Development environments & source control

One thing that I see asked repeatedly online is how people manage their development, either for a small & simple project or a large and complex project. The setup obviously depends on the project and the requirements. However, personally I have 3 development environments, whereas at work we have 4:

  • Local environment
  • Staging environment
  • Live environment

Local Environment

For this, I either run MAMP or XAMPP depending on the OS that I am using. My XAMPP install normally is configured to run two different MySQL servers, and run two different codebases for each virtual host that is set up.
Also, ensuring that database names, usernames and passwords are consistent on my local environment as on the live environment reduces the edits to code that I need to do before going live.

Staging Environment

Ultimatley, there’s not a huge amount of difference between this & the live server. The main difference being that the database used within the staging environment is completely different to that of the live environment. Normally a command is ran to update the staging database with a complete copy of the live database, normally ran at the least trafficed time of the site.

Live Environment

This is what the users see, and is what is live on the site. What with the clue being in the name.

How does source control fit in?

Currently, I use SVN for the source control of my projects, the reason being that it is what we use at work & what I know. I use Beanstalk to host the repository, and use their integrated deployment functionality to push the code from the repository to live.

I commit … Staging gets touched

The way that the deployments are configured, if ever a commit is made the code is automatically uploaded to the staging server. This means that the staging server is a complete copy of the repository where everyone can play around & test each other’s code etc.

To push live, the wonders of Beanstalk mean that if I name the live server Pikachu all I have to do is ensure that within my commit message I have put [deploy: Pikachu]. This will then do to the live server, what is done to the staging server, all of the code is pushed live.

Versions, Tortoise or CLI

One thing you’ll find is that I’m inherently lazy in what I do. People question why I do something one way, instead of another way. I for one, rarely (or ever) use command line for any sort of committing, or source control. The main reason being that if there is a nice GUI out there to do it for you, why not embrace it, use it and push your experience to the limit.

On Windows, I find that TortoiseSVN is the best option out there at the moment. Integrating amazingly well with the context menu, as well as deep integration with explorer to highlight the current state of a file, or directory.

When dabbling away on my Mac, I forked out for the amazing app that is Versions, whether that’s down to the student discount that I got on it, or whether it’s simply because it’s a suggested app by the fine folk at Beanstalk. Either way, it’s easily one of the best (if not the best) for SVN & Mac.

So you want to display your skill level?

The thing that gets me a lot is when someone thinks that using a graph on their site, resume or anything is a brilliant way to display their actual level of skill. I’m going to explain to you why you shouldn’t do it, and hopefully provoke some discussion about what other techniques you could use to display your actual skill level.

The Scenario

We have two people, X and Y. They are both budding developers, they both have skills, they’re both designing their portfolios/resumes and have decided to display their skillset in graph format so that a client can easily see what their strengths and weaknesses are.

Person X thinks he is truly awesome at PHP, and jQuery as well as HTML, but has a slightly less than perfect knowledge of CSS. So he decides that he’ll put the following ‘weightings’ on his skills:

  • PHP 90%
  • jQuery 85%
  • HTML 90%
  • CSS 50%

After some quick looking at a graph that would appear based on these numbers, person X decides that actually, it makes him look like a bit of a poor developer with one bar being so much less than the other. So tweaks the numbers so that CSS actually sits at about 75%. Content with this new graph, making him look like the professional developer he thinks he is, he sets about finalising his portfolio.

Person Y is at the point where he has to decide how to display his skillset, opting for the same method as Person X, he sets about validating his same skills as below.

  • PHP 75%
  • HTML 80%
  • CSS 80%
  • jQuery 60%
  • JavaScript 80%
  • Photoshop 30%

So content with how his graph looks, he sets about drawing up & finalising the rest of the portfolio/site.

Brilliant, we have two people’s sites that are pretty well done, and look awesome with their graphs!

The Client

Client A wants a new website creating, nothing too complex, just a blog ultimately, but using a simple bespoke system that won’t use WordPress.

The client takes a look at both Person X & Person Y. Having done some quick looking at the totals, the client decides that he should probably choose X over Y. Reasons possibly being:

  • X is better at PHP, he’ll probably complete the work to a higher standard.
  • I want some interactivity, I hear that it uses something called jQuery, X is best at that, he’ll be able to do what I want.
  • HTML is what keeps the sites running etc, so he’ll need to know that.
  • From Googling, CSS is used to style HTML, his 5% lack on Y is made up by his advances in the other categories.

So from the above information, the client would probably run through and chose X over Y.

Was it the right decision?

Clients are renowned for trying to get their work done for the cheapest they can, they won’t take anything else into consideration. They are presented with stats in a lovely comparable way, they compare, and pick the best. It’s like developer Top Trumps (kudos if you remember Top Trumps!)

Now, if we look at the decision process of the percentages for each user we could probably see a different mindset appearing, and quite simply see that the client most probably made the wrong decision – something they might find out further down the line.

Person X is someone who is set on using PHP 5.1, they don’t like adopting new standards, they don’t actually know anything about JavaScript, and so will always use jQuery in a scenario where probably you could use vanilla JS. Furthermore, Person X also has little knowledge of CSS, they won’t use CSS3, and most definitely will not test in various browsers. They love using Firefox, and don’t really care much for Internet Explorer users. Person X always Googles for an answer first, and then takes any answer and copy/pastes the code to suit their own situation.

Person Y is currently self taught, however, they are experimenting with new technologies. They develop everything locally, and then push to a live server. For that reason they are running the latest version of PHP, perhaps not sub-sub version, but definitely more recent than Person X. Person Y has a knowledge of JavaScript, their jQuery code will be more targetted at the client’s needs, they can remove the crap from any jQuery plugins that aren’t needed – or recode stuff to be more efficient. Person Y has seems to have lower numbers than X, however does that convey that they’re being honest compared to X? Have they spent an equal time on learning things?

The Problem

With a graph is that there are a load of assumptions that have to be made by the client, and/or the developer:

  • 100% honesty
  • High numbers are better
  • Lower number on one compared to another make you look bad
  • Other developers lie (so I should when making my numbers up)

The Solution

If you want to use a graph to display your stats, that’s great & awesome! However, take a few things that have been explained into consideration when doing so, and if you’re an innovative developer, you’ll probably do something awesome to help explain the large differences from one bar to another.

When you display your skillset on a graph, why not use something similar to JS Tipsy (if on a website), to explain why you aren’t at 100% with that language might be that you have just started learning the language, or that you only dabbled with the language for college or something.

Why not consider an alternative method to display your skillset?

Alternatives

There are plenty of alternative ways to display your skills:

  • Rank your skills in how skilled you feel you are with them. List them, don’t put a comparable value (such as a graph) on them.
  • Name the languages you would happily be paid to do work in. Personally, I would never accept payment to work in C or Java from a client. Yet, I have used them, and would probably be at about 25% or so in each. Yet, I don’t mention them.
  • Slip the languages that you have used into your bio section of your site ie:
    I am Person X, I create websites using PHP, HTML and CSS to style. Reaching out to jQuery for interactive effects where suitable
    That small chunk shows that you know when best to use jQuery, and that you have experience using them.
  • When you display your portfolio mention the languages that you used for each project, if you want to be smart, list them in the percentage of coding that is done in that language… ie: “Forrst Stats: PHP, MySQL”
  • Don’t mention the languages or skills that you know. Let your portfolio talk for you.

The last three points are the ones that I’d personally go for, not all three, but the first one for sure, then probably the last, unless it ‘s a bit project that uses something special, I’ll mention it then in the description of that portfolio item.

Final Words

You need to set yourself apart from other developers and desginers, think outside the box in how to present your skills, don’t use a method that will make it easy for a client to actually reject you compared to another developer/designer. They can work to your advantage, but can also work to your disadvantage.

Using them in a resume or CV is slightly different to using them online. I would personally keep a resume strictly textual and explain simply the skills you are more skilled with. Save a lot of the discussion for interview! Your portfolio will get you the interview, your language skills will get you the job from the interview!

Beanstalk & database versioning

Leading on from my earlier post about Development environments & source control, I got a question asking about database versioning and how that fits in to the whole system. One of the joys of using Beanstalk is the ability to have it call a webhook post-deployment. Meaning that you can call a certain script or page on your site after the deployment has finished.

The basics

The way this’ll work is as follows:

  1. Create a file called ‘dbchanges.sql’, which should contain all changes required for the database.
  2. Create a file called ‘dbupdate.php’. This file will self-delete when it has ran, so as to stop it being run again, but ultimately, it will take your SQL & run it on your SQL server for you.
  3. Configure a web hook to run the dbupdate.php file on Post-Deployment.

The SQL

The main thing to ensure is that when you run your SQL, if you are spanning multiple databases, to not select the databse when you connect. However, you should instead database prefix your tables. So, instead of table `site`, you would use something like `my`.`site`, where the table `site` is within database `my`.

Also, ensure that your SQL queries end with a semi-colon to stop the SQL failing & ultimately breaking everything.

The PHP

Of course, this can be written in any language that you want that is capable of database interactions, so save the hate on PHP. Ultimately all that the script needs to do is connect to the db server, run the SQL, disconnect, delete the ‘dbchanges.sql’ file, and then self-delete the ‘dpupdate.php’ file. Of course, a check should be put in place to double check that the SQL file exists.

There is a lot of scope here for what the PHP script does. One of the main things that I’d make it do is back up your database before running the SQL changes, this means that you have a failsafe incase everything fails. For this to run, you need to find out/make sure you’re able to execute the system() function, many hosts disable this due to what it opens up.

Within this, we’ll be using mysqldump which takes a series of parameters to let us specify:

  • SQL host (-h)
  • SQL username (-u)
  • SQL password (-p)
  • SQL database (or SQL table)

As a quick example, if I want to back up the `site` database to a file within the /home/user/ directory, I’d use something along the lines of the following code:

<?php
system(mysqldump -h localhost -u dbuser -pdbpass site > /home/user/sqlbac.sql);
?>

There’s a lot of scope to what the method can do, so I suggest taking a quick read of the mysqldump documentation.

That’s a wrap

While a very basic summary of what I’d do, I didn’t want to write all of the code for everyone, as ultimately people might be using a database class or some other crazy wacked out way to connect to their database. The logic is there, and if you need any help, don’t hesitate to shoot a comment below.

API centric development

I’ve just finished planning out the development process for a new project that myself and two friends are working on. I’ve decided to take a much more API centric approach with the development than I normally would with a site. By this I mean that I develop the API first.

This is definitely not a new idea, however, it’s one that in the development community seems to be discussed a hell of a lot less than I thought it would be. In an ideal world, new sites would follow the same development routine, unless of course there are some major drawbacks to doing this that I haven’t yet thought/found out about. We hsall see…

Why?

The main reason for this decision is the fact that at the end of this we will have a fully working, completely capable API. Now, whether we actually enable all of the options (such as user registration) through the API for third-party apps is unknown at the moment. However, for our own application – the option is there.

Also, we will have a well maintained API. One of the worst things about APIs on a lot of sites is the fact that they lag behind the site in terms of features. We’ve all been in the situation where a site rolls out a new feature or process, yet the actual API can’t do that, or allow you integrate with it.

One final reason that we’ve chosen this is that it should increase the speed of overall development. If we were to develop the site interaction and then plug an API on the side of that, we’ll probably spend twice as long developing (although, probably closer to 1.75 times as long). This is quite a huge saving in time so that we can do other things such as eating Pizza, fumbling with the frontend or simply drinking, (realistically, we’ll be developing!).

It’s A User Experience Wet Dream

One thing that people rattle on about is the fact that we should look after the users, the fact that we should give them the best experience, and that they should have the user experience wet dream that they deserve.

Giving the users the option to interact with the site through whatever means they want from launch is only going to make the site better. The fact that even if we don’t launch with an app for every device that someone out there will hopefully embrace our site & API, and push out a mobile app for that device.

The other thing is, this gives us a huge amount of scope to spread everything. We can move our site to a separate server from the API server or whatever we want. With this option, we can move everything around, without having to worry about changing two different sets of code that interact with our databases etc

How did I get here?

Quite a few people ask how to get work, or how to find people to work with, or more commonly – how to become known. I can’t help with the latter, but I might be able to help with the former. The most important thing to do is to build up a name for yourself amongst the people you know. Be reliable, friendly, helpful and above all – get it right!

When I was about 14, I used to frequent various remotely hosted forum support boards. Mostly chilling, chatting to people, but increasingly I was helping out in the support areas – more precisely the coding support areas.

For personalisation of these systems, you had the option to place JavaScript code within the header (or footer) of the site, and it would then customise the site. Things that were made varied from the simple, to the complex. I started as a complete failure: no commenting, no indenting, no caching of nodes, no nothing. It was horrible, icky code.

A place kitten for fun

The communities there were great, they’d always suggest ways to help & improve what you were doing and ultimately increase the quality. I then got a pretty call place as a moderator on there, and what not. I worked on a few sweet forums with people that became pretty insanely popular – but later closed.

The main thing that I tell people is to always have a project to work on. I had one, it was called wImg, many people won’t know what that is – or was, unless I send you a screenshot every now & then. However this was my project, a little area for me to play around, and add new things here & there., but it got used…

One of the cool things about the forums I was on, is that I built up friends, and other acquantances, so when I started sharing this site, people would use it as they knew the owner. Anyway, wImg was a very simple image hosting site, it accrued over 100k image uploads, and was hitting over 15 million hits a month, eating through over 1TB of bandwidth – and of course, every server I tried to put it on!

I took the site offline after a while, but I learnt a huge amount: automated S3 backups, efficient file storage, and a load about optimisation. Unfortunately, the things I know now, I didn’t know then. Now, I would be able to run the site, for cheaper & be more efficient with resources.

So, that is my project. It started off as something stupidly small and simple, and escalated as people asked for new features or as I wanted to try new things out. But how the hell did I get to work with the super awesome Dan Eden, and how can you work with awesome people too?

I was an active member of Forrst for a while, reguarly commenting (over 2.5k) on people’s posts, and posting some of my own. They were helpful, friendly and in most cases indepth & comments. I hoped to display my skills to other users, with the intention of hopefully working with someone.

Dan & I had expressed our annoyance that people had posted images of UIs for Forrst apps, but none had ever come to fruition, so we teamed up and got Owlr up and running within a month of first code. I had previously to this helped Dan with some of his questions on Forrst, and also tweeted a few times with/to him.

Throw in some summer work at various companies building some awesome stuff including a full ecommerce site and a Polish/English twitter-esque site, and you now know what I’ve done and how I did it. Oh and did I mention that people still contact me from my old foruming days asking me to do some work for them? Nope, well they do – that is where a large amount of my work comes from.

This isn’t the end, I’ve recently taken on a project with Dan and Jack which is going well and should be released in a short while.

So, instead of trying to make a name for yourself in a sea of big fishes – why don’t you try to become a reliable, and helpful person to the friends/followers that you have currently. A lot of work comes from word of mouth, so build up a good rapport with your friends, and they’ll suggest you on to other people!

Note: I added a cat because I thought I was getting a bit rambly!

cPrompt

Starting on May 26th 2012 sites for any organisation based within the UK (even if their site is hosted overseas) must seek consent to store cookies on a user’s computer, or device. Failure to comply could result in a fine up to £500,000.

The idea is simple, a piece of JavaScript that can be thrown into any page, that can be used to automatically show the above banner to new visitors to check that you are allowed to store cookies. The ability is then in place so that you can simply check what stage of cookies have been accepted with the following line:

cPrompt.checkCookie()
    There are 4 possible returned values:

  1. The user has actively opted out of all cookies on the site. Shows the red notification.
  2. The user has seen a warning about cookies, but neither accepted nor declined, this is classed as inferred acception. Shows the blue notification.
  3. The user has accepted all cookies to the site. Shows the green notification.
  4. The user’s first visit to the site, no cookies accepted or declined. Shows the yellow notifcation.

You should only store/use cookies if the above returns either 1 or 2. Also, the user is able to close the prompt that appears, and by them doing so it will show an icon in the bottom left hand corner of the page that they can click on for more information.

The javascript file is available to download either on Github or here.

Using it around any block of code that stores cookies is as simple as doing this:

if(cPrompt.checkCookie() == 1 || cPrompt.checkCookie() == 2){
    /**
       Cookie Storing Code Here
    **/
}

There are three settings you can change/enable. The ability to hide the whole cookie prompt if the user accepts cookies on the site:

cPrompt.hideOnAccept = true;

the ability to keep the prompt minimised to the bottome left of the page at all times:

cPrompt.minimisePrompt = true;

the option to specify a URL to a cookie policy on your site, this can be done by using the following line of code:

cPrompt.cookieLink = 'http://mycookiepolicy.com/me.html';

Adam Whitcroft

For those of you that don’t know Adam, he working at NY Web Design Company. He’s been in the UK for coming on a year now, before which he lived in Dubai for four years working as a web designer for various companies. Originally from Johannesburg, South Africa, he holds a formal degree in Fashion Design, and has a love for Pandas, Vinyl Art Toys and Jaffa Cakes.

I would assume as a designer that at one point you started out with no knowledge. What 3 tips would you give to someone who might be in the position you were many years ago?

Oh definitely, as with most things you start at the bottom and slowly work your way up.

The first piece of advice is to surround yourself, be it in real life through meetups or online via Twitter and design-oriented social communities like Dribbble, with people who are passionate about what they do in your chosen field. Passion is contagious and just by hanging around them and listening to what they have to say, you will learn more than you’d imagine.

Next, learn by doing. If you aren’t sure how a header was built on a website, inspect the code and then replicate (not copy + paste) what you see. The simple act of retyping the structure and style is a tremendous learning tool.

Lastly, don’t be a dick. Having confidence in what you do is great, but leave your ego at the door. The best way to learn in this community is by chatting to other people and going in with an attitude is the best way to limit your interaction with these people.

Are you self-taught or trained by some satanic beast? If self-taught, has this had any impact on your ability to get a job in the industry that you love?

I am completely self taught and proud of it. Having no formal training has been a stumbling block in the past for sure, but as my career progresses I’m meeting more and more people to whom this means little or nothing, and righty so. Having a degree is important in some (most) fields, but I think it’s largely irrelevant when it comes to web design. Passion for what you do is all you need really – the rest will follow.

You seem to be quite into icon design, but also dabble with some UI mockups, are icons an area of design that you see yourself specialising in, or are you wanting to remain completely open to everything?

While I love designing icons, it’s not something I would want to specialise in. I don’t want to specialise in any single design discipline to be honest. I’d rather be good at a few things than great at one because I get bored very easily, so having a few different things on the go at one time keeps me happy (and busy).

You have just released some pretty awesome weather pictographs called ‘Climacons’, can you tell us a bit about them – what inspired you to do them and how long did they take?

Climacons

Adam’s new Climacons set are a massive hit

Thank you very much – I couldn’t be happier with Climacons and the response they have received so far has been overwhelming. Climacons actually started out as an idea for a simple weather app UI I wanted to design for practice. The initial idea was just to create two icons for this mockapp: a sun and a cloud. Once those two were done I decided to add a few more to the pool, just so if the design required, I would have some extra resources to pull from. The result was 8 icons which I previewed on Dribbbleimaginatively titled ‘Weather Icons’. The response surprised me. Within a few hours of posting, the shot was on Dribbble’s front page! At this point I was having so much fun with these icons, I decided to keep going. I added a few more each evening until I got to where Climacons sits now: 75 icons.

I’ve been approached by a few people already who’d like to use the icons for their own apps, so that’s tremendously exciting for me.

I know I won’t be alone in asking this but – Why didn’t you charge for the Climacons? Or at least asked for a small donation!?

Climacons started out as a few resources for a larger project, so from the very outset there was no thought for monetary reward and this remained even as the project grew. It was only until afterwards when I heard a few people telling me I should have / could have charged for them that I even thought about it.

I’ve worked on a few things for & with you – is there anyone (or a group of people perhaps) that you’d like to work with on a project, if so – who & why?

Yeah, you’ve been an incredible help over the past with things like Sapling (now defunct) and most recently with my new website. As a side note for the people who aren’t aware or haven’t snooped around the code: the header image on my homepage comes right from my Instagram feed. My attempts to wrangle the API into submission were failing dismally so Michael very kindly helped me out!

As far as working with other people, I’m not sure really. I don’t have a list or anything so it’s hard to say. I’d welcome any opportunity to work with just about anyone out there.

I find inspirational people don’t seem to occur in the development world – there isn’t anyone in particular that I aspire to be like. However, in the design world I think it’s different, is there anyone that you look up to – either for their work, or for their knowledge, or anything else?

Oh man, that’s a tricky one as I look up to people for many different reasons. In terms of attitude to life I’d have to say Kyle SteedBrenton Clarke and Rogie King stand out most because they are all insanely talented but so humble. In terms of design style I’d say Tim BoelaarsMatt KaufenbergNick Slater and Justin Mezzell are all turning out incredible work lately. I feel weird singling these people out as there are so many more…

Following people on Twitter is super cool, but I always struggle to find people that are interesting, engage with their followers but also aren’t dicks. Do you have any suggestions for people to follow?

I have an ofttimes strange relationship with Twitter. There are times when I wonder why I use it and more importantly why anyone cares enough of what I say or do to follow me (to those who do, thank you very much, even though I’m not sure why!). Twitter can be a dangerous thing to some – I have seen a marked change in a few people I’ve been following after gaining a level of notoriety within the community. It’s a pity really. I tend to follow people not for who they are or where they stand in the web community, but rather who they are as humans.

I know Joshua Hibbert really loves taking some time away from the internet, to relax, unwind and enjoy the beautiful Australian country (I’m jealous of him!), but what do you do to unwind? Do you escape to the ‘beautiful’ English countryside, or are you a slave to the technological world?

Lately I’m finding I want to get away from the internet in my off-time more and more. I’m lucky enough to live in the countryside already, so I’m surrounded by parks and woods so there are plenty of ways I can (and do) get out for a while.

Is there anything that you want to sign off with?

Thanks for wanting to chat to me! I’m working on a few things, none of which are really earth-shattering (laughs) but I can say that Climacons has a TTF and @Font-face kit in the works, as well as the addition of a few more icons people have suggested to me.

Thanks for taking the time to answer my rambling questions. Just before we finish, where on the internet can people find you & what is the best way to get in touch?

The best place to find me these days is on Twitter or through email, you can visit my Dribbble page or drop past my website where I occasionally write about stuff.

Using ‘bcrypt’ to Store Passwords in PHP

I’m not going to go in depth as to why you should or shouldn’t use one method. All I will say is that you should be using bcrypt to store your passwords, if you’re not – well you should! At least reassure me that you’re using a salt!

To do this, we’ll be using the crypt() method with a unique salt. Now many times people think that a salt needs to be unique for that user, which is true in a lot of cases. But with bcrypt we can use a salt that is unique to that password. We don’t even need to store the password at all – as it is actually inside the returned hash itself!

For a salt we can use something like this:

$2a$15$abcdefghijklmnopqrstuv$

The issue with that is the salt isn’t unique, random or unguessable. The letters that are used within the salt are 22 characters from the collection of: ‘./a-zA-Z0-9’. Ideally we should use a random function, which could use either a microtime at the moment, or even some other crazy method! Here’s a more ideal salt:

$2a$15$Ku2hb./9aA71tPo/E015h.$

Let me just quickly break down the salt for you – it’s ultimately in three parts, one of which I’ve already mentioned. The $2a$ section is an identifier that we are using the BlowFish hashing algorithm. The second part the 15 section is the cost parameter. This is in the range of 4-31, and is the interation count for the algorithm.

Very basically it will make it so that bruteforce attacks take longer, if that number is higher. It’s a way to alter how long the password takes to generate.

Now that we have the salt, generating a hash is as simple as doing this:

crypt('password', '$2a$15$Ku2hb./9aA71tPo/E015h.$');

Below are some words & their hashes:

password 	=> 	$2a$15$Ku2hb./9aA71tPo/E015h.LsNjXrZe8pyRwXOCpSnGb0nPZuxeZP2
password2	=> 	$2a$15$Ku2hb./9aA71tPo/E015h.CNGqVsxZZBYTC/r1Os396YragLJGV.W
mypassword	=> 	$2a$15$Ku2hb./9aA71tPo/E015h.h9vBlPsdHlKzNVtKICiGuyZ8A.1ejiy
1234 		=> 	$2a$15$Ku2hb./9aA71tPo/E015h.8Tj1dOqu1OC3tr87Tke2Ef0zrLZ5ooa
pass123 	=> 	$2a$15$Ku2hb./9aA71tPo/E015h.GXUYuw0uJWtFqjpWvgTPoPFOQV09.rG

People always seem to think they have to store a salt – which you might well have to do for other hashes, but with Blowfish you can just use the following line to check that a password is the same as what is stored:

$currentPassword = '$2a$15$Ku2hb./9aA71tPo/E015h.LsNjXrZe8pyRwXOCpSnGb0nPZuxeZP2';
$checkPassword = 'passwords1';

if(crypt($checkPassword, $currentPassword) === $currentPassword){
	echo 'You are in!';
}else{
	echo 'You entered the wrong password';
}
    It’s as simple as that, just remember:

  • Your salt should never be the same for two passwords.
  • You should never store the salt anywhere.
  • Make your salt as random as possible.
  • Never store your password in plain text – ever!
  • You will need to ensure that the host you have is either on PHP 5.3+ or has CRYPT_BLOWFISH

One separate thing that worries me is sites that are able to send you your password to your email address if you forget it. These sites can’t be using a secure hashing method – they should send you a new password, or ask you to go to a URL to enter a new password.

Critique…

There are a large number of sites out there where people can post sites, designs and even code for others to look at. Most of the cases people ask for ‘feedback’ or for people to suggest how to improve something. This is referred to as asking for critique.

Critique is not limited solely to web, everything is exposed to critique, in this article, I’ll be focusing on it in the web industry as that is what I know most about:

When I was first starting out with coding, I was always answering people’s questions with code. Most of the code that was written was basic, and anyone could write it with their eyes closed. But I was learning – or I thought I was.

The best thing happened to me ever, and that was someone saw my possible potential and asked me if he could advise how I can improve my code. I realised that before this moment I had never actually learnt anything. Sure, I’d learnt what to write, but not how, or why to write it.

I was grateful for this. This critique helped me improve my skills. I started indenting code (I had previously deemed it a pointless thing to do), I used sensible variable names, I understood many cross browser nuances, and more…

I have in the past spent ages writing out large comments on Forrst explaining to someone what they should change about a design. How they can improve their code or even to the point of completely rewriting it for them and explaining how and why I have changed things.

This is provided to people in the same way that I was provided the guidance when I first started. I do this because I hope those I provide these suggestions to thrive off it.

This is where the issues start to show. This is why I, and others I know, are a lot more reluctant to provide critique.

No one can handle the truth…

A lot of people that are starting out, and posting things for critique want to hear that it’s amazing, and that it gave you wet dreams for the next week. They want to get on the front page or be the most popular post, or get the most likes.

A lot of people are grateful for critique, however I think I have come across a lot of people that are actually less grateful for it. Either replying with ‘thanks’, or ignoring what you write.

If you are asking for critique, and I take the time to write it, I’m writing it to promote some discussion, to help you learn. Don’t be a dick and throw it back in my face by writing a half-arsed response, ignoring it or deleting your post.

Don’t ask for critique if you are not going to accept the bad critique that you might get with the good critique. Critique is most probably being provided to help you improve your skills and not to attack you. So swallow your pride and accept that it is to help you, and is not personal!

As an aside, critique that is not backed up with reasoning is pointless. Don’t just say you don’t like something, say why, suggest how to improve it.