Tag Archives: PHP

CodeIgniter’s Form Helper doesn’t respect POST arrays

I’ve been working on my first ‘proper’ CodeIgniter project this week. It’s been quite gruelling, as there are some moments where I have definitely sped up my production. But it’s constantly getting hampered by the learning curve. It may be slight, but is frustrating when I hit a wall.

One issue that just cam up is that I want to send multi-dimensional post data to the set_value function in the Form Helper. As you’re passing a string, the array is completely disregarded, and you’re left with nothing.

I’ve created an extension to the helper to temporarily get around the problem until I can look at it and fix it properly:

MY_form_helper.php

<code>

<?php
if ( ! function_exists('set_value_arr'))
{
	function set_value_arr($field = '', $id = '0', $default = '')
	{
		if (FALSE === ($OBJ =& _get_validation_object()))
		{
			if ( ! isset($_POST[$field][$id]))
			{
				return $default;
			}

			return form_prep($_POST[$field][$id]);
		}

		return form_prep($OBJ->set_value($field, $default));
	}
}

?></code>

This sets a second parameter as the array index. This way, you should be able to access form elements sent into the POST array as arrays themselves.

Automated Documentation in PHP

I’ve been looking for some software to help me compile web-based documentation for a school that we work in.

What they are trying to do is write coursework modules for staff to follow, and then have them available on a site.

I know how this ends up. One of the ideas I had when they told me that they were writing modules was to put it all in word, and then generate PDFs at the end, using the headers for bookmarks in Adobe.

It was sound until I was told that there must be ‘no scrolling’, so that pupils with a 2-second timespan might be able to read it. I’m not convinced that the no-scrolling is the way to go, but I suppose it’s no better one way or another.

So, here we are. I’ve scoured the internet looking for something that will do the job nicely. I found some modules on the PEAR site that would allow me to create documentation and store links in a database. I liked the look of it, but it seemed that I might have been going a little off-track as with HTML Menu, I’d probably end up storing all of the data in HTML pages that I’d still manage and then place the menu in a database. Not fun.

Luckily, an offshoot of a PEAR project surfaced called PHP Dcoumentor while has some useful documentation (surprise, surprise), and seems to be able to generate documentation into a variety of formats from XML or DTD, which can’t be bad.

Steve was perplexed as to why we are doing this, when it means that we would have to go through everything that the tutors have written for the modules and reformat it. Ironically, if they had settled on my PDF idea in the first place, then it’s feasible that we could have used the Word styles as a starting block for the online styles.

Still, if someone wants to pay me to make documents look pretty, then I’m all for it.

Reverse Engineering Passwords

Hashing passwords is a common way to secure them in a database and make sure that they cannot be read easily.

But did you know there’s a website that reverse engineers the hashes and stores them in a searchable database?

The folks over at RedNoize have created such a site.

Obviously, there’s no better protection than keeping your databases tightly secured – but even so, it may be worth considering putting extra abstraction on passwords – just to make it that little more difficult.

Using the RTSP Protocol with the PHP header function

I had a great deal of trouble getting Internet Explorer to redirect the header to a RTSP link using the header function in PHP.

I found that in IE, I would get a HTTP 402 error (page has been temporarily moved). IE would happily sit there and tell me it could not be found.

Firefox was a little more robust and displayed a page which resolved an alternatve link – “Object Moved” gracing the page and a link to the rtsp link. This would also automatically open the link in Firefox.

Thankfully, I found the answer on the Jalix PHP manual.

I think that the idea is to generate a RAM-style link to the RTSP protocol rather than redirecting directly to it:

Header ("Pragma: ");
Header ("Cache-Control: ");
Header ("Expires: ");
Header ("Content-Type: audio/x-pn-realaudio");

# insert DB code here
print "rtsp://host.com:554/$filename";

That should happily create a working link to the RTSP transport.

And to Schu, yes – that saved me loads of time.

ASpell, PHP and IIS

I’ve been trying to introduce spell checking into my PHP application and have been hitting a small snag. It’s called ASPELL.

For the uninitiated, aspell is a command-line spelling utility to, well, do clever spelling stuff.

In Apache, aspell works wonderfully. In fact, I wouldn’t have even thought that there was a problem. IIS on the other hand has different issues.

It’s easy to ask why I’m running my application on both servers, so I’ll quickly explain that one.

When I’m developing, I use Apache. For me this is an internal facing server which facilitates my needs of having simple-to-use easily editable configurations.

IIS faces the rest of the world because it hosts my email server (Exchange), so I don’t really have a choice about what I have on port 80.

Because of this, I always run demos on port 80 as a lot of sites I work in only have port 80 available, so IIS the the chap.

Anyway, the bottom line is that when aspell wants to run in IIS, you’ll end up with something like the following error on the client browser:

System error: Aspell progrem execution failed ('aspell -a --lang=en_US < C:WINDOWSTEMPasp1FB.tmp 2>&1')
Catchy, eh?

The problem is that the Windows security model is not allowing PHP to use the shell_exec() interface. And quite rightly, too.

To work around this, you must set permissions for cmd.exe in %windir%\system32 to allow your website visitors to run these external applications.

NOTE Allowing this means that website visitors can theoretically upload scripts that can execute commands on your system. Be very very careful that you are the only person able to upload scripts. Take all other web-security precautions.

A good idea would be to create a dummy user account solely for the website you have created, and give that user minimal permissions on the server.

Finally, don’t blame me if your system gets hacked!