Fake’s Tank

I nearly lost the rights to The Music Tank’s domain name. I tried to transfer the dot com from Domain Registry of Canada to Go Daddy but I got caught with a very bad timing and my subscription had ended before the transfer was completed.

Fortunately, DROC’s customer server service allowed me to renew the dot com and gave me a price discount for the trouble. Ironically, the lowered yearly fee for the domain is still more expensive than Go Daddy’s (without including the Diggnation code). However, I’m just happy I didn’t lose The Music Tank’s branding which I have already worked 9 years on (no matter how successful it has been).

While registering on Go Daddy, I also purchased Francois Faubert.com as my portfolio’s domain name. It’s so cheap that it would be crazy for someone working full time in the web design business not to do it.

I guess it means I’m old enough now to assume my real name and not necessarily exclusively live behind my accustomed “Fake” nickname.

Thinking all would be easy, I decided to move The Music Tank’s forum data into its own database. Doing so, I noticed there was a new release candidate for phpBB3 and installed it at the same time.

While most of it is my fault because I overrode the templates and migrated the database manually, the update caused the following error to occur each time you submit a post :
The submitted form was invalid. Try submitting again.

On phpBB’s official support forums, there were mentions of about a gazillion manual changes to the board’s templates. I didn’t do them because I knew better and the side effects weren’t exactly the same as theirs.

Finally, all I had to do was to reset the “user_form_salt” from the “users” table to a valid hash value (ex: the one the Anonymous user has). It may not be the most secure thing to do though, for obvious reasons.

In most cases, websites don’t necessarily need to be managed by sessions that end as soon as the user closes his browser. Most websites even offer to keep their session alive for whatever amount of time. This is really less of a hassle for your users and adds to the positive user experience.

Learning what not to do

On TMT, I used to handle sessions manually by storing the encrypted value of the user’s id in a cookie. That’s is highly unrecommended for security reasons as its fairly easy to hack your way around using an id that isn’t yours (and which might be the administrator’s!). I experimented by storing some ‘unique’ values in MySQL to have better validation when decrypting the cookie, but since you can spoof most $_SERVER values (which provides the user’s IP), it really wasn’t good enough.

Hardcore PHP-ing

You can override the whole session object using PHP’s session_set_save_handler() function. Basically, you re-program what the object does when it reads and writes session values or when it destroys itself.

Instead of writing the session values to a file on the server as the default behavior is set to do, you can redirect the data handling to an insert or update query in your favorite database.

Advantages

The most obvious advantage is that you can keep the sessions alive as long as your server is live, more or less. You can also change the condition of how session expiration are done. For instance, through a simple MySQL query, TMT sessions can be kept for one week before being destroyed if no activity is logged.

I’ve read it’s safer to store session values that way too, as a possible hacker would need the database’s password to access it. While I’m not sure how harder this system actually makes it for hackers, I really feel safer to use PHP’s native object rather than a shaky class I would have written.

Fully using PHP’s native session object allows more flexibility as you can handle a session of a user that is not logged in. You can therefore validate that the user is human and not a spam bot, save the user’s preferred language or do whatever else your website offers as possible features. In my previous horrible system, it wasn’t even a possibility.

Examples

Apart from stalker at ruun dot de’s very good comment on PHP.net’s documentation page, I found Tony Marston’s version of the object. The latter is harder to grasp as he uses his own object-oriented system to get database data — that’s good practice, but a bit harder to learn from. You can also see TMT’s class in our SVN repository.

The important thing is just to understand what you’re trying to do rather than copy pasting each of our codes. TMT’s only started working once I got the concept.

As I took the time to explain in a post in The Music Tank’s new forum, I’ve been using the second version of phpBB for what seemed like forever on the website. Until the recent redesign, I grew increasingly unsatisfied with the board on two subjects: the spam filtering and the general administration interface.

There weren’t any validation to make sure the user was a valid poster or registrar nor was it that easy to perform relatively simple tasks in the administration area (to edit a user’s access rights for instance).

That’s why I didn’t reinstall phpBB version 2 on The Music Tank. However, I’d been reading cool stuff on the upcoming third version as it promiced to have all of what I thought was missing from the second version. Instead of moving to another board script I finally gave in and installed the fifth beta release of the third version. Besides, I’m willing to tolerate some faux-pas to support open-source software.

The installation experience, as a user that doesn’t know that much on hardware-ish issues, was incredible. It may have taken a lot of time, but things went very smoothly and required limited effort on my part. There were information sub paragraphs to every step I needed to perform. No more guessing around. The default design has been  given a more up to date look and a massive overhaul of everything related to administration has been performed. It makes management incredibly more structured, though there are about ten sections with seven subsections each of different menus to go through which can grow a bit confusing.

Only time will tell how efficient the new version of the board is on The Music Tank. Keeping in mind the current release is not even a Release Candidate, one should expect that features are bound to blow up from times to times, but nothing did come up in the short period I’ve been using it. For the moment, I can only say good things about the third release of phpBB.

The main PHP Class file of The Music Tank stopped loading altogether yesterday. After scanning lines after lines of code trying to guess what what generating an error I still hadn’t found the problem until late last night. What made it nebulous was that instead of having a message from PHP saying a known error like ” ‘)’ expected on line 64 “, I was triggering an Internal Server Error on Apache when loading the website and outputting multi-linguistic garbage when I tried to load the class directly from the browser (instead of nothing at all because I don’t print data right from the class).

I have to admit I could have been a bit keener on the issue just by looking a the garbage the file was making. It turns out that my code editor, TextWrangler, had changed the encoding type of the file from UTF-8 to the Macintosh charset when I inserted the © character straight in the document without using it’s HTML counterpart &copy.
This change of charset and/or the use of special characters in the source code stopped the PHP parser. I can’t explain why as I don’t have much access to the configuration files to my server’s PHP version nor do I know how PHP reads the .php files, but I think it was due to the use of multiple charsets. For instance the main class was using the Mac charset while the subclasses it was importing used UTF-8 encoding.

The frustrating part is really how this whole deal was created out of laziness. Apple offers a wide selection of special characters by doing a [alt + most keys] combination. I thought I’d save some time by using their copyright sign instead of putting my experience with HTML to use and stick with &copy.

At least, this episode forced me into cleaning the quote quite a lot by splitting my pages into modules which reflect the content’s architecture. The Tank should show a light performance boost now. Very light though, hehehe.

I think the worst part of the whole host transfer deal was the relatively old age of my last MySQL backup. I always keep updated versions of my PHP files close by, may it only be because I am always working on something new, so at least all the programming logic has migrated successfully.

However, all the tables and database structure I had built stayed with Abnormis. Hopefully my old server will come back online so I can get some of the content back, but I am really just interested in how I had built my tables. I don’t even remember most lengths and data types of the columns. Even my PHP source code can’t give me much hints at the moment.

At least this morning I was able to reconnect the user table. This means future posters and tankers can already join the Tank… and do nothing afterward. Hopefully I’ll have the news working by early afternoon.

The moral of the story is that a backup, when you are developing, is always too old.

And damn do I need to fix the transparent issues with IE 6 as soon as possible.

I have just switched my hosting plan from Abnormis’s to MediaTemple’s. Four days of downtime (therefore breaking the 99-plus % guaranteed uptime period) was too long for my hard-earned dollars.

I intend to describe how great Media Temple’s service is in another post, how it’s the best shared-hosting package I could experience, and how happy I am with the transfer in another post. Right now, I mainly want to warn that lost content will be popping back as I regain access to more recent backups from the old server.

These delayed recoveries will have an impact on both this blog and The Music Tank.