One ToDo list to rule them all?

Okay, so _ I’m going to put this out there so I can get some feedback. I’m looking for a good To Do list manager with a few criteria:

  • I’d love for it to have desktop software that would sync with the site (or some other resource) and allow me offline access to the lists
  • It needs to be able to prioritize items
  • It should definitely allow main and sub-categories (one level of categories? that’s crazy talk)
  • The desktop software would need to be cross-platform (pc & mac) – maybe an AIR client?
  • Bonus points if it allows sharing between users or just public access to the lists (RSS?)
  • Mobile support is cool, but not required

I like the simplicity of some of the tools out there, but none of them seem to meet what I’m looking for. Is there anyone out there that’s come across something like this? It’s driving me nuts that there’s not one that’ll fit my needs.


Microsoft Web Dev Summit 2009

See my pics from the event here!

I had the opportunity this past week to go back up to Microsoft for the second year to attend the Microsoft Web Developers Summit. The event brings together a wide range of people related to web development in the PHP community. This year the group was made a bit more diverse because of the inclusion of a few members of some of three communities of PHP-driven applications: WordPress, Joomla and Drupal. It made for a nice mix and, really, for what I think was one of the more interesting parts of the event (but more on that later).

Over the three days we were there, presentations were given from groups all around the company including the Web Platform Installer folks, the IIS team, the SQL Server team and a pretty cool showing from the Bing group on their mapping offerings. Showing off the products seemed to, usually, be a secondary mission for most of the groups though. Out of the number of sessions crammed into each day, most of them were either the PHP community talking to Microsoft (in the form of free-form discussions) or the Microsofters sitting down and really talking with us and asking questions about what we were doing and how they can help us do it better.

In my opinion, these discussions were worth the cost of the whole conference alone. Last year’s conference seemed a bit more chaotic and less structured. There was a lot of miscommunication (it seemed) and several things that we, as a community, weren’t terribly interested in. This year was leaps and bounds over that in terms of both quality and planning. The sessions that weren’t the discussion times were mostly relevant and almost everyone that represented MS seemed to know at least a little bit about what was going on in the world of PHP (with the exception of the ASP.NET folks but really, they sort of have an excuse – they were very happy to get the answers to their questions, though).

Leaders make all the difference in events like this and we had some of the best – our own Cal Evans helped to keep things on task and get the conversation jump started when it needed it, Karri Dunn (the ringleader and organizer) did an excellent job of making sure things were moving along smoothly and that we were able to talk to other groups in the company too (even those not involved in the summit), Josh Holmes (evangelist extraordinate) who has really jumped into the PHP community feet-first and has become one of our key voices back to Microsoft in general and, last but not least, to the leadership within the PHP community – the represenatives from WordPress/Joomla/Drupal, the core developers, the user group leaders and general community members.

A major thank you to all of you (including those I haven’t mentioned that made the event a success) for taking the MS Web Dev Summit up to the next stage in its evolution. I love the direction the event is heading – don’t lose that momentum and don’t lose touch with the PHP community. Last year everyone took their planes home and there was some random communication between MS and us via emails/twitter/etc but most of the connection was dropped. This year there’s already an effort underway to keep those lines open and to make a real dialogue between the web-related groups of each side flow. This, in my opinion, is a real deal-maker. It’s one thing to have a company that brings you up to talk with them for a few days and that’s it. It’s a whole other thing to have one that’s really excited about what’s going on with you and your community and wants to engage you and get input on their next moves.
Web Platform Installer (WebPI). I seriously hope they consider some of the suggestions we gave them as to its future and what we thought could really make it more than it is without sacrificing the simplicity it already has.

A Look Back from 10k

It’s funny – I only realized a few days ago that the 10k post was coming up. You get so used to just wring the posts day after day that you don’t even really notice the numbers. Each thousand along the way has definitely been a milestone, but reaching ten thousand posts to PHPDeveloper.org really feels like an accomplishment.

I started the site while I was back in college. A friend of mine at the time (who I now work with once again, woo!) introduced a young Perl programmer to the wild world of web programming. When I headed out to college I had a basic idea of how the web worked and what it was. I knew there was value in it and not just in the business sense. There was this feeling that I could put my fingers to the keys and make things – things other people could look at and enjoy. When I learned about PHP, my interest grew and I read everything I could and looked at every site even remotely related to PHP. The more I really got into it, the more I wanted to share the things I was finding with the whole web (or at least the part that would want to read it). So, in one late Texas summer, the phpdeveloper.org domain name was bought and I set up shop on a little 486 there on the school’s network….it pays to be friends with the network admins.

Back then I would only post once a day – it’d gather some of the things that I thought were useful and write a summary, mashing them all together. I worked on the site (then in PHP3) and used it as a learning experience to grow in the language. Terms like “CMS” and “abstraction” started to come into the picture and soon PHP4 burst onto the scene in a big way. The site got its first major rewrite then, adapting to this strange and new object oriented setup the language now offered. I created my own little set of libraries to use for the site and whatever other projects that bled over on the sites. The number of hits that the site was getting was growing and the little 486 had to be retired for a dual Celeron 266 machine in my apartment. It kept the room hot but it served up the pages well.

Fast forward to just a few years ago and you’ll find PHPDeveloper.org sitting on a dedicated server, graduating up to the “big boy” world. The site’s been through two more major rewrites (one with the Zend Framework and the other recently with Solar) and have moved hosts once again to where it lives now (Slicehost).

I’ve had tons of help from others in the PHP community out there over the years – people like Davey, Eric and Ben that have posted for me what I wasn’t even remotely close to an internet connection. There have also been lots of supporting players over the years and, more recently, people from the community offering suggestions and sending in news submissions and leads to follow.

PHPDeveloper.org has always been about sharing the best and latest from all around the web to the PHP developers out there and I have no plan of stopping any time soon. As long as the PHP community thrives (and lets face it, it’s not going anywhere) the site will be right there along with it with plenty of news, views and community thoughts as they happen.

Thanks to all for the support to make it to 10k – here’s to hoping for 10k more!

PHPDeveloper.org Sees the Light – The Move to Solar

So I’ve been asked several times about the move I made for PHPDeveloper.org from the Zend Framework over to Solar with the main question being “why?”

Well, I hate to break it to any of the framework zealots out there but the only real reason I had for doing it was the old “try something new” idea that floats around every so often. Yes, I know the site was working just fine under the old Zend Framework code (and yes, I do mean old – I think it was a few versions before 1.0 even) but I get the itch to do something new every once and a while. Some people redesign – I’ve done that too – and others rewrite things from scratch.

I took the opportunity to really look at the core of the site, stripping out all of the extra little “goodies” that I’d hacked in to the ZF version to get various things working. I came back to the primary focus of the site – to provide the latest news information quickly and easily – and made sure that all new code pointed toward that goal. The overall concept is a simple one really: it’s essentailly a blog whos topic just happens to be the goings-on of the PHP community as a whole. All it really needed to do was show the news items, serve up a feed and provide an administrative way for me to add new posts to the system.

I developed the Zend Framework version many moons ago and I almost don’t remember how it was all set up. It took me a bit to get back into it to see how things were structured, but in the end, most of that was tossed and replaced wth some sleek Solar code.

One of the biggest things that I was happy with in the new rewrite was the way that the news information is fetched from a the database. There’s no longer function calls like “getMainNews()” or “getNewsDetail()”. Instead they were replaced by a fetch function that takes in parameters on the object (sort of like the Command design pattern) and applies them to the current query.

For example, I make a call to the “setProperties” function of the NewsAPI object to tell it that I want a type of “where” with a value of “ID=1234”. The fetch function then looks through the properties and applies the operation to the query. The result is a function that can be called the same way every time with the same sort of output. The only difference is in how much/what kind of output there is.

I was concerned about some of the performance issues I was seeing on my server when I made the switch. Some of it was my own fault – forgetting to cache the feed instead of geenrating it, not adding the spam/IP filtering to ward off some of the spammers – but there was still a slow down when the load started to get high. I knew Solar could handle it (it had done it wonderfully on the dev server) so it had to be something else. The dedicated machine I’d been using was nice, but was showing some of its age. I decided to buy a slice from Slicehost and set up shop over there with only PHPDev running on it. Turns out that it wasn’t the new Solar version that was the issue, it was the server. In fact, I’d almost be willing to not cache the feed anymore – the performance is that good.

My last little part of the transition is writing the backend command-line scripts that I use to do some automatic things and the site will be back and complete and 100% Solar-ized.

I know there’s some things I didn’t cover here, so if you have any questions, leave a comment or drop me a line: enygma at phpdeveloper dot org. I’m more than happy to talk Solar with you. And if you’re interested and want to chat with other Solar folks (including some of the main developers behind it), come over to the freenode network – irc.freenode.net – and pop in to #solarphp and say “hi”.


Running a remote script over ssh from EditPlus

I came up with something handy for EditPlus users out there who might need to execute something on a remote machine (like say the linux box that has the samba share your files are being accessed throught).

My situation is that we use templating on all of our files that needs to be regenerated each time there’s a change made. Previously, this meant having two windows open – one for EditPlus and another that’s a ssh session at the directory you’re working with. Well, in one of those “surely there’s a better way” moments this morning, I did some digging and came up with this process:

– Using the “user tools” in EditPlus, create a connection to a remote machine
– via plink (Win) to ssh to the machine
– and execute the command over that interface

#mylist li { margin: 5px; }
Well, it look a little PHP trickery to get it working exactly right, but here’s how:

  1. Download plink
  2. In EditPlus, go to Tools -> Configure User Tools
  3. Hit “Add” and choose “Program”
  4. Change the program name (in the “Menu Text”) to your liking
  5. Add the command to execute in the Command box.
    In my case, I wanted to connect to the remote machine over ssh and run the command to retemplate the file I was working on. Here’s what I put:

    plink.exe user@server -pw mypass /usr/local/bin/retemp.php
  6. Add an argument
    I put the value of ‘$(FilePathNoDrv)’ in there (yes, with the quotes) to append the path to the file without the drive letter
  7. Click “Capture Output” and “Save open files”
  8. Hit “Ok” to save the changes

Then you can check your Tools menu to see what the keystroke for it is and voila – you’re all set. It’s nice that it gives the option to save the file when you execute the tool. Anything that makes for less keystrokes for me!

The PHP script on the other side had to do a little something to handle EditPlus’ input correctly – here’s the example:


exec('/usr/local/bin/template.sh /www/web/'.str_replace('\','/',$_SERVER['argv'][1]),$out);

I left that $out in there just in case you might need to have some debugging output. Because of the way that the script passes in the values (it is a Windows software after all), we have to switch around the slashes to work with the linux file system. So, if in EditPlus my path is like H:wwwdocrootmyfile.tpf the script will map it over to /www/docroot/myfile.tpf and run the template.sh on it to retemplate it.

There we go – hope it’s helpful!

Fixing “Cannot get media type from ‘0’”

By the way, if you ever see lots and lots of lines in your Apache logs like this:

[warn] Cannot get media type from ‘0’
[warn] Cannot get media type from ‘0’
[warn] Cannot get media type from ‘0’
[warn] Cannot get media type from ‘0’
[warn] Cannot get media type from ‘0’
[warn] Cannot get media type from ‘0’

(specifically if you’ve upgrade from Apache 1.x to Apache 2.x) you need to add the following to your httpd.conf:

TypesConfig /etc/mime.types
DefaultType text/plain

For some reason, our Apache 1.x files didn’t have that in there and it’s apparently required by Apache 2.x for correct mime type handling.

Webmaster Jam Session 2007

Yeah, so it’s a little late to mention it (the conference starts bright and early tomorrow morning), but I’m going to be hanging out the next two days at this year’s Webmaster Jam Session here in Dallas. Looks like a good lineup this year – I’d wanted to go last year, but scheduling conflicts didn’t allow it.

Being all PHP, all the time is a nice place to be, but it’s good to branch out and get a little bit of the other side of things. My inner designer is practically jumping for joy.

Webmaster Jam Session 2007 at the Adam’s Mark Hotel in Dallas, Tx

Some Solar Form Fun

So, after getting started with the Solar framework, I figured that I’d keep going and try to really work up an application with it and get familiar with the framework. A next obvious step (well, to me it’s obvious) is to dive into using the form functionality that comes with it. I started small, but eventually worked into a standard part of just about any application these days.

Like learning anything, there were some growing pains as I figured out how to work with it (many thanks to the guys in #solarphp on Freenode) and how to get the following code up and working. The Solar_Auth component makes it simple to drop on top of whatever kind of authentication system (LDAP, ini files, htpasswd) but the method I chose is one of the most common I’ve seen – authentication from a database table. The Solar_Auth_Adapter_Sql handles most of the work and makes defining the table a snap.

Let’s start with the entire code for the controller, User.php:


class MySite_App_User extends MySite_App_Base {

protected $_layout = ‘default’;
protected $_action_default = ‘index’;
protected $_view=”;

public function actionIndex(){ }
public function actionLogin(){

‘sql’ =>$sql,
‘table’ =>’users’,
‘uid_col’ =>’ID’,
‘process_login’=>’submit login’
$auth = Solar::factory(‘Solar_Auth’,$config);

$form = Solar::factory(‘Solar_Form’);
array(‘notBlank’,’Please enter a username!’)
array(‘notBlank’,’Please enter a password!’)
‘value’=>’submit login’
$request = Solar::factory(‘Solar_Request’);
$process = $request->post(‘process’);
if($process==’submit login’){
if($form->validate() && $auth->isValid()){
$this->output.=’logging in…’;
$this->output.=’Invalid login!’;


Now, let’s go through this piece by piece and make it a bit more clear for the non-Solar using crowd (of which I used to belong to).

We’ve defined the controller’s class as extending the MySite_App_Base (see the previous article as to how this is for templating the site) and define some basic properties for the layout/template to use, the default action, and the view to use by default. Below that, there’s two other properties – forms and output. The second is just a general output value that’s used in the /User/View/login.php file as a message. The first, however, is a special container for our form. Later on, you’ll see where the Solar_Form instance is appended to this property and how it’s executed in the view.

Since we’re only really worried about the login form, it’s the only action that’s built out. The function starts by defining the configuration for the Solar_Auth object we’re going to create. The “adapter” setting tells it we want to use the SQL functionality and the “config” array gives the details. The only tricky parts about these values is in the process_login settings. This will need to correspond to the value of your submit button to make things work correctly.

The next two big parts of the action are the creation of the Solar_Auth object (with our $config options) and the Solar_Form object. The first is what handles all of the validation and authentication functionality and the second is the object around which we build our form. That’s what the setElements function is for…

The setElements function is flexible, but I used it to contain a series of arrays that each represent an element in the form. The keys are the element names – “handle”, “passwd” and “process” – and each is a subarray with several settings defined inside. Things like the type of element, the text to have before it (Solar_Form does a basic layout), if the field is required, and how to validate it. On both the username (handle) and password (passwd) fields, I added a simple notBlank with a message to ensure that there’s something in the field. The last item, “process”, is the simplest.

Now the real fun begins – we have our form defined and the $auth object made so we can validate the username and password that’s entered, now we just need to grab the results of the form’s submission and perform the check. We can do this by creating a Solar_Request instance with direct access to the HTTP request. The value we need to watch for on the submit (the value of the “process” form element) is pulled into the $process variable via a call to post() on the request object. The “if” statement then checks for the value of it and, if it’s set, tries to perform the validation.

The processLogin() method called on the $auth object is what does the work here. It runs the check and then, if everything’s okay, sets the status property of the $auth object to “VALID”. The populate() function just repopulates the form’s values back into it (just in case it fails) and the validate() that’s called checked our form’s validation (like the notBlanks we added earlier). The isValid method called on the $auth object checks to see if the status property has been set to “VALID” indicating that the authentication was a success.

The next part is simple – if it’s a success, it outputs a success message and if not, tells the user that it was an “invalid login”. Right below the if statement is a handy little setting that I like because I want to control things in my form – the feedback setting. If set to false, it can silence the feedback that Solar automatically gives.

Remember how I said that the $forms property would come in handy later on? Well, the last part of this script is where it’s at. The Solar_Form object is appended to the $forms array, a value passed out into the view.

Speaking of the view, let’s see how this is all outputted:


echo $this->escape($this->output);
echo $this->form($this->forms[‘test_form’]);


Is this a great framework or what? That’s all it takes to fire off the form in your View and the rest is handled behind the scenes in the controller. There was also someone mentioning the other day (in #solarphp on Freenode – I just can’t promote them enough!) that was talking about using the Solar_User class to do much of the same thing. I opted for Solar_Auth mainly because there were just more docs for it on the Solar website, making it easier to get into. Might have to try that one next though….

Google’s Lemon

Has anyone seen or heard much about Google’s Lemon?

Lemon is a black box tester, which assumes no knowledge of the internal structure of an application or device.

According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting (XXS) vulnerabilties, but Google is “in the process of adding new attack vectors to improve the tool against [other] known security problems”.

Oh, and has anyone ever heard the term “fuzzers” before either?

Firefox and httpOnly

Seems like a little something slipped under the radar in the latest release of everyone’s favorite browser (Firefox – the introduction of httpOnly cookies. I know it’s not supported across the board, but it’s a step in the right direction.

As Alex mentions and includes a code snippet for, it’s as easy as setting a “httpOnly” parameter when creating the cookie to get it to work correctly.

What are httpOnly cookies? Well, the simple answer is that they protect your information in the cookie by making it inaccessible once they’ve been set so as to not allow other sites (or even the site that set it) to get at it. It can only be used when accessed by a HTTP request and *not* a script request.

Also, happily, PHP allows this to be set right along with the other parameters in setcookie as supported in PHP 5.2. No better time to upgrade, eh?