Archived entries for Web Development

5 ways to make your website a ‘tool’ not a brochure.

by Tom Wittlin

Of late (and I suspect it’s due to burgeoning financial problems) I have experienced a large number of clients coming to me for suggestions on how to improve their website and make it do ‘more’ for them. This is great because for ages I’ve been encouraging them to use it as more than just a pretty picture telling people what they do, so I’ve put together a Smashing Mag style 5 point list on what I have been advising.

1. Email newsletters

It’s the obvious one, but seldom used as well as it should be. We have developed (here comes a mild sale pitch) an amazing enewsletter module for our CMS, it has SO much potential, but of the clients who own one, only a small percentage take advantage of its power. If a person has expressly requested more information on your products or services from your site by signing up - that’s like someone walking into your shop and asking for something - these people are valuable and should not be ignored! The enewsletter shouldn’t just be ’something else you can do every so often’ - if during this so called time of financial crisis you need to raise awareness of your products and services, or more importantly your BRAND, then enewsletters are the perfect way to do this. Regular emails are the equivalent to TV ads, radio ads and billboard posters. Even if people don’t read or act on your story on how you have just moved into new offices, or your report on how the environment is being helped by your charitable efforts, or indeed the launch of a new range, they will have seen it drop in. Chances are they’ll delete it, but they’ll have you logo / name in their mind again and when they DO come to looking for that product or service again, they’re sure as hell more likely to select you over someone else they’ve never heard of. Another thing is to Group your subscribers. Obtain as much information on where they’re from, what they purchased or requested more info on and send them only emails relating to this. If they asked for info on holiday only in the UK and you start firing off cheap flights to New Zealand, they’ll soon think you’re not paying attention to their requirements and probably unsubscribe.

2. Clear message, stronger calls to action

Just today I was looking through some competitors websites as part of my research for a new client, and one of sites I stumbled upon, had I not known what they did previously (by my client telling me), I had to read, click and re-read about 3 pages before I completely understood what they were about, and why I might want what they are offering. I always think there is a tendency among companies to force themselves to appear more complex, advanced and ‘high-end’ than they really need to. Imagining probably that by using long, complicated terms it will elevate them from the competitor. Not true. If you think about when you are looking for anything online, what do you look for first - a site which is easy to use and makes it clear how to get in touch / buy / search for the product you’re after. So BIG clear buttons, do away with a homepage explaining how the company was started in 1915 from a bike shed and has been through XYZ times, try and explain who you are or what you do in less than 20 words.

3. Integration of other elements (Social networks)

Everyone’s banging on about Social Media Marketing, and while it maybe the current buzz word in web strategy, it does have its reasoning for being there. Facebook, Myspace, youtube and twitter plus any others you care to mention, all have drawn huge audiences, and while it’s completely inappropriate for any company to wade in thinking they can wack a few phrases about and dominate Google’s rankings, it is important to understand what getting into these ‘circles’ entails. It’s an entirely different or alternative form of marketing here. There is no taste, feel or touch, so you must go entirely on language - or ‘vibe’. Let’s say you’re selling mobile phones, to simply start targeting people on facebook that show the slightest interest in mobile phones and selling at them will most likely turn them the opposite way you want to go. However, if you show willing to offer assistance and guidance on selecting the right phone, while addressing them in a language they understand, you will build up a trust and in turn loyalty towards your brand. Once you have this, you’re half way there. There is nothing more powerful than a friend telling a friend to check you out as they instantly will trust their judgement. Brand loyalty is what can be gained from effective Social Media Marketing.

4. Know your audience

Websites, like English celebrities, date quickly. So if or when things change within your company, for example to adapt to the changing financial climate you’re company adopts a new method of working or selling or promoting, then your website should reflect this. Quite often website owners base all the content along with the design, on what they feel they themselves, want or like. I know loads of business owners that have very little personal interest in what they do or sell, which is fine, as long as they know how to connect with their audience. If customers feel that you’re just putting up information on your site for the sake of it they are far less likely to feel engaged as with a company who sound like they love what they do as much as the people they’re selling to.

5. Manage content, stay fresh

Continuing on from point 4, to ensure people return to your site, it’s vital you update the information contained within it. For months I was checking a favourite band of mine’s website hoping they would update it on when we could expect more songs / gigs from them but alas, they didn’t. Eventually I gave up, and only recently discovered they had released a new single a while back, through an online music store that happened to be promoting it - if I wasn’t subscribed to their news, I would never have been on and subsequently bought the track. Many people always say to us “but I don’t have the time to update the website”. If this is the case, then I always give the same reply. “You have 3 choices; make time, get someone else in the company to make it their job, or employ us to manage it for you”. It doesn’t take a huge amount. It’s like anything, cleaning the bathroom, cutting the grass, doing the recycling; it’s something you make time for. But because those things physically exist and build up, you recognise the fact they need to be done. If you could physically see users leaving your website each month, perhaps it would persuade different thinking. Part of our new strategy for larger clients with budgets, but not enough time is to effectively become their walking, talking (and most of all, THINKING) CMS’s. We are responsible for ensuring the content stays fresh each month. It would be our responsibility as a creative agency to call the client, find out what’s been happening throughout the month and report it in any way we see fit. Again, this won’t just relate to standard things like hitting sales targets or launching a new product range, we aim to ensure each time something is spoken about or acted on, it is another step in forming a relationship with the customers. So there we go, just some ideas I’ve put together based on recent experiences with our clients, hopefully someone may also find it useful!

Choosing between PHP and MySQL for quick jobs

I recently imported a database which included a selection of French postcodes. Because of a bug with the original export (received in a spreadhseet) some of the postcodes were missing the leading zeros, and some of them actually had more leading zero’s than were required.

Unfortunately the problem wasn’t raised until the data was imported, and a fresh import was going to take me hours. Fortunately all French postcodes are 5 characters long so it was possible to fix this problem programmatically.

When performing a task like this, there’s nearly always two options. Write an SQL query to do it:

UPDATE customers SET postcode = CONCAT('0',postcode) WHERE country = 'france' AND CHAR_LENGTH(postcode) = 4;

or

UPDATE customers SET postcode = SUBSTRING(postcode,-5) WHERE country = 'france' AND CHAR_LENGTH(postcode) = 6;

Or do exactly the same thing using a short PHP script:

$sql = "SELECT id,postcode FROM customers WHERE country = 'france'";
$rs = mysql_query($sql);
while($row = mysql_fetch_assoc($rs)) {
$replacement_postcode = "";
if(strlen($row['postcode']) == 6) {
$replacement_postcode = substr($row['postcode'], -5);
} elseif(strlen($row['postcode']) == 4) { {
$replacement_postcode = "0" . $row['postcode'];
}
if($replacement_postcode  != "") {
mysql_query("UPDATE customers SET
postcode = '" . mysql_real_escape_string($replacement_postcode) . "'
WHERE id = '" . intval($row['id]) . "');
}
}

Although the SQL query is obviously far shorter, neater and more efficient the PHP code offers the benefits of much easier debugging and modification.

I have to admit that 9 times out of 10 I’ll write a PHP script. It may seem like a lot more characters to type, but I value the ease of debugging and find that I tend to write PHP as quickly as I can think it.

Whether to perform quick tasks like this with an SQL query or by writing a short PHP script is a decision which sounds insignificant, but if making the right decision saves me half an hour over the course of a week it can be the difference between a relaxed Friday afternoon game of Quake in the office, or working my socks off right up until 5:30.

‘Access to restricted URI denied’ and BASE href in MooTools

Whilst performing a standard Request.HTML with MooTools 1.2 I suddenly encountered an unexpected ‘Access to restricted URI denied’ error even though the .PHP page I was referencing was in the same directory as the file which was referencing it.

var sendform = new Request.HTML({
url:'ajax-email.php',
update: $('email-response')
}).post($('contact'));

The reason

The problem was triggered by an inconsistent use of the ‘www’ subdomain. The site behaved as expected until I added a static <base> href to the header which included the ‘www’ prefix.

When the page was subsequently accessed without the www prefix the ‘Access to restricted URI denied’ was triggered as the AJAX request from MooTools evidently took the <base> href into consideration and thus resulted in a domain mismatch.

Solution one

Use $_SERVER['HTTP_HOST'] in the <base> href to reinforce consitency.

Solution two

Use a .htaccess file to redirect all traffic from www.domain.com to domain.com or visa versa and thus clear up the ambiguity.

The advantages of visualising design scenarios

Author: Rob Swan

Many moons ago, when I was an undergraduate, I worked as a video game functionality tester in Brighton. There was a lot of pizza and late night gaming involved, but amongst all of the fun I saw the repeated mistakes of many, many developers and it taught me a core concept:

“Learn to visualise all possible design scenarios”

The easiest way to explain is always by example. I recently wrote a new login class for one of our in-house products. The first question I ask myself in this scenario is “what does my login class need to do?”

It’s tempting to think that a login class consists of just three elements:

  1. Allow the user to register
  2. Allow the user to login
  3. Be able to ascertain whether or not the user is logged in

However, if you leave your list as short as that then you will have failed to cater for a number of possible design scenarios – and that’s precisely where so many developers trip over. My list looked more like this:

  1. Allow the user to register
  2. Require email validation for user registration to prevent abuse
  3. Allow the user to login
  4. Be able to ascertain whether or not the user is logged in
  5. Allow the user to update their essential details
  6. Ensure that passwords are stored as an encrypted hash and not in plain text
  7. Provide a public tool to allow for passwords to be reset based on username
  8. The password resetting tool should require email validation before resetting to prevent abuse
  9. Provide an administrative tool to allow the manual updating of users email addresses
  10. Provide an administrative tool to allow manual searching of usernames

Part of being a good programmer is pre-empting these scenarios before they happen, and being able to see the number of complicating factors that makes my list longer than you may think it needs to be.

For example; storing the md5 hash of a password rather than storing it as plain text means that a ‘forgotten password’ tool needs to ‘reset’ passwords rather than just emailing them out, and it’s this change in functionality that means that the tool needs to protected from abuse.

There’s also a very good reason to provide the functionality of points 9 and 10 in my list: if the user forgets their password and has changed their email address then the site administrator is going to need to manually search the list of users and update their email address. This scenario might seem far-fetched, but if the information in the user’s account is valuable then it’s a distinct possibility.

Not every login script needs to be as fully fledged as the one that I just wrote, but if you start writing something that lacks a piece of core funcionality which is later required then you may end up repeating work that you’ve already done and throwing out code that you spent valuable time writing.

Learning to visualise all possible design scenarios saves valuable time. It also invariably leads to better, more functional code, which in turn leads to happier users and satisfied clients.

Writing secure form to email scripts with the PHP mail() function

Author: David Hurst

Spammers all around the globe are profiting on a daily basis from poorly written form to email scripts. Scripts like this can be abused by spammers, who will inject new email headers into the form fields, effectively allowing them to send whatever message they want, to whomever they want, courtesy of your mail server. Once they find a vulnerable script page, they will mercilessly hit it with their spam robots and send as much spam as they can until your server inevitably keels over and dies, possibly taking your websites with it. Cue phone calls from lots of unhappy customers and a time-consuming mail queue clean-up job.

The vulnerability is due to the way email messages are constructed. Each message has headers, including: To; From; Subject, etc. - the problem is that the headers can be sent in any order and in any quantities. As the headers are just plain text lines split by line breaks, the spammers can paste their content (including the required line breaks) into your form box and it will be passed in the POST array. This only creates a problem if you are then allowing any of the form content to form part of the email headers. Let me elaborate:

If you have a box on your form for the visitor to enter their email address, and then you use that data as your From address in the email header, you have effectively given the spammers easy access to the email header, and as a result, carte blanche to send whatever they like through your mail server.

It is very convenient to have an enquiry come through to your inbox with the customers email address in the header, so all you have to do is hit “reply”. This convenience comes at great cost.

It’s relatively simple to write a script that parses through the form data looking for line breaks that shouldn’t be there, or header information where it shouldn’t be. So, there really is no excuse for allowing insecure PHP mail scripts on any website.

Bear in mind that whilst the above measures will stop spammers abusing your mail server, it won’t stop them from trying, and their attempts may be sent through to your inbox like any other enquiry. A simple CAPTCHA system can knock this on the head and help keep your inbox clean, while the changes to your script ensures everyone else’s inbox stays clean too!

Copyright © 2004–2009. All rights reserved.

RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.