvailableToChangeResidence
  $array[10] = pg_fetch_all_columns($result, 8); // Q1_CompletedEdition


Nicodemo: well, I see what you mean
Nicodemo: I thought it had a problem with 52, 53
Davi: let me see
Davi: I think they will be right
Davi: Let me check
Nicodemo: Yeah invaid column 10
Nicodemo: invalid*
Davi: Do you have the lines as follows?

Davi:   $array[0] = pg_fetch_all_columns($result, 0); // Q1_ProfessionalExperienceSinceYear
  $array[2] = pg_fetch_all_columns($result, 1); // QP_LK_DesiredContractType
  $array[3] = pg_fetch_all_columns($result, 2); // QP_DesiredWageRank
  $array[4] = pg_fetch_all_columns($result, 3); // QP_LU_WageRankCurrency
  $array[5] = pg_fetch_all_columns($result, 4); // QP_LB_WageRankByPeriod
  $array[6] = pg_fetch_all_columns($result, 5); // QP_CurrentEmployability
  $array[7] = pg_fetch_all_columns($result, 6); // QP_AvailableToTravel
  $array[8] = pg_fetch_all_columns($result, 7); // QP_AvailableToChangeResidence
  $array[10] = pg_fetch_all_columns($result, 8); // Q1_CompletedEdition


Davi: Note we have not changed the array indexes, $array[10] 
Davi: but also the ($result, 8)

Davi: Note we are not using the ($result, 10)   column 10.

Nicodemo: ah
Nicodemo: no problems now
Davi: it is ok

Davi: Maybe there will be more code which is affected by the removing of the Q1_LA_Id and the other table field. I have to check it.



Davi: Now you can 'play' a little with the source code of the webapp
Nicodemo: yes, but I do not have the volunteer and pledge pages
Davi: You could execute the below command
Davi:   mv /var/www/gnuherds-app/ /var/www/gnuherds-app.stable/

Davi:   mkdir /var/www/gnuherds-app/
Davi:   cd /var/www/gnuherds-app/
Davi:   wget http://gnuherds.org/gnuherds-online.tar.gz
Davi:   tar xzvf gnuherds-online.tar.gz (http://gnuherds.org/gnuherds-online.tar.gz)

Davi: So you will get the code which is right now at on-line at the gnuherds.org domain name.

Davi: Note: I think you will have to do the above removing of Q1_LA_Id, ... and modify the source code...,  at least up to we commit at push to the Git repository such bug fix.



Davi: Note the gnuherds-online.tar.gz (http://gnuherds.org/gnuherds-online.tar.gz) is a draft and transitional state of the "phase 1" code.
Davi: I have a more improved version at my development environment, here at my PC.

Davi: Even more 'transitional'.



Nicodemo: I'll make the environment within the hour but after that it I am going to go outside and do something else. I've been stuck too far long
Davi: It is OK.
Davi: See you
Davi: :)
Nicodemo: all done. Good Night.
Nicodemo has left the conversation.