web notes - a blog

Choose a color, enter a length, click ‘Create Gradients’. Page will generate 4 gradients (.pngs), from the selected color to transparent, along 4 axes, in both directions.

If you don’t have web stats running on your server, but you’d like to see who is visiting the pages, the following lines can be used.

cut -f1 -d' ' /etc/httpd/logs/access_log* | sort | uniq 

host IPADDR

The first line extracts the requesting IP addresses, sorts them, and then removes any duplicates. The second can be used to get the hostname for the IP address, if it is available.

Notes on using a dojo/RIA web interface to launch background (server-side) scripts.

• File uploads can run under FF and IE with dojo.io.iframe.send, and it is a nice interface. There is another post on this blog, with sample code.
• Synchronizing background server tasks with client launch and monitor requires the client to be able to identify script failure to execute, execute reporting whether the operation was successful or not.
• Two-phase, asynchronous execution can be made much more secure by storing the second-phase action on the server. Thus, if the first-phase executes correctly, no information is required from the client to continue the operation. All data submitted can be disregarded.
• Success or Error can be indicated with HTTP headers in cases where no data is required on the response.
• Client-side redirects can be used to transition to the next phase after a successful run of one phase.
• User should be alerted that scripts initiated through the web interface cannot be stopped (unless a mechanism is provided).
• User should be able to return to a previously initiated scripts and view the output.
• Background script output should be delivered to the initiator through an email. User should be able to suppress email.
• Background scripts should deliver output in text only.
• Server must be responsible for state management. Server must ensure background scripts do not collide with each other, or the data, and must provide an interface that allows the client to determine if administration should be readonly or prohibited when specific scripts are executing.
• Server must be responsible for scheduling resource intensive tasks to prevent service interruptions.
• An object is an excellent way to allow a single dialog box to submit data to different scripts without writing additional code. The object is then assigned to the AJAX content property.
• Server must have intelligence to adjust state of client, for example hiding informational messages after termination, enabling buttons to allow continuation, and providing alerts for errors.
• Initial error reporting can be limited to ‘Error’, a simple indication that something went wrong. After testing, common errors should be delivered with additional explanatory text.
• Balance distribution of client side code. Although it is nice to split a page into many components that can stand alone, this increases the number of HTTP requests which has performance impacts. Building the javascript into a single file is one solution, bundling related code together is another. Templates should include only the elements that require template processing. Large sections of javascript should be removed. Use caching to improve performance.
• Break server side code into components such that only the code required to execute is read. This doesn’t always work out perfectly, and there are impacts to opening alot of files as well, but the server impacts are less serious than the client side, because there is no data transfer.
• Put some timing code into the application so you can see where the time goes. Use YSlow to improve page delivery performance.
• Use FireBug to monitor traffic between client and server.
• Use a log file to write out debugging information. Check the error_log frequently. Use echo, var_dump, and exit. Build graceful error reporting into the application from the beginning. This will make debugging much easier. Log all errors. Put a switch in to allow debug displays to be suppressed for production systems.
• Use a tee (*nix command) to pipe script output to a file and into mail.
• Document the entire process and describe it to the appropriate people. This will ensure you understand what is happening and that it is what is supposed to be done. Be ready to change.
• Write a good test plan and use it.
• Be mindful of security. Validate all inputs. Escape all command line parameters that are user submitted. Check for access privileges for all requests, at all times. Avoid divulging application details or data.
• Copy script output to a temporary access area, do not grant access further into the server for output display. Identify script output with the script name and session id.
• Have Apache execute as apache:apache, or nobody:nobody, and allow only those scripts that should be executed through the web to have execute permissions for that user.
• Be persistent and creative.

AJAX and RIA’s are rapidly redefining web interfaces, but they can be expensive and complex to implement.

A key consideration is to keep server side logic on the server. Background scripts should be written to require little to no user interaction, and should allow users to view their progress as they execute, and receive an email of the results when they complete.

The synchronization required to preserve states across accesses and sessions is probably not cost effective. Accepting that the web can initiate resource intensive background scripts, but not interact with them (other than possibly killing them) is a reasonable consideration.

Testing for a script in progress should be done to avoid redundant and potentially corruptive requests.

The following is a very simple script that can be used as a framework to monitor the execution of a script.

Comments are used for explanation.

<?php
/* Ensure the viewer has logged in. */
session_start();
if (!isset($_SESSION['bLogged_in']))
	die();
?>
<html>
<head>
<?php
        /* 
        The escapeshellarg is there as a reminder to escape any input.  In this
        case, it is unnecessary, but if $_GET was used, it would be important.
        */
	$script=escapeshellarg('httpd');

        /* 
        Use ps and grep to check for the script running.  ps -C $script may also be used.
        */
	$ps=nl2br(`ps|grep $script`);

        /* 
        This command is used to simulate execution of a script.  It just appends the date
        to a file.  
        */
	$time_data_maker=`date >> ../test.data`;

        /* 
        Test to see if the command is executing
        */
	if ($ps != '')
        {
                /* Update the timestamp on the session file */
                $_SESSION['tick']=1;
                /* Tell the browser to refresh the page in 3 seconds */
		echo '<META HTTP-EQUIV="Refresh" CONTENT="3" />'."\n";
        }
?>
<title><?php $_GET['title']?></title>
<style>
body 
{ 
	font-family : "Courier New", Courier, monospace;
	font-size: .8em; 
}
</style>
</head>
<body>
<?php
/* If script is not running ... */
if ($ps == '')
{
	echo $script.'is not running<br />';
}
else
{
	echo $script.'is running<br />Current Status<br />';
        /* Display contents of file */
	echo nl2br(file_get_contents('../test.data'));
}
?>
</body>
</html>

Notes:

• Refreshes stop when script stops
• Page display prolongs session until it finishes
• Session id may be used to identify data file, script name can make a nice extension
• Placed in an iframe, with a print button, this is a very nice interface