Welcome to another edition of me talking about some website that's been kicking my butt for months on end. If you remember back in this blog, I was beginning to build a revamped version of my family's restaurant website. From what I can gather, and my timestamps seem to be telling the truth on this one, I broke ground on the new site approximately January 29, 2008. Had anyone been around me at the time, I'm sure they would have swiftly commented under their breath "Well, so much for his weekends for the next year". Luckily for me, that wasn't the case this time.

As I mentioned in a previous blog, Rails recently introduced RequestForgeryProtection. I wanted to take full advantage of this functionality to help protect against CSRF-based attacks. I realize it's not a perfect method, but every layer helps. One of the observations I made when reviewing some of my code is that I had a number of actions within my controllers that did not validate the type of HTTP method supplied. Therefore, actions like deleting a blog or media file would work regardless of the HTTP method provided by the user as long as the user was logged in. Not a huge problem, right? Well, not quite.

Over the weekend, Rails 2.0 was released to the masses. Packed with a flurry of changes, I decided to take the plunge. After grabbing a Coke, turning on some music, and firing up TextMate, it was time to rock and roll. One of the new features included in the release was  RequestForgeryProtection, one that I wanted to take full advantage of to help protect against CSRF-based attacks. Considering I've been keeping current with each release cycle of Rails, I was hoping that the upgrade from 1.2.6 to 2.0 would be a piece of cake. Well, long story short, it wasn't. Not suprising I'm sure, but it was another late night of code wrangling that ended up putting me to bed around 5:20am on a Saturday morning.

There are a few sections on the site that utilize what I might call a date picker. For instance, on the webcam page, you can select the date you would like to view and then click submit. Magically the images appear for the date you requested. Also, the music section allows you to view playlists for each day back since the creation of the site. Up until now, these were implemented through three separate drop down menus (month, day, year). Despite it being functional, there had to be a way to make it a little more user friendly.

For anyone that's recently visited the Apple website, you'll notice that they did a complete overhaul of the user interface. Apple must have some of the most talented design engineers on the face of the planet. I find their interface is sleek, well-organized, and actually somewhat fun to use. But this isn't a blog about them, it's a blog about the changes that I've made to the frontpage of the music section. Inspired by the new scrollbar widgetry that Apple has incorporated at the top of a variety of pages, I decided to embark on my own adventure to use this concept in a way that would make for a better user experience.

I've written a fair share of stories myself, most of which include a variety of photos that I wanted to make available to anyone interested. Even with the most recent feature, a custom slideshow, I felt that I had to make the photos accessible in a more convienent way. If you consider for a moment the fact that some stories have over 22 images, you can imagine that it would take quite some time to click through each one in the slideshow and download them individually. Now that's no fun.

This blog marks the first entry on the website created using the rich text editing controls, a feature that's just tonight been added to the list and is now available for those using a Firefox or Internet Explorer browser. Can I get a hoo rah!! Sorry Safari, you'll have to wait until your 3.0 release since tinyMCE only supports the latest builds of webkit. Although tinyMCE is fairly straightforward to get working, making it coexist with all the other functionality on this site was quite a daunting task. Now I can bold, italicize, underline, and strikethrough content with the ease of a few simple button clicks. Those aren't the only options available, but they certainly make my life easier.

It was an early morning here at the apartment and I was just getting ready to sneak in a few levels of Call of Duty 3 before the girlfriend awakened. Unfortunately for me, I checked my email before I picked up the XBox360 controller only to find that random comments were being added to various entries on the website. You guessed it, comment spam and the kind that points you towards those sites only adults should visit. I knew it was only a matter of time, but why the 4th of July? Oh well, I've been meaning to implement captchas for sometime now and courtesy of a variety of spam friendly ip addresses have finally gotten around to spending a few lovely minutes with Rails to do so.

I'm always looking for ways to make improvements to the site. Sometimes the ideas come from my friends, once in a while from users who submit ideas through the feedback form, and other times I'm a victim of my own inspiration. Regardless of where the ideas come from, I sometimes have a hard time keeping my hands of the keyboard even when I should be packing for vacation. Just before the Mayweather fight about a week ago and only a few hours away from my departure to Florida, I decided to add a little more functionality to the search form on the music section.

One of the limitations of the standard search is that when you search for some term, you are returned all results for each album individually. So searching for "oakenfold" would return dozens of results, even though the results only stem from maybe 10 albums. I wanted to make it possible so that you could search and just be returned the albums relevant to the search. Thus, I started writing code.

Since RoR makes it easy to add AJAX functionality, I used the observe_form method combined with the find_by_contents method provided by the acts_as_ferret plugin. With about 20 lines of code and some modifications to my CSS , searching through music is a whole lot easier. To try it out for yourself, just head on over to to the music section and type in a search term. Rather than pressing enter, just watch as the results magically appear before your eyes.

So for anyone in the Rails community, you might have already read about and started using the Pagination module like I have for a number of months. Cooked in by default, it provides an easy and convenient way to implement paging within your web application. However, simplicity doesn't come without an expense. There have been numerous articles (e.g., Things You Shouldn't Be Doing in Rails) that mention how unscalable and inefficient using this functionality can be. Although seductive at first glance, developers should be very careful on how this is implemented. Above and beyond that, the Pagination module is also going to be extracted into a plugin in a future version of Rails.