Buried in the manual installation instructions for Windows are some instructions for making PHP scripts easier to run from the Windows command line (cmd). All of the console commands need to be run from an administrator account (right-click “Command Prompt” and select “Run as administrator”).
Read the rest of this entry »

DABL has been developed privately until today. It is now on Github. Here is the link:

DABL on GitHub

WordPress, by default, attempts to figure out how to handle its automatic updates based on several factors, including the capabilities of the underlying PHP installation and whether or not WordPress can update files.

There is a secret configuration option to completely override these checks, FS_METHOD, which takes one of the following values:

direct

Direct Filesystem Access; i.e. the webserver accesses its underlying filesystem

ssh2

SSH protocol version 2. PHP must have the ssh2 extension loaded. The documentation incorrectly calls this option “ssh.”

ftpext

FTP via the FTP extension.

ftpsockets

FTP via the sockets extension

Setting this option to “direct” skips the prompt about FTP credentials and forces WordPress to attempt a direct filesystem update; the fastest and easiest version of the update procedure.

With Apache’s VirtualDocumentRoot directive, it’s very easy to have both http and https servers listening on the same hostname. Of course, this means that a user can request the https version of the page unencrypted, which may not be desired.

For example, say we have an application with its main web page at http://example.com. There is also an administrative backend, https://secure.example.com. The web server and DNS are set up such that these are listening on the same IP, with the same basic document structure:

example.com/_ -> www
example.com/secure
example.com/www

This means that the web server will answer requests to http://secure.example.com (and https://example.com, but that’s not as terrible). To fix this, we can throw a .htaccess file into the secure subdomains document root that enforces TLS:

RewriteCond %{HTTP_HOST} ^secure.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]

Now calls to (only) http://secure.example.com redirect properly to the TLS-secured admin interface. Moreover, you can throw this into the main apache config to have it apply to all vhosts; as long as they start with secure., they’ll force the user to use TLS.

Blegh. Nobody likes to use hacks. But Internet Explorer almost demands them.

“Wait!” you say, “you should use something like conditional comments!” Yes, definitely, if you can, you should use conditional comments.

But when the client needs the site done now and there’s nothing else left to do, you use the dirty hacks.

Because they work.
Read the rest of this entry »

In a recent project we are storing a file tree structure. To get the full path to a file, one would have to traverse up the tree using the ParentID of the object.

DABL makes this very easy:

$file = File::retrieveByPK($fileID);
$path = $file->getPath();
$parent = $file->getParent();
while($parent) {
    $path = $parent->getPath() . DIRECTORY_SEPARATOR . $path;
    $parent = $parent->getParent();
}

This works just fine, but it’s not ideal. You’re potentially loading multiple related records from the database into memory which can hurt performance. If there’s multiple records getting this information in the same way, it can be disastrous.

Read the rest of this entry »

Hello, world! We finally have our new blog up and running. We’re always developing new resources for web programmers and happy to share our findings. Enjoy!