Alex Hardy

How time flies: it’s been a full year since I released simpleContact 1.0. Quite a bit has happened since then, so here are the highlights for me…

Progress

As you can see from my downloads page, work has continued on the application. simpleContact currently stands at version 1.2, which I released in December 2007. The details of each version can be found in the release notes.

I’ve tweaked the design of the downloads page and the site in general, and I’m keeping a visual log of those changes in my Flickr account. When I release the “Pro” version it will be re-branded simpleContact “Lite”.

I added a support forum to this website. It’s very early days, but I hope to build a valuable resource. Publishing an application (even a vigorously tested one) is rather like releasing a domesticated animal into the wild – you have no idea where it will find itself and how well it will fare. It seems to be coping well in the big bad world of unpredictable server configurations and usage scenarios.

I’ve also made a personal discovery. To focus on something that’s your own, improving it bit by bit appeals to the perfectionist in me. I find it very satisfying.

Reception

The response from users has been overwhelmingly positive. I don’t mind revealing that I currently average 180 downloads a month, so you don’t need to be a maths whizz to know that I am getting close to a milestone that I will comment on soon.

In version 1.1 I added a rating form to the log out page to help users express their opinions and to promote the application on The PHP Resource Index, a leading script directory. The reaction was great, and it has a solid front-page position in its category. With the release of ‘Pro the attack on its rivals really begins!

Users have been generous, with comments such as these:

“I’m always looking for ways to make my clients’ projects useful and sophisticated, but still affordable. simpleContact makes it easy to deliver an advanced product easily.” Kim D.

“Being a web developer/designer but not a script author, this is an asset. This application, in my opinion, rivals most of the ones designed by other companies that charge a premium.” Alan J.

There’s still a long way to go. I’ve had lots of requests, some of which I definitely plan to include in future releases. “Subject” and “US state” fields in particular have been in demand. I hope to satisfy the need for bespoke options with ‘Pro.

Promotion

I’ve not engaged in any advertising so far, although that will come. I’ve relied solely on word of mouth, directory listings and links in relevant places. Thanks to Andy Prevost, the PHPMailer website in particular has been a strong source of visitors.

I’ll write my first newsletter in a couple of months. A fringe benefit of this project has been that it constantly yields new opportunities to learn and interact with people. To write better, more compatible code, manage versions, user expectations and support requests, stats analysis, PPC, email marketing – all things that you learn best on the job.

I can’t wait to see what I have to say in May 2009!

I’ve been quiet on this website for a few weeks, but I have not been idle. Here’s a quick update on my recent activities:

simpleContact Pro

Development of simpleContact Pro is well underway. I’m currently working on the form builder itself, which is coming along nicely. It would however be premature to announce a release date other than a May/June window. I plan to write a substantial blog post at the start of May that will preview the app (with interface screengrabs).

StumbleUpon

I have got the StumbleUpon bug. I’ve been using it since January, and it is quite addictive to keep a blog of webpages that you like. It has also become a steady driver of traffic to my website. In time I’ll integrate my StumbleUpon blog with this website, since referencing other sites can be valuable, but rarely merits a full post.

Manchester Great Run

I start my overdue training programme tonight, newly bought iPod Shuffle in hand. My fundraising page is set up and I am seeking sponsorship between now and May 18th. I am running for Barnado’s in this, my third Great Run.

I’ll be getting back into regular posts soon, apologies for the brief hiatus.

As I’m now working on simpleContact Pro I need to tackle licensing a commercial self-hosted application. I’ve been looking into how others do it and there seem to be a variety of options. Putting aside price for now, the dilemma is actually a collection of smaller issues:

• I want as many people as possible to use and benefit from my software
• If many people profit from my work and few buy it, I’d call that “getting ripped off”
• Per-domain licensing seems a little bit too strict
• Usage of an app where the code is not compiled would be impossible to police
• My resources are too limited to invest significant time and effort in the above

On reflection, the licensing model I’d like to adopt is as follows:

• Application costs x, for a personal use license (not restricted to one domain)
• Installation for a third party (e.g. a web designer working for a client) dictates a transference of ownership and requires a new purchase
• A user is not permitted to re-sell the software
• They may however charge for installation as a service at their discretion
• Charities or non-profit organisations may request a free copy of the application
• Users are trusted to act in a professional manner – no active policing
• Support will be denied to users who do not have a license

So what do you think?

I’ve added a support forum to this website. I refer to this as a “soft launch” because I haven’t integrated it with the rest of the site, graphically or in the navigation. The only exception is a link on the footer for the downloads page.

My reasons for this are simple:

• I wanted to add a forum to help support current users of simpleContact 1.2
• To get it live before releasing simpleContact 2.0 Pro, so I can document it
• I didn’t want to be sidetracked from building ‘Pro to make the forums purdy

You’ll find sections for FAQs, installation, troubleshooting, requests, miscellaneous and a section that I’ve called “Out and About”. This is where you can earn yourself some link-love by posting about your simpleContact powered website.

Let’s get a discussion going

UPDATE: Added a link to the contact page.

One of the best things about web development is that there is always something new to learn, no matter how much you know. If you want to really learn how to build a solid, portable application then I’m convinced that the best way is to release one.

Users will be swift to report bugs and incompatibilities for you. This isn’t negligent; it’s natural. A developer can’t anticipate all possible configurations and behaviour. Your response is what matters. You may be equally swift to issue a fix, but issues may sometimes go unaddressed because the effort outweighs the benefit.

Issues with simpleContact have been rare, but a self-started forum thread caught my attention last week. A member commented that they hadn’t been able to submit their name properly. I’ve researched the matter and in the interests of transparency I’m going to present what I found and what I plan to do.

Character encoding is a thorny issue that few bother to understand and implement in a considered way. There are articles on the web that cover the subject in detail, so rather than re-hash their points I’ll add some relevant links at the end.

The issue

simpleContact uses MySQL’s default collation, which is latin1_swedish_ci – fine for English and most Western European languages, but other languages (e.g. Greek, Japanese, Russian etc) will not be stored or represented properly. This is a matter I wish to address because I want as many people as possible to use my software.

The ideal course of action would be to process and store data in UTF-8 encoding. UTF-8 is a multi-byte character encoding that supports the characters of just about every language in the world.

Advice abounds for how to reconfigure your server and scripts to use UTF-8, but matters are more complicated when users will host an application on their own site. As developers of apps like WordPress and Mint know, ideal configurations in shared hosting services and availability of non-default PHP extensions like mbstring can’t be guaranteed. Some of the servers I have access to lack the necessary functions.

The easiest thing would be to put up a wall and say “If you don’t have x, you need to get a better host”. Meanwhile back in the real world, users are far more likely to reject an app than swap hosts. A middle ground has to be reached.

The solution

UTF-8 support must be added, but not without respecting a user’s situation. I plan to keep Latin-1 encoding and collation as a baseline standard for compatibility. It is better to support a subset of commonly spoken languages than not to work at all. For users whose server supports mult-byte string functions, the database will be silently upgraded to UTF-8 and appropriate methods will be used in PHP.

Beyond that, there isn’t much else. If you want a truly international solution and your host won’t support mbstring then you really do need to choose another host.

So what next?

I have fixed the feature-set for simpleContact 2.0 Pro and don’t intend to add UTF-8 support to it. When 2.0 is done, it will become a high priority feature in version 2.1, which will be a free upgrade. I will add it to simpleContact Lite in due course.

Useful links

• Joel Spolsky – The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)
• Nick Nettleton – PHP UTF-8 cheatsheet
• Gabriel Walt – StumbleUpon PHP: [Tutorial] Character encoding
• Wikipedia – ISO 8859-1 (Latin-1) and UTF-8

I started work on simpleContact 2.0 Pro tonight. That is, I started to sketch my ideas on paper. To decide what will make the cut for the first release. To start working on answers for the what ifs and formalise the database structure that’s 80% designed in my head. The key features will be:

• Custom form fields. My most requested feature, which was always planned.
• Double opt-in mailing list. Services like Campaign Monitor insist on this.
• CSV export. This acts as a bridge to other software and services.
• Client-side validation. Powered by jQuery, a nice-to-have that I want to add.
• Easy upgrade. simpleContact 1.2 users can migrate settings and data easily.

I’ve gone back to good old fashioned paper because design comes first. I want to use my experience as a web designer to build an elegant solution to real needs. There will be no comparison tick list. I won’t add useless features for their own sake. I’ll be adding some over time however, that I’ve seen nowhere else…

I want to make something that’s remarkable because it makes a difficult thing easy. One user was kind enough to share that he’d tried seven other products without success before simpleContact 1.2. It is very rewarding to get feedback like that.

I’m not going to commit to a release date because of my schedule, but I’m going to aim for May/June. Version 2.0 Pro will cost $25, and the existing free version will remain, re-branded simpleContact Lite. Version 1.3 Lite will follow thereafter.

This is a question I’m asked on a regular basis, so in lieu of a dedicated FAQs page I’ll answer it here. I do not use CAPTCHA filters (as a designer I find them ugly), but I’ll describe the security and anti-spam measures I have in place:

Recipient addresses in database

It’s not unusual for a developer to add the recipient email address(es) to an HTML form as hidden fields. It is a simple matter for a spambot to uncover these addresses. I do not do that – your email addresses are safely stored in the MySQL database.

This also prevents spammers exploiting your website to send emails through your server by overriding the recipients on your contact form.

Server-side validation

Instead of client-side validation that can be bypassed easily by turning off JavaScript in your browser, simpleContact has server-side validation. Form submissions are checked for the following:

• Required fields are completed
• Email addresses are valid
• Character limits are not exceeded

The last point is important. A field’s “maxlength” attribute can be deactivated by tools such as the Firefox web developer toolbar (a legitimate tool that I use myself).

One thing you notice about spammers though is that they tend to submit a lot of text – mostly nonsense. The character limits on fields are enforced in the server-side validation, where they can’t be bypassed. A spambot is likely to fail here.

Escapes submissions to prevent SQL injection attacks

This is more of a database security measure than an anti-spam thing. If submitted data is not processed for certain characters (e.g. ” ) then a hacker could post SQL code through a form to either damage its database or expose data. Wikipedia has a more thorough description of SQL injection attacks.

Suffice it to say, my app is protected from this.

Your password is stored as a salted hash

Simply put, this means that even if your database was compromised, a hacker would not be able to retrieve usable passwords because they are encrypted (rather than stored as plain text).

At the end of the day, noone – not even Google – can honestly claim to have built a 100% spam-proof system. Since last May my WordPress comments form has had about 2,000 spam submissions (thankfully most of which were blocked by Akismet).

What I can tell you is that over that same period I have received one spam email through simpleContact. My clients have reported none at all.

I find that a tolerable amount

Mac users are sensitive little souls. Artistic types. We love our beautifully designed computers and software, but poking around in the guts of our operating system doesn’t come quite as naturally to us as to our PC using friends.

Sometimes though that can be a very worthwhile exercise, such as installing a dev server. Perhaps you have a laptop, and need to be able to work or present when you don’t have internet access (eg: while travelling). Here’s how…

Good news, everyone!

The Apache web server and PHP are already installed as part of Mac OS X and only need to be turned on. The MySQL database server will have to be downloaded and installed, but we’ll cross that bridge when we come to it…

This is an easier job than it used to be and doesn’t have to involve typing code into the Terminal. Marc Liyanage does a fantastic job of creating PHP installer packages if you want to keep your installation bang up to date, but for most purposes the instructions below should be sufficient.

Note: I have used Mac OS X 10.5 Leopard and MySQL 5.0.45 (the latest at the time of writing) on a MacBook Pro. I used TextMate to edit text.

Part 1 – Apache and PHP

1. 

   Start by editing the Apache config file to enable PHP. This file is hidden by default, but you can access it from the Finder’s “Go” menu. Enter /etc/apache2 and confirm to make the folder appear.

2. 

   Open httpd.conf in a text editor. Find the line that says:

   #LoadModule php5_module libexec/apache2/libphp5.so

   Uncomment it by removing the hash. Save the file (you will be asked to enter your admin password).

3. 

   Open System Preferences and go into “Sharing” (under “Internet & Network”).

   Turn on ”Web Sharing”. You now have an active Apache server with PHP. Test this by typing localhost into your browser. You should see the default Apache page.

4. 

   If you feel curious, create a PHP file with the phpinfo() function call in it to see the details of your installation.

   Place your own files in /Library/WebServer/Documents

Part 2 – MySQL

1. 

   First things first: Head on over to MySQL.com and download MySQL Community Server and the GUI Tools.

   As their names indicate, the former is the database software itself while the latter is a collection of graphical tools to make the task of administering MySQL easy for those of us that find the Terminal a bit too scary.

2. 

   I use an Intel Mac, so I got the Mac OS X 10.4 (x86) builds. Take care to download the most appropriate build for your computer and OS version.

   I recommend that you always use the latest GUI tools for the latest features and stability improvements.

3. Mount the MySQL disk image and run the main package first, then install the startup item, finally the prefpane. I needed to restart before MySQL would turn on.

4. 

   Open System Preferences and go into “MySQL” (under “Other”). Tick the box to automatically start MySQL on startup.

   You can install the GUI Tools by dragging them from their disk image to your Applications folder. Nearly there now!

5. It is crucial that you now set a password for the MySQL “root” account. Open MySQL Administrator and log into localhost with root (no password). Under “Accounts” you can assign a password to root, as well as create other database users.

   Avoid using the root account in your applications – use it only for administration.

   That’s it! You can start creating databases and coding the PHP applications that will run on them.

Recommended Reading

If PHP and MySQL are new to you, I recommend PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide by Larry Ullman. In common with other books in the series, this book gives you a solid grounding in the subject, with plain English examples.

If you are already familiar with HTML and maybe a scripting language or two, you should hit the ground running!

If this guide was useful to you or you would like me to elaborate further, please feel free to comment. I’m thinking about writing a series of how-tos in this manner and your feedback would be appreciated.

If you arrived here via a certain update link you’ll already know what this post is about! I’ve released simpleContact 1.2. This is a maintenance release, which doesn’t bring radical changes but improves compatibility and existing features.

New additions

• User options page to edit your email address and password
• Paging in the inbox (the control appears when you have over fifty messages)
• Email addresses in the mailing list and recipients pages are now mailto links
• You can remove someone from the mailing list inside the message view
• “Remember me” checkbox at login (uses a cookie)

Tweaks and fixes

• The function that cleans submitted data now strips out HTML markup
• Dates and times are now formatted in a more clear and international manner
• Fixed for certain server configurations where include paths could break
• The email sending script correctly formats line breaks and quotemarks
• Update check tries again with cURL if fopen is disabled
• password.php updates the sc_admins table when a password is reset
• Formatting of received messages is improved
• The “simpleContact” name now links to the inbox or the login page
• General copy and layout improvements

This will be the last version before the release of simpleContact Pro, which I will start work on in the new year. The applications will exist side by side, with an upgrade path for those that want the advanced features of the Pro version (e.g. custom fields). I also have many ideas up my sleeve for the free version…

But all that’s for another day! Today, head on over to my downloads page and grab version 1.2. I hope you find it useful!

I’ve made a new RSS feed to support the ongoing changes in my website. Instead of a dedicated feed for each project, I’ll have one Downloads feed, um, to rule them all.

I’ll remove the simpleContact blog category and feed in the new year. If you are already subscribed to the simpleContact feed, please subscribe to the new feed.