A few of them have problems creating a route to a controller folder structure (/application/controllers/folder/controller), but really it is the same as creating a custom route to a non ‘folder’ed’ controller, you just have to define the variable in the routing path.

Here is our scenario, I have a URL of http://example.com/account/manage/4123245/jakub

So if we analyze our URI, we have:
account – folder
manage – controller (with only an index class)
4123245 – a numeric value (input)
jakub – a string slug value (just extra input)

From that we need to make sure that codeigniter understands our URI (and it will not by default!).
so we edit our /application/config/routes.php

$route['account/manage/(:num)/(:any)'] 	= "account/manage/index/$1/$2";

Index is the key here, as we need to route to the class (which is the index), the values $1, $2 are just input (1st, 2nd respectively) to show it goes to the index class.

There you have it, no more route issues with folders in your controller structure.

Happy Code Igniting!

Well in a couple of my last projects I’ve ran smack into CSRF protection and how it impacts AJAX (as well as many other things like Paypal payment gateway responses, etc).

If you found this page when searching for Codeigniter CSRF Ajax, then you’re in luck, as here is the easiest way to add CSRF protection to your ajax calls:

$.ajax({
	type: 'POST',
	url: '/action/fetch_more_blog_posts',
	data: {
		type: 'news', limit: limit, offset: offset,
		<?php echo $this->security->get_csrf_token_name(); ?>: '<?php echo $this->security->get_csrf_hash(); ?>' },
	success: function(data) {
		$(data).appendTo('#more-entries');
		$('#older-posts').slideDown();
		offset += limit;
	}
});

The magic really here is the following entry in the data I am sending back to my controller:

<?php echo $this->security->get_csrf_token_name(); ?>: '<?php echo $this->security->get_csrf_hash(); ?>'

The `get_csrf_token_name()` gets you your token name from the security class (first set in your config), and the `get_csrf_hash();` simply outputs the secure hash from the security class. Simple enough.

If you have timeout issues (say your ajax page sits too long, you may increase the token a bit, test for best fit).

One thing that I really have been getting annoyed with lately is checking if a variable is defined.  In most cases you could do a simple check, is it empty? However Coldfusion will puke all over itself if you do an isNull() check on a variable that is ‘not defined’. You really have to know the difference it seems between an empty value, vs a variable that has no defined value (to me they are both null/void).

In PHP, this would be a no brainer to check if it was null / empty by doing a simple string comparisson. (Then again PHP doesn’t care if a variable has been defined before you try to use it, which some people hate, but others find very convenient).

Anyway, on to the example…

Example (if our portlet has no value for renderRequest.getRemoteUser() ):

<cfset raw_userid = renderRequest.getRemoteUser() />
<cfif IsNull(raw_userid)>
   It is Null.<br />
</cfif>

The above would simply error out, as you cannot check something that is undefined. Below is the proper way to handle such a scenario with the approach:

<cfset raw_userid = renderRequest.getRemoteUser() />
<cfparam name="raw_userid" default="0">
<cfinvoke component="core.liferay-functions" method="checkIfLogin" returnvariable="userId">
	<cfinvokeargument name="userid" value="#raw_userid#">
</cfinvoke>

A3M in a nutshell

a3m is a great OpenID module for CodeIgniter, and what really sold me on it was it’s complete support of all the major openid providers (google, yahoo, myspace, facebook, etc).  It allows you to just build on it and not worry about the typical CRUD that developers go through in regards to user accounts. I’m really glad that I can take something, plug it in, and run with it, building my web application without building the ground work for user connections, something that as a developer you typically have to re-build on EVERY project.

Overall, it gives users a convenient means of connecting with my application, they don’t need to make yet another username/password that they might forget, or just make really weak security wise.

Problems with a3m?

Main issue I found with a3m, is that the developer didn’t have time to fully document the installation of said application. Maybe in the future with a full 1.0 release we will have a complete easy to use guide, but for now my post here aims for that documentation goal. Anyway, it basically comes down to a couple things, but having gone through google searches, and codeigniter forum posts, I can tell you people keep making the same installation mistakes during installation/config.

So the documentation is pretty poor when it comes to this app.  I hope with this post to at least give you a better starting position and eliminate some of the small user created issues (read.. not bugs!).

Oh and lastly, the project is questionable right now due to lack of ‘movement’ since March 2010 (as of this post). So hopefully the developer will contribute some updates.

How to start

1. Download a3m (which comes already with CodeIgniter 1.7.2 — as of this posting)
2. Extract the contents into your web directory (using an unzip app like 7zip). Personally I put everything into the root, and didn’t use the ‘a3m’ folder.
3. Using a mysql client (phpmyadmin or a desktop version like heidi sql), create a database and import the application data from the ‘a3m/a3m.sql’ file.
4. Once the database is setup, create a unique user account / password to access said database (you will need this for the next section).

Configs & Permissions

So now you’ve got the app extracted, you have your database prepared, privileges setup and ready to be used by your application, all you have to do is modify the configs to reflect your setup.

1. Edit the following file /system/application/config/database.php and modify your settings just like you would for any CodeIgniter project.
2. (optional) Modify your .htaccess file if you were like me and put the application into the root directory of your website (remove a3m folder reference).
3. (optional) If your server / apache / webhost is on a linux box, you will need to modify some permissions on your folder structure.  I learned this through trial and error as no openid / google / yahoo account would validate (It couldn’t store the data locally in the cache).
   I chown’ed the following folders and put them assigned www-data ownership (lets Apache have read/write access) :
   - /uploads/ (all your images / user uploaded content)
   - /system/cache/ (critical for openid nonces)
4. With permissions set (optional) and the database configured, you only have one more things to edit, and this takes place inside the /system/application/modules/account/config/ folder, so lets edit account.php
5. account.php needs to be configured, so that you can actually play with your a3m setup.  In my case, I wanted to develop the app without any SSL or reCaptcha support out of the box (by default those 2 are enabled (which breaks your login process as it tries to redirect you to the https site or enable reCaptcha), so lets disable them:

   $config['ssl_enabled'] = FALSE;
   $config['sign_in_recaptcha_enabled'] = FALSE;
   $config['sign_up_recaptcha_enabled'] 	= FALSE;
   $config['sign_up_auto_sign_in'] 	= FALSE;
   $config['sign_up_recaptcha_enabled'] = FALSE;
   $config['sign_up_auto_sign_in'] = FALSE;
   

   also while we are in there, you can configure your outbound password recovery email:

   $config['password_reset_email'] = 'no-reply@reset.website.com';
   

All done…

And there you have it.  Config’s are all done with (for a basic start at least).  Simply navigate now to your website and enjoy testing the a3m interface.  I created some fake demo accounts to test with, one of my favorite openid ones to test with is https://www.myopenid.com/ so start there if you want to create a quick account and test with.  You can then begin building your CodeIgniter application, while utilizing the a3m module for all your login needs.

If you run into problems always refer to your apache / php logs and find out the cause.  If it is simply failing to validate your openid account (even tho you signed in) you need to verify your permissions on the cache folder.

I have yet to run into any other issues, but the editcontent.php file was the one that gave me trouble, here is how I fixed it:
http://forum.cmsmadesimple.org/index.php/topic,36805.0.html

I was able to ‘patch’ this myself by doing the following:

open up /admin/editcontent.php

search and replace all get_class(
replace with fix_get_class(

add the code below to the top of the editcontent.php file

Code:

function fix_get_class($object)
{
            if (is_object($object)) {
                 return strtolower(get_class($object));
            }
            return false;
}

Keep in mind this is a quick, rough patch. It seems to work just fine for me after the patch, and I have not run into any issues… yet.

Since last November I have been looking at homes.  As my Realtor can attest, I have gone through probably 40+ homes before finally finding one that I loved and bidding on it (and winning the bid).

Everything up to that point went smooth until I got half way into the mortgage process, THEN things started getting weird, I began getting irrelevant requests from the underwriters for getting 30 day history on ALL my accounts, meaning, my stock investments (in the toilet), my mutual funds (in the toilet) and even.. yes my one years worth of 401k’s (also in the toilet). They looked at my Canadian chequing account and questioned small deposits like $200 personal transfer from my friend for money he owed me (there were like 4 deposits, totaling under 800 dollars combined!).  I laughed each time these requests came through, but I fulfilled their wishes.  Well except for the 401k, I couldn’t get that in the time frame that they requested because ING direct (the company behind my 401k) sends paper reports out every quarter, and my last quarter was from December, and did not satisfy their needs (but we worked this out).

The next thing that started annoying me is that the underwriters began confusing my Canadian funds with my American funds, and my Canadian accounts (chq/savings, etc) with my American accounts.  I understand that there is a Canada vs USA thing at this point, but why do they keep having to confuse my finances when I outline them clearly for them?  Everything I send over is scanned to PDF and everything is noted and summarized.

It truly annoys me.

But that’s the beginning of it all, I end up waiting over 4 weeks for my mortgage process.  And I am not someone that is easily impatient, but the process takes the full time I allotted to close on my house (procrastination anyone? or maybe just overworked and leave till last minute type?).  And then 2 days before close, I get a call from my mortgage rep.  “Bad news, you were approved for the mortgage, but the PMI company denied you based on your credit being under 700″.  At this point I should probably provide some background, I had only 15% down for my house, and you need 20% in order to NOT pay mortgage insurance (PMI). Plus when I began the mortgage process my credit rating was around 750.

So as you can imagine, this news of being denied PMI came as a shock to me (as I received this notice at 11:30PM 2 days before the scheduled close).

Turns out that because I have only worked in the USA for the past 1 1/2 years, my credit history is vulnerable to being hit by something as innocent as 5 credit checks (yes, 5 is a lot, but I was hit 3 times by my OWN bank for some reason!?, the last 2 were all in order for my mortgage company doing their dudiligence). But that is besides the point, my denial was because my credit score dropped from 750′s to 694, which is terrible, because if you consider it, the sole reason for my credit checks was to get setup with a mortgage, so I could buy a house.  The PMI company did not take that into consideration.

So now, after a month of a mortgage process, my mortgage rep is scrambling to flip me to a government backed FHA mortgage (because I cannot qualify at this point for mortgage insurance for a conventional loan).  I am upset at the system, because I have done all I could do to qualify for a good mortgage, only to be denied by the very system that I marched to the beat of.

The questions are all too clear, is it a mortgage crisis? Or a mortgage process crisis? Because if this is the reflection of what people have to deal with, I am not the least bit surprised with whats happening in the market, and that nobody wants to buy (or can afford) a new house.

I’m pretty sure the answer is a little bit of both, but more of the process than the mortgage.  Well to be more clear: The mortgage crysis is a result of the process crysis.

And its time for me to stop, as I’m starting to rant more about this, the good thing is, that I am (hopefully) going to be alright with closing on my home.  And in the end thats all I care about.

I think this is a great well needed update to my consulting and design website. Let me know if you like it

When I generated 50k serials, I used Office 2007′s Functions to remove duplicates (I didn’t code this into PHP as it was a waste of time for me due to the nature of what I needed the output for).

To give you an idea how many dupes I got it was about 1k dupes our of 50k serials, so not bad. One way to get around not having duplicates (if you use this for a web based serial number process) would be to combine the generated serial with say a database column that only takes unique serials, so if you have an existing serial, simply generate another and you shouldn’t have any problems).

Download the Code:
PHP Serial Generator