emGee Software Solutions Custom Database Applications

Share this

Web Design

Monthly Web Development Update 1/2018: Browser Diversity, Ethical Design, And CSS Alignment

Smashing Magazine - Fri, 01/19/2018 - 06:17
I hope you had a great start into the new year. And while it’s quite an arbitrary date, many of us take the start of the year as an opportunity to try to change something in their lives. I think it’s well worth doing so, and I wish you the best of luck for accomplishing your realistic goals. I for my part want to start working on my mindfulness, on being able to focus, and on pursuing my dream of building an ethically correct, human company with Colloq that provides real value to users and is profitable by its users.
Categories: Web Design

How To Internationalize Your WordPress Website

Smashing Magazine - Fri, 01/19/2018 - 00:43
On September 30th, 2017, the international WordPress community united for 24 hours to translate the WordPress ecosystem. For the third time, #WPTranslationDay fused an all-day translating marathon with digital and contributor day events designed to promote the value of creating accessible experiences for global users, better known as "localization". As an open-source community, we should all strive to localize our open-source contributions. Before you can transcribe your digital assets though, you have to internationalize your codebase.
Categories: Web Design

Introduction to Forms in Angular 4: Writing Custom Form Validators

Tuts+ Code - Web Development - Thu, 01/18/2018 - 04:00

This is the third part of the series on creating forms in Angular. In the first two tutorials, we used Angular's template-driven and model-driven approach to create forms. However, while detailing both the approaches, there was something that we didn't cover—custom validator functions. This tutorial will cover everything you need to know about writing custom validators that meet your requirements.

Prerequisites

You don’t need to have followed part one or two of this series for part three to make sense. However, if you are entirely new to forms in Angular, you should head over to the first tutorial of this series and start from there. 

Otherwise, grab a copy of this code from our GitHub repo and use that as a starting point.  

Built-in Validators

Angular doesn't boast a huge built-in validator library. As of Angular 4, we have the following popular validators in Angular:

  • required
  • minlength
  • maxlength
  • pattern

There are actually a few more, and you can see the full list in the Angular docs

We can use the above built-in validators in two ways:

1. As directives in template-driven forms.

<input name="fullName" ngModel required>

2. As validators inside the FormControl constructor in model-driven forms.

name = new FormControl('', Validators.required)

If the above syntax doesn't make sense, follow my previous tutorials on building a signup form using a template-driven approach or a model-driven approach and then drop back!

The built-in form validators hardly cover all the validation use cases that might be required in a real-world application. For instance, a signup form might need to check whether the values of the password and confirm password control fields are equal and display an error message if they don't match. A validator that blacklists emails from a particular domain is another common example. 

Here is a fact: Template-driven forms are just model-driven forms underneath. In a template-driven form, we let the template take care of the model creation for us. The obvious question now is, how do you attach a validator to a form?

Validators are just functions. In a model-driven form, attaching validators to FormControl is straightforward. In a template-driven form, however, there is a bit more work to be done. In addition to the validator function, you will need to write a directive for the validator and create instances of the directive in the template.

Diving Into the Details

Although this has been already covered, we will go through a quick recap of the code for the signup form. First, here's the reactive approach.

app/signup-form/signup-form.component.ts // Use the formbuilder to build the Form model this.signupForm = this.fb.group({ email: ['',[Validators.required, Validators.pattern('[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,3}$')]], password: this.fb.group({ pwd: ['', [Validators.required, Validators.minLength(8)]], confirmPwd: ['', [Validators.required, Validators.minLength(8) ]] }, { validator: PasswordMatch }), gender: ['', Validators.required], })

FormBuilder is a syntax sugar that creates the FormGroup and FormControl instances. A FormControl tracks the value and the validation status of an individual form element. A FormGroup, on the other hand, comprises a group of FormControl instances, and it tracks the value and validity of the whole group.

Here's the structure that we have been following:

FormGroup -> 'signupForm' FormControl -> 'email' FormGroup -> 'password' FormControl -> 'pwd' FormControl -> 'confirmPwd' FormControl -> 'gender'

Depending on the requirements, we can attach a validator to a FormControl or a FormGroup. An email blacklisting validator would require it to be attached to the FormControl instance of the email. 

However, for more complex validations where multiple control fields have to be compared and validated, it's a better idea to add the validation logic to the parent FormGroup. As you can see, password has a FormGroup of its own, and this makes it easy for us to write validators that check the equality of pwd and confirmPwd.

For the template-driven form, all that logic goes into the HTML template, and here is an example:

app/signup-form/signup-form.component.html<form novalidate (ngSubmit)="onFormSubmit(signupForm)" #signupForm="ngForm"> <!-- Email input block --> <input type="text" [ngModel] = "user.email" name="email" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,3}$" required> <!-- Password block --> <div ngModelGroup="password"> <input type="password" ngModel name="pwd" minlength ="8" required > <input type="password" class="form-control" ngModel name="confirmPwd" > </div> ... <!-- Select Gender block --> <select id="select" class="form-control" [ngModel] = "user.gender" name = "gender" required> </select> </form>

ngModel creates an instance of FormControl and binds it to a form control element. Similarly, ngModelGroup creates and binds a FormGroup instance to a DOM element. They share the same model domain structure discussed above. 

It's also interesting to note that FormControl, FormGroup, and FormArray extend the AbstractControl class. What this means is that the AbstractControl class is responsible for tracking the values of form objects, validating them, and powering other things such as pristine, dirty, and touched methods. 

Now that we are acquainted with both the form techniques, let's write our first custom validator.

Custom Validator Function for Model-Driven Forms

Validators are functions that take a FormControl/FormGroup instance as input and return either null or an error object. null is returned when the validation is successful, and if not, the error object is thrown. Here's a very basic version of a validation function. 

app/password-match.tsimport { FormGroup } from '@angular/forms'; export function passwordMatch( control: FormGroup):{[key: string]: boolean} { }

I've declared a function that accepts an instance of FormGroup as an input. It returns an object with a key of type string and a true/false value. This is so that we can return an error object of the form below:

{ mismatch: true }

Next, we need to get the value of the pwd and confirmPwd FormControl instances. I am going to use control.get() to fetch their values. 

export function passwordMatch (control: FormGroup):{[key: string]: boolean} { //Grab pwd and confirmPwd using control.get const pwd = control.get('pwd'); const confirmPwd = control.get('confirmPwd'); }

Now we need to make the comparison and then return either null or an error object.

app/password-match.tsimport { AbstractControl } from '@angular/forms'; export function passwordMatch (control: AbstractControl):{[key: string]: boolean} { //Grab pwd and confirmPwd using control.get const pwd = control.get('pwd'); const confirmPwd = control.get('confirmPwd'); // If FormControl objects don't exist, return null if (!pwd || !confirmPwd) return null; //If they are indeed equal, return null if (pwd.value === confirmPwd.value) { return null; } //Else return false return { mismatch: true }; }

Why did I replace FormGroup with AbstractControl? As you know, AbstractControl is the mother of all Form* classes, and it gives you more control over the form control objects. It has the added benefit that it makes our validation code more consistent.

Import the passwordMatch function in the SignupForm component and declare it as a validator for the password FormGroup instance.

app/password-match.tsimport { passwordMatch } from './../password-match'; . . . export class SignupFormComponent implements OnInit { ngOnInit() { // Use the formbuilder to build the Form model this.signupForm = this.fb.group({ ... password: this.fb.group({ pwd: ['', [Validators.required, Validators.minLength(8)]], confirmPwd: ['', [Validators.required, Validators.minLength(8) ]] }, { validator: passwordMatch }), ... }) } } Displaying the Errors

If you did everything right, password.errors?.mismatch will be true whenever the values of both the fields don't match.

{{ password.errors?.mismatch } json }}

Although there are alternative ways to display errors, I am going to use the ngIf directive to determine whether an error message should be displayed or not.

First, I am going to use ngIf to see if the password is invalid. 

<!-- Password error block --> <div *ngIf="(password.invalid && password.touched)"> </div>

We use password.touched to ensure that the user is not greeted with errors even before a key has been pressed.

Next, I am going to use the ngIf ="expression; then a else b" syntax to display the right error.

app/signup-form/signup-form.component.html <ng-container *ngIf="password.errors?.mismatch; then first else second"> </ng-container> <ng-template #first> Password do not match </ng-template> <ng-template #second> Password needs to be more than 8 characters </ng-template>

There you have it, a working model of the validator that checks for password equality.

Demo for Custom Validators in Model-Driven FormsCustom Validator Directive for Template-Driven Forms

We will be using the same validator function that we created for the model-driven form earlier. However, we don't have direct access to instances of FormControl/FormGroup in a template-driven form. Here are the things that you will need to do to make the validator work:

  1. Create a PasswordMatchDirective that serves as a wrapper around the passwordMatch validator function. We will be registering the directive as a validator using the NG_VALIDATORS provider. More on this later.
  2. Attach the directive to the template form control. 

Let's write the directive first. Here's what a directive looks like in Angular:

app/password-match.tsimport { AbstractControl } from '@angular/forms'; export function passwordMatch (control: AbstractControl):{[key: string]: boolean} { //Grab pwd and confirmPwd using control.get const pwd = control.get('pwd'); const confirmPwd = control.get('confirmPwd'); // If FormControl objects don't exist, return null if (!pwd || !confirmPwd) return null; //If they are indeed equal, return null if (pwd.value === confirmPwd.value) { return null; } //Else return false return { mismatch: true }; } //PasswordMatchDirective @Directive({ selector: '', providers: [ ] }) export class PasswordMatchDirective { }

The @Directive decorator is used to mark the class as an Angular directive. It accepts an object as an argument that specifies the directive configuration meta-data such as selectors for which the directive should be attached, and the list of Providers to be injected, etc. Let's fill in the directive meta-data:

app/password-match.ts@Directive({ selector: '[passwordMatch][ngModelGroup]', //1 providers: [ //2 { provide: NG_VALIDATORS, useValue: passwordMatch, multi: true } ] }) export class PasswordMatchDirective { }
  1. The directive is now attached to all input controls that have the attributes ngModelGroup and passwordMatch. 
  2. We extend the built-in validators using the NG_VALIDATORS provider. As previously mentioned, NG_VALIDATORS is a provider that has an extensible collection of validators. The passwordMatch function that we created earlier is declared as a dependency. The multi: true sets this provider to be a multi-provider. What this means is that we will be adding to the existing collection of validators provided by NG_VALIDATORS.

Now, add the directive to the declarations array in ngModule.

app/app.module.ts... import {PasswordMatchDirective} from './password-match'; @NgModule({ declarations: [ AppComponent, SignupFormComponent, PasswordMatchDirective ], imports: [ BrowserModule, FormsModule ], providers: [], bootstrap: [AppComponent] }) export class AppModule { } Displaying Error Messages

To display the validation error messages, I am going to use the same template that we created for the model-driven forms.

<!-- Password error block --> <div *ngIf="(userPassword.invalid && userPassword.touched)"> <ng-container *ngIf="userPassword.errors?.mismatch; then first else second"> </ng-container> <ng-template #first> Password do not match </ng-template> <ng-template #second> Password needs to be more than 8 characters </ng-template> </div> Demo for Custom Validators in Template-Driven FormsConclusion

In this tutorial, we learned about creating custom Angular validators for forms in Angular. 

Validators are functions that return null or an error object. In model-driven forms, we have to attach the validator to a FormControl/FormGroup instance, and that's it. The procedure was a bit more complex in a template-driven form because we needed to create a directive on top of the validator function. 

If you're interested in continuing to learn more about JavaScript, remember to check out what we have in Envato Market.

I hope that you've enjoyed this series on Forms in Angular. I would love to hear your thoughts. Share them through the comments. 

Categories: Web Design

Learning Elm From A Drum Sequencer (Part 2)

Smashing Magazine - Thu, 01/18/2018 - 03:57
In part one of this two-part article, we began building a drum sequencer in Elm. We learned the syntax, how to read and write type-annotations to ensure our functions can interact with one another, and the Elm Architecture, the pattern in which all Elm programs are designed. In this conclusion, we’ll work through large refactors by relying on the Elm compiler, and set up recurring events that interact with JavaScript to trigger drum samples.
Categories: Web Design

Using page speed in mobile search ranking

Google Webmaster Central Blog - Wed, 01/17/2018 - 09:00

People want to be able to find answers to their questions as fast as possible — studies show that people really care about the speed of a page. Although speed has been used in ranking for some time, that signal was focused on desktop searches. Today we’re announcing that starting in July 2018, page speed will be a ranking factor for mobile searches.

The “Speed Update,” as we’re calling it, will only affect pages that deliver the slowest experience to users and will only affect a small percentage of queries. It applies the same standard to all pages, regardless of the technology used to build the page. The intent of the search query is still a very strong signal, so a slow page may still rank highly if it has great, relevant content.

We encourage developers to think broadly how about performance affects a user’s experience of their page and to consider a variety of user experience metrics. Although there is no tool that directly indicates whether a page is affected by this new ranking factor, here are some resources that can be used to evaluate a page’s performance.

  • Chrome User Experience Report, a public dataset of key user experience metrics for popular destinations on the web, as experienced by Chrome users under real-world conditions
  • Lighthouse, an automated tool and a part of Chrome Developer Tools for auditing the quality (performance, accessibility, and more) of web pages
  • PageSpeed Insights, a tool that indicates how well a page performs on the Chrome UX Report and suggests performance optimizations

As always, if you have any questions or feedback, please visit our webmaster forums.

Posted by Zhiheng Wang and Doantam Phan
Categories: Web Design

Understanding And Using REST APIs

Smashing Magazine - Wed, 01/17/2018 - 04:30
There’s a high chance you came across the term “REST API” if you’ve thought about getting data from another source on the internet, such as Twitter or Github. But what is a REST API? What can it do for you? How do you use it? In this article, you’ll learn everything you need to know about REST APIs to be able to read API documentations and use them effectively.
Categories: Web Design

A Comprehensive Guide To UX Research

Smashing Magazine - Wed, 01/17/2018 - 02:30
(This is a sponsored article.) Before embarking upon the design phase of any project, it’s critical to undertake some research so that the decisions you make are undertaken from an informed position. In this third article of my series for Adobe XD, I’ll be focusing on the importance of undertaking user research. Your job title might not be “design researcher”, but that doesn’t mean you shouldn’t at the very least inform yourself of your users and their needs by undertaking at least some initial scoping research before you embark upon a project.
Categories: Web Design

20 Best Tools to Generate Color Palettes

Everyone loves colors. Colors are among the most important elements of every design and artwork. As designers, we work with colors every day. However, it’s not an easy task...

The post 20 Best Tools to Generate Color Palettes appeared first on Onextrapixel.

Categories: Web Design

How Big Is That Box? Understanding Sizing In CSS Layout

Smashing Magazine - Tue, 01/16/2018 - 04:50
A key feature of Flexbox and Grid Layout is that they can deal with distributing available space between, around and inside grid and flex items. Quite often this just works, and we get the result we were hoping for without trying very hard. This is because the specifications attempt to default to the most likely use cases. Sometimes, however, you might wonder why something ends up the size that it is.
Categories: Web Design

Free Online Event On Building And Maintaining Design Systems

Smashing Magazine - Tue, 01/16/2018 - 03:25
(This is a sponsored article.) Everybody's talking about design systems, but they are more than just a trend. They are a best practice for design consistency and efficiency between designers and developers. Back in the day, only large companies could afford the effort of building and maintaining a design system. Nowadays, with the growth of new tools and processes, they have become much more feasible for companies of all sizes.
Categories: Web Design

How To Make A Drag-and-Drop File Uploader With Vanilla JavaScript

Smashing Magazine - Mon, 01/15/2018 - 04:12
It’s a known fact that file selection inputs are difficult to style the way developers want to, so many simply hide it and create a button that opens the file selection dialog instead. Nowadays, though, we have an even fancier way of handling file selection: drag and drop. Technically, this was already possible because most (if not all) implementations of the file selection input allowed you to drag files over it to select them, but this requires you to actually show the file element.
Categories: Web Design

10 Best WordPress Booking & Reservation Plugins

Tuts+ Code - Web Development - Mon, 01/15/2018 - 04:00

Businesses that rely on bookings and reservations can rely on WordPress to help them meet their online business goals.

From haircuts to hotels, and from health salons to consulting firms, these 10 best WordPress booking and reservations plugins from Envato Market are sure to help organizations level up their booking system.

These solutions include basic booking, Google Calendar integration, payments, and much, much more.

1. Bookly – #1 WordPress Booking Plugin

Bookly – #1 WordPress Booking Plugin is more than a WordPress booking and reservation plugin; it is full-featured, fully customizable, and much more.

The inclusion of SMS notifications, online payments, and Google Calendar sync sets it apart from many others.

"Automated online booking & scheduling for WordPress: fully customizable booking form with online payments, notifications, and Google Calendar sync."

Features also included:

  • the ability to book different services, with multiple staff members, at different prices
  • translation ready—includes 10 languages
  • easy payment integration
  • and more

The Bookly – #1 WordPress Booking Plugin is one of the most robust and flexible booking and reservation plugins you'll find.

2. Bookme - WordPress Booking Plugin

Bookme - WordPress Booking Plugin is a multi-purpose booking plugin that cuts away bloated features and delivers a streamlined booking system.

Customers can check availability, make appointments, and pay for services with this WordPress booking and reservation plugin.

Some booking types easily used:

  • consultant booking
  • default booking
  • group booking
  • and more

The number of staff members and services is unlimited, the appearance is fully customizable, and it supports custom fields and time slots.

The Bookme - WordPress Booking Plugin provides all the essential booking and reservation features you want and need, put together in a well-designed package.

3. WordPress WooCommerce Booking And Reservation Plugin

Bring WooCommerce and WordPress together to build a powerful booking and reservation system with the WordPress WooCommerce Booking And Reservation Plugin.

Easily create booking products. Multiple bookings for one day or one booking for many days—this WordPress booking and reservation plugin can handle it.

Manage your booking service attributes such as:

  • dates available
  • bookable periods
  • price multipliers
  • and more

Users can view your booking calendar, find availability, and even book more than one timeslot at a time.

The WordPress WooCommerce Booking And Reservation Plugin brings all the wonderful WooCommerce features and turns it into a powerful booking and reservation tool.

4. Webba Booking - WordPress Appointment & Reservation plugin

Webba Booking - WordPress Appointment & Reservation plugin is one of the best-looking WordPress booking and reservation plugins.

But it's not just about looks. This is a full-featured, robust system.

"Webba Booking is a powerful and easy to use WordPress booking plugin especially thought for Service Providers to optimize their time and for the comfort of their customers."

Features include:

  • online payments with PayPal and Stripe
  • multiple reservations in one session
  • CSV export
  • and more

There are many different notification mediums and types, not to mention reminders. So much is customizable, and the Google Calendar support is stellar.

Webba Booking - WordPress Appointment & Reservation plugin is easily one of the best WordPress booking and reservation plugins.

5. Event Booking Pro - WP Plugin [paypal or offline]

If you want a WordPress booking and reservation plugin that also keeps the offline aspect of booking in mind, then you'll want to consider the Event Booking Pro - WP Plugin [paypal or offline] plugin.

This includes an impressive feature set—and includes:

  • PayPal integration and coupon system
  • Google Maps and Calendar support
  • multiple tickets and sub-tickets
  • fully customizable
  • and much more

If the feature set isn't impressive enough for you, there are several different addons that can be purchased to extend it further.

If you're using WordPress for booking and reservations, consider Event Booking Pro - WP Plugin [paypal or offline].

6. Booki - WordPress Booking Calendar plugin for reservations and appointments

Appointments or reservations? Booki - WordPress Booking Calendar plugin for reservations and appointments can handle them both.

"Create and manage your appointments and reservations online with WordPress booking plugin Booki.""Schedule an appointment and book for a haircut, massage, accommodation, events, fitness, lesson, meeting, parking, rental, taxi, teacher, tickets and hundreds of other services."

Features include:

  • unlimited booking projects and service providers
  • enable online and offline payments
  • unlimited Google Calendar profiles
  • custom form fields
  • and more

The Booki - WordPress Booking Calendar plugin for reservations and appointments provides a unique feature set that's focused on offering important features needed for online booking for appointments and reservations.

7. WPBooking - Accommodation and Tour booking system - WordPress Plugin

With more of a focus on accommodations and tours, the WPBooking - Accommodation and Tour booking system - WordPress Plugin delivers its own flavor of a booking plugin.

It includes a complete list of features that are sure to make online booking and reservations a much smoother process.

"WP Booking is a complete booking solution for accommodation, tour and other services in a light, performance and easy to use plugin."

Features include:

  • create unlimited accommodations, tours, and extra services
  • easy to configure and include multi-language support
  • visitors can see booking history
  • and much more

With multiple payment methods and easy to use reporting, you'll be booking in no time at all with the WPBooking - Accommodation and Tour booking system - WordPress Plugin.

8. WP Quick Booking Manager Pro

Become a booking pro with the WP Quick Booking Manager Pro plugin.

This WordPress booking and reservation plugin provides a friendly booking interface and both multiple language and currency support.

Features include:

  • booking calendar and booking pages
  • easy to use and shortcode support
  • prevents double booking
  • fully responsive
  • and more

Manage your bookings from the WordPress Admin—no matter what you're booking.

The WP Quick Booking Manager Pro provides and quick and basic booking system with plenty of features.

9. Team Booking - WordPress booking system

Leverage the power of Google Calendar for your booking and reservations with the Team Booking - WordPress booking system.

This is "the only booking plugin that lets you use your Google Calendar for scheduling the availability!"

The more you look at the features, the more you realize this WordPress booking and reservation plugin has the greatest value.

A few features include:

  • Google Calendar and Google Maps support as well as translation ready
  • approval and cancel system for both provider and customers
  • customize reservation forms and email notifications
  • and much more

They even provide an API for your custom app.

The Team Booking - WordPress booking system is flexible, robust, and works great with Google Calendar.

10. WP Booking Calendar

If you don't know code, no problem. The WP Booking Calendar plugin has got you covered. This WordPress booking and reservation plugin is fully WPML compatible and includes the basic features you'll need.

"Booking Calendar helps you to easily add to your own WordPress website a powerful and simple booking system in a few minutes."

Features include:

  • customize the number of reservations allowed per slot
  • easy to use interface and CSV export support
  • use an unlimited number of calendars
  • and much more

The WP Booking Calendar gets the job scheduled.

Conclusion

There isn't a huge number of WordPress booking and reservation plugins out there, as the demand isn't very high. At the same time, those that are available in the Envato Market are solid plugins.

Did you find the plugin you were looking for?

If a WordPress booking plugin feature you want isn't listed here, you might consider coding your own. Envato Tuts+ has WordPress tutorials, eBooks, and courses. Try WordPress Plugin Development Essentials or maybe the WordPress Hacker's Guide to the Galaxy. Some helpful eBooks include Useful Tricks and Techniques for WordPress and Mastering WordPress.

Categories: Web Design

Review: Denko WordPress Theme for Your Business

In business, branding is everything. If you present yourself professionally on the web, customers will trust you more and you can generate leads more easily. Thus, an elegant business...

The post Review: Denko WordPress Theme for Your Business appeared first on Onextrapixel.

Categories: Web Design

Air Lookout Is The Side Project That Changed My Design Process Forever

Smashing Magazine - Fri, 01/12/2018 - 05:16
In February of 2015, I began working on an iOS app called Air Lookout. The goal of the app was to simplify and remove any obfuscation of air quality information. After over a year of working nights and weekends, the total net income since it launched in 2016 has been less than $1,000. Even with those numbers, I would relive every hour of work. The one thing that I can’t place a monetary value on is how the experience of creating Air Lookout has completely changed my mind on the process of design and development for every project I have worked on since.
Categories: Web Design

How to Auto Update WordPress Salts

Tuts+ Code - Web Development - Fri, 01/12/2018 - 04:00

If you've ever viewed the core configuration file (wp-config.php) for a WordPress site then you'll probably have noticed a section defining eight WordPress constants relating to security keys and salts:

  • AUTH_KEY
  • SECURE_AUTH_KEY
  • LOGGED_IN_KEY
  • NONCE_KEY
  • AUTH_SALT
  • SECURE_AUTH_SALT
  • LOGGED_IN_SALT
  • NONCE_SALT

Note: wp-config.php is located in the root folder of your WordPress installation by default.

These constants contain security keys and salts which are used internally by WordPress to add an additional layer of authentication and to enhance security.

WordPress uses cookies (rather than PHP sessions) to keep track of who is currently logged in. This information is stored in cookies in your browser.

To make sure that authentication details are as secure as possible, unique keys and salts are used to increase the level of cookie encryption. These are recommended to be long strings (typically 64 characters long) of random alphanumeric and symbol characters.

The AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY security key constants were added in WordPress 2.6, which replaced a single all-in-one key first introduced in WordPress 2.5.

NONCE_KEY was added soon after, in WordPress 2.7. Corresponding salts AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, and NONCE_SALT were added along with each security key, but it wasn't until WordPress 3.0 that they were added to wp-config.php.

Before WordPress 3.0, you could optionally add your own salt constant definitions to wp-config.php, otherwise they would be generated by WordPress and stored in the database.

While the four security key constants are required, if you remove the salt constants from the WordPress config file, leave them at their defaults, or any salt is found to be a duplicate of another, then WordPress retrieves the salt from the database instead.

For new WordPress sites, salts will be generated and stored in the database.

Initially Setting Your Security Keys and Salts

During installation, WordPress doesn't generate unique security keys/salts in wp-config.php. Instead, the same default message is entered for each constant.

If you've just installed WordPress on a remote server then it's recommended that you change the default message for each security key/salt constant to a proper and unique value. 

Sometimes, your host will do this for you if you install WordPress via a custom script. Even so, for peace of mind, you might want to update the security keys/salts anyway soon after installation is complete.

Why Update Keys and Salts?

Even after the security keys and salts have been initially set, it's a good idea to update them every so often. Anything you can do to make your site more secure is generally a good idea.

And even though it's highly unlikely that your passwords (together with security keys/salts) could be broken, updating them periodically makes sense as it safeguards against unforeseen circumstances such as your site backups being intercepted by unwanted third parties, etc.

How to Update Security Keys and Salts

So how do you actually update your security keys and salts? Let's look at a few different methods.

Manually Updating Keys and Salts

You could manually create new values for each constant, but this is rather tedious to do, especially if you have more than one WordPress site to update! Also, each key/salt might not be as secure as it could be.

Fortunately, the nice folks at WordPress have made this process very simple by providing an API to automatically generate the key/salt values for you. All you have to do is visit a secret key URL:

https://api.wordpress.org/secret-key/1.1/salt/

When the page loads, you'll be presented with unique strings for each constant, as shown below:

As you can see, each generated WordPress key/salt is a random sequence of 64 characters. Try refreshing the page a few times to satisfy yourself that the URL generates completely random keys/salts each time.

If you are developing your WordPress site locally then you can simply copy and paste the generated keys/salts directly into wp-config.php to replace the existing entries.

Tip: I'd recommend always using the URL above, which utilizes the secure HTTP protocol.

This will effectively eliminate the chance of anyone intercepting the generated keys/salts when they are returned to you before being displayed in the browser.

If your site is hosted on a remote server then to update the keys/salts you'll need to either access and edit wp-config.php via your server control panel, or via an FTP client that allows editing of remote files, such as FileZilla (free).

Using a Plugin to Update Keys and Salts

If the thought of manually editing remote server files sends your head into a spin then you might want to consider using a plugin instead. This is a very easy way to update your security keys/salts at the click of a button.

There are various plugins available to generate and update your security keys and salts. A relatively new plugin called Salt Shaker, released in October 2016, is a lightweight solution with the added bonus that you can schedule automatic updates of keys/salts to occur whenever you like. And best of all, it's free. Let's take a look at how to use it.

Download Salt Shaker from the WordPress repository or install it directly from your WordPress admin in the usual way. Go to Plugins > Add New and start typing Salt Shaker in the Search plugins... text box. When you see the plugin appear in the list, click Install Now.

After the plugin is installed, an Activate button will appear. Click this to finish setup.

Now that the plugin is active, we can test it. To access the plugin settings, go to Tools > Salt Shaker in the WordPress admin.

Here, we can update the security keys/salts immediately with a single mouse click. As soon as the Change Now button is clicked, a spinning icon appears to the right to indicate the plugin is updating wp-config.php. As soon as the icon disappears, you know the security keys/salts have been updated.

Overall, the plugin works very well and can potentially save you a lot of time, especially if you have multiple WordPress websites. I'd perhaps like to see a couple more options for choosing the time period intervals, such as three months and six months, to increase the plugin's flexibility.

Also, a message clearly stating when the keys/salts have been updated would be useful—as would a further plugin option to automatically redirect to the login page after the keys/salts have been updated.

Alternatively, we can check the Change WP Keys and Salts box and choose when the wp-config.php constants are updated. This is a really nice feature and basically allows you to forget about having to update security keys/salts. Just let the plugin do it all for you!

Remember though, whenever the security keys/salts are updated, you will be required to log in again. This is because cookies relating to logins are invalidated, and so users need to log back in again to update the cookie. 

Therefore, before changing your security keys/salts, it's a good idea to have your login information to hand so you aren't accidentally locked out of your site.

Using an Automation Script to Update Keys and Salts

If you don't want to use a plugin and you have a lot of remote WordPress sites then you could consider using a script to directly update the security keys/salts.

The downside to this is that you need to be proficient in scripting. However, there are several ready-made solutions available, so you don't necessarily have to code your own.

One such script, called WP-Salts-Update-CLI by Ahmad Awais, updates security keys/salts on your local computer or remote server.

To install this script on your computer (macOS only), open a terminal window and enter the following:

sudo wget -qO wpsucli https://git.io/vykgu && sudo chmod +x ./wpsucli && sudo install ./wpsucli /usr/local/bin/wpsucli

This will make an executable script globally available via the wpsucli command. You can run it on your local machine to actively search for all instances of WordPress config files and replace the security keys/salts with new values directly from the WordPress secret key API URL.

When running the script on a remote server, it's recommended to do so from the root folder, i.e. cd /, and then run wpsucli. For more details about the script, see the main information page

Conclusion

In this tutorial, we've covered what WordPress security keys/salts are and why it's important to update them periodically. We've also looked at various ways you can update them, from manually copy/pasting (if you have direct access to wp-config.php) to using a plugin to completely automate the process. If you're familiar with the command line then you can also use a custom script to update local/remote sites fairly easily.

The downside is that you still have to manually run scripts which can be easily forgotten, so rather than having to schedule this into your workflow, using a plugin to automate the process might be the best way to go.

Whatever method you choose, the important thing is to remember that you're adding another layer of security to your WordPress site(s), and anything you can do to achieve that with minimal effort can only be a good thing!

And if you're looking for other utilities to help you build out your growing set of tools for WordPress or for code to study and become more well-versed in WordPress, don't forget to see what we have available in Envato Market.

Categories: Web Design

Universal Principles Of User Experience Design

Smashing Magazine - Fri, 01/12/2018 - 01:48
(This is a sponsored article.) As designers working in an ever-changing field, it’s important that we develop an understanding of the timeless design principles that underpin everything we do. In the second article in my series for Adobe XD, I’ll explore the foundations that enable us to establish some universal principles of UX. These principles, which should sit at the heart of everything we design and build, are critical and will stand the test of time:
Categories: Web Design

Learning Elm From A Drum Sequencer (Part 1)

Smashing Magazine - Thu, 01/11/2018 - 05:00
If you’re a front-end developer following the evolution of single page applications (SPA), it’s likely you’ve heard of Elm, the functional language that inspired Redux. If you haven’t, it’s a compile-to-JavaScript language comparable with SPA projects like React, Angular, and Vue. Like those, it manages state changes through its virtual dom aiming to make the code more maintainable and performant. It focuses on developer happiness, high-quality tooling, and simple, repeatable patterns.
Categories: Web Design

How to Download Files in Python

Tuts+ Code - Web Development - Thu, 01/11/2018 - 04:00

Python provides several ways to download files from the internet. This can be done over HTTP using the urllib package or the requests library. This tutorial will discuss how to use these libraries to download files from URLs using Python.

REQUESTS

The requests library is one of the most popular libraries in Python. Requests allow you to send  HTTP/1.1 requests without the need to manually add query strings to your URLs, or form-encode your POST data.

With the requests library, you can perform a lot of functions including:

  • adding form data,
  • adding multipart files,
  • and accessing the response data of Python
MAKING REQUESTS

The first you need to do is to install the library and it's as simple as:

pip install requests

To test if the installation has been successful, you can do a very easy test in your  python interpreter by simply typing:

import requests

If the installation has been successful, there will be no errors.

HTTP requests include:

  • GET
  • POST
  • PUT
  • DELETE
  • OPTIONS
  • HEAD
Making a GET request

Making requests is very easy as illustrated below.

import requests req = requests.get(“http://www.google.com”)

The above command will get the google web page and store the information in thereq variable. We can then go on to get other attributes as well.

For instance, to know if fetching the google web page was successful, we will query the status_code.

import requests req = requests.get(“http://www.google.com") req.status_code 200 # 200 means a successful request

What if we want to find out the encoding type of the Google web page?

req.encoding ISO-8859–1

You might also want to know the contents of the response.

req.text

This is just a truncated content of the response.

'<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en "><head><meta content="Search the world\'s information, including webpages, imag es, videos and more. Google has many special features to help you find exactly w hat you\'re looking for." name="description"><meta content="noodp" name="robots" ><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta conten t="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image "><title>Google</title><script>(function(){window.google={kEI:\'_Oq7WZT-LIf28QWvMaking a POST Request

In simple terms, a POST request used to create or update data. This is especially used in the submission of forms.

Let's assume you have a registration form that takes an email address and password as input data, when you click on the submit button for registration, the post request will be as shown below.

data = {"email":"info@tutsplus.com", "password":"12345") req = requests.post(“http://www.google.com, params = data)Making a PUT Request

A PUT request is similar to a POST request. Its used to update data.For instance, the API below shows how to do a PUT request.

data= {"name":"tutsplus", "telephone":"12345") r.put("http://www.contact.com, params= data")Making a DELETE Request

A DELETE request, like the name suggests, is used to delete data. Below is an example of a DELETE request

data= {'name':'Tutsplus'} url = "https://www.contact.com/api/") response = requests.delete(url, params= data) urllib Package

urllib is a package that collects several modules for working with URLs namely:

urllib.request  offers a very simple interface, in the form of the urlopen function capable of fetching URLs using a variety of different protocols. It also offers a slightly more complex interface for handling basic authentication, cookies, proxies e.t. c.

How to Fetch URLs With urllib

The simplest way to use urllib.request is as follows:

import urllib.request with urllib.request.urlopen('http://python.org/') as response: html = response.read()

If you wish to retrieve an internet resource and store it, you can do so via the urlretrieve() function.

import urllib.request filename, headers = urllib.request.urlretrieve('http://python.org/') html = open(filename) Downloading Images With Python

In this example, we want to download the image available on this link using both the request llibrary and urllib module. 

url = 'https://www.python.org/static/opengraph-icon-200x200.png' # downloading with urllib # imported the urllib library import urllib # Copy a network object to a local file urllib.urlretrieve(url, "python.png") # downloading with requests # import the requests library import requests # download the url contents in binary format r = requests.get(url) # open method to open a file on your system and write the contents with open("python1.png", "wb") as code: code.write(r.content) Download PDF Files With Python

In this example, we will download a pdf about google trends from this link.

url = 'https://static.googleusercontent.com/media/www.google.com/en//googleblogs/pdfs/google_predicting_the_present.pdf' # downloading with urllib # import the urllib package import urllib # Copy a network object to a local file urllib.urlretrieve(url, "tutorial.pdf") # downloading with requests # import the requests library import requests # download the file contents in binary format r = requests.get(url) # open method to open a file on your system and write the contents with open("tutorial1.pdf", "wb") as code: code.write(r.content) Download Zip Files With Python

In this example, we are going to download the contents of a GitHub repository found in this link and store the file locally.

url = 'https://codeload.github.com/fogleman/Minecraft/zip/master' # downloading with requests # import the requests library import requests # download the file contents in binary format r = requests.get(url) # open method to open a file on your system and write the contents with open("minemaster1.zip", "wb") as code: code.write(r.content) # downloading with urllib # import the urllib library import urllib # Copy a network object to a local file urllib.urlretrieve(url, "minemaster.zip") Download Videos With Python

In this example, we want to download  the video lecture available on this page

url = 'https://www.youtube.com/watch?v=aDwCCUfNFug' video_name = url.split('/')[-1] # using requests # imported the requests library import requests print "Downloading file:%s" % video_name # download the url contents in binary format r = requests.get(url) # open method to open a file on your system and write the contents with open('tutorial.mp4', 'wb') as f: f.write(r.content) # using urllib # imported the urllib library import urllib print "Downloading file:%s" % video_name # Copy a network object to a local file urllib.urlretrieve(url, "tutorial2.mp4") Conclusion

This tutorial has covered the most commonly used methods to download files as well as the most common file formats. Even though you will write less code  when using  the urllib module, the requests module is preferred due to its simplicity, popularity and a wide array of features including:

  • Keep-Alive & Connection Pooling
  • International Domains and URLs
  • Sessions with Cookie Persistence
  • Browser-style SSL Verification
  • Automatic Content Decoding
  • Basic/Digest Authentication
  • Elegant Key/Value Cookies
  • Automatic Decompression
  • Unicode Response Bodies
  • HTTP(S) Proxy Support
  • Multipart File Uploads
  • Streaming Downloads
  • Connection Timeouts
  • Chunked Requests
  • .netrc Support

Categories: Web Design

Designing Friction For A Better User Experience

Smashing Magazine - Wed, 01/10/2018 - 05:24
In experience design, friction is anything that prevents users from accomplishing their goals or getting things done. It’s the newsletter signup overlay covering the actual content, the difficult wording on a landing page, or the needless optional questions in a checkout flow. It’s the opposite of intuitive and effortless, the opposite of “Don’t make me think.” Having said that, friction can still be a good thing sometimes. In game design, for example, friction is actually required.
Categories: Web Design

Real-world data in PageSpeed Insights

Google Webmaster Central Blog - Wed, 01/10/2018 - 00:08

PageSpeed Insights provides information about how well a page adheres to a set of best practices. In the past, these recommendations were presented without the context of how fast the page performed in the real world, which made it hard to understand when it was appropriate to apply these optimizations. Today, we’re announcing that PageSpeed Insights will use data from the Chrome User Experience Report to make better recommendations for developers and the optimization score has been tuned to be more aligned with the real-world data.

The PSI report now has several different elements:

  • The Speed score categorizes a page as being Fast, Average, or Slow. This is determined by looking at the median value of two metrics: First Contentful Paint (FCP) and DOM Content Loaded (DCL). If both metrics are in the top one-third of their category, the page is considered fast.
  • The Optimization score categorizes a page as being Good, Medium, or Low by estimating its performance headroom. The calculation assumes that a developer wants to keep the same appearance and functionality of the page.
  • The Page Load Distributions section presents how this page’s FCP and DCL events are distributed in the data set. These events are categorized as Fast (top third), Average (middle third), and Slow (bottom third) by comparing to all events in the Chrome User Experience Report.
  • The Page Stats section describes the round trips required to load the page’s render-blocking resources, the total bytes used by the page, and how it compares to the median number of round trips and bytes used in the dataset. It can indicate if the page might be faster if the developer modifies the appearance and functionality of the page.
  • Optimization Suggestions is a list of best practices that could be applied to this page. If the page is fast, these suggestions are hidden by default, as the page is already in the top third of all pages in the data set.

For more details on these changes, see About PageSpeed Insights. As always, if you have any questions or feedback, please visit our forums and please remember to include the URL that is being evaluated.


Posted by Mushan Yang (杨沐杉) and Xiangyu Luo (罗翔宇), Software Engineers
Categories: Web Design

Pages

1 2 3 4 5 6 7 8 9 next › last »