web

What Is a PHP File?

What Is a PHP File? – Original article at Tutsplus

PHP is a server-side scripting language which is mostly used to build web-based applications. These may range from a very simple blog website to a full-fledged eCommerce website for selling products online. In fact, PHP is one of the most popular server-side scripting languages, with a very healthy market share.

For those that like to geek out, or just understand what’s going on under the scenes, the above link is a really good breakdown on how PHP (the server aside scripting language I use for a lot of my development projects) work.

Andy Flisher is a Web Developer based in the North East of England with over 20 years software development experience. He is available for hire and specialises in cross platform mobile app development, web applications, desktop software, bespoke cloud architecture solutions and providing outsourced project management services.

IPL – Quote Management and CRM System Case Study

Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies

Summary

International Procurement, a Stockton on Tees (North East) based supplier of severe service isolation solutions, needed a means to better automate and streamline their already complex request, quote, supply and invoicing workflow,

Technical

Client International Procurement – Critical & Severe Service Isolation Solutions

Platforms Web, Web Services, Kashflow

Technologies PHP, CSS, JQuery, Javascript, MySQL, REST API, JSON, Kashflow, SOAP

Development Web Development, Web Services Integration, Kashflow Integration

Case Study

The IPL sales process workflow is complicated by the very precise specification and requirements attached to each and every order, often a customer enquiry for a product will be met with a variety of options from a supplier, may have to meet complex supply requirements (including lengthy import, export and trade embargos), and even build to order solutions.

With that in mind, dotUK built, upon their in-house web services framework, a cloud based software solution that runs in the web browser, and is accessible both internally, to allowed users on the road or in home working environments, and to mobile and smartphone devices over the web, bespoke to IPL’s requirements.

The summary workflow required was in essence;

• Record Enquiry

• Manage Supplier requests (with quote and attached document management) to fulfil the enquiry

• Freeform Quote Generation (Multiple Quotes and Variations)

• Quote to Order process

• Supplier Purchase Order generation to fulfil the client order

• Invoice generation, and customer management to the web based Kashflow accounts software

Where document generation was required we standardised on PDF as a consistent, non-editable output format, and the system automatically maintains copies of the last generated version (eg for quotes), and also maintains an archived history of prior versions.  The system also allows for management of archived records, repeat ordering, and reporting on sales and overdue enquiries.

The Kashflow accounts software integration, also web based, through it’s own SOAP based API meant that simple requests such as pushing invoices into their accounts software moved from being a one line requirement, with traditionally a costly, time consuming and frustrating integration phase, became as simple as it should be.  A custom written Kashflow module was written as an extension to our web services framework that integrated seamlessly, and allowed us to continue using the same methods for data exchange and document generation.  Something that wouldn’t have been possible with traditional desktop based accountancy packages

Christmas Cards for Schools Clustered Print Generation

Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies

Summary

Christmas Cards for Schools based in Middlesbrough here in the North East, part of Fundraising Creations, offer Fundraising solutions for Schools, their primary product being the production of bespoke printed and customised Christmas Card packs personalised with the pupils name, class and of course their own drawing. Having been responsible for the production of in excess of 1.1 million cards in the Christmas 2013 season efficiency and scalability are high priorities

Technical

Client Christmas Cards for Schools Ltd – Middlesbrough based School Fundraising

Platforms Linux, Web, WebServices,

Technologies PHP, Perl, CSS, Jquery, MySQL, REST, ImageMagick, Apache, Clustering

Development Web Development, Web Services Integration, Synchronisation

Case Study

To understand the scale and requirements to create, print and distribute in excess of 1million Christmas Cards in a 3 month period each year it’s probably beneficial to understand the workflow required, and the stages at which dotUK have been able to build out and scale, thus adding capacity each year.

• Participating Schools are sent Artwork kits

• Kits are returned and the drawings are scanned, grouped, and filed into our Web Based storage system

• School batches are processed within our processing cluster leading to the creation of digital print ready personalised images (1 Per child)

• Print ready images are synchronised to the print partner who takes responsibility for print and distribution, feeding back status to the storage system dashboard.

Due to the system being highly seasonal dotUK have built a bespoke hosting infrastructure that offers a cost effective, but highly scalable hosting solution. Services that are required year around are separated from the seasonal processing cluster, thus offering a base line cost for the majority of the year. The processing cluster is build in such a manner, that additional processing nodes can be added at 15minute deployment windows, and will automatically join in the pool of processing power, but can be removed when surplus thus reducing hosting and running costs that are unwarranted.

To maintain maximum data integrity, control, and compliance in excess of UK Data Protection requirements, the hosting cluster and processing engine is a bespoke, privately hosted solution provided, hosted, and monitored by dotUK

Depending on the solution offered to the school the workflow may include digital samples that are offered initially to the school prior to order, but ultimately school co-ordinators enter their school order quantities online through their own access portal, which triggers the print cluster and sync services to push final orders to the print partner.

In addition to the core card generation workflow, we also generate supplementary personalised products, and fully automate other ancillary services such as billing, marketing / kit requests and the ability for parents to view online samples prior to order

Stockton’s Big Challenge Active Travel Portal – Case Study

Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies

Summary

Stockton’s Big Challenge is a web based community competition initially funded by Stockton on Tees Borough Council, NHS Stockton on Tees, the Big Lottery and Sustrans. The aim is to build awareness of Active travel and encourage a healthier lifestyle across Stockton by encouraging people to walk or cycle to work.

Technical

Client: Sustrans / Stockton Active Travel

Platforms: Web, Web Services,

Technologies: PHP, CSS, JQuery, Javascript, MySQL, Animation, Charting

Development: Web Development, Web Reporting, Jquery Animation

Case Study

Stockton’s Big Challenge was pitched as lottery funded concept aimed at encouraging local (Stockton on Tees Borough) Employees, and Employers alike to ditch the car and cycle or walk to work, in essence embrace ‘Active Travel’ and enjoy a fitter healthier lifestyle – all through the power of competitions

The competition premise was simple, each and every time you under took ‘Active Travel’ you logged in to the site, recorded the date, distance, time, and reason for travel. These journeys were then logged and your cumulative total displayed in terms of miles travelled, calories used, kg of fat burnt, kg of CO2 saved, and Parmo’s!

For those not local to Teesside the Parmo is a regional delicacy of note (http://en.wikipedia.org/w…) which through it’s ingredients of cheese, béchamel sauce, and being deep fried has a ridiculously high calorie count!

The Parmo Calculator was the welcomed challenge in the development as the concept was that we would allow site users to visualise their journey in terms of Parmo’s dropping to a plate, the shock factor being the tiny fraction of a Parmo that most journey’s equated to. We also made the calculator available as a stand alone tool that visitors could play with and drum up publicity. It worked, gaining the challenge and dotUK local coverage in local press, radio interviews, and even linked to and referenced by the Wikipedia article above.

The competition itself was broken down to allow businesses of different sizes to also compete by entering teams of employees (the cumulative score of their employees being totalled), as well as the individual completion. All user journeys, their ‘Parmo Counts’ and a dynamically generated report of miles walked / cycled over time was available in the individual users portfolios.

From an administration point of view, all aspect of the system were run form a secure web based control panel, this covers both user management, flagging ‘suspect’ journey logs, content management, and competition and winner management. The competitions were designed to be run time and time again between specific date ranges so we built tools that allow new competitions to be defined and journeys automatically entered between the relevant dates. Some winners prizes were also drawn at random so we created tools that allowed winners to be picker honestly.

When a competition is active the real-time statistics are published to both a widget on the home page and also to a dedicated live results page showing the scoreboard in terms of individuals and employers in the region. To further motivate year on year competition the historical archives of past competition results are permanently available and automatically generated.

Wrapped around the competition element of the site is the content management system. Near all content on the site it controlled through our own build web based content management system. Each page on the front end consists of one or more content blocks and the output content of those blocks is created by the administrator using the WYSIWG (What You See Is What You Get) editor.

This means that the administrator does not need to know, or have any real understanding of HTML or web scripting languages, they can simply type as if it were a regular word processor and format text style, colour, size and alignment with ease. In addition we created a web based media manager which allowed the simple upload of images to be embedded in the content thus allowing for the simple creation of visually rich, engaging content for their community.

Content wise these tools allowed them to manage 20+ pages of unique content instantly on demand, and engaging users beyond the competition. Content included local events, Bike maintenance tips, links to local resources and cycle path maps, the Sustrans Cycle network journey planner and much, much more.

Efiling – Web Based Company Formation Software

Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies 

Summary

Efiling is an award winning online company formations software product that was originally developed by dotUK and had undertaken a number or significant revisions and expansions in the lifetime of the product

Technical

Client Efiling Ltd – Online Company Formations Software

Platforms Web, Web Services, Kashflow, XML Gateway

Technologies PHP, CSS, JQuery, Javascript, MySQL, REST API, JSON, Kashflow, SOAP, XML, Python

Development Web Development, Web Services Integration, Kashflow Integration, Companies House Integration

Case Study

The Efiling Web Based Companies House Software product was initially conceived with the core functional requirements of offering a web based medium through which instruction to the Companies House Gateway could be sent, on receipt of which the gateway would act upon those instructions. Examples of commands which could be instructed include;

  • Formation of a UK Company (Eg Ltd, Plc etc)
  • Add / Modify / Resign a Director
  • Add / Modify / Resign a Company Secretary
  • Articles of Association & Memorandum
  • Change Registered Office

Version 1 of the software, developed exclusively by dotUK was utilising the Companies House Email Gateway, this protocol mean that instructions were issued by embedding commands in the email message subject and the payload (data fields, attachments etc) were embedded in properly formatted email message body. Responses from the Gateway were equally sent via email to a dedicated mailbox which was polled and monitored at the Efiling end.

Efiling is a multi tenanted system, which means the core platform is used by a near unlimited number of brand owners / companies withcompany formation needs. To function in this way data security and segregation is paramount as under no circumstances can data ‘leak’ between tenants on the system, and we built robust practices and data references into place to ensure this never happened. It also added significantly to the complexity of the system as we then had to manage website templates, company names, Companies House account details, email addresses and domains to manage, in essence near every variable in the system had to be configurable on a per tenant basis.

Billing for orders was another challenge to be managed, end user payments were taken by credit card on order, however brand owners were split between pre-pay (An account with a preloaded positive balance of funds) and credit accounts (Accounts with a preset maximum negative balance according to their credit limit), so we built a complex accounting structure that allowed for both charging models, and of course all associated reporting, statements, and invoicing required. Pricing levels (Both to Efiling, and charged by tenants to their clients) was also configurable and changeable on demand.

As the product matured additional features were added, which included expanding the standard statutory Companies House product offerings to allow tenants to offer bespoke, bundled packages, which included their own value add services (eg Company Secretarial, Mail Room services, offline products such as bound articles, hard copies of certificates etc). These were managed on a per tenant basis so significant upgrades to the tenant administration tools were made, and also to Efiling’s own system administration tools which sat above the tenants as an overview.

Soon Companies House began the process of decommissioning the email gateway service, which worked well, but was limited in terms of speed of service due to the delays faced in email delivery, and introduced a new XML based gateway. This gateway is in essence a secure web service that listens real time for commands sent direct over https (secure web traffic) and using documented (mostly!) XML documents as the payload. The benefits this service offered were that responses to instruction delivery were often available instantly, and it allowed us the option to ‘poll’ the gateway periodically for updates as opposed to wait for an email to arrive. It also increased reliability as we were communicating direct with the gateway as opposed to the round robin route email can on occasion take. dotUK were heavily involved in this transition, and the opportunity was taken to significantly improve other areas of the system such as document generation and storage.

Unfortunately it became apparent as the project progressed that some areas of the new gateway functionality were incomplete, undocumented, or not tested which meant we were frustrated in our ability to communicate progress to the client. However we took steps to optimise our time as efficiently as possible and made sure that we managed the project fully, this included taking responsibility for liaising with Companies House direct (who’s hands were tied by their own third party development team) and on occasion direct with the gateway developers themselves. Ultimately we were able to build and conclude testing of instructions in parallel with Companies House as we moved towards the deadline for switch off of the old email service. This was a regulatory deadline and was immovable.

Since then we have also been involved in other third party integrations, such as feeding bank account application into the Barclays Business accounts service (again an XML based gateway) and integration with the Kashflow web based accounts software using their SOAP based API. The advantages of using Kashflow were that it meant tenant accounting transactions were ultimately delivered direct into their accounts package, new customers automatically created, invoices and credits posted, thus automating tenant admin processes, actually reducing the amount of functionality required within the Efiling Back End, and actually adding significant value to the proposition.

For more information about Efiling, or to enquire about licensing their web based company formation software technologies please visit www.efiling.co.uk

H Jarvis Web Based Support Software and Customer Portal

Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies

Summary

H Jarvis, a North East and Marske based Quality Windows and Doors manufacturer head a need to improve upon existing quality control and customer support processes, increase efficiencies in service engineer response, and to allow end users to self service their own support cases

Technical

Client H Jarvis – North East based window fabricator

Platforms Web, Web Services, Outlook Calendar Sync

Technologies PHP, CSS, JQuery, Javascript, MySQL, REST API, iCal / Webcal, JSON

Development Web Development, Web Services Integration

Case Study

H Jarvis are a multi site company with bases of operation in Marske (North East England) and Blantyre (Scotland), and had an existing interconnected IT infrastructure linking the two sites. With that in mind it made sense to build a Web Based Software Solution, in this case utilising dotUK’s own bespoke web services framework.

This framework, built for purpose, is built upon a PHP, MySQL REST based API framework that allows seamless, consistent, and secure data exchange from the hosted API hub and the end client’s browser. Again utilising PHP and JQuery in the web client we were able to offer an improved experience to the end user, without the traditional stop, start, or click and wait frustrations of traditional web software. Functionality wise have built a central support system for all sites which registers and manages all currently active customer support cases, with SLA support and comprehensive management reporting. In addition to case reporting the system also offers manufacturing build orders for remedial work and iCal calendar synchronisation with Outlook.

Fitter appointments are booked by the agents on an informed intelligence basis to minimise unwanted travel time by allocating cases to geographic zones and forward looking appointments to ensure that fitters are booked in when next in the appropriate locale. This appointment picking process also includes real time estimates of travel time so the most informed appointment booking decision can be made.

End use wise the system also includes a web based portal for key clients to view and manage their support cases, including any updates, notes or case changes. This allows end users real time access to updates when they need it, yet at the same time freeing Agent staff from fielding update enquires directly .

The solution is built upon dotUK’s managed web services platform hosted in the North East which allows for scalable database clustering, high availability, and includes 24/7 monitoring and management, and full data backups to an offsite datacentre

You get what you pay for – Mobile App Security

You get what you pay for – App Security

In the course of work this week I had a cause to audit an iOS App that a prospect had had developed by a local competitor here in the North East, the reasoning for this was that the prospective client was looking at moving the hosted back end (ASP .Net, SQL Server – standard stuff) and wanted a price.

The purpose of the audit was to check what network connections the app was making, and correlating with what I knew about the backend hosting, just to make sure there were no surprises, we didn’t have the source code for either end yet, it was just a pricing exercise at this point (As it happens the App is written using PhoneGap so we did have the source code, but my route was quicker).

So, I installed the app, redirected my iPhone through a proxy server, and fired up the app – and proceeded to stare in horror. The app instantly, on first run fired up an un-encrypted, un-authenticated connection to the backend host and promptly downloaded the usernames, password, emails, and more for every user in the system. It then keeps a copy of these locally, and uses those details to authenticate later.

Why is this bad, in laymans terms, because anyone, on the internet, who knew the url the app uses could download the same list. Would people be interested in logging in to this system? Probably not, do people use the same username and password for Amazon, Tesco, Online Banking – absolutely, and there’s the problem.

Solutions, well it’s about paranoia, but key areas;

  • Authentication – Implement simple basic authentication so that the app logs in to the webservice it pulls the data from.
  • Https – Implement and SSL connection, then at least all traffic too and fro is encrypted (important as Basic Authentication is over plain text, so without https it’s still sniffable)
  • Change the login mechanism to completely remove the need to download all user info at all.

What’s really frustrating though, and actually makes the ‘You get what you pay for’ title of this post a misnomer, is this wasn’t a cheap solution.  The client paid a very reasonable amount for this app and solution.  This is the sort of thing we see, and sadly expect, when a ‘cheap’ solution is offered as a counter to ours.  We’re not expensive, but not cheap, we do do things correctly though.  It’s a classic case of the customer not knowing what they’re not getting, they trust, and assume that a professional job is being done, without really asking too many questions about why it’s cheap.

In this case no excuses though, I’ll not name anyone, and we’ve raised the issue with the client – We certainly won’t be taking on the hosting until it’s resolved!

Andy Flisher is a Software Developer based in the North East of England with over 20 years software development experience. He is available for hire and specialises in cross platform mobile app development, web applications, desktop software, bespoke cloud architecture solutions and providing outsourced project management services.