Terminally Incoherent

This is an outcome of a conversation I had recently. Apparently saying that MVC is a fairly simple concept is some sort of blasphemy. But it is. You really don’t need to use the almighty RAILS or a rails like framework like CakePHP in order to the whole Model, View, Controller separation. That’s the beauty of the idea - you can write your own MVC framework from scratch quite easily. In fact, sometimes it is probably preferable to do so. It’s true that you should avoid reinventing the wheel but sometimes you just want lean, minimalistic code with as few dependencies as possible. This is where you would do something like the example below.

This is a bare bones minimalistic core of a MVC system. It’s the index file - the driver or super-controller whatever you want to call it. Users will hit this page, and it will hand off the control to an appropriate Controller class. Thanks to the malleability of PHP this can be accomplished in just few simple lines:

<?php
 
define("COMMON", "/path/to/common/includes/");
 
include COMMON."Util.class.php";
 
if(empty($_GET["module"]))
   die("   <h1>Error: No Module Specified</h1>
            <p>Sorry, no module was specified.</p>
            <p>Please check your URL</p>");
 
if(empty($_GET["action"]))
   die("   <h1>Error: No Action Specified</h1>
            <p>Sorry, no action was specified.</p>
            <p>Please check your URL</p>");
 
$module = Util::sanitize($_GET["module"]);
$action = Util::sanitize($_GET["action"]);
 
$controller = $module."DefaultController";
 
if(file_exists("controllers/$controller.php"))
{
   include "controllers/$controller.php";    
   $active_controller = new $controller();
 
   if(!method_exists($active_controller, $action))
      die("    <h1>Error: Action Not Defined</h1>
                <p>Sorry, the action <strong>$action</strong>
                is not defined in <strong>$module</strong>.</p>
                <p>Please check your URL</p>");
   else    
      $active_controller->$action($_GET);
}
else
   die("   <h1>Error: Module Not Found</h1>
            <p>Sorry, module <strong>$module</strong> 
            does not exist.</p>
            <p>Please check your URL</p>");
?>

Note that I’m using some shortcuts here. For example I assume that you can figure out for yourself how to sanitize user input strings. I moved that functionality to the Util class which I import up top. You probably figured it out already, but if you didn’t this is essentially the folder structure you will need to have in your webroot directory:

The rest of it should be straightforward. For example, let’s say you access this page with the following URI:

http://example.com/?module=user&action=view

This will trigger our file to try to locate the file user.php in the sub-folder controllers and import it. Then it will assume that the file contains a class user and will attempt to initialize it. Note that I did this in PHP4 so I’m using the old style constructors. You can easily modify it for PHP5. Finally, it will check if the newly created instance contains the method view and will attempt to execute it.

The controller class would then initialize a model class which would query the DB for user information, do whatever processing needs to be done and then pull in a View class which would deal with the displaying of the data on the page. It would probably utilize some templating scheme.

I’d actually implement a base class (let’s name it DefaultController) which would be the parent for all the other controller classes. In it I would implement all the basic CRUD functions in the most generic way possible. This way, when you decide to add a new controller to your project you can simply create an empty class stub which extends DefaultController and still have some functionality there. A very simplistic controller class would look something like this:

class DefaultController
{
  var $model;
  var $view;
 
  function DefaultController()
  {
    // find out the name of this module so that we can apply it in other places
    $module = substr(get_class($this), 0, strpos(get_class($this), "controller"));
 
    $model_name = $module."Model";
    $view_name = $module."View";
 
    include "models/$model_name.php";
    include "views/$view_name.php";
 
    $this->model = new $model_name();
    $this->view = new $view_name();
 
  }
 
  function read($args)
  {
    if(empty($_GET["id"]))
        $this->idError();
 
    $id = Util::sanitize($_GET["id"]);
    $this->model->populateFromDB($id);
    $this->view->render("read", $this->model);
  }
 
  function update($args)
  {
    if(empty($_GET["id"]))
        $this->idError();
 
 
    if(!empty($_POST))
    {
        $this->model->populate($_POST);
        $this->model->update();
    }
 
    $id = Util::sanitize($_GET["id"]);
    $this->model->populateFromDB($id);
    $this->view->render("update", $this->model);
 
  }
 
  function create($args)
  {
    if(!empty($_POST))
    {
        $this->model->populate($_POST);
        $new_id = $this->model->create();
        $this->view->render("thankYou", array("caption" => "Record Inserted", "id" => $new_id));
    }
    else
    {
        $this->view->render("create", $this->model);
    }
 
  }
 
  function delete($args)
  {
    if(empty($_POST))
    {
        if(empty($_GET["id"]))
            $this->idError();
 
        $id = Util::sanitize($_GET["id"]);
        $this->model->populateFromDB($id);
        $this->view->render("delete", $this->model);
    }
    else
    {
        $this->model->populate($_POST);
        $this->model->delete();
        $this->view->render("thankYou", array("caption" => "Record Deleted"));
    }
 
  }
 
  function idError()
  {
    die("<h1>No Record Specified</h1> <p>You need to specify a record ID to perform this action.</p>");
  }
 
}

Again, this is really minimalistic code. As you can see there is no error checking and no validation. Most of the time I’m delegating control to other classes and making even more assumptions. For example I’m assuming that a model class would have methods such as populate (which would essentially pre-populate it’s fields from an associative array passed in as an argument) and populateFromDB which would query the database and populate it by using the stored data. You can’t really make the models too generic since their structure will be based on the database table layout. You could probably try something clever - such as using an associative array instead of defining fields of all the database columns. This way you could have a fairly generic structure.

class DefaultModel
{
  var $fields;
  var $table_name;       
  var $db;     
 
  include COMMON."config.php";
  include COMMON."MyDatabase.class.php";
 
  function DefaultModel()
  {
    $this->table_name = substr(get_class($this), 0, strpos(get_class($this), "model"));        
    $this->fields = array(); // associative array
 
    // the database stuff is defined in config.php imported above	    
    $this->db = new MyDatabase(__DB_HOST__, __DB_DATABASE__, __DB_USER__, __DB_PASSWORD__);
    $this->db->dbconnect();          
  }
 
  function populateFromDB($id)
  {
    $results = $this->db->query_into_array("SELECT * FROM ".$this->table_name." WHERE id='$id'");
    $this->populate($results);
  }
 
  function populate($array)
  {
    foreach($this->fields as $key => $val)
       if(@key_exists($key, $array))
         $this->fields[$key]["value"] = $array["$key"];           
  }
 
  function insert()
  {
    $sql = "INSERT INTO ".$this->table_name." (submitted_on";
 
    foreach($this->fields as $key => $row)
      if($key != "id" and $key!='submitted_on' and $key!="last_updated_on")
        $sql .= ", $key";
 
 
 
      $sql .= ") VALUES (NOW()";
 
      foreach($this->fields as $key => $row)
        if($key != "id" and $key!='submitted_on' and $key!="last_updated_on")
          $sql .= ", '$row[value]'";
 
      $sql .= ")";
 
      $this->db->query($sql);
 
      return mysql_insert_id($this->db->getLink());
  }
 
  function update()
  {       
    $sql = "UPDATE ".$this->table_name." set last_updated_on=NOW()";
 
    foreach($this->fields as $key => $row)
      if($key != "id" and $key!='submitted_on' and $key!="last_updated_on")
        $sql .= ", $key='$row[value]'";
 
    $sql .= " where id='".$this->fields["id"]["value"]."'";
 
    $this->db->query($sql);
  }
 
  function delete()
  {    
    $this->db->query("DELETE FROM ".$this->table_name." WHERE id='".$this->fields["id"]["value"]."'");
  }
 
}

Note that I’m using a made up wrapper class instead of calling MySQL functions directly. This is just something that I did ages ago - I created a generic database class to interface with my code. Now whenever I switch database engines all I need to do is re-implement that class using appropriate syntax. Since all my SQL is going through that class I can even intercept it and correct illegal statements. For example my code might be using MySQL specific keywords, but the Postgress implementation of MyDatabase will automatically transform these queries into something that Postgress understands.

Then again, you may not want to do that. Parametrized queries may be a better idea here. They would be yet another step of abstraction. You could establish some common naming conventions then define parametrized queries in each database to follow them and simply have your wrapper class call them by name instead of actually building SQL queries.

Other than that the class is fairly generic - you will have to define the fields array on your own which can be easily done in the child class’ constructor. It’s not ActiveRecord or anything so there will be a considerable amount of work involved setting it up each time but it is serviceable.

I’m nor going to do a View class here because this post is getting crowded with code. But you get the idea - I’d use the same methodology as above, define as many generic methods as possible and then override them as needed in child classes.

I’m not sure how projects like CakePHP implement their MVC model. This is just an example of how I would go about developing one if I had to. It is probably very simplistic and unsophisticated compared to the other stuff available out there. But that’s sort of the point. Anyone can implement an MVC framework of sorts - for better or for worse. This one is mine. Yours may be very different but that’s ok. Constructive criticism is as always appreciated. Just remember that I pretty much pulled it out of my ass during a lunch break sort of as a proof that it is really not that complicated.

I don’t think I have posted this snipped of code here yet. It is old as hell, but I use it all over the place lately so I figured I just post it here for future reference.

The script below solves the age old problem of making bunch of files accessible to your users without dumping them in a publicly accessible directory (files, not users). For example, you have bunch of PDF documents you don’t want to be indexed by Google, or directly linked to from other websites. What you want is to allow certain users to download them after logging into your web app and checking their cridentials. How do you do that?

Well, the simplest thing to do is to put them in some directory outside of your web root. Set up .htaccess (or whatever you use) to disallow any connection to that folder from the outside world. The only machine with access to these files should be localhost. Then you do some PHP magic in your application to stream the file into the browser upon successful authentication.

The streaming part is actually pretty straightforward - it is a simple combination of the print and fread commands. The convoluted part is convincing your browser to actually initiate file download instead of just dumping ASCII gibberish onto the page for binary files. This is accomplished by sending bunch of headers to the browser prior to streaming the files. The headers are different for IE and the rest of the world but this is pretty much what I ended up with after a lot of trial and error:

// change these to whatever is appropriate in your code
$my_place = "/path/to/the/file/"; // directory of your file 
$my_file = "filename.ext"; // your file
 
$my_path = $my_place.$my_file;
 
header("Pragma: public");
header("Expires: 0");
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: pre-check=0, post-check=0, max-age=0', false);
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
$browser = $_SERVER['HTTP_USER_AGENT'];
 
if(preg_match('/MSIE 5.5/', $browser) || preg_match('/MSIE 6.0/', $browser))
{
  header('Pragma: private');
  // the c in control is lowercase, didnt work for me with uppercase
  header('Cache-control: private, must-revalidate');
  // MUST be a number for IE
  header("Content-Length: ".filesize($my_path)); 
  header('Content-Type: application/x-download');
  header('Content-Disposition: attachment; filename="'.$my_file.'"');
}
else
{
  header("Content-Length: ".(string)(filesize($my_path)));
  header('Content-Type: application/x-download');
  header('Content-Disposition: attachment; filename="'.$my_file.'"');
}
 
header('Content-Transfer-Encoding: binary');
 
if ($file = fopen($my_path, 'rb'))
{
  while(!feof($file) and (connection_status()==0))
  {
     print(fread($file, filesize($my_path));
     flush();
  }
  fclose($file);
}

I found these headers to work for me. Your millage may vary. I tested the script above in IE 6 and 7, Firefox 2.x and 3.x, Konqueror 3.5.8 and Chrome 0.2.149.30 and experienced no problems. As usual, I’m always open to constructive criticism and better solutions in the comments. Let me know what you think!

On of my users tried to explain a bug to me today. Apparently the results on the search page would not sorting properly. Or they were sorting but not by date but by half or a quarter of the date. Or at all. Or they would sort correctly, but sometimes they didn’t and only half sort them. Needless to say, I was thoroughly confused and since this was not one of those “just read the error message to me” issues, I decided to visit the desk of the person who was complaining.

When I got there, I got a small demonstration. “Watch this!” she said, as if she was going to do some trick and I got scared for a second that she will do something that we could not have predicted, and inadvertently crash the whole application due to some hidden bug. You know the type of the bugs - the ones that are completely missed in code review, overlooked in testing and only come out when a user starts clicking buttons you didn’t even put into the design somehow. Fortunately she just typed a query into a search form, and tried to sort the results by date. Then she triumphantly pointed at the screen: “See! That’s what I mean”.

She was right. The results were indeed getting sorted according to the date column, but the algorithm was wrong. Instead of sorting by date, the table was sorted alphabetically/numerically with the obvious results. So I went back to my desk to figure out what went wrong.

The sorting was done by the Tablesorter Plugin so I assumed that the algorithm was right started digging in our code first. I soon figured out what was causing the issue: blank date values!

It’s simple, to avoid clutter missing dates are simply not displayed. So a table will look a bit like this:

<tr><td>05/25/08</td> <!-- snip --> </tr>
<tr><td>08/01/08</td> <!-- snip --> </tr>
<tr><td></td>         <!-- snip --> </tr>
<tr><td>12/11/07</td> <!-- snip --> </tr>
<tr><td>11/10/07</td> <!-- snip --> </tr>

If there are not blank cells in the column, tablesorter script correctly recognizes it as a date column. If it sees blank cells, it reverts back to a text sorting algorithm. Since only some queries would produce blank cells like that, this issue went unnoticed for quite a while. I guess we trusted tablesorter to do the identification thing properly.

The fix was trivial - force the tablesorter to treat date columns as date columns no matter what they contained. You pretty much have to specify the data type for each column:

  $(document).ready(function() 
  { 
    $("#myTable").tablesorter(
    {
       headers:
       {  
         0 : { sorter: "shortDate"  },
         1 : { sorter: "shortDate"  },
         2 : { sorter: "shortDate"  },
         6 : { sorter: "shortDate"  },
         13 : { sorter: "shortDate"  },
         14 : { sorter: "shortDate"  },
         16 : { sorter: "shortDate"  },
         17 : { sorter: "shortDate"  },
         19 : { sorter: "shortDate"  }
       }, 
       widthFixed: true,
       widgets: ['zebra']
    }); 
  });

Btw, guess how I knew that I needed to use the “shortDate” keyword? Because I looked at the tablesorter.js code naturally. Initially I tried “date” but of course that did not work. Next I stared at the online documentation for 20 minutes before I decided it was pointless, so I just downloaded un-minified version of the script, and scanned through it looking for parsers and their names.

Tablesorter is a great plugin, but it really could use more in-depth documentation. While I was digging around in the code, I decided to write down the names of all the parsers for future reference. Here they are:

• text
• integer
• currency
• floating
• ipAddress
• url
• isoDate
• percent
• usLongDate
• shortDate
• time

The auto detection in the script works pretty well most of the time. It can however fail for simple reasons such as blank lines. I’m surprised that the list above was nowhere to be found on the page. Oh well… It’s here if you need it.

Hi, I’m here to torture you with more VBA! Run away! Run away! This is part two of the tales from the Programmer’s Purgatory. And once again, no it is not hell. When you are in Programmer’s Hell you spend all your time in meetings, and/or doing team building exercises *shudder*.

This time I’m unloading few random snippets of code that I produced during my sentence in the purgatory. For example, there is a vba macro that is supposed to extract some data from an excel file with ~20 worksheets. The users need to be able to add new worksheets to it, or move and modify existing ones (that is an absolute requirement, and arguing about it is pointless) so you can’t really protect the workbook. There are really two ways to access any given sheet:

1. By it’s name: ThisDocument.Sheets(”Accounts Receivable 10″)
2. By position: ThisDocument.Sheets(10)

There is of course an issue here. If you try to call worksheets by name, the users will promptly rename every single one. If you try to get it by position, they will rearrange the whole workbook. It is a lose-lose situation and almost every day our helpdesk has this very conversation:

We decided to be tricksy Hobbits and added the following snippet to every single sheet in the document that should not be renamed:

Sub Worksheet_Deactivate()
    Me.Name = "The Name of the Worksheet"
End Sub

It’s funny because it is so subtle. They can rename the worksheet all they want, but as soon as they click on another sheet the name will just quietly revert to what it was supposed to be in the first place. No matter what they do to it, it won’t keep the new name. I imagine they will eventually give up, or call the Helpdesk and then we can tell them in our best BOFH voice “Read what it says in red on top of the worksheet. Do not rename!”

Of course techno-idioticus luseratis is the most ingenious animal on the planet. While they are unable to perform the simplest tasks in Windows or Office without assistance, they show almost limitless resourcefulness when it comes to circumventing the tricks we use to stop them from breaking things.

So if they can’t rename the worksheet they will delete and recreate it or do something equally silly. So we came up with an insidious way to make their life harder. Naturally, it couldn’t be easy because the fuckers at Microsoft decided that there is no reason to fire some sort of an event when a worksheet is deleted. I mean, who would ever want to capture such an insignificant event? No one, that is who.

So there is no real way of preventing the user from deleting a worksheet other than protecting it, or protecting the workbook but that naturally won’t work for two reasons. One reason is that they would often need to un-protect it in order to add/modify certain sheets. The second reason is that most of the time you can remove protection using tools like this one.

So we figured that we’ll just disable the Delete button on relevant Sheets. The user will still be able to get in trouble by moving the worksheet to another workbook, but at least the most obvious way to delete things will be disabled. This is a bit convoluted, but I blame Microsoft for not making a Worksheet_Delete method.

' Put this in it's own module or Workbook module
Sub DeleteButton(ByVal enable As Boolean)
  Dim CommBarTmp, Commbar As CommandBar
  For Each Commbar In Application.CommandBars
    Set CommBarTmp = Commbar.FindControl(ID:=847, _
       recursive:=True)
    If Not CommBarTmp Is Nothing Then _ 
      CommBarTmp.Enabled = enable
  Next
End Sub
 
' On each sheet put the following two subroutines:
 
' When browsing away, enable the Delete button
Private Sub Worksheet_Deactivate()
    DeleteButton True
End Sub
 
' When activated, disable the Delete button
Private Sub Worksheet_Activate()
    DeleteButton False
End Sub
 
' Add these two in the Workbook module:
 
' Enable the button before closing excel
Private Sub Workbook_BeforeClose(Cancel As Boolean)
    DeleteButton True
End Sub
 
' Enable the button when you switch to another workbook
Private Sub Workbook_Deactivate()
    DeleteButton True
End Sub

Note that you could use the Workbook_SheetActivate method to activate this behavior for all worksheets instead of using separate Worksheet_Activate and Worksheet_Deactivate methods. We didn’t do that because only some sheets need to be protected this way, while others are free game.

Finally, here is another frequent Helpdesk conversation that happens at least twice a day:

So here is yet another trick - we will forcefully save the document even if the user resists:

' Put all of these in ThisDocument module
Sub AutoOpen()
    WaitAndSave
End Sub
 
' Wait 5 minutes
Sub WaitAndSave()
    Application.OnTime Now + TimeValue("00:5:00"), "Saver"
End Sub
 
' Save the doc and wait again
Sub Saver()
    ThisDocument.Save
    WaitAndSave
End Sub

This way, the lusers can’t claim they lost 5 hours of work because Word sucks or because some macro crashed their Office or because there was a power outage. Now they can only lose up to 5 minutes of real work. I’m also considering combining this with the versioning feature of Word 2003 (and higher). This way if the user fucks something up they will be able to roll back their changes in 5 minute increments.

I hope you enjoyed this brief excursion into the terrifying world of madness which is VBA. Let’s hope there won’t be part 3, because even right now I feel that my sanity is slipping.

Admittedly, I’m a certified Stage 3 Javascript fanboi. There is a lot of things I love about the language, but one thing I do not particularly care for is the script tag syntax. Let me show you what I mean. Pretty much every page I created recently has something like this near the top:

<script type="text/javascript" src="jquery.js"></script>
 
<script type="text/javascript">
 
   $(document).ready(function(){
      // Your code here
   });
 
</script>

In other words you have two script tags in your code. First one imports the external js file (in this case the JQuery library) and the second one calls some functions from that file. If the first script tag fails to import the external code for some reason (for example due to a network problem) then the second tag will blow up in your face immediately. Granted this is how embedding of javascript in HTML was done since the begging of time, but you can’t say this is a graceful behavior.

John Resig (the man behind JQuery) noticed this, and he proposed to fix this behavior. He proposed to change the behavior of your script tags in order to allow you to write your code this way:

<script type="text/javascript" src="jquery.js">
 
   $(document).ready(function(){
      // Your code here
   });
 
</script>

Embedding the code operating on the library in the very same script tag has many benefits. For one, it logically groups the code so the calls to library functions occur in the same place that library is imported. Furthermore, it prevents network related failures. If you can’t import jquery.js, the code related to it will not get executed. This is a much more graceful than what we have now.

The best part is that these are not just some theoretical musings that will never be implemented by any of the mainstream browsers. John achieved this effect by adding 3 lines of code to the end of jQuery.js file ultimately proving two things:

1. That John Resig is the man
2. That jQuery is FUCKING AWESOME

In fact he takes it one step further. For example, roughly 99% of code you will write against the framework will be inside the $(document).ready closure. So while we are using shortcuts, why not just make that code optional in our modified tags:

<script type="text/javascript" src="jquery.js">
      // Your code here
</script>

Doesn’t that look much clearer, and straightforward? I love it! But don’t get too excited yet. This functionality is not included in jQuery yet and there is no guarantee that it will ever make into it. John says it will need some through testing before it gets deployed.

Once more I’m amazed, and humbled by what you can do with Javascript, and exactly how much power is packed into that 16kb jQuery script. Mind boggling!