HirdWeb

Just a quick post, as this is now December and I have not posted for almost a month. But this is another simple, and easy, and sometimes forgotten idea among the web programming world. Never pass up the opportunity to learn something new. I know this sounds really easy, and possibly even like a “duh” comment. But there are so many times I come across people from all areas of life, and all areas of business who think that they have nothing new to learn. When they encounter something they have not done before, or something that is done different than the way they did it, then it is wrong, and it is not right, and it is not correct, that it needs to be scrapped and how much they could do it better. Now while this may sometimes may be the case, it usually is not.

Just because something is different, or there is a requirement to do something in a different way, then it does not mean it is wrong, it is just an opportunity to learn. On Twitter, I started to follow PHP Advent. There are many ideas presented in this that provide a great perspective. Some I would not have tried, just because I would not have thought of that approach. But I would not dismiss them just because of that. There is always something new to learn. Never “poo-poo” anything just because you are not familiar with it.

OK, soapbox post is complete.

In some applications on the web, you are required to log in to view content, post content, or any other sort of thing. With this, there will be times when a member of the site/application/whatever will forget the password they used, and it will have to be reset for them. So there are different methods of doing this, and different ideas behind what should make this work. I am going to give you one that I use, which will use a close to random method for resetting the passwords.

Continue reading…

It is finally October and I have not posted one thing yet. I was in California last week though. However that should not be an excuse for the lack of posting I have made. I really wanted to be able to post at least once a week, trying for twice a week. However, that has not happened.

So a quick post about security in a site. I will not claim that I know everything about security, but I have always been about the common sense stuff of a site. Some of the things to keep in mind:

Continue reading…

In preparation for the Zend Certification Exam (ZCE), Zend provides a great (sarcasm) online practice test that consists of 8 questions. That is right, 8 questions. A certification exam that consists of 70 questions and Zend offers 8 questions. And the other thing with the practice test, is that if you get 5 out of 8 correct, then you are “ready” to take the exam. Which I would not suggest, unless of course you have at least 1 year of real PHP experience coding, testing, even hacking. Plus, there is a good amount of DB stuff on the test, as well as security, streams, XML/Web Services and other stuff. I also suggest you pay (that is right, pay) for a set of practice exams. But I digress. Back to the Zend practice test. They give you 8 questions, then just tell you how many you got right/wrong. There is no feedback (like a real exam) on the practice test, which I think there ought to be. So I decided I would not only give you the answer, but why it is the answer. Following is the exam questions and the answers and why they are the answers.
Continue reading…

CakePHP now has deprecated some queries. The findALL, findCount, etc etc etc. This now uses the find() method for all of these, and has a basic syntax for this. If it is basic, why blog about it then? Good question. The documentation is there in the API, and is there in the Cookbook, it took me some time to really get a good idea on an applicable example and took many times of “trial and error” to help me get along. Because finding is good, and will give you all the information you need, if it is a simple, 1 table find. If you need to query two or three tables, how does this work. So this will go into those as well.

The basic idea of find, as listed by the API is this:

find(
	array $conditions,
	array $fields,
	string $order,
	int $recursive
);

This will find one record based on conditions, return the desired fields (or all of them if nothing is specified), order the results, and go so many levels deep (-1 for just the current table).
Continue reading…

To continue on last weeks thought of a “lite” forum, I needed 2 tables (Forums, Posts). Since this is a “lite” forum, I did not want to create a mid-table labeled topics, so I incorporated that in the Posts table. The other reasoning behind this, is that to create a hybrid forum/blog, the topic is really just a beginning post in the thread, so keep those in the Posts table, just mark it as a topic to differentiate this from the other posts.

I created two controllers, forums_controller.php and posts_controller.php. All of the links on the application will point to the forums_controller.php file. The models need to be created, forum.php and post.php, with the relationships.

The file user.php (User model) needs to have a “hasMany” relationship with Posts.

var $hasMany = array(
	'Post' => array('className' => 'Post',
		'foreignKey' => 'post_id',
		'dependent' => false,
	)
);

The Forum model needs a “hasMany” relationship with the Post model

var $hasMany = array(
	'Post' => array('className' => 'Post',
		'foreignKey' => 'forum_id',
		'dependent' => false,
	)
);

The Post model needs a “belongsTo relationship with both the Forum and User models.

var $belongsTo = array(
    'Forum' => array('className' => 'Forum',
        'foreignKey' => 'forum_id',
        'conditions' => '',
        'fields' => '',
        'order' => ''
    ),
    'User' => array('className' => 'User',
        'foreignKey' => 'user_id',
        'conditions' => '',
        'fields' => '',
        'order' => ''
)
);

Continue reading…

There was something I was asked to troubleshoot between two different environments. Most reputable places will give at least 2 different environments for application development, the best is to have at least three, development, stage, and production areas. I was asked resolve and fix an issue in the stage area, but it was not happening in the development area. Normally, I follow a few simple rules to get through this type of troubleshooting. Today, for some reason, I blew those off. Now this is not an end all be all type of list, and I use what is good for me and what I have learned. Other people may find different ways to do this, and find ways that work for them more. Here are some of the major items I check for with web applications in PHP.

• Check the Apache services, connection, or anything that would lead to just no resulting page whatsoever.
• Check the DB server, make sure the server is working, the connection is good, the data flow is there
• Check the permission of the database, the tables, the sequences, etc. Whatever is needed from the database, make sure the caller has permissions to do that task
• Check the code objects/PEAR packages/framework extensions are installed. If you have a recent version of PHP, then you should be good for PEAR, and if you have the most recent framework version (like Symfony, CakePHP or Zend) that should house them all, but never hurts to check
• Check instantiated objects, function calls, object variables, etc. Most of the time it could be a spelling error, or the call is made before the object is created
• I check the data being returned and the statements making the calls. What I am calling for may not be listed, or I may need to grab data from another table. This sometimes creates errors for other functions expecting an array and getting a character value.
• Dump the session, maybe the session variable was never set, or never started.
• Form data and POST variables are always good to give a good ol’ var_dump() or print_r().

Obviously this is not all of them, nor is this just a quick checklist. Some of these may take a while to go through, and may have a lot of details to peruse through to find the answer. This will not always give the answer the quickest ways, nor will it ever just shine the answer down to you. But it helps to isolate issues starting form the global level, work down to the application level, and then down to the code level. Plus, it helps eliminate the obvious problems first, so that when someone asks “is the printer is turned on?”, I don’t sit there looking stupid because “it is turned off” and I just never looked. But that is what happens at times.

Today, I completely forgot about permissions on a database. Sure, the code works in development, I have my hands all over that environment. But when it does not work in the staging area, I should have checked permissions instead of just lopping off my hand with endless queries to try and see where the code went wrong. Just one simple act of a GRANT permission to the application user calling the query would have fixed it. But I was forgetful and should have checked that first. Sometimes developers go down the wrong path. To stay down the wrong path, well, you can finish that one on your own.

After last weeks Auth component, it is now time to go into the full Authentication of a user. In order to use the full power of the Auth component, the table should be named “users”. In the table I created, there were a few different things put in, but for the sake of this, I will limit those.

CREATE TABLE IF NOT EXISTS `users` (
	`user_id` int(11) NOT NULL auto_increment,
	`username` varchar(25) NOT NULL,
	`password` varchar(250) NOT NULL,
	`full_name` varchar(250) NOT NULL,
	`email` varchar(250) NOT NULL,
	`remote_address` varchar(16) NOT NULL,
	`last_login` datetime default NULL,
	`last_login_ip` varchar(16) default NULL,
	`created` datetime NOT NULL,
	`modified` datetime default NULL,
	PRIMARY KEY  (`user_id`),
	UNIQUE KEY `username` (`username`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

In this table, there is a lot you really do not need, but here is the breakdown: ‘user_id’ is needed for my purposes, ‘username’ and ‘password’ are named as such to be able to use the Auth component methods. The other fields are for personalization (full_name and email). The next three are just for simplistic CYA that should always be good practice, grap the registered IP address, date the user last logged in and the IP they logged in from. Is this a foolproof way of CYA? No. But it starts you out on the right track. The last two I always put in all of my tables, as CakePHP updates those automatically, so this also helps to track when created and when changed.

Now that the table is done, we need to provide some quick validation for registration and such. In the model, the code should look similar to this:

var $name = 'User';
var $primaryKey = 'user_id';
var $validate = array(
	'username' => array(
		'alphaNumeric' => array(
			'rule'		=> 'alphaNumeric',
			'required'	=> true,
			'on'		=> 'create',
			'message'	=> 'Username must be only letters and numbers, no special characters'
		),
		'between' => array(
			'rule' 		=> array('between', 5, 20),
			'on'		=> 'create',
			'message'	=> 'Username must be between 5 and 20 characters',
		),
		'isUnique' => array(
			'rule'		=> 'isUnique',
			'on'		=> 'create',
			'message'	=> 'This username is already taken. Please choose a different one.'
		)
	),
	'email' => array(
		'rule'		=> array('email', true),
		'required'	=> true,
		'message'	=> 'Please provide a valid email address'
	),
);

Continue reading…

After a few years of deliberating and going thru different iterations of site code, I have returned to the WordPress world and will write at the very least, the weekly entry in the blog. This will definitely have some issues as I see, as I am still deciding on the correct theme. But that will all be settled some time soon.

I have set up a few categories as of right now, and may add some more, but may not have to add any at all.

Current projects I am working on includes my full time job working with Fox Entertainment building online applications in PHP. Working with other side projects that include CakePHP for a local non profit organization, developing applications for the iPhone/iPod and another project to develop the plugin applications for those mobile apps on the Mac.

If there are any questions, then let me know.