D-talk

The little things that pop into mind

Quicksearch

Show tagged entries

Categories



All categories

Monday, June 27. 2011

A world without cookies Posted by Mark van der Velden in PlanetPHP at 22:00

Comments (8)
Trackbacks (0)

A world without cookies

Imagine a world wide web without cookies. And this might not be the strangest thing, since the use of cookies is severely limited since Wednesday the 22nd of June 2011 in the Netherlands. And more countries will follow: http://www.bbc.co.uk/news/technology-12668552

The Law 

The (Dutch) law, that requires a user to agree before storing data, doesn't only apply on HTTP cookies. But in fact any kind of data that is stored on the users computer. Such as; HTML5 storage, flash cookies. But also desktop applications, etc.. The law also states that cookies "required" for certain functionality, are allowed without confirmation. Personally I don't see how anything will change, with this exception in place. And I wonder how many experts were involved into making this law. But that is a subject for another article perhaps...

What are cookies

Cookies are little packages of information stored in the browser of a website visitor, they can contain "small" amounts of data such as an identifiable token or a user preference.

What purpose do cookies serve

Cookies are very generic and can be used for many things, good and bad. The most popular probably being tracking your activity and advertisement. But they are also used to keep a state between requests and to store a preference. Such as "remember me" at a login form, or perhaps "no I do not want to participate in your survey".

Cookie problems

If When the law becomes international, you are potentially violating laws by simply calling something like: setcookie() without the users consent. There are hacks around the typical HTTP cookies, by using flash cookies for example (Oh and btw, here a guide on how to clear those: http://www.macromedia.com/...ngs_manager07.html). And possibly HTML5 storage could play a role here (or any of it's derivatives).

Another thing that has been happening, is visitor awareness and thus browser features. More and more people block cookies to stop advertisement tracking, but unfortunately this also prevents a user to use the features he or she wants to use (such as login sessions, etc.). There is an answer for this and quite a few browser vendor's plan on implementing the "Do Not Track" (http://donottrack.us/) feature, or have already done so. But I'm not too happy with it. The downside of "Do Not Track" is that it's voluntary for website owners and advertisement companies to respect this feature. Other tools include projects such as "Ad Blocker", that only block cookies (and more) for advertisement purposes. It works pretty good, but that is hardly user-friendly.

But, back to "no more cookies"... How do you solve the problem of keeping a state between requests over a stateless protocol?

Some ideas 

Well in short, I have some ideas but definitely no real answers. I don't think there is a real answer just yet.

Let's take the example of a login session. Where you want to offer a secure section to your visitors, where they can (e.g.) read their e-mail, privately. A few things come to mind:

  1. Identifying yourself in every relevant request, using headers for example or an argument &userId=42 in the request. This however has some big problems on its own.
  2. Digest authentication on every relevant request.
  3. Take a look at other technologies, such as IPv6 and move authentication to a lower level.
  4. Perhaps use a commit and rollback system. Where you can do a variety of actions and only your password will be asked in the end, either applying or discarding your actions. Requiring you only to enter your login once. Not the most ideal solution for e-mail though, I have to admit. With this system you would re-post your data to next screens in a similar fashion as e.g. a wizard.
  5. Or perhaps we need to move away from complete server-side applications and move to the client, Javascript applications and use the HTTP spec a little better as it was intended and only have web-services.
Many, if not all, of the things I mentioned above would require secure connections (SSL/TLS) to avoid other security problems. Which might not be a bad move anyway.

Personally I think that there is a future, in an improved implementation of digest authentication over SSL. One that uses HMAC and stronger algorithms, SSL would then supply the missing server validation feature. It should also be more strict and not fall back to insecure legacy features.

Conclusion

All in all I firmly believe that the browser should play a big role in this new cookie recipe and should (partially) solve these problems. Also there should be a more clear separation between "generic storage" and authentication versus a simulated persistency. In more perfect world I would vote for a solution that works on other (underlying) layers and make it application agnostic.
 
I suppose the point I'm trying to make with this article is the following: Take away a feature the entire world uses (since 1996), and wait for the brilliant and creative minds, perhaps such as yourself, to come up with a more innovative feature. It's time for something better!
 
 
I made some updates to this article, based on some comments.

Tuesday, November 2. 2010

PHP Quiz part 4 Posted by Mark van der Velden in PHP, PHPQuiz, PlanetPHP at 09:18

Comments (5)
Trackbacks (0)
Defined tags for this entry: , , , , ,

PHP Quiz part 4

It has been a while, but here is part 4 of the PHP Quiz series! A few questions to crack your brain about, or perhaps you know them all? Try them and find out! Also do read the idea behind these quizzes, here: The PHP Quiz series

As always, think of the answer before you execute the code or look it up. Codepad might help you run the examples. You can find round three here.

 

Visibility is key

Now you see me, now you don't

class testClass {
    private $fubar = "rabuf";

    function test($test) {
        var_dump($test->fubar);
    }
}

class dummy {
    function test($test) {
        var_dump($test->fubar);
    }
}

$object1 = new testClass;
$object2 = new testClass;
$dummy = new dummy;

$object1->test($object1); // Can $object1 see the private property of object1 ?
$object1->test($object2); // Can $object1 see the private property of object2 ?
$dummy->test($object1); // Can $dummy see the private property of object1 ?
 

 

Static, sticky, icky

class test {
  public $counter = -1;

  public function increment() {
    static $cnt = 0;
    $this->counter = ++$cnt;
    return $this;
  }
}

$object1 = new test;
$object1->increment()->increment();

$object2 = new test;

// What will the output be
echo $object2->increment()->counter;

 

Getting the class

class b {
        function getClassA() {
                echo get_class($this);
        }
        function getClassB() {
                echo get_class();
        }
        function getClassC() {
                echo __CLASS__;
        }
}

class a extends b {
}

$a = new a;

// What will be returned, 'a' or 'b' ?
$a->getClassA();
$a->getClassB();
$a->getClassC();

 

The strptime function

$result = strptime('2010-11-28', '%Y-%m-%d');

// What is the output?
echo $result['tm_mday'] .'-'. $result['tm_mon'] .'-'. $result['tm_year'];
 

 

The oldtimer

for ($i = 0, $loop = 10, $a = 10; $i < $loop; ++$i, $a = 0) {
    ++$a;
}

// What is the output ?
echo $a;

Tuesday, October 19. 2010

Forms, buttons and prototypeJS's ... Posted by Mark van der Velden in Javascript at 12:36

Comments (0)
Trackbacks (0)
Defined tags for this entry: , , ,

Forms, buttons and prototypeJS's getInputs()

In forms you use input elements to send your form. But you can also use "button" elements to achieve the same goal. Quite recently someone committed changes into a framework I use often and changed the "input" elements to "button" elements. Normally this is no problem, but in this case it broke some Javascript I had going on.

I used to use the following:

$('myForm').getInputs('submit').each(function (button) {
    // ..
});

But with this function you don't get any "button" elements, to solve this situation I changed it to:

$('myForm').select('button', 'input[type=submit]').each(function (button) {
    // ..
});

It works fine however simply filtering on 'button' might be too greedy and some tweaking might be required. I use this to to track down which button was pressed by the user and act accordingly (e.g. "Save and close" versus "save").

Tuesday, August 17. 2010

Drop empty columns with dynamically ... Posted by Mark van der Velden in MySQL at 13:54

Comments (0)
Trackbacks (0)
Defined tags for this entry: , ,

Drop empty columns with dynamically defined columns and tables

For a migration process I wanted to build in extra validation in some destructive MySQL queries, to eliminate the risk that data might be lost. Of course all data is back-upped, but I rather be safe then sorry.

This is fairly straight forward, create a stored procedure and perform an ALTER statement whenever the previously defined criteria have been met. But I wanted to define a single procedure rather then create one for every table I had to drop columns from. And since you can't simply use variables for column/table names, you have to improvise a little. I came up with the following:

-- Defining the "drop empty column" SP
DELIMITER @@
DROP PROCEDURE IF EXISTS drop_empty_column @@
CREATE PROCEDURE drop_empty_column(
        IN itable VARCHAR(50),
        IN icolumn VARCHAR(50),
        OUT succeeded INT
)
BEGIN

        SET @amount = -1;
        SET @itable = itable;
        SET @icolumn = icolumn;
       
        -- Build the query, with dynamic table and column. Store the result in @amount
        SELECT CONCAT('SELECT COUNT(', @icolumn ,') INTO @amount FROM ', @itable ,' WHERE(', @icolumn ,' IS NOT NULL OR ', @icolumn ,' != "");') INTO @testSql;
        PREPARE testSqlStmt FROM @testSql;
       
        -- Execute
        EXECUTE testSqlStmt;



        -- Check if we have 0 rows, else we still have data and we can't drop.
        IF @amount = 0 THEN
       
                -- Build the query
                SELECT CONCAT('ALTER TABLE ', @itable ,' DROP COLUMN ', @icolumn ,';') INTO @alterSql;
               
                -- Execute
                PREPARE alterSqlStmt FROM @alterSql;
                EXECUTE alterSqlStmt;
               
                -- Update the status
                SELECT 1 INTO succeeded;
        ELSE
                SELECT 0 INTO succeeded;
        END IF;

END@@
DELIMITER ;


-- Conditionally drop the column "deprecated_column" from table "some_table"
CALL drop_empty_column('some_table', 'deprecated_column', @succeeded);

-- Show the status
SELECT @succeeded;

-- Cleanup
DROP PROCEDURE IF EXISTS drop_empty_column;

 

I'm fairly positive that this could be done in a much better way then that I'm doing here, but this works too. Simply repeat the CALL drop_empty_column(..) for every table/column combination you want to DROP and update the definition of an "empty column" to what you want. Currently it drops the column only if the values contain nothing other then NULL or "" (empty string) values.

Further reading:

Tuesday, June 8. 2010

What do you get when you mix; MSSQL, ... Posted by Mark van der Velden in PHP, PlanetPHP at 21:58

Comments (2)
Trackbacks (0)
Defined tags for this entry: , , , , ,

What do you get when you mix; MSSQL, PDO and uniqueidentifier?

You get NULL!

Well you get NULL when you don't cast. Say for example you do the following:

$dbh = new PDO([..]);
$stmt = $dbh->prepare('SELECT accountid FROM dbo.Account');
$stmt->execute();

echo $stmt->fetchColumn(); // NULL
 

But when you do the following:


$stmt = $dbh->prepare('SELECT CAST(accountid AS varchar(36)) accountid FROM dbo.Account');
$stmt->execute();

echo $stmt->fetchColumn(); // "F05C92A1-3119-4206-A123-49A759AC99FB"

 

I didn't think the casting would be necessary, since according to the manual: http://msdn.microsoft.com/en-us/library/aa226054(SQL.80).aspx the datatype 'uniqueidentifier' has implicit casts with multiple data-types. But I guess it's just one of those things...

Friday, June 4. 2010

Connecting from PHP on a non ... Posted by Mark van der Velden in PHP, PlanetPHP at 07:24

Comments (3)
Trackbacks (0)
Defined tags for this entry: , , , , , ,

Connecting from PHP on a non Microsoft OS to MSSQL with a domain account

I was asked to create a web interface front-end with Microsoft Dynamics CRM as back-end. But I had some troubles setting up the connection, since it has to be done using a domain logon. This doesn't have to be a problem at all, unless your configuration is wrong! In this article I'll explain a few things and point you in the right direction when you have login problems.

As stated earlier, the server running the PHP installation is not Microsoft. In this case a AS400 installation, but it could've been a Linux installation also. I'm using PDO for this article and PHP version 5.2.11. Even if you don't want to use PDO, I recommend using it only for debugging (if possible) since that will give you *most likely* more debug information then the mssql_* family.

When using PDO with a MS-SQL database, you'll need to supply "dblib" as driver and DBLib uses FreeTDS as underlaying library. FreeTDS can be a source of troubles when you're trying to connect, if not configured properly. So I'll kick-off with a little information about it. Don't skip it if you have login problems!
Continue reading "Connecting from PHP on a non Microsoft OS to MSSQL with a domain account"

Monday, April 19. 2010

PHPUnit conditional test based on a ... Posted by Mark van der Velden in PHP, PlanetPHP at 16:47

Comments (2)
Trackbacks (0)

PHPUnit conditional test based on a PHP version

I had a problem with running test cases on multiple CI environments, where one of the two runs on PHP 5.2 and the other on PHP 5.3. This basically meant that all our pretty PHP 5.3 code caused the builds to fail on the 5.2 only machine. To solve this problem I needed a way to skip tests when the PHP version was less then 5.3.0. Besides the reason I needed this for a -less then ideal- setup. This can also be a generic way to skip certain tests, based on a PHP version.

class someTest extends PHPUnit_Framework_TestCase
{
    public function setUp()
    {
        // Testing if we are dealing with version 5.3.0 or higher
        if (!version_compare(PHP_VERSION, '5.3.0', '>=')) {
            $this->markTestSkipped('Invalid PHP version, unable to run tests.');
        }
    }

    public function test_testFoo()
    {
      // .. some awesum test case .. \\
    }
}
 

You can also use the cool @depends annotation of PHPUnit and put the version logic in a test. This has my preference, but it's not always possible. In case you have some code that simply can't be parsed by the older PHP engines.

If you know a better way to do this, please share!

Tuesday, November 3. 2009

Multiple PHP versions on one webserver Posted by Mark van der Velden in Apache, PHP, PlanetPHP at 08:39

Comments (7)
Trackbacks (0)
Defined tags for this entry: , , , ,

Multiple PHP versions on one webserver

Introduction

This is a blog about running two PHP versions on one webserver and using multiple php.ini files, this combination can be a tricky one to tackle. But luckily one we can tackle quite easily as long as one of the PHP versions is >= 5.2.7. For this example I'll be using Apache, but the webserver flavor doesn't really matter. The most important part is the "PHP_INI_SCAN_DIR" environment variable.

The why

There could be a number of reasons to want what I'm about to talk about. In my case I have a project where I have a legacy code-base, running on a specific PHP version, and a new code-base which will be run on 5.3. Because the new code-base will be a ongoing progress of replacing the old, it first has to run side by side with the legacy code-base. So I wanted my development image to run two PHP versions.

The old code-base used php.ini settings such as a include-path, error reporting, etc.  Which will be different from the new code-bas, and those can no-longer be set with the 'php_value' feature of Apaches since the PHP version we'll be using for that runs as (f)CGI rather then as module.


Continue reading "Multiple PHP versions on one webserver"

Thursday, October 29. 2009

Javascript printing a popup window Posted by Mark van der Velden in Javascript at 15:25

Comments (3)
Trackbacks (0)

Javascript printing a popup window

For the impatient, a working example:http://dynom.nl/jquery/print_popup.html

 

It seems so easy, but I had some trouble printing a popup window containing an image. Whenever I printed the page using the following code it failed.

/**
 * FAIL
 */
function printIt() {
        var win = window.open('/path/to/image.jpg', 'Image', 'resizable=yes,...');
        if (win) {
                win.focus();
                win.print();
        }

        return false;
}
 

 

So I changed from opening a URL to writing a IMG tag to the opened window, which works like a charm.

/**
 * Works like a charm.
 */
function printIt() {
        var win = window.open('', 'Image', 'resizable=yes,...');
        if (win) {
                win.document.writeln('<img src="/path/to/image" alt="image">');
                win.document.close();
                win.focus();
                win.print();
        }

        return false;
}

 

And to put it in jQuery terms:

/**
 * To put it in jQuery terms:
 */
Popup = {

        init : function () {
                $('a#action_print').bind('click', Popup.printIt);
        },

        printIt : function () {
                var win = window.open('', 'Image', 'resizable=yes,...');
                if (win.document) {
                        win.document.writeln('<img src="'+ $(this).attr('href') +'" alt="image" />');
                        win.document.close();
                        win.focus();
                        win.print();
                }

                return false;
        }
}

$(document).ready(function () {
        Popup.init();
});

Sunday, October 11. 2009

Multiple backend session storage handler Posted by Mark van der Velden in PHP at 11:17

Comments (0)
Trackbacks (0)
Defined tags for this entry: , , , , , , ,

Multiple backend session storage handler

Recently I got asked if I knew about a system that supports multiple session back-ends at once. I didn't know about one and since it's not rocket-science I decided to spent a few hours and whoop something up.

For the impatient, checkout: http://github.com/Dynom/SessionHandler

What does it do?

It is a drop-in high-availability storage back-end for PHP sessions by offering a redundant session storage system. It's as easy as including the lib, define the drivers you want to use (e.g. Memcache and MySQL) prepare their configuration/installation and done. If you already have a MySQL server and a Memcache instance running you can set it up in about 5 minutes. It's also easy to extend and write new drivers, just extend the template class and fill in the blanks.

Continue reading "Multiple backend session storage handler"
« previous page   (Page 1 of 6, totaling 51 entries)   next page »
Frontpage

Calendar

Back February '12
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29        

External links