Chris Weldon’s Blog

Well, yesterday was the dreaded changed day for my Zend PHP certification, and I could put in no more study time for it - I had already spent several days taking training courses, then several days reviewing the materials taught there, followed by Wednesday and Thursday (practically all-day), so anymore would have done nothing but possibly confuse me and/or just be a waste. I had been over the material presented to me through the Zend PHP Certification training AND I purchased a book 2 days before the Certification, the Zend PHP Certification Practice Test Book, available through php | architect.

After thoroughy going over the materials from the Zend PHP Certification Training Course, I felt reasonably assured that there would be materials on the test that covered functions, OOP, and other things that I hadn’t touched in PHP. As a result, a lot of things I had to go play with to experience on my own so I could at least know how to answer the questions…

Read more…

PHP, Software Development

This regex command I determined and figure I would share with everyone trying to verify the authenticity of an IP address.

^([0-9]{1,3}\.){3}[0-9]{1,3}$

If you have a better regex, certainly entertain me. I’m always willing to listen.

This came about as a result of realizing that a contact form on my business’s website fell subject to XSS (Cross-Site Scripting) attacks. Essentially, what the person (script, computer, hacker, evil sons of b*tches) was using my form and figured out a way to use it to spam others. This came about by checking my mail log and trying to figure out why I had such a large queue of messages, and why my email count had been ridiculously high going to different outbound accounts.

What happens is people can inject a statement as follows into a text field (textarea input, or any other input field):

bcc: email@email.com\r\n
bcc: email2@anotherdomain.com\r\n
bcc: email3@imgonnascrewyou.net\r\n\r\n
 
Howdy! This is SPAM. Have a crabby day!

Note: This can be all on one line, but needs to contain line break characters \r and \n.

So, what happens is if the script isn’t written correctly, those bcc headers get stuck into the email message, resulting in multiple people getting the email, besides just you.

What I’ve been doing is going back through and validating all input (because that’s what I’ve learned to do through my PHP training sessions as of late) so that this will stop. I hopefully will be catching all invalid input and will be notifying myself when it happens, so that I can immediately ban that IP address.

So, if you are reading this and are any type of PHP developer (beginner to advanced) and don’t care about security - either stop coding or start concerning yourself with security. Follow Chris Shiflett’s advice: FIEO (Filter Input Escape Output).

PHP, Software Development

Day 3 ended the tutorials and began the sessions - the events that the majority of people showed up for. Keystones also precluded the days events, and the first Keynotes were rather intriguing. I heard talks from one of the leads and founders of SixApart, the company responsible for such things as LiveJournal, etc. In addition, Mr. O’Reilly gave a talk on how opensource licenses are out of date. With lack of further explanation of why he believed this, there were many members of the audience (including the other Keynote speakers) who were questioning that statement.

The sessions, left much to be desired. They were approximately 45 minutes each (some actually spanned an hour and a half - though those were rare). As such, 45 minutes hardly gave enough time to thoroughly explain the concepts being presented, but for some of the sessions it was just enough time. For example, the first session I attended was on how this developer used Ruby on Rails to create an MMO in about 45 minutes. The game, is called Unroll - found at llor.nu. It’s a rather simple game, but he explained the concepts behind the creation of his game, rather than explaining some of the methods he used - such as showing code examples, tips and tricks, etc. As such, I left with hardly an understanding of how to use Rails to create a game of my own, but his game is at least open source, so I can download the source code and figure out what I need to then.

The other sessions, which included a combination of PHP, Ruby, and Rails were rather uninteresting for the most part. I took notes in some sessions, but many I’ll have to find the slides in order to benefit from attending them.

However, despite how uninteresting some of these sessions were, I admit that I did take out a lot of ideas that I plan to integrate for my business and CIS. Such things include code caches, such as APC, using IDE’s for development and then running traces on the code to further be able to determine where slow-downs in code occur. I also found a couple of other interesting software items people were using on Macs that I have found quite awesome.

BTW, the Exhibit hall resulted in me getting lots of goodies.

*nix, Events, Networking, PHP, SQL, Software Development

Day 2 of OSCON training was rather sluggish and disappointing. There were several things that I found out that I already knew, but many things I wasn’t expecting from one of the talks, the High Performance PHP. Going into this, I was expecting to see some code examples and talks about certain functions or stylistic coding techniques that would result in improved PHP code. This was definitely not the case, as the majority of the talk was about improving applications that run PHP, or co-exist with PHP. There were also other things to avoid (such as SOAP, but for obvious reasons), but hardly any talks about how to improve your code to improve it’s performance.

The one thing I did learn through this tutorial was how to go through and trace the code, and use things like kcachegrind to make graphs and help you figure out where the slow parts of your code are laying. Percentage breakdowns of the time spent inside certain functions, classes, and objects help to show where your code is “slow”. I plan on using this on my many different projects, just as soon as I figure out how to use the damn program.

The Security tutorial was also nice, but at the same time going over many of the things I learned in my online PHP training that Paul Reinheimer gave last month.

*nix, Events, Networking, PHP, SQL, Software Development

Today: Ruby and Rails
Verdict: Better than awesome!

First thoughts: Instructor name’s David Thomas. First thing on my mind: Wendy’s. lol, sorry, had to get that off my mind.

Anywho, David Thomas and Mike Clark were the instructors for The Ruby Guidebook and The Rails Guidebook. For my first tutorials of OSCON, this definitely caught my attention and I was totally drawn into their presentation. They were excellent speakers, humorous when they needed to be, and more than knowledgeable on the subject.

For those who don’t know what Ruby and/or Rails are, lemme give a quick explanation. Ruby is another programming language out there (actually scripting language), much like perl. There are many aspects to it that really make it a powerful language, especially the fact that everything is an object, which means that everything has certain methods that can be used directly with it.

Rails (or commonly stated as Ruby on Rails) is a framework to build Web Applications that is based on Ruby. From the tutorial, I learned the basics of building a Rails web app, and it is amazingly simple. In fact, the instructor timed himself and it took 47 seconds to get the basic interface for adding, deleting, and modifying items in a shopping cart, complete with MySQL tables, and all the forms necessary and “backend processing”.

Anywho, it’s dinner time. Just wait for my next update.

*nix, Events, Networking, PHP, SQL, Software Development

Well, I am officially writing on the WIFI here at OSCON. After a long, approximate 9 hours of flight, waiting, more flight, waiting, a prezel, and more flying, both myself and Melissa made it here to Portland. I don’t thing we got checked in and situated into our Hotel room until about 1AM Pacific time.

Overall, my flying experience wasn’t as bad as Tom’s was the other day. For those who don’t know (cause I don’t think I posted an entry about his situation), he basically was held over 3 hours in Houson on American Airlines, followed by held over in Chicago for another 3-4 hours before his flight was cancelled and Tom was left stranded in the airport overnight, then didn’t get home till around 4 or 5 PM the following day. In my opinion, that is absolutely horrible service, and airlines should do their upmost best to make sure people get to their desitinations the day they are travelling - not the following day, practically completely through the day.

Anywho, I took American Airlines, but only because I had booked my flight about 3 months before he had this problem. Normally I travel Continenetal. Albeit the problems Tom had, however, both Melissa and I had reasonable flights. The last leg of my journey was on Alaska Airlines, which was the best leg overall because they at least provided a snack (peanuts). American didn’t even offer free peanuts, $4 for a “snack pack”, which would cost less than $1 at the grocery store. No way in hell.

Melissa, took Frontier, and she said they were the nicest airline she had ever been on. In-flight snack: you bet! Chips! A little better than peanuts, to some. But, eh. I’m just glad both of us arrived at the airport and had our luggage just in time to catch the last light-rail that was leaving the airport for the night. Free fare, too.

Double Tree has by far the best beds out of any hotel I’ve ever been to. I didn’t wake up with a sore back at all, and was rather rested, despite not being able to get to sleep till 2AM local time and waking up at 5:45 AM to get ready. Melissa is obviously back behind at the hotel sleeping in, *shakes fist in hotel’s direction*, but hopefully she’ll be able to find something to do to keep herself entertained. I hope that she gets out and sees the town a bit, as this is supposed to be a pretty cool area.

Anywho, time for me to get ready for the convention, and finish answering emails that I haven’t checked in the past couple of days. I’ll keep updated on how awesome the CON is, as I’m in training.

*nix, Events, Networking, PHP, SQL, Software Development

Well, in just over a week I’ll be going to Portland, Oregon to attend my very first OSCON. My boss usually goes, and since I got staff at CIS too late last year, I didn’t have a chance to go to any conferences.

OSCON, for those unfamiliar with it, is the O’Reilly Open Source Convention. From what I can tell, this seems to be the biggest coding convention on this side of the planet - especially the one that seems to emphasize open source development to the extreme. I like the attitude of open source developers, and hope to network a lot at the event. I’m planning on bringing all of my business cards to hand out, and plan to have my little Rolodex pocket holder available to stuff everyone else’s in there. I met a lot of cool and nice people at the last conference I went to (cPanel Traning Conference - Houston, TX), and got their business cards. We’ve stayed in touch since then.

My fiance, Melissa, is coming with me. It was a last-minute decision, but one I hope she’ll thoroughly enjoy. I’ll be in sessions all day most days, and some evenings I’ll be networking with people, but agree that my life has been far to hectic lately, so we plan to take a few evenings to go do some cool things such as visit the Japanese Gardens up there, in addition to the International Rose Test Garden and other things such as the Oregon Zoo, etc. During the day she’ll be meandering probably in the Hotel and surrounding Portland area, enjoying herself. For anyone else interested in a list of other things / places you might find her at, check out the following page.

My camera will be coming with me, so be on the lookout and if you don’t like to be shot, don’t be in range of my viewfinder, else bring that wonderful smile of yours. I’ll be blending in with the crowd, for the most part.

*nix, Events, Networking, PHP, SQL, Software Development

I encountered a problem with an application I was working on the other day that was running on a machine with an older version of PHP (version 4.2.3 I believe). Essentially, the problem was with trying to set the PHP ini variable error_prepend_string. What this variable is supposed to do is the following:

Suppose I have the following blip of code:

1
2
3
4
5

    $arr = array(0 => 'zero', 1 => 'one', two => 'Two?');
 
    for ($n = 0; $n < sizeof($arr); $n++) {
        echo '['.$n.'] => "'.$arr[$n].'"<br />';
    }

For anyone that knows PHP, they will undoubtedly realize that their output will look like the following:

[0] => "zero"
[1] => "one"
[2] => "" [b]Notice: [/b] Undefined index: <strong>2</strong> in <strong>/www/code/file.php</strong> on line <strong>5</strong>

Read more…

PHP, Software Development