I’ve seen lots of login fields that don’t trim the input forms when they test to see if it matches what’s in their database. However, they forget that many people simply copy and paste this information from an email they receive. Depending on how you copy the text from your email, sometimes you will get a linebreak or extra space at the end. Since the password fields are all starred out, you wont even notice the extra space or character at the end and fail to login. I’ve seen other people do this and a few times I’ve had it to me. Because often a site will give you a random password, so it’s easier just to copy and paste it into the login. Trim the username and password fields for the login only, I don’t see any need to do it for registration forms.
Archive for the ‘Web’ Category
Newspaper Websites Wake Up
Sunday, April 18th, 2010Posted in Web · Tags: local
With the competition between Local TV stations and Newspapers heating up, newspapers need to wake up fast.
Pick 1 JavaScript library and stick with it. Some JavaScript libraries don’t play nicely with others, plus it adds to load time.
Weather
Put this on your front page! There is a reason why Mac OS X’s Dashboard widgets, Yahoo’s Widgets (formerly known as Konfabulator), Vista’s Gadgets, iGoogle, Pageflakes all have weather as their most popular module. Weather is very important. I would recommend current conditions, today’s forecast and tomorrow’s at the very minimum. You can then point them to your weather page that has more information on it.
Stop paying Accuweather and Weather.com for weather information. I’ve made several posts on this blog, about how to pull from the free weather data from the National Weather Service with code samples. Most of the data Accuweather and Weather.com get is from the NWS anyway, they just package it up, make it look pretty and give you easy ways to deal with it. With a little time and patience you can pull that data for free and mash it up how you like. Besides, Accuweather has some of the worst customer service there is and that is a well known fact. The amount of time you wasted for them to respond back for something you paid for or for answering a question, you could of used to built it in-house.
Local TV stations often have more accurate weather information than Accuweather or Weather.com, because they have their own local radar; Thus, they can set it up so it updates online by the minute. The only real reason people even bother going to local TV stations is to check the weather.
AP News
AP allows papers to get more page views (and therefore more advertising) for state, national and world news stories. Is it time to replace this method with mashups? Granted you won’t get the full story on your site, but you would get headlines and or a snippet and could put a citation of source. Perhaps this could be the new newswire and get the latest headlines off the social web and then research the stories more for in depth coverage. However, newspapers have a bad habit of not posting the stories or waiting a day until they are done with them, so they have fresh news tomorrow. Stop, put that news out now and have someone come in at 5:00 in the morning to make sure there is fresh and updated news before the morning traffic hits.
Vendor Apps
Stop paying for web apps from other companies. Did you know there is a market for web apps to be built for newspaper verticals (autos, classifieds, jobs, homes, obituaries, etc.) and sold directly to newspapers? The market exists because they know the newspapers don’t want to built their own app from scratch. If your company owns several newspapers why not have each site tackle one app and share it across all sites? Then you can manage upgrades, add new features and fix bugs without paying more fees and yearly costs when you already have developers.
Niche sites, many times a story will require extra data or some kind of flash interface to make it more appealing, I would forgo these and get the other stuff done first. Throwing up a niche site just to sell to advertisers isn’t useful unless you take into account that you should built sites to be used first and take into consideration making a site useful with data people might want. Web sites aren’t just for placing ads all over.
Does your city really need a separate forum app for every niche you have? Consolidate them into one. Same thing with your other sites if possible, consolidate them, with 1 look or feel.
Standards – Yes you know about web standards. But do you know about ad standards? How about setting new standards? How about a standard for how big your homepage can get? A 2mb homepage is unacceptable. Start setting up design standards, just because you released a new site or niche product doesn’t mean it has to get dumped on the homepage as a new block. Take the time to discuss what is most reasonable.
That new Flash 10 video player that takes 20 seconds to load up is unacceptable.
Stop trying to dump everything on the homepage. People can find things, by clicking on links. You don’t need a subnav, when each page has 150+ links. The reason no one can find anything is because there are more than 150 links on every page, adding more is not going to help. Small sites can get away with a subnav, newspaper sites cant. Trying to throw all your data at the top of the page isn’t helpful either. If you really need to promote something, make a block or area to do so. Use some JavaScript, randomize all the other features you have, use tabs if you have to.
Get rid of duplicate links. Small sites might be able to get away with duplicate links on the side or in the footer, but on a huge site, you need to just get rid of them. This isn’t 1995 anymore people know how to click on things and find their way around. There is nothing wrong with someone clicking on a link or two and visiting 2 or 3 pages to find what they want. In fact, that is how the web works, otherwise you might as well just have 1 page for your entire site.
Search – offer this and allow people to narrow down the search by photos, stories, cars and so on. You don’t have to explain how to use a search engine, this isn’t 1996, people have used Yahoo and Google before. Have only 1 search box, not 5. If you can get rid of NewsBank, you should own your own stories and data and be able to provide them to your users for free also. One of the downsides to using 8 different apps for verticals and every other niche site you have is that each one has to do a separate search. What if someone wants to search for every instance of something in photos, news, obits all at once?
How about some white space? Stop trying to fill every gap and hole with another ad or to promote another niche site. Use some JavaScript and randomize that data, then you don’t even have to use a advertising spot to promote your ad, which is probably costing you money to serve house ads in the first place.
Start using so many domain names, I’ve brought this up several times on my blog, but I cannot stress this enough. dallasmorningnewsjobs.com is a waste of money, use a subdomain. Sure $10 a year may not be much but you know very well your paper probably owns about 300+ domains. While some of your domains maybe to protect your brand or market, by grabbing up dallasjobs.com or dallascars.com, be really smart in what you pick and sell the crap. And do you really need much more than the .net or .org for your main site? .biz and .info are very rarely used by good sites (css3.info is probably the only exception on the entire internet).
We live in a age of APIs and mashups, so start using them if you aren’t already.
TV stations are awake and starting to realize they need to get their online presence stronger than it has been. When it comes to weather, breaking news, video and having local news featured, their sites excel. However for in depth stories and a decent site they fail. Too often they don’t even archive their news, which is silly because people might want to look up old stories. Newspapers realized the web was their only saving grace years ago, but they locked down their content, bogged down the site with too many ads and made navigating their behemoths almost impossible.
Calculating the Moon Phase Part 2
Monday, January 4th, 2010Posted in Web Development · Tags: code, php
In an older post about Calculating the Moon Phase, I converted the some code I found to PHP. However the Lunar Phase Calculator has some more information (ecliptic latitude and longitude in degrees, the moon’s distance in Earth radii, etc.), the other one doesn’t, so I went ahead and converted it from JavaScript to PHP.
(more…)
RSS Cron Job
Monday, December 14th, 2009Posted in Web Development · Tags: code, php
If you are on shared web host, you might not have the ability to run lots of cron jobs or be limited to a certain number per hour or day. You might know about the “Poor Man’s Cron Job”, which is basically not to run a task (usually caching some data or fetching a feed, api, etc.) in the background until someone visits a page. Which isn’t ideal, because often the page will be slow or sometimes it won’t be up to date until the second visit (if you run that task after outputting the cached data).
Well one way to get around this is to setup an RSS feed for the data you are caching or outputting and access it with a query string such as “?rss=2.0″ or http://example.com/index.php?rss=2.0. Then you can check to see if the RSS variable was passed and output a RSS feed with just enough data for a feed, no need to put sensitive data in there or anything. I would suggest putting in a ttl node in the RSS feed and set it to something the aggregators like Google Reader, should obey (that way they hit your page more or less frequently, depending on your needs). The item portion of an RSS feed only needs a title or a description, although its probably a good idea to put some kind of guid in there (check the RSS 2.0 spec for more info on creating RSS feeds).
Anyway here is some sample code. It isn’t complete but gives you an idea what I mean.
if ($_GET['rss'] == 2.0)
{
//create RSS 2.0 feed
header('Content-Type: text/xml');
$output = '<' . '?xml version="1.0"?' . '>' . "\n";
$output .= '<rss version="2.0">' . "\n";
$output .= '<channel>' . "\n";
//...
//process your data and output it into RSS 2.0 format
//...
$output .= '</channel>' . "\n";
$output .= '</rss>';
}
else
{
//process your data as normal
}
Then to make sure the page is hit often, place your RSS feed into Google Reader or Bloglines or some other RSS aggregator. Then your site will be visited often and forced to update. No one else really needs to know about your RSS feeds, unless you want them to be public as well.
WordPress Email Exposure
Tuesday, November 3rd, 2009Posted in Web Apps · Tags: code, wordpress
I’ve noticed WordPress’s blog by email feature has the possibility of allowing anyone to see other email addresses. This feature can be turned on in the Admin in Settings->Writings and then Post via e-mail. Let’s say you set that email address as wordpressposts@example.com, that address will stay hidden. However anyone that emails that address will can have their address exposed on your blog by going to http://example.com/wp-mail.php (assuming that’s where you have WordPress installed at http://example.com). Chances are most people will have this set to a cron job and have it check it every so often, but it might be possible for others to request the page beforehand. And when you do go to that page, it shows something like this:
Author is myworkaddress@example.net Author: 1 Posted title: Some Blog Post Title Mission complete. Message 1 deleted.
Thus, if you are using your a email address you’d like to keep private and you are emailing wordpressposts@example.com, that email address has the possibility of showing up to people. Which is not good if you email from the same email address that checks the posts. And even worse if you email from a email address for a user in WordPress and has the rights to post contents because the email will get “publish” status rather than “pending” and will go live on the site. And if someone has the email address that is a user and has posting rights, they can easily send fake emails from that address, because all WordPress checks is the From or Reply-To line (whichever it finds first).
It’s easy to prevent it from showing email addresses by opening up wp-mail.php and looking for this line of code
echo '<p>' . sprintf(__('Author is %s'), $author) . '</p>';
And this line of code
echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), esc_html($post_author)) . '</p>';
And then you could comment those lines out by putting // in front of both of them.
I understand WordPress outputs this information so you can see logged from any cron jobs you have setup or if you visit the page manually, as a way of just knowing whats going on. However, it could be done better to prevent the addresses from being shown to everyone. A simple solution is to setup a query string and have a secretkey (don’t make this your blog’s password however). For example, lets say your blog is installed at http://example.com/, we are going to know require the following URL to check Posts via e-mail http://example.com/wp-mail.php?secretkey=abc123. And if someone doesn’t send the right secretkey, it won’t check the email address or echo anything out.
So before this line of code
/** Make sure that the WordPress bootstrap has run before continuing. */
Let’s add
if ($_GET['secretkey'] != 'abc123')
exit();
Feel free to change the secretkey to whatever you wish. You can also change it to be called something other than secretkey. If you have a cron job, you’ll have to point to that new URL as well http://example.com/wp-mail.php?secretkey=abc123. If you use the secretkey method you can leave the lines where it echoes out the email address if you like (the 2 lines I showed you could comment out).