Rediscoverer

It’s saturday. But I’m still working. Nope, not that I’m forced to work or something, I’m just in the mood to work. Besides, I (kind of) set a deadline for the project I’m working on. I want to get it fully-functioning as early as possible because I’m planning to spice things up a bit and add a taste of Web 2.0 to it. After all, it’s my first official work project so I want it to be something that I can be proud of.

I’m also bored at home and too lazy to go out. It’s just one of those days that you don’t want to move your muscles too much. I’d rather sit here infront of my PC staring at the monitor all-day long. I wanted to know more about and learn how to use “mootools (An ultra-compact Javascript Framework)”:http://mootools.net. I’m planning to use it in my project for cool and usable effects but I won’t be able to until I finish some tasks. Hmmm… I’m kinda like off-setting my work for monday. Since grade school, monday is my laziest day, when I am at my most unproductive state. I’m working now just in case I catch the monday-sickness.

Whoops.. I can’t think what to add… maybe I should get back to work.

After being offline for more than a week, I’m here again. I had to go on work leave in preparation for the Geodetic Engineering Licensure exam that was held last September 26 and 27. I was supposed to get back to work on the 28th, but a “typhoon”:http://www.manilastandardtoday.com/?page=news01_oct02_2006 “hit”:http://sg.news.yahoo.com/061001/1/43ru5.html “Manila”:http://sg.news.yahoo.com/060930/1/43rfr.html “directly”:http://sg.news.yahoo.com/060929/1/43qyl.html . Power, communication and transpo went down (while billboards and roofs went flying around) . The power supply was restored (in our city, but major parts of Metro Manila are still down) the day after, but not the phonelines. I went to office, thinking that everything was put back to normal. Errrr… not. The situation at the office builduing was worse. No electric supply, except for the elevators and office lights. Alenaire was down so we were all sweaty at the office. Hoping that the power will be restored and we’d be back to work, we waited for several hours. What a waste of time. Office hours were over but still no light, so we just went home. Trains were shutdown due to power failure, so I had to take the bus for a two-hour trip. After another hour, I finally arrived home, and found out that the phoneline is back. Hooray! I worked at home the next day (even though it was a saturday). I almost forgot what I was doing before I went on leave, so I needed to catch up. By the way, the results of the exam was released on that day. I was quite relieved to see my name on the “list of successful examinees”:http://www.mb.com.ph/BDPR2006100376014.html. The cramming paid off. I need to fill-up some papers and attend the oath taking ceremony. After that, I’ll be a Geodetic engineer. Sweet.

I needed to use HMTLPurifier on my CakePHP application. So I just saved it under the vendors folder inside the application folder. This how the directory strucure looked like.

==

+ myApplication
     |-----+ config/
     |-----+ controllers/
     |-----+ models/
     |-----+ plugins/
     |-----+ tmp/
     |-----+ vendors/
     |       |----- HTMLPurifier/
     |       |----- HTMLPurifier.php
     |
     |-----+ views/
     |-----+ webroot/
     |-----+ .htaccess
     |-----+ index.php

==

But before including the vendor component, I needed to add the to HTMLPurifier so Cake can find it. So, I added something to HTMLPurifier.php, somewhere before the require_once() statements:

==

// START edit -dchx
//Add the path to the vendors folder where HTMLPurifier is located
if (function_exists('ini_set')) {
ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . dirname(__FILE__));
}

// END edit -dchx

require_once 'HTMLPurifier/ConfigDef.php';
require_once 'HTMLPurifier/Config.php';
require_once 'HTMLPurifier/Lexer.php';
require_once 'HTMLPurifier/HTMLDefinition.php';
require_once 'HTMLPurifier/Generator.php';
require_once 'HTMLPurifier/Strategy/Core.php';
require_once 'HTMLPurifier/Encoder.php';

==

Now I’m all set. I just need to to include the component using the CakePHP function uses().

*UPDATE*: Some little update on this. When using HTMLPurifier inside CakePHP (or even in other apps), make sure that the character encoding of the output page is UTF-8. I encountered this little bug where a paragraph tag (p) containing only a non-breaking space was converted into another character. But I checked on my html page and the meta tag Content-type was set to UTF-8 (and of course I’m using XHTML 1.0 Transitional DocType). I fixed it by sending a *content-type header*. In CakePHP, you can do this inside the __beforeFilter()__ function of your controller.

==

class MyController extends AppController {

//... the usual

function beforeFilter()
{
header('Content-type:text/html;charset=UTF-8');
}
}

==

I’m currently doing an article submission application. Wanting to give the users more power over their articles, I’ve planned on using a WYSIWYG(What You See Is What You Get) text editor for the article submission form. Using that kind of editor, users can format their articles easily, even if they have little experience with html. I tried using “TinyMCE (TinyMCE Javascript Content Editor)”:http://tinymce.moxiecode.com/, an Open-Source WYSIWYG editor that runs using Javascript and I’m quite happy with the results. It provided some “MS Word”-like interface. It also has some mechanism that filters disallowed html tags like and other potentially dangerous tags that could make the application vulnerable to XSS(Cross-Site Scripting) attacks.

But what if javascript was disabled by the user? Expecting that the input would be processed by TinyMCE, the application won’t be doing some input checking. If javascript is disabled, TinyMCE won’t be able to do its job. The disallowed html code will be freely included and the application will be left open to attacks. PHP’s Built-in input filtering functions isn’t much of use here, since all they do is strip the tags or convert special characters like < and > into their equivalent entities and will no longer be recognized as mark-up. I wanted some PHP functioality that can do the filtering for me.

So I consulted sir Google and after searching some possible solutions, I found “HTML Purifier (Filter you HTML the standards-compliant way)”:http://hp.jpsband.org/ and gave it a test run. Yep, it worked. I tried it with TinyMCE on, and the html fomartting was still intact after purification. Now I tried it with TinyMCE on, but then disabled javascript and inserted some not-so-malicious code and the purifier caught it. Nice! If I have time, I’ll test it further. I just need to make the application fully functional before doing detailed testing and debugging.

I was so conscious of properly sanitizing user input with htmlspecialchars() and addslashes() that sometimes I forget to trim() them for whitespaces. A small application I’m currently doing with CakePHP had this kind of bug related to unwanted whitespaces. It took me sometime to spot it.

p. “Rjene (subersibo)”:http://subersibo.quasifusion.com/wp gave me a link to a “love song about Web Standards (Hands To Boag)”:http://www.esanity.co.uk/podcasts/HandsToBoag.mp3. Read more about it at “Boagworld.com (Practical Advice for those managing websites)”:http://www.boagworld.com/archives/2006/04/a_love_song_to_boagworld.html . Very funny, specially the part with the tables nesting fifteen levels deep. :))

I was really interested with “Joomla”:http://joomla.org as an alternative for web publishing. It was really easy to understand and use (plus the admin panel rocks, imho). Then this update for Joomla came up, related to high-risk security vulnerabilities affecting all the past versions of Joomla. I have read the warnings about the update being incompatible with some extensions but I went on upgrading anyway. All was running smoothly when I stumbled upon the upload part in the admin panel. It was telling me I was not authorized the view/use th upload page (on the pop-up window). What the??? I am the super admin and the only user (I tested it on a localhost to make sure I don’t screw up the site on our test server). Then when I started using other extensions, they we’re giving me several warnings. Some of them I was available to work around, but most of them had something to do with Joomla’s inner workings so I didn’t messed with it (yet). Only two extension were left (barely) working.

Awww… man. Just when everything with Joomla looked promising. Well, I’ll be waiting for more updates and fixes regarding those extensions.

I’ve been handling this project for quite sometime now. It was a construction related forum, where homeowners seek advice from professionals. Our client wanted to add more services/features to the site. When the site was handed down to me there were already some additions. It had a classifieds section and a company directory, that were quite buggy and problematic. I had to take it down and rewrite it, salvaging any parts that I can. I also spiced it up a bit and turned it into a mash-up using “Yahoo! Maps (Yahoo Maps API)”:http://developer.yahoo.com/maps . I added a wiki on the site, hoping that users would help contribute and build a useful knowledge base. But I guess th folks there aren’t really ready for that. I was also assigned to create Jobs section, that would pull out related job feeds from another site and display some graphs/stats regarding the jobs. I did it, but got a little attention from the users (though some users got jobs from it). I also added a weather section, since weather was an important factor in their trade and a forecast would be quite helpful. They are also planning to have a product review/rating part, and an encyclopedia/dictionary to replace the wiki. They also want to add a gallery where the works of the contractors can be displayed/featured. They also asked me to install a newsletter application ( “PHPlist (PHPlist)”:http://www.phplist.com ) to inform users/partners with lates news and site updates.

Almost all of the requested features are done and are ready to be integrated with the site. The problem is that things are quite unorganized/scattered. I have two versions each for the Classifieds and Directory section, running using “CakePHP (Rapid Application Development Framework for PHP)”:http://cakephp.org and another using an OOP(Object-Oriented Programming) approach. The weather section and the Jobs section where done using normal procedural programming. As for the gallery, there’s already a user gallery mod (by the way, we’re using “PhpBB (PhpBB)”:http://phpbb.com or the forums) for the forum, so we I don’t think we need to install “Coppermine (Coppermine Gallery)”:http://coppermine-gallery.net Gallery. The Review/Ratings and encyclopedia things are yet to be decided, since the folks are still busy with the new site design/layout. I really hate the frequent switch between programming environments ( procedural, OOP, CakePHP framework and PhpBB), and I tend to accidentally mix things up. It’s tiresome and maintenance nightmare. This urge me to look for options on how I can choose an approach and apply it consistently through out the project. I rounded them down to three: PhpBB super mod, CakePHP and by using a CMS(Content Management System) like “XOOPS (XOOPS)”:http://xoops.org or “Joomla (Joomla)”:http://joomla.org .

Read the rest of this entry »

It’s my birthday today. But nevermind that. I got a new PC as an advanced birthday give. Well not really a gift. And not really intended for my birthday. It’s just that my brother was stupid enough to mess with my old PC (prehistoric computer). One day I came home with coverless CPU welcoming me at my desk, the hard drive and CD-rom drive detached. I got really pissed off (I arrived late in the evening from work) and almost woke everyone in the house. My mother told me that my brother (who just arrived from several months of his duty on a ship) tried to “repair” my PC (just ot remind you: he doesn’t know anything about computer hardware!) and see what he can do with my busted CD-rom drive (he was planning to replace it with a spare one). I was always reluctant in disassembling and replacing the parts of my PC because the parts were in critical shape. It was really old, a PIII 550 mhz, 64+32mb SD-RAM PC-100, 10G disk space (laughable, yes; but it was the top of the line during its time). If any part of it breaks down, I won’t be able to find any replacements, which means “bye-bye PC”. It tried to save my PC by putting back the harddisk and the CD-rom drive. Someone also messed with the processor settings. Mom also told me that my brother tried to bring it to a repair shop when he realized things were getting out of hand. But of course, the technician wasn’t able to revive it since it was way too old for him. Might be because of some weird evil magic, I was able to run it and see the Windows start up screen again. But then, it just froze… and that’s just about it. I didn’t see the start up screen again. I tried to repair it again but I kept on getting a mild dose of free flowing electrons on my arms. The PC was turned off but still plugged in, so I knew it was already grounded. I remember a previous computer repair shop telling me that my PC was hopeless, since the power box (I don’t know if it was the right term) inside my PC was failing, and anytime soon my motherboard might get toasted. I think it already happened.

Read the rest of this entry »

Errr… I’m planning to switch to “WordPress”:http://wordpress.org from “Textpattern”:http://textpattern.org. I like Textpattern for its simplicity, but I got the chance to try out WordPress and liked it very much. I could do so much with it. But I thank Texpattern for introducing me to “Textile”:http://www.textism.com/tools/textile/ .