Cameron Perry | Archives

Nasty WordPress Worms

I just ran across a nasty worm in one of my WordPress blogs (not the most current install). Not only did it overwrite a ton of files, inserting spam links and malware into the pages, but it was sneaky enough to go into my wp-admin/.svn/prop-base/ directory and re-write those files as well. It’s fairly ingenious from the hacker standpoint. Most people like me will rely on the svn revert file.php to send the file back to its original version. That won’t work if the .svn/prop-base files are altered because svn will see that they are the same – it doesn’t bother actually checking the repo, so you’re stuck with infected files.

I solved my problem by deleting the wp-admin directory and doing an svn-up on its parent. That forces SVN to say “hey – that directory is missing. I should pull it down from the repository.” Problem solved (for now).

And I am now running the most current version of WordPress, so hopefully I’m free of risk and infection from here on out.

Fixing a Broken TimeMachine Backup

I had the unfortunate event of having to send my MacBook Pro into Apple for some repairs. The machine came back working fine, however there was something odd going on with TimeMachine – it wanted to do a full backup of my disk. Odd, considering I keep it plugged-in all the time when I’m at my office desk. I tried re-selecting the disk, but that didn’t work. Clearly this would require some detective sleuthing on my part.

There are a couple points you need to know.

* First of all, check the Apple Support forums. They have some good information on there, but most of it is pretty basic. Start there then move on if you haven’t quickly solved your problem.

* Time Machine disks know your computer by the MAC address. This was the root of my problem – it seems my mac address had changed (new logic board?).

* I eventually found my solution at MacOSXHints.com, however I had to do a little more work to actually get everything working. See below.

What made this a step more difficult was that the MacOSXHints solution didn’t quite work, however one reader commented on a unique situation that resembled mine. in the /Volumes/TimeMachine/Backups.backupdb directory there were MyComputerName and “MyComputerName 2” directories. The former had all my backups in there, the latter didn’t have any completed backups and showed a file creation time of today, not the last time I ran a backup. So with the ACL turned off (see the directions) I removed the “MyMachineName 2” directory (mind you – I had already completed all the steps on MacOSXHints.com before trying this. It might be important). It worked.

YMMV but hopefully this will work for you.

CakePHP: Storing Configs in your DB

There are many situations in web apps where site-wide configurations need to be accessible to users through admin interfaces, rather than configuration files residing on the server. It is a practical method of storing configuration values that may need changing from time to time, but without access to the core configuration file.

UPDATE (2008-10-22): This article has been published to the CakePHP Bakery

Code

Settings are stored in the database, so we will first need to start by creating the table:
CREATE TABLE `settings` ( `id` int(10) unsigned NOT NULL auto_increment, `key` varchar(48) NOT NULL, `value` text, PRIMARY KEY (`id`), UNIQUE KEY `key` (`key`) )

Next, go ahead and bake your model and controller, but don’t worry about baking-in some of the pre-built methods. Modify your model to look like this:
class Setting extends AppModel {

var $name = ‘Setting’;
var $key = ‘MyApp’;

//retrieve configuration data from the DB
function getcfg(){
$key=$this->key;
$cfgs = $this->find(‘first’,array(‘fields’=>array(‘id’,’key’,’value’)));

if (count($cfgs)) {
$this->checksum=$cfgs[‘Setting’][‘value’];
$cfgVal = unserialize($cfgs[‘Setting’][‘value’]);

}
Configure::write($key,$cfgVal);
}

//write configuration data back to the DB
function writecfg(){
$key = $this->key;

$rev = Configure::read($key);

$value=serialize($rev);

//if the configs haven’t changed, no need to save them
if ($value==$this->checksum) return;

//otherwise the configs have changed, so

$this->data = array(‘key’=>$key,’value’=>$value);

if ($setting = $this->findByKey($key)) {
$this->data[‘id’] = $setting[‘Setting’][‘id’];
}

$this->save($this->data);
}
}

You’ll notice that Configure:: values are serialized and stored together using the MyApp Configure::key. At first this may seem somewhat counter intuitive to how we think we should store configurations. However, consider the hassle involved with trying to figure out how/where to store multi-dimensional arrays in an inherently flat storage system (db). It’s probably doable, but not without considerable headaches. Storing everything in a serialized string allows Cake to worry about creating the structure – we just save the output.

Next, open up your app_controller.php file and add the following code to the top of the class:
var $uses = array('Setting');

You will also need to add some code to your AppController beforeFilter() and afterFilter() methods:
class AppController extends Controller {

var $uses = array(‘Setting’);

function beforeFilter(){
//reads the site-wide config values from the DB and puts them through the Configure::write method
$this->Setting->getcfg();
}

function afterFilter(){
//retrieves the site-wide configurations from Configure::read($key) and puts it back into the db if new
$this->Setting->writecfg();
}
}

Usage

Any place you would like to store a Configure:: value in the database, you only need to use the $key specified in the model. If you don’t, the values will not get saved. An example would look something like:
<? Configure::write('MyApp.themeName','My Great Theme'); ?>

Since the retrieval code is run in the before filter, we can treat the Configure:: vars like any others in our app when we need to access them. To recall a value we would run something like:
<? $myVar = Configure::read('MyApp.themeName'); //returns 'My Great Theme' ?>

Next Steps

Because this is only a very simple way to store configuration data (one row for the entire app), there will likely be some desire to extend it. You may wish to segregate certain data into their own rows (perhaps individual plugins or components), which would only require some additional code to accept additional keys for read/write access. That, my friends, is a job for another tutorial.

CakePHP Access Control Alphabet Soup

Reading through a few of my most recent posts, you’ll quickly learn that I’m learning CakePHP as my PHP framework of choice. So far, so good. Actually, it’s pretty good, but that is not without some questions I’ve had along the way. I’m probably getting stuck more than I should on best practice coding, but I like to do it the right way, not necessarily the easiest way (read: hacks).

Among some of my initial stumbling blocks has been working through the idea of access control from the framework viewpoint. I “get it” when it comes to writing my own code, like in the revealCMS, and I “get it” in the context of certain “things” (usually users) needing access to specific things (often controllers and actions). The hard part is sorting out where to even start with all the alphabet soup: Auth, Acl, Aro, Aco, etc etc etc. How do you even get to a point where you have a simple working prototype to expand on?

Apparently there are numerous examples and tutorials of how to get started with Cake Acl, however I find many of them to be over-complicated or thorough. In other cases some are simply too terse. There is a fine line between terseness and conciseness. Even the CakePHP docs leave much to be desired for newer users: the official Acl documentation is long and kind-of confusing, and the sample application tutorial (also part of the official docs) seems to do things differently than explained in the primary documentation – a considerable problem, in my opinion. Yes, I do realize that the concept of Acl really depends on your application, but shouldn’t documentation at least be consistent? The one saving grace, however, is that the Bakery has a few examples, which brings me to my next point.

I found a tutorial I actually like so far. By “so far,” I mean I haven’t finished it yet, but to this point I’ve gotten more done than most articles have gotten me in just setting up the Acl… and it’s not all that difficult. It’s Ketan’s How to use Acl with Cake PHP 1.2.x?* No dobut some of you will stumble across this post here, and hopefully find it useful. I think once the dust settles on the first step, you(we) will be able to look at some of the other tutorials and adapt them to our own specific needs.

I’ll try to keep this post updated with additonal solutions as I find them.

* There ARE some typos in the example code, so be aware of that and make modifications as necessary.

HABTM Unit Testing in CakePHP

I use this blog quite a bit for documenting little quirks, bugs, work-arounds, neat things, and tutorials so that I know where I can find the solution in the future. At the same time, you benefit by hopefully not having to go through some of the same messes I did just to get to this point.

I love CakePHP so far (but still quite the noob), but my biggest gripe is the documentation. The basics are there, but there’s often too little documentation to get the novice going. From the Bakery docs, it’s not exactly clear how to perform tests on models when HABTM (has and belongs to many) relationships are involved. Have no fear, it’s doable (though not straightforward).

Hopefully you baked your MVC pieces and included test scripts to go along with them. If not, do that first. The key part to getting the tests for models that have HABTM relationships is to set-up a fixture representing the table that stores the relationship. Don’t actually set-up the test – just the fixture.

Framework Mania: CakePHP

It has been an interesting month – at the same time I’m picking up CakePHP, I have a client project that uses the Zend Framework. Right out of the gates I like CakePHP better. ZF doesn’t seem quite as cohesive as Cake, so getting it set-up has been more challenging. Granted, the client’s setup is a little more complex than the standard setup, but it still seems like there’s a lot more work involved just to get things going – lots more configuration. After two days on Zend I already realize how spoiled I am with Cake.

With Cake, I’m finally starting to learn unit testing. It seems real simple in theory, and I’m sure it is once you get the hang of it, but it is tedious. I’m talking about the amount of actual work involved just getting these test cases working. My simple pleasure at the end of the day is watching the screen fill up with a bunch of green “Pass” statements… no red.

Zend Framework – Getting Started

Working with a new client project this week that requires the Zend Framework. It’s not my choice of frameworks, but I’m still eager to get going on it. As I’m a bit more familiar with CakePHP, I thought it would be wise to watch a screencast or two about getting started on ZF to see what some of the main differences are. Watch them (from Mitchell Hashimoto).

The New ShopZoo.com

Well, it’s finally out the door: the new ShopZoo.com – The online store for the San Diego Zoo and Wild Animal Park. The project was to produce a new ecommerce platform to replace the previous. Many thanks to the team for your hard work getting this out the door, especially with so many great enhancements and features to really streamline the order fulfillment and product inventory processes.