WordPress Premium Themes

Create a custom search form

The first step is to create your own custom search form to bypass the standard wordpress search. This function goes into function.php and then can be called by whatever page you want the form to appear on.

function custom_search_form(){
?>

    <form id="searchform" action="http://penny.ekouk.com/searchresults/" method="get">
    <label>Job description:</label> <input id="description" type="text" name="description" value="" />

     <label>Salary:</label> <select name="salary"> 
                              <option value="">Any</option></select>
                              <option value="15000">15k +</option>
                              <option value="20000">£20k +</option>
                              <option value="30000">£30k +</option>
                              <option value="40000">£40k +</option>
                              <option value="50000">£50k +</option>
                              <option value="60000">£60k +</option>
                              <option value="70000">£70k +</option>
                              <option value="80000">£80k +</option>
                              <option value="90000">£90k +</option>
                              <option value="100000">£100k +</option>
                            </select>
 
     <label>Location:</label> <select name="region"> 
                                <option value="">Anywhere</option>
                                <option value="east">East</option>
                                <option value="south">South</option>
                                <option value="west">West</option>
                                <option value="north">North</option>
                               </select>

     <input id="searchsubmit" type="submit" value="Search" />

   </form>
<?php
}

Create your results page

Next you need to create the page that will process the submission of the form, and display the search results.

$region = $_GET['region'];
$salary = $_GET['salary'];
$description = $_GET['description'];
$searched_posts = meta_key_search($region, $salary, $description);
while($searched_posts->have_posts()) : $searched_posts->the_post();
   jobman_display_job_search($post->ID);
endwhile;

This gets the search terms passed into the page via the URL, and then uses two functions to process them. The first function performs the search query, the second works with search results and outputs them in a useful way.

The search function

Add this to functions.php

function meta_key_search($region, $salary, $description){
global $wpdb;
$args = array(
          'post_type' => 'jobman_job',
          'orderby' => 'meta_value_num',
          'order' => 'ASC',
          'meta_query' => array(
               array(
                  //data4 is location 
                  'key' => 'data4',
                  'value' => $region,
                  'compare' => 'LIKE',
                ),
               array(
                  //data1 is salary
                  'key' => 'data1',
                  'value' => array($salary, 99999999),
                  'compare' => 'BETWEEN',
               ),
               array(
                  //data5 is description
                  'key' => 'data5',
                  'value' => $description,
                  'compare' => 'LIKE',
               )
           ),
          'sentance' => true, 
           );

$searched_posts = new WP_Query($args);

echo "<br>Total results: ";
echo $total_results = $searched_posts->found_posts;
echo "<br><br>";

return $searched_posts;
}

The ‘post_type’ is the name of your custom post type, for Job Manager this is ‘jobman_job’. The Meta Query is where the search on meta values happens. Use the meta key, the value you’re looking for, and how you want to compare the query with the stored data. The final line ‘sentance’=>true, allows the query to search for phrases in the database. Without this line it will only search for exact matches. Sentance isn’t a typo (by me anyway), it’s in the core wordpress code.

Processing the results

This code is probably more complicated than most custom post types will need because it’s been built to work with the existing Job Manager plugin. If all you want to do is list the post title in your results you don’t even need this function. This is for putting content from the meta keys into the results page.

function jobman_display_job_search($job) {

global $jobman_shortcode_job, $jobman_shortcodes, $jobman_field_shortcodes;
$options = get_option( 'jobman_options' );
$content = '';

if( is_string( $job ) || is_int( $job ) ) 
    $job = get_post( $job );

if( $options['user_registration'] && $options['loginform_job'] )
    $content .= jobman_display_login();

if( NULL != $job ) {
     $jobmeta = get_post_custom( $job->ID );
     $jobdata = array();
     foreach( $jobmeta as $key =>; $value ) {
         if( is_array( $value ) ) 
             $jobdata[$key] = $value[0];
         else 
             $jobdata[$key] = $value;
      }
}

// Check that the job hasn't expired
if( array_key_exists( 'displayenddate', $jobdata ) && '' != $jobdata['displayenddate'] && strtotime($jobdata['displayenddate']) <= time() )
    $job = NULL;

// Check that the job isn't in the future
if( strtotime( $job->post_date ) > time() )
    $job = NULL;

if( NULL == $job ) {
    $page = get_post( $options['main_page'] );  
    $page->post_type = 'jobman_job';
    $page->post_title = __( 'This job doesn't exist', 'jobman' );

    $content .= '<p>' . sprintf( __( 'Perhaps you followed an out-of-date link? Please check out the jobs we have currently available.', 'jobman' ), get_page_link( $options['main_page'] ) ) . '</p>';

    $page->post_content = $content;

    return array( $page );
}

$template = $options['templates']['job_list'];
jobman_add_shortcodes( $jobman_shortcodes );
jobman_add_field_shortcodes( $jobman_field_shortcodes );
$jobman_shortcode_job = $job;
$content .= do_shortcode( $template );
jobman_remove_shortcodes( array_merge( $jobman_shortcodes, $jobman_field_shortcodes ) );
$page = $job;
$page->post_title = $options['text']['job_title_prefix'] . $job->post_title;
$page->post_content = $content;
echo $page->post_content;

return array( $page );

}

This retrieves the meta keys and then uses the existing job list template to show the results. If you are not using Job Manager, this is the part of the function that should help you to retrieve the meta values.

$jobmeta = get_post_custom( $job->ID );

$jobdata = array();
foreach( $jobmeta as $key => $value ) {
    if( is_array( $value ) ){
        $jobdata[$key] = $value[0];
    } else {
        $jobdata[$key] = $value;
    }
}

Thankfully I don’t really have that happen, but I do I find I can improve my mood and work flow by doing a few things to my work space on a regular basis.

Today I thought I would share a few of those with you along with some extra bonus tips for generally feeling better and being better at what you do.

Bag it
First up, grab yourself a couple of bags. Get all the paper waste (hey, we need to be green) into one bag. Be sure to shred anything sensitive of course. Get that into the recycle box.

Sweep away
Clean off anything you don’t need from your desk and in your drawers. Chuck those old sweets and promo toys away… you don’t use them anyway… well aside from that cool play putty you got, keep that for thinking time.

Dusty dust dust
Take everything off and give it all a clean and polish. Just the smell of polish on your desk and computer equipment can be a super boost. If you are lazy, get something that smells nice and plonk it on your desk. Clean as much of the rest of your office / work space in the same way as clutter around you, even if not seen, can be a big downer. Do you really need that out of date calendar?

Post it away
Now, like most you might have a number of post it notes around? If you are on a mac, open the stickies app and get your notes into those. If you are on windows find something you like to look of from Google and do the same.

The task at hand
Perhaps some of those notes are tasks that you need to do for clients? Then get yourself a free basecamp account (yup, that’s an affiliate link so I can track signups. Costs you nothing though). Get your projects in there, create some to do lists, add your tasks.

Treat emails with love
When you get new emails in with questions and tasks, get them straight into basecamp before you do anything else. This keeps track of everything and means it is not in your head or cluttering up your email inbox with todo notes and tags. Try to upload any associated files into your projects so you don’t lose them.

File it damnit!
Perhaps you deal with a lot of files for clients or personally? In that case grab yourself a free account with my new fav bit of software, DropBox. That’s a special link that will give you some extra free space when you get your free account too. See, I am nice.

It’s not a physical thing
You don’t just need to clean your desk space. Get your computer desktop space cleaned up too. Organise things into folders (perhaps that new drop box account?) and delete anything you don’t need from your desktop. I’d recommend a nice desktop background too… mine are generally of either something I really want (to motivate me to work in order to get it) or when I need a clear mind I put something nice and simple on from Simple Desktops.

Funky music
Now, for extra motivation why not get some nice new music from your service of choice, or the shops, itunes, spotify etc. I recommend some chill / ambient music… even classical. If you get music on that you don’t know and ideally has few or no words it can really help you focus and keep your head flowing.

Sometimes, a tidy of the desk is the best way to get cracking on some work rather than staring at the screen feeling down about what is sitting there waiting to be done. I learned this years ago and still to this day it keeps me going full speed on the work that I do.

Pssst here are a few of my spotify lists: Worky, The Mirror Conspiracy, Music for March and Hollywood Chillout.

Bonus
One final extra tip… once you have done the above, especially the part about getting your tasks into a system like basecamp, jump into your email client, create a folder called ‘archive email’ or similar and then move every single email currently sitting waiting in your inbox over to the new folder. Empty your inbox and treat all new emails that come in with some efficiency and process. An empty inbox is one of the most liberating feelings and can really help clear your mind. When was the last time your inbox was empty? Exactly. For extra points, grab yourself a copy of PostBox email client as it has some clever pin, todo, marking and search options that come in handy very often once you make use of them.

Your ideas…
If you have any other tips for getting motivated feel free to share them in the comments below… hopefully I have helped at least one of you have a more productive and happy day.

What is CSRF and how does it work? CSRF, also known as XSRF, is short for Cross Site Request Forgery. OWASP’s definition for CSRF is this:

A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.”

So, what we need to perform a CSRF attack is this:

• A vulnerable website or application
• A victim which is logged in at this website

Let’s assume the vulnerable website www.example.com allows users to buy goods from their web shop. For the sake of simplicity, I’m using GET parameters to demonstrate the problem, however POST is affected likewise. The URL which a logged-in user has to visit to buy a product is the following:

http://www.example.com/buy.php?productID=x&amount=y

By calling this URL, we submit the parameters productID and amount with the values xand y to the script. The script uses those parameters to process the order. A malicious attacker can now make a victim’s browser send a request to this website. This could be done by simply putting an image tag on a website that he controls:

<img src="http://www.example.com/buy.php?produktID=20&amount=1000" />

The victim’s browser doesn’t know that the referenced URL is not an image at all; it just sends a HTTP request to the given URL to retrieve whatever data there is. And here’s the trick: Because the victim is logged in at example.com, the browser sends all of the victim’s session and authorization data with the request. The victim has unknowingly sent a request to buy 1000 pieces of the product to example.com, and the website has no idea that the request is illegitimate – the order would be executed.

Principles of CSRF protection

So, how do we protect a website against CSRF attacks? The underlying principle is easy. A CSRF attack is based on the fact that the attacked website has no way of knowing if the data it receives actually came from a form on this website. What we need is a way to connect the two necessary HTTP requests – form request and form submission – so that we get this piece of information. We can then make sure that data we receive was really entered by a user on our website.

There are several ways to do this. The most common one, includes a hidden field in each form on the website. This hidden field is called CSRF token. The CSRF token is a random value that changes with each HTTP request sent. As soon as it is inserted in the website forms, it gets saved in the user’s session as well. When the form is submitted, the website checks if the submitted CSRF token equals the one saved in the session. If so, the request is legitimate. The token changes each time a page is requested, which means an attacker would have to guess the current token to successfully perform a CSRF attack.

Fortunately the common Frameworks have included methods for protecting your sites but you have to enable these features.  We’ve been developing sites recently with the need for higher security and  have been trawling the web to find some best practice guides.  Here’s what we found:-

CSRF Protection in CodeIgniter

• http://net.tutsplus.com/tutorials/php/protect-a-codeigniter-application-against-csrf/
• http://aymsystems.com/ajax-csrf-protection-codeigniter-20
• http://www.beheist.com/index.php/en/blog/csrf-protection-in-codeigniter-2-0-a-closer-look 

CSRF Protection in Yii

• http://www.yiiframework.com/wiki/274/how-to-validate-csrf-token-with-session/
• http://www.yiiframework.com/doc/guide/1.1/en/topics.security

CSRF Protection in Zend

• http://stuntsnippets.com/zend-framework-csrf-protection/
• http://codeutopia.net/blog/2008/10/16/how-to-csrf-protect-all-your-forms/

Vulnerability Testing

When costing a development project, always allow more time than you think for the damned IE versions AND if security is important incorporate some days for vulnerability testing.  One thing is for sure, a fool and his money will soon be partying.  Make sure that isn’t your money and developers time trying to patch up insecure code that should have been done properly in the first place.  You know who you are people.  Budgets are always tight but site downtime and the loss of reputation can cost you more than the extra couple of days that should have been spent.

If you want to test your site take a look here, this article provides some useful info: http://blog.csdn.net/zhonggonglou/article/details/7538702.

Free Vulnerability Scanners

There are a range of free tools out there which can give  insights into possible exploits on your site, they will mostly want you to upgrade to the Pro versions.  Some of the decent scanners give a trial period,  do use them, whilst the cost will be prohibitive for small developers, you know how to  make the most out of your many email addresses.  This section deserves another post in its own right but for now check out:-

• https://www.qualys.com/enterprises/qualysguard/web-application-scanning/
• http://www.rapid7.com/vulnerability-scanner.jsp
• http://www.eeye.com/products/retina/community

Hope that provides some decent information and food for thought for small developers.  Credit to Bastian Heist for the informative introduction to this article.

Freelance techies and creatives can make a perfectly decent living working from home.

It isn’t a dynamic way to work, or an inspiring one, or even a fun one, but it works. To a degree.

Because it soon becomes apparent that the more dynamic and successful these individuals are, they sooner they find this way of working limiting. Same clients, same type of work, and learning new stuff is kept to a minimum. Which means working this way soon becomes stifling, repetitive and, well, rather boring.

And it isn’t about the money. It’s more a case of wanting – needing – to work in an environment that crackles with energy. Creates great ideas. Solves the unsolvable. And lets you enjoy doing it.

And this ends up as being better for the client, too. An OK idea gets bounced around and becomes a great one. One answer becomes a complete solution. Answering the brief can mean a mass of sharp, targeted ideas that blow everyone away.

OK, so working together works. But what next? How can we bring this talent together? And where can we do it?

The answer is our new offering, The Sussex E-business Centre in Shoreham. A place where individuals with specific talents can work in our new office space and remain independent, or work together in small teams if their project demands it.

People can now share ideas. Pass on contacts. Learn off each other and even employ each other. Already we’ve seen friendships develop and partnerships forged. And clients are experiencing a fresh, dynamic, positive environment where there is a rich concentration of talent. And they like the fact we have a board room / meeting room, a professional video/photographic studio and a games room.

Already the centre is bearing fruit with several of us in talks regarding some highly lucrative contracts brought in through this new networking initiative. We’re working individually and as a team. We’re all working more productively. And we’re all liking it.

If you would like to find out more about joining our office space, or to see what we could do for your business, call Guy on 0844 357 4200 or Lee on 01273 455706

We look forward to hearing from you soon.

http://fredhq.com/projects/roundabout#/demos

Googles advertising revenue, infographic.

Great day all round, race was won at 29 mins. Woah, we have some serious training to do to catch up with him.

Quote: I’ve been using a common technique to deploy source code updates to my Amazon EC2 instances for some time now, which makes use of S3 as a central source code file-store, and syncs updates out to instances on a restart.

I didn’t however know that this technique had a name: Rolling Thunder (Thanks AWS Tech Summit)

As it was such a cool buzz wordy term, I thought I’d post a guide to how I achieve Rolling Thunder on AWS using CentOS Linux based instances (though this should work with any *NIX variant) in case anyone new to the game wanted a how-to.

Read more over on Chris’s blog here: http://www.coderchris.com/aws/aws-rolling-thunder-in-centos-linux/2011/04/11

This January, Toshiba announced the world’s first glasses-free 3D laptop, the Qosmio F750. With a £1300 price tag, it also boasts some fairly capable hardware. An Intel Core i7 processor, Nvidia Geforce GT540M graphics, 640GB (7200rpm) HDD, 6GB DDR3 (1333MHz) RAM, “distortion-free” Harmon Kardon speakers, a BDXL drive and a USB 3.0 port.

Initial reviews look promising and so do some of the features. The screen will be able to display both 2D and 3D at the same time in different windows. The built-in HD camera is able to track the users eye movement so that the 3D effect will match the position you are viewing from.

Toshiba’s Qosmio F750 will be available in the UK in August for around £1300. Will it prove to be a success in glasses-free 3D entertainment? Or is it just another gadget fad?