Using Jquery Formbuilder

2 Jul 2020

, ,


jQuery formBuilder is a lovely stylish formbuilding tool, with all the front-end features a developer could desire. But the documentation is a little short of examples for integration with a backend system + database, and the gitter chat is completely full of people struggling with the basics.

I’m writing down some integration notes to keep it clear for myself in my head.

I’ve tried to keep this code as simple and as framework agnostic as I can.

Example code = dirty code. Do not use in real-life.

Read More

Finite State Machines

4 Jun 2020

, ,


What is a finite state machine?

A finite-state machine (FSM) is a mathematical model of computation. It can change from one state to another in response to some inputs; the change from one state to another is called a transition. An FSM is defined by a list of its states, its initial state, and the inputs that trigger each transition.

Thank-you Wikipedia. That’s helpful.

Read More

Carbon Dating

16 May 2020

, ,


Over the years, I’ve built a whole library of helper functions for working with dates in php, but I think they’re all a thing of the past now. Because I’ve been playing with Carbon Date library by Brian Nesbitt. It’s best described as Php’s DateTime for humans.

Here follows a quick summary, but I’m just looking at the very tip of the iceberg. Lots more!

Read More

Using Bootstrap Modals with Laravel

9 May 2020

, ,


I use modal popups all over the place in my web applications. The most frequent use is to make the user confirm deletion, either by typing DELETE into a form or by giving a reason for deleting the item in question. And I want to make this work in Laravel.

Note: this is klunky.  I’ve been playing with Laravel for a few weeks and if I end up using it as an ongoing development platform, then yes, things will be rewritten.

Read More

Securing phpMyAdmin

30 Apr 2013

,


I run phpMyAdmin for a number of websites and (thanks StackOverflow), this is my check list for phpMyAdmin Security.

What gets done depends a lot on the client’s webhost and how much control I have, but this is a short list of things which can be done.

  1. Change the folder location
    I’ve changed the application folder the obvious ones such as phpMyAdmin or pma to something a little less predictable; databaseliveshere or folder name of your choice.
  2. Passwords
    This is rather duh, but no harm in stating the obvious. Secure passwords which are proof against a brute-force attack
  3. Limit Access by IP Address
    This depends on how many people are accessing phpMyAdmin, and whether everyone has a static IP address, but I like to setup .htaccess so it restricts access to a subset of IP addresses.
    <limit GET> 
        order deny,allow 
        deny from all 
        allow from 81.95.39.134 
    </limit>
    
  4. Root shouldn’t have access to phpMyAdmin
    I edit the config file for phpMyAdmin and set AllowRoot to false
  5. HTTPS
    I set up a self-signed security certificate so I can access phpMyAdmin via https. This way the login and password can’t be leaked to an attacker.

PHP North West 2011 Conference

10 Oct 2011

,


I’ve just spent a weekend at the PHP North West 2011 Conference.  I went to the London PHP day in February and a couple of people in the bar were enthusing about the North West event, so I decided to give it a go.

Why did I go to the conference?

I usually work from home, and I work on my own and this (while still being wonderful and completely amazing and best way to work ever) does mean that I miss out on the company of other developers.  Working with, and talking to, other people is a great way to learn; people tell you about things, you try new things, you get enthused and excited and you remember why you love your work.   Weblogs and mailing lists and twitter and IRC, although good things in and of themselves, are not quite the same as people.  So I try and fill a hole with local events and the occasional conference.  Sometimes it’s hard work; like a lot of people in this field I’m not the most sociable and gregarious person.

What did I like?

There was a great selection of talks, and making a choice was often difficult.  Choice isn’t always good – I sometimes end up feeling that the talk on the other side of the fence was greener and wondering what I’m missing.   But I saw some wonderful presentations, and all the presentations in the main tracks were videoed so I can check out the talks I missed when the videos go online (in about a month).

Read More

UTF8 all over the place

22 Jul 2011

,


For all web applications, I have to make sure I’m using UTF8. It’s not just for customers who want the occasional page in Japanese or Korean; it’s for perfectly standard English pages which use text such as Ætna or the non-Ascii pound sign £

Now, to get this right, I have to make sure the database is setup to handle UTF8 AND the web server is setup to handle UTF8 AND the browser is setup to handle UTF8…

Read More

What PHP Programmers do for fun

11 Jan 2011

,


I’m about to head off to the PHP West Midlands get-together for January.
The group meets the second Tuesday of every month, and it alternates between social and technical meets. This month – “What’s new in Zend Framework 2.0” by Rob Allen
Dave has arranged for a new venue and we’re now meeting in the Birmingham Science Park. I’m not exactly a regular, but will be going more frequently this year – my Tuesdays are a little more open for socialising and php-ing. Most of the group activity is on the mailing list and that’s always useful source of advice / suggestions.

And at the end of next month, we have the PHPUK11 – a one day event arranged by the London PHP group. The talks are good, but as always it’s the chat over coffee with other developers which really makes it worthwhile. I usually work as a solo developer, so bumping heads with other people in the same field matters. Too much possibility of stagnating otherwise.

Php Swift Mailer

4 Jun 2007


I’ve recently been using Php Swift Mailer and will now be using it for all my php applications which require email.

The initial impetus was I needed to send mail via a SMTP server which required authentication, and I also wanted to setup and post multipart (text + html) messages and messages with attachments. Swift Mail does both of these very nicely.

It also checks for mail injection attacks, which php mailer doesn’t, so I’ve ditched my own message checking code in its favour. This matters, because I’ve been noticing a LOT of mail injection attacks / site hacking attempts on one of my php sites recently.

Failing with grace and artistry

1 Jun 2007

, ,


One of the problems I’ve always had with PHP error handling is catching the fatal errors. If a php script encounters a fatal error it stops, and the desired error handling code does not get executed.

So the user will (usually) be confronted with a blank screen and, worse still, since the error isn’t logged I don’t know about it and therefore can’t fix it.

It’s a rare and confident user who will report a blank page or other such glitch; people are so used to working with a certain level of pain when using a computer that they just assume it’s unavoidable or that it’s been caused by their own inadequacy in some way.

Anyway, (thank-you PHP London user group) I now have a solution using the register_shutdown_function()

<?
register_shutdown_function('cleanExit');

// ... go and do all sorts of exciting stuff ...

$running = false;

function cleanExit() {
	if ($GLOBALS['running'])) {
		// script is still running - it's an ERROR
		// tell Bronwen about the error
		// tell user it's not their fault
	}
}
>