Category: "PHP"

Application Upgrades - an excellent business opportunity

The web is constantly changing and keeping applications on servers which can support them may be difficult, as hosting companies upgrade the servers to improve security, the applications may fail.

Most web companies are extremely careful and use strategies such as running PHP 5 through php5 extenstions, and leaving PHP 4 as the default, but there does come a time when the server has be upgraded. In addition, it is the responsibility of the application installer to ensure the application is maintained for security and performance.

This creates an excellent business opportunity for web companies, especially for powerful applications with complex hosting requirements, such as eZ publish. The key is careful identification and management of the opportunities.

Once identified, one must look at the site to try to assess the quality of work. Upgrades can be difficult, so the offer to upgrade an eZ installation should be made carefully - so all parties understand the risks and estimated costs.

Bear in mind if the application is running from a subdirectory, this strategy may not work. That’s okay, there are lots of other sites. :)

This approach will work for any application that provides identification information in a publicly accessible area (either the headers or the HTML). It is especially valuable for applications with steep learning curves.

Use curl or wget to get the site headers or HTML.

md5 just-a-test ... just-a-list

md5 just-a-test list

The following URLs may have the md5(’just_a_test_code’):

http://honamfishing.co.kr/phpmysqladmin/libraries/nov/uyowuwi/
http://kamini.biz/a/onodin/bb/aqileka/seleyuy/&pb=1
http://mojazubarka.sk/test/admin/sicaqe/jufoxir/
http://mslayouts.ws/icons/administrator/components/com_menus/etotag/qeba/
http://sans-packing.ru/img/jipeqap/ehudute/
http://stoneproperties.co.uk/album/includes/nohul/zojaz/
http://targi.pc-tuning.pl/images/news/aqa/cib/
http://www.antwerpsupporter.be/soccerstats/images/gumiseq/nila/
http://www.boomerbible.com/instapunk/MType/archives/ajuq/avu/
http://www.channelnewsperu.com/imagenes/publicaciones/fotos/emesuki/lewu/&c=1&tb=1&pb=1
http://www.elettrodataservice.it/foto_articoli/pivafof/mibi/
http://www.eloge-du-bien-commun.be/blog/bundled-libs/Net/ocoqen/goqe/&tb=1&pb=1
http://www.filter-international.com/webservice/aro/pefosi/&c=1&tb=1&pb=1
http://www.foicr.org/work/mulito/yiqosu/
http://www.heaven-house.kz/templates_c/omoj/edexuq/
http://www.interkonet.com/galeria/modules/albumselect/ucu/yixipuz/&paged=2
http://www.jyvaskylankirjastot.fi/yhteistyo/wd/muji/renula/xejado/&tb=1&pb=1
http://www.landi-sempach-emmen.ch/aktionen/image/zafecez/roxovef/&c=1&tb=1&pb=1
http://www.obrasmecanicasch.com/omch/img/anawuho/ohuhiru/&pb=1
http://www.oriolmanya.net/nautilus/phpBB2/language/lang_english/ifekeri/cekogah/
http://www.pattibus.it/phplib-7.2b/pages/godot/olule/
http://www.sibstro.ru/dom/domimg/pife/egemo/&paged=2
http://www.stomol.ru/catalog/rivoz/ifewaf/&tb=1&pb=1
http://www.tcmforum.com/layout/oxiqade/onese/
http://www.thoseguysfilms.com/forums/templates/subSilver/images/timuji/jaborat/&paged=2
http://www.unduetretoccaate.it/codice/fog/biko/
http://www.uxbridgerotary.org/survey/tmp/isefa/nowu/yocav/
http://www.vlopezalvarez.com/Personal/Fotos/Viajes/xaj/ocaceg/

To check if the file is on the server, click on the link. If something similar to:

<?php echo md5("just_a_test"); ?>

is displayed, the file is still there, and the entire server (all accounts) should be checked.

If you own any of these domain names or servers, you should address the issue.

If a 404 (page not found) error is received, the file has been removed.

This blog has additional posts related to the issue, you may use the search feature.

Information derived from server statistics, non-authorative.

Rapid Development Strategies

Web sites have become exponentially more complex and the expectations of site visitors have soared as well.

The only way to build powerful pages is to use sophisticated tools, quickly and effectively.

:!: Choose tools that have decent documentation and a good community. You will need help. Be ready to reciprocate.

B) Use sample code. Everytime you have to learn something new, start with someone else’s posted code. It might not work exactly as you want it to, but you can tweak it, one piece at a time, until it does.

:>> Be very aware of the code architecture. Use an MVC approach, since it is likely you will have at least two views - through a template or HTML and AJAX/JSON.

:crazy: Abandon ideas that are too difficult. This isn’t lazy, it is smart. You’re smart, if you can’t get something working quickly, find another one. Many smart people posted great ideas - use them (and share yours). Abandon tools or libraries that don’t work quickly, too. There is one caveat - if you can see a tool’s potential and are humble enough to admit the problem is a learning curve, it may be worth persisting a little longer. eZ publish is a great example of this - it was well worth learning.

:idea: Be creative.

|-| Use abstract data structures and concepts. Multi-dimensional arrays are incredibly powerful.

:lalala: Be persistent, if it is almost working, keep trying. Try things that don’t make sense, because sometimes, they work - and well.

:oops: Don’t be afraid to be wrong.

:!: Use every available resource, carefully. LAMP is a stack of technology and some parts are better suited for tasks than others. Don’t use bash for page design, don’t use javascript to write large amounts of HTML.

:?: Explore, learn, try. Very little of what I have learned has been useless. Even mistakes and bad ideas are valuable, to avoid.

:yes: Be independent. Don’t ask for help right away. Try to solve your own problems, then ask.

Admin console user interfaces

  • Should give the user the information necessary to make decisions on the page displayed, as well as links to access additional resources
  • Should be consistent, throughout the application
  • Should be configurable
  • Should be attractive, polished, and easy to work with
  • Must include the requisite security
  • Should help the user enter valid data, and protect the server from malicious submissions
  • Should include AJAX
  • Should include a template system
  • Usually require access control management
  • Should have password recovery
  • Should not offer actions the user cannot perform, buttons should be suppressed or disabled visibly
  • Should make use of common navigation methods through lists and data sets