ImpressCMS Community - ImpressCMS Blog

Importing ImpressCMS SVN repository on SourceForge

Fri, 05 Mar 2010 15:12:23 -2200

Since a little bit more then a year, we were using the services of CVSDude (which has now become Codesion) for the SVN repositories and Trac instances of ImpressCMS. When we first created ImpressCMS, we were using SourceForge: for these things but at that time, SourceForge features were not meeting our needs. Plus, they did not have Trac. This explained our choice of using CVSDude.

A year and a half later, many things have change. SourceForge did a hell of a good job implementing new features and improving their site usability. And they added Trac! In the meantime, CVSDude also added many new features, and then changed their plans, and their name. We have now reach a point where we are no more satisfied with CVSDude and we had to decide to go back to our first love .

Read the complete post here.

Accent Folding for multi-language sites

Tue, 02 Mar 2010 16:24:05 -2200

Now that most developers are using a Javascript library as a foundation, the time they gain can be invested into more sophisticated applications.ImpressCMS provides multi-language functionalities, and can be used in many languages, not all of them using the english alphabet. That introduces some very specific issues due to accents and other letter modifiers.

A list apart has a very interesting article in that regard, which describes how to fold accented characters. Doing that should make your autocomplete and your search return more and more interesting results.

The article is here : A List Apart : Accent Folding for Auto-complete

Sadly, there is only a YUI example, but I'm sure a jQuery implementation won't be that hard to do. An idea for ImpressCMS 1.4 perhaps?

Make it Faster (and Better) - Part 5: Text Functions

Thu, 25 Feb 2010 02:46:41 -2200

Time once again to bore you with tiny little details and snippets of code. Some time ago, ImpressCMS announced it would only run on PHP5 and be removing support for PHP4. Well, PHP5.3.x is now released and many of the old functions have been deprecated, with many more to be removed in PHP6.0. ImpressCMS 1.3, in addition to focusing on code optimization and performance, will also bring PHP5.3 compatibility to the platform.

Some of the changes needed are pretty straightforward and have simple replacements and I'll talk about a few of them in this post.

What's your password? We don't know!

Wed, 03 Feb 2010 08:22:18 -2200

Some time ago, a user of one of my sites asked me what was his password for the site, and my reply was: "click here to change your password".

He was annoyed by this answer. He expected me to tell him "your password is...", so I had to do some public relations and explain him:

1 - I was teaching him how to do things by himself, which is much more valuable.

2 - I didn't know his password. I didn't know the password of any user.

The second point sounds strange but it's true. Your password is a very sensitive information and we know that here at ImpressCMS, so we "hide" it in a way that no-one, even the owner of a site, can access any other person's password directly.

What's the danger?

Consider a site that doesn't protect your password properly. A hacker gains access to the site. He gets all user data, including their passwords, of 5,000 people. Of all these people, 100 have a Paypal account, and 20 of them are using the same password for both the hacked site and Paypal. 15 of them have cash on their accounts.

They are screwed.

No, we're not allowing this to happen in a ImpressCMS site if possible.

What's the trick?

ImpressCMS encrypts the password before saving it in the database, so the database doesn't contain your password, only the encrypted version. The wonder of our encrypting method is that is easy to encrypt anything using it, but it's terribly hard to decrypt it.

So, when you login in your site, we don't compare the password you wrote with the one we have, because we don't have any. We encrypt the password again and compare it with the encrypted version we have in the database. That's how we know you are really you, but we don't save your password anywhere.

Am I safe?

On ImpressCMS, you're as safe as we can guarantee. To be honest, we're not the only Open Source CMS that takes special care of your password, but this is actually good news. The Open Source community, despite working on free products, takes your personal data very seriously. More seriouly, by the way, than some big fat NASDAQ corporations. If you ever suffered phone SPAM or receive calls everyday from a phone company that its not yours (it happens to me), you know what i'm talking about.

What I can tell you is that ImpressCMS developers have run "the extra mile" to offer safer encryption methods for your password. In version 1.1 we moved from old MD5 to other, much safer, methods, such as SHA.

And if time proves this is not enough, we're ready to run the extra mile again.

Best regards.

IPF Q&A Session - Thursday January 28th 4 PM GMT -5

Thu, 28 Jan 2010 19:29:35 -2200

Hi everyone,

Join me today at 4 PM GMT -5 for an ImpressCMS Persistable Framework Q&A Session:Topic: IPF Interactive Session
Date: Thursday, January 28, 2010
Time: 4:00 pm, Eastern Standard Time (New York, GMT-05:00)
Meeting Number: 573 783 666
Meeting Password: web123

-------------------------------------------------------
To join the online meeting (Now from iPhones too!)
-------------------------------------------------------
1. Go to https://inbox.webex.com/inbox/j.php ... MxMQ%3D%3D
2. Enter your name and email address.
3. Enter the meeting password: web123
4. Click "Join Now".

To view in other time zones or languages, please click the link:
https://inbox.webex.com/inbox/j.php ... MxMQ%3D%3D

-------------------------------------------------------
To join the audio conference only
-------------------------------------------------------
Call-in toll number (US/Canada): 1-408-792-6300

Access code:573 783 666

Make it go faster! Part 4 - Caught in a Loop

Thu, 21 Jan 2010 00:46:06 -2200

In all my previous posts, I used looping to execute actions multiple times, which saves code and also makes your program easier to read later on. But, used unwisely, loops can severely reduce speed and memory usage.

Let's take a real world example this time and see what kinds of things to look for.

Facebook phishing attempt

Sun, 17 Jan 2010 16:50:27 -2200

I've posted this on my blog yesterday and believe it could intersest some of you guys here...

People are getting more and more creative when it comes to fraud other people. And with today's Web technologies, there are 1000 ways to lure people and try to hijack their accounts, stole their money, etc... Today, I received what seems to be a normal email from Facebook. Someone named Linda asking if we were knowing each other:

Linda sent you a message. (no subject) Hi, have we met ever before? Linda Thanks, The Facebook Team

Cool, a new friend! However, I saw the scam 1 second later. After the message from Linda, the following was displayed:

To reply to this message, follow the link below: http://facebook-reply.mountadamajan ... tml-h1.htm

Read the full article here.

Someday, Google cache will save your ass

Sat, 16 Jan 2010 14:26:24 -2200

You've got a site. A nice website. A page you haven't touch in weeks needs a change, you go for it. You edit the content, click on save... NO, WAIT! Oh, crap! You totally screwed it!

OK, before anything else, DON'T PANIC! There's a backup somewhere, you can download a 500 Mb daily or weekly backup, open it, get the database, install it in your own computer using Xampp or something like that, access to the database using PHPMyadmin, locate the table where your content is saved, search for the appropiate row, then...

Agh, forget it, too complicated. You better look for it in Google's cache. You go to Google's Search and look for a copy of your page:

cache:www.yourwebsite.com/content?page=foobar

Google will show you a copy of your page as it was a week before, two weeks before or even a month before. But there it is. Just copy your content, go back to your website, and paste it.

That's it, Google cache saved your ass. And it was fast an easy.

IPF Q&A Session - Thursday January 14th 4 PM GMT -5

Thu, 14 Jan 2010 18:49:15 -2200

Hi everyone,

Join me today at 4 PM GMT -5 (that's in 2h and 15 minutes) for our very first ImpressCMS Persistable Framework Q&A Session:

Topic: IPF Q&A Session
Date: Thursday, January 14, 2010
Time: 4:00 pm, Eastern Standard Time (New York, GMT-05:00)
Meeting Number: 570 539 860
Meeting Password: web123

-------------------------------------------------------
To join the online meeting (Now from iPhones too!)
-------------------------------------------------------
1. Go to https://inbox.webex.com/inbox/j.php ... MxMQ%3D%3D
2. Enter your name and email address.
3. Enter the meeting password: web123
4. Click "Join Now".

To view in other time zones or languages, please click the link:
https://inbox.webex.com/inbox/j.php ... MxMQ%3D%3D

-------------------------------------------------------
To join the audio conference only
-------------------------------------------------------
Call-in toll number (US/Canada): 1-408-792-6300

Access code:570 539 860

CVSDude issues solved

Mon, 11 Jan 2010 11:06:09 -2200

The issues related to the switch from group based to role based security seem largely solved.

Underdog had a problem logging in, which is according to CVSDude linked to the SQLite backend having some problems with concurrent access.

They are doing some tests with a PostgreSQL database at the moment, to see if that resolves these intermittent issues. No timing on that yet.

We might experience this issue 'database locked' now and then, but it's an issue that has been there intermittently in the last few months, so it's safe to say it isn't related to the switch on 28 december 2009.

If you have issues with CVSDude, let me know and I'll do my best to get it solved.