Building PHP requires quite a bit of effort. There is a lot of dependencies before PHP 5.3.3 can be compiled plus every Linux distribution packages libraries in some different way. The result is that you have to install several Ubuntu packages before you can even compile PHP 5.3. Then you will need some more to make it run : )

This post shows how to make a development php, it is not supposed to be used for production as i am overriding default paths and you probably don't want to be doing that.

To make your and mine lives easier i put together a script how to get PHP 5.3 running on a fresh Ubuntu linux installation.

when you think of it at first it sounds like a great idea. All you have to do is set a global cookie for the main domain and based on that perform authentication. User will be able to go from subdomain to dubdomain and still remain authenticated.

Unfortunately there is second side to this story : )

I am happy to present first release of Ultimate web encoder.

I am a developer and i work a lot with ajax, javascript, PHP, json etc. It is quite often that i need to decode, replace encode something and i always go through the same process of searching for base64 encoder or decoder. Or i have to google for some online url encoder decoder etc.

So lately i thought how about i do it once and for all, and this is how Ultimate web encoder came to live : )

This post is my final look at the total of nearly 1200 pages long CISSP book.

In the end i think it was not a total waste of time as i really liked the physical security chapter and also chapter about cryptography was not that bad. Maybe it was not that bad of a refresh. But was it really worth it?

I would definetly not recommend it as i cant see who can really benefit from that book, its not senior and not junior, does not explain things well nor provide deep insights. Its just a too long poorly written book in my opinion.

There is a very little known method of injecting javascript int CSS files. It would not work in all the browsers (works in my latest IE8) but it is important fact to know.

Cross site scripts lead to a number of security issues. The most important to remember are:

• Session Hijacking - hacker steals user's session by getting his cookies and gets access to user's account
• Cross Site Forgery Request - hacker uses users account to perform operation that was not intended at all

I have worked with SOAP services from time to time but now i have actually even nicer way to debug them. I still use SOAPUI as its an amazing tool but now i can easily see what is PHP doing :- )

Before, i would simply log everything in raw xml with headers etc. before i sent it out and whenever i got a response back i would log hat too. This is a great way to keep history of what was actually sent and what did we actually get back in case of any investigations etc. It does not impact the performance that much if your volumes of calls are low so you can even enable it temporarily on production servers to see what is there.

When you build PHP applications you need cache storage to keep your calculated data in. There are quite a few options and use case decides which solution is better.

I knew that APC is faster than memcached as there is much less overhead but I wanted to see how memcached would compare to APC user cache.

If your Eclipse is permanently stalling, you cant get your job done, all you see it this annoying beachball then its time to tune it up. There is not too much you can do about it but there are still a few tricks that help.

here they are

Wordpress is a very nice blogging solution but does not really allow to create and publish multilingual blogs out of the box. The good news is that it allows you to set the language for frontend so that users see localized messages.

Writing wordpress posts in your chosen language is one thing but then you make sure buttons, error messages and other labels are translated. This is where gettext and translation files step in.

I personally liked the chapter about physical security. I have not heard about some of the ideas described there and I must say its quite interesting. I am happy I kept on reading so far as this part was quite cool.

Authors describe what are the high level factors of physical security. They describe how different types of physical security elements work for example keys, magnetic cards, chip cards, as well as construction elements. Its even hard to describe but I really liked that chapter.

Drupal is awesome but from time to time you have to modify something to get what you need.

I love latest jquery and I always have my own custom made frontent user facing theme so I thought it would be cool to include latest jquery in my custom made theme and keep the 1.3.2 version that is compatible with drupal in garland theme.

After doing so I can have all the features working like drag and drop, file uploads etc in my administration account and I can use latest coolest jquery plugins on my frontend.

It is a bad idea to leave multiple domain names serving the same content as web crawlers will lower your rankings.

To get better SEO positioning you should rewrite url to make them point to the same url with 301 permanent redirects.

How to rewrite urls to remove www prefix

You need to create .htaccess file or edit existing one and add a section:

   RewriteEngine On
   RewriteCond %{HTTP_HOST} !^artur\.ejsmont\.org$ [NC]
   RewriteRule ^(.*)$ http://artur.ejsmont.org/$1 [R=301,L]

It will redirect (302 permanent client redirect) from all domain names different than artur.ejsmont.org in this case.

Lately I see it on almost every CV we get. Everyone is a PHP consultant, Web Architect, Web UI Expert and god knows what!

In PHP world its quite obvious but not as annoying as in Java community. Almost every single Java candidate we get writes in his resume with terms like: Architect, Enterprise Consultant, Principal Architect, Solution Architect, Senior Enterprise Architect …. oh my god I want to shoot myself.

Then there is a list of JSR specifications or some other nonsense with every box checked as expert or whatever. You ask the guy in for a interview and he does not even know what is a compound index in the database. I mean come on. Why there are no Software Engineers any more?

There is nothing worse than a PHP Fatal Error :-) Your script terminates immediately and user sees 500 error page (or blank screen if you don't have one).

A nice fatal error i found recently has to do with __toString methods. Apparently there is a exact type check and __toString method in PHP has to return string. If you return something else it will cause exception to be thrown. Even if it would be casted otherwise like if( 1 == '1' ), in toString it has to be real string type.

Unfortunately for us we had some calls to other methods and one of them did not cast to string for integer values. There was no try catch block either so it boubbled up all the way to the top of the stack and caused script to die horribly : -)