DNS dig

Drupal and DNS Prefetch

In a bid to help you gain performance from your web apps, a new feature introduced with HTML5 is the ability to prefetch DNS resources.  Currently widely supported (Firefox 3.5+, Chrome, Safari 5+ and IE 9+), prefetching is where your browser will in the background to a DNS lookup for the addresses that you give. This means when it comes to access a resource at a host, it can skip the DNS lookup, thus saving precious milliseconds on your load time.

This is one way you can implement prefetching with Drupal, inside a THEME_prerpocess_page() hook.

function MYTHEME_preprocess_page(&$variables, $hook) {
    drupal_add_html_head(array(
    '#tag' => 'link',
    '#attributes' => array(
      'rel' => 'dns-prefetch',
      'href' => '//www.googletagmanager.com',
    ),
  ), 'googletagmanager_dns_prefetch');
}

This will produce the following html in the head of your site

<link rel="dns-prefetch" href="//www.googletagmanager.com" />
heartbleed.ghosty

How we dealt with Heartbleed and Drupal

I just wanted to share how we have dealt with the Heartbleed bug at work in case there is anyone else out there that runs a Drupal site that needs some help.

Obviously we have patched the servers and got new certificates issued, but the job of resetting passwords is the tricky one.  Now we could use the approach of asking our users to change their passwords, but if more than 5% of users actually did that I would be shocked.

Below is a hook_update snippet of code similar to that we have used to force every user to reset their password.

The code works by forcefully ending every users session (by truncating the sessions table).  We then update every users password with a randomly generated password (that we do not know) to prevent them from being able to log in with their insecure password. Finally, we send every user the reset your password email with the one time login link to make it easy for them to get back in.

function HOOK_update_7???() {
  require_once DRUPAL_ROOT . '/includes/password.inc';

  // Log users out.
  db_truncate('sessions')->execute();

  // Generate a password.
  $password = user_password();

  // Hash password.
  $password = user_hash_password($password);

  // Update all the passwords to hashed generated password, not user 0 or 1.
  $updatepass = db_update('users')
    ->fields(array(
      'pass' => $password,
    ))
    ->condition('uid', '0', '!=')
    ->condition('uid', '1', '!=')
    ->execute();

  // Get users to send email.
  $users = db_select('users', 'u')
    ->condition('uid', '0', '!=')
    ->condition('uid', '1', '!=')
    ->fields('u', array(
      'uid',
      'name',
      'mail',
      'login',
      'pass',
      'language',
    ))
    ->execute()
    ->fetchAllAssoc('uid');

  // Send emails to the users
  foreach ($users as $user) {
    $mail = _user_mail_notify('password_reset', $user);
  }
}

Why not use a module like Mass Password Reset? Simple, we run 100+ sites on our installation and it would be a pain to run that on all sites.  This is in our profile so all we have to do is deploy the code and run updates.

Kudos goes out to pbz1912 who actually wrote the code.

Edit

As mentioned in the comment from Luca, it’s not best practice to just send your users the reset password email, but to let them know whats going on.  We also used a similar snippet of code to the one below to add some help text to the login form.

function HOOK_form_user_login_alter(&$form, $form_state) {
  $form['heartbleed'] = array(
    '#type' => 'markup',
    '#markup' => t("

Put your friendly help text in here, it will appear above the login form

"), '#weight' => -50, ); }
6 hours

Managed file upload in Drupal theme settings

So you want to add a managed file field to your theme settings to allow for an additional logo, great! Using FAPI and a theme-settings.php file it will be a piece of cake.  Not so fast….

The sticking point here is that a managed file once uploaded has to have its status changed to 1 to make it persist.  If you don’t change that status then cron will come along and merrily remove it after 6 hours, leaving you with a broken image on your theme.

Add the field to the theme settings in the usual way

MYTHEME_form_system_theme_settings_alter(&$form, $form_state) {
  $form['secondary_logo'] = array(
    '#title' => t('Secondary logo'),
    '#description' => t('A description'),
    '#type' => 'managed_file',
    '#upload_location' => 'public://secondary-logo/',
    '#upload_validators' => array(
      'file_validate_extensions' => array('gif png jpg jpeg'),
    ),
    '#default_value' => theme_get_setting('secondary_logo'),
  );
}

This gets the field on the settings screen, but doesn’t allow you to persist by altering the status.  On any normal form you could use hook_form_submit(), but unfortunately this does not work with theme settings.

The fix is to add a custom submit handler to the form, but due to a bug in the theme settings system you need to specify your theme settings file as a dependency.  Add the following to the MYTHEME_form_system_theme_settings_alter function

$form['#submit'][] = 'MYTHEME_settings_form_submit';

// Get all themes.
$themes = list_themes();
// Get the current theme
$active_theme = $GLOBALS['theme_key']
$form_state['build_info']['files'][] = str_replace("/$active_theme.info", '', $themes[$active_theme]->filename) . '/theme-settings.php'

It is important to note that as you are now altering the $form_state variable you need to add an & to the parameter so that it is passed by reference.

Now you can create the submit handler to actually change the status of the file.

function MYTHEME_settings_form_submit(&$form, $form_state) {
$image_fid = $form_state['values']['secondary_logo'];
  $image = file_load($image_fid);
  if (is_object($image)) {
    // Check to make sure that the file is set to be permanent.
    if ($image->status == 0) {
      // Update the status.
      $image->status = FILE_STATUS_PERMANENT;
      // Save the update.
      file_save($image);
      // Add a reference to prevent warnings.
      file_usage_add($image, 'MYTHEME', 'theme', 1);
     }
  }
}

And there you have it, you should be able to keep hold of your file for longer than 6 hours.

Disclaimer

I was put on the right track to this solution and have used code from this stack overflow question.

xbmc-hardware

XBMC needs hardware accelerated OpenGL rendering

Over the weekend I ran updates on my Ubuntu HTPC, and upon reboot it came up with the following message “XBMC needs hardware accelerated OpenGL rendering”.

It turns out that when I ran the updates it also updated fglrx, the graphics driver to run the AMD chip in my machine.  This update dropped support (or so it seems) for my chip, and as such broke my machine.

The fix as it turns out is fairly simple.  Press ctrl + alt + F1 to drop into a terminal. Then uninstall any fglrx packages that you have installed. Run this to find installed packages then use apt-get to remove them

dpkg --get-selections fglrx*

then use apt-get to remove them

sudo apt-get remove fglrx

Next, add the fglrx-legacy PPA and install the legacy package

sudo add-apt-repository ppa:makson96/fglrx
sudo apt-get update
sudo apt-get install fglrx-legacy

Reboot and you should be good to go, or at least this worked for me.

banner-772x250

Bootstrap Shortcodes

Just a bit of self promotion… Introducing Bootstrap-3-shortcodes.

Something that I have been working on in my spare time has finally made its way onto the WordPress Plugin repository.  The plugin provides a load of shortcodes to help you style your wordpress site using the bootstrap components.

It assumes that you are using a base theme that has bootstrap at its core, such as roots. You can then just use the shortcodes in your content.

Enjoy, and if you have any issues then please head over to the Github repo.

Personal blog of Simon Yeldon