July 15th, 2010
My previous blog post was all about the best PHP IDE and how our development team decided to switch from Aptana to Netbeans partly because of Aptanas decision to drop its PHP support in favour of PDT. However it seems that Aptana has since backtracked on this and is now re-introducing its own PHP support for Version 3.
So far they have confirmed the following as part of the Beta:
1. Syntax coloring which is part of the new Studio themes support.
2. Code Assist (for scripts in a single project and PHP API)
3. Syntax Errors annotations (which are actually better then what we had in the old php plug in).
4. Mark Occurrences
5. A PHP ‘Ruble’ (https://radrails.tenderapp.com/faqs/radrails-3/ruble-programming-guide) that provides you the ability to add capabilities to the editor by scripting them at your own team (with some Rails knowledge).
They have also confirmed the following features for future releases:
1. Code formatter
2. Debugger support
3. External libraries support
4. More views, such as class hierarchy etc.
5. Wizards and generators, such as class/interface wizards, Getters & Setters etc.
…And more
So it’s going to be interesting to see how Aptanas PHP shapes up in comparison to Netbeans and if this developer is going to be shifting back to Aptana.
mark
development
March 30th, 2010
I’ve tried and tested many an IDE in my time, starting with Macromedia Dreamweaver 3 many years ago. Dreamweaver served my needs brilliantly for quite a few years and I was in belief that I wouldn’t ever need another IDE, but as I started coding in PHP and moved to clean handcoded XHTML and CSS from table based layouts, I found Dreamweavers clumsiness just started to get in the way. I also found it slow over the network as all of my files were stored on our Linux testing server.
So the hunt for an alternative started. After a while digging around for a new IDE, I came across a neat little program called Aptana. Whilst it was still in heavy development, I was amazed how quick it was and how rich the PHP functionality was compared to Dreamweaver. I tried it out for a while and eventually ditched Dreamweaver and started using Aptana for all my web design and PHP coding.
I happily used Aptana for quite a while, but when they decided to ditch PHP support for version 2.0 in favour of Eclipse PDT and concentrate more on Ruby development, I was forced to start my search again. The PDT functionality was not a patch on Aptanas PHP support, so I was (as were many Aptana users) rather disappointed with Aptanas decision to do this.
Anyway, so began the search for a new IDE which supported PHP. I tried all sorts from NuSphere to Zend but eventually came across Netbeans. Although PHP support was in its infancy, I was impressed with the functionality in Netbeans and it had far fewer bugs than Aptana 1.5. So I installed, started using it and I’m happy to say that our entire team are now using Netbeans for our PHP and web development. Its PHP functionality is improving all the time, has good support for CSS, JavaScript and HTML. There is the ability to upload your projects via FTP and SFTP and best of all, it’s FREE!
So if you’re looking at changing your IDE, I would recommend giving Netbeans a try.
mark
design, development
February 19th, 2010
I had a problem earlier in the week where I needed to merge multiple PDF files together so they could be printed in one long run. I thought it was going to be one of those tasks that caused me to have a serious headache, but to my surprise it was rather easy.
Lets say you have 5 PDF files named “doc_1.pdf, doc_2.pdf, doc_3.pdf, doc_4.pdf and doc_5.pdf” and you need them to be merged into one file called “docs_joined.pdf”. All you have to do is use the following function:
shell_exec();
This function executes a command via shell and in this case the Linux command you want to call is ‘gs’, which is Ghostscript, a PostScript and PDF language interpreter and previewer.
So using both shell_exec() and ‘gs’ we would do the following to join the PDFs together:
$output = shell_exec(‘gs -q -sPAPERSIZE=letter -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=docs_joined.pdf doc_1.pdf doc_2.pdf doc_3.pdf doc_4.pdf doc_5.pdf);
And you’re done. Simple!
mark
development
January 15th, 2010
As a web developer I obviously, well, hopefully have a good idea on how most websites fundamentaly work. One thing that always worries me though is when I am signing up for a new account on a website and have to enter a password. Now most of us would have a few or probably just one password that we use when signing up to accounts on-line. This obviously means that we don’t have to remember loads of different passwords, but what worries me is how these passwords are being stored.
When I was a junior developer, just learning to code websites with the facility to sign-up and login to accounts, I would simply store the information entered by the user in a database. So if someone entered the password “jimmy” I would store it in the database as “jimmy”. Now obviously there are limited people who have access to this information, but it is actually quite powerful information to own. This information could be used malicously if in the wrong hands. Take the following as an example:
You sign up for a Facebook using the following credentials:
Username: mark@myemailaddress.com
Password: mypassword
You then also sign-up for an account with ‘my-made-up-website.com’ (this is an example) using the same credentials. Now if ‘my-made-up-website.com’ are storing your username and password as plain text in the database, anybody who has access to the database will be able to see these credentials. They would then have a pretty good idea that you could have used the same log-in credentials for Facebook. Hummm imagine what havoc they could cause on your Facebook page hey or even Amazon account with your saved credit card details?
So…now that I’m a much more experienced programmer, what do I do differently? Well as a minimum I encrypt any passwords being entered into the database. For this I use the following PHP function:
sha1();
So to encrypt the password ‘mypassword’ we would apply the following before adding it to the database:
$password = sha1(‘mypassword’);
This encryption is non-reversible so people who have access to the database wouldn’t be able to use it. There are methods out there to reverse this encryption, but it certainly isn’t easy.
You could also go a step further and add a ‘Salt’ keyword to the password and also run it through sha1() twice, making it a double encryption and this should make it very very very very difficult to reverse. The method for this is as follows:
$salt = ‘shake-it-up’;
$password = sha1($salt . sha1($clean['password']) . $salt);
So adding the ‘Salt’ keyword means the hacker would not only have to guess that you have added that to the start and end of the password, but also that you have ran it through sha1() twice. They would also have to guess the ‘Salt’ word used.
mark
development
credentials, database, encryption, php, security, sha1, sign-up
November 11th, 2009
I’ve been recently developing a very large scale website and back end system for a client and during the development process we came across and very annoying yet common issue that really spoils the user experience. When data is posted from one page to another and the user navigates back using the “Back” button in their browser, you get a warning page saying that the page has expired. Not only is this very annoying for the user, but could potentially turn them off from using the site altogether.
So what’s the solution? Well there are a couple of things we can do to help the problem, but the only real way to get around this is to use a header redirect once the form has been posted. Let’s look at an example.
So you have a form like below and you want the users name to be stored in a session variable.
<form action=”step_2.php” method=”post”>
<input type=”text” id=”users_name” name=”users_name” />
<input type=”submit” id=”submit” name=”submit” value=”SUBMIT” />
</form>
When the SUBMIT button is then pressed a PHP script is called to store the users_name in a SESSION variable, like so:
<?php
if (isset($_POST['users_name'])) {
$_SESSION['users_name'] = $_POST['users_name'];
}
?>
The one thing that is missing from this script is the header redirect. This will redirect the page to the page of your choice and will eliminate the Page Expired issue. So to do this simply change the above script to:
<?php
if (isset($_POST['users_name'])) {
$_SESSION['users_name'] = $_POST['users_name'];
header(‘Location: step_2.php’);
}
?>
Perfect!
mark
development
October 30th, 2009
I’m sure all web designers have come across a really annoying problem with multiple <div> columns that float.
The Problem:
If you have a 2 column layout and one <div> has “float: left;” and the other “float: right;”, the containing <div> tag is not going to expand beyond those 2 floating <div> tags. The old solution was to put a new <div> tag under those columns, with the CSS rule of “clear: all”. So you would end up with the following code:
<div id=”container”>
<div id=”column_left”>Content</div>
<div id=”column_right”>Content</div>
<div class=”float_clear”></div>
</div>
#container {
border: 1px solid #000000;
}
#column_left {
float: left;
}
#column_right {
float: right;
}
.float_clear {
clear: both;
}
Although this works just fine and dandy, the main issue with it is that it creates extra unwanted HTML markup. Well the good news is that a better solution has since emerged. Instead of using the float_clear tag, replace your #container CSS with the following:
#container {
border: 1px solid #000000;
overflow: auto;
width: 100%
}
This results in the same outcome as using the <div class=”float_clear”></div> markup and clear: both; CSS.
Brilliant!
mark
development
October 19th, 2009
There are plenty of options out there to “build your own website”, some obviously better than others, but is it a good idea?
Well first off, it will probably save you some money up front and in some cases web builders are free. So it may seem an appealing way to get your self an online presence. But beware, there are a few drawbacks.
Firstly they will almost certainly be template driven, so don’t expect your site to be unique and one of a kind. Sure you’ll probably be able to add your own logo, but the layouts, colour schemes and pictures will more than likely be predefined. Secondly the code that the builder produces may well be very “un-search engine friendly”. If you want your site to get to the top of Google then taking this route will not be your best option. The site builder may produce nests and nests of code that Google will dismiss and not list your site. The problem is that if this is the case Google may not continue crawling your site and it could take a long time for you even to appear on their listings. Also bear in mind the disability act. Your site should comply with guidelines setup by the W3C, so people who are visually impaired can still navigate around your site using screen readers. The use of a site builder may not take this into consideration.
So to sum it up, although it might be an appealing option to use a site builder, there are some things to take into consideration. At the end of the day, the best way to build a website is from the ground up, with neat hand-built code. Which of course is all that us folks at Edge of the Web do! 
mark
development
August 19th, 2009
Spam is a problem anybody with an email address has come across and it can end up being the bain of our lives. Using a spam filter either on your web server or local computer can help cut down the amount of spam that arrives in your inbox, but can never totally get rid of the problem. Also if you are too aggressive with your spam filter scoring you can easily start getting legitimate emails blocked.
So how can spam be stopped in the first place? Well…it can’t, but there are things that can be done when setting up a new website with a new domain. One thing our clients always want is their email address on the site and the first thing we always tell them is what a bad idea it is. As soon as you put your email on yours or anybody else’s website it will get picked up by spam databases and then get hurled with emails about anything from Viagra to fake bank account information. So to help combat this problem, included with all of our sites and something that we highly recommend doing is using a contact form instead of displaying your email address. This gives you the opportunity to ask your potential customers some brief questions and then have them emailed directly to you without ever disclosing your email address.You can even have it mailed to multiple recipients. But best of all it should help cut down the amount of spam you receive in the future.
mark
development
Contact Form, Email, Privacy, Spam
August 14th, 2009
If there is one thing I’ve learned since developing websites and applications, it’s the importance of validating user input. Don’t trust for one second what your user is sending you. Anytime a user is asked for input, whether it be their name, email address or an uploaded image, this must be filtered to:
- Check it is actually from who it’s supposed to be
- Make sure it contains the information you want and is structured correctly
Data must never be changed to accommodate mistakes, always tell the user if they have done something incorrectly. Make them play by your rules. Changing incorrect user data can create vulnerabilities.
Once data has be validated, it must be escaped before being inserted into a database. The safest way to make sure data is clean is to set-up a new array() and then put the data through htmlentities() and mysql_real_escape_string().
So never trust your users. Always treat data input as invalid until you can prove otherwise. It sounds harsh, but it’s the only safe way to protect you, your data and your customers.
mark
development
application design, mysql, php, validating user input, web security
