Open source

Why PHP is still an immature language

Tags: 

A thread came up on Slashdot today about the security problems of PHP and software written using it. Given that this is as much of a major problem today as it was five years ago when version 4 was released (that was supposed to start fixing the security problems), and given how bad most PHP code still is today, I added in my own $0.02:

From my experience the main cause of insecure PHP software is developers not turning the error validation to the highest during development, so when an unsuspecting user downloads the software little do they know that their system can and often is wide open to stupid bugs and security problems. When you leave error_reporting to the default setting you miss lots of important details, like array keys being passed as constants, variables being referenced before they're created (especially with arrays), incorrect return types, etc, etc, yet people wonder why their code is so buggy? I was installing vtiger, which is a pretty comprehensive CRM that has lots of potential to hit it big, the other night for a client and was slamming my had against the wall at the sheer number of stupid syntax bugs that were in the system.

How many programs out there tell you to turn on the old register_globals that everyone knew was a huge security problem?

How many programs tell you to turn down the error_reporting level to hide their development incompetence?

I was actually considering starting a movement to have the PHP community clean up their act, we'll see if its still needed after the dust settles from this.

Personally I think that with PHP 5 they should have stopped supporting deprecated coding practices, like accepting invalid variables and invalid array keys, so that this stupidity could finally stop.

That's why I don't do much with PHP anymore, a large portion of the open source projects that clients want you to "make work" are riddled with utterly stupid mistakes that you spend days if not weeks cleaning it up before you can actually start doing any work.

WP-Cache + password-protected pages = problems

Tags: 

I have discovered that, despite recommendations, it is not advised to use the Wordpress plugin WP-Cache if you use password-protected pages as it stops them working correctly. If you turn on WP-Cache and view a password protected page that you have not previously viewed it will cache a copy of the login page and never let any visitors access the content; if you view a page that you have previously viewed before enabling the cache it will cache the full page, letting everyone who views your site see the page. This is not a good way to work, so I recommend simply not enabling this plugin.

SVN+SSH problems on Mac OSX

Tags: 

I was trying to get SVN set up as a daemon on my OSX 10.4 (Tiger) machine when I started running into this error upon connection:

bash: line 1: svnserve: command not found
svn: Connection closed unexpectedly

Some searching later I really couldn't find anything that might have been causing the problem, other than the obvious notion that the path was not working correctly. A little fiddling later I discovered the problem - the ssh daemon was by default configured to not load any user environment files (which are used to set the command path, etc). To fix the problem I had to first enable the option PermitUserEnvironment and then restart the service:

sudo nano /etc/sshd_config

Search (control-w) for the string "PermitUser" then uncomment the line (remove the # sign) and change the the "no" to "yes". Then all I had to do was restart the ssh daemon and it was good to go:

sudo SystemStarter -v restart SSH

Et voila!

Gallery2Export tip - upgrade PHP!

Tags: 

At home I use the wonderful Gallery2Export plugin for Apple's iPhoto photo catalog program into a Gallery2-based online album. It has generally worked great, but yesterday when I was trying to upload Halloween pictures it stopped working. Some fiddling later, including going through the hassle of trying another plugin (iPhoto2Gallery, which also failed), I finally upgraded the website from PHP 4.4 to PHP 5.1, and... it magically started working! Hurray! I've no idea if that was the actual problem or if it was just sheer luck, but its working again and now I can get back to the fun of sharing pics with my family :-)

Image block rotation using Script.aculo.us

Tags: 

Here's a handle little Javascript function that'll let you rotate a set of DIVs as needed, e.g. to rotate a series of images for a slideshow. It uses Script.aculo.us to do a very simple looking yet quite appealing slide in/out. You'll need to load the prototype.js file and Script.aculo.us' effects.js file before running the code. One thing to note is that you can use any object to do this - DIVs, IMGs, etc, just assign the IDs accordingly, which is useful if you need to rotate entire code blocks and not just individual images. Enjoy!

// Shuffle a series of divs using Script.aculo.us
// Set it up like this:
// var shuffle_list = ['div1', 'div2', 'div3']; // an array of DIV IDs to rotate
// var shuffle_time = 8000; // 8 seconds
// var shuffle_effect = 'blind'; // the effect to us: 'appear', 'blind' or 'slide'
// setTimeout('imageShuffle();', shuffle_time);

function imageShuffle() {
if(arguments.length == 1)
var i = arguments[0];
else
var i = 0;
var next = i + 1;
if(next >= shuffle_list.length)
next = 0;
new Effect.toggle(shuffle_list[i], shuffle_effect, {queue: 'end'});
new Effect.toggle(shuffle_list[next], shuffle_effect, {queue: 'end'});
i++;
if(i >= shuffle_list.length)
i = 0;
setTimeout('imageShuffle('+i+');', shuffle_time);
}

Pages

Subscribe to Open source