Random Password Generator for MacOS 10.7

I recently downloaded from the App Store a wonderful tool called Little Ipsum. Simple system tray based app that would allow you to quickly and easily generate 1-3 words, 1-3 lines or 1-3 paragraphs of Lorem Ipsum. This was quite handy as my previous process was opening a new browser tab and heading to HTML-Ipsum, which is still an incredibly handy website but just too slow a process.

This got me thinking of other processes I frequently use websites for that could be replaced by a simple System Tray app. So I went looking for a random password generator. I generate a lot of passwords throughout the day. Some tools (I.e PHPMyAdmin) provide wonderful password generators inline, where as many others don’t. Sadly I couldn’t find anything as simple as I wanted on the App Store, so I saw this as an opportunity to brush up on my Cocoa coding skills. I honestly had not touched Xcode in 5-6 years, but this seemed like a simple enough project to get my hands dirty.

So a couple of hours later, most of which was spent watching Youtube user AppleProgramming super helpful videos I had my app. As simple as it is I haven’t greatly tested it, but it all seems to be working well. My only issue remaining is the Preferences window doesn’t seem to display at the front when initialised, but that’s not the end of the world.


6CM Password Generator 1.0 for MacOS 10.7 (47kb)

Ajax Driven WordPress Website (Server Side)

I recently built a website for a designer where he requested the entire thing be Ajax driven and WordPress managed. I have built websites like this in the past using both Drupal and WordPress. In the past however I feel I have made the process overly complicated on the client side, often requiring huge amounts of Javascript to display pages. Using different code for different layouts etc. In hindsight this was a bad idea for several reasons. Firstly search engines might not see the same layout as you are showing the user. Same goes for people with Javascript turned off. Large quantities of additional and unnecessary Javascript need to be written. Finally it is a much longer development process from the method I chose this time.

Though this method was more difficult from the client side of scripting, it was much simpler from the server side perspective. I would create a page in WordPress called Ajax. Then write a custom template that would take a $_GET parameter of ‘URL’, get the post ID from the URL, get the post by that ID and simply pass the post object back as a JSON object. This is very simple (1-2 lines of code), except when you come to laying out your pages and need to specify where each individual div should go. To call it was simple, http://yoursite.com/ajax?URL=/about. To maintain it was a nightmare!

What I wanted this time was the ability to create the entire website just as I would without AJAX in mind. Style all the pages and create whatever templates I need using CSS and HTML. This saves a great deal of time when just doing little things. Believe me a refresh without AJAX is always much quicker than with, and if you think how many times you refresh when developing it makes a massive difference. Then I would in a similar way to my original method create a WordPress page called Ajax which I’d pass a $_GET parameter of URL to. However instead of grabbing the post as an object I would have the template grab the entire page content as a browser would receive it. This means any styles, template structure and custom fields will already have been applied and formatted. I’d simply need to fish out the divs I want and pass them back as a JSON object. Then simply replace the existing ones on the page. For me this meant just taking out the #main div and replacing the existing one. You also need to extract some other elements for styling reasons. I for example needed the classes listed in the body tag too.

You will require a really great PHP script to retrieve and extract the DOM elements in your AJAX called Simple HTML Dom. Below is my AJAX template class. There is almost zero error checking.

<?php
/*
Template Name: Ajax Post
*/

include("wp-content/themes/6cm/scripts/simple_html_dom.php");

// URL
if(isset($_GET['url'])) {
	$url = $_GET['url'];
	if($url != "") {
		// Get post
		$post = get_post(url_to_postid($url));
		// Add paragraphs
		$post->post_content = wpautop(do_shortcode($post->post_content));

		// Get entire page
		$html = file_get_html(get_bloginfo('url') . $url);
		// Extract just <div id="main">...</div>
		$ret = $html->find('div[id=main]', 0);
		// Extract <body> classes
		$body = $html->find('body', 0);
		$body_class = $body->class;
		// Get page scripts
		// $script = $html->find('head script', 1);

		// Create JSON Array
		$json_return = array();
		$json_return['html'] = $ret->innertext;
		$json_return['post_object'] = $post;
		$json_return['body_class'] = $body_class;
		// $json_return['script'] = $script;

		// Print JSON
		print json_encode($json_return);
	}
}
else {
	print 0;
}
?>

Next step is to implement a Javascript/jQuery deep linking script like Asual to write deep links. This allows users to easily make their way to specific pages and not experience the one page woes of Flash websites. You’ll also need to implement jQuery AJAX functions to call and replace content when links are change.

I’ll return shortly to write about my Client side scripting for this project. Hope this can be helpful for someone.

Image Fade In with jQuery (UPDATED)

I often find it a much nicer effect to have images fade in when they’ve finished loading, opposed to watching them build on screen. This is super easy to do with a bit of jQuery and CSS, but I’ve always had an issue that I only today discovered a work around for.

Imagine you have a gallery with 10 images all loading for the first time together. I’ve used a unordered list in this example, but you could use whatever markup you wanted for your own gallery.

<ul id="gallery">
 <li><img src="image_1.png" alt="" /></li>
 <li><img src="image_2.png" alt="" /></li>
 <li><img src="image_3.png" alt="" /></li>
 <li><img src="image_4.png" alt="" /></li>
 <li><img src="image_5.png" alt="" /></li>
...
</ul>

Having created our list of images, lets put some simple CSS in place to give the appearance of loading. To do this we set the images to visibility to hidden and the list items’s background to an ajax loading gif.

#gallery li { background: url('loading.gif') no-repeat center center; }
#gallery li image { visibility: hidden; }

Finally we need some jQuery to fade the images in once they’ve finished loading. I will start with the jQuery I have always used and then discuss its problems and a solution.

jQuery("#gallery img").load(function() {
	jQuery(this).css("opacity", 0).css("visibility", "visible").animate({opacity: '1'}, 'fast');
});

The problem with the above method is caching. Most modern browsers will make an effort to cache images and large files. When you first load this page this will all work perfectly. The browser will begin loading images for the DOM and in the mean time your script will have been initialized and jQuery will be watching for your images to complete loading. The problem is that the second time you load this page most of those images will now will be cached by the browser. Your browser will load your images long before your script is even called. Your script will essentially sit forever waiting for a call to say the images have finished loading, but never receive one. The solution is to include an .each() function to the .load(). This each can check if an image is already complete and if so just manually call .load().

jQuery("#gallery img").one('load', function() {
    jQuery(this).css("opacity", 0).css("visibility", "visible").animate({opacity: '1'}, 'fast');
}).each(function() {
    if(this.complete) {
        jQuery(this).load();
    }
});

UPDATE:

I previously didn’t have the “jQuery(this).load();” wrapped in braces, which seems to cause problems in IE. This seemed to fix it however on my path to solve the IE problem I came to a point where I could no longer create it.

WordPress CCK – Getting close to Drupal

Recently I’ve been required and requested to use WordPress more and more. When I started I was somewhat reluctant. My first WordPress sites were built over 4 years ago and since then I’ve changed CMS more often than I’d like to admit. I liked certain features of WordPress, such as its ease to update and basic layout in the backend. However I was always in the constant search for the best CMS. Each present their own unique, but great qualities, but for me Drupal won out. I could do just about anything I wanted in Drupal – but this came with the draw back, Drupal is so customisable that you often spend hours just creating a good base setup. Essentially Drupal was king to me because of one specific module, CCK. The module that allowed you to create custom nodes and assign them custom content types. It was an amazing tool that could aid you in any requirements a client could throw at you. The module was so good that in Drupal 7 CCK became part of Drupal itself.

I remember when WP 3 came out that I read a few articles about how WordPress had added the ability to create custom content types. I was excited, but annoyed by the labour intensive process it would require to implement such things. Today however I feel I have finally found that sweet spot that means WordPress and Drupal are almost on the same level from my development point of view. There are a number of plugins for WordPress now available to help you create and manage custom content types from the backend. Further more there are also some amazing tools to aid you in creating advanced custom fields for these newly created or existing content types.

I quite like Advanced Custom Fields and Custom Post Type UI, but as I say there are many out there.

I also quite liked a little article I read on Randy Jensen’s blog. He’s written a post and included a download for 3000 icons you can use when creating custom content types and the source you can add to your themes functions.php to have theme appear.

Just keep in mind however Drupal is still way more extensive that WP, so do some research before starting any project.

Invaluable Developer Tools

There are some obvious tools I feel no web developer today could get by without using (mostly Firebug). Here’s another one for Firefox based developers, Wappalyzer.

It’s a simple tool that shows information about pages you’re currently browsing and what technologies have been used to create the site. It even shows the types of analytic and advertising software a site might be using.

Highly recommended!

WordPress Security

Not to long ago I watched some Lynda tutorials and read up on WP security. Basically as with many things on this blog I am posting this information here as a reference that I can use in the future.

Backing up

Plugin – BackWPUp
Description – Back up both files and db to any number of locations. Cron controlled for automatic backups.

Random Passwords

The best password is a completely random generated one. Use a website or tool to automatically generate passwords. I like http://onlinepasswordgenerator.com/

Keep an eye out as I’ve noticed that many of them are hilariously crude despite their random nature. Might be awkward giving some to clients.

wpconfig.php Restrictions

Restrict access to wpconfig.php using .htaccess. Simply add under your existing rules,

#PROTECT WP-CONFIG
<Files wp-config.php>
Order Allow, Deny
Deny from all
</Files>

Also ensure you’ve limited your file permissions to 640 or 644.

 Set Secret Keys in wp-config.php

Don’t forget when you are initially setting up your site to set the secret keys located in your wp-config.php. WordPress provides a generator such as https://api.wordpress.org/secret-key/1.1/salt, but check your config as it will have the most current address.

Database Prefix

Don’t use the default database prefix. Essentially should someone access your db using code injection, it is much more difficult for them to be malicious if db tables don’t have regular names.

Admin Login

In the more recent versions of WordPress you have been given the option of choosing your admin user name. Don’t use ‘admin’! It’s basically giving attackers a head start on accessing your website. Not only do they know one username, but they know the most powerful users username.

Directory Views

By default many hosting companies and Apache installs come with directory list disabled, but always ensure this is true. Should you find that you can list directories with no index.php/html or main.php/html then you can block this in the .htaccess. Simple add the following,

#Add to top of .htaccess
Options -Indexes 

Removing Version Numbers

Another leg up you can give attackers is letting them know what version of WP you are running. If your client is hesitant or unwilling to upgrade their WP version they are putting themselves at risk. The older the version, the more likely someone has identified a security issue at some point. A good idea is to remove all notification to visitors of the sites version. By default your WordPress theme will print something in the header to the tune of ,

<meta name="generator" content="WordPress 3.2.1" />

You can easily remove this by adding the following PHP to your functions.php.

// remove version number from head & feed
function disable_version() {
	return '';
}
add_filter('the_generator', 'disable_version');
remove_action('wp_head', 'wp_generator');

Secure the Login Page

A weak point of WordPress is that the admin login page essentially allows for unlimited attempts. This makes it very easy for a bot to sit for as long as it likes trying to access your account. Install the Login Lock plugin.

This plugin allows you to limit login attempts, block IP’s, force password updates at intervals, force strong password selection policies and force global password reset should you ever need to.

Detect Malicious Code

Finally there is an amazing plugin called Exploit Scanner. This allows you to scan all the files in your WP install and look for malicious code that may have been injected and remove it.

That’s it for now. I’ll try and update this as I learn more or find better plugins. Good luck.

Moving a WordPress Website

WordPress is great don’t get me wrong, but the fact that they don’t seem to think or care that it’s possible that you’ll want to develop on a different domain to the one you finally take live annoys me. Drupal requires almost zero config to take from dev.example.com to just example.com. WordPress on the other hand seems to be a lot of work.

There are a couple of guides in the Codex if you’re looking to move a site, but I thought I’d add a help piece of code (with a warning) that I use every single time.

UPDATE wp_posts SET post_content = replace(post_content,"http://dev.example.com","http://example.com");
UPDATE wp_posts SET guid = replace(guid,"http://dev.example.com","http://example.com");
UPDATE wp_options SET option_value = replace(option_value,"http://dev.example.com","http://example.com");

My warning is to remember to copy any ‘Text’ widgets your site has before proceeding. For some reason if you change the links in a text widget and the new domain length is different to the original it will delete the text widget’s content completely.

Good luck.

Group Password Reset in WordPress

I recently had some trouble when I couldn’t regain access to this site. I tried the email reset and manual resetting the password in the database but neither seem to work. Rather than doing anything about it I kind of just lost interest and went on working with other projects (something a 30 second Google would have fixed). It was only the other day when a client requested I update a number of passwords bulk that I realised how easy it is to change a password at the script level and that I could apply that to my own problem.

Here is the quick process I used to reset the password for all users of the same role.

<?php
	require('../wp-load.php' );

	global $wpdb;

	$subscriber = $wpdb->get_results( "SELECT * FROM `wp_usermeta` WHERE `meta_value` LIKE 'a:1:{s:10:\"subscriber\";s:1:\"1\";}'" );

	foreach($subscriber AS $s) {
		wp_set_password('PASS1234', $s->user_id);
	}
?>

Obviously I would never suggest giving all your users the same password, but this was specifically requested by the client and the members area doesn’t truly hold any secret information. The most important things to note here are the use of wp-load.php (the quickest method to access the WordPress database) and wp_set_password(). Also note that I didn’t use the password PASS1234.

So to reset my admin password was even simpler. Again not my real password.

<?php
	require('wp-load.php' );

	wp_set_password('password1234', 1);
?>

– Morgan Leek

Sabnzbd + Sickbeard + AppleTV2 + Plex = Carefree life

Just thought I’d through up a quick post to tell you all about my recent carefree life, all thanks to several pieces of software that just work! Like many of us I like to watch my favourite TV shows week to week as they air in the US, but I don’t live there. Now for many years this hasn’t been a difficult thing to do, with ease of access to content via Torrent or Usenet and even Hotclient, FTP or IRC bots way back in the day you could always get what you wanted. The thing was that locating the thing you wanted wasn’t always hard, but all the crap you had to do from getting off a machine and into viewable format was.

I’ve been a avid user of Usenet for about the last 10 years. I’ve seen retentions go from 6 days to almost 2 years now. Usenet does cost money yes, but it’s fast! I mean take this comment with a grain of salt, but if your max connection speed in 2000Kb/s then you’ll download content from a good provider at that speed. No long waits! The problem with Usenet is that it was confusing for many years. My housemates were always great proponents of it, as they could often request something and I’d have it ready for them to watch in 10 minutes. The problem became when they’d tell their friends and they’d ask me for a description on how Usenet works. Needless to say, it isn’t as simple as you’d think to describe.

“Files are broken up into thousands of messages. You uses an indexing site like binsearch.info to search for the content you want. They create an NZB file of the files you need. You use a program to download it from a server you pay for. You par it, you unrar it and then you put it on a device that fingers crossed can play it.”

This would only raise 1000 more questions. What is a par file? How many pars do I need to download to repair? What do you mean I can add up their value for the smallest par requirement? What’s unrar? What’s a CRC error? When I search for something how do I know it’s what I want? …

To return to the point of this post I just wanted to say that I haven’t looked up a single NZB in about a month, but continued to get all my favorite shows. Enter Sickbeard! Sickbeard is an amazing tool that essentially keeps an eye our for new NZBs on services like NZBMatrix or Newzbin. It keeps track of what shows you already have, adds shows in the format you request as they become available and allows you to added wanted shows you might have missed. It’s essentially still in Alpha, but I’ve not had a crash or problem in 40 days.

Sickbeard nicely integrates into your favourite NZB downloader SabNzbd+. Again this is an amazing piece of free software. It downloads, pars, downloads repair pars, extract and categorizes your downloads for you. This almost never has a problem.

Plex and a jail broken AppleTV. For about 2 years I was running XBMC and Plex in different configurations off a PC and then a discarded Mac Mini. This was always problematic. Partly the problem was that I didn’t have the money to go out and buy a new shiny HTPC or Mac mini, so my old noisy hardware would often fail. So you can imagine the joy I felt when I heard the $99US Apple TV2 could run a Plex player when Jailbroken. The price was small so I was totally willing to take a gamble on it, but I must say I was skeptical. I thought I would get low quality and more to the point it would be super buggy and crash a lot. Amazingly it hasn’t. There are a few bugs and it does crash time to time for me, but only ever in the menu. Never once has it during playback.

So it’s Saturday and I don’t get a chance to watch any of my shows during the week, so I’m off to do that now. Nice to know they’ll all be there despite me having made no effort at all.

Bye

Latest Posts by Category Widget

Description | Features | Download | Screenshots

Description

This WordPress widget allows the user to print a list of recent posts by category.

Features

The user can select one or more categories to display.

Options include custom title, custom read more link, custom read all link, excerpt length, hide excerpt and ability to select a single or multiple categories.

This widget is object based so you can add it multiple times to several widget areas.

Download

Screenshots