Simple RSS Parser With lastRSS

LastRSS makes displaying RSS feed easy. Here’s an example:

<?php
// include lastRSS
include "./lastRSS.php";

// Create lastRSS object
$rss = new lastRSS;

// Set cache dir and cache time limit (1200 seconds)
// (don't forget to chmod cahce dir to 777 to allow writing)
$rss->cache_dir = './temp';
$rss->cache_time = 1200;

// Try to load and parse RSS file
if ($rs = $rss->get('http://www.law.gmu.edu/rss/news_all')) {
// Show website logo (if presented)
if ($rs[image_url] != '') {
echo "<a href=\"$rs[image_link]\"><img src=\"$rs[image_url]\" alt=\"$rs[image_title]\"  /></a>\n";
}
// Show clickable website title
echo "<h1><a href=\"$rs[link]\">$rs[title]</a></h1>\n";
// Show website description
echo "<p>$rs[description]</p>\n";
// Show last published articles (title, link, description)
echo "<ul>\n";
foreach($rs['items'] as $item) {
echo "\t<li><a href=\"$item[link]\">".$item['title']."</a>".$item['description']."</li>\n";
}
echo "</ul>\n";
}
else {
echo "Error: It's not possible to reach RSS file...\n";
}
?>

Simple CAS Authentication

The following script makes a private web site accessible only to authenticated users. For example, if you have a career services web site and you only want students to access the materials using their email (university) credentials, this script would do the trick. You don’t need to create separate accounts  for the site.

1. Download phpCAS and unzip/untar it: https://wiki.jasig.org/display/CASC/phpCAS.

2. Place the entire phpCAS directory on your server.

3. Place the following codes in at the top of any .php file that you want the contents to be private. If you want to make the entire site private, just add the script to an include file in the header. The following script is based on a simple CAS client:

<?php

/**
* Example for a simple cas 2.0 client
*
* PHP Version 5
*
* @file example_simple.php
* @category Authentication
* @package PhpCAS
* @author Joachim Fritschi <jfritschi@freenet.de>
* @author Adam Franco <afranco@middlebury.edu>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*/

// Load the settings from the central config file
// require_once 'config.php'; /*commented out by Donny*/
// Load the CAS lib
require_once $phpcas_path . '/CAS.php'; /*This is the path that to the CAS directory on your server, not the URL*/

// Uncomment to enable debugging
phpCAS::setDebug();

// Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
//example: phpCAS::client(CAS_VERSION_1_0, 'login.gmu.edu', 443,'');

// For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below
// phpCAS::setCasServerCACert($cas_server_ca_cert_path);

// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
phpCAS::setNoCasServerValidation();

// force CAS authentication
phpCAS::forceAuthentication();

// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().

// logout if desired
if (isset($_REQUEST['logout'])) {
phpCAS::logout();
}

// for this test, simply print that the authentication was successfull
?>

4. Add the following script to your HTML file to indicate if the user is logged in and also to the allow the user to sign off.

<div>Not <strong><?php echo phpCAS::getUser(); ?></strong>? <a href="?logout=">Sign out</a></div>

phpCAS and WordPress

Make sure your account is in the “Administrator” role, as you won’t be able to login as admin after switching to CAS.

1. Download phpCAS and unzip/untar it: https://wiki.jasig.org/display/CASC/phpCAS

2. Download wpcas.zip and unzip it in wp-content/plugins

3. edit wp-content/plugins/wpcas/wpcas.php and remove or comment out line 57:

/* $wpcas_options['server_path'] == '' || */

4. Create wp-content/plugins/wpcas/wpcas-conf.php with the following content (change “/path/to” to the path to CAS.php that you installed in step 1):

<?php

// the configuration array

$wpcas_options = array(

'cas_version' => 'S1',

'include_path' => '/path/to/CAS.php',

'server_hostname' => 'login.gmu.edu',

'server_port' => '443',

'server_path' => ''

);

// this function gets executed

// if the CAS username doesn't match a username in WordPress

function wpcas_nowpuser( $user_name ){

die('you do not have permission here');

}

?>

4. Login with an account that’s in the Administrator role.  In “Plugins”, activate the wpCAS plugin.

5. If possible, test in a separate browser.  When you click “Log in” you should be redirected to https://login.gmu.edu.  Type in your PatriotPass NetID and password.  You should be redirected back to your WordPress site.

Turning Out the LAMP

Notes from Computers in Libraries 2013 Workshop

mod_php is a resource hog. php-fcgi improved on mod_php. php-fpm improved php-fcgi.

Process-driven vs. Event-driven

NGINX: web server uses event-driven process.
Faster than Apache
Scaleability
Low-resource application
Fast

Node.js: Server-side JavaScript
Built on Google’s V* JS engine
self-contained
built-in web server
robust
blazing fast

Node.js will replace Apache
JavaScript will replace PHP

NoSQL (Not Only SQL)
Document database. Enter as it.
Example: mongoDB, CouchDB, redis

Hacking 101: Protecting Sites & Visitors

Notes from Computers in Libraries 2013 Workshop

Quick Wins

Update everything
If you carry it, put a password in it
Don’t trust anything
Backup
Use second factor of authentication (Example: Google)
Own the email, own the person
Good passphrases

Browser

Use two updated browsers
Know your setting
Plugins/Ad-ons
Limit JavaScript
Block Ads
Block Java, Flash, Acrobat

WordPress

WP Scan
Keep it update
File permission
ModSecurity

Mobile Discovery & Search

Notes from Computers in Libraries 2013 Workshop

Don’t wait for prototype. Test as soon as possible.

Mobile Search

  • FreedomPop (Internet access)
  • Quixey (search engine for apps)
  • CloudMagic (one search for emails, tweets, etc.)
  • CORE (An Open Access Repository With a Mobile App)
  • Mobile Security (Consider Buying Access to a Virtual Private Network)
  • Newsblur (RSS Reader for Mobile)
  • Bitcasa Cloud via Mobile Devices

Improving Search & Discoverability of Digital Content

Notes from Computers in Libraries 2013 Workshop

  • The rise of ebooks and ereaders.
  • The rise of self-publishing.
  • The rise of independent publishers.

Problems

  • Loss of ownership
  • Loss of discounts
  • Loss on integration
  • No used ebooks

The Douglas County model

  • Adobe Content Server
  • Assigned DRM
  • HTML5-based online eReader
  • VuFind discovery layer
  • Visual displays of eContent
  • Buy Now link
  • Patron-driven acquisition

Learn more: evoke.cvlsites.org

New Web Tech: Upping the Online Game

Notes from Computers in Libraries 2013 Workshop

Two speakers talked about make web site visual. Teens love photo, but hate text. Use social media services such as Instagram, Flickr and Pinterest.

Another speaker suggests buying an expansive ($50 to $100) responsive theme to save the development cost later.

The speaker is not quite getting the concept of adaptive design correctly. Adaptive design is not about hiding things in mobile devices.

Another speaker walked through Twitter Bootstrap.