$Id: TODO,v 1.16 2000/09/06 23:08:14 ckyc Exp $

20/07/2000 LibWeb-0.02
----------------------
o Add more methods in LibWeb::Themes::Default.  For example, add some
  HTML form generation templates in LibWeb::Themes::Default.

o Add more methods in LibWeb::Database::Mysql.

o Add some themes.

o Add MyThemes in ./eg.

o Fix LibWeb::CGI OO bugs.

o Fix ``redirect'' security hole.

o Multiple database support.  Tell user to put something like
  DB_NAME.USER_LOG_TABLE in the rc file to specify the db for libweb's
  user log table (this syntax may be MySQL specific).  Add
  LibWeb::Database::get_db_handle() and get_statement_handle().

o Advocate $self->{OS}, $self->{CRLF} and $self->{PATH_SEP}.

o Add 'guest' option in lm.cgi ($Is_allow_guest, $Is_login_alert_admin).

o fatal should not send password in plain text, e.g. when
  loginindicator high.

o Add filtering ability in LibWeb::Core::sanitize( -html=> );
  i.e. something like LibWeb::Core::sanitize( -html=>, -allow=>[] ).

o In README, tell people to read patch/alter_t.sql if they are
  upgrading.

o True session management (use Apache::Session or implement it in
  LibWeb: register(), freeze() and serialize()), i.e. not just
  authentication handling. Allow either performing it through cookies or
  via database interaction per page displayed (expensive).  This should
  be mainly for storing application states and not application data.
  There should be separate database table for each application's own
  data.

o Review the possibility of using HTTP GET if the remote browser is
  not cookie enabled (every `A' and `FORM' HTML tag will need to
  be appended the variable).

o Advocate putting
  "print $q->header( -expires => $a->{CLASSIC_EXPIRES} );"
  on every `protected session' pages.

o Add LibWeb::Admin::forgot_password(): Change the password in
  database and mail the new password to the registered e-mail address.

o Review the possibility of adding LibWeb::Admin::add_tmp_user(): E-mail
  a randomly generated password to the tmp user and tell the user to
  click on a link (possibly need to add
  LibWeb::Admin::activate_tmp_account()) to activate her/his account.

o Review the possibility of adding two columns (`GROUP' and `GID') in the
  USER_PROFILE database table or a separate table.  This allows fine
  tune page access according to the group a user belong to.
  Implementation will need to

  * Add an entry in the rc file (e.g. GROUPS => { 0 => 'wheel'}).

  * Change the code for LibWeb::Admin::add_new_user() and get_user()
    accordingly.  The structure of the authentication cookie needs to be
    changed to reflect that and hence several get/parse cookie methods
    will also need to be changed.

o Use Class::Singleton in LibWeb::Class [need fine tone].  All derived
  classes are
  changed accordingly by adding a method _new_instance() to each of
  them.  Sample classes MyHTML.pm and MyTheme.pm and sample scripts
  lw.cgi and lm.cgi are changed accordingly.  Documents are also
  changed to reflect this.

o Fix font color problem since <body text="#_color"> is obsoleted in
  HTML 4.0?

o LibWeb::HTML::Default::display_error() should uses header() and
  footer(), etc.

o Use Crypt::UnixCrypt

o Change all theme table names to *box.