[Day 9] Starting to Tidy Up For the Launch

[Day 9] Starting to Tidy Up For the Launch

In case you’re not reading the entire text below: There will be no Day 10 post tomorrow! Read the last paragraph to find out why.
Today I’m sharing with you a few thoughts on input validation, a review of today’s activities and the plan for the next few days.

 


The User Can’t Be Trusted

When giving users the opportunity to interact with your database, which is essentially what happens if you provide an input form and save their data, there can only be one rule: Never trust the users input. HTML, CSS and Javascript are all running on the user’s client – this means no matter how many form validations you include, the data can be tampered with by people who have no bad intentions.

One example: if you don’t verify that an incoming email address is actually an email address, someone could have put malicious code in there that is dangerous for our website and its users. It works a little bit like the Trojan horse. This is why all data that’s incoming to the server needs to be sanitized and validated first, in our case using PHP, before it is transmitted into the database.

And this is one more area where we can see the advantages of using WordPress. The platform comes with a wide range of predefined functions that help us sanitize and validate data and prepare it for the database. The essential rule when doing that is: Know exactly what input you are expecting and ensure that this is exactly what you’re putting in. That’s the whitelist method. The opposite is the blacklist method, where you only protect yourself against a set of known risks. Generally not a good idea. That’s like living in the middle ages, building a shield and thinking you’re completely protected because no one can attack you with a sword anymore. Until someone invents gun powder and shoots you in the face. Only difference today is – new weapons are created daily on the internet.

So for a good part of today I was busy building a tiny fortress to keep the user’s data and our system as safe as possible. Of course, our friends at WordPress have another guide on keeping your data sanitized and secure.

 

Coders Are Amazing First Principle Thinkers

I mentioned an error yesterday that was still not resolved when I published yesterday’s post. It was an issue where job application records of users with the role “subscriber” wouldn’t be stored in the database while everything worked fine for administrators. I was desperately trying to figure out what was wrong with my database configuration and had like 29832 browser tabs open at the same time trying to find the solution. But sometimes going away from the problem helps you solve it much faster because you come back to it with a fresh mind. That was the case when I went away from it to write and publish the post.

Coming back to the problem and looking at it from a different perspective, I figured out that the problem was in my PHP code and not in the database. Took 5 minutes to solve. (For the technically savvy amongst us: I was using the admin_post hook to trigger the function that would store the user input values in the database. What I didn’t know that non-admins apparently cannot trigger the hook, so I had to add the wp_ajax hook additionally.)

Then I thought about how coders actually have to be really good first principle thinkers. Because if a problem pops up and you’ve got no idea where it comes from, you have no other choice that to dig down to the exact root cause and test core assumptions to work your way to the solution.  First principle thinking at its best.

 

Today’s Achievements & Tomorrow’s Remaining Activities

This is how our story board looks like today.

(click to enlarge)

Time and a few issues along the way didn’t allow me to start on any of the “nice-to-have” user stories unfortunately, but the “must-have” stories are almost done and just need to be tested. But that way we have a nice backlog for future functionality. The day tomorrow will be packed with testing, bug fixes and UI and usability improvements. Instead of focusing on cramming in more functionality before the launch, I want to focus on making the user experience as smooth as possible (and as smooth as my skills allow).

 

Last But Not Least: The Launch Plan

The highly attentive amongst you guys might have noticed that tomorrow is the tenth and final day of our series. 🙂 That is very true and I already want to share the plan with you today.

News Part 1: The day 10 post is NOT going to be there tomorrow. I’ve thought about this and there are two reasons why I decided that way.
First and foremost, I want to completely concentrate on getting the product ready and preparing the launch. There are still quite a few adjustments and preparations that need to be done, especially around the user interface. The second reason: the past days have been a short but very intense road. I want to have the chance to reflect on what I’ve learned and share it with you guys properly, instead of doing a rushed and half-assed day 10 post.

Additionally, it will give me the opportunity to include first results of the launch of Nter and share them with you. So expect the day 10 post to be here in around 1-2 weeks. If you’re on the newsletter, I’ll definitely make sure to let you know as soon as that’s the case.

News part 2: The launch. If everything goes to plan and there won’t be major obstacles popping up throughout the day tomorrow, I’m planning to launch the application on n-ter.co on Thursday evening (US time). I’ll let you know on the subscribers lists and I’ll (maybe) do a day 9.5 post with a short update.

 

Day 9 Summary

If you’re following along and you haven’t done so already: Now is the time to stop working on functionality and start tidying up. Launch time is soon!

Thank you so much for following the series until now. See you around here soon!

Feel free to sign up for the email-newsletter to be notified on launch time!

One Reply to “[Day 9] Starting to Tidy Up For the Launch”

Leave a Reply

Your email address will not be published. Required fields are marked *