Publishing on a given date

If you’ve ever taken a look at either the Life of Jalo or Jermut, you’ve probably noticed that both sites create a daily page for the picture/strip. The way I’ve created it is that each file that needs to be shown is saved with the filename simply as the date (e.g. 20060428.jpg is today’s image in LoJ). This post will show you how the naive approach to triggering something based on the current date and time may backfire and how to solve it.

To prevent people from looking ahead of the current date I used a simple is statement that compared the date now to the image requested. If the imagefile’s name was greater than the current date, a HTTP 403 error code is returned. The code looks like this ($showTime is the date portion of the filename):

      if (date('Ymd') < $showTime) {
	return 403;
      } else {
        …

Of course, by now all of you should be wondering exactly what is the timezone in which the date should change? Well, my intention was that we'd follow a Finland-centric approach to the whole thing and the new image would be visible at the strike of midnight in Finland.

This all worked fine until we moved our hosting from a Finnish provider to DreamHost. The Finnish provider's servers all used EET (Finland's timezone, UTC+0200) and date() worked just fine. DreamHost's servers naturally don't use EET as their default timezone and testing that everything works after I've uploaded an image was a bit too hard. Plus I like seeing the next days picture before I go to bed, or rather having Anna look at it and tell me if something's wrong.

Luckily PHP comes with the function gmdate() that returns the current date and time in UTC. Then, with some simple code we can convert the reference time to EET and we're back at the usual publishing schedule. After you know of the existence of the function, any problems caused by timezones can now be easily solved.

Secure PHP

For all of you out there who are writing PHP code, I suggest reading Writing secure PHP and its part 2 by Dave.

I also strongly recommend using something like the quote_smart-function described in the PHP documentation (scroll down to example 3) when saving user input in the database.

The importance of writing secure code cannot be emphasized enough. Even if you’re writing a helper application for yourself someone, somewhere might try to crack it. And practising secure programming in even small projects will help you when you work on larger and more important projects. It’s all about the discipline.

WordPress hacking

I’ve been on a vacation with nothing planned this week so I’ve finally had time to hack around with WordPress. The new template system offers a great platform on which building customized views is easy. I added a thumbnail (and link) to the current image in The Life of Jalo, a list of the five latest posts when viewing a single entry, a link to geocaches near us if you’re viewing a geocaching post, now playing information, and I jumped the folksonomy bandwagon. The rest of this post is fairly technical in content, so if code and web development aren’t your thing, you might want to move on.

Form elements as PHP variables

I had already decided to test this today since I’m a lazy programmer (more on that sometime later). I’m working on creating a voting application and since I like code re-use (part of my laziness) I wanted to see how I could make form processing code that really doesn’t care how many different elements there are in the form. Eric’s wondernment on why PHP requires the brackets to be present in some form element names may also be explained a bit further.