Programmin' Prim8

Rails 1.2 is not out as of this writing, but it is expected soon. These features are currently available on edge rails.

Resource Routes - edge rails
rdocs
peepcode.com cheatsheet

Set up basic CRUD routes for your resources:



Resource Generator - edge rails

Will generate a RESTful model, controller, views, tests and migration.



RSpec Resource Generator - plugin
announcement
svn

Equivalent to scaffold_resource generator for people using BDD/RSpec. Will generate specs instead of tests.

simply_helpful - plugin
writeup

Lots of helper methods for REST. Sugar for rendering collections, autogenerate DOM ID, form blocks and more.

restful_authentication - plugin
readme
svn

Will generate RESTful user/session functionality. Also has an authenticated_mailer generator, although as of the time of this writing, it doesn't work out of the box with the user controller/model. You'll need to finish off the activation code.

ActiveResource - edge rails
writeup

Update - delayed .. will not ship with Rails 1.2.

ActiveRecord-like interface to RESTful services. Note, "rake rails:freeze:edge" did not give me this library, I had to use:

By popular demand, here is a working example of encrypting/decrypting between PHP and DotNet. This uses ECB, which is not ideal (a string crypted will always generate the same crypt text), but makes the example a bit simpler.

PHP and DotNet Encryption

Note, you need the mcrypt library:
"These functions work using mcrypt. To use it, download libmcrypt-x.x.tar.gz from http://mcrypt.sourceforge.net/ and follow the included installation instructions. Windows users will find all the needed compiled mcrypt binaries at http://ftp.emini.dk/pub/php/win32/mcrypt/."

1. Run encrypt.php and it will encrypt 'This should be readable in DotNet!' into a local file called crypt_text.bin.


2. Run the DotNet app and decrypt the file (enter your path), you should get the same thing.


3. Type any text you like into the large text box and click 'encrypt'.


4. Run decrypt.php (make sure the crypt_text.bin you just generated is in the php directory) and it should produce the text you just entered.

Note, the important bits are how you handle the text encoding. I am storing the crypted text in base64 to make it easier to handle as a string, rather than binary data. In the DotNet code, any string that needs to match a string from PHP is getting converted to ASCII (DotNet uses UTF-8 encoding by default). Finally, the padding in DotNet is using PaddingMode.Zero. This does result in some garbage characters when you decrypt in php, but they are easily discarded with trim().

This has come up several times, so here is the lowdown. You may be confused why your 2 identical strings generate different key bytes in PHP and .Net. The answer lies in the encoding. In both platforms, a string is a collection of characters.

• PHP characters are ASCII encoded, with a length of 7 bits.


• .Net characters are UTF-16, 1 or more sets of 16-bit words.

If you want your strings to generate the same bytecode, you need to do some encoding. In this example, I want to make a 24 byte key that is the md5 of some plain text.

Example:

PHP:


.Net

Symptom: Everything works fine with no mysql root pass set. Eventually you listen to the good imp on your shoulder and set a nice password. Ahh .. life is good, or so it would seem until you flush-privileges, reload or reboot, and find yourself locked out of mysql. Rinse and repeat.

XAMPP 1.4.15 is shipping MySQL 4.1.13 with pre 4.1 mysql.user table structure. This becomes a problem when the --defaults-file option for the service points at a non-existant path, bypassing the old-passwords option which XAMPP apparently assumes everyone will be using.

Long story short, I recommend:
A) You probably want to do this either way. If you ever plan to use the new password hashes, they are not going to fit into 16 bytes.
mysql> use mysql;
mysql> alter table user change Password Password varchar(41) binary DEFAULT '' not null;

B) If you want to make sure your service is loading the my.cnf properly, edit registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mysql\ImagePath
set it to something like:
"C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" --defaults-file="C:\Program Files\xampp\mysql\bin\my.cnf" mysql

C) Now your xampp\mysql\bin\my.cnf file will be read, and you can pick for yourself if you want:
old-passwords or #old-passwords.

osCommerce is a popular open source shopping cart package. Recently spammers have been using redirect pages to help obfuscate their spam URLs. osCommerce has an open redirect page that is being abused. Here is an example of the URLs in the spam:



osCommerce hasn't done anything about this in their latest release, so I made a patch to solve the problem. You can download the patch here. To apply the patch:



Then enter your allowed domains in the $allowed_goto array.

Download 0.5.1

* Fixed a bug keeping the extended body spellcheck from working in IE.

For those following along with the PEAR/Yawp series, a serious security hole was found in Yawp 1.0.6, and all users are strongly recommended to upgrade.

pear upgrade http://phpyawp.com/Yawp-1.1.0.tgz

Changelog:

• BACKWARDS COMPATIBILITY BREAK: Removed the
  $GLOBALS['_Yawp']['conf_path'] variable, as it can be the source of
  serious security problems when register_globals is turned on in
  combination with other circumstances. In its place, use
  define('YAWP_CONF_PATH', '/path/to/Yawp.conf.php') to set up a custom
  configuration file location. Thanks to Stefan Esser of hardened-php.net
  for discovering this simple but potentially serious flaw.


• Added htmlspecialchars() to the trigger_error() messages generated when the configuration file cannot be read or found.

This plugin is based on the ajax-spell checker developed by Garrison Locke.

Download is available here. Just untar it in your plugins directory and then install the plugin from your s9y admin.

Changes:

• Spellchecker backend loads as an external plugin.


• Spellchecker links now have a fixed position to the right of the edit area, with hack for IE.


• ASPELL better supported, with a config option to set your path.


• Other minor fixes and tweaks.

Known Issues:

• You must have PSPELL or ASPELL installed


• Each time the spell check is run, the 'Entry Body' box seems to grow 1 pixel wider, for some reason not immediately apparent to me. Maybe someone with stronger css-foo will have an idea.

This plugin is based on the ajax-spell checker developed by Garrison Locke. The 0.4 plugin is based on version 2.2 of ajax-spell.

Download is available here. Just untar it in your plugins directory and then install the plugin from your s9y admin.

Known Issues:

• You must have PSPELL or ASPELL installed


• Each time the spell check is run, the 'Entry Body' box seems to grow 1 pixel wider, for some reason not immediately apparent to me. Maybe someone with stronger css-foo will have an idea.

Getting started with PEAR - Part 1

YAWP, or Yet Another Web Programming (foundation for PHP applications), is a great way to make the jump to using the PEAR libraries in your application. According to the YAWP site:

When you use Yawp as the base of your application, get...

• A single easy-to-edit config file


• Automated authentication processing


• Automatic creation of common objects: (Database abstraction, Disk cache, Composite logger, Benchmark timer, Variable dumper)


• Safe accessor methods for PATH_INFO, GET, POST, and configuration values

Sounds good? Let's begin.

Installation:

Covered in Getting started with PEAR.

Configuration:

The Yawp package includes a default config file, that is installed under the PEAR docs directory. On my system, I found the file here:

/usr/share/pear/doc/Yawp/docs/Yawp.conf-dist.php

The standard practice is to put this file in the base htdocs directory of your site, however I prefer to keep sensitive files outside of webspace, and this is supported also. Create Yawp.conf.php in you web document root, that contains a single line, starting with a slash, that is the path to your real config file:



If you are running a number of vhosts, you can keep all your Yawp configs in the same directory.

Constants:



Next are auto-include files that run when certain conditions happen. Uncomment these if you want to trigger certain code to happen on conditions like login, logout, start or stop. These are followed by error reporting and session parameters.



Next lets skip down to the Auth section. If you are running a site with user logins, you probably want to make use of this functionality. To use it, you would uncomment this section and customize it with your own settings. This example authenticates against a mysql database, Yawp also supports authenticating against a unix passwd file, LDAP or Samba passwords.



These settings assume you have a table 'auth' in database 'database', on server 'localhost'. Here is an example table definition:



Next on to the DB section. Just enter the details for your database connection.



That is about it for the basic config options. There are some other sections commented out, if you are interested in any of those you can find more detail in the Yawp documentation.

Hello World:

Now, on to writing your first page with Yawp.



If you remember the auto-include section in the config, I mentioned includes could be triggered on start and stop, these correspond to Yawp::start() and Yawp::stop(), and would be appropriate places to put your html header and footer if you so desire.

Yawp Functions:

These functions are available from the Yawp object. Some of the common ones you will use are:

start() - see above
stop() - see above
getGet() - safely gets a GET variable
getPost() - safely gets a POST variable
getObject() - gets a PEAR class from Yawp (such as AUTH or DB), useful for doing PEAR functions not supported within Yawp directly.
authUsername() - returns the current username if authenticated.

Front Controller:

I recommend using a front controller (single point of entry) for your web application. For more general info on front controllers, here is a good onlamp article. This is one page that will set up your environment and dispatch whatever pages need to display. Normally you would use the front controller to separate logic, flow control and layout, but for simplicity in this example I just dispatch a single view that will handle logic and layout. I'll explain the code in comments, so on to the code:



Next Part:

In the next part I'll be talking about DB queries and using HTML_QuickForm.

s9y has a lot of plugins available, but one notable feature that was missing was spellcheck. I got tired of pasting my posts into my mail client, so I took the ajax-spell checker developed by Garrison Locke and made it into a plugin for serendipity.

A beta version (0.3) is available here. Just untar it in your plugins directory and then install the plugin from your s9y admin.

Known issues:

• You must have PSPELL installed (should work with aspell, but I haven't had a chance to test it, may need some configuration).


• Each time the spell check is run, the 'Entry Body' box seems to grow 1 pixel wider, for some reason not immediately apparent to me. Maybe someone with stronger css-foo will have an idea.


• Check spelling link gets positioned wrong when a preview displays, may need to go back to relative positioning.


• Some html tags are being (incorrectly) stripped out by the spellcheck.

Introduction:

PEAR is 'PHP Extension and Application Repository' (similar to CPAN for those perl users). It is a repository for public libraries for use with the popular PHP language, and also represents a set of PHP coding standards to encourage a unified style within the libraries.

In the past I simply wrote my own libraries for each task I wanted to accomplish, and then all my apps shared the same set of custom libs. Now, this is not a bad way to go, and you may be quite happy with the results, but if you want to use a more standardized approach, with code that has been peer reviewed and documented, then PEAR is for you.

Yawp is a framework that takes some of the base PEAR packages and combines them to use a unified config file and wrapper object. It can be a quick way to jumpstart into using a full set of PEAR packages for your application.

Installing PEAR:

If you have compiled a recent version of PHP (and not used --without-pear), then you may already have PEAR on your system. On fedora you could do:



Installing PEAR modules:

This bit is easy. You just need to do something like the following: (here are commands to install all the PEAR modules I'll be mentioning, and prerequisites).



If PEAR complains about dependencies, then simply install the dependency packages first (unless it happens to be something like: PHP version >= 5.0.0 is required).

If you want to install a non-stable package, use the full package name with the version:



Using PEAR:

Make sure that your PEAR repository is in your include_path. Edit php.ini and make sure you have something like this:



Then you can use the following from PHP:



PEAR References:

PEAR Manual - General information about PEAR.
PEAR Faq - Frequently Asked Questions.
Yawp Documentation - Getting started, function reference and example code for Yawp.
Package Documentation - Documentation for all PEAR packages can be found here. Find your package, then click 'Documentation', and then either 'End-User Documentation' or 'Documentation for latest release'.

Next Part:

In my next post I'll discuss using Yawp as the base framework for your web application.

Adding a standard border to a control. - Bob Powell writes a nice technique for adding a standard border to any Control (or UserControl in my case). The technique involves setting the CreateParams.Style or .ExStyle flags to determine how the control will be created.

Style constants can be found in winuser.h under WindowStyles (WS_) and WindowStylesExtended (WS_EX_).

Making Wrong Code Look Right - an excellent essay from JoelOnSoftware. I always hated hungarian notation, and now I see how I could have been using it to much better end than tracking types.

Recently migrated to subversion (SVN) from Visual Source Safe. The changeover went smoothly, but then I was left with a bunch of left over, non-functioning VSS stuff.

Found an easy walkthrough from Korby Parnell, which worked great. Now the solution is much cleaner.

Really happy with SVN so far (as a user and admin), seems nice compared to either VSS or CVS. Using TortoiseSVN for a client, which is really simple and integrates with windows explorer.