Monthly Archives: August 2011

onchange in ckeditor

I needed to track changes to source in a CKeditor instance, as my recent work uses a lot of “on-the-fly” updating.

Using Alfonso’s onChange plugin, it was a simple matter to capture changes when in WYSIWYG mode.

But that doesn’t work in source mode.

Assuming you’re using the jQuery extension for CKeditor (and if not, why not?), you can capture source mode changes by adding this to your CKeditor’s config.js:

$('textarea.cke_source').live('keyup', function() {

jQuery maskImage plugin

I had a need today to write some code which involved masking one image with another, dynamically.

There is no simple way to do this in JavaScript. The nearest I came to finding working code online that does it was edge.js, but that’s not free.

So, I wrote my own.


Download: zip (25k), bz2 (24k)

In the demo, what’s happening is that an image such as this:

is being used as a mask for another image:

to create a masked image:

For Firefox and Chrome and other recent browsers, it works using pure JavaScript (even works on the iPhone).

For Internet Explorer (sigh) you need to do a little bit of server-side setup.

Basically, on the server-side, make sure you have PHP installed, with the iMagick extension, then make the ‘cache’ directory writable by the server.

To use, insert an image into your document:

<img id="image-id" src="an-image.png" alt="" />

And then apply the mask using jQuery:


Simple, innit! That’s a few hours of my own life dedicated to saving a few minutes of yours 😉

immortality and the multi-verse

Hello kiddies – it’s madness time!

Don’t worry – these are just idle thoughts. I’m not going over the hill into the twilight zone.

The science madness

A number of ideas in recent (last 100 years) physics revolve around the idea that there are multiple universes, or that the same universe keeps splitting into separate universes every time a quantum decision must be made.

As far as I know, these ideas are not testable, but a lot of physicists think that a multi-verse is the simplest solution to a lot of questions, and as Occam’s Razor says, the simplest solution is usually the right one.

The idea that’s bandied about most often is that the universe splits every time a choice is made, so that both choices actually happen – one in one universe, and the other in another universe.

This has the effect that every possible configuration of the universe’s contents exists at some point. In other words, “in an infinite universe, anything is possible“.

What this means, is that at any point in your life where you had to make a decision – get on the plane, talk to the girl, take the job – a version of you exists for every possible decision.

Personally, I don’t believe that the universe splits at each decision – it seems a bit silly. But, I do believe that in infinite time and space, if the “big bang” can happen once, it can happen again, and each time, it just has to be the tiniest bit different, so in effect, there is a universe somewhere for every single moment of this one’s existence, which differs in just one respect. A consequence of this is that even if the universe doesn’t physically divide at each decision, a universe exists for each decision anyway, so it’s as if it happened anyway.

What is you?

In a lot of those universes, a version of you exists. For all purposes, it is you. It has your memories, is built of exactly the same molecules, and lives in a world exactly like yours.

You can ignore all of the universes that don’t have a you in them (and there are an infinite number of those!), because if you paraphrase the anthropic principle, you realise that they really don’t matter – the only universes you could ever experience are those that you exist in (history is written by the victors. In other words, your present you is only possible because all of the failed “you”s are dead and therefore can be written out of history).

In each of these universes, you had a load of different experiences – you lived, died, were rich, poor, etc., which is interesting to think about intellectually (Remember all those times that you wish you’d done something different? Well, you did in at least one other universe.), but not very useful to dwell on, because that’s them, and you’re more interested in you.


I’m writing this post because I’ve survived some interesting things in the past – self-harming during my late teens, standing on the edge of a 5-storey building pissing off the edge while totally drunk, all the narrow misses while skateboarding, getting beaten to a pulp a number of times, breaking my skull when I was 2.

Every one of those events had an alternative where things went the other way. But I’m here right now, which means that in this universe, I’ve survived.

The fact that you’re reading this is very interesting. You have survived all of the events of your past, and have gotten to this point.

What is “you”? The grammar-nazi in me complains about that sentence, but I mean it that way.

“You” is the sum of experiences that makes up your identity – your “soul”.

Here’s an interesting question: when you go to sleep at night, and you don’t dream, there are a few hours during which you are essentially dead to the world. What if you were transported at this point to another universe during those hours which was exactly the same – when you woke up, it would be as if you simply continued living from the previous day in the previous universe and you would be none-the-wiser.

The multi-verse idea says that this happens all the time, that every moment that you experience could very possibly be in a totally different universe that has been rebuilt from scratch.

Quantum immortality

Now we get to the freaky shit.

What if an accident were to happen right now – a meteorite drops through your ceiling, or a microwave explodes, or your partner slips in the middle of knitting and impales you.

In some universes, you would die, and in some, the event would be narrowly missed (and in some, not occur at all).

The important thing to note is that the only “you” that would experience the event is the “you” that survived. You may be damaged by the event, but you would survive and live another day (otherwise, you would not, and that universe can be ignored).

Please dwell on that thought – the only possible you that is reading this article is a you that has survived all previous experiences, but as a consequence of this crazy logic, you will also survive all future events as well.

Let’s look at the logic again:

  • There are an infinite number of universes.
  • There are an infinite number of universes that have “you”s living in them.
  • Every time there is the slightest chance that you would survive an event, there are an infinite number of universes in which you do survive that event.

A very weird consequence of this is that you, the you that is reading this, will never die. Every time an event happens that might lead to your death – a choice you made, a decision someone else made, a natural accident – there are infinite universes in which that event does not happen, and so “you” survive.

No-one else, though

Unfortunately, because of the probabilistic nature of physics, everyone else will die in time. Yes, there are an infinite number of universes in which your loved ones will survive with you, which there are many “bigger” infinities in which they die, and those win out.

This is another mind-bender, because it makes everything very subjective.

From my point of view, I am immortal, and you will eventually die, but that’s because my own experience leads me through a different set of infinities where I am the immortal one.

Every other person that exists has their own set of infinities as well that leads them to immortality.


Well – that’s my moment of madness concluded for today.

In short – shit will happen, but you’ll get over it, a million million times over the next load of centuries.

new API for WebME

As I said in the last post, an API would be required to make the system more testable and more consistent.

I started straight away and wrote up something quickly. Over the next week, it solidified into something that appears to cover any needs that I have.

So here’s how the API works:

Requests are sent to a URL which is generated like this:


The plugin name is optional. Leaving it out means you want to call a core function.

Parameters can be added by adding /key=value pairs to the URL.

An example URL might be this:


Sending that, with a POST parameter for the password, will log me in.

To log out, I can use this URL:



Function Names

mod_rewrite is used to direct a request through a script which tears the URL apart into parameters.

If a p parameter is given, the function is named after the plugin, rewritten to match the WebME coding standard.

For example, if the URL is /a/p=comments/f=editComment, then the “comments” part is rewritten as Comments, and ‘_’ and “editComment” are appended to form the function name “Comments_editComment”, which is called and the result returned to the browser.

For double-barrel plugin names, such as “image-gallery”, the name is rewritten to “ImageGallery”.

If no p parameter is given, then the request is a core function, and “Core_” is prepended to the function name.

For example, the login URL above, /a/p=login calls the function Core_login.

If a function name begins with “admin”, it is an admin function (see below for more on this).

File names

If no plugin name is supplied, then the core API file, /ww.incs/api-funcs.php is loaded. This contained common API functions that might be used by any core script or plugin.

If a plugin name is supplied, then the API file is expected to be located at /ww.plugins/plugin-name/api.php for common functions, and /ww.plugins/plugin-name/api-admin.php for admin functions.

For core functions, common functions are at /ww.incs/api-funcs.php and admin functions are at /ww.incs/api-admin.php

Security things

Having a central point for RPC means that we can apply security rules in one place and know that they cover all scripts. Before-hand, I would sometimes come across scripts and realise that they were open for abuse if someone knows that magic URL incantation. I would silently curse myself or whoever had written the script and fix it up. Now, though, having one single point of entry means I can secure everything at once.

If a function name starts with “admin”, then the script checks to see if the user is logged in and is a member of the administrators group. If not, the API will return an error. It’s as simple as that!

Of course, this doesn’t stop abuse by people that are logged in as admins or who are victims of XSS, but it helps stop a few problems caused by developers not noticing their scripts were open to use by anyone at all.


So now, when people are creating new plugins for WebME, the following could be used as a bare-bones directory structure:

/ww.plugins/plugin-name/plugin.php    details, server-side functions
/ww.plugins/plugin-name/api.php       common RPC functions
/ww.plugins/plugin-name/api-admin.php admin RPC functions
/ww.plugins/plugin-name/admin.js      admin scripts in JS

testing KV-WebME

I’ve been working on my CMS for about 10 years. It’s monstrously huge (41,000 lines, not including external libraries), and for most of those 10 years, I’ve been too busy building it to concentrate on niceties such as comments, testing, code formatting, etc.

This has caused problems in the past. As most programmers know, when you change any one thing, it has a ripple effect and can break things in places that don’t seem obvious at all.

Recently I’ve been remedying this. I’ve been religiously using PHPCS to make sure my code is neat and consistent, and I’ve started writing a test suite.

The most difficult part of the testing is that the CMS is composed of many separate technologies. If it was just a plain old HTML and PHP application, then PHPUnit would be enough, or maybe Selenium.

The problem is, though, that the system uses a large amount of AJAX – especially in the administration areas. No single testing system would do it all.

Another problem has to do with AJAX itself. In jQuery, you can speak to the server by writing something like this:

$.post('/a/server/script.php', {
  "id": 2
}, function(res) {
  // do stuff
}, 'json');

This makes it incredibly simple to speak to any server-side script at all on the server, and promotes it. It becomes tempting when writing new functionality to build new server-side scripts specifically for the new client-side stuff.

This has the effect that there is no single point for RPC (remote procedure calls) which can be tested, making it very difficult to be sure you have covered all potential problems.

To help solve this problem, I’ve recently started converting WebME’s coding style so all RPC is done through a single API (application programming interface) script.

This has a few extra effects which are beneficial:

  • Having a single point of entry into the system makes it easier to secure it.
  • Having an API promotes the construction of a solid method of adding functionality to it – there’s no need to start from scratch anymore, potentially building disparate scripts that are hard to abstract. Instead, it’s now easy to force the code to match a minimum spec.
  • APIs tend to have specific rules for how parameters are passed into it, making it easier to remember what the right parameters are when writing new client-side code. Also, it makes it easier to “guess” what the right parameters are if you’ve forgotten.

The main benefit, though, is that it makes it much easier to test. The URL of the API always stays the same, and the only thing that changes is the parameters sent to the URL. Previously, each separate script would have a different URL and could have any parameter scheme at all.

So, currently, I’m writing tests that use the API directly, speaking to the server directly through URL calls. After I’ve finished writing all of those (hah! if ever), I can get on to testing that JavaScript.