An emerging twitter competitor Identi.ca
July 5, 2008 – 2:41 amThis one’s cool to, it’s basically open source and you can check out the code. That if you want to have a microblogging system in your nerves. check indenti.ca.
spaceless workspace
June 13, 2008 – 9:57 amCheck this site out. You can post your workspace.
Clade V 1.0
June 13, 2008 – 3:46 amClade is a Filipino made MVC framework. Written by yours truly. It’s basically open for the public to criticize, positively or not. Would love to hear your comments. So far, not much documentation coz I hate to write, but perhaps if I have spare time, I’ll have PHPDoc help me.
You can download it here.
If you’d like to contribute, please drop me a comment.
PHP V6 (developer’s snapshot)
June 13, 2008 – 3:34 amhttp://www.ibm.com/developerworks/opensource/library/os-php-future/?ca=dgr-lnxw01PHP-Future
In addition to having new features, PHP V6 will not have some other functions and features that have been in previous versions. Most of these things, such as register_globals and safe_mode, are widely considered “broken” in current PHP, as they may expose security risks. In an effort to clean up PHP, the functions and features listed in the next section will be removed, or deprecated, from PHP. Opponents of this removal will most likely cite issues with existing scripts breaking after ISPs or enterprises upgrade to PHP V6, but proponents of this cleanup effort will be happy that the PHP team is sewing up some holes and providing a cleaner, safer implementation.
Features that will be removed from the PHP version include:
-
magic_quotes -
register_globals -
register_long_arrays -
safe_mode
Citing portability, performance, and inconvenience, the PHP documentation discourages the use of magic_quotes. It’s so discouraged that it’s being removed from PHP V6 altogether, so before upgrading to PHP V6, make sure that all your code avoids using magic_quotes. If you’re using magic_quotes to escape strings for database calls, use your database implementation’s parameterized queries, if they’re supported. If not, use your database implementation’s escape function, such as mysql_escape_string for MySQL or pg_escape_string for PostgreSQL. Listing 2 shows an example of magic_quotes use.
Listing 2. Using magic_quotes (discouraged)
<?php // Assuming magic_quotes is on... $sql = "INSERT INTO USERS (USERNAME) VALUES $_GET['username']"; ?> |
After preparing your PHP code for the new versions of PHP, your code should look like that in Listing 3.
Listing 3. Using parameterized queries (recommended)
<?php
// Using the proper parameterized query method for MySQL, as an example
$statement = $dbh->prepare("INSERT INTO USERS (USERNAME) VALUES ?");
$statement->execute(array($_GET['username']));
?>
|
Now that support for magic_quotes will be completely removed, the get_magic_quotes_gpc() function will no longer be available. This may affect some of the older PHP scripts, so before updating, make sure you fix any locations in which this functions exists.
The register_globals configuration key was already defaulted to off in PHP V4.2, which was controversial at the time. When register_globals is turned on, it was easy to use variables that could be injected with values from HTML forms. These variables don’t really require initialization in your scripts, so it’s easy to write scripts with gaping security holes. The register_globals documentation (see Resources) provides much more information about register_globals. See Listing 4 for an example of using register_globals.
Listing 4. Using register_globals (discouraged)
<?php
// A security hole, because if register_globals is on, the value for user_authorized
// can be set by a user sending them on the query string
// (i.e., http://www.example.com/myscript.php?user_authorized=true)
if ($user_authorized) {
// Show them everyone's sensitive data...
}
?>
|
If your PHP code uses global variables, you should update it. If you don’t update your code to get prepared for newer versions of PHP, consider updating it for security reasons. When you’re finished, your code should look like Listing 5.
Listing 5. Being specific instead (recommended)
<?php
function is_authorized() {
if (isset($_SESSION['user'])) {
return true;
} else {
return false;
}
}
$user_authorized = is_authorized();
?>
|
The register_long_arrays setting, when turned on, registers the $HTTP_*_VARS predefined variables. If you’re using the longer variables, update now to use the shorter variables. This setting was introduced in PHP V5 — presumably for backward-compatibility — and the PHP folks recommend turning it off for performance reasons. Listing 6 shows an example of register_long-arrays use.
Listing 6. Using deprecated registered arrays (discouraged)
<?php
// Echo's the name of the user value given on the query string, like
// http://www.example.com/myscript.php?username=ngood
echo "Welcome, $HTTP_GET_VARS['username']!";
?>
|
If your PHP code looks like that shown in Listing 6, update it to look like that in Listing 7. Shut off the register_long_arrays setting if it’s on and test your scripts again.
Listing 7. Using $_GET (recommended)
<?php
// Using the supported $_GET array instead.
echo "Welcome, $_GET['username']!";
?>
|
The safe_mode configuration key, when turned on, ensures that the owner of a file being operated on matches the owner of the script that is executing. It was originally a way to attempt to handle security when operating in a shared server environment, like many ISPs would have. (For a link to a list of the functions affected by this safe_mode change, see Resources.) Your PHP code will be unaffected by this change, but it’s good to be aware of it in case you’re setting up PHP in the future or counting on safe_mode in your scripts.
Microsoft Active Server Pages (ASP)-style tags — the shorter version of the PHP tags — are no longer supported. To make sure this is not an issue for your scripts, verify that you aren’t using the <% or %> tags in your PHP files. Replace them with <?php and ?>.
The PHP team is removing support for both FreeType 1 and GD 1, citing the age and lack of ongoing developments of both libraries as the reason. Newer versions of both of these libraries are available that provide better functionality. For more information about FreeType and GD, see Resources.
The ereg extension, which supports Portable Operating System Interface (POSIX) regular expressions, is being removed from core PHP support. If you are using any of the POSIX regex functions, this change will affect you unless you include the ereg functionality.
moto ko to
June 4, 2008 – 9:54 amBasta programmer, sweet lover…
7th plague
May 31, 2008 – 11:12 am“Blood, cross and white”. The theme of this cebuano local band called “7th plague”. This punk/christian/rock/jazzy band had me design their band logo. Here’s the initial design I just made.
Cool Aptana Color Theme
May 14, 2008 – 7:32 amI just got a cool and cozy theme for Aptana Editor, (black).
Check this site out. “green-chaud”
Happy Geeking…
mobile working…
May 4, 2008 – 10:20 amI stayed in Cavite for few days lately. I had hard time at first looking for some place to work on. I looked for Wi-fi hotspots here. I stumbled upon an Internet Cafe with mini bar. The place is called VR Internet Cafe.
At first it looks not so friendly due to the environment. A dark mini bar with an Internet Cafe on the second floor. But after a while, It went well. The guys were accommodating. They offered to buy me a Pepsi across the street coz they got out of stock of softdrinks.
They have this computer that plays hiphop music in the bar. And guess what, it only costs 10 pesos to get an internet access for an hour. Now I can work productively, it works for me. So if you stumble in Cavite City, you can check the place out.
someone’s getting a ring.
April 17, 2008 – 9:39 pm“Hey bro! Need help!”
“Tomorrow’s our 1st anniversary and I wanted to give her a ring. ”
“Could you also help me find a nice venue to spend some few days with here.”
Waaaaaaaaaaaaaaaaaaaaaaaaa! Oh this is serious. hehehe. Anyway, God Bless to you guys and hope you have many more anniversaries to celebrate. 
Happy 1st Aniv.
creating a clade model
April 16, 2008 – 7:32 amBasically, models are classes that represents a certain object. Clade Models extends the ActiveRecord class. The ActiveRecord class contains finders and other methods to manage the database. Since Clade is an MVC Framework, we will then discuss the basics in creating a model. Models must be located under app/models/ directory. The filename of the model to be created must be also the class name of the model.
Now, let’s try creating a model called User. The following code is a template of a model class.
class User extends ActiveRecord{
public function __construct($post = ”)
{
$this->tablename = ‘users’;
$this->property = $post;
parent::__construct();
}
}
Now we’ll create a model called User. Create a class called User and extend ActiveRecord.
class User extends ActiveRecord{
Models have constructors that is executed when the model is instantiated. The method __construct is a reserved keyword in PHP5 that serves as a constructor of a class. A default argument post is optional and can be used to pass any variable when the model is instantiated.
public function __construct($post = ”)
Models are basically a representation of an object. We need to specify the name of the table that this object will interact with. This example interacts with the “users” table, we will then assign the name of the table that we are going to use to this variable.
$this->tablename = ‘users’;
The assignment below assigns all posted variables to class attribute “property” if POST variable is passed in to the constructor of this model.
$this->property = $post;
We will then call the constructor of this model which is the ActiveRecord class.
parent::__construct();
Now, we’re done creating a model.