Firdaus Safari

The Problems with Ride Metric Apps Have you ever wondered how low you lean during a corner? How much Gs you are pulling, your GPS topspeed, your routes and more. Professional Ride Metrics Devices If you’re as much as a nerd as I am, then you must’ve wondered if there was a device to track your lean angle for you. Well the good news is, these devices exists and are commercially ready. You can get the same ride metrics device that some pro-am racers use. Now, the bad news is, these devices are always expensive. Even the cheapest ones can cost you a few thousand ringgits. For a nerd who just wanna see some numbers, I am disappoinnted.  Existing Ride Metrics Apps I thought to myself, technically your phone already have all the sensors you need for a ride tracking app. Surely there must have been dozens of apps that can show me the numbers I want. The good news is, there are dozens of these ride metrics apps available on both Appstore and Playstore. As for the bad news, here are some: P...

Web Security & Best Practices How do you secure your home? By installing locks, only giving your house keys to your family members, making sure the fence is high enough, installing CCTVs, and probably a lot more that I don’t know about. But what about your web application? Is your app secure? How do you even know if it’s secured? How can a person hack an application? In this post I will be sharing about web application security and the best practices. There are a few common exploits a hacker can use against you. Common Exploits SQL Injection Let's start with something basic that you may have heard about. SQL injection prey on applications where a user can affect an SQL query directly. Say you have a table list with a search on top, and you developed this on vanilla PHP with no framework and no input sanitization. Chances are, a user can input an SQL script into the search bar and have direct access to your database. Try this and see:
 ; DROP TABLE users; If the users table is d...

MVC (Model-View-Controller) The most-common, traditional approach where files are grouped by type . CodeIgniter 3 uses MVC. Characteristics: Centralized folders for all Controllers, Models, and Views. Best For: Small to medium-sized projects. Pros: Very simple to set up. You literally can't mess this up. Cons: Might become serabut as the project grows. Still usable though. Directory Example: HMVC (Hierarchical Model-View-Controller) An evolution of MVC. Further organizes files into modules . Characteristics: Each feature has its own folder containing its own MVC structure. Best For: Medium to large-scale projects. Pros: Much cleaner folder structure. Can easily be moved or reused in other projects. HAVC (Hierarchical Asset-View-Controller) A specialized variation of HMVC, popularized by the Trongate framework. Characteristics: Replaces the "Model" folder with an " Asset " folder. Structure: Everything specific to a module, including models, CSS, Java...

Importing large databases sucks. It can take anywhere from as short as 10 min to a few hours. Worse is when it fails mid-import. So here is a faster & more reliable way to import. Disclaimer: This tutorial is only for macOS users. If you’re on windows, good luck. This script can import a 30gb database in under 40min, tested on Macbook M1. Prerequisites: Must use MAMP. Must have Homebrew installed. Install these using Brew brew install pv brew install pigz What it does, in steps: 3 arguments: gzipped SQL file, database name, MySQL user (defaults to root) Disables safety temporarily. Turns off foreign key checks, unique checks, binary logging. Cranks up InnoDB settings. Bigger buffer pool, less aggressive flushing to disk. Decompresses & imports. Uses the faster parallel gunzip (pigz) if available, otherwise falls back to regular gunzip. The pv command shows progress. Restores safety when done. Placing the fast import script Download the file from my GitLab fast_mysql_import.sh ...

Input Validation & Sanitisation Always use CI3's Form Validation library before processing any user input. Never use $_GET , $_POST , or $_REQUEST directly. Always go through $this->input . Always prevent XSS (Cross-Site Scripting) by using $this->security->xss_clean() for other texts not part of the form. Enabling global_xss_filtering in the config may break binary/JSON POST bodies. For APIs, handle XSS manually per field. Cross-Site Request Forgery ( CSRF ) Enable CSRF protection globally in config.php . Always use echo form_open(); since it automatically adds the CSRF token value. If you can't, then include <?= $this->security->get_csrf_token_name() ?> in every form (eg: ajax). SQL Injection Prevention NEVER concatenate user input into raw SQL. Avoid $this->db->query() with raw user input. Always use CI3's Query Builder or prepared statements with bindings . File Upload Security Use CI3's Upload library. Do not use move_upl...