After a couple of weeks off Megaphone development, the hacking has begun again and I’m working on strengthening the wobbly legs of basic infrastructure Megaphone has.

The new HTML sanitiser function (graciously contributed by Jacob Peddicord) is now up and running and is now in theory protecting both submissions and comments from unwanted HTML tags.

There’s also various bits of new functionality, including a new administration panel (where you can add a user) and some tweaks for better UI.

There’s still no styles (apart from an OpenClipArt logo), that’s a job for much later.

Screenshot, anyone? Click to biggify.

I promise I’ll get out another source release real soon. At the moment there’s still some redundant code that’s been ported from another project than needs weeding out and sorting out.

One more note – I’ve started writing up some developer documentation to explain how the project work and the technical details behind it and lay down some good coding practices. Any patches/code will be received gratefully and have a good chance of making it into Megaphone – this is open source!

As ever, development updates will be here as they happen. Just to reiterate, Megaphone is free/open source software under the GPL and the project page is here.

I’ve recently come across probably the worst web application I have possibly ever seen. I’ll keep the application anonymous for now, partly because it’s on accessible via an intranet, and because it’s literally peppered with security holes.

The interface is awful and looks like it’s just come out of the early 90s era of web design, with tables with those terrible pseudo-3D table look (you know, the default style that tables look like?). The login page also extremely rudely finds it acceptable to resize your browser window for you to the maximum possible size and due to the browser configuration on this local network, I’m unable to stop it from doing so.

It violates every single usability guideline for the web I’ve ever found, making the common mistake of navigating when a combo box’s selected index changes (not when a button is clicked, how it should be) and therefore making it very difficult to make the application accessible and providing no user feedback after submitting forms.

But worst of all, there appears to be no validation on returning data from this application. So if you look across at someone else’s screen and take their ID from the location bar, you can view (oh, and edit too!) their data. It’s also potentially vulnerable to SQL injection (although I believe it uses an Access database, so I’m not sure).

Please – don’t make these mistakes when you’re developing, whatever technology you’re using. Have a bit of experience before you get something rolled out. Please, for my sake. I hate manually resizing my window all the time.

Megaphone is now officially a project.

Why?

It has its own special page on my site.

Get visiting!

Sorry for the lack of postings here for a couple of days, I’ve been busy with lots of stuff.

First of all, I’ve implemented a new download system on this site. Any stuff you download through /files goes through this new system. The new system helps me track and monitor downloads and make sure everything is going just great in regards to bandwidth/downloads.

The consequence of this new system means that every time you download a file from /files, the following information will be recorded:

• Your IP address
• Your browser’s identification
• The time you made the download request
• Which file you downloaded

Note that this is no more information than my server logs would tell me anyway, so it’s not really a privacy issue. However, if you do feel uneasy about that, don’t download files from this site. The purpose of storing this information, as I said, is for me to easily track what’s being downloaded so I can optimise the site and to make sure one person doesn’t abuse the download service for everyone else.

There are a couple of issues still unresolved with the new download engine, mainly concerning the WPGet old archives, but I’m addressing them and the archives will be back up pretty soon.

Second up, it’s Megaphone news. I’ve been working on it again, and we’re making good progress. I can’t give another source dump as there’s some ported stuff from other projects that is too messy and useless to open, so once I’ve been through and optimised that and of course, done a bit more, there’ll be a new release.

Also, I’ve been busy blogging at Gizbuzz and FOSSwire (both part of the Oratos Media network). I do hope you’re subscribed to them and of course all the other Oratos blogs and podcasts!

As of right now, I’m announcing the immediate availability of the Megaphone source code in it’s current form.

Shortly, I’ll set up a project page on my site to house it, but for now, this blog post is the definitive source of information.

Please be aware – this is a development release. It will eat your computer up without warning, and will contain more bugs than Internet Explorer 6 – erm, I mean, an ant hill.

Do not run this on any production machines at all – just don’t, it’s only for testing and playing around with. Currently it doesn’t really do very much that other software doesn’t already, but I have to start somewhere don’t I? 😉

Download .tar.bz2

Download .zip

It’s only been tested with PHP 5.x on Linux, but in theory should work with other configurations.

Installation instructions:

• Download and extract.
• Make sure you have PHP, MySQL and Apache’s mod_rewrite enabled.
• Create a blank database.
• Create the table skeleton as per the dbskeleton.sql file
• Add your DB details to system/config.php
• Create a random string of characters for the salt in system/system.php
• Create a user by inserting a row into megaphone_users (password needs to be a SHA1 hash of the salt followed by the password)
• Tweak the .htaccess files in both directories until they work for you
• Login and enjoy the ugly interface (we have a designer on board though, never fear!)

As you can tell, the nice installation procedure hasn’t even been started yet. 🙂

Enjoy.

I’ve now started a brand new coding project. It’s currently codenamed Megaphone (that may or may not be the final name :P) and here’s a quick look at what it’s hopefully going to be.

The idea stemmed from the problem that it was difficult to track story submission ideas (generally for blogs, when people send emails for things to cover). With no existing infrastructure for logging these submissions, it was difficult to keep track, see what was going on where, and whether something had been followed up or not.

So Megaphone is a database-driven web app (PHP powered, of course, as that’s all I know on the webdev front) which eases this process, by allowing submissions, listing them, tagging them, categorising them and allowing collaboration on them (comments etc.).

As always, keep up-to-date with the development effort by watching this blog (subscribe dammit!).

The code is currently in a very early stage and isn’t worth publicising yet (plus there are redundant bits of old code particularly in the sign in system that need to be flushed out), but I’m pretty sure this will end up a free/open source project. I’m guessing it will be GPL’ed when I release it, but there’s no guarantees.

Also, there are no guarantees at this stage that I will not give up this project. If some better solution appears, I may without warning cease development, so you have been warned.

Also #2 – if anyone wants to volunteer to do the theme, including the artwork and stylesheets and stuff for when I release it, then comment on this post. You’ll have to be happy for your stuff to be subject to the GPL (or whatever licence I end up choosing), but of course you will retain copyright of your contributions, so you will be able to reuse it for whatever.

When I posted back in October about the results of the PHP Classes Innovation Awards, they were actually the results of the August 2006 award, not the September one where WPGet was entered (congrats anyway, though, to everyone who was nominated!).

Well, I just got this email because the September results are now out:

Congratulations Peter,

This is a notification message to let you know that your package WPGet is
ranked as number 3 on the PHP Programming Innovation Award in the PHP
Classes site during the month of September of 2006. It has gotten 10.53%
of all votes. The final ranking listing is available here:

(It’s worth noting that I’m joint third with 4 other projects, which the email doesn’t say)

This is absolutely brilliant!

You can see the full results at the PHP Classes results page, and of course congratulations to Georgi Momchilov, whose class Gunit (an automated class feature testing class) won the award!

W00t!

No, it’s not a new release – but I discovered a bug with the WPGet Config Tool with some systems that have PHP’s magic_quotes on which would cause the Config Tool to generate an invalid file when you went through Step 1.

I’ve fixed it, and instead of doing a new release (as it’s so minor), I’ve just updated the current downloads and, as usual, grab the latest versions from the project page.

This may or may not affect users who used the public Config Tool, so if for any reason your script doesn’t work, go back to the Config Tool and redo Step 1 which should alleviate your problem.

Also, the archives of older versions of the Config Tool are now open, so if for any reason you want to grab an old version, visit the archives page.

UPDATE: due to a few architectural changes I’m making with the download system, the archives aren’t currently available. Don’t worry, they’ll be available again soon.

Note that this I’ve lost version 0.4 at the moment (I really need a Subversion server set up!), so I’m afraid you’re out of luck if you want that version.

And while we’re on the subject, stick any feature requests for version 0.7 in the comments!

I’ve been working on it for a while, and now it’s here!

WPGet 0.6 includes a new one-click Config Tool, less copying and pasting required for configuration, a new date format and credit controls plus a (beta) category-controlled mode where only the posts from certain categories are displayed.

Of course, the Config Tool has been updated with these new features and you can get started with WPGet right now. Just go to the Config Tool, enter your database details and then click the button to download a fully ready-to-run version of WPGet customised just for you!

Then, copy and paste the snippet to your page in Step 2 and you’re away with WPGet!

If you need any more help installing, check out my guide on How to install WPGet in less than 10 steps.

As ever, get the latest release from here or from PHP Classes.

I’m stupid.

No really, I am.

I’ve been notified by several people over the last few days of a problem in WPGet. It has caused some strange behaivour and difficult setup, oh, and it completely freaks out at PHP 4. If you’re getting the following error message:

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /blah/blah/blah/wpget.php on line [[usually 20-something]]

Then it means you’re running WPGet under PHP 4, which unfortunately it isn’t compatible with.

Thankfully, there’s a fix! You can either do it yourself, or download a new, updated PHP 4-compatible version from me.

Fix it yourself

Simply go through and replace the word private with the word var in the configuration section (so, highlight the config section between the start pasting here and stop pasting here comments, and do a find/replace).

That’s it. Save and upload and it should work.

Get it from me

I’ve fixed both the config tool and the main script and you should be able to get the fixed copies from my site (I’ll also sync them with PHP Classes, so by the time you read this that should be done).

Unfortunately, this bug has pushed back the ultra-cool new version back a bit, but it should hopefully be released by the end of this week (no promises).

That will teach me for not testing it with PHP 4 first.