Coding
Update: I posted some news on this here.
Ever wondered how to create an interface like Google Personalized Home? In the first section of this article I'll demonstrate how to create a drag/drop portal in a few lines of JavaScript code, using the excellent Prototype and Scriptaculous JavaScript libraries. In the second section, I'll explain how to integrate this code into Drupal as a server backend for storing user settings. You may check the frontend here (tested with Firefox 1.5, IE6, and Opera 8.5), and download a reusable JavaScript Portal class and Drupal module for the backend at the bottom of this post.
Read more
Submitted by Ayman on Mon, 2006/09/04 - 12:23am.
Here is a solution for a problem I read about many times in the Drupal forums, but couldn't find any definite answer to: When upgrading or moving a database dump from MySQL 4.0 to 4.1, Unicode data stored by Drupal becomes gibberish. The attached module iterates over all tables in Drupal's database, and converts text columns to UTF-8. The bulk of work is already in Drupal's code (_system_update_utf8), the module simply makes use of it.
To use the module, install and enable it, then navigate to update.php, and select update 1 for the module, then initiate the update process. You may disable the module when done.
Read more
Submitted by Ayman on Tue, 2006/08/29 - 5:51pm.
I wrote two CSS debugging bookmarklets to ease the pain of XHTML/CSS development under Internet Explorer. They mimic two commonly used features in the Web Developer extension for Firefox. The first outlines block-level elements, and the second displays ID and class information. Although that such functionality already exists in Web Developer and other bookmarklets, I couldn't find anything that is compatible with Internet Explorer and works offline (What I found are bookmarklets rely on including remote stylesheets).
To test a bookmarklet, simply click its link. To use it, drag and drop the link to your Links/Bookmarks toolbar, and press the resulting button when you want to activate the associated functionality. These bookmarklets are tested with Firefox 1.5, Internet Explorer 6.0, and Opera 8.5. I haven't had the chance yet to test with KHTML/Safari, but I think they should work because the code is standards complaint.
Anyone who's worked with XHTML/CSS for a while knows that Internet Explorer support for standards is lacking to say the least. It has many obscure bugs and compatibility issues. Firefox is my platform of choice for web development because of its compliance with standards and the plethora of development and debugging tools and extensions available (most notably Web Developer and FireBug). Once coding is finished under Firefox, I validate the code and test with other browsers (IE, KHTML/Safari, and Opera). Most of the time the code works on Opera and KHTML without any issues; however, IE often produces problems, and while working around them, I used to wish I had Web Developer's features for IE. Now I have these bookmarklets. They took me like 5 minutes to write and test under Firefox, but IE silently failed to produce the desired results until I did another hour of work. I adopted Web Developer's styles for outlined elements and ID/class information for consistency. And now I'm sharing them here now hoping that others find them useful as well.
Submitted by Ayman on Sat, 2006/08/26 - 12:08am.
Anyone interested in web development should have heard about the Model-View-Controller software pattern by now. This pattern emphasizes on separation of application's data model, UI (view), and control logic. The concept itself isn't new and has been around since 1979, but recently there have been many successful implementations of the pattern in the domain of web development.
Like any self-respecting web developer, I started to explore the available frameworks, and quickly settled on Python as a language and TurboGears as a framework. I viewed many webcasts and documents, then decided to practice my newly gained knowledge by writing a basic del.icio.us-like social bookmarking application in TurboGears. Now I'm documenting my work as a tutorial, hoping that other TurboGears newcomers would find something useful in it. The tutorial covers the following concepts:
- Designing data models.
- Developing controller Logic.
- Creating view templates.
- Working with forms and widgets.
There are also sections for the reasons behind my Python/TurboGears choice, and the installation process.
Please read on for the tutorial itself and an attachment of the project's source code at the end. I recommend viewing the code while working with the tutorial, as I didn't include imports or other tiny bits. In addition, the tutorial assumes good knowledge of Python.
Read more
Submitted by Ayman on Fri, 2006/08/18 - 6:17pm.
This isn't actually news, but I'm adding it for reference. In the last few months, and during my work on Drupal (as part of my job or contributions to Drupal), I discovered 2 security vulnerabilities in Drupal core: the first one is an SQL injection vulnerability that I spotted while reviewing access logs for a website I maintain. Some bot was trying to request malicious URLs and one of them triggered an error message in the logs. I investigated and turned out that it was possible to pass input into queries without sanitization in certain cases.
The other one is a cross-site scripting vulnerability. I was analyzing user.module to understand how certain parts worked when I noticed that a variable was printed to page output without passing through filters first.
Both where reported and discussed on the security mailing list, and new versions were released later.
while I am at it, here are a couple of tips:
- Monitor your website access and error logs regularly. This way, you are more likely to notice and stop malicious activities. Linux text processing commands can greatly help in analyzing large log files.
- Keep your web applications up to date, and subscribe to the application's security announcement list (if any). Here's Drupal's security announcements list.
Submitted by Ayman on Tue, 2006/08/15 - 12:11am.
I've just finished reading through "Essential PHP Security", a book that deals with security issues related to developing PHP applications, and I have to say, this book is a must for every PHP developer. It covers almost every aspect of web security from a PHP developer's point of view, including SQL injection, cross-site scripting, session/cookie/authentication management, file uploads, file inclusion, and many other topics. It includes a run down of possible vulnerabilities in a given topic, and how to deal with them in a secure fashion.
Even if you are an experienced PHP developer, this book has a lot to offer. While I don't claim to be one, the book served as a reminder of security pitfalls and techniques, and I managed to learn several new things from it.
Interestingly, many concepts introduced in the book are already implemented in Drupal, like the authentication and session systems and session fixation prevention techniques.
Bottom line, if you are remotely interested in PHP, this book is a must, period. Anyone who wants to touch PHP has to read this book first!
Submitted by Ayman on Thu, 2006/07/06 - 1:33pm.
A while ago I came across the Python Challenge. It is a series of programming challenges that require writing short programs in order to advance through levels. The creator(s) of the site put a lot of effort into it. The challenges are a lot of fun to solve, and the whole thing is very addicting.
If you don't know Python then I suggest you read its tutorial and then start solving the challenges, it will be a great learning experience. If you do know Python, the challenge still has a lot to offer on the educational and fun fronts. It will make you explore a variety of libraries and programming domains.
Most of the levels can be solved with other programming languages as well. However, solving them in Python makes the programmer experience the beauty of Python, its power, and ease of use.
To sum it up, if you enjoy programming, the Python Challenge is for you. I don't remember having so much fun on a website in a long time :)
Ah, and by the way, I'm currently in level 27.
Submitted by Ayman on Sat, 2006/06/17 - 8:02pm.
Flatforum for Drupal 4.7 has been released, new features include:
- Improved CSS code for both structure and look, changes/improvements should be easier as well (using CSS code).
- Heavily tested with Drupal 4.7, Bluemarine, PushButton, box_grey, and FriendsElectric, under Firefox 1.x, IE 6, and Opera 8.x.
- .install file for Drupal 4.7.
- Forum nodes should appear like normal nodes everywhere outside forums.
- #new and #comment-* link issues should be resolved.
Flatforum is a template that changes the look of Drupal forum so it resembles phpBB/vBulletin style flat forums.
Enjoy the release!
Submitted by Ayman on Sat, 2006/05/13 - 2:14pm.
This site uses a modified version of the Blix theme. The most notable modification is the change from fixed width to a fluid layout. I often receive questions on how I did it. Here is a quick tutorial. As you will see, the process is quite easy.
Read more
Submitted by Ayman on Wed, 2006/05/03 - 12:15am.
I don't know how I managed to survive for years without some sort of version control for my personal projects. First, I used to manually make backup copies of my project directory in case I wanted to revert back or compare revisions. Later, I relied on Eclipse for a very basic version control system. Eclipse stores copies of project files after every save, and lets you compare revisions. Next, I decided to write a script that made backup copies of my projects directory, and archived them according to date/time.
Finally, and given that I have been using CVS to contribute to various Open Source projects for a long time, I saw the light and decided to utilize a version control system for my own projects.
I have been hearing about Subversion for a while, but never had the chance to read more on or try it out. So I decided to experiment with it instead of going directly with CVS. First, it started as "trying something new" but later I realized Subversion has new features that cover many limitations of CVS. I'm no guru of either, but here's what I found:
- Subversion tracks structure of folders. CVS doesn't have the concept of folders.
- Subversion has a global revision number for the whole repository. CVS tracks each file individually. A commit that represents one logical change to the project code may change a group of files; in Subversion, this commit will have one revision number instead of separate revision numbers for every changed file in CVS.
- Subversion commands are very similar to CVS. It's very easy to switch for CVS users. Most of the time it's a matter of replacing
cvs with svn.
Again, I don't know all ins and outs of CVS or Subversion, if I'm missing anything, please correct me!
It took me less than an hour to experiment with Subversion, learn it, and import my projects to it. So I decided to write a quick tutorial for those who:
- Are already familiar with version control systems (like CVS).
- Haven't used any for controlling their local projects.
- Would like to try Subversion.
If this is not your case, I point you to "Version Control with Subversion" where I started reading about Subversion.
Read on for the quick tutorial.
Read more
Submitted by Ayman on Tue, 2006/01/10 - 8:58pm.
