Setting up an in house webserver for development, with a bit more power.
I’ve decided to use webmin for managing it, to give less technical users an interface for managing sites.
I had to find this in order to get PHP working properly with the defaults.
http://caleudum.com/virtualmin-suexec-problem/
The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.
to solve this problem
1. install custom version of suexec
apt-get install apache2-suexec-custom
2. modify /etc/apache2/suexec/www-data
nano /etc/apache2/suexec/www-data
3. change first line /var/www to /home
Having upgraded to a new version of plesk, from 9 to 10.4 (I know there are more upgrades ahead!) i’ve been having a few problems adjusting.
This was more of an annoyance than a problem, each time I updated a configuration item on a domain, the settings werent updated. I had to SSH in and run `apachectl restart`.
Finally googled the problem and found this: http://forum.parallels.com/showthread.php?t=208708
The default setting appears to be 999999 seconds… I’ve updated that and now it’s one more niggle gone.
Having upgraded to Plesk 10.4, I was happy to see the new “PHP Settings” tab under the domain settings, this has stopped me having to create a vhost.conf manually and filling it with more sensible options for larger sites.
However, it took me 45 minutes to figure out why my error logging wasnt working (hard to figure out when there are no errors showing up)
Setting the error reporting options through plesk doesn’t seem to work correctly. The settings look right through phpinfo() but nothing gets put out, even with trigger_error();
I need to look further into why this breaks, so I can ensure the same configuration problem doesn’t get made on other sites on the server.
tl;dr solution:
Setting log_errors to “Default” and error_reporting to “Default” on the domain’s PHP settings page resolved the problem for me.
Last night I read an article exposing a vulnerability in timthumb – an image manipulation script which is used in many wordpress themes.
More details can be found here http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/
Summary from Mark Maunder
An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven’t audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if you’ve been compromised.
Today, remembering this, I ran a search across the 90 websites hosted on the webserver we use in the office (only 4 or 5 are wordpress installations) and was surprised to find that we were using a theme with timthumb in it!
The command to find all files named timthumb.php in subdirectories of the current directory on linux is
find . -name ‘timthumb.php’
It turned up for us in a theme we had recently modified to suit a new client. The theme is Athena - Athena’s author is on holiday at the moment but I have emailed to ask them to update the version of timthumb to the latest to ensure no one else is vulnerable in this way.
Timthumb’s author has already released a patched version after being subject to the vulnerability being exploited.
After finding any timthumb.php copies, the quick solution is to find an array named $allowedSites and remove any entries from it. This will stop unauthenticated users from being able to download remote files to the timthumb temporary files folder and executing them.
Incidents like this really highlight the (justified) risks one takes in using 3rd party code.
Inspired by http://www.thecolourclock.co.uk/ – I decided to quickly make the CSS3 Javascript HTML5 OMG WTF BBQ version, it can be found here: http://d62.net/demos/js/hex_clock.html
View source on that page to view the full detail, basically, repeated calls to setTimeout are made to update the background colour of the body tag based on the current time padded to 2 figures (15:06:10 at the time of writing this) these are concatenated together to form the hex colour value of #150610
Not being a designer, I had to find a way to add more options to the header of a client’s internal case management system.
I found this and implemented it easily: http://www.jankoatwarpspeed.com/post/2009/01/19/Create-Vimeo-like-top-navigation.aspx
The example given requires no javascript. I’ve amended that with the excerpt below to improve the search functionality (using jQuery):
$('.searchType').click(function(){
$('.searchType').removeClass('activeSearch');
$(this).addClass('activeSearch');
$('#searchField').attr('search_type', $(this).attr('search_type'));
});
$('#searchField').bind('keypress', function(e) {
if(e.keyCode == 13) {
$('#searchClick').click();
}
});
$('#searchClick').click(function(){
$search_field = $('#searchField');
$val = $search_field.val();
$type = $search_field.attr('search_type');
if ($type == 'finance'){
document.location = '/invoiceSearch/q='+$val;
} else if ($type == 'fnol') {
document.location = '/fnolSearch/q='+$val;
} else {
document.location = '/claimSearch/q='+$val;
}
});
});
This highlights the search item selected, I replaced the checkboxes with labels with an attribute named ‘search_type’ which determines which search module is used later.
The search field also accepts the return key to submit it, to allow power-users to keep their hands on the keyboard!
Before:
After:
Shortly before the end of 2010 I set some goals for this year. My first goal deadline is April, My original aims were:
- Deadlift 200kg (from 175kg)
- Squat 160kg (from 130kg)
- Bench 120kg (from 100kg)
Because I hadn’t done enough of these lifts before, consistently, I underestimated how much I could improve through technique improvements alone.
I’ve increased these targets to the following:
- Deadlift 210kg
- Squat 160kg
- Bench 130kg
My current personal bests are:
- Deadlift 200kg
- Squat 135kg
- Bench 120kg
With 2 months to go, my squat progress is very poor compared to everything else, this will be my focus for February.
One thing about the 10kg increase in my bench is that it finally puts me at a > 1000lb total (1001 to be precise!.) That’s pretty weak for a 230lb guy, but hopefully I can continue increasing steadily to get to 1100 by april and 1250 by 2012. Maybe by then I will have the confidence to compete?
Recently I came across a post by Rick Vause demonstrating a simple method for syncing your financial data from sage up onto your webserver. The advantages of this are plenty, most frequently this is required to show live stock and financial data on a web application.
I say simple, because the concept really is obvious once you read the code.
His post is here: sagetomysql
The process is easy to understand:
- Setup a DSN to the sage data, using the sage tool.
- Write a PHP script to connect to the DSN using PHP’s ODBC
- Add a MySQL connection to your PHP script.
- Tell ODBC which table you want to copy across
- Loop through the field names and field types with PHP’s odbc_field_name and odbc_field_type
- Allow the PHP script to create the duplicate table in your MySQL database.
- Copy the data across using php, updating records if this is not the first run
This script works fine for a single table, but it can be improved using odbc_tables().
We can eliminate the process of specifying the sage table name, and get all of the data online in one go. odbc_tables allows us to loop through every table in the Sage data source and pull them through into our initial database.
I’ve made the required modifications to Rick’s script and uploaded it here:
http://d62.net/demos/php/sage_to_mysql.phps
It’s currently untested, but I will be using it in some projects soon, so any required updates will be made then.
It’s worth noting that due to PHP’s large database support, it’s possible to convert it to any of the supported databases just by changing some of the function names used and confirming the CREATE TABLE syntax in those.
With some small modifications to use PEAR::SpreadSheet_Excel_Writer it could even just dump all of the data to an excel file – not very practical, but cool to know it can be done.
After the topic yesterday about using a jQuery UI date picker in Yii forms, i’ll demonstrate a similar method of obtaining a slider form input for the same scenario:
In my example i’m setting the value of employee_holiday_entitlement by dragging a slider.
<div>
<?php echo $form->labelEx($model, 'employee_holiday_entitlement'); ?>
<?php
$this->widget('zii.widgets.jui.CJuiSliderInput', array(
'name' => CHtml::activeName($model, 'employee_holiday_entitlement'),
'value' => $model->attributes['employee_holiday_entitlement'],
// additional javascript options for the slider plugin
'options' => array(
'min' => 0,
'max' => 50,
'change' => 'js:function(){
$("#employee_holiday_entitlement_value").html($(this).slider("value"));
}'
),
));
?>
<span id="employee_holiday_entitlement_value"><?php echo $model->attributes['employee_holiday_entitlement']; ?></span>
<?php echo $form->error($model, 'employee_holiday_entitlement'); ?>
</div>
This will add a slider with an upper limit of 50, the “change” option is specified with a javascript callback to update the span below the slider with the current value. This gives the user an indication of the number they’ve chosen.
I found it pretty difficult to find a reference for how to integrate a jQuery UI date picker in with my CActiveForm view and model.
This is what I found to work correctly for datepicker, for the model field “dob_date”.
<div>
<?php echo $form->labelEx($model, 'dob_date'); ?>
<?php
$this->widget('zii.widgets.jui.CJuiDatePicker', array(
'name' => CHtml::activeName($model, 'dob_date'),
'value' => $model->attributes['dob_date'],
));
?>
<?php echo $form->error($model, 'dob_date'); ?>
</div>
You might need to wrap a function around $model->attributes['dob_date'] to output it as dd/mm/YYYY from a timestamp if that’s the type of field the model attribute represents
