Woo, so finally had a chance to blog about FOWA, the last few days have been pretty crazy. FOWA was brilliant, big thanks to all the guys at Carsonified, I'll be there next year for sure!

I spent most of my time in the pretty huge developer hall (see the videos here) where there were some pretty big names like Tim Bray and Blaine Cook, along with loads of other Web 2.0 guys.

I have to say that out of all the talks that impressed the most were Tim Brays "The fear factor" talking mainly about the global financial crisis and what we should expect in the web app world, along with some real plain good advice for web startups.

Francisco Tolmasky (280 North) spoke about Cappuccino and Objective J, that was especially good, giving plenty of techy talk along with some ideology of his own.

Bret Taylor from FriendFeed gave a good talk too, I've not used it much but it sounds like they are doing some really impressive work in the background to give just the interesting results from your friends online activity.

Mark Zuckerbergs interview towards the end of day 2 was a bit of a let down. Mainly a kissing arse session.. but that was to be expected. Mark spoke a lot about the new Facebook Connect platform, not totally outlawing the possibility of using OpenID and OAuth in the future, but he openly said that there platform was better.

While most people there were pretty normal, there a few stereotypical geeks, I thought there might be a riot when a "geek rush" surrounded the stage to get TechCrunch t-shirts, they almost had to batter them away with a stick. I think everyone benefited from having the chance to network with like minded people; there were tons of ideas floating about, not all of them good.

Carsonified hosted a few Dragons Den type sessions on stage, where developers got 60 seconds to pitch there ideas and win prizes, most of the ideas were pretty pants, one caught the attention of the dragons, an online strategy game that seemed to be growing immensely fast. Sounds like that guy is going to get very rich.

The University (read Expo) part of the show was a bit pants, there were a few big names as you'd expect, I think the £2.5k entry price drove all the small guys away.

A great show, everyone that didn't go should definitely go check out the videos on the website.

So I've now been developing large scale web applications for a few years now, and I thought i'd share a few points I believe every coder needs to think about.

If you're just starting out you wont know why you NEED to do these things, but anybody who has had to re-visit there own or someody elses poor code will soon tell you that it's far better to get it right and scaleable from the start than to have to go over everything and try and change it 6 months down the line.

So, in no particular order..

1) Don't rush to start

Think things through before you write it. This goes hand in hand with point 10, if you think something through to begin with and do it right the first time, it'll be easy to expand upon and improve later.
If you rush straight in you'll get half way through, get stuck and have to start all over again.

2) Plan to scale the codebase

Many problems in developing applications come from having "organic" code, we've all seen it, code that just grows and grows into a behemoth of unsupportability.
All projects, whether big or small need to be factored into well organised, scalable applications, From! The! Start!
No silly naming of functions, having a function "set()". It needs to be "set_foo()" at a mimumum so that you can have "set_bar()" as well, having just "set()" is going to get confusing VERY quickly, don't do it!
Consider using an MVC like framework, either your own, or a lightweight open source one.

3) Seperate application logic from markup

Now doing this may sound simple, but doing it *well* will inherently move you into a situation where you'll be using an MVC or a templating "engine" like Smarty.
This will look much prettier and give you (or a non-techy designer) complete freedom to change your design without touching any code that could potentially break the application.

So the last few days I've been seriously stressing about the implications of XSS (Cross site scripting) in a project that I've been working on. If you don't know what XSS is all about and you're a web developer, you're in trouble, google it.

There's also a great website over at http://ha.ckers.org/xss.html that gives you a huge list of many of the known XSS methods.

There are a plethora of PHP Classes out there that work on forums and such with a limited subset of XHTML but I need to cover as much as possible, and before people start shouting at me, an approach using BBCode or Textile just isn't possible here. (and it's ugly, don't get me started)

Whilst trying to find a decent PHP function to parse out these threats in the simplest manner possible I ended up combining a few to come up with what's below.

Download file (strip_xss.txt)

function strip_xss($str, $allowed=null){
	if (!$allowed){
		$allowed = array('<h1>','<h2>','<h3>','<h4>','<h5>','<h6>','<b>','<i>','<u>','<a>','<ul>','<ol>','<li>','<pre>','<hr>','<blockquote>','<img>','<font>','<span>','','
','<table>','<thead>','<th>','<tr>','<td>','<em>','<strong>','<applet>','<div>','<center>','<pre>','<ins>','<del>','<em>','<kbd>','<dd>','<tbody>','<tfooter>','<big>','<button>','<input>','<option>','<textarea>','<fieldset>','<form>','<legend>','code');
	}
	$disabled = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavaible', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragdrop', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterupdate', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmoveout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
	
	// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
	$str = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $str);
	
	// straight replacements, the user should never need these since they're normal characters
	// this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
	$search = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()~`";:?+/={}[]-_|\'\\';
	for ($i = 0; $i < strlen($search); $i++) {
		// ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // &#x0040 @ search for the hex values
		$str = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $str); // with a ;
		// &#00064 @ 0{0,7} matches '0' zero to seven times
		$str = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $str); // with a ;
	}
	
	return preg_replace('/\s(' . implode('|', $disabled) . ').*?([\s\>])/', '\\2', preg_replace('/<(.*?)>/ie', "'<' . preg_replace(array('/javascript:[^\"\']*/i', '/(" . implode('|', $disabled) . ")[ \\t\\n]*=[ \\t\\n]*[\"\'][^\"\']*[\"\']/i', '/\s+/'), array('', '', ' '), stripslashes('\\1')) . '>'", strip_tags($str, implode('', $allowed))) );
}

Download file (strip_xss.txt)

What I'm yet to come up with is a way of stopping people putting in things such as..

<img src="http://yoursite.com/admin/users/deleteall" />

Then whenever an admin or someone went to this page, alredy logged in to the app, the page would be executed as them, perfectly legally. Obviously there isn't a page that does delete all users, but you can see the problem, right.

Anybody who finds an improvement / bug, please please please add it back here so everyone can benefit, i'll update the code as we go!

So Recently I've been delving into the marvelous world of Pushing data to web browsers.

Ok, before I get flamed, what I mean by pushing (for now) is the browser requesting data and the server sending new events periodically as they happen. Other technologies in this area are things like Comet and Orbited. Many people are already using various methods to implement this, services such as Mibbit, GMail/GDocs, Facebook, Highrise and others.

While this isn't a discussion about why I didn't use the existing approaches, I will say some of them are because the servers are based on Java or Twisted (python), which is bulky and I felt it could be simplified.

For now the general thought process is that the clients web browser requests data from the server via AJAX or JSONP, Flash or an IFrame, and when the server has some data to send, it plops it out, the web browser reads it and everyone is happy...

Limitations of these methods...

So for anybody that has ever used Trac to look at your SVN repo's you'll know that there is a cool diff tool they use that shows the differences between change sets.

The tool shows the additions / deletions of the code highlighted in different colours with line numbers and some clever shizzle.

So anyway, I thought that was pretty cool so decided to have a go at it in PHP. You can see my attempt over here and the code for that page is available here.

It's a pretty simple class which compares and highlights all the differences between 2 files or strings located on your server. I was going to do loads of cool stuff with this but never got round to it. Hopefully his will be a helpful start to someone else.

So today I needed to force a file to download in a web browser where the browser would normally just output the file. It will also work in IE6 over a secure (HTTPS) connection.. which was a bit like hard work.

function forceDownload($file,$name=false,$contenttype="application/octet-stream",$delete=false){
	if (!$name) $name = $file;
	
	header("Cache-Control: public, must-revalidate");
	header("Pragma: hack");
	header("Content-Type: " . $contenttype);
	header("Content-Length: " .(string)(filesize($file)) );
	header('Content-Disposition: attachment; filename="'.basename($name).'"');
	header("Content-Transfer-Encoding: binary\n");
					  
	$fp = fopen($file, 'rb');
	$buffer = fread($fp, filesize($file));
	fclose ($fp);
	echo $buffer;
	if ($delete){
		unlink($file);
	}
}

Example Usage:
So I wanted to create a temporary file, write some contents to it then force the file to be outputted via the browser and deleted on completion of download.

$data = 'what a load of content';    // data to write to a file

$filename = 'cache/tmpfile.txt';     // the file to write the data too, must be writable
file_put_contents($filename,$data);  // write the data to the file

// force the download and delete the file afterwards
forceDownload($filename,'whateverfilenameyoulike.txt','text/plain',true);

pr($array)
Yes, I know wht you're thinking, how can Scrivna have written the ultimate time saving function? Well to be honest... I haven't... someone else did it and I've ripped it off :-)

Basically, what really annoys me is that when your writing code with big arrays of data and you need to view that data, print_r is your friend, it outputs an array to the page, only problem is it doesn't output it as html, the most common way to remedy this is to either...

A) View the source of the page so it appears formatted correctly
B) Wrap your print_r statement in <pre> tags
C) Do nothing and struggle like hell to read the output
D) Use my fabtabulous function below (trust me, this will save you hours)

And now for the big moment... here it comes.. are you ready for this?

Wait for it, drum roll please....

function pr($arrayness){
	echo '<pre>';
	print_r($arrayness);
	echo '</pre>';
}

Da na!! Yup, isn't it great!

Not only is it shorter than typing print_r all the bloody time, it also formats your output properly.
If you really are crazy you could do some kind of crazy merge with the function over HERE to buffer the output and put it into a variable... but that's for another day.

Thankyou and goodnight.

So having got frustrated with their being no Official UK Top 40 Singles or Album chart RSS feeds I decided i'd make my own...

Singles Chart or Album Chart

It's currently just a page scrape of the BBC Charts page so it might not be that reliable.. or that comprehensive.

Hey ho,

All over the web i'm seeing sites such as facebook with textareas that vertically expand automagically (and from what I hear FF3 has this functionality built in) but until everyone starts using Firefox i'v written a handy javascript function that will simulate the effect in other browsers.

The problem with all the others examples i've seen round the net are that they all require you to use some sort of CSS bodgery or require jQuery or Prototype. With my lil sript theres no need for any of that nonsense and you can basically throw anything you like at it... or use your own styles in a stylesheet or inline.

I've tried to make it as easy as possible, all you need to do is add "autoExpand" to the textareas class and my script will do its magic, it can also works with ajax calls by calling autoExpand(object) after your ajax call returns.

The javascript file is available below and there is a DEMO you can have a looksy at.

It's been tested on IE7, FF2, Safari 3 and Opera 9 and works more or less as intended, it doesn't work on IE6 at the moment, but when i get access to IE6 i'll be sure to fix it :-)

Download: autoexpand.js

Love you!

So the time may come when you have code for embedding a youtube video into a webpage but need that video to be automagically resized and looping and putting the kettle on for you. Well... here's a snippet of code that just might do that for you!

<?php
// function to adjust a youtube videos settings given the embed code

function youtube_adjust($string,$width=425,$height=355,$autoplay=false,$looping=false){
	// match the url in the embed string

	$pattern = '/name="movie" value[\\s=\'"]+([^"\'>\\s]+)/is';
	preg_match($pattern,$string,$url);
	// split the url to get the different parts
	$result = split('[/&]', $url[0]);
	$id = $result[4];

	// shall i adjust these things?
	$autoplay = $autoplay ? 1 : 0;
	$looping = $looping ? 1 : 0; 

	// insert the new settings into the new format string and return it
	return '<a href="http://www.youtube.com/v/%27.$id.%27&hl=en&autoplay=%27.$autoplay.%27&loop=%27.$looping.%27" style="left: 0px ! important; top: 22px ! important" title="Click here to block this object with Adblock Plus" class="abp-objtab-06839183377036349 visible ontop"></a><a href="http://www.youtube.com/v/%27.$id.%27&hl=en&autoplay=%27.$autoplay.%27&loop=%27.$looping.%27" style="left: 0px ! important; top: 22px ! important" title="Click here to block this object with Adblock Plus" class="abp-objtab-010214352500039581 visible ontop"></a><object height="'.$height.'" width="'.$width.'">
<param name="movie" value="http://www.youtube.com/v/'.$id.'&hl=en&autoplay=1"></param>
<param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/'.$id.'&hl=en&autoplay='.$autoplay.'&loop='.$looping.'" type="application/x-shockwave-flash" wmode="transparent" height="'.$height.'" width="'.$width.'"></embed></object>';
}

// this is the string youtube give you
$string = '<a href="http://www.youtube.com/v/iy3T3sp4EW4&hl=en" style="left: 0px ! important; top: 22px ! important" title="Click here to block this object with Adblock Plus" class="abp-objtab-06839183377036349 visible ontop"></a><a href="http://www.youtube.com/v/iy3T3sp4EW4&hl=en" style="left: 0px ! important; top: 22px ! important" title="Click here to block this object with Adblock Plus" class="abp-objtab-010214352500039581 visible ontop"></a><object height="355" width="425">
<param name="movie" value="http://www.youtube.com/v/iy3T3sp4EW4&hl=en"></param>
<param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/iy3T3sp4EW4&hl=en" type="application/x-shockwave-flash" wmode="transparent" height="355" width="425"></embed></object>';

// call and output it yar
echo youtube_adjust($string,200,100,true,true);
?>

P.S Wordpress is gay and likes inserting random character places, sorry if this has screwed up the code above.

Just stumbled upon this method of storing hierarchal data in a flat database and all I can say is its bloomin genius, it will change my life forever; no more crappy inefficient recursive functions.. I could explain it... but why bother when there's a great post accessible here.. you might find it hard to get your head around it at first, but trust me, you'll see the light.

So, as you may or may not know, I've been trying to calculate the shortest distance to travel between a number of points (aka The Travelling Salesman Problem) While i completely failed at doing this is Java i have created a way to do it in PHP. So without further hesitation here is the class and a quick usage example.

Found this legend bit of code that if you go to a point on a google map then put this into the URL bar it'll pop up the longitude and latitude for you.

javascript:void(prompt('scrivna.com',gApplication.getMap().getCenter()));

Magic!

P.S. Worpress is gay and replaces apostrophes with back ticks, fuck off!!

Ok, so recently i've been making all my web pages support unicode character sets, one of the tasks is ensuring all output is encoded in utf-8. Anyway to make a long story short, using the ob_get_contents() function i showed you a few posts ago, gives you output in whatever character set the file is saved as, and no matter what you do you cant get the blasted thing to display as utf-8... so there are a few methods of fixing this...

My first attempt being php's iconv() function to convert all the output into utf-8, however, this is just pants and you'd have to detect what format its in in the first place in order to recode it...

The other (and better) approach is just to ensure that all your pages are encoded in utf-8 to start with, with the IDE I use (Coda) you can set the default file encoding in the preferences, and i'm sure many other editors give you the same options.

Magic.

So today i came across the need to include a file in php with limited access to data and not output it to the browser...

Basically all this does is buffer the output then get the buffer contents and return it...

// assigns the output of a file into a variable... lovely jubbly!
function get_include_contents($filename,$data='') {
    if (is_file($filename)) {
    	if (is_array($data)){
		extract($data);
    	}
        ob_start();
        include $filename;
        $contents = ob_get_contents();
        ob_end_clean();
        return $contents;
    }
    return false;
}

I suppose a usage example might be nice

$data = array('name'=>'Ross','hobby'=>'Writing Random Code');
$output = get_include_contents('my_file.php',$data);
// my_file.php will now have access to the variables $name and $hobby

easy as pi :-p

Again people amaze me with just how thick they can be. Basically I want to create a random string 8 characters long, a bit of google bashing gives me functions that are like 20 - 100 lines long, why people? why? here is my fabtabulous (and far better than yours) script for achieving this.

function random_string($length=8){
	$charset = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z', 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','X','Z','0','1','2','3','4','5','6','7','8','9','0');
	$chars = array_rand($charset,$length);
	foreach ($chars as $a=>$value){
		$key.= $charset[$value];
	}
	return $key;
}

See how easy it is people! Love you really

And while i'm ranting about stuff... comparing 2 multidimensional arrays, hello php? bah.. here's my very simple solution!

function array_compare($array1,$array2){
	return (md5(serialize($array1)) == md5(serialize($array2))) ? true : false;
}