Category: Projects


Digging into Expression Engine

November 1st, 2014 — 7:20pm

Recently I started working on a rather large project using Expression Engine by Ellis Labs.  This is a CMS development system built on CodeIgniter, a php mvc framework.  At first impression, EE is very easy to use for creating data relationships (using channels and channel fields).  This facilitates building somewhat complex websites, managed through the admin interface.  It also has a robust user permission system, which makes it easy to grant access to various users.

Where EE requires a bit of a learning curve, is on the “front end” templating system.  Those looking for an easy way to throw in php code and get to work, will encounter some frustration.  Start by studying the “parsing order” of the templates, to understand how things work.  The good news is that you can add php in there to handle complex tasks, but it takes some understanding of how Expression Engine handles the template tags first.  After some study and experimenting, you can start getting things done.

EE relies heavily on modules and plugins, many of which cost money.  Overall, these can be savers and even added to the cost of Expression Engine itself, still worth the money.  However, I do wish a bit more was built into EE out of the box – sometimes it seems like relatively simple features require an add on.

One drawback to EE is the overhead required.  Even relatively simple tasks take 20+ mysql queries to build.  EE has a nice Profiler built in to see what queries are being executed.  You can cache templates to help with this overhead, but sometimes it’s laughable to see a simple task executing so many queries.

Overall, EE is a nice platform, and user friendly.  I’m sure I’ve just scratched the surface of it’s power and flexibility.  It does, however, feel almost like learning a new programming language.

Comments Off on Digging into Expression Engine | Activities, Programming, Projects

Weekly Wrap up

May 10th, 2013 — 4:06pm

This week was largely consumed by work on a Google Maps web site for mobile devices.  I admit it’s not going too well.  For every step forward, it seemed like something else broke, or got glitchy.  One issue I think it so much javascript / ajax going on nowadays on web pages can cause some conflicts.  In addition, html elements show and hide, special effects, etc. can wreak havoc on the layout of the elements.

Then, just after you have things working, check another web browser, and something’s wrong there!  Very frustrating.

I also spent some more time on Adobe Connect – using the API for some reporting.  This was more successful, and I’m getting used to that API and the structure of Connect.

Besides that, the week was filled on other projects for existing clients, with an unusual amount Perl work.  As an aside, Perl used to be the main language for web applications (back in the 90’s).  It’s mostly gone by the wayside, but there is a lot of legacy code out there to maintain, and build on.  It remains a good language, but just no longer a primary web language.

That’s the wrap.

Comments Off on Weekly Wrap up | Projects

Simple Mail List – abandoned, but still useful

February 27th, 2013 — 9:05pm

I recently had a need for a low cost / free mailing program. Something web based, that would allow users to subscribe, then allow an admin to send out messages to the list pretty easily.

With a little searching, I stumbled upon Simple Mail List – a great looking tool, just what I needed. Written in php and mysql, and free, it was the perfect fit for my needs.

Or so I thought. Turns out Version 2 of SML is “beta”, and development stopped several years ago. Many (basic) features were not implemented, or are buggy. After installing it, and discovering all the issues, I decided to tough it out and hack up the code, finishing the features I needed.

So now I have a working installation, at least sending emails, and performing the basic required functions. Since this software is basic, it is ok with me that it’s abandonware. That’s the term for software that has been abandoned by it’s original writers. Since the software in this case is still under copyright, I can’t fix it up and “sell” it, and probably can’t even redistribute my fixes.

This highlights a problem most webmasters will face when they “go cheap”. There’s a real risk that the time and effort invested in a free software product will be wasted when that code is abandoned, bugs aren’t fixed, new required features go undone, or major security holes are discovered and go unpatched.

So be wary of using software without a business model. If the programmers can’t sustain the development, eventually they will move on to other projects.

Comments Off on Simple Mail List – abandoned, but still useful | Programming, Projects

Intrusion detection and resolution

January 9th, 2013 — 2:50pm

A few weeks ago I had a client email me with this message:

Just got this. I haven't made any changes on the site recently, have you?
....
> Subject: File alarm for My website
> The following files generated alarms:
> ALARM: /home/abc/public_html/404.php was modified: 01/02/2013 01:29:42
> If you did not modify these files - please check for possible hackers on your site.

This alarm came from a script I’d installed on his site a few months ago, which checks for new / modified scripts on the server. After getting his email, I checked out the file, and determined it was indeed a “suspicious” file, and that a hacker had indeed breeched the site.

After removing the file for safety, I contacted the hosting company, who confirmed that the file had been uploaded via ftp. Someone had leaked the ftp password, so we changed it immediately. In all likelihood the password had been given out at some point to a designer / programmer to upload something, and never changed.

So two lessons here:

1. Change your passwords regularly – and especially after you have changed programmers or developers. Also track when you give out passwords and to whom.

2. Monitor your site regularly for suspicious activity – hackers can get in from multiple avenues, sometimes not requiring passwords at all. So check and investigate any changes to your code, and try to determine how it happened.

Comments Off on Intrusion detection and resolution | Projects, Web Maintenance

Back to top