Rediscoverer

I was just thinking how nice it would be if more open-source PHP applications offer some sort of API for their application. It would really be useful specially when the application is likely to be integrated with another.

For example, I have phpBB2 and Coppermine Gallery. Yes, there’s already a Coppermine-phpBB bridge to tie the forum users to the gallery. But other than that, I have no other means of communication between the two. What if I want to display a link to a user’s gallery in each of his post, along with the usual buttons (profile, ims, etc)? What if I wanted to display randomly picked images from a user’s gallery and display it in his/her profile?

Ways of accessing an application’s functionalities from outside might range from a simple, block copy-paste solution and/or directly talking at another’s DB tables… to hellish insert-here-to-there hacks and conflicting variable hunts that span several files. Some people would find themselves reading and studying in detail how both applications to come up with a way to make them work together. In-depth knowledge is good. But sometimes you don’t have for that and might be an overkill in some cases. I don’t want to see how that cow got in there, I just want my hamburger.

If both had an available API, I don’t have to go through all that trouble. I would already know what it could do and know how to make it do things without dealing with unrelated stuff. And if I ever have to make it do something out of the ordinary, I will know where to look at.

Plugins just crossed my mind (it should… I’m using Wordpress). Some apps come with their own plugin system, so you can extend the application and often times import some functionalities from outside the application… kinda like what an API does. But I don’t think they can replace APIs. In fact, they need APIs to exist. The application provides a some sort of a Plugin API for building plugins. Hmmm… using Plugin APIs to build a plugin that communicates to another application via the API the other app provides. Sweet. I don’t have to deal with how the inside works. I just need something to connect them from the outside.

By the way, if anyone reading this knows some open-source projects (in PHP) that have an API available, please do comment. Already found one, SMF, a forum software. The API is just in its pre-release though, but sure looks promising.

I’m sleepy and could no longer think clearly. I hope I made some sense in this post.

I needed to use HMTLPurifier on my CakePHP application. So I just saved it under the vendors folder inside the application folder. This how the directory strucure looked like.

+ myApplication
     |-----+ config/
     |-----+ controllers/
     |-----+ models/
     |-----+ plugins/
     |-----+ tmp/
     |-----+ vendors/
     |       |----- HTMLPurifier/
     |       |----- HTMLPurifier.php
     |
     |-----+ views/
     |-----+ webroot/
     |-----+ .htaccess
     |-----+ index.php

But before including the vendor component, I needed to add the to HTMLPurifier so Cake can find it. So, I added something to HTMLPurifier.php, somewhere before the require_once() statements:

Now I’m all set. I just need to to include the component using the CakePHP function uses().

UPDATE: Some little update on this. When using HTMLPurifier inside CakePHP (or even in other apps), make sure that the character encoding of the output page is UTF-8. I encountered this little bug where a paragraph tag (p) containing only a non-breaking space was converted into another character. But I checked on my html page and the meta tag Content-type was set to UTF-8 (and of course I’m using XHTML 1.0 Transitional DocType). I fixed it by sending a content-type header. In CakePHP, you can do this inside the beforeFilter() function of your controller.

I’m currently doing an article submission application. Wanting to give the users more power over their articles, I’ve planned on using a WYSIWYG text editor for the article submission form. Using that kind of editor, users can format their articles easily, even if they have little experience with html. I tried using TinyMCE, an Open-Source WYSIWYG editor that runs using Javascript and I’m quite happy with the results. It provided some “MS Word”-like interface. It also has some mechanism that filters disallowed html tags like and other potentially dangerous tags that could make the application vulnerable to XSS attacks.

But what if javascript was disabled by the user? Expecting that the input would be processed by TinyMCE, the application won’t be doing some input checking. If javascript is disabled, TinyMCE won’t be able to do its job. The disallowed html code will be freely included and the application will be left open to attacks. PHP’s Built-in input filtering functions isn’t much of use here, since all they do is strip the tags or convert special characters like < and > into their equivalent entities and will no longer be recognized as mark-up. I wanted some PHP functioality that can do the filtering for me.

So I consulted sir Google and after searching some possible solutions, I found HTML Purifier and gave it a test run. Yep, it worked. I tried it with TinyMCE on, and the html fomartting was still intact after purification. Now I tried it with TinyMCE on, but then disabled javascript and inserted some not-so-malicious code and the purifier caught it. Nice! If I have time, I’ll test it further. I just need to make the application fully functional before doing detailed testing and debugging.

I was so conscious of properly sanitizing user input with htmlspecialchars() and addslashes() that sometimes I forget to trim() them for whitespaces. A small application I’m currently doing with CakePHP had this kind of bug related to unwanted whitespaces. It took me sometime to spot it.

I was really interested with Joomla as an alternative for web publishing. It was really easy to understand and use (plus the admin panel rocks, imho). Then this update for Joomla came up, related to high-risk security vulnerabilities affecting all the past versions of Joomla. I have read the warnings about the update being incompatible with some extensions but I went on upgrading anyway. All was running smoothly when I stumbled upon the upload part in the admin panel. It was telling me I was not authorized the view/use th upload page (on the pop-up window). What the??? I am the super admin and the only user (I tested it on a localhost to make sure I don’t screw up the site on our test server). Then when I started using other extensions, they we’re giving me several warnings. Some of them I was available to work around, but most of them had something to do with Joomla’s inner workings so I didn’t messed with it (yet). Only two extension were left (barely) working.

Awww… man. Just when everything with Joomla looked promising. Well, I’ll be waiting for more updates and fixes regarding those extensions.

I’ve been handling this project for quite sometime now. It was a construction related forum, where homeowners seek advice from professionals. Our client wanted to add more services/features to the site. When the site was handed down to me there were already some additions. It had a classifieds section and a company directory, that were quite buggy and problematic. I had to take it down and rewrite it, salvaging any parts that I can. I also spiced it up a bit and turned it into a mash-up using Yahoo! Maps . I added a wiki on the site, hoping that users would help contribute and build a useful knowledge base. But I guess th folks there aren’t really ready for that. I was also assigned to create Jobs section, that would pull out related job feeds from another site and display some graphs/stats regarding the jobs. I did it, but got a little attention from the users (though some users got jobs from it). I also added a weather section, since weather was an important factor in their trade and a forecast would be quite helpful. They are also planning to have a product review/rating part, and an encyclopedia/dictionary to replace the wiki. They also want to add a gallery where the works of the contractors can be displayed/featured. They also asked me to install a newsletter application ( PHPlist ) to inform users/partners with lates news and site updates.

Almost all of the requested features are done and are ready to be integrated with the site. The problem is that things are quite unorganized/scattered. I have two versions each for the Classifieds and Directory section, running using CakePHP and another using an OOP approach. The weather section and the Jobs section where done using normal procedural programming. As for the gallery, there’s already a user gallery mod (by the way, we’re using PhpBB or the forums) for the forum, so we I don’t think we need to install Coppermine Gallery. The Review/Ratings and encyclopedia things are yet to be decided, since the folks are still busy with the new site design/layout. I really hate the frequent switch between programming environments ( procedural, OOP, CakePHP framework and PhpBB), and I tend to accidentally mix things up. It’s tiresome and maintenance nightmare. This urge me to look for options on how I can choose an approach and apply it consistently through out the project. I rounded them down to three: PhpBB super mod, CakePHP and by using a CMS like XOOPS or Joomla .

Continue Reading »