With all the euphoria about node.js since the last few months, I finally decided to give it a try. As it is not available for Windows, I decided to install it on Linux instead of going for Windows/Cygwin. node.js is a implementation of CommonJS, a JavaScript ecosystem in development to be used for developing application outside the browser, like:

- Server-side JavaScript applications
- Command line tools
- Desktop GUI-based applications

Installing node.js

As mine was a clean Ubuntu installation, I needed to install certain libraries first.

sudo apt-get install g++ curl libssl-dev apache2-utils

The easiest way is to download node.js is to get a git clone. For that I needed to install the git package.

sudo apt-get install git-core

Now download node.js with git.

git clone git://github.com/ry/node.git

If you do not want to use git you could get the tar package instead.

wget http://nodejs.org/dist/node-v0.1.96.tar.gz
gunzip node-v0.1.96.tar.gz
tar -xf node-v0.1.96.tar

Now you are ready to install node.js.

cd node
./configure
make
sudo make install

Example node.js code

Below is a simple program using node.js for translating text using google API.

var http = require('http');
 
var url = ('ajax.googleapis.com')
var google = http.createClient(80, url);
 
var text = "Hello World from node!";
var requestUrl = '/ajax/services/language/translate?v=1.0&q=' + 
                 escape(text) + '&langpair=en%7Cfr'
var request = google.request('GET', requestUrl, 
              {"host": "ajax.googleapis.com"});
request.end();
 
request.addListener('response', function (response) {
  	var body = '';
 
	response.addListener('data', function (chunk) {
		body += chunk;
    });
 
    response.addListener("end", function() {
        var jsonData = JSON.parse(body);
	    console.log(jsonData.responseData.translatedText);
    })
 
});

This simple example does not to justice to the true power of node.js. I’ll be posting useful examples in the near future. Keep watching.

PHP supports one error control operator: the at sign (@). When prepended to an expression any error generated by that expression will be ignored. It can also be useful for hiding errors generated by various functions.Take the following simple example:

$var = $_GET['data'];

If the ‘data’ parameter is not defined the expression will generate an error.

Notice: Undefined index: data in /var/www/test.php on line 9

You can hide the error using the silence @-operator.

$var = @  $_GET['data'];

Although quite useful at some times, using the @-operator can have some annoying side effects. Say you are using some external libraries in your application which uses the @-operator. If everything works fine than good. But if the library is generating some errors than it becomes difficult to point the exact location where the error occurs, as the @-operator hides it. If the external library is large, it becomes a headache to remove all the @ from the code. One nice option I found is the Scream Pecl extension. The extension allows you to easily disable the @-operator in your code without making any actual changes to the code.

Installing the Scream extension

As a pre-complied binary is not available, you need to make it yourself. The following shows commands to compile the extension on Ubuntu.

First you need to install the Pear distribution environment.

sudo apt-get install php-pear

Next you will need to install the php5-dev package to get the required PHP5 source files to compile additional modules.

sudo apt-get install php5-dev

Finally we are ready to actually create and install the extension.

sudo pecl install scream-0.1.0

Once the extension is created and installed, we need to add one to the php.ini file.

sudo gedit /etc/php5/apache2/php.ini

In the ‘extensions’ section add the following line:
extension=scream.so;

After the php.ini has been updated, you need to restart Apache, so that the new extension is loaded.

sudo /etc/init.d/apache2 restart

If hopefully all went well, the Scream extension should now be loaded, which you can confirm using phpinfo().

Breaking the Silence operator

Now you can disable the @-operator in your code using the following:

ini_set('display_errors', 1);
error_reporting(E_ALL | E_STRICT);
 
// Disable the @-operator
ini_set('scream.enabled', true);
$var = @ $_GET['data'];

Or you can directly enable the extension in your php.ini.

scream.enabled=1

Now even though the silence operator is present the above code generates an error if the ‘data’ parameter is not set. Atlast no need to hunt down for @’s while debugging.

After getting many requests I’ve finally updated my ‘Google Translation PHP wrapper‘ to include translation of text above the Google limit of 5000 characters. If the text length is more than 5000 characters it is split into discrete chunks and translated individually, returning the complete translated text at the end. Now you can easily translate whole pages of content. The updated version can be downloaded from here. Please report any bugs of the same. An example is shown below:

<?php
 
header("Content-type: text/html; charset=utf-8");
 
require_once('googleTranslate.class.php');
 
$gt = new GoogleTranslateWrapper();
 
/* Translate text from one language to another */
$homepage = file_get_contents('http://some-web-page/');
 
/* Translate the page to French */
echo $gt->translate($homepage , "fr", "en");
 
/* Was translation successful */
echo $gt->isSuccess();
 
?>

A couple of days back while writing some date code for a messaging service, I required to print the date of the messages in a relative format – ‘today, ‘yesterday’, 3 weeks ago’ etc. I wrote a small function for the same. A sample run of the function is shown below.

 
echo DateToWords(time()) . "<br>";
echo DateToWords(time() - (3600 * 24 * 1)) . "<br>";
echo DateToWords(time() - (3600 * 24 * 4)) . "<br>";
echo DateToWords(time() - (3600 * 24 * 7)) . "<br>";
echo DateToWords(time() - (3600 * 24 * 14)) . "<br>";
echo DateToWords(time() - (3600 * 24 * 100)) . "<br>";
echo DateToWords(time() - (3600 * 24 * 366));

And the output for the above. For dates above 1 year it returns the actual date.

 
today
yesterday
4 days ago
1 week ago
2 weeks ago
14 weeks ago
06-17-2009

The function code is shown below.

<?php
 
<?php
 
/* Change the following constants to suit your language */
 
define('STRING_TODAY', "today");
define('STRING_YESTERDAY', "yesterday");
define('STRING_DAYS', "%d days ago");
define('STRING_WEEK', "1 week ago");
define('STRING_WEEKS', "%d weeks ago");
 
/* Change the following date format to your taste */
define('DATE_FORMAT', "m-d-Y");
 
/* The functions takes the date as a timestamp */        
function DateToWords($time)
{
 
    $_word = "";
 
    /* Get the difference between the current time 
       and the time given in days */
    $days = intval((time() - $time) / 86400);
 
    /* If some forward time is given return error */
    if($days < 0) {
        return -1;
    }
 
    switch($days) {
        case 0: $_word = STRING_TODAY;
                break;
        case 1: $_word = STRING_YESTERDAY;
                break;
        case ($days >= 2 && $days <= 6): 
              $_word =  sprintf(STRING_DAYS, $days);
              break;
        case ($days >= 7 && $days < 14): 
              $_word= STRING_WEEK;
              break;
        case ($days >= 14 && $days <= 365): 
              $_word =  sprintf(STRING_WEEKS, intval($days / 7));
              break;
        default : return date(DATE_FORMAT, $time);
 
    }
 
    return $_word;
}
 
?>

Hope someone finds this useful.

Anonymous functions are common in various modern languages, Ruby and Javascript being the popular one. But until version 5.3 PHP lacked true anonymous functions. Although newbie programmers are hard-pressed to find a suitable application for anonymous functions, they are indispensable if you do a lot of OOP, and can provide some elegant solutions to some particular problems.

PHP variable functions

Before we learn something about anonymous functions we will take a quick look into a PHP concept known as a variable function. It means that if we append parenthesis to a variable, then php will look for a function with the same name as to whatever the variable evaluates to and tries to execute it. Say we have the following simple function:

function Hello($name)
{
    echo "Hello $name";
}

We could then call the function indirectly by using a variable whose value evaluates to the function name. This can be quite useful when the name of the function that you want to execute cannot be determined till run-time.

$func = "Hello";
$func("World!");
 
//Output-
//Hello World!

Another example using a class and a static method:

<?php
 
class CHello
{
    static function hello($name)
    {
        echo "Hello $name";
    }
}
$func = "Hello";
CHello::$func("World!");
 
// Output-
// Hello World!
?>

Anonymous or lambda functions

There are times when you need to create a small localized throw-away function consisting of a few lines for a specific purpose, such as a callback. It is unwise to pollute the global namespace with these kind of single use functions. For such an event you can create anonymous or lambda functions using create_function. Anonymous functions allow the creation of functions which have no specified name. An example is shown below:

<?php
 
$str = "hello world!";
$lambda = create_function('$match', 'return "friend!";');
$str = preg_replace_callback('/world/', $lambda, $str);
echo $str ;
 
// Output
// hello friend!
?>

Here we have created a small nameless (Anonymous) function which is used as a callback in the preg_replace_callback function. Although create_function lets you create anonymous functions, it is not truly a part of the language itself but a hack. PHP 5.3 introduced true Anonymous functions in the base language itself. We create a unnamed function and assign it to a variable, including whatever parameters the functions accepts and then simply use the variable like an actual function. A example is given below:

<?php
 
$func = function($name)
{
    echo "Hello $name\n";
};
 
$func("world!");
$func("Sameer!")
 
//Output-
//Hello world!
//Hello Sameer!
?>

Note the ending semicolon at the end of the defined function. This is because the function definition is actually a statement, and statements always ends with a semicolon. Another example is shown below.

<?php
 
$str = "Hello World!";
$func = function($match)
{
    return "friend!";
};
 
$str = preg_replace_callback('/World/', $func, $str);
echo $str ;
 
// Output
// Hello friend!
?>

Anonymous and Nested functions

PHP allows functions to be nested inside one another. Although it seems like a side-effect of the parser rather then a design decision, it can be quite helpful in some situations. Take the example below. The function censorString takes a string as a parameter and replaces any censored word given with a string of ‘*’. The censorString functions defines a nested function replace that is used as a callback function by preg_replace_callback. Assuming that the ‘replace’ function is only used by the censorString function in our program it is better to define it within censorString itself and avoid polluting the global namespace with small single use functions

<?php
 
function censorString($string, $censor)
{
    function replace($match)
    {
        return str_repeat("*", strlen($match[0]));
    }
 
    return preg_replace_callback('/'.$censor.'/', 'replace', $string);
 
}
 
echo censorString("hello world!", "world");
echo censorString("hello world!", "hello");
 
// Output-
// hello *****!
// Fatal error: Cannot redeclare replace() 
?>

When you define a nested function as above, the inner function does not come into existence until the parent function is executed. Once the parent function (censorString) is executed the inner function (replace) goes into global scope. Now you can access the inner function from anywhere in your current document. One problem though is that calling the parent function again in the current document will cause a redeclaration of the inner function, which will generate an error, as the inner function is already declared. A solution is to use a anonymous function as shown below. (Note again the semicolon at the end of the inner function.)

<?php
 
function censorString($string, $censor)
{
    $func = function($match)
    {
        return str_repeat("*", strlen($match[0]));
    };
 
    return preg_replace_callback('/'.$censor.'/', $func, $string);
 
}
 
echo censorString("hello world!", "world");
echo censorString("hello world!", "hello");
 
// Output-
// hello *****!
// ***** world!
 
?>

Now whenever the censorString function is executed the inner anonymous function comes into existence. But unlike a normal nested function it goes out of scope once the parent function ends. So we can repeatedly call the censorString function without throwing a redeclaration error.

Another way is to define the function in the callback itself.

<?php
 
function censorString($string, $censor)
{
 
    return preg_replace_callback('/'.$censor.'/', 
                                function($match) 
                                {
                                    return str_repeat("*", 
                                           strlen($match[0]));
                                },
                                $string);
 
}
 
echo censorString("hello world!", "world");
echo censorString("hello world!", "hello");
 
// Output-
// hello *****!
// ***** world!
 
?>

Closures

Closures are anonymous functions that are aware of their surrounding context. In short these are anonymous functions which have knowledge about variables not defined within themselves. A simple example will make it clear. Say we want to create a anonymous function that returns a given number multiplied by 5.

<?php
 
$mult = function($x)
{
    return $x * 5;
};
 
echo $mult(2);
 
// Output-
// 10
?>

If we want to return a number multiplied by 7 rather then 5 ,we have to create another function and so on for other numbers. Instead of creating a series of different functions we can create a closure using the ‘use’ construct, which allows variables outside the anonymous function to be accessible or ‘closed’ within the current function.

<?php
 
$multiply = function($multiplier)
{
    return function($x) use ($multiplier)
    {
        return $x * $multiplier;
    };
};
 
// $mul5 now contains a function that returns a number multiplied by 5
$mult5 = $multiply(5);
 
// $mul7 contains a function that returns a number multiplied by 7
$mult7 = $multiply(7);
 
echo $mult5(5);
echo $mult7(5);
 
// Output-
// 25
// 35
 
?>

Take another example along the above lines. Lets say we want to filter an array of number according to a certain criteria; say all the numbers above 100. The code for the same is given below. Note the use of a anonymous function.

<?php
 
function filter($condition, $numbers) 
{
    $len = count($numbers);
    $filtered = array();
 
    /* Iterate through all the array elements */
    for($i = 0; $i < $len; $i++) 
    {
        $num = $numbers[$i];
 
        /* If the number satisfies the $condition, store
           it in the $filtered array
        */
        if($condition($num)) {
            $filtered[] = $num;
        }
    }
    return $filtered;
}
 
/* An array of random numbers */
$randomNumbers = array(34, 56, 22, 1, 5, 67, 897, 123, 4, 55);
 
$condition = function($x) 
{ 
    return ($x > 100) ? true : false; 
};
 
$greaterThan100 = filter($condition, $randomNumbers);
 
 
print_r($greaterThan100);
 
// Output
// Array ( [0] => 897 [1] => 123 ) 
?>

Now what if we want to allow all numbers above 400, then we have to change the anonymous function to the following.

 
$condition = function($x) 
{ 
    return ($x > 400) ? true : false; 
};

Rather then creating different functions for various criteria, we can create a closure.

 
function filter($condition, $numbers) 
{
    $len = count($numbers);
    $filtered = array();
 
    /* Iterate through all the array elements */
    for($i = 0; $i < $len; $i++) 
    {
        $num = $numbers[$i];
 
        /* If the number satisfies the $condition, store
           it in the $filtered array
        */
        if($condition($num)) {
            $filtered[] = $num;
        }
    }
    return $filtered;
}
 
 
/* createFilter now returns a anonymous function */
function createFilter($lowerBound)
{
    return function($x) use ($lowerBound)
    {
        return ($x > $lowerBound) ? true : false;
    };
}
 
 
/* An array of random numbers */
$randomNumbers = array(34, 56, 22, 1, 5, 67, 897, 123, 4, 55);
 
/* Create a new function and store it in $greaterThan400 */
$greaterThan400 = createFilter(400);
$greaterThan100 = createFilter(100);
 
print_r(filter($greaterThan400, $randomNumbers));
print_r(filter($greaterThan100, $randomNumbers));
 
// Output
// Array ( [0] => 897 ) 
// Array ( [0] => 897 [1] => 123 )

Note that in the above example when createFilter exists, normally the $lowerBound variable goes out of scope, but because we have used closure here using the ‘use’ keyword, the inner anonymous function binds the $lowerBound variable with itself even after the createFilter function exists. This is what we call closure. The inner function ‘closes’ over the variables of the outer function in which it is defined.

We can do a var_dump on the $greaterThan400 and $greaterThan100 objects to see if the inner function really carries the $lowerBound variable with itself.

var_dump($greaterThan400);
var_dump($greaterThan100);

Which returns the following:

 
object(Closure)#1 (2) {
  ["static"]=>
  array(1) {
    ["lowerBound"]=>
    int(400)
  }
  ["parameter"]=>
  array(1) {
    ["$x"]=>
    string(10) "<required>"
  }
}
 
object(Closure)#2 (2) {
  ["static"]=>
  array(1) {
    ["lowerBound"]=>
    int(100)
  }
  ["parameter"]=>
  array(1) {
    ["$x"]=>
    string(10) "<required>"
  }
}

Or better yet we can use the Reflection API.

echo ReflectionFunction::export($greaterThan400);

Which gives the following:

Closure [ <user> function {closure} ] {
  @@ D:\localhost\test\\index.php 27 - 30
 
  - Bound Variables [1] {
      Variable #0 [ $lowerBound ]
  }
 
  - Parameters [1] {
    Parameter #0 [ <required> $x ]
  }
}

In closing

Lambda functions and closures have taken PHP a notch closer towards other modern languages. In practice how much people really use lambdas and closures in their daily work remains to be seen. I’m still getting a hang of it.

As a programming language, PHP has many advantages but security has always been a major issue. Partially these security problems are inherent to the language itself because PHP was meant to be an easy and powerful programming language, while security came second. However, when you add bad coding and non-adherence to even the basic security rules, the situation gets out of control.

Fortunately, it is possible to fix PHP vulnerabilities and make PHP applications more secure. Some of the defenses are common for all programming languages, while others are found only in PHP. Here are some of the best defenses you have when you want to fix PHP vulnerabilities and make your site more secure.

Defend Your Code Against SQL Injections

SQL Injection is one of the most typical PHP vulnerabilities and many hackers take advantage of it. In order to prevent SQL injections, you need to always check input data and to escape characters (such as single quotes (‘) or double quotes (“)). If you do it, it won’t be possible to execute malicious SQL queries, which take control over your database or compromise the security of your site in other ways.

The two most common defenses against SQL injections are the use of the mysql_real_escape_string and PDO. The mysql_real_escape_string prepends special characters and as a result these special characters are not sent directly to the MySQL database. It is recommendable to use mysql_real_escape_string on all input variables, which are sent to the MySQL database.
PDO adds an abstraction layer to your code, thus making it more secure. PDO prepares a statement for execution and returns a statement object.

Don’t Leave Room for Cross-Site Scripting Vulnerabilities

Cross-Site Scripting (XSS) is also common in PHP. Again, the defense against XSS isn’t rocket science. If the users input HTML data is escaped properly, your code won’t be vulnerable against XSS. If you don’t do it, then a hacker can insert any HTML code (or even Javascript) he or she likes and modify your page, so that he or she can steal data from users.

The best defense against XSS is to use the htmlspecialchars() function. This function identifies any output you wouldn’t like to be considered as HTML output. While you can never be certain that XSS is impossible, the htmlspecialchars() function will make it harder for a hacker to succeed.

Watch out for File Inclusion Vulnerabilities

Of all PHP vulnerabilities, file inclusion attacks are the most severe. A file inclusion attack gives the hacker the opportunity to include a random file and to deploy it on your server. File inclusion attacks are possible when the register_globals directive is on, which means that unchecked input variables are allowed. The best defense against file inclusion vulnerabilities is to mind how you use PHP include() functions. If you are not sure you can use these functions properly, you’d better avoid any include statements – just use switch statements with hard coded strings and this will help to avoid file inclusion vulnerabilities.

Don’t Forget to Initialize Variables

If you program in many other languages, then you maybe don’t need to be told explicitly to initialize variables because you already have the habit of doing it. However, if you are mainly a PHP programmer, maybe you don’t always initialize variables because in PHP, unlike in many other programming languages, a variable can be used without being initialized first. From a security point of view, uninitialized variables are a huge risk and this is why you should never use them.

Don’t Leave the register_globals Directive ON

File inclusion attacks aren’t the only evil the register_globals directive brings to your code. The register_globals directive is very powerful but unfortunately its power is easily abused. In recent versions of PHP the directive register_globals is OFF by default and in PHP 6 it is altogether removed but if you are using earlier versions of PHP, take the time and check if it isn’t ON by accident.

Encryption Always Helps

No matter which programming language you use, encryption always helps. It doesn’t matter how secure your PHP code is when you send sensitive data unencrypted and anybody can read it. The safest form of encryption is end-to-end encryption but it takes a lot of resources and it might be hard to implement. This is why it is acceptable if you encrypt at least passwords, credit card numbers, and other similar data. Don’t leave sensitive data unencrypted because this is what hackers want most.

Test Your PHP Code with Tools

There are many PHP tools to test the security of your code with. Sure, you should do your best to write secure code, adhere to security practices, and carefully review your code for errors but an automated tool to check your code with is always useful. Some of the best tools to test PHP vulnerabilities with are PhpSecInfo, PHP Security Scanner, and Spike PHP Security Audit Tool. Run them on your code and see what they will find.

Further Reading

These steps are just the beginning to make your PHP code secure. You must always take at least these steps because if you don’t you leave the door wide open to hackers. On the other hand, even if you do everything we described here, you can never be sure that no vulnerabilities exist. There is much more to PHP security and if you want to expand your knowledge, read the PHP Security manual and this paper. Both of them will tell you more about how to fix PHP vulnerabilities and make your site secure.

This guest article was written by Christopher Shepard of Webhost Gear, a website that provides information about hosting and reviews of the most popular web hosting services, as well as technical and website maintenance tutorials.

Automatically creating fake or sample data is a frequent requirement for front-end web developers. Although usually not tedious, there are times when you need to quickly and automatically generate structured data for your html forms or CMS systems for testing purposes.

Faker.js is a JavaScript implementation inspired by Benjamin Curtis’s Ruby Gem Faker and Perl’s Data::Faker that lets you generate commonly required data quickly. You can check the demo page to get an idea.

Getting Fake.js

You can download the library form github and include in your pages where you need to generate the data.

..
<script src = "Faker/Faker.js" type = "text/javascript"></script>
..

Generating fake data

The API is divided into various sections as show below:

# Name
    * findName
# Address
    * zipCode
    * city
    * streetName
    * streetAddress
    * secondaryAddress
    * ukCounty
    * ukCountry
# PhoneNumber
    * phoneNumber
# Internet
    * email
    * userName
    * domainName
    * domainWord
...

So if you need to generate a random email address or a zip code you could do it like this:

var randomEmail = Faker.Internet.email();
var randomZip = Faker.Address.zipCode();

Some sample API methods are shown below, but there are more of them which you can find here in the API section.

<script>
var longParagraph = Faker.Lorem.paragraphs();
var singleSentence = Faker.Lorem.sentence();
var companyName= Faker.Company.companyName();
var catchPhrase = Faker.Company.catchPhrase();
</script>

One of the interesting methods is ‘ Faker.Company.catchPhrase()’, which generates catchy technological phrases. A kind of a tag line generator for your new multi-million dollar company . A sample output is shown below.

Stand-alone 5th generation utilisation
Ergonomic explicit focus group
Horizontal human-resource solution
Automated contextually-based knowledge base
Distributed multi-state encoding
Extended zero administration interface
Proactive coherent productivity
Streamlined national approach
Total transitional algorithm
Stand-alone fault-tolerant moderator

The API also includes several helper methods that lets you create bulk fake data using the single API methods. For example you can generate complete user information templates cards by using a single helper method ‘Faker.Helpers.userCard()’. A sample run is shown below:

name: Blair Nikolaus
username: Fernando_Olson
email: Jacklyn_Brekke@aurore.name
address:street: Kozey Meadow
suite: Apt. 664
city: Felipastad
zipcode: 88071
 
phone: 571.540.8605 x136
website: reba.co.uk
company:name: Kuhic and Sons
catchPhrase: Integrated solution-oriented Graphical User Interface
bs: seize scalable web services

The ‘Faker.Helpers.userCard()’ method returns a nested object, so you will need to recursively traverse the object to extract the data. A simple function to do the same is given below:

<script>
// Recursively traverse a nested Javascript object and return it.
function printObj(obj)
{
  var prop, res = '';
 
  for(prop in obj)
  {
    if(typeof obj[prop] == 'object'){
        res += prop + ':' + printObj(obj[prop]) + '<br>';
    }else{
        res += prop + ': ' + obj[prop] + '<br>';
    }
  }
   return res;
}
</script>

So now you can do something like this:

...
var obj = Faker.Helpers.userCard();
alert( printObj(obj) );
...

Another Randomizer library

Club AJAX Mock Data Randomizer library is another library that lets you generate random data quickly. This library lets you generate random dates, colors, boolean values which is lacking in the Faker library. Check a simple demo using this library.

Interface design is hard. Which is why most programmers turn a blind eye to it. During collaborative development I frequently encounter fellow programmers remark something to the following effect: ‘…do not worry, the users are not idiots, they will understand for what these buttons have been provided, no need to provide tool-tips or any help, lets get these code working and show it to the client.’
Interface design or rather usability design is usually left as an after thought; a colorful facade that you stick on to your backend code.

The following two videos provide a stark reminder, that for most of the time these are the people we develop software for.

Although the above videos are in the context of the users familiarity with the concept of a browser, it brings home the point that for the user the interface is everything, which most of us developers give little thought. Most users don’t care what browser or the version thereof they are using, they just need to get the work done somehow.

People are not idiots as the above videos may have you believe, on the contrary we developers are not smart enough to create usable software.

Writing software, once we become comfortable with the language and environment is easy. But crafting software that the user will love and admire is a lot harder, which in the end is what really matters. Not that I’m downplaying the importance of good code – testing, security, code efficiency are all important elements of a good product. But for the user, the interface is the product. Apple seems to get it, so why can’t everyone.

The path out of this quandary is to really understand usability. If you are a freelancer developer get some good books on interface design and usability, read them, try to implement as much good interface designs into your current project as you possibly can. Over time this will become almost second nature to you. Below are some of the books related to good interface designs that I personally like:

Many readers will be surprised by the absence of Coopers’ About Face 3 here. Coopers’ is a decent book, but I somehow do not like it. It is a tad wordy and preachy, most of which I do not agree on.

Geographical information integration is rapidly becoming an integral part of many websites. People use geographic data for a wide variety of applications. From location based content targeting, censoring information by geographic areas to analyzing website traffic by region. It is surprising how much free geographic information is available on the web. GeoNames is one such service.

The GeoNames database

GeoNames is a geographical database released under the creative commons attribution license, that contains over eight million geographical names and consists of 7 million unique features. The data is accessible free of charge through a number of web services and also as a downloadable database, which is updated on a daily basis.

GeoNames integrates geographical data such as names of places in various languages, elevation, population and other geographical information from various sources around the world.

In this post we will see how we can access the GeoNames API with PHP.

Installing the GeoNames API library

GeoNames API is available as a PEAR package, so we will be using the PEAR installer. Run the following command from your console window.

pear install Services_GeoNames-1.0.0

If the installer doexn’t work you can manually download the package from Services_GeoNames and install it in your PHP includes folder.

Running your first GeoNames search

Now that we have installed the PEAR library, we will start with a small example that will get a list of places by the name ‘London’ and the country where the place is located. You will be surprised how many places the world over are named ‘London’.

<?php
require_once 'Services/GeoNames.php';
 
$geo = new Services_GeoNames();
 
// Search for all cities named 'London'
$cities = $geo->search(array('name_equals' => "London"));
 
foreach ($cities as $city)
{
    // 'name' and 'countryName' are not the only properties
    // available. Do a 'var_dump' on the $city variable to 
    // get other properties.
    printf(" - %s (%s)\n", $city->name, $city->countryName);
}
 
?>

Below is a partial output listing for the above code:

 - London (United Kingdom)
 - London (Canada)
 - London (United States)
 - London (United States)
 - City of London (United Kingdom)
 - London (South Africa)
 - London (South Africa)
 - London (South Africa)
 - London (Philippines)
 - London (Nigeria)
 - London (Switzerland)
.
.

Lets try another API method. The following returns a list of all the countries and its capitals.

<?php
 
require_once 'Services/GeoNames.php';
 
$geo = new Services_GeoNames();
 
// get a list of all countries and capitals
$countries = $geo->countryInfo();
 
foreach ($countries as $country)
{
    printf(" - %s (%s)\n", $country->countryName, $country->capital);
}
 
?>

One of the interesting method in the API is ‘neighbors’, which gets a list of neighbors for a particular country.

<?php
 
require_once 'Services/GeoNames.php';
 
$geo = new Services_GeoNames();
 
// Get a list of neighboring countries of India
$array  = $geo->countryInfo(array('country' => 'IN'));
$cInfo  = $array[0];
 
$neighbours = $geo->neighbours(array('geonameId' => $cInfo->geonameId));
 
foreach ($neighbours as $neighbor)
{
    printf("%s\n", $neighbour->countryName);
}
 
?>

Which outputs the following; the neighbouring countries of ‘India’:

Bangladesh
Bhutan
China
Myanmar
Nepal
Pakistan

API function list

There are many methods available in the class for querying various type of geographic data. Below is the complete list of methods available in the API class.

 
array    children()                children(array $params)
array    cities()                  cities(array $params)
stdclass countryCode()             countryCode(array $params)
array    countryInfo()             countryInfo(array $params)
stdclass countrySubdivision()      countrySubdivision(array $params)
array    earthquakes()             earthquakes(array $params)
array    findNearby()              findNearby(array $params)
array    findNearbyPlaceName()     findNearbyPlaceName(array $params)
array    findNearbyPostalCodes()   findNearbyPostalCodes(array $params)
array    findNearbyStreets()       findNearbyStreets(array $params)
stdclass findNearByWeather()       findNearByWeather(array $params)
array    findNearbyWikipedia()     findNearbyWikipedia(array $params)
stdclass findNearestAddress()      findNearestAddress(array $params)
stdclass findNearestIntersection() findNearestIntersection(array $params)
stdclass get()                     get(array $params)
stdclass gtopo30()                 gtopo30(array $params)
array    hierarchy()               hierarchy(array $params)
stdclass neighbourhood()           neighbourhood(array $params)
array    neighbours()              neighbours(array $params)
array    postalCodeCountryInfo()   postalCodeCountryInfo(array $params)
array    postalCodeLookup()        postalCodeLookup(array $params)
array    postalCodeSearch()        postalCodeSearch(array $params)
array    search()                  search(array $params)
array    siblings()                siblings(array $params)
array    weather()                 weather(array $params)
stdclass weatherIcao()             weatherIcao(array $params)
stdclass srtm3()                   srtm3(array $params)
stdclass timezone()                timezone(array $params)
array    wikipediaBoundingBox()    wikipediaBoundingBox(array $params)
array    wikipediaSearch()         wikipediaSearch(array $params)

Performing a generic search

The API provides a general name search which can be helpful if you need to perform some broad query for a search term. Lets take the following example. We use the ’search’ method to query for the keyword ‘los angeles’. The method takes an array with the query term and the number of results to return. Note that the parameter ‘q’ searches over all attributes of a place : place name, country name, continent, admin codes etc. There are more parameter options besides ‘q’ and ‘maxRows’ which you can use while performing search.

<?php
 
require_once 'Services/GeoNames.php';
 
$geo = new Services_GeoNames();
 
$results = $geo->search(
                        array('q' => "los angeles",
                              'maxRows' => 10)
                        );
 
print_r($results);
 
?>

Below is the first result for the search term ‘los angeles’.

[countryName] => United States
[adminCode1] => CA
[fclName] => city, village,...
[countryCode] => US
[lng] => -118.2436849
[fcodeName] => populated place
[fcl] => P
[name] => Los Angeles
[fcode] => PPL
[geonameId] => 5368361
[lat] => 34.0522342
[population] => 3694820
[adminName1] => California

Using the GeoService API in your applications

Although the API provides a free service, if your are planning to use it in a critical web application, the company provides a commercial option for the same. The advantage of the commercial option is that the web services have higher up-time and fail-over in case of hardware defects or software bugs.

The API allows a limit of 50000 web access per day-per IP, which should be quite enough for most personal projects. Check the limit information here for further details.

Downloading the database

All the information you can gather from the API is also available for download from GeoNames servers in text format. This can be useful if you would like to create your own database for hosting on your servers for data lookup. But bear in mind that the data is frequently updated, so your custom created database will quickly become outdated, which does not happen with the online API. And also you will have to write your own queries for the created database.

Accessing the GeoNames API with jQuery

As an aside you can use the following example code to access the API web-service from javascript using jQuery.

 
<!DOCTYPE html>
<html>
<head>
<script src="http://code.jquery.com/jquery-latest.js"></script>
</head>
<body>
<div id="data"></div>
 
<script>
 
/* 
  Searches for the keyword 'london', 
  returning a maximum of 5 rows. 
  More information can be found here: 
  http://www.geonames.org/export/geonames-search.html
*/
 
/* 
  Note you need to append 'JSON' to the method 
  name to get the results back in JSON format.
*/  
var apiMethod  = 'searchJSON';
var parameters = 'q=london&maxRows=5';
var result     = '';
 
$.get('http://ws.geonames.org/' + 
      apiMethod + '?' + parameters, function(data) {
 
        $.each(data['geonames'], function(i,item){
           $.each(item, function(j, field){
                result += "(" + j + ") : " + field + "<br/>";
           });
           result += "<br />";
          });
 
$('#data').html(result);          
});
</script>
</body>
</html>

Only if partially, but HTML 5 is slowly getting increased support from various browsers. Some of the HTML 5 features like ‘canvas’ and ‘video’ are supported by browsers like Firefox, Safari, Google Chrome and Opera. In this post we will look into how to add the HTML 5 ‘canvas’ tag to your wordpress posts.

The Canvas element consists of a drawable region defined in HTML on which you can dynamically draw graphics and animations using Javascript. The canvas API provides a nice set of drawing functions to play with.

Before we proceed you can see what the final output will look like at the end of this post. Note that your browser must support the ‘canvas’ tag to display the animation.

Detecting Canvas support

Before we add any HTML 5 elements to our page, we need to check if that element is supported by the browser. Even though most latest browsers support the ‘Canvas’ tag, browser like IE and other old browsers do not support the it. We can use some standard detection techniques, like the following to check if the ‘canvas’ element is supported:

if(!!document.createElement('canvas').getContext) {
// Canvas tag is supported, so do something here
}

Although the above will do, here we will use the ‘Modernizr’ library to accomplish the detection job. With the library, checking for HTML5 support is quite easy. Modernizr is a small and JavaScript library that helps in feature detection to test the current browser against upcoming CSS3 and HTML 5 elements. The below code will check for the ‘canvas’ support:

if (Modernizr.canvas) {
// Canvas tag is supported, so do something here
}

Here is another Modernizr example to test for audio support:

if (Modernizr.audio && Modernizr.audio.ogg){
    /* 
        Check for HTML 5 audio support and see if the 
        browser additionally supports the ogg codec.
    */
}

Adding the ‘canvas’ tag to your wordpress posts

To display canvas elements in your posts all you have to do is add the following tag to any of your posts. The code in our ‘loader.js’ file will then insert the appropriate canvas element in the div. The ‘title’ attribute references a javascript script that will be dynamically loaded to draw on the ‘canvas’ element. So in the following example, the file ‘bounce.js’ will be loaded dynamically. ‘bounce.js’ is a script that displays bouncing balls on the ‘canvas’ element. But it can be anything – a script to draw graphs, pictures, gradients etc.

<div id="html5" title="bounce"></div>

Now that we have added the appropriate tag to the post, we need to load and run the appropriate Javascript files to display our Canvas graphic. Here is where the ‘loader.js’ file comes into picture.

Getting help from loader.js

The ‘loader.js’ file acts as a bootstrap; inserting the ‘canvas’ element into the appropriate div tag and loading and executing the javasacript to draw into the Canvas. The ‘loader.js’ file contains the following code:

 
jQuery(document).ready(function($) {
 
/* Check to see if 'canvas' is supported
   in the current browser */
if (Modernizr.canvas) {
 
    /* Check if the 'html5' id is defined */
    var canvas = $('#html5');
    if(canvas.length) {
        /* If yes, then insert the 'canvas' element in the div */
        canvas.html('<canvas id="canvas"></canvas>');
 
        /* Get the name of the javascript file to load.
           This is specified in the 'title' tag of the div
           in the post.
        */
        var fileToLoad = canvas.attr('title');
 
        /* Set appropriate width and height for the canvas */
        $('#canvas').attr('width', '520');
        $('#canvas').attr('height', '220');
 
        /* Load external javascript that we want to run */
        $.getScript("PATH-TO-YOUR-JAVASCRIPT/" + fileToLoad  + ".js", 
                    function(){
                        start();
                    });
    }
}
});

This is how the loader.js bascially works. It first checks to see if ‘canvas’ is supported in the browser. If yes then it checks for the ‘html5′ id on the page, and if found inserts the canvas tag into the div. This id can be anything you like, as long as it is a valid id. Next it sets the div width and height and gets the ‘title’ attribute of the div. We have used the ‘title’ attribute to store the javascript file name that we want to load dynamically. In the above example that file would be ‘bounce.js’. Next we load the javascript file with jQueries ‘getScript’ function. The ‘getScript’ function takes a callback function which will be run once the ‘bounce.js’ file has been loaded. Here the callback function is ’start()’ , which is defined in the ‘bounce.js’ file.

Adding the javascript files to your Wordpress theme

At this point we have 2 JavaScript files at our disposal; one to detect canvas support and the other the loader. We need to add those 2 files to our Worpdress themes ‘functions.php file, as shown below:

 
/* 
Add the following lines at the top to your 
‘functions.php’ in your theme directory.
 
'_X_' being your theme name.
 
*/
 
wp_enqueue_script('modernizr', 
                  '/wp-content/themes/_X_/javascript/modernizr-1.1.js', 
                  false,
                  '1.1');
 
wp_enqueue_script('myloader', 
                  '/wp-content/themes/_X_/javascript/loader.js', 
                  array('modernizr', 'jquery'),
                  '1.0');

The first line loads the ‘modernizr-1.1.js’ file, while the second loads our ‘loader.js’ file. As the ‘loader.js’ files depends on the jQuery and the Modernizr library, the second line also ensures that both libraries ( jQuery & Modernizr ) are loaded before the ‘loader.js’ script.

The canvas drawing Javascript

The Javascript file that handles all the animation and drawing routines is stored in the ‘bounce.js’ file. Although the animation is not something to write about home, it shows the basic concept of how to implement a ‘canvas’ tag in a wordpress post.

The final output

Browsers that support the ‘canvas’ tag should see a few bouncing balls below.

Adding additional Canvas tags

You can add additional Canvas tags to your others post, but with a different id, handling the processing in the ‘loader.js’ file as shown for the above example.