Skip to main content

Posts

Showing posts from 2012

Role based authentication in Cake 2.x

I do not like reinventing the wheel so really just want to build on existing tutorials and provide some background information and experience.  Firstly make sure you understand the difference between ACO and ARO. To put it in very simple terms an ACO is something that is protected by ACL and an ARO is something that uses ACL to access the ACO.  It might help to think of ARO as users (groups) and ACO as controller actions. You will be marking your user and group models as requester objects and setting ACO on controller actions across the board. The Cake manual really is good in explaining the concept of ARO, ACO, ACL. Please make sure you read it and understand it before continuing.  Unless you understand what ARO, ACO, and ACL mean at this point the rest of this post will make no sense. Please RTFM before continuing. Okay, now read through the Cake page that introduces the ACL shell ( here ). Ignore the sections "Create and delete nodes" and "Grant and Den

Adding a cross-browser transparent background

Adding a transparent background that is cross browser compatible is relatively simple.  It does not rely on CSS3 and so this method works for the current versions of Chrome and Firefox as well as IE8 and above. Add this to your template: <div class="container"> <div class="content"> Here is the content. <br /> Background should grow to fit. </div> <div class="background"></div> </div> Then add this to your CSS: .container { position:relative; } .content { position:relative; color:White; z-index:5; } .background { position:absolute; top:0px; left:0px; width:100%; height:100%; background-color:Black; z-index:1; /* These three lines are for transparency in all browsers. */ -ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=50)"; filter: alpha(opacity=

Adding a prefix to all files in a directory using DOS

A quick way to prefix all files in the directory is to run this command from your shell in the directory where your files are: for %a in (*) do ren "%~a" "prefix_%~a" The part of the command "prefix_" can be replaced with whatever prefix you want to swap with.

Getting XAMPP to use Microsoft SQL server

Scary Microsoft employee makes your life hard This post just builds on the post found here and gives you some shortcuts to solving the issue. Before visting that link run phpinfo() to check the compiler that was used for your version of PHP. Next thing to remember is that nts is short for "not thread safe" and ts is short for "thread safe". The 53 or 54 in the file names of the dll's you download from ( Microsoft correspond to the version of PHP you're using (5.3 or 5.4). Finally if you get the error about "This extension requires the Microsoft SQL Server 2012 Native Client ODBC Driver to communicate with SQL Server" you can download the native client from Microsoft . There is an .msi installer for just the client down the page if you don't want to download the whole package.

Giving up Facebook

Giving up Facebook was difficult. I had to face up to the fact that I was thinking about it pretty much whenever I was taking a break.  I started to realize that Facebook took up a fair amount of headspace and time.  Since I don't smoke I don't go outside.  Left with the choice of drinking yet another cup of unhealthy coffee or finding a distraction on my PC I found Facebook curiously addictive. What did I like about Facebook?   Well I analyzed this carefully and thought about the value proposition.   Ultimately I realized that Facebook offered two things - lots of  shallow electronic interactions and meaningless flash animation games.  Since I earn enough to buy a decent PC (or console) and really hot games the games on Facebook offer little.  The only game that meant anything to me was Fairyland and that only because it promised to save the rainforest.  PC games are better without Facebook.  As for meaningless social interaction guess how many Facebook "friends&quo

Three steps to create a self-signed certificate in Apache for Ubuntu 11.10

It is very simple and quick to create a self-signed certificate on your development machine. Of course you would never use this on a production server because self-signed certificates are vulnerable to man in the middle attacks.  You will need to make sure that you have the ssl-cert and libapache2-mod-gnutls packages installed. Step One : Use the ssl-cert package to create a self-signed certificate.  This will create the certificate files in /etc/ssl which is where the Ubuntu default Apache configuration expects to find them. make-ssl-cert generate-default-snakeoil --force-overwrite Step Two : Active the SSL module and the default SSL site using the convenience wrappers: a2enmod ssl a2ensite default-ssl Step Three : Restart Apache service apache2 restart

Installing a Unified Communications SSL certificate in Microsoft IIS 6.0

Just another working day in Redmond Being placed in the dire situation where my project has to go live and is being served by a Windows server that has no administrator I was forced to open up my RDP client and venture back in time to the days of dinosaurs and IIS. Unified Communications SSL Certificates are pretty much the only solution I could find to allow a single installation of IIS to share a single certificate that is valid for multiple domains that don't conform to a wildcard.  Whew, what a mouthful.  In other words if you have the domains http://www.ihatemicrosoft.com , http://www.apacheisfree.com , and http://www.graphicalinterfacesareforpansies.com you can use a SSL single certificate to secure them by setting up Subject Alternate Names . Getting them up and running was a cinch for me made only slightly more complicated by previous failed installation issues which I had to identify and undo. Firstly if somebody else has tried to install the certificate and failed

Preventing Directory Traversal attacks in PHP

Directory traversal attacks occur when your program reads or writes a file where the name is based on some sort of input that can be maliciously tampered with.  When used in conjunction with log poisoning this can lead to an attacker gaining remote shell access to your server. At the most simple it could be to include a file like this: echo file_get_contents($_GET['sidebar']); The intention would be for you to be able to call your URL and send a parameter indicating which sidebar content you want to load... like this:  http://foo.bar/myfile.php?sidebar=adverts.html Which is really terrible practice and would not be done by any experienced developer. Another common place where directory traversal attacks can occur is in displaying content based on a database call. If you are reading from or writing to a file based on some input (like GET, POST, COOKIE, etc) then make sure that you remove paths .  The PHP function basename will strip out paths and make sure that y

Continuous Integration with Jenkins and Git

http://jenkins-ci.org/ Jenkins is a free and open source solution for monitoring the execution of jobs, including software project builds. By monitoring the outcome of a build you are able to provide continuous quality control throughout the development period of a project.  The aim is to reduce the effort required in quality control at the end of development by  consistently applying small amounts of effort to quality throughout the development cycle. Under the continuous integration (CI) model developers should consistently integrate their development efforts into the repository.  There should be time delay between committing code changes and the new build - this allows developers to recognize and correct potential problems immediately.  Of course measures must be in place to flag errors with the build. The advantage to developers and project managers to having a stable repository to which commits are made and tested are multiple.  I don't need to replicate the Wikipe

Adding a CakePHP based virtual host in Apache 2.2

It's very simple to set up a name based virtual host in Apache 2.2 using the default Ubuntu package. I'm assuming that you have installed Apache already and that you have edited /etc/apache2/sites-enabled/000-default to change the AllowOverride None to something like this: <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> If you have not already used this command sudo a2enmod rewrite then do so in order to enable mod_rewrite. Now edit your /etc/hosts file and add an entry that points to the server where you are setting up the virtual host. The line should look something like this: 192.168.0.100 mysite.local Where the IP address points to the server where you are setting up the host and mysite.local is a nickname for the site. Remember to add the .local :) Now create a file in /etc/apache2/sites-ava

Consuming Microsoft .NET SOAP server datasets in PHP

Microsoft Just Clowning Around Again If you're impatient here is the link that this article leads to SOAP is generally understood to be a simple method for systems to exchange data in a standard manner. This allows for remote systems to make calls on a server application. This sounds like a Good Idea. Microsoft, however, does not appear to fully understand the concept of SOAP when it comes to providing a SOAP server based on "datasets". Apparently the use of these datasets make it much easier for programmers using Microsoft languages to consume web services.  Unfortunately it makes it inconvenient for everybody else. So we have a standard way of doing things, but Microsoft decides to "improve" it and thereby forces everybody else to manually parse their XML responses. What is the point of having a standard method of accessing server methods if Microsoft then makes their implementation inoperable to Java, PHP, Ruby, Python, developers?  Isn'

Questions for mid-level PHP developer candidates

I often get CV's from developers applying for positions. Some colleges give people a certificate without really giving the candidate any problem solving skills or real understanding of theory. Here are some standard questions that I ask candidates to complete with pen and paper without access to Google. They cover basic OOP theory, logic, basic PHP syntax, and try to get some idea of the candidates passion for learning. In the rare occasion that a candidate actually bothers to investigate the company and finds my blog they will naturally be expected to do well on this quiz.  I guess that's bonus marks for being prepared :p PHP quiz ======== 1) Explain what SQL injection is and give TWO ways to combat it 2) If you type hint an interface name in a function argument what sort of variables can you pass? 3) What is an abstract class? 4) How would you call the construct method of a parent class inside  a child of that class? 5) Given two variables $a and $b which co

Reverse Engineering an MS-SQL database without Visio

The splash screen for Squirrel SQL I'm working on a project that draws from a Microsoft Sql Database.  Unfortunately there is no project documentation which means that it takes longer to become familiar with the design.  I particularly wanted an ERD of the database but this wasn't available.  So I looked for open source reverse engineering tools and found Squirrel SQL .  This is a very handy tool as it supports a variety of databases and client operating systems. Installing the Microsoft JDBC ( available from the Microsoft site ) was a snap: Just download the archive, extract it somewhere meaningful (I put mine as a directory in Squirrel). Edit the Microsoft SQL driver in your driver list Add an extra class and point it to the JDBC4 jar file (version 4 is required for newer versions of the JDK) The driver should load now Then proceed to add your connection alias per normal and you're connected to your MS-SQL database. The plugin to reverse engineer your database i

Online file resizer

Kraken  is an online image compressing utility that compresses  jpeg, gif, and png formats using a new algorithm.  It claims that the compression on existing files can be losslessly improved. Does it work? I tried it on a random file on my hard-drive and the algorithm reduced the size from 853kb to 729kb (about a 14% reduction). Here is the original file (click to view full size): And here is the reduced file:

Screen capture in Android 2.2.1 "Froyo"

My Android Desktop snapped with this method I took a screen capture by mistake once but then struggled to repeat the behaviour.  After Googling for a solution I found some very complicated solutions.  Probably the best way to do this is to buy an application on the Market, but I don't want to spend money on a toy. If you look in your "Settings » Applications » Running Services" menu you should see a service called "ScreenCaptureService". This allows you to take a screenshot by pressing the "Back" and "Home" buttons simultaneously. What works for me is to press and hold "Back" and then to press and release "Home" (while holding "Back").  This makes a snapshot noise and displays a message.  Files are saved to the ScreenCapture directory on your SD card and should appear in your gallery. Of course this is a problem if you try to take a snapshot of a running application because pressing "back" c