Show Posts
Pages: 1 2
1  Security & Performance / Performance and Tuning / Browser Caching - Impacts on: Apr 25, 2011, 09:31:10 am
I have a fairly complex web application and I've used browser caching to really speed up delivery.

Unfortunately, the QA team often forgets to clear their browser caches, and the average user never clears theirs.

How can I retain the advantages of browser caching, but still have the browser refresh the files when necessary?

There's actually two sets of files - some are library files which will NEVER change (dojo), and some are local, which change infrequently.

The system is fairly stable.
2  General Category / General Discussion & Chit Chat / Re: Looking for a nice "1940's" style theme on: Apr 15, 2011, 12:42:50 pm
What kind of content?  Images, text, video?
3  Server Scripting / PHP / Re: Easy way to de-dupe a large list? on: Apr 08, 2011, 05:46:36 pm
On the command line:

Highlight Mode: (Bash)
  1. sort listofdomains | uniq > uniqed

With PHP:

Highlight Mode: (PHP)
  1. <?php
  2. $list=explode(PHP_EOL,`sort listofdomains | uniq`);
  3. var_dump($list);
4  Server Scripting / PHP / Re: Easy way to de-dupe a large list? on: Apr 07, 2011, 07:57:39 pm
cut | sort | uniq


If you can post a couple of lines, I can put more details
5  Browser Scripting / CSS / Re: CSS from PHP - why doesn't it work? on: Mar 24, 2011, 04:59:35 am
How are you getting the CSS to the browser?  Is it a link tag?  Style?  Server-side include?

Also - the browser may not want to display a pink background.  Smiley
6  Server Scripting / PHP / Re: PHP Warning: Illegal offset type in isset or empty on: Mar 08, 2011, 02:45:52 pm
Yup - this worked ...

Highlight Mode: (PHP)
  1. $aPost["{$f->name}"]

7  Server Scripting / PHP / PHP Warning: Illegal offset type in isset or empty on: Mar 05, 2011, 10:39:24 am
Why do I get this warning?


Highlight Mode: (PHP)
  1. <?php
  2.        $xml=file_get_contents('xml.xml');
  3.        $data = new SimpleXMLElement($xml);
  5.        $aPost=array();
  6.        $aPost['url']='';
  7.        $aPost['id']='zonk';
  9.        $bValid=true;
  10.        foreach ($data->fields->field as $f)
  11.                if (isset($aPost[$f->name]))
  12.                {
  13.                        $f->value=$aPost[$f->name];
  14.                        if (!preg_match('/^'.$f->regex.'$/',$aPost[$f->name]))
  15.                        {
  16.                                $f->invalid=(bool)true;
  17.                                $bValid=false;
  18.                                echo $f->name.' is invalid!';
  19.                        }
  20.                }
  21. ?>

Highlight Mode: (XML)
  1. <?xml version="1.0" encoding="utf-8" ?>
  2. <interface>
  3.        <name>Works</name>
  4.        <fields>
  5.                <field>
  6.                        <name>URL</name>
  7.                        <length>255</length>
  8.                        <validation>[\w\.\-]{2,255}</validation>
  9.                        <default></default>
  10.                        <label>URL</label>
  11.                        <value></value>
  12.                        <required>true</required>
  13.                        <errortext>Letters, numbers, periods and dashes only</er
  14. rortext>
  15.                </field>
  16.                <field>
  17.                        <name>id</name>
  18.                        <length>11</length>
  19.                        <validation>[\d]{1,11}</validation>
  20.                        <default>1</default>
  21.                        <label>Id</label>
  22.                        <required>true</required>
  23.                        <errortext>Ids must be all digits</errortext>
  24.                </field>
  25.        </fields>
  26. </interface>
8  Security & Performance / Security Issues / Re: Stats check - what's really happening here? on: Feb 24, 2011, 06:43:28 am
Digging a little further ...

The 'latest visitors' log data shows this for one of the entries:

Http Code: 301 Date: Feb 23 07:44:04 Http Version: HTTP/1.1 Size in Bytes: -
 Referer: -
 Agent: Mozilla/4.0 (compatible; ICS)

A quick look around showed 'compatible; ICS' was probably not a person or search engine.

Looking from a different angle, I checked several IP addresses with that user agent at:

A common reaction to this is to block the requests by user agent, and that's what I did, using:

RewriteCond %{HTTP_USER_AGENT} (compatible;\ ICS)
RewriteRule ^ - [F]

These must go before any other RewriteRules.

Finally, to test the site and ensure it still runs, I used
9  Security & Performance / Security Issues / Stats check - what's really happening here? on: Feb 23, 2011, 09:39:26 am
This is a screenshot from my blog.

You can see a bunch of different hits, often within the same second, from a huge variety of IP addresses.

What's happening?

The blog doesn't allow any kind of comment posting, no one can register, and the content isn't particularly exciting. 

Why would anyone, or anything, waste the time and bandwidth to request these pages?
10  Server Scripting / PHP / Re: Converting eregi to preg_replace.... on: Feb 21, 2011, 05:45:58 am
... or this ...

Highlight Mode: (PHP)
  1. <?php
  3. $some_text='The Cat likes to sleep';
  4. $word='cat';
  5. $rep_string='';
  7. $some_text = eregi_replace("([[:space:]()[{}])($word)", "\\1<a href='$rep_string'>\\2</a>", $some_text);
  9. echo $some_text.PHP_EOL;
  11. $some_text = preg_replace('/(\s+)('.preg_quote($word).')/i','$1<a href="'.$rep_string.'">$2</a>',$some_text);
  13. echo $some_text.PHP_EOL;

11  General Category / General Discussion & Chit Chat / Re: What's On? Jeopardy - Watson on: Feb 16, 2011, 06:32:17 am
Several people talked about Watson and why it was important beyond Jeopardy.  It was a good reminder for me that building software is just part of the equation.  A real system requires many different skills and can make a huge difference in the world.

12  General Category / General Discussion & Chit Chat / SEO - Google - Advantages? on: Feb 15, 2011, 06:52:13 am
If you have Google ads on the site, does it improve SEO (under Google)?
13  Security & Performance / Security Issues / Re: Encrypting of little use? on: Feb 10, 2011, 06:45:02 am
I think it is good to have the reset function change the password, for client-side security.  Lots of people have cookies that contain their login information.  The cookies often live much longer than they should, especially on shared computers, and if you request a new password, resetting it makes it a little more difficult for someone to hijack the account.

The complexity of passwords is important, too.  Forcing users to create passwords that include upper and lowercase letters, digits, and symbols makes it more difficult for people to guess the passwords. 

From a user perspective, I prefer a reset on my password recovery, because it makes me feel more 'secure'.  Since the application logic to do a reset is simple, that's the approach I use.

The ease of password recovery has a huge impact on how I work with a site/provider/application.  For the billing interface of my web hosting provider, there's one account that I can never remember the password.  I just reset it every time I need to make an update, which is very rarely, less than once a year.  I reset it a couple of weeks ago, forgot to log in, and still have no idea what it is.  On other accounts, I'm using generated passwords which are impossible to remember, and I just have yellow stickies with the passwords, but not the account/username. 
14  Server Scripting / SQL & Database / Re: MySQL and enum on: Jan 27, 2011, 07:05:37 am
I like that.  It keeps the values in the database, so different languages can still use them, and it uses integers for the data which is good for performance, it insulates the value from its meaning, and it's more flexible and portable than enums.

Thank you.
15  Server Scripting / SQL & Database / Re: MySQL and enum on: Jan 27, 2011, 05:41:32 am
The .ini settings aren't really related to the question, they were the only text I had to support the enum question.

A lot of times, I need an array to assign strings to values for databases - like this:

Highlight Mode: (PHP)
  1. $aStatusMap = array(0=>'pending',1=>'activated',2=>'locked',3=>'disabled');

And then when the (integer) data comes out of the database, I translate it:

Highlight Mode: (PHP)
  1. $sStatus = $aStatusMap[$database_value['status']];

But if I used an enum type, it would be:
Highlight Mode: (PHP)
  1. $sStatus = $database_value['status'];

If the database is accessed by different (programming) languages or code, the string values will be preserved and accurate, because they are in the database, rather than defined in code.  In addition, if the database changes, the code has to change.

PHP to get the enum values and default from the database:
Highlight Mode: (PHP)
  1. if ($result = $mysqli->query("SHOW COLUMNS FROM test LIKE 'enum_col'")) {
  2.        $row = $result->fetch_assoc();
  3.        $sType = $row['Type'];
  4.        $aValues = explode(',',str_replace('\'','',substr($sType,(strpos($sType,'(')+1),-1)));
  5.        echo 'Field name: '.$row['Field'].PHP_EOL
  6.                .'Valid values: '.var_export($aValues,true).PHP_EOL
  7.                .'Default: '.$row['Default'];
  8.        $result->close();


Field name: enum_col
Valid values: array (
  0 => 'one',
  1 => 'two',
  2 => 'three',
Default: two

And Perl code:
Highlight Mode: (Perl)
  1. #!/usr/bin/perl
  2. use DBI;
  3. $dbh = DBI->connect('DBI:mysql:test', '', ''
  4.                   ) || die "Could not connect to database: $DBI::errstr";
  6. $sth = $dbh->prepare('SHOW COLUMNS FROM test LIKE \'enum_col\'');
  7. $sth->execute();
  8. $result = $sth->fetchrow_hashref();
  9. print "Values returned: $result->{Type}\n";
  10. print "Default: $result->{Default}\n";
  11. $sth->finish();
  12. $dbh->disconnect();


Values returned: enum('one','two','three')
Default: two

Is this a good idea, or am I missing something?


16  Server Scripting / SQL & Database / Re: MySQL and enum on: Jan 26, 2011, 06:07:32 am
I saw it in one of those best practices lists - enums are stored as integers, although they're accessed as strings.  It can save you from having to write annoying constant translation lists, where you use and integer to represent something, like a status.

From the create table / alter table add column:

`status` enum('pending','activated','locked','disabled') default 'pending',

And the associated .ini settings for Zend Framework, using dojo's FilteringSelect to allow and administrator to assign the status:

; status element
; These MUST match the definitions in the user table
elements.status.type = "FilteringSelect"
elements.status.options.label = "Status"
elements.status.options.dijitParams.searchAttr = "name"
elements.status.options.autoComplete = true
elements.status.options.required = "true"
elements.status.options.validators.inarray.validator = "InArray"
elements.status.options.validators.inarray.options.haystack[] = "pending"
elements.status.options.validators.inarray.options.haystack[] = "activated"
elements.status.options.validators.inarray.options.haystack[] = "disabled"
elements.status.options.validators.inarray.options.haystack[] = "locked"
elements.status.options.validators.inarray.options.messages.notInArray = "Invalid status"
elements.status.options.multioptions.pending = "pending"
elements.status.options.multioptions.activated = "activated"
elements.status.options.multioptions.disabled = "disabled"
elements.status.options.multioptions.locked = "locked"

Finally, it's multilingual, xgettext will translate any text it can find a definition for into another layer.

I was talking with the database guy at work, and he said enums aren't portable across databases.

A quick look on the 'net showed that Oracle didn't seem to have direct enum support.

It may also be a security boost - since invalid enum values are stored as '' (empty strings).
17  Server Scripting / SQL & Database / MySQL and enum on: Jan 24, 2011, 10:06:55 am
I keep looking at enum columns and wondering why I'm not using them more.

Ideas?  Best practices?
18  Server Scripting / PHP / Re: Minutes between two dates on: Jan 14, 2011, 10:13:43 am
Sounds like a rounding error, after the results are returned, like Ed mentioned ...

Highlight Mode: (PHP)
  1. $start='2011-01-01 00:00:00';
  2. $end='2011-01-03 17:40:00';
  3. $start_time=strtotime($start);
  4. $end_time=strtotime($end);
  5. $total_seconds=abs($end_time-$start_time);
  6. $seconds = (int)($total_seconds % 60);
  7. $minutes = (int)(($total_seconds / 60) % 60);
  8. $hours = (int)($total_seconds / 3600);
  9. echo 'Integers:'.PHP_EOL;
  10. echo $hours.':'.$minutes.':'.$seconds.PHP_EOL;
  11. $seconds = round($total_seconds % 60);
  12. $minutes = round(($total_seconds / 60) % 60);
  13. $hours = round($total_seconds / 3600);
  14. echo 'Floats:'.PHP_EOL;
  15. echo $hours.':'.$minutes.':'.$seconds.PHP_EOL;
  16. $seconds = floor($total_seconds % 60);
  17. $minutes = floor(($total_seconds / 60) % 60);
  18. $hours = floor($total_seconds / 3600);
  19. echo 'Floats - with floor:'.PHP_EOL;
  20. echo $hours.':'.$minutes.':'.$seconds.PHP_EOL;

Floats - with floor:
19  Security & Performance / Performance and Tuning / Apache Index Listing Configuration on: Jan 14, 2011, 07:13:58 am
Sometimes you need to allow people to choose files from the server, but you don't want to write code to list the files.  You can customize Apache's IndexOptions and wrap the listing with some XHTML and CSS to create a nice interface.

# Allow display of directory
Options +Indexes

# Configure display options for directory
IndexOptions +FancyIndexing +FoldersFirst +SuppressDescription +SuppressHTMLPreamble +XHTML +HTMLTable +SuppressRules +SuppressIcon
AddType text/html .html

# Suppress the display of .gz and .email files in directory listings
IndexIgnore *.gz *.email

# Header and footer files for directory listings
HeaderName "/hdr/Header.html"
ReadmeName "/hdr/Footer.html"

20  Server Scripting / PHP / Re: validating an email address on: Jan 13, 2011, 12:41:45 pm
Very cool.  Thanks!

Pages: 1 2