PHP Barcamp: May 1 and May 2, 2010 in Salzburg

For those this is not too short in time: On May 1 and May 2, 2010 in Salzburg / Austria in central Europe there will be a PHP Barcamp. It comes with a superb list of featured speakers: Continue reading →

WordPress Single-Sign-On Preview

I’m currently working on a more detailed article related to wordpress and single-sign-on. It is a nice topic and because of that I started to create some concept art now that should picture the whole thing.

That is a sample page to show what all this is about. A first preview (PDF) is available as well.

I’ve planned to publish a blog post, a PDF file illustrating the concept and sample code in form of wordpress plugin. Stay tuned.

Guessing how WordPress works #736: Hotfix via HTTP-Reflection

Is redirect_canonical() the hotfix for wp->query()? Two are candidates for a refactoring anyway.

Classic and Default Theme for WordPress 3.0

Some days ago I wrote about that Classic and Default themes have disappeared for wordpress 3.0. This might me a pitty for you if you use a theme that extends the one or other of those. You won’t get any more update for those from wordpress trunk. So what are the options? Continue reading →

Bubbles

Was there a security Issue or wasn’t there for that what many wordpress users have been recently experienced in the beginning of April? Google is still full of in that way hacked wordpress sites. Continue reading →

A Primer for PHP 5.3’s New Language Features

Matthew Weier O’Phinney, a guy in the Zend Framework 2.0 developing team, has published an article called A Primer for PHP 5.3’s New Language Features I’d like to link to:

For the past month, I’ve been immersed in PHP 5.3 as I and my team have started work on Zend Framework 2.0. PHP 5.3 offers a slew of new language features, many of which were developed to assist framework and library developers. Most of the time, these features are straight-forward, and you can simply use them; in other cases, however, we’ve run into behaviors that were unexpected. This post will detail several of these, so you either don’t run into the same issues — or can capitalize on some of our discoveries.

It’s about discoveries and pitfalls of the php 6.0 pre-release known as 5.3 or php 6 minus UTF8: Closures, Anonymous Functions, Lambdas, Invokables and Namespaces. Well written with example code, just a nice read.

Via: Zend.

Themes gone.

It just came to my attention that WordPress 3.0 (see also WordPress 3.0 now Feature-Freeze) not only ships with a new theme but also will lack of the Classic and previously Kubrick based Default theme. They both have been burried into the theme repository:

• Classic
• Default
• WordPress Classic
• WordPress Default

This looks a bit chaotic, I assume this is because it was a quite ad-hoc decision and work in progress.

Smells like that WP 3.0 will really break with traditions and with current configurations using now the default but then outdated (and possibly incompatible) themes then. Those themes might still be left on users servers but are untested in trunk since some days already. If it was wise to do such decisions actually in the beta period where stuff could have at least been tested for the oh-so-often quoted backwards compatibility? We will know sooner or later. It does not look like that a SVN external will be thrown on them.

Related ticket is: #10654, Twenty Ten Ticket is #9015.

Nwire Eclipse PHP Plugin Review

I’ve seen nWire announcing their plugin on some blogs and they offer a free trial for it. Since I’m a Eclipse PDT userette I wanted to give it a testdrive. Here we go: Continue reading →

PHP Mess Detector

Another tool for maintaining and control PHP sourcecode is PHPMD – PHP Mess Detector. A spin-off project of PHP Depend:

What PHPMD does is: It takes a given PHP source code base and look for several potential problems within that source. These problems can be things like:

• Possible bugs
• Suboptimal code
• Overcomplicated expressions
• Unused parameters, methods, properties

PHPMD is currently in an early development stage and so it only provides a limited set of pre defined rules that detect bad smells within the analyzed source code.

I know I’m lazy and copied a lot of text over from the homepage but it’s already early and I think this is worth to share.

via: Howto create custom rule sets for PHPMD

*** LINKS ***

GIT: Homepage
GIT Introduction Video: Linus Torvalds on git
GIT Online Book: Pro GIT

CSS: CSS Tips and Tricks

HTTP Cache / Accelerator Varnish Cache
HTTP XSS Control: HTTP access control
HTTP ENCODING: Understanding Character Encoding In Java Webapps With IE.

PHP Test: Zend Certification PHP 5 Sample Questions
PHP Test: The Zend PHP Certification Practice Test (slightly outdated, has PHP 4 tendencies)
PHP Test: True or false in php: Quick-little online test
PHP Test: PHP Quiz (Beginner)
PHP Test: Teste dein PHP Wissen (German)
PHP: Is there a static code analyzer [like Lint] for PHP files?

wordpress Review:WordPress Jetpack: Friend of Foe?
wordpress Plugin: WP Developer Assistant
wordpress Plugin: Log Deprecated Calls
wordpress Helper: WordPress Helper (Firefox Add-On)
wordpress Tool: WordPress Functions Implementation History Tool

WordPress (czech): WordPress Links Links Links all over the place. (even if you speak no czech, this is useful)

WordPress Administration Hell

Friday night was a little longer yesterday. I had to migrate and upgrade three wordpress 2.3.x based blogs to a new server. When you look at the version number you can be pretty sure that all those three moves and upgrades did not went that flawlessly. Those installs just did not get any love over the last years months.

So we had everything you could imagine, from corrupt databases and filesystems, hacked setups, 1.5 gigabyte of spam in a single blog. You just name it – we got it.

Nevertheless that are those scenarios which will help you learn a lesson: Web-interfaces are nice put unleashed power lies within the shell. Be it transferring the application files and data via SCP, dumping and importing of MySQL databases, packing and extracting, searching for malicious code or just running a new install. It pays to have shell and ssh at hand on the boxes. Gladly this is more and more the standard with todays hosting. Many of the Cpanel or Plesk based products you can get for some bucks out there have it nowadays. Let’s say, most of the Linux based hosts :D.

The Day After

For those of us who are not a sysadmin but know that those *nix commands can be extremely powerfull, it’s good to have some reference at hand.

~ wget -qO- http://wordpress.org/latest.tar.gz | tar --strip=1 -xz

(Download and Extract WordPress via Shell)

I therefore started a document in wordpress codex providing some commandlines that are helpfull while doing wordpress administration. I hope this is helpfull for others as well: Grep and friends. It’s not completely finished right now but some gems like the wordpress installation one-liner above are already in. Have fun!

Just let me know your favorite commandlines or let me know about those tasks you do not know which commands to use for in the comments.

Nginx front-end proxy cache for WordPress

A how-to by Dan Collis-Puro “geek of all trades” on optimizing your WordPress MU install, using Nginx as a front-end proxy cache for WordPress:

We put an nginx caching proxy server in front of our wordpress mu install and sped it up dramatically – in some cases a thousandfold. I’ve packaged up a plugin, along with installation instructions here – WordPress Nginx proxy cache integrator.

The article is available online on his Blog. Additionally, a WordPress Plugin is available which is related to the HowTo: WordPress Nginx proxy cache integrator.

International PHPUnconference 2010 announced

In a recent interview done by the german PHP Hates Me Blog author Nils Langner, Judith Andresen and Markus Wolff from the (at least in germany) well known PHP Usergroup Hamburg have announced the first PHP Unconference aiming for an international audience in Majorca in Q4 2010.

Those two together with other usergroup members in Hamburg are successfully organizing a PHP related Ad-Hoc-Conferences since 2007. The so called PHP Unconference Hamburg has become one of the yearly must-go-events in the PHP-Scene in Germany (just all 200 tickets sold out after some days for this year’s conference).

The announced Majorca (Spanish: Mallorca) conference has the same blueprint. Organized as Unconference based on the Open Space methodology, will be hold on a Saturday and Sunday with a warm-up party on Friday. Planned size is of 200 people. The exact location as well as the exact date is yet to be announced.

If you kown of a location for 200 people that is willing to host a low-budget event or any other form of support or feedback, feel free to contact the PHP Unconference Organizers. Updates can be followed on the Blog’s and Twitter’s RSS Feed. On the event’s blog as well, naturally.

via: PHP Magazin

Mozilla Jetpack

If you’re a webdeveloper you sometime might have dreamed about creating your own Firefox extension. But you might never wanted to learn all the Details of XUL and XPI. Well, no need to do so any longer with the Mozilla Jetpack from Mozilla labs.

All you need to know is what you already know: HTML, CSS and Javascript. The rest is encapsulated into Jetpack, a python based SDK that will create the XPI for you based on your “Website-Plugin”.

Jetpack & Raindrop Demo from Mozilla Messaging on Vimeo.

I really like the idea!

Spread the News: Setting up Habari

It’s always good to see beyond one’s own nose. So why not give Habari a little (svn) check(out)? Created to keep up with up-to-date features – both development as web related – it is growing since the very beginning of 2007. Just to show you the picture, they were first in the now (again) more and more accepted usage of HTML instead of XML for your websites. Just to note it. So here we go:

• SVN Repos is: http://svn.habariproject.org/habari
• The Projects webroot is /htdocs, point your webserver to it.
• You will need Javascript to use habari. Both the install script as well as the backend.
• The installer will tell you if something is missing in your PHP configuration.
• Habari needs a database, for example a MySQL create database habari;
• Just run the installer by request the Blogs webroot.
• Ensure, that your URL does not end with a / for the blog to work. Habari removes it.

My impressions so far are half and half. There are things I start to like as well as you can see that it’s not that roughly tested all over. Let’s see. With this first instructions you’re getting a habari test setup running under 5 minutes if you’ve got your testbed up and running.

One big plus compared to WordPress is the code. I won’t say it does not has issues but they were in for PHP 5 in the first place and that really makes sense, you’ll see it if you take a peek inside. And read the supported features.

Links

• Habari Homepage
• Habari Documentation

Symfony Reloaded

Fabulous Fabien! It’s just inspiring to see what’s scheduled for late 2010. Keep the fingers on the keyboard and grab a sandbox.

PHP Code Sniffer, Eclipse and WordPress

Or: Steady progress on WordPress and it’s coding standards and getting things working together

Have I said previously that I personally really hate the WordPress coding standard? All these spaces in there. For some coders apparently it makes it easier to read – I really dislike those whitespace everywhere. But as with any coding standard, someone is not confident with it – ever. And I’m not such a person that can not adopt to a project’s style. So the current standard we have is not a blocker to me. Infact, I even can help to improve it.

Since we have made our minds a lot about which standard to adopt and to put the most serious issues upfront (currently the code-base is very inconsistent in it’s style) I wanted to make progress to practically adopt the style. The coding-standard-ticket in trac does not have much activity yet, so it’s about time. As weapon of choice I’ve selected PHP_CodeSniffer; A command-line application (PHPCS) that can check PHP code against a definition of coding standard and lists the problematic lines afterwards. It is available in the PEAR repository.

After the decision to use PHP Code Sniffer (I did not find any alternative and Installation is done quickly via PEAR) I was looking for the appropriate standard definition. To my surprise, there already was one available for download. Ca. one year ago, John Godley made it public on his blog, with a mention by Matt Mullenweg. So I installed the PHP_CodeSniffer_Standards_WordPress-0.0.1. Since commandline tools are nice for automating stuff (e.g. checks on changes of a file) I like to have it more comfortable within my editor.

For a better integration of PHP CodeSniffer into Eclipse I’m usind PHPsrc – Eclipse PHP Tool Integration. It ships with it’s own copy of PEAR and PHP_CodeSniffer so that it does work out of the box. You can find the Eclipse Update Site on that link, so it is a breeze to install. It does highlight the violations directly with your code then – very comfortable and good for ongoing quality control.

I wondered a bit – since there was already a Coding Standard defintion for PHP Sniffer – why it was not that well adopted and more used. After the first run, I understood why: It was throwing an immense amount of errors on me, nearly seven thousand. I can understand that every developer who want to give that some attention would say: well folks, why should I take care? There is a psychological dimension in teamwork and Coding Standards is something that is closely connected with collaborative development.

New WP Test-Sniffs

Then I took a closer look why there were so many errors. A view inside the sniff revealed that many definitions were taken over from projects like PEAR whereas in the current discussion many developers expressed their dislike of the PEAR coding standards. Also it is checking for so many things which aren’t really clear in the definition. When I would create patches based on those rules, I’m pretty sure Nacin would become pretty angry to me 😉

Wordpress Sniff compiled in April 2009

So I started to compile a new set of sniffs. It concentrates more or less on the basic rules that everybody agreed to, so a first level can be applied easily without getting overwhelmed. This is backed up with the second idea that has been proposed: create reference files. I created three files: style_bad_coding.php, style_good_coding and style_undefined_coding.php. It’s quite simple, good coding contains good code examples that should not raise error. Bad coding contains only bad code, so every case must raise an error. In undefined I started to document those cases where the current standard is not that strict or where even no definition is available. The wordpress codesniffer standard should not do errors on that file.

PHP CodeSniffer with WP sniffs in Eclipse

With this principle I was able to create the first Sniffs. I’ve uploaded some screenshots which show what I’ve just written about. And there is one big screenshot that shows the whole picture of the integration of PHP Code-sniffer. There are things to come the next days, so wether you’re using Eclipse, the commandline or some other IDE that integrates with PHP CodeSniffer, let me know. The sniffs will be ready to test soon.

Previous: Coding Standards Summary of the last Week (28 Jan 2010; by hakre)

Chive – Webinterface for your MySql Database

Chive wants to offer a more modern webinterface to your MySQL database. It’s doing so by those features:

• Syntax highlighted SQL Editor
• Re-Use of Queries by Bookmarks
• Search while you type
• Inline Editing for Rows and Tables
• Supports Views, Routines and more

I just stumbeled over it I think it’s worth to give it a try. More AJAX, more ease of use. Driven by friends: MySQL, jQuery, PHP and the lightweight YII Framework. Smells a bit like a next-gen PHPMyAdmin. Can it beat it’s maturity? Does it work with noscript? Is it save? Decide by yourself: Chive Project.

Enhancing Feeds: PuSH it to the max

It’s time for enhancing feeds again. This time you can give your feeds the little extra push they deserve. wordpress just integrated with PubSubHubhub (smoking too much weed over there in the dev department? you might ask yourself, but read on) which is nothing else than that feed-readers can now subscribe to your site and they get notified the moment you press the publish button instead that they fetch your feed over and over again to look if something has changed. RSS in a stream. Check out the video (Brad Fitzpatrick developed it, geez! ):

I’ve seen it in a google tech video and things can become amazingly fast, sort of (instant) messaging between websites. For your wordpress based website you can now download the pushpress plugin which will easily enable the functionality.

The wordpress pushpress plugin ships with the server (the Hub) as well, so it’s the client and server in a box. So cool. If you host your blog on wordpress.com, you already have it now.

Prevent Code Injection in PHP include files

While discussing Coding Standards it was not long ago I argued against adding ?> at the end of php files. But miqrogroove pointed to me an interesting aspect why it actually can make sense to have it and an additional return statement at the end of each file: That one (merely the return statement) can prevent an attacker to append payload code to existing PHP files, for example known include files. The countermeasurement is pretty easy, just add a return statement at the end of the file. It will end the include “subroutine”:

  /* all the include file's php code */

  return;
?>

Well infact, a simple return; statement can as well without the ?>, so I can stay with my habits 🙂 . Maybe a consideration for the files in the wordpress project? Include filenames and locations are publicly known, so why not?