From cdc0ba4549f2652f6b35abdb71dc33f6f0cb2182 Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Thu, 19 Jan 2023 13:17:38 -0500
Subject: [PATCH 01/13] Move index functions into include file.

---
 includes/index_functions.php | 27 +++++++++++++++++++++++++++
 index.php                    | 26 ++------------------------
 2 files changed, 29 insertions(+), 24 deletions(-)
 create mode 100644 includes/index_functions.php

diff --git a/includes/index_functions.php b/includes/index_functions.php
new file mode 100644
index 0000000..47b2bd6
--- /dev/null
+++ b/includes/index_functions.php
@@ -0,0 +1,27 @@
+<?php
+// Print output session variable.
+function print_output() {
+   if(isset($_SESSION['output'])) {
+      echo implode('<br>', $_SESSION['output']);
+   }
+
+   $_SESSION['output'] = [];
+}
+
+
+// Prints link to current report.
+function print_report_link() {
+   if(isset($_SESSION['reportPath']) && $_SESSION['reportPath']) {
+      echo '<a href="'.htmlspecialchars($_SESSION['reportPath'], ENT_QUOTES).'" download>Download Report</a>';
+   }
+
+   unset($_SESSION['reportPath']);
+}
+
+
+// Sets the CSRF token in session.
+function set_csrf_token() {
+   if(!isset($_SESSION['csrfToken'])) {
+      $_SESSION['csrfToken'] = bin2hex(random_bytes(32));
+   }
+}
diff --git a/index.php b/index.php
index d7c612b..878cd8f 100644
--- a/index.php
+++ b/index.php
@@ -1,31 +1,9 @@
 <?php
 session_start();
 require_once('includes'.DIRECTORY_SEPARATOR.'functions.php');
+require_once('includes'.DIRECTORY_SEPARATOR.'index_functions.php');
 load_config_file();
-
-// Print output session variable.
-function print_output() {
-   if(isset($_SESSION['output'])) {
-      echo implode('<br>', $_SESSION['output']);
-   }
-
-   $_SESSION['output'] = [];
-}
-
-
-// Prints link to current report.
-function print_report_link() {
-   if(isset($_SESSION['reportPath']) && $_SESSION['reportPath']) {
-      echo '<a href="'.htmlspecialchars($_SESSION['reportPath'], ENT_QUOTES).'" download>Download Report</a>';
-   }
-
-   unset($_SESSION['reportPath']);
-}
-
-
-if(!isset($_SESSION['csrfToken'])) {
-   $_SESSION['csrfToken'] = bin2hex(random_bytes(32));
-}
+set_csrf_token();
 ?>
 <!DOCTYPE html>
 <html lang="en">

From fff21ba68e61035d3c511a99302af4d518252eb5 Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Mon, 23 Jan 2023 16:48:20 -0500
Subject: [PATCH 02/13] Function move in progress.

---
 includes/functions.php        |  1 +
 includes/submit_functions.php | 78 +++++++++++++++++++++++++++++++++++
 submit.php                    | 77 +++-------------------------------
 3 files changed, 85 insertions(+), 71 deletions(-)
 create mode 100644 includes/submit_functions.php

diff --git a/includes/functions.php b/includes/functions.php
index 726473c..473fc57 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1,5 +1,6 @@
 <?php
 // Go back to the index page.
+// TODO: check to see if this needs to be loaded on any pages or just on includes.
 function go_home() {
    header('location: .');
    exit;
diff --git a/includes/submit_functions.php b/includes/submit_functions.php
new file mode 100644
index 0000000..5459b39
--- /dev/null
+++ b/includes/submit_functions.php
@@ -0,0 +1,78 @@
+<?php
+// Check if all needles exist in haystack.
+function in_array_all($needles, $haystack) {
+   return empty(array_diff($needles, $haystack));
+}
+
+
+// Removes oldest files from directory.
+function remove_old_files($filePattern, $maxFileCount) {
+   if($maxFileCount < 1) {
+      $maxFileCount = 1;
+   }
+
+   $files = glob($filePattern);
+   $extraFiles = count($files) - $maxFileCount;
+
+   if($extraFiles > 0) {
+      // Sort by last modified ascending.
+      usort($files, function($x, $y) {
+         return filemtime($x) > filemtime($y);
+      });
+
+      for($i = 0; $i < $extraFiles; $i++) {
+         unlink($files[$i]);
+      }
+   }
+}
+
+
+// Returns a valid file name.
+function find_file_name($fileName) {
+   if(!file_exists($fileName)) {
+      return $fileName;
+   }
+
+   $fileParts = pathinfo($fileName);
+   $fileCount = count(glob($fileParts['dirname'] . DIRECTORY_SEPARATOR . "*"));
+
+   for($i = 1; $i <= $fileCount; $i++) {
+      $tempName = $fileParts['dirname'] . DIRECTORY_SEPARATOR . $fileParts['filename'] . " ($i)." . $fileParts['extension'];
+
+      if(!file_exists($tempName)) {
+         return $tempName;
+      }
+   }
+
+   return null;
+}
+
+
+// Check for PHP cURL.
+// TODO: Add more checks here (file write, etc.)
+function check_capabilities() {
+   if(!function_exists('curl_init')) {
+      array_push($_SESSION['output'], 'Please install/enable the PHP cURL library.');
+      go_home();
+   }
+}
+
+
+// Validate CSRF token.
+function validate_csrf_token() {
+   if(!DEBUG) {
+      if(!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken'])) {
+         array_push($_SESSION['output'], 'CSRF token not found.');
+         go_home();
+      }
+      else {
+         if($_POST['csrfToken'] !== $_SESSION['csrfToken']) {
+            array_push($_SESSION['output'], 'The CSRF token is invalid.');
+            go_home();
+         }
+         else {
+            unset($_SESSION['csrfToken']);
+         }
+      }
+   }
+}
diff --git a/submit.php b/submit.php
index 7380cbe..3980626 100644
--- a/submit.php
+++ b/submit.php
@@ -1,84 +1,17 @@
 <?php
 session_start();
 require_once('includes'.DIRECTORY_SEPARATOR.'functions.php');
+require_once('includes'.DIRECTORY_SEPARATOR.'submit_functions.php');
 load_config_file();
 
 
-$_SESSION['output'] = [];
 const DEBUG = false;
+$_SESSION['output'] = [];
 
 
-// Check if all needles exist in haystack.
-function in_array_all($needles, $haystack) {
-   return empty(array_diff($needles, $haystack));
-}
-
-
-// Removes oldest files from directory.
-function remove_old_files($filePattern, $maxFileCount) {
-   if($maxFileCount < 1) {
-      $maxFileCount = 1;
-   }
-
-   $files = glob($filePattern);
-   $extraFiles = count($files) - $maxFileCount;
-
-   if($extraFiles > 0) {
-      // Sort by last modified ascending.
-      usort($files, function($x, $y) {
-         return filemtime($x) > filemtime($y);
-      });
-
-      for($i = 0; $i < $extraFiles; $i++) {
-         unlink($files[$i]);
-      }
-   }
-}
-
-
-// Returns a valid file name.
-function find_file_name($fileName) {
-   if(!file_exists($fileName)) {
-      return $fileName;
-   }
-
-   $fileParts = pathinfo($fileName);
-   $fileCount = count(glob($fileParts['dirname'] . DIRECTORY_SEPARATOR . "*"));
-
-   for($i = 1; $i <= $fileCount; $i++) {
-      $tempName = $fileParts['dirname'] . DIRECTORY_SEPARATOR . $fileParts['filename'] . " ($i)." . $fileParts['extension'];
-
-      if(!file_exists($tempName)) {
-         return $tempName;
-      }
-   }
-
-   return null;
-}
-
-
-// Check CSRF token.
-if(!DEBUG) {
-   if(!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken'])) {
-      array_push($_SESSION['output'], 'CSRF token not found.');
-      go_home();
-   }
-   else {
-      if($_POST['csrfToken'] !== $_SESSION['csrfToken']) {
-         array_push($_SESSION['output'], 'The CSRF token is invalid.');
-         go_home();
-      }
-      else {
-         unset($_SESSION['csrfToken']);
-      }
-   }
-}
+check_capabilities();
+validate_csrf_token();
 
-// Check for PHP cURL.
-if(!function_exists('curl_init')) {
-   array_push($_SESSION['output'], 'Please install/enable the PHP cURL library.');
-   go_home();
-}
 
 // Check upload and move it to folder.
 if($uploadFileName = $_FILES['fileUpload']['name'] ?? null) {
@@ -92,6 +25,7 @@ function find_file_name($fileName) {
       go_home();
    }
 
+   //TODO: remove?
    echo '<pre>'.print_r($_FILES['fileUpload'], true).'</pre>';
 
    move_uploaded_file($_FILES['fileUpload']['tmp_name'], $uploadFullFilePath);
@@ -161,6 +95,7 @@ function find_file_name($fileName) {
 $ch = curl_init();
 
 curl_setopt_array($ch, [
+   CURLOPT_SSL_VERIFYPEER => false, // for dev only
    CURLOPT_URL => CONFIG['url'],
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,

From 385695225cd252aab01b6d58519b64c8207de3c6 Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Mon, 23 Jan 2023 16:49:12 -0500
Subject: [PATCH 03/13] Add todo.

---
 submit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/submit.php b/submit.php
index 3980626..a3f6f8d 100644
--- a/submit.php
+++ b/submit.php
@@ -95,7 +95,7 @@
 $ch = curl_init();
 
 curl_setopt_array($ch, [
-   CURLOPT_SSL_VERIFYPEER => false, // for dev only
+   CURLOPT_SSL_VERIFYPEER => false, //TODO: for dev only
    CURLOPT_URL => CONFIG['url'],
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,

From 28b776932dae64811f519e6bdc8101e3ad8c30cc Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Tue, 24 Jan 2023 09:27:07 -0500
Subject: [PATCH 04/13] Update comments to docblock.

---
 includes/functions.php        | 38 ++++++++++++++++++++++++++++------
 includes/index_functions.php  | 18 +++++++++++++---
 includes/submit_functions.php | 39 +++++++++++++++++++++++++++++------
 3 files changed, 80 insertions(+), 15 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 473fc57..737d464 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1,19 +1,36 @@
 <?php
-// Go back to the index page.
-// TODO: check to see if this needs to be loaded on any pages or just on includes.
+/**
+ * Redirects browser to the index page.
+ *
+ * // TODO: check to see if this needs to be loaded on any pages or just on includes.
+ *
+ * @return void
+ */
 function go_home() {
    header('location: .');
    exit;
 }
 
 
-// Loads the configuration file.
+/**
+ * Loads the configuration file.
+ *
+ * Configuration will be in a CONFIG variable.
+ *
+ * @return void
+ */
 function load_config_file() {
    require_once('config'.DIRECTORY_SEPARATOR.'config.php');
 }
 
 
-// Lists out files in either the reports or uploads directories.
+/**
+ * Lists out files in either the reports or uploads directories.
+ *
+ * @param string  $type    Folder to parse.
+ * @param integer $amount  Number of results to return.
+ * @return void
+ */
 function list_files($type, $amount) {
    $files = glob($type.DIRECTORY_SEPARATOR.'*.csv');
 
@@ -39,7 +56,12 @@ function list_files($type, $amount) {
 }
 
 
-// Prints the navigation, marking the current page as active.
+/**
+ * Prints the navigation, marking the current page as active.
+ *
+ * @param string $currentPage Filename of the current page.
+ * @return void
+ */
 function print_header($currentPage) {
    echo '
    <header class="container my-3">
@@ -90,7 +112,11 @@ function print_header($currentPage) {
 }
 
 
-// Prints the footer.
+/**
+ * Prints the footer.
+ *
+ * @return void
+ */
 function print_footer() {
    echo '
    <footer class="container my-3">
diff --git a/includes/index_functions.php b/includes/index_functions.php
index 47b2bd6..30f2b7d 100644
--- a/includes/index_functions.php
+++ b/includes/index_functions.php
@@ -1,5 +1,9 @@
 <?php
-// Print output session variable.
+/**
+ * Prints the $output session variable.
+ *
+ * @return void
+ */
 function print_output() {
    if(isset($_SESSION['output'])) {
       echo implode('<br>', $_SESSION['output']);
@@ -9,7 +13,11 @@ function print_output() {
 }
 
 
-// Prints link to current report.
+/**
+ * Prints a link to the current report found in session variable $reportPath.
+ *
+ * @return void
+ */
 function print_report_link() {
    if(isset($_SESSION['reportPath']) && $_SESSION['reportPath']) {
       echo '<a href="'.htmlspecialchars($_SESSION['reportPath'], ENT_QUOTES).'" download>Download Report</a>';
@@ -19,7 +27,11 @@ function print_report_link() {
 }
 
 
-// Sets the CSRF token in session.
+/**
+ * Sets the CSRF token in session ($csrfToken).
+ *
+ * @return void
+ */
 function set_csrf_token() {
    if(!isset($_SESSION['csrfToken'])) {
       $_SESSION['csrfToken'] = bin2hex(random_bytes(32));
diff --git a/includes/submit_functions.php b/includes/submit_functions.php
index 5459b39..db87169 100644
--- a/includes/submit_functions.php
+++ b/includes/submit_functions.php
@@ -1,11 +1,23 @@
 <?php
-// Check if all needles exist in haystack.
+/**
+ * Check if all needles exist in haystack.
+ *
+ * @param array   $needles    Array of values to search for.
+ * @param array   $haystack   Array of values to search in.
+ * @return bool
+ */
 function in_array_all($needles, $haystack) {
    return empty(array_diff($needles, $haystack));
 }
 
 
-// Removes oldest files from directory.
+/**
+ * Remove oldest files from directory.
+ *
+ * @param string  $filePattern   File name pattern to search for.
+ * @param integer $maxFileCount  Max number of files to keep.
+ * @return void
+ */
 function remove_old_files($filePattern, $maxFileCount) {
    if($maxFileCount < 1) {
       $maxFileCount = 1;
@@ -27,7 +39,12 @@ function remove_old_files($filePattern, $maxFileCount) {
 }
 
 
-// Returns a valid file name.
+/**
+ * Return a valid file name.
+ *
+ * @param string $fileName Desired file name.
+ * @return string|null
+ */
 function find_file_name($fileName) {
    if(!file_exists($fileName)) {
       return $fileName;
@@ -48,8 +65,14 @@ function find_file_name($fileName) {
 }
 
 
-// Check for PHP cURL.
-// TODO: Add more checks here (file write, etc.)
+
+/**
+ * Check for PHP cURL.
+ *
+ * //TODO: Add more checks here (file write, etc.)
+ *
+ * @return void
+ */
 function check_capabilities() {
    if(!function_exists('curl_init')) {
       array_push($_SESSION['output'], 'Please install/enable the PHP cURL library.');
@@ -58,7 +81,11 @@ function check_capabilities() {
 }
 
 
-// Validate CSRF token.
+/**
+ * Validates CSRF token.
+ *
+ * @return void
+ */
 function validate_csrf_token() {
    if(!DEBUG) {
       if(!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken'])) {

From 31c9cf39dfaad607bb79f6ddceda77ac27f1199d Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Tue, 24 Jan 2023 12:33:38 -0500
Subject: [PATCH 05/13] Comments.

---
 config/config.sample.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index f686cb0..cd383d4 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -1,5 +1,9 @@
 <?php
-
+/**
+ * Configuration.
+ *
+ * @var array  [url, doiPrefix, username, password, maxSubmittedFiles, maxReportedFiles, maxUploadSize]
+ */
 const CONFIG = [
    'url' => 'https://api.datacite.org/dois',
    'doiPrefix' => '',

From 6ada86e50a5d47df26e1d2ee906fb69f11f79b54 Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Tue, 24 Jan 2023 13:06:10 -0500
Subject: [PATCH 06/13] Move functions, add more to check capabilities, remove
 some debugging.

---
 includes/submit_functions.php | 70 ++++++++++++++++++++++++++++-------
 submit.php                    | 28 ++------------
 2 files changed, 61 insertions(+), 37 deletions(-)

diff --git a/includes/submit_functions.php b/includes/submit_functions.php
index db87169..d10f65a 100644
--- a/includes/submit_functions.php
+++ b/includes/submit_functions.php
@@ -67,15 +67,29 @@ function find_file_name($fileName) {
 
 
 /**
- * Check for PHP cURL.
- *
- * //TODO: Add more checks here (file write, etc.)
+ * Check for PHP cURL and that both the reports and uploads directories are writable.
  *
  * @return void
  */
 function check_capabilities() {
+   $go_home = false;
+
    if(!function_exists('curl_init')) {
       array_push($_SESSION['output'], 'Please install/enable the PHP cURL library.');
+      $go_home = true;
+   }
+
+   if(!is_writable('uploads')) {
+      array_push($_SESSION['output'], 'The uploads directory is not writable.');
+      $go_home = true;
+   }
+
+   if(!is_writable('reports')) {
+      array_push($_SESSION['output'], 'The reports directory is not writable.');
+      $go_home = true;
+   }
+
+   if($go_home) {
       go_home();
    }
 }
@@ -87,19 +101,49 @@ function check_capabilities() {
  * @return void
  */
 function validate_csrf_token() {
-   if(!DEBUG) {
-      if(!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken'])) {
-         array_push($_SESSION['output'], 'CSRF token not found.');
+   if(!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken'])) {
+      array_push($_SESSION['output'], 'CSRF token not found.');
+      go_home();
+   }
+   else {
+      if($_POST['csrfToken'] !== $_SESSION['csrfToken']) {
+         array_push($_SESSION['output'], 'The CSRF token is invalid.');
          go_home();
       }
       else {
-         if($_POST['csrfToken'] !== $_SESSION['csrfToken']) {
-            array_push($_SESSION['output'], 'The CSRF token is invalid.');
-            go_home();
-         }
-         else {
-            unset($_SESSION['csrfToken']);
-         }
+         unset($_SESSION['csrfToken']);
       }
    }
 }
+
+
+/**
+ * Process uploaded file.
+ *
+ * Checks for upload file, file size, and file name.
+ *
+ * @return string
+ */
+function process_uploaded_file() {
+   // Check upload and move it to folder.
+   if($fileName = $_FILES['fileUpload']['name'] ?? null) {
+      if($_FILES['fileUpload']['size'] > CONFIG['maxUploadSize']){
+         array_push($_SESSION['output'], 'The uploaded file is too large.');
+         go_home();
+      }
+
+      if(!($filePath = find_file_name('uploads'.DIRECTORY_SEPARATOR.$fileName))) {
+         array_push($_SESSION['output'], 'There was an error saving the uploaded file.');
+         go_home();
+      }
+
+      move_uploaded_file($_FILES['fileUpload']['tmp_name'], $filePath);
+      remove_old_files('uploads'.DIRECTORY_SEPARATOR.'*.csv', CONFIG['maxSubmittedFiles']);
+
+      return $filePath;
+   }
+   else {
+      array_push($_SESSION['output'], 'Could not find uploaded file.');
+      go_home();
+   }
+}
diff --git a/submit.php b/submit.php
index a3f6f8d..5b76fe0 100644
--- a/submit.php
+++ b/submit.php
@@ -11,33 +11,12 @@
 
 check_capabilities();
 validate_csrf_token();
+$uploadFullPath = process_uploaded_file(); //TODO: var name
 
 
-// Check upload and move it to folder.
-if($uploadFileName = $_FILES['fileUpload']['name'] ?? null) {
-   if($_FILES['fileUpload']['size'] > CONFIG['maxUploadSize']){
-      array_push($_SESSION['output'], 'The uploaded file is too large.');
-      go_home();
-   }
-
-   if(!($uploadFullFilePath = find_file_name('uploads'.DIRECTORY_SEPARATOR.$uploadFileName))) {
-      array_push($_SESSION['output'], 'There was an error saving the uploaded file.');
-      go_home();
-   }
-
-   //TODO: remove?
-   echo '<pre>'.print_r($_FILES['fileUpload'], true).'</pre>';
-
-   move_uploaded_file($_FILES['fileUpload']['tmp_name'], $uploadFullFilePath);
-   remove_old_files('uploads'.DIRECTORY_SEPARATOR.'*.csv', CONFIG['maxSubmittedFiles']);
-}
-else {
-   array_push($_SESSION['output'], 'Could not find uploaded file.');
-   go_home();
-}
 
 // Open the uploaded file.
-if(!$uploadFp = fopen($uploadFullFilePath, 'r')) {
+if(!$uploadFp = fopen($uploadFullPath, 'r')) {
    array_push($_SESSION['output'], 'There was an error opening the uploaded file.');
    go_home();
 }
@@ -55,6 +34,7 @@
 }, $headers);
 
 // Make sure CSV file has all required headers.
+// TODO: where does this belong?
 $requiredHeaders = [
    'doi_suffix',
    'title',
@@ -107,7 +87,7 @@
 ]);
 
 
-$fileParts = pathinfo($uploadFullFilePath);
+$fileParts = pathinfo($uploadFullPath);
 $fileName = $fileParts['filename'];
 
 // Open a file for the upload report.

From 94802cfcb78f0648a1844fb2fdc805db9949101b Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Tue, 24 Jan 2023 13:22:15 -0500
Subject: [PATCH 07/13] Move some vars and remove the rest of DEBUG.

---
 submit.php | 41 ++++++++++++++++++-----------------------
 1 file changed, 18 insertions(+), 23 deletions(-)

diff --git a/submit.php b/submit.php
index 5b76fe0..a793188 100644
--- a/submit.php
+++ b/submit.php
@@ -5,8 +5,22 @@
 load_config_file();
 
 
-const DEBUG = false;
 $_SESSION['output'] = [];
+// Headers required to process the upload file.
+$requiredHeaders = [
+   'doi_suffix',
+   'title',
+   'year',
+   'type',
+   'description',
+   'publisher',
+   'source_url',
+   'creator1',
+   'creator1_type', // TODO: will depend on orchid id
+                    // don't require and assume personal?
+   'creator1_given',
+   'creator1_family',
+];
 
 
 check_capabilities();
@@ -14,14 +28,12 @@
 $uploadFullPath = process_uploaded_file(); //TODO: var name
 
 
-
 // Open the uploaded file.
 if(!$uploadFp = fopen($uploadFullPath, 'r')) {
    array_push($_SESSION['output'], 'There was an error opening the uploaded file.');
    go_home();
 }
 
-
 // Save file headers.
 if(($headers = fgetcsv($uploadFp)) === false) {
    array_push($_SESSION['output'], 'No data was found in the uploaded file.');
@@ -29,26 +41,11 @@
 }
 
 // Trim and lowercase headers in CSV file.
-$headers = array_map(function($header){
+$headers = array_map(function($header) {
    return strtolower(trim($header));
 }, $headers);
 
 // Make sure CSV file has all required headers.
-// TODO: where does this belong?
-$requiredHeaders = [
-   'doi_suffix',
-   'title',
-   'year',
-   'type',
-   'description',
-   'publisher',
-   'source_url',
-   'creator1',
-   'creator1_type',
-   'creator1_given',
-   'creator1_family',
-];
-
 if(!in_array_all($requiredHeaders, $headers)) {
    array_push($_SESSION['output'], 'The uploaded CSV file is missing required headers.');
    go_home();
@@ -65,6 +62,7 @@
 $fileData = [];
 
 // Retrieve the rest of the file.
+// TODO: At some point process a row at a time instead of saving all records to array.
 while(($row = fgetcsv($uploadFp)) !== false) {
    $fileData[] = array_combine($headers, $row);
 }
@@ -173,7 +171,4 @@
 fclose($reportFp);
 remove_old_files('reports'.DIRECTORY_SEPARATOR.'*.csv', CONFIG['maxReportFiles']);
 curl_close($ch);
-
-if(!DEBUG) {
-   go_home();
-}
+go_home();

From c84782845762114b47a203cdc5954c4ed5a976ff Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Wed, 25 Jan 2023 12:45:02 -0500
Subject: [PATCH 08/13] Move/create more functions.

---
 includes/submit_functions.php | 149 ++++++++++++++++++++--------------
 submit.php                    |  51 ++++--------
 2 files changed, 103 insertions(+), 97 deletions(-)

diff --git a/includes/submit_functions.php b/includes/submit_functions.php
index d10f65a..03abcb8 100644
--- a/includes/submit_functions.php
+++ b/includes/submit_functions.php
@@ -1,10 +1,61 @@
 <?php
+/**
+ * Check for PHP cURL and that both the reports and uploads directories are writable.
+ *
+ * @return void
+ */
+function check_capabilities() {
+   $go_home = false;
+
+   if(!function_exists('curl_init')) {
+      array_push($_SESSION['output'], 'Please install/enable the PHP cURL library.');
+      $go_home = true;
+   }
+
+   if(!is_writable('uploads')) {
+      array_push($_SESSION['output'], 'The uploads directory is not writable.');
+      $go_home = true;
+   }
+
+   if(!is_writable('reports')) {
+      array_push($_SESSION['output'], 'The reports directory is not writable.');
+      $go_home = true;
+   }
+
+   if($go_home) {
+      go_home();
+   }
+}
+
+
+/**
+ * Validates CSRF token.
+ *
+ * @return void
+ */
+function validate_csrf_token() {
+   if(!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken'])) {
+      array_push($_SESSION['output'], 'CSRF token not found.');
+      go_home();
+   }
+   else {
+      if($_POST['csrfToken'] !== $_SESSION['csrfToken']) {
+         array_push($_SESSION['output'], 'The CSRF token is invalid.');
+         go_home();
+      }
+      else {
+         unset($_SESSION['csrfToken']);
+      }
+   }
+}
+
+
 /**
  * Check if all needles exist in haystack.
  *
- * @param array   $needles    Array of values to search for.
- * @param array   $haystack   Array of values to search in.
- * @return bool
+ * @param   array $needles    Array of values to search for.
+ * @param   array $haystack   Array of values to search in.
+ * @return  bool
  */
 function in_array_all($needles, $haystack) {
    return empty(array_diff($needles, $haystack));
@@ -14,9 +65,9 @@ function in_array_all($needles, $haystack) {
 /**
  * Remove oldest files from directory.
  *
- * @param string  $filePattern   File name pattern to search for.
- * @param integer $maxFileCount  Max number of files to keep.
- * @return void
+ * @param   string   $filePattern   File name pattern to search for.
+ * @param   integer  $maxFileCount  Max number of files to keep.
+ * @return  void
  */
 function remove_old_files($filePattern, $maxFileCount) {
    if($maxFileCount < 1) {
@@ -42,8 +93,8 @@ function remove_old_files($filePattern, $maxFileCount) {
 /**
  * Return a valid file name.
  *
- * @param string $fileName Desired file name.
- * @return string|null
+ * @param   string      $fileName Desired file name.
+ * @return  string|null A valid file name.
  */
 function find_file_name($fileName) {
    if(!file_exists($fileName)) {
@@ -65,64 +116,12 @@ function find_file_name($fileName) {
 }
 
 
-
-/**
- * Check for PHP cURL and that both the reports and uploads directories are writable.
- *
- * @return void
- */
-function check_capabilities() {
-   $go_home = false;
-
-   if(!function_exists('curl_init')) {
-      array_push($_SESSION['output'], 'Please install/enable the PHP cURL library.');
-      $go_home = true;
-   }
-
-   if(!is_writable('uploads')) {
-      array_push($_SESSION['output'], 'The uploads directory is not writable.');
-      $go_home = true;
-   }
-
-   if(!is_writable('reports')) {
-      array_push($_SESSION['output'], 'The reports directory is not writable.');
-      $go_home = true;
-   }
-
-   if($go_home) {
-      go_home();
-   }
-}
-
-
-/**
- * Validates CSRF token.
- *
- * @return void
- */
-function validate_csrf_token() {
-   if(!isset($_POST['csrfToken']) || !isset($_SESSION['csrfToken'])) {
-      array_push($_SESSION['output'], 'CSRF token not found.');
-      go_home();
-   }
-   else {
-      if($_POST['csrfToken'] !== $_SESSION['csrfToken']) {
-         array_push($_SESSION['output'], 'The CSRF token is invalid.');
-         go_home();
-      }
-      else {
-         unset($_SESSION['csrfToken']);
-      }
-   }
-}
-
-
 /**
  * Process uploaded file.
  *
  * Checks for upload file, file size, and file name.
  *
- * @return string
+ * @return string Full file path of the uploaded file.
  */
 function process_uploaded_file() {
    // Check upload and move it to folder.
@@ -147,3 +146,31 @@ function process_uploaded_file() {
       go_home();
    }
 }
+
+
+/**
+ * Opens up a file to create a report. The file name is based on the submitted file.
+ *
+ * @param   string   $uploadFullPath Full path of the uploaded file.
+ * @return  resource File pointer of opened report file.
+ */
+function open_report_file($uploadFullPath) {
+   $fileParts = pathinfo($uploadFullPath);
+   $fileName = $fileParts['filename'];
+
+   // Open a file for the upload report.
+   if(!($reportFullPath = find_file_name('reports'.DIRECTORY_SEPARATOR.basename($fileName).' report.csv'))) {
+      array_push($_SESSION['output'], 'There was an error saving the report file.');
+      go_home();
+   }
+
+   if(!$reportFp = fopen($reportFullPath, 'w')) {
+      array_push($_SESSION['output'], 'Cannot write to the reports folder.');
+      go_home();
+   }
+
+   // Save report path to add link on index page.
+   $_SESSION['reportPath'] = $reportFullPath;
+
+   return $reportFp;
+}
diff --git a/submit.php b/submit.php
index a793188..9a4eb5b 100644
--- a/submit.php
+++ b/submit.php
@@ -34,6 +34,8 @@
    go_home();
 }
 
+
+//TODO: headers function?
 // Save file headers.
 if(($headers = fgetcsv($uploadFp)) === false) {
    array_push($_SESSION['output'], 'No data was found in the uploaded file.');
@@ -52,22 +54,17 @@
 }
 
 // Find how many creator headers are present.
-$creatorHeaders = [];
-$i = 1;
+// TODO: does this go somewhere else?
+$creatorHeaders = preg_grep('/^creator\d+$/', $headers);
 
-while(in_array('creator'.$i, $headers)) {
-   array_push($creatorHeaders, 'creator'.$i++);
-}
+/*************************************************************************************/
 
-$fileData = [];
+// Open file for reporting.
+$reportFp = open_report_file($uploadFullPath);
 
-// Retrieve the rest of the file.
-// TODO: At some point process a row at a time instead of saving all records to array.
-while(($row = fgetcsv($uploadFp)) !== false) {
-   $fileData[] = array_combine($headers, $row);
-}
+// Add headers to upload report file.
+fputcsv($reportFp, ['doi_suffix', 'doi_url', 'status', 'error']);
 
-fclose($uploadFp);
 
 // Setup cURL.
 $ch = curl_init();
@@ -85,29 +82,9 @@
 ]);
 
 
-$fileParts = pathinfo($uploadFullPath);
-$fileName = $fileParts['filename'];
-
-// Open a file for the upload report.
-if(!($reportFullFilePath = find_file_name('reports'.DIRECTORY_SEPARATOR.basename($fileName).' report.csv'))) {
-   array_push($_SESSION['output'], 'There was an error saving the report file.');
-   go_home();
-}
-
-if(!$reportFp = fopen($reportFullFilePath, 'w')) {
-   array_push($_SESSION['output'], 'Cannot write to the reports folder.');
-   go_home();
-}
-
-// Save report path to add link on index page.
-$_SESSION['reportPath'] = $reportFullFilePath;
-
-// Add headers to upload report file.
-fputcsv($reportFp, ['doi_suffix', 'doi_url', 'status', 'error']);
-
-// Process file data and create report.
-$proccessedCsv = [];
-foreach($fileData as $row) {
+// Process the rest of the upload.
+while(($row = fgetcsv($uploadFp)) !== false) {
+   $row = array_combine($headers, $row);
    $doi = CONFIG['doiPrefix'].'/'.$row['doi_suffix'];
    $creators = [];
 
@@ -168,7 +145,9 @@
    }
 }
 
+
+curl_close($ch);
+fclose($uploadFp);
 fclose($reportFp);
 remove_old_files('reports'.DIRECTORY_SEPARATOR.'*.csv', CONFIG['maxReportFiles']);
-curl_close($ch);
 go_home();

From f433f27d711f53364d1e1af91eb8b4375050b48f Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Wed, 25 Jan 2023 13:05:49 -0500
Subject: [PATCH 09/13] More code moving.

---
 includes/submit_functions.php | 44 ++++++++++++++++++++++++++++++++++
 submit.php                    | 45 ++++-------------------------------
 2 files changed, 48 insertions(+), 41 deletions(-)

diff --git a/includes/submit_functions.php b/includes/submit_functions.php
index 03abcb8..6b48b6c 100644
--- a/includes/submit_functions.php
+++ b/includes/submit_functions.php
@@ -148,6 +148,50 @@ function process_uploaded_file() {
 }
 
 
+/**
+ * Processes the headers in the uploaded file. Checks to make sure all required headers are present.
+ *
+ * @param   resource $uploadFp File pointer to upload file.
+ * @return  array    Array of normalized headers from the upload file.
+ */
+function process_upload_headers($uploadFp) {
+   // Headers required to process the upload file.
+   $requiredHeaders = [
+      'doi_suffix',
+      'title',
+      'year',
+      'type',
+      'description',
+      'publisher',
+      'source_url',
+      'creator1',
+      'creator1_type', // TODO: will depend on orchid id
+                     // don't require and assume personal?
+      'creator1_given',
+      'creator1_family',
+   ];
+
+   // Save file headers.
+   if(($headers = fgetcsv($uploadFp)) === false) {
+      array_push($_SESSION['output'], 'No data was found in the uploaded file.');
+      go_home();
+   }
+
+   // Trim and lowercase headers in CSV file.
+   $headers = array_map(function($header) {
+      return strtolower(trim($header));
+   }, $headers);
+
+   // Make sure CSV file has all required headers.
+   if(!in_array_all($requiredHeaders, $headers)) {
+      array_push($_SESSION['output'], 'The uploaded CSV file is missing required headers.');
+      go_home();
+   }
+
+   return $headers;
+}
+
+
 /**
  * Opens up a file to create a report. The file name is based on the submitted file.
  *
diff --git a/submit.php b/submit.php
index 9a4eb5b..61efc90 100644
--- a/submit.php
+++ b/submit.php
@@ -6,27 +6,11 @@
 
 
 $_SESSION['output'] = [];
-// Headers required to process the upload file.
-$requiredHeaders = [
-   'doi_suffix',
-   'title',
-   'year',
-   'type',
-   'description',
-   'publisher',
-   'source_url',
-   'creator1',
-   'creator1_type', // TODO: will depend on orchid id
-                    // don't require and assume personal?
-   'creator1_given',
-   'creator1_family',
-];
 
 
 check_capabilities();
 validate_csrf_token();
-$uploadFullPath = process_uploaded_file(); //TODO: var name
-
+$uploadFullPath = process_uploaded_file();
 
 // Open the uploaded file.
 if(!$uploadFp = fopen($uploadFullPath, 'r')) {
@@ -34,43 +18,22 @@
    go_home();
 }
 
-
-//TODO: headers function?
-// Save file headers.
-if(($headers = fgetcsv($uploadFp)) === false) {
-   array_push($_SESSION['output'], 'No data was found in the uploaded file.');
-   go_home();
-}
-
-// Trim and lowercase headers in CSV file.
-$headers = array_map(function($header) {
-   return strtolower(trim($header));
-}, $headers);
-
-// Make sure CSV file has all required headers.
-if(!in_array_all($requiredHeaders, $headers)) {
-   array_push($_SESSION['output'], 'The uploaded CSV file is missing required headers.');
-   go_home();
-}
+$headers = process_upload_headers($uploadFp);
 
 // Find how many creator headers are present.
-// TODO: does this go somewhere else?
 $creatorHeaders = preg_grep('/^creator\d+$/', $headers);
 
-/*************************************************************************************/
-
 // Open file for reporting.
 $reportFp = open_report_file($uploadFullPath);
 
 // Add headers to upload report file.
 fputcsv($reportFp, ['doi_suffix', 'doi_url', 'status', 'error']);
 
-
 // Setup cURL.
 $ch = curl_init();
 
 curl_setopt_array($ch, [
-   CURLOPT_SSL_VERIFYPEER => false, //TODO: for dev only
+   // CURLOPT_SSL_VERIFYPEER => false, // for dev only
    CURLOPT_URL => CONFIG['url'],
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
@@ -135,7 +98,7 @@
    fputcsv($reportFp, [$row['doi_suffix'], 'https://doi.org/'.$doi, curl_getinfo($ch, CURLINFO_HTTP_CODE), $error]);
 
    if($error) {
-      $error = ', '.$error;
+      $error = ', '.lcfirst($error);
    }
 
    array_push($_SESSION['output'], '- submitted doi suffix '.$row['doi_suffix'].' with status of '.curl_getinfo($ch, CURLINFO_HTTP_CODE).$error);

From 3b525d44a2a205afe75ca8b9404c329ea51eae44 Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Wed, 25 Jan 2023 16:59:55 -0500
Subject: [PATCH 10/13] Comment.

---
 includes/submit_functions.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/includes/submit_functions.php b/includes/submit_functions.php
index 6b48b6c..c92bf42 100644
--- a/includes/submit_functions.php
+++ b/includes/submit_functions.php
@@ -117,9 +117,7 @@ function find_file_name($fileName) {
 
 
 /**
- * Process uploaded file.
- *
- * Checks for upload file, file size, and file name.
+ * Process uploaded file. Checks for upload file, file size, and file name.
  *
  * @return string Full file path of the uploaded file.
  */

From a1c1be2f6daac2b6cdb7c10ff16b8219fe166ffa Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Wed, 25 Jan 2023 17:00:25 -0500
Subject: [PATCH 11/13] Start adding notes.

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37f0b9f..85c4779 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.2.0] - 2023-01-
+- Reorganize code.
+
 ## [1.1.0] - 2022-09-28
 - Update .htaccess to use mod_authz_core directives.
 - Change config.ini to config.php.

From c0a563dba39b0b848e3b3d758e845a00baf87507 Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Wed, 1 Feb 2023 13:43:05 -0500
Subject: [PATCH 12/13] Add todo.

---
 includes/submit_functions.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/submit_functions.php b/includes/submit_functions.php
index c92bf42..26a5215 100644
--- a/includes/submit_functions.php
+++ b/includes/submit_functions.php
@@ -181,6 +181,7 @@ function process_upload_headers($uploadFp) {
    }, $headers);
 
    // Make sure CSV file has all required headers.
+   // TODO: specify missing headers
    if(!in_array_all($requiredHeaders, $headers)) {
       array_push($_SESSION['output'], 'The uploaded CSV file is missing required headers.');
       go_home();

From 8977544f21e58bd54f524de40e999ace79e0febd Mon Sep 17 00:00:00 2001
From: Matt Brooks <mbrooks34@gsu.edu>
Date: Wed, 1 Feb 2023 13:43:50 -0500
Subject: [PATCH 13/13] Update version and changelog.

---
 CHANGELOG.md | 2 +-
 README.md    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 85c4779..5e9c4db 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [1.2.0] - 2023-01-
+## [1.2.0] - 2023-02-01
 - Reorganize code.
 
 ## [1.1.0] - 2022-09-28
diff --git a/README.md b/README.md
index a67e64d..e322d09 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@ Code Repository: https://github.com/gsu-library/datacite-bulk-doi-creator-webapp
 Author: Matt Brooks <mbrooks34@gsu.edu>  
 Date Created: 2022-06-29  
 License: [GPL3](LICENSE)  
-Version: 1.1.0
+Version: 1.2.0
 
 ## Description
 A PHP WebApp that bulk creates DataCite DOIs from a provided CSV file. DOIs are created in the findable state. If you are looking for the python version of this WebApp see [DataCite Bulk DOI Creator](https://github.com/gsu-library/datacite-bulk-doi-creator).