Tutorials and How-Tos « Texelate’s Blog

Archive for the ‘Tutorials and How-Tos’ Category

How to build a good content management system

Wednesday, September 2nd, 2009

A content management system (CMS) is exactly that: a system for managing content. When referring to CMSs in the context of a website we usually refer to a set of password–protected web pages—or a piece of software—that allow a user with little or no technical skills to publish and modify the content on a website.

So, how do you build a good CMS? As with many things, there is no right or wrong answer. Here I present a few bits of advice to help you build a good CMS.

If at any time you need advice or help with your CMS, call me on 07843 483 078 or get a free quote online.

Put in online

Where possible a CMS should be fully online. A 100% web–based CMS means that users can access it from any computer with an Internet connection, regardless of what platform it runs on (Windows, Linux or Mac OS X). It also means it doesn’t rely on having to install third party software on any machine the user wishes to use for updates.

Give it to as few users as possible

The adage that ‘too many cooks spoil the broth’ applies to managing content on a website too. Don’t let everyone add and change the content on your site just because you can. Let as few users as possible do this and clearly identify his or her responsibilities to prevent any unnecessary conflicts.

Don’t give a human job to a computer (or vice versa)

Don’t automate every function for the sake of it; if a job is better done by a human, let a human do it. For example, I’ve worked a lot with photographers and other creatives and have built them CMSs that allow them to manage their portfolios online. In some cases, it has proven much better to allow their artistic mind to crop and re–size the images rather then getting a computer to do it automatically. Of course, the same is true the other way round: don’t give a human a job a computer can do better.

Don’t add too many features

A good CMS should only do what it needs to do and nothing more. Some web design companies have a ‘core CMS’ that has the features most CMSs need. Sometimes when they offer you their ‘tried and tested CMS’ they’re actually euphemistically telling you you’re paying for a bespoke CMS—but in reality you’re getting a rehash of something they’ve used in a hundred and one other projects.

Keep it simple

Above all, keep it simple! As was mentioned in the outset, a CMS is a means to update a site without requiring the knowledge of a web developer. Some CMSs can be so convoluted the user may as well have gone and bought a book on programming.

There are other good bits of advice I’ve covered before such as the dangers of going down the open–source route but I feel the above provides a good summary as to the main points that need to be considered.

So if you need a good CMS building call me on 07843 483 078 or get a free quote online.

Posted in Tutorials and How-Tos, Web Design, Web Development | No Comments »

Send an email attachment with PHP

Monday, March 9th, 2009

To send email attachments you need to make use of MIME (Multipurpose Internet Mail Extensions) – a mechanism that allows email to go beyond a basic, limited character set. MIME has many uses but for the purposes of this tutorial we will send a multipart/mixed MIME email; this means we can send a text email and attach a PDF file to it (for information on attaching other file types please see the end of this tutorial). The MIME side of things will be exaplined as we go. Firstly, let’s set the email details and the attachment details up.

Set the email and attachment Details

<?php

$to = “$name <$email>”;

$from = “John-Smith <john.smith@domain.com>”;

$subject = “Here is your attachment”;

$fileatt = “/public_html/pdfs/mypdf.pdf”;

$fileatttype = “application/pdf”;

$fileattname = “newname.pdf”;

$headers = “From: $from”;

?>

The email details are obvious; for the attachment we need the path to the file and the headers for the file type (PDF in this case). The $fileattname variable determines the name of the attachment – it doesn’t have to match the name of the original file. Next, we need to transfer the file into a variable which we’ll call $file.

Read in the attachment

<?php

$file = fopen( $fileatt, ‘rb’ );

$data = fread( $file, filesize( $fileatt ) );

fclose( $file );

?>

Now the file has been read in it needs to be converted a format that is compatible with standard email: 7-bit ASCII. Before that, the appropriate headers need to be added to the email so the recipient knows what to expect.

Add the MIME content

<?php

$semi_rand = md5( time() );

$mime_boundary = “==Multipart_Boundary_x{$semi_rand}x”;

$headers .= “nMIME-Version: 1.0n” .

“Content-Type: multipart/mixed;n” .

” boundary=”{$mime_boundary}”";

$message = “This is a multi-part message in MIME format.nn” .

“–{$mime_boundary}n” .

“Content-Type: text/plain; charset=”iso-8859-1″n” .

“Content-Transfer-Encoding: 7bitnn” .

$message . “nn”;

$data = chunk_split( base64_encode( $data ) );

$message .= “–{$mime_boundary}n” .

“Content-Type: {$fileatttype};n” .

” name=”{$fileattname}”n” .

“Content-Disposition: attachment;n” .

” filename=”{$fileattname}”n” .

“Content-Transfer-Encoding: base64nn” .

$data . “nn” .

“–{$mime_boundary}–n”;

?>

The conversion to 7-bit ASCII takes place at the $data = chunk_split( base64_encode( $data ) ) line. The file is then attached using the appropriate headers. Finally – send the email:

Send the email

<?php

if( mail( $to, $subject, $message, $headers ) ) {

echo “<p>The email was sent.</p>”;

}

else {

echo “<p>There was an error sending the mail.</p>”;

}

}

?>

You can attach any kind of file you like – you need to make sure that change the $fileatttype variable to reflect the content type of the file you are attaching (e.g. image/gif for a GIF file).

For more help call me on 07843 483 078 or get a free quote now!

Posted in Tutorials and How-Tos, Web Design, Web Development | 2 Comments »

How to prevent spam form submissions

Monday, January 12th, 2009

Most webmasters will have a form – or forms – on their site. And most of those forms will get targeted by spam software bots looking for any way whatsoever to get links to their spurious offerings onto the World Wide Web. And it’s not just one-offs either; once found this abuse will be relentless and over time, downright irritating. Ask any web developer and they will talk to you with great vigour about spam and their vendetta against it.

There are many steps a webmaster can take to prevent unsolicited form submissions and everyone has their own opinion as to which one works best. This post will outline five of the main methods and will also outline their respective pros and cons.

1. CAPTCHAs

A CAPTCHA is an image that contains a verification code; the user must enter the code to prove they are not spam. Since some spam bots have basic optical character recognition capabilities, some CAPTCHAs attempt to obscure the code by warping the figures or setting them against a ‘noisy’ background.

How effective is it? Since spam bots are acquiring increasingly sophisticated levels of character recognition, CAPTCHAs are being presented in increasingly more obscured formats. The result is that while many of them are very effective in deterring spam, they are also very difficult for humans to read too.

2. Hidden Form Field

This simple method involves adding an extra text input element to your form. In an external style sheet you set the element to display: none; thus making it invisible to all users with CSS enabled. Since spam bots will usually fill all fields in a form you know that any forms submitted where this invisible field is not empty are spam.

How effective is it? In most scenarios, this method will filter out the majority of spam. However, many bots are wise to this method as it is relatively easy to parse the CSS and determine if it is hidden. The extra field will also display for users that have CSS disabled. In its credit, this is by far the most unobtrusive as most users will not even know a spam check is taking place.

3. User Authentication Link

Lots of forums use this method (in combination with a captcha). The form must ask for a valid email address; when the form is filled out an email is sent to that address along with an activation link, which the user must click for the submission process to be completed. This means that spam bots fill out the form but since they don’t give out a valid email address – and they aren’t human – they never complete the process.

How effective is it? This works very effectively but taints the user experience as further action is required from them even after they have submitted the form.

4. Use JavaScript

You can render your entire form simply by document.write() for each line of the HTML form. The function that writes the form can be placed in an external JavaScript file. Since you’re using JavaScript you can store each line in a variable and mix them up a little to confuse any bot that does actually attempt to parse the source code.

How effective is it? If the bot can’t parse basic JavaScript – the general consensus is that most cant . . . yet – then this one works well (and the bots are less likely to find it in the first place). The downside is the bots are getting smarter – so this method isn’t so future-proof. So unless you obfuscate your code you may not stop all the spam. Another con is that if the user has JavaScript disabled they cannot access the form either.

5. Ask A Simple Question

Add a simple question to your form; it can be anything that you’d assume everyone knows the answer to. For example, what colour is the sky? Then add an extra text input element to your form.

<input type=”text” name=”spamanswer” value=”" />

Then add a hidden input element that states the answer.

<input type=”hidden” value=”blue” name=”spamsolution” />

Then all you need to do is check whether the POST values of spamanswer and spamsolution are the same. If they are, it’s a legitimate submission. You can add further spam protection by removing the hidden input element and keeping its value server-side (in a text file or database). If you use this method, you should make sure that the answer is obvious to anyone, regardless of their academic background. And you should also compensate for common typing errors and case sensitivity.

How effective is it? Using a simple mathematical question such ‘What is the sum of one plus seven?’ is arguably the most effective way of filtering out spam submissions. If you use words for the numbers (e.g. seven instead of 7) you will make it even harder for the spam bots to decipher. And seeing as it involves adding two numbers together it is even accessible to people who perhaps don’t speak your language as their first language.

Conclusion

There are other methods of course and these can be combined for extra effectiveness. We should exercise caution however. Any spam filtering we do, should do just that. Filter spam. The moment legitimate visitors fill a form out that gets sent to its destruction – along with all the other spam – or the moment a legitimate visitor gives up trying to fill the form out means we’ve taken our vendetta against spam too far.

Posted in Tutorials and How-Tos, Web Development | 1 Comment »