The hard way to write persistent logins:

First create a secret salt:

// For SHA1 hashes
define('SECRET_SALT', 'SHA1 a seekrit salt...');

Then, look for a previous authentication ticket:

// First, check to see if there's an authentication ticket
if($authticket = sha1($_COOKIE['upauth'])) {
  $sql = "SELECT * FROM user WHERE authticket = '$authticket'";
  $result = mysql_query($sql) or die("Failed query: " . mysql_error());
  if($row = mysql_fetch_assoc($result)) {
    if($authticket == $row['authticket']) {
      // Welcome Back
      $_SESSION['username'] = $row['username'];
      $_SESSION['password'] = $row['password'];
      return 1;
    }
  }
}

Set the authentication ticket in the login check:

if($_POST['remember']) {
  $authticket = sha1(SECRET_SALT . $_SESSION['user_id'] . time());
  $sha1ticket = sha1($authticket);
  // Update SHA1 of authticket
  $sql = "UPDATE user SET authticket ='$sha1ticket' WHERE id = {$row['id']}";
  $result = mysql_query($sql) or die("Failed query: " . mysql_error());
  // set authticket in upauth cookie for a year
  setcookie('upauth', $authticket, time() + 31556926);
}

Add the ticket removal code to logout:

// remove upauth cookie
setcookie('upauth', '', time() - 86400);

Note: if you want to make sure that the ticket expiry hasn’t been tampered with, you’re going to need to digitally sign or store the expiration date in the database.

Now, the easy way for permanent logins:

$session_expire = 60 * 60 * 24 * 365;
ini_alter("session.gc_maxlifetime", $session_expire);
ini_alter("session.cookie_lifetime", $session_expire);

I can’t really see anything wrong with this approach actually… Makes your session id’s a bit more exposed (Also, you don’t have a choice for one-time logins, you just have to remember to log out). Not sure how running the ini_alter() affects performance.

Movies to see:

• Control Room
• Garden State – very good, check out Zach Braff’s Garden State Blog
• Hero – hey, Miramax actually brought something over and did it right! Hope they give Infernal Affairs the same respect (out already?)
• Mean Creek
• The Blind Swordsman: Zatoichi
• Open Water
• What the #$*! Do We Know?!

A bunch of co-workers and I swung by Scott Kelby’s Photoshop: Down & Dirty Tour class at the Convention Center today. A lot of very, very good stuff. Among the best:

• shift + plus cycles blend modes when a layer is selected
• making a eurocollage
• movie poster dirty text is made by threshold images and masking
• making product ad shots is simple (reflections, feathering and drop shadows are your friend)
• the Photoshop CS shadow/highlight adjustment tool is awesome
• dodge and burn w/ brush tools on a separate neutral gray overlay layer
• you can export automated PDF slideshows
• everyone looks better at 95% width

So very worth your time and money.

I’ve set up Trac at work twice now. I haven’t had too many problems with that, but it is a couple of steps on Debian.

While not perfect, it is the closest I’ve seen to an integrated SCM/PM/KM tool. Also, it’s progressing pretty well. v0.8 and v0.9 should add most of the missing features that I’d like. It’s written in Python and Clearsilver and is GPL’d.

Similar:

• CVSTrac – similar functionality to Trac but simpler and less refined
• Confluence + JIRA – very nice, in a lot of ways more advanced than Trac (name-spaces, input templates), but commercial software, less straightforward
• Basecamp – 37signals’ ASP’d PM tool, need to give it a spin

The current biggest things I’d like out of Trac:

• Dashboard/Summary page
• Tasks/To-do’s in addition to tickets
• Blog/news for each project
• Centralized system w/ namespaces
• Internal/external messaging/conversations
• Comments/annotations on any item/node
• Versioning for attached files
• Nested components
• Dependencies
• Ticket assignment to multiple users, groups

• Income Gap Up Over Two Decades, Data Show

Hardware edition:

• ATITool – w/ artifact scanner, neat. I just bought an MSI 9800 Pro that booted up recognizing as an XT and went up to 412/365 w/ zero problems. I’ll have to give it a push if I’m feeling bored
• Mike’s Hardware – this is a great site that has product roadmaps for all the latest PC hardware. If I upgrade soon, it looks like Q4 is good. A pair of Raptor HD’s, an NForce4 board, Athlon64 4000, and possibly NV48e. Too addictive.
• Antec Sonata Case Review – this looks like a nice quiet case (not a big deal for me now as all my noisy computers are in a separate room)
• Nvidia GeForce 6600 paper-launch – some pretty amazing performance out of a very reasonably priced card. Too bad it’ll be at least a month or two before you can get your hands on one (this helps my Doom 3 habit how?)

I finally picked up a WRT54G ($61 now, + $10 rebate). This is a v2 model (200MHz MIPS chip), and seems to load up firmware 3rd party firmware ok. The main thing I want is traffic shaping, but stats might be nice too.

• EWRT – a Sveasoft Samadhi2 fork; has NoCatSplash, Wondershaper+iproute2, power selection, RSSI stats reporting, remote syslogging
• OpenWRT – modular system that uses packages for features. Quagga, but no Wondershaper pacakge?
• Wifibox – nice installation, but no QoS
• LinksysWrt54g – might be fun to build my own package

This RIAA TP is a great idea. Maybe there should be a Bush version.

• Fiftyfoureleven.com – a great web development blog w/ an nice design and clean organization