Some general observations after installing

(tsrwebmanager) #1

Some of the following might make it to the ‘bugs’ or ‘suggestions’ pages
Please read what follows as contsructive criticism - I love the tool.

Instead of keeping superuser id in the config why not keep it in the database? That way password reminders/changes and email address changes are easy. Having only 1 superuser is a liability in a company
what if I have an accident? or if I leave - its a security issue NOT to change passwords when a superuser leaves - but how can the password be change with the current implementation?

You obviously have ‘Admin’ and ‘View’ flags - why not a ‘Superuser’ flag as well.

Make ‘Settings’ available to everyone - but
when logged in as superuser can see everyone, only a superuser can promote user to superuser.
when logged in as admin can see admin and users
when logged in as user can only see self- so can update own password and email address

Make the email ‘from’ address configurable in one of the ini files, instead of fixed at ‘password-recovery@’ in the controller.php code.

installation of the ‘code snippet’ badly messed up my page layout. It took a lot of searching to find the code at line 112 in piwik.js, which uses document.writeln to create an <img , however the code produced is wrong, with no valid image displayed, but taking up display space on the page. The code generated by this piece of JS is for XHTML i.e. it has /> to close the <img tag. How do you know what the main page DTD is defines as, in my case I was using HTML4.0 and /> is incorrect.
For now I have

  1. removed in <a tag and asscoiated code, retaining only the jscript in the snippet
  2. commented out line 112 in piwik.js
and for the above reasons am also concerned about line 18 in piwik.js which also uses document.write to create html code. Maybe a better way can be found to do these things.

if you dont change these lines then documentation is needed to prompt that they might need to be edited after install.
Whatever approach is used it must generate valid code, and not an image place holder with no image that messes up page layout.

Keep up the good work

(Matthieu Aubry) #2

thanks for your feedback, that’s useful.

the document.write* and image tag problems will soon be fixed, we have a ticket and somebody is working on it

see for “users can edit their password”

i’ve also created