After more work on a CakePHP app I wanted to host it somewhere. Because this is a fairly low volume app I went with a shared hosting provider.
One problem was that I needed two different database connections, one for my development site, and one when I push it to the server. It was fairly easy to set up two different connections in app/config/database.php:
#!/bin/sh## FTP informationFTPHOST=xxxx.com
FTPUSER="xxxx"FTPPASS="xxxx"# do we cd to a dir after logging in?FTPDIR=.
# path to base of svnSVNDIR="http://svnserver/svn/project"TMPDIR=/tmp/$$#if["x$1"=="x" -o "$1"=="trunk"];thenSVNURL="${SVNDIR}/trunk/"elseSVNURL="${SVNDIR}/tags/$1/"fi#echo$SVNURLmkdir -p $TMPDIR#(cd$TMPDIR&& svn export$SVNURL code )#(cat -
cd$FTPDIRlcd ${TMPDIR}/code
put .htaccess
mput -R *
chmod 777 app/tmp
mkdir app/tmp/cache
chmod 777 app/tmp/cache
mkdir app/tmp/logs
chmod 777 app/tmp/logs
mkdir app/tmp/sessions
chmod 777 app/tmp/sessions
SCRIPT
)| ncftp -u $FTPUSER -p $FTPPASS$FTPHOST#rm -rf $TMPDIR
This pulls the current code out of subversion (either trunk or a tag) and uploads it to the server. ncftp is pretty good at only uploading changed files.
In the end I used 1 and 1 (aff) and their $4/mo beginner plan that came with a free domain name. There was one problem with 500 errors with 1and1 that was fixed by changing the .htaccess files (no problems on the dev side either)
The only thing I need to change is to move the isProd() function somewhere that is accessible in the configuration class so that errorlevels are changed depending on the environment. This could also be taken care of in the svn branch.
I’ve been learning the CakePHP framework recently, and came to need a simple user login system.
Judging by the documentation out there, ACLs are the way to do it. However after spending an hour trying to figure out all the contradicting articles out there I gave up. ACLs are very precise, all I need is a simple “Sean is logged in” type of thing.
More reading on the Bakery pointed me to the Auth component, which does exactly what I need. Again though, I found incomplete documentation, which combined with reading some of the code and trial and error, I figured it out. What I ended up with was a system that:
By default requires users to log in with a username (email) and password
Guests trying to access a protected resource get redirected to the login screen
Controllers can determine which methods need protection and which don’t
Supports basic groups - registered users are “users”, admins are “admins”. The controller figures out the rest based on that string
It’s easily understood, and doesn’t require a lot of code in each controller
As a password is written into the database, it is automatically md5’ed.
Because I want authentication on every page (with exceptions… hang in there) it’s done at the cake/app_controller.php level in a beforeFilter hook:
1234567891011121314
classAppControllerextendsController{var$components=array("Auth");functionbeforeFilter(){// Handle the user auth filter// This, along with no salt in the config file allows for straight// md5 passwords to be used in the user modelSecurity::setHash("md5");$this->Auth->fields=array('username'=>'email','password'=>'password');$this->Auth->loginAction=array('controller'=>'users','action'=>'login');$this->Auth->loginRedirect=array('controller'=>'users','action'=>'myprofile');$this->Auth->logoutRedirect='/';$this->Auth->loginError='Invalid e-mail / password combination. Please try again';$this->Auth->authorize='controller';}
All the $this->Auth lines fill in the various behaviours, such as what the login page is. Setting “authorize” to “controller” means each controller must have an isAuthorized() function that returns true or false if the already authenticated user is authorized to do the action. The key was setting the hash to MD5, because the default is SHA1 and that wasn’t working with my model I made earlier. You also must edit your config file to remove the salt. This behaviour may be recent though, I see some reports that the Auth component uses plaintext passwords which is untrue in HEAD.
With this in place, all pages will require authentication. To fix that, in the controllers you want to be open, add a beforeFilter:
This will allow all actions in the controller to pass without authentication. allow() seems to take a list of actions that don’t need authentication, * means all. If only a few actions needed authentication, I’d do $this->Auth->allow(“view”, “foo”) to allow the view and foo actions to be open.
If you need to see the user that is logged in, use $this->Auth->user(), which returns the model. From there I can get the role/group, or whatever else I put in there. It doesn’t seem you can set() variables for the view in the beforeFilter, so if you want the view to have part of the User model you should set() it elsewhere.
For my login function, I stole it directly from this tutorial. (Actually most of what I did was based on that tutorial, my contribution is really the explanation of the MD5 stuff and the allow() action (the latter which I now see is in his tutorial, just buried down in another section))
b5media has launched an entertainment gateway
Our dev team worked around the clock (literally… you go Brian!) to get this ready for launch. I think it’s a great evolution of the channel concept. Rather than just having a bunch of blogs in a channel, we have this portal to help showcase the best posts, and the people behind it.
After my previous post I ended up wiping my Myth box and installing Mythdora. Apparently there are some unresolved issues in F7’s kernel and the ivtv packaging.
Everything worked well except recording was funny. Watching livetv was jumpy… Every few seconds the audio and video would stutter. Watching a show on the MVP downstairs was interesting because it appeared that it was being played back at 110% speed, and people were talking like chipmonks.
This lead me to this link which suggested I get rid of the video4linux-kmdl modules and rebuild the saa7127 module from the kernel tree. That post referenced these instructions which were helpful, but not 100% complete.
First I googled for kernel-2.6.20-1.2962.fc6.src.rpm and found a site with the source RPM for the kernel I was running. I also needed to find the kernel-devel for this package (kernel-devel-2.6.20-1.2962.fc6.i686.rpm)
12345678910
yum install rpm-build m4 make gnupg gcc redhat-rpm-config ncurses-devel
cd /usr/src/redhat/SPECS
rpmbuild -bp --target=i686 kernel-2.6.spec
cd /usr/src/redhat/BUILD/kernel-2.6.20/linux-2.6.20.i686/
cd include
ln -s asm-i386/ asm
cd ..
make scripts
make oldconfig
make menuconfig
Then I followed the instructions in the second link to configure the kernel, and build the module
12345
make drivers/media/video
make M=drivers/media/video
cp drivers/media/video/saa7127.ko /lib/modules/2.6.20-1.2962.fc6/kernel/drivers/media/video/
depmod
reboot
The instructions worked well, the only hard part was getting the kernel build environment set up. The make was complaining that it couldn’t find some header files (asm/types.h), and it was that symlink that was needed.
My MythTV box was sadly out of date, and to use the new scheduling service I needed to upgrade.
DVD problems prevented me from upgrading from the DVD I downloaded. Luckily I found how to use the PXE image on the DVD to boot. It’s pretty nifty, you point your bootloader at the PXE images from the DVD (which I wget’ted from my workstation), then you boot and do an HTTP based install (mkdir /var/www/html/f7; mount f7.iso /var/www/html/f7 -o loop from the workstation)
Had many problems upgrading the packages because of conflicts with ATrpms. Ended up deleting all RPMs that had FC4 in the name and then reinstalled them from yum.
I had a need to put password protection on a web site, but allow a certain section to be unprotected. The other way around is easy because permissions are inherited to subdirectories, so a child directory won’t affect a parent.
According to Configuration Sections, merging, Locations containers are processed in order, so the second container can modify behaviour from the first. The other trick ended up being the Satisfy directive, which allows one to say that any one of the specified methods will work. The final config is something like
Order Allow,Deny
Deny from none
Allow from all
# This means that either the "require valid-user" from above
#or the above order (ie everyone) will work.
# Without it, you get prompted
Satisfy Any
Whenever you generate an RPM (rpmbuild -ba foo.spec), an package called foo-debuginfo is also created.
My original thoughts were that this created a debugging version of the binary, ie the same version compiled with -g, because (*hitches up suspenders*) that’s the way we used to do it. So, I’d delete them.
After needing to get a backtrace of a binary the other day, I researched the use of the package, and it turns out it’s just all the debug information from the object files that were stripped out when creating the binary. Through some mechanism, gdb knows to look in /usr/lib/debug/… for the debugs. This behaviour has been around since Red Hat 9, so I’m pretty embarrassed that I’m just learning about it now!
So, with the -debuginfo package installed you’re running the stripped binary in production, but if you need to attach a debugger or look at a core dump, you have full debug information.
because of this NFS4 pseudofilesystem stuff, clients don’t mount /NFS4/home, they mount /home! If you have -t nfs4 then it’s actually mounting /NFS4/home, otherwise it mounts /home through NFS3.
Going to test this a couple of times to make sure it’s correct, cranking out another xen instance (yay for kickstart!) to make the tests more accurate.
Reading through the chkconfig man page, I see that a simple “chkconfig cfenvd” will return 0 if the service is started in the current runlevel, and 1 otherwise. Thus: