After constantly badgering a certain library calendar vendor over 2 years to fix his software's RSS feed charset issues. Personally I don't think getting raw text describing times in the form of "6:30–8:30 p.m." is all that valuable...that's just a single example. The calendar website declared no charset information. I have no idea what charset the database is in, and the RSS feed was declared as ISO-8859-1. Our website, database, and everything else was declared as UTF-8, not that it really mattered though since the raw incoming text from the RSS feed was all garbled to begin with.

Every once and awhile I'd randomly try to find an answer to the problem. I've been through using all sorts of different algorithms to solve the problem. None of them seemed to work, until one day I saw someone mention on StackOverflow (unfortunately I've lost the link) that he tried using htmlentities() to solve his problem and it worked. I thought, "It couldn't be that simple..." However, I had nothing to lose and tested it. It worked. (What???) I still don't know why or how htmlentities managed to run a translation table on the garbled input to output the appropriate values, but I'm happy! Even my attempts at REGEX were unsuccessful, though I probably was just unable to find ALL the right bit-level character code sequences needed. Apparently the translation table that htmlentities uses is pretty darn thorough! Thanks, PHP team!

Okay, so that was the first use of htmlentities(). The second one?

I realized I overlooked a severe security hole in my forms. When users did not provide correct details in their forms, I was simply reinserting the values they provided back in to the HTML form's VALUE tag (or in the case of a textarea, just rendering the value between the tags). For some reason this didn't strike me as being severely stupid at the time. I don't know why. I guess the "never reprint what your users submit to you" only made me think of "back to the DOM" - but only outside form elements. Who knows why. This let someone who actually put some (minimal) thought into it to run whatever PHP code they wanted simply by submitting a form without all required data. Escape the form element by using a standard HTML closing tag, then start writing the PHP. If you wanted valid HTML, just make sure to also include a dummy HTML input or textarea field once done. Simple. (Note: I am also in the process of re-examining CHMOD values of files and folders.)

When I went back to "fix" my stupidity, I also initially thought of using PHP's filter functions. Although they worked, they also would sometimes (depending on user input) remove certain characters. Like a bolt of lightning (while I was eating lunch) it came to me. I just used htmlentities(), why not just use it again? ...so I did. Now my forms are a bit more protected and our RSS feed is no longer displaying obnoxious characters to visitors due to the encoding mishaps of an external developer.

Sometimes PHP's little gems are so awesome...

I had created a topic discussing how to create an interface to add new posts to a Wordpress blog using PHP and XML-RPC. It was something I had needed for work. Unfortunately for many of my site visitors and readers from Google, I never had the need to edit an article, but many of them did. I no longer had a development installation of Wordpress and I don't particularly like Wordpress (due to its spaghetti like codebase).

The people have spoken though, and I have listened. I reinstalled Wordpress to see if I could get an edit action to work. This is a two step process, you must first get the contents of the post, and then submit the edited version back to Wordpress. The tricky part here is modifying the date field.

If you haven't read my first post on adding a new post in Wordpress with PHP and XML-RPC, you'll want to read that. There I cover all of the basics you would be better off knowing before tackling an edit straight from this code (it won't make much sense otherwise).

Using the same IXR library that I used in the post creation article, we'll use a similar approach to retrieve an article. There are two ways to get article information - if we know the ID of the article we can simply use metaWeblog.getPost, or we can get a list of recent posts (with a maximum limit of - I believe - 15) using metaWeblog.getRecentPosts.
if (!$client->query('metaWeblog.getPost','1', 'username','password')) { die('An error occurred - '.$client->getErrorCode().':'.$client->getErrorMessage()); } $request = $client->getResponse();
A simple print_r() of $request will give me the following:
Array ( [dateCreated] => IXR_Date Object ( [year] => 2010 [month] => 05 [day] => 07 [hour] => 01 [minute] => 33 [second] => 49 [timezone] => ) [userid] => 1 [postid] => 1 [description] => Welcome to WordPress. This is your first post. Edit or delete it, then start blogging! WAHOO! WAHOO! [title] => Hello world! [link] => http://example.com/?p=1 [permaLink] => http://example.com/?p=1 [categories] => Array ( [0] => Uncategorized ) [mt_excerpt] => [mt_text_more] => [mt_allow_comments] => 1 [mt_allow_pings] => 1 [mt_keywords] => [wp_slug] => hello-world [wp_password] => [wp_author_id] => 1 [wp_author_display_name] => username [date_created_gmt] => IXR_Date Object ( [year] => 2010 [month] => 05 [day] => 07 [hour] => 01 [minute] => 33 [second] => 49 [timezone] => ) [post_status] => publish [custom_fields] => Array ( ) [sticky] => )
As I said, the tricky part here is the date. If we want to modify the date, we need to supply the IXR_Client object an IXR_Date object. But how do you do that? Well, looking at the IXR class code, the constructor needs to be supplied either an ISO date, or a timestamp. Since it's easy to supply a timestamp, I'll do that for this example.
$newDate = new IXR_Date(strtotime('now')); $content = array( 'title' => $request[0]['title'], 'description' => $request[0]['description'].' <p>I've added this text to the end of the entry.</p>', 'dateCreated' => $newDate, 'categories' => $request[0]['categories'] );
I used strtotime() with "now" as the passed parameter so that we'll get back a timestamp for the current time. This is just an example, make it fit to your needs. I've also put in the necessary data required for the $content variable, and used most of the variables from the previous metaWeblog.getPost request. So...now we simply call the actual query for metaWeblog.editPost:
$published = ($request[0]['post_status'] == 'publish'); if(!$client->query('metaWeblog.editPost', $request[0]['postid'], 'username', 'password', $content, $published)){ die('An error occurred editing the post - '.$client->getErrorCode().':'.$client->getErrorMessage()); }

That's it. metaWeblog.editPost is pretty easy as long as you have the right data being sent to it.

Note: I will NOT be indulging questions pertaining to anything beyond the scope of this article, such as custom fields or any type of plugin that modifies the standard behavior.

I needed a way to authenticate users from our library from a server outside our network, and therefore also not connected to Active Directory. At first I was thinking LDAP would be the best way...then I did my research and learned enough about LDAP to realize just how much information it gives out - WAY too much for it to be very secure. Even if I used SSL, created an account specifically for this access, set that account to read only...all it would take would be one person to hack our server and grab that information and all our organization's data is out there. Although it's about as much of a chance as getting hit by lightning in the middle of the desert in a sand storm, I wouldn't want to be responsible.

The only server with any sort of external web presence that is also touching the internet is our Exchange server's web access portal. I thought, "Ah HA! I can use cURL, or streams, or fsockopen or something to fake a login to this page to verify authentication!" After searching a bit (I'm terrible every time I attempt to write something using cURL to authenticate), I came across a few things.

1. Exchange Server 2007 uses SOAP to provide a web service...AWESOME! We currently use 2003 though, but we will be upgrading later this year, so this may be helpful later on. [Link]
   1. HowToForge article on how to use PHP with 2007's SOAP Web Service
2. I found this PHP script that I tested, which successfully contacted our OWA server and authenticated.
3. I also found a PHP class on Google Code from Tyler Hall - it's not any particular project repository, just miscellaneous code he's hosting. It looks like it's slightly more feature rich, allowing info from address books and a user's inbox, for example.

I only needed to authenticate our building, so thankfully we had our own subdomain (not sure of the proper terminology) in the AD... If your domain was example.com (DC=example,DC=com), just getting OUR office (assume "Office1") was as easy as defining office1.example.com (DC=office1,DC=example,DC=com) after the @ symbol in the user's username (typically unnecessary information with OWA, but adding it explicitly was important here). It (seemingly) worked perfectly.

If you plan on doing something similar, just make sure that you cache (and encrypt) username/password information locally, hitting the OWA page continuously would probably make your System (or Email) Administrators a little unhappy with you.

As I'm working on a desktop application that needs to connect to the database backend, and CakePHP provides an awesome mechanism for REST or AJAX communication (as well as data validation), I decided to have my desktop application talk directly through the Cake interface to do its magic.

Unfortunately, I was also using CakePHP's rather secure Security component to prevent XSS/CSRF attacks. The problem is that because the desktop application was directly accessing the method with data and bypassing CakePHP's FormHelper automatically created (and Security Component friendly) rendered HTML, it was failing (and because it wouldn't even get to the action since the Security Component was set in the AppController, I couldn't even use $this->log($this, LOG_DEBUG) to see what was happening).

After searching for a good 30 minutes or so, I came across this archived Google Group post by franky06l:
if(isset($this->Security) && $this->action == 'myaction')) $this->Security->enabled = false;I updated this to only be used in my specific controller's action, as so:
function beforeFilter(){ parent::beforeFilter(); if(isset($this->Security) && $this->RequestHandler->isAjax() && $this->action == 'add'){ $this->Security->enabled = false; } }Voila! It now works as expected.

Note: One will need to be extra cautious when disabling the Security Component. The Security Component takes care of a lot of issues for us automatically, by disabling it, you're opening yourself up to some possible troubles. Extra precaution is recommended, and I relinquish myself from any use of the above code that may cause harm - use at your own peril (or absolute need)! :D

I was randomly perusing the web and stumbled across an older interesting List Apart article (September 19, 2005 to be exact). In it, the author used JavaScript to create a list of all links found on the page, and then create a footer with a footnote-like list. I was using simple CSS to display the URL of the hyperlink in print display media, but that doesn't work in some browsers (IE), and worse off it can really mess up the visual order of the page.

Inspired by the article's intentions, I decided to use some jQuery to whip up a similar solution and I took the opportunity to use jQuery 1.4's new syntax for object creation (so this is 1.4 code only - see comments for a 1.3.x solution). Differences? I exclude hyperlinks set to the hash symbol (#) which shouldn't be found anyway (graceful degredation people!), "mailto" links, and I don't find link element's citations (blockquote "cite" property). I also believe his script would grab image information, but I'm not entirely sure, mine only searches hyperlinks. I also opted not to exclude listings of duplicate hyperlink values. If it's found twice, it lists it in the footer twice. Less JS processing, and more clear to the visitor (in my opinion).

Expected Issues: It requires JavaScript (and the jQuery library included on your page). If JavaScript is enabled but CSS is disabled, the hidden content will be visible to the user.

On to the code!

First thing's first, we should find the links in our code that we'd like to target. For my situation, I have a content class defined on my page for all content, and the column that contains the actual body is called ".col2_right" (yes, I know, ignore the fact of the poor naming scheme). So, in jQuery, we're going to target all hyperlinks found in the col2_right and content classes, but we don't want to include links to hashes or mailto links. I've also removed listing to nofollow links, but that is my choice (probably not a good one, but I digress).

var links = $('.col2_right.content a[href]:not([href^=#],[href^=mailto],[rel=nofollow])');
We'll also need some sort of container to keep these found links wrapped in. I chose to use a fieldset and legend, you could just as easily create a DIV and a H2 or other tags for your own purposes. I also want to create an ordered list to match the found hyperlinks.
var footnotesWrapper = $('<fieldset>', { css: { clear: 'both' } }).addClass('print_only'); var footnotesLabel = $('<legend>', { text: 'Website Addresses Used in the Document' }).appendTo(footnotesWrapper); //create an OL to hold the footnotes var footnoteList = $('<ol>').appendTo(footnotesWrapper);
Here comes the real center, meaty goodness of the script: looping through our list of found hyperlinks, creating a little notification text next to the hyperlink's text, and add the hyperlink URL itself to the footnote section in the ordered list as a list item.

We use jQuery's each() method to loop through the items in the array, grab the link's URL so that we can do some testing on it, and modify it's value for inclusion in to the footnotes. Some links may be relative URLs, but that doesn't mean much to someone who doesn't know what a relative URL is. In fact, it would probably confuse me too at first. I then create a span tag to hold the associated footnote number (the ListApart article used a superscript tag, I found regular text is more easily readable), add a class to it so it's only visible when printed, and create my list item element with the URL from our link, and place those elements in to the document in the appropriate places with the appendTo jQuery function.
$.each(links, function(i){ var linkText = $(this).text(); var linkValue = $(this).attr('href'); if(linkValue.substring(0,1) === '/'){ linkValue = 'http://'+document.location.host + linkValue; } //create element to hold span with class to hide except on print var newElement = $('<span>', { text: ' ['+ ++i +']' }).addClass('print_only').appendTo($(this)); var listEntry = $('<li>', { text: linkValue }).appendTo(footnoteList); });
Last but not least, we append our entire footnote to the end of our content body section. The full code is below.
$(document).ready(function(){ //get the container and target var links = $('.col2_right.content a[href]:not([href^=#],[href^=mailto],[rel=nofollow])'); if($(links).length){ //create a container and heading for the footnotes var footnotesWrapper = $('<fieldset>', { css: { clear: 'both' } }).addClass('print_only'); var footnotesLabel = $('<legend>', { text: 'Website Addresses Used in the Document' }).appendTo(footnotesWrapper); //create an OL to hold the footnotes var footnoteList = $('<ol>').appendTo(footnotesWrapper); $.each(links, function(i){ var linkText = $(this).text(); var linkValue = $(this).attr('href'); if(linkValue.substring(0,1) === '/'){ linkValue = 'http://'+document.location.host + linkValue; } //create element to hold span with class to hide except on print var newElement = $('<span>', { text: ' ['+ ++i +']' }).addClass('print_only').appendTo($(this)); var listEntry = $('<li>', { text: linkValue }).appendTo(footnoteList); }); // append the heading and <ol> to the target $('.col2_right.content').append(footnotesWrapper); } });

Note the added "if" statement to check the length of the links variable. If it is empty, we did not find any links and don't want to create any extra markup when printing the page.

Oh, and the CSS: ".print_only { display:none; }" This should be placed in your normal style sheet, and leave it out from your print style sheet. If you don't have a print style sheet, extend it a bit: @media print { .print_only { display:none; } }

Note: Thanks to Stiles to provide some fixes and compatibility changes for jQuery 1.3.x.

Awhile back I had reported on my findings of how to use jQuery to automatically tag links on my site (that link to a site that is not my own) for event tracking with Google Analytics.

Although there are ways to use the pageView method and parse the data within Analytics so that it does not skew your view of overall visits/hits, I simply find it easier to mark these as events since they aren't actually page views, but events.

Unfortunately, it's helpful to see which external links are pertinent to people, and which page they're leaving your site from (and where they're going), so rather than identifying the event type itself (click), I used that field for a value instead so it could be categorized by any of these things from within Google Analytics.

The problem I was having personally was that the values I was using were not strings (in my own tests at least; the code on the blog should have worked, theoretically). I was using document.location (type: object) and passing it to the trackEvent() method, which checks for value types (and denies incorrect calls). Here is the updated (using the new Async method) code which is tested, and works:

<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-XXXXXX-1']); _gaq.push(['_trackPageview']); //track this pages view (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); //the above code is Google's default code, below is my addition (using jQuery) $(document).ready(function(){ var domain = document.location.host; //includes port if exists, whereas hostname does not var curPage = document.location.href; $('a[href^="http"]:not([href*="'+domain+'"])').each(function(){ //track the events (string unless noted): 1st = method, 2nd = category, 3rd = action, 4th = label, 5th = (int)value //http://code.google.com/apis/analytics/docs/tracking/eventTrackerGuide.html $(this).click(function(){ //track an outbound link-click event _gaq.push(['_trackEvent', 'Outbound', curPage, $(this).attr('href')]); }); }); }); </script>
Remember to change your own account ID in the code above!

There is no need to define your domain's actual information anywhere unless you want to track both subdomains as well as top-level domains under a single account. For that, take a look at the Google Analytics documentation. I haven't done this myself so would not be able to suggest a best-method approach for it. This code tracks any HTML-based links (links inserted dynamically with JS will not be tracked, you can do this with $(this).live('click', function()...) instead of $(this).click()) that point to anywhere NOT within your domain. If you use a redirect script as part of your domain, (ex: ...tracker.php?go=http://someothersite.com), then this will not track that page click as-is.

This code specifically defines the event as "Outbound", the category as the currently viewed page's URL, and the action field as the URL that the user will be taken to. Modify 'til your heart's content. :)

For even more accurate results, see how to delay the loading of the external site so that the tracking code has more time to accomplish its task (race conditions are fun): Google's Solution

When you're working with plugins, or trying to be as unobtrusive as possible while doing a bunch of different things to your original markup, sometimes you have the problem of specific elements being triggered by multiple actions.

What happens when one action ends up replacing (visually) or covering up one element with another? Typically it's not a problem - unless the element that was replaced or covered up had an event attached to it. I had this happen to me recently when one jQuery script (dynamic icon overlay using a span) covered up another script (onclick event for an image to load a modal window for a video player). Uh oh!

I could have ignored the problem and simply duplicated the original images and added the "play" icon directly to the images themselves. However, if I ever should want to change the icon, that would require modifying all of the images again - and I'd need to keep the original images somewhere if that were ever the case. I could have built the overlay in to the original script, but then it's sort of losing scope on its original focus and intention.

It seemed the best way to combat the problem was to try to get the event(s) (a click event in this case) that was registered on the IMG element, and apply it to the SPAN that was overlayed on top of it.

While searching for answers, I accidentally stumbled across slides from a talk by John Resig that contained a bit of jQuery that I had never known about before - but apparently every time I now hear about it, every one raves about it. It's jQuery's $.data() utility method. Through using this method (and outputting JSON data directly through an alert box using Firefox's proprietary toSource() function), I was able to ascertain information about the events associated with a specific element.
<img class="video" src="http://media.sspl.org/videos/history/ejones.jpg" width="100" height="76" alt="ejones" />
Note: The following alert would only work in Firefox. To alert JSON in all (native JSON unsupported) browsers, you'd want to use Douglas Crockford's JSON2. In newer browsers, you should be able to just use the stringify() function (I just chose not to).
alert($('img.video').data('events').toSource());
The above JS code acting on the HTML element (in my code, anyway) created the following string:
( { click:[ { handler:( function () {alert("clicked");} ), data:(void 0), namespace:"", type:"click", guid:1 } ] } )
At first I thought I could just copy the data from one element's data property to another element. Unfortunately that does not work as it doesn't actually register anything. I asked a question over at StackOverflow, and although the answers that I got weren't exactly what I was looking for, someone had already created a jQuery events copy plugin. I didn't want to have dependencies on other plugins in my code, so I looked over the plugin's code to go about my own solution.

Since not all handlers will be using a plugin (and therefore simply contain a function name), very few will have a namespace. I didn't bother with that in my code (but I may refactor later). Instead, I took the necessary information and simply looped the events registered with the element, and re-binded them using jQuery's own bind() method.
var events = $(this).data('events'); var curElement = $(this); if(events !== undefined && events){ $.each(events, function(eventType, data){ //var namespace = data[0].namespace; var method = data[0].handler; var methodData = data[0].data; curElement.parent().bind(eventType, methodData, method); if(settings.preventDefault){ curElement.parent().bind(eventType, function(e){ e.preventDefault(); }); } }); }
Keep in mind that this specific piece of code I was working on created an overlay (an element that surrounded and rested) atop the target element (thus the parent().bind). Your particular uses may vary. The 2nd bind() was also specific to this code's purpose. Although a SPAN tag was created, if the target element's parent was not an anchor element, it would create one and wrap itself in that. The only way to prevent the default behavior of an anchor tag was to issue a 2nd bind (I didn't know how to pass it in to the initial bind call).

Note: jQuery's "helper" events (ex: mouseenter, mouseleave) duplicate and/or enhance functionality of the mouseover and mouseout behaviors. Because of this, if you use jQuery to create a mouseenter event, internally it binds the element with a mouseover event, and then binds again with its own overriding event (from what I can tell, anyway). Therefore, my code here copies and registers both events (mouseenter and mouseover) and unfortunately will also fire both of them. This code (as-is) works best on native event types.

Unfortunately I was unable to determine how to unregister or remove specific events. After looping I could remove all events from an object, but I couldn't perceive a way to do it within the loop itself. If you had to target a specific handler in your loops, I don't know if it would be possible to move events, but only copy.

My blog system has been hacked for the 2nd time now. I've begun writing a new system at the root of this domain (no more subdomain), so if your RSS feeds break, I've either moved to my new blog, or I've upgraded this blog to fix the hack for the interim - until I can get comments working (which will take me to just get Akismet integration as comments are already technically ready).

I'm don't think the blog system has been secured, so I'd suggest not posting any comments until or unless I update this post mentioning that it is now safe.

Update: Despire the german theme's "Written by" text, this blog's been reinstalled from scratch with the newest version software, but using the same database. Hopefully nothing's still infected. This should give me a decent amount of time to properly move the article entries and comments to the new blog system without worrying too much (and figure out a mod_rewrite rule for the SEO redirects).

At some point in time you may find the need to get a list of all of the controllers within your application. It's actually quite simple so long as you don't need controllers from any plugins.
function listControllers() { $controllers = App::objects('controller'); $controllers = array_diff($controllers, array('App', 'Pages')); pr($controllers);die(); }
Place this code in any of your controllers and view it from the web (for instance, from the Users Controller): http://www.example.com/users/listControllers

You'll see something similar to the following:
Array ( [2] => Comments [3] => Posts [4] => Tags [5] => Users )
The App::objects() method returns an array of objects of the given type, such as: 'model', 'controller', 'helper', or 'plugin' - it also accepts other parameters, such as "path" in case you do eventually need to check controllers for your plugins.

The array_diff() is there as a much simpler method to remove the AppController and PagesController from the returned results as they would most likely exist in your application regardless and aren't normally something you'd need to worry about with ACL as there are other means within Cake to handle access to them. You'll notice that array_diff doesn't return an array starting at index of 0 since it removes keys from the original array too. That shouldn't be a problem, but if it is you can always use a loop instead of array_diff() and just unset or splice the matching values.

I used the CakePHP convenience method of pr() (print_r surrounded by PRE tags), and a die() simply to show the returned results and print them to the screen. You'd probably prefer to double underscore the function name (__listControllers()) to make it a private method to the class (rather than publicly viewable via the web), and change pr() to return.

What's the purpose of this?
- Maybe you'd want to create a web interface for ACL and need to know which controllers to give/deny access to/from
- Maybe you want to create a navigation menu based on your controllers
...maybe you can think of something that I can't. :)

Alter to your own tastes. This is only a starting point.

Other useful links (check version compatibility in these resources):
Quick dessert: List all controllers of a CakePHP application
Automatically load all controllers and actions into ACO tables for ACL with a CakePHP Task
How to list all controllers

For a long time I've wanted to start using Subversion. I see all the benefits of using such a system, but I haven't taken the time to learn it. I've installed it (v1.3.2) a long time ago, but I never really did anything with it -- it was simply so I could interact with SmartSVN (a SVN client) to download others' repositories. I think it's about time I start using it in a more meaningful way on my own projects. In order to do this, I thought it would be best to start from scratch (and therefore uninstalled all previous, remotely related software). (For further learning on SVN, please visit Red-Bean's SVN Book online.)

So, it had been so long since I've done anything with Subversion, where was I to begin? I've read about all the great and wonderful things SVN can offer, but...how do I get it, how do I install it, and then how can I access it?
Continue reading "Installing and Setting up Subversion (SVN) Under Windows XP"