Archive for the 'Programming' category

Honeypot for Zend Framework

published on April 21, 2010.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

I just hacked up a little code snippet based on Matthew’s Honeypot Wordpress plugin. It’s basically just a Validator for a Zend Form element which is hidden from the user via CSS. Cause it’s hidden, users won’t see it, but spambots will, well, cause they are bots.

If the element is left empty, it’s valid, otherwise it’s not.

So, here’s the code:

<?php
class App_Validate_Honeypot extends Zend_Validate_Abstract
{
    const SPAM = 'spam';

    protected $_messageTemplates = array(
        self::SPAM => "I think you're a spambot. Sorry."
    );

    public function isValid($value, $context=null)
    {
        $value = (string)$value;
        $this->_setValue($value);

        if(is_string($value) and $value == ''){
            return true;
        }

        $this->_error(self::SPAM);
        return false;
    }
}

I add the element to the form like this:

<?php
$this->addElement(
    'text',
    'honeypot',
    array(
        'label' => 'Honeypot',
        'required' => false,
        'class' => 'honeypot',
        'decorators' => array('ViewHelper'),
        'validators' => array(
            array(
                'validator' => 'Honeypot'
            )
        )
    )
);

There. Done.

Happy hackin’!

Toggler

published on February 04, 2010.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

At the office we’re starting out on a new project, which will require (thanks to our designer) a lot off divs and images and whatnot to slide up and down. All these elements will of course have it’s own ID’s and classes, so writing one function to slide/toggle them all is impossible, plus the design of these elements is so weird that the built-in animation effects are of no use. So I hacked together my first! jQuery plugin which will hopefully help us with this task.

As I was more inspired to write code, than to come up with names, I called this little fella toggler, a jQuery plugin for togglering elements around…

What it does is actually calling .animate() on the height the top of the element that is to be togglered.

Setting it up is easy: include the jquery-toggler.js script, call the toggler() function on any clickable element and set the rel attribute of that element to match the ID of the element which is to be togglered (clearly, if you look in the source of the example, you’ll understand that better than my jibberish).

The default height when the element is closed (togglered up) is 0px, when the element is open (togglered down) is 200px and the default speed of this magical animation is set to 1000 (1 second). You can of course change these by passing them to the toggler({speed:500}) function.

toggler is available at GitHub: http://github.com/robertbasic/toggler

Example is here: http://robertbasic.com/toggler/

toggler yourself out.

Edit Februray 6th: Apparently I completely misunderstood the designer what kind of effect he wants, thus now I changed the code. The new code is pushed to github and the example is updated.

Tags: jquery, plugin, toggler.
Categories: Development, Programming.

Book review - jQuery 1.3 with PHP

published on January 06, 2010.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

Although I never wrote about jQuery here, I use it quite often and can pull of nice tricks with it. Also, bending any jQuery plugin to my will, was never a problem. But enough about me, you’re here cause of the book.

jQuery 1.3 with PHP is written by Kae Verens, a JavaScript and PHP developer. This book is aimed at PHP developers who have met only a few times with JavaScript and jQuery, but I believe even a novice programmer can gain knowledge from it – just be warned, the PHP examples are here for the sake of the examples only; about which the author warns throughout the book. As the author said: “This book is designed to help a PHP developer write some immediately-useful client-side applications without needing weeks of study”. And it will.

On the other hand, you need to know your HTML and CSS selectors, as the book only says that jQuery uses CSS selectors to select elements.

The examples in the book are well explained and commented!

The book starts off with an introductory chapter about jQuery, what it is, why the author chose it over other JS libraries, what projects use jQuery and so on…

The “Quick tricks” chapter shows some really quick but useful tricks, such as dynamic select boxes, contextual help or inline editing. OK, you may have all done this before, but it’s a good starting point for getting to know jQuery.

From chapter 3 to chapter 9, the author shows how to do things like validating forms, creating an event calendar, managing files and folders from the browser, rotating, cropping, resizing images (with ImageMagick!) also from the browser or making lists sortable by dragging and dropping items. Of course, no one wants to reinvent the wheel, so all the examples are using plugins – either from the jQuery UI collection or “standalone” plugins that are “too specific” to be in the said collection.

My personal favorite chapter is the “Data tables” chapter, which shows how to present and use table data on your website by adding sort, filter and pagination functionality to your table. The example shown uses a table with over 2 million rows, which is worth mentioning, cause this way we know that it’ll work on a large dataset also.

The final chapter is reserved for optimizing the front-end code and reveals some stuff behind jQuery and JavaScript in general (I personally never knew that there’s a speed difference between different type of selectors).

In conclusion, if you’re a PHP dev wanting to “spice up” your apps, this book will most likely worth the money spent.

You can take a look at the Table of Contents, read the sample chapter, or just buy the book!

Tags: book, jquery, php, review.
Categories: Development, Programming.

Bad Firebug!

published on December 21, 2009.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

We all know about Firebug, probably the best developer add-on out there, and how awesome it is and how many times it helped us debug some nasty Javascript code, mess around with CSS and HTML on-the-fly, to track the time load of every external page element our app loads… It’s so cool that it even has it’s own add-ons! (FirePHP, YSlow and FireCookie). Really, it helps our developer lives to suck a bit less.

Note: the following text is not about bashing other developers and their works, but to highlight the importance of proper input filtering. I myself have failed on this, several times.

Let’s go back to the part where we mess with the HTML by the means of this, may I say, application. You can add, hide, remove HTML elements, add, alter, remove, attributes from HTML elements… Adding, hiding, deleting - boring; altering - fun! I have this urge to try to break every form on every website I find. Not to do any harm, just to take a look how my fellow developer did his job and if I see anything that’s not right, I try to contact him to fix that, cause, y’know, I’m a nice person… Anyhow, I recently found some sites where all the textfields and textareas were filtered properly and no harm could be done - all my “hack” attempts were caught by their application. Nice. Oh, look, a select box! Right-click, inspect element, value=“xyz”, change that to value=“abc”, submit the form… and poof! A sexy SQL error. All that with the help of our li’l friend, Firebug. The elements where the user is required to provide some information “by hand” were processed correctly, but the select box was not.

OK, let’s take this one step further. On a site where the user can register an account and afterwards can edit his or hers profile. I register, go to the user panel, the usual stuff - change email, password, location, DoB (Date of Birth)… A quick inspection of the source - a hidden field “id” with a number in it. Hmm… Quickly, I register another account, note the “id” on that second account, go back to the first account, change the “id” of the first account to the “id” of the second account, change the DoB (just to see any actual information changing), click submit… “Your profile has been updated successfully.” Mine? Not really, the DoB is like it was in the first place… Go to the second account… Oh boy. I successfully changed the DoB of the second account, with my first account. Now, I haven’t seen their source code, but I can imagine what was going on. Something like this:

<?php
$id = (int)$_POST['id'];
$dob = $_POST['dob'];

$sql = "UPDATE users SET dob = '" . $dob . "' WHERE id = " . $id;

On the positive side, when I entered letters in that hidden field, I was told by the app that I haven’t filled all the fields correctly, which means they filtered even the hidden field, but skipped to check if that “id” is actually me.

OK, I know, the title is “Bad Firebug!” and the problems are actually about filtering user input, but I needed a catchy title to have your attention on Twitter :P

Even tho a field seems “unchangeable”, with a help of an awesome little app, it becomes changeable. And dangerous.

Filter input, escape output :)

P.S.: On the image above you can see my profile on a bulletin board, where I changed my year of birth from 1986 to 986 with Firebug. The years are in a select box; the lowest value is 1910. You can see my actual profile here.

Chaining routes in Zend Framework

published on November 27, 2009.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

On a forum, there was a question today, about adding language “support” to the routes using Zend Framework. The guy wanted routes like /en/foo/bar or /de/baz. I wrote there an example for that using Zend_Router_Routes_Chain, so just posting that example here, too :)

For what chains are for, is described in the manual, so I won’t be covering that :P

Basically, we’re prepending the language route to the other routes. This way, we have defined the route for the languages in one place only, plus, the other routes don’t have to worry about the language, too.

// this goes in the bootstrap class
<?php
public function _initRoutes()
{
    $this->bootstrap('FrontController');
    $this->_frontController = $this->getResource('FrontController');
    $router = $this->_frontController->getRouter();

    $langRoute = new Zend_Controller_Router_Route(
        ':lang/',
        array(
            'lang' => 'en'
        )
    );
    $contactRoute = new Zend_Controller_Router_Route_Static(
        'contact',
        array('controller'=>'index', 'action'=>'contact')
    );
    $defaultRoute = new Zend_Controller_Router_Route(
        ':controller/:action',
        array(
            'module'=>'default',
            'controller'=>'index',
            'action'=>'index'
        )
    );

    $contactRoute = $langRoute->chain($contactRoute);
    $defaultRoute = $langRoute->chain($defaultRoute);

    $router->addRoute('langRoute', $langRoute);
    $router->addRoute('defaultRoute', $defaultRoute);
    $router->addRoute('contactRoute', $contactRoute);
}

Assuming that we have an Index controller, with actions index and contact and a Foo controller with actions index and bar, paired with the routes from the above example, we could do requests like:

/ => /index/index/lang/en
/de => /index/index/lang/de
/sr/contact => /index/contact/lang/sr
/en/foo => /foo/index/lang/en
/fr/foo/bar => /foo/bar/lang/fr

Requesting a page like, e.g. /de/baz, would give us a 404 page, cause we don’t have a Baz controller.

HTH :)

Happy hacking!

Robert Basic

Robert Basic

Software engineer, consultant, open source contributor.

Let's work together!

If you require outsourcing or consulting help on your projects, I'm available!

Robert Basic © 2008 — 2019
Get the feed