joind.in – a personal plea

1st of March 2015Allgemein, joind.in, php.ugcommunity, joindin, phpAndreas Heigl

Joind.in is a community driven project to give feedback to speakers at conferences and events.

And besides that it is a great ressource for all those that want to participate in the community. Not only as it’s an opensource project that everyone can help to make even better! But to provide feedback it also contains a list of almost every conference and event that is of any significance to the (PHP-)community.

And as the driving force underneath the hood of joind.in is a great API everyone interested can do a lot of cool things with the data no one has ever thought of.

To get the most out of joind.in (and therefore that API) some things should to be considered when creating or editing an event in joind.in. Some of these I’ll list here:

Continue reading joind.in – a personal plea →

Remap CMD-P to the systems print-dialog in Chrome on MacOS-X

19th of June 2014Allgemein, MacAndreas Heigl

Recently I was finally annoyed to always have a custom dialog in Chrome when instinctively hitting CMP-P to print a page.

So I reset the keymapping for chrome in that way that hitting CMP-P opens the systems default print-dialog like this.

Remappging the keybinding for CMD-P to the system print-dialog for google-chrome

You can also find this on SuperUser

Change OpenDirectory-Mappings

5th of June 2014MacAndreas Heigl

Today I’m hacking together some things I’ve learned during administrating a bunch of Macs that had to use a centralized OpenLDAP-cluster as “OpenDirectory”-backend.

To get authentication as well as authorization to work we had to tweak the mapping of Apples DirectoryService-fields to the LDAP-Attributes of our OPenLDAP.

Luckily it’s not rocket science as Apples own OpenDirectory is based on OpenLDAP as well, so there are some parallels.

NOTE: ALL the things described here apply to MacOS 10.8 clients and an OpenLDAP-backend. They worked out for our settings. If you change any of your settings you are doing so on your own risk!

Continue reading Change OpenDirectory-Mappings →

New and cool features in PHP5.6

26th of April 2014Allgemein, DevelopmentAndreas Heigl

PHP5.6 is, at the date of writing this, in the first beta phase. So the good question is: What new and cool features can we expect in the shiny new PHP-Version?

Exponential operator
importing namespaced functions
constant scalar expressions
variadic functions
argument unpacking
phpdbg
Streams for POST-data
Default Character-Encoding improvements
TLS improvements
More “under-the-hood”-Improvements

For a full list of changes have a look at the RFC-Part of the php.net wiki

Continue reading New and cool features in PHP5.6 →

Create signed PDF-Files

13th of April 2014Developmentcertificate, pdf, php, signAndreas Heigl

Some days ago a friend of mine asked me how to create PDF-Receipts. Background is that – at least in Germany – you can replace printed receipts with digitally signed PDF-Files. The signature has to comply to certain legal standards to be able to replace the printed copy but the way is the same whether it’s a self-signed certificate or an official one.

For the start I wanted to see how to sign a PDF-Document created with TCPDF. At a later time I will also have a look at how to sign a PDF-File using the libraries supported by PDFlib.com.

Signing PDF-files with TCPDF requires you to have the private key and the certificate available via a stream-ressource. That excludes certificates and keys on a signature-card as long as you can not export them.

Creating a signed PDF-File using TCPDF is rather simple as you can see in this code-snippet:

$pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);

// set certificate file
$certificate = 'file://' . __DIR__ . '/cert/certificate.crt';
$privateKey = 'file://' . __DIR__ . '/cert/privateKey.crt';
// set document signature
$pdf->setSignature($certificate, $privateKey, 'test1234', '', 1, array());

// Do some more stuff here like creating the actual PDF-File

//Close and output PDF document
$pdf->output('test.pdf', 'D');

That’s it.

The hard part now is for one thing creating the actual PDF-File.
And the more important one question was “Which certificate-key-thingy goes where”.

That was the one that took me most of the time. When using a self-signed certificate as described in the TCPDF-Example you can somehow use the given openSSL shell-lines to get somehow to a result. But I wanted to sign the document with a “qualified electonical signature” which takes some more steps.

What is a qualified electronical signature? It’S nothing else than any other digital signature from a certification authority. The only difference is, that it has been issued according to the german “Signaturgesetz” which means, that it is based on a qualified certificate and has been created using a certain approved PKI. As I am not a lawyer, this is simply my own description of a legal process which might be inaccurate or plain false. So do not take my word as legally authoritative. A list of issuers for qualified electronical signatures can be found at http://www.nrca-ds.de/ZDAliste.htm

As I do not posses such a qualified electronical signature (and there currently is no need for me to get one) I tried the whole stuff with a certificate I got myself from CA-Cert. As far as I know (but I will verify that one soon) you can export a qualified electronic signature into a format that can be used for these purposes.

The relevant parts are the following variables

$certificate: needs to point to a certificate file in PEM-Format. Thats a plaintext-file with —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– and some base64 encoded stuff in between.
$privateKey: needs to point to a private key file in binary PKCS7-Format. Those files normally end in something like ‘.p12’ or ‘.pfx’. To open this file you normally need a passphrase which you have to provide as third parameter to $pdf->setSignature.

Using that certificate and private key you can now sign your PDF-file.