Category Archives: Software development

CakePHP Ajax/JSON calls fail? Try turning debug output off

ajax CakePHP is a rapid development framework for PHP that provides an extensible architecture for developing, maintaining, and deploying applications. CakePHP provides several Ajax features, but if cakephp debug is not turned off, most Ajax calls and JSON encoding would fail.

The problem / symptoms

When calling a server side cakephp method through Ajax calls usualy in combination with JSON encoding, the call fails. The server returns HTTP 200 and everything seems fine, but the Ajax call just doesn’t work.

Continue reading

When to Stop Support for old Browsers such as FireFox 2 and Internet Explorer 6

Let’s face it- old browsers are a pain in the rear. Browsers like FireFox 2 and Internet Explorer 6 do not behave like modern browsers. They do not render HTML in the same way and do not interpret JavaScript in the same way. You can, most of the time, fix these issues, but the process costs a lot in terms of testing, development, and time to market. I was just involved in a project were a client insistent on going through 12 browsers and paid hundreds of thousands of dollars for that line item.

The problem is that clients still use these browsers and expect to view your site properly with their legacy browsers. So, when do you stop supporting old browsers?

Continue reading

Useful JQuery Plugin to Display Errors, Messages, and Alerts: Gritter

Real estate on your web page could be as important as real estate in real life. You got very little space on your client screen and need to use every inch (or pixels). Errors and messages take up valuable space that could be better used for more important things.

That is why Gritter is a great JQuery plugin – it saves real estate on your page by showing alerts, messages and errors in a floating bubble way, that is both informative and (because you can configure Gritter to fade away after a few seconds) non intrusive:

This image was taken from one of our new site’s design, we decided to use Gritter instead of putting the errors and notification inline.

Check out Gritter’s demo site and project site and, for CakePHP developers, here is an article about integrating Gritter with CakePHP.

It is open source, looks great, easy to integrate, and is very useful!

CakeOTP 1.1 – User Registration with One Time Password for CakePHP Released

CakeOTP is a reference implementation of User Registration with a secure, table-less and expirable implementation of One Time Password for the popular CakePHP development framework.

New in CakeOTP release 1.1

1) Automatic login process, after the account activation- The user is automatically logged into the site and is redirected to an internal page, immediately after activating his/her account.
2) User email validation.

Download this release here.

Checkout the Online Demo, project page and getting started page.

JQuery AJAX POST Sending Only Partial Data? Try URL Encoding.


JQuery is a great JavaScript framework that makes web developer life much easier. But like all framework, you need to learn its gotchas in order to work effectively with it. Here is one of those gotchas –

Jquery POST method lets you create Ajax HTTP POST request to the server. It is actually a shorthand to the JQuery Ajax method:


$.ajax({
  type: "POST",url: "save.php",
  data: "param1="+paramValue1
  +"&param2=paramValue2",
  complete: function(){ }, //manage the complete if needed
  success: function(){}}//get some data back to the screen if needed
});

The problem

When executing the AJAX call, only part of the data is passed to the server and the rest vanishes. You usually see that some or all of the parameters you tried to pass are missing or cut in the middle.

The cause

JQuery uses ‘&’ as a separator between the parameters. If you have a ‘&’ within your key or value parameters, then the JQuery AJAX request gets really messed up.

The solution

Encode the parameters, replace & with %26 which is the standard encoding for that character.

Semi-Automatic

Use .replace(/&/g, “%26”) –

Here is a working example:


$.ajax({
  type: "POST",url: "save.php",
  data: "param1="+paramValue1.replace(/&/g, "%26")
  +"&param2=paramValue2.replace(/&/g, "%26")",
  complete: function(){ }, //manage the complete if needed
  success: function(){}}//get some data back to the screen if needed
});
Fully Automatic

A more elegant way is to slightly change the way we call the meethod and let JQuery do that encoding for you –

Here is a working example:


$.ajax({
 type: "POST",url: "save.php",
 data: { "param1": paramValue1,
 "param2": paramValue2 },
 complete: function(){ }, //manage the complete if needed
 success: function(){}//get some data back to the screen if needed
});

How to: Automatic User Login in CakePHP

Sometimes you need to enable silent (implicit) login for your users. A good example of this would be this – after a registration process, you would want to automatically login the user, rather then having him retype the user name and password.

In CakePHP there is a simple method in the Auth components that lets you login on the user’s behave.

Here is how it is done:


// assuming $password is the clear text password
$this->data["User"]["password"] = $this->Auth->password($password);
$this->data["User"]["username"] = $username;

// do the login
$login = $this->Auth->login($this->data);

// $login is true is login went well.
// now we can redirect the user to any page:
if($login){
$this->redirect(array('controller' => "anycontroller",
'action' => "any_secure_action", null));
}

This will be implemented in the next CakeOTP release.

IPWEditor – In-Place WYSIWYG Editor 1.2.1 Released with TinyMCE bug fix and more


IPWEditor provides easy in-place editing for Web pages with a layer of WYSIWYG. It allows you to seamlessly replace text on Web pages with inputs for on-the-spot editing.

Up until now IPWEditor did not support TinyMCE advance settings, due to a minor bug found and resolved by the community.
This release incorporates this bug fix and adds additional documentation around the ‘cancel’ functionality.

DEMO (TinyMCE)



Click me! I am editable and WYSIWYG!!! (TinyMCE)

Code behind:


<script type="text/javascript" src="jquery-1.3.2.js"></script>
<script type="text/javascript" src="jquery.editable.ipweditor-1.2.1.js"></script>
<script type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js"></script>

<div id=”editable” class=”myipwe1″> Click me! I am editable and WYSIWYG!!! </div>

<script type=”text/javascript”>//set all the tinyMCE configuration here and pass it to the editable
$().ready(function() {
var ed = new tinymce.Editor(‘myipwe1’, {
theme : “advanced”

}); $(‘.myipwe1’).editable(
{
type: ‘wysiwyg’,
editor: ed,
onSubmit:function submitData(content){
alert(content.current)
},
submit:’save’,
cancel:’cancel’
});
});

</script>

download and docs

Formal documentation and download can be found here.

Security issue in CakePHP code documentation

I have been using CakePHP for a long time now and enjoy every second. It provides a productive, easy to use and well document platform for PHP application. The key advantages for me are – transparent OR mapping, a strong Model View Controller framework, and tons of extra utilities that make your life better.

I have came across a possible security issue in one of cakePHP code examples. This section of code is responsible to authorize or un-authorize clients access to a certain action (MVC flow)

action == 'delete') {
            if ($this->Auth->user('role') == 'admin') {
                return true;
            } else {
                return false;
            }
        }

        return true;
    }
?>

The major security rule this code is breaking is – never ever have ‘return true’ as a default for an authorization method.
Continue reading

Forget About Software Configuration, Settings and Options – Choose the Right Defaults

Common pitfall “I am not sure what to do…. let’s make it configurable”

You hear this all the time in software companies – Some business analysts, developer or product manager trying to solve a dilemma in software development by pushing the decision to the end user side. “Let’s make it configurable” seems like a get-out-of-jail free card if you can’t make you mind about colors, screen layout and many other hard choices we have to make many time when designing our software.

People think they want free choice, while in fact they want the right choice.

It is a common mistake to think that making some aspect of your application configurable is necessarily a good thing. Software users rarely go into configuration and edit the software options to fit their needs. Users expect the software to work “by default” / “out of the box” / “no hustle”. Continue reading

CakeOTP 1.0 – Secure, Expirable, Table-less One Time Password for CakePHP Released

CakeOTP is a secure, table-less and expirable implementation of One Time Password for the popular CakePHP development framework.

A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.

The problem is that most one-time password implementation involve maintaining additional database tables and batch process that handle the persistence and expire date of the one time password. This adds complexity and reduces performance.

CakeOTP is a simple and clean implementation of one time password. It reduces complexity by removing the redundant SQL calls and DB batch maintenance while still keeping the one time password secure and expirable.

Download this release here.

Checkout the Online Demo, project page and getting started page.

Feel free to post comments and questions.