Blog

DaDaBIK 9.2.1 Monterosso is out - Security Alert

Posted by Eugenio on 19 Dec 2018

Dear all,
the release of DaDaBIK 9.2.1 was not planned but we have discovery some security issues that I wanted to fix quickly; more precisely, we are talking about SQL injection vulnerabilities which could allow an attacker to execute arbitrary SQL code. You can find all the details, together with the other bugs fixed, in the change log.

You are STRONGLY encouraged to upgrade. After upgrade, as explained in the documentation, change the parameter $dadabik_session_name in config.php using a name you haven't used in the past.


Best,

Eugenio Tacchini
DaDaBIK founder

DaDaBIK 9.2 is out and now also supports Microsoft SQL Server!

Posted by Eugenio on 7 Nov 2018

Dear all,
I am glad to announce that the new DaDaBIK 9.2 Monterosso is out. This release provides some bug fixes and two great improvements.

You can buy your license here.

As usual, if you are in your free upgrade timeframe, you can request your free copy from the upgrade page. If you have a DaDaBIK ENTERPRISE/PLATINUM license and you are out of your free upgrade timeframe, you can also get DaDaBIK 9.2 by purchasing a maintenance license (€65 / €85).

Let's talk about the first new feature: if you use DaDaBIK since long time you probably remember that, many years ago, we used to support (together with MySQL and PostgreSQL) Microsoft SQL Server and Oracle databases.

The support of both MS SQL Server and Oracle was then discontinued due to the lack of interests from our users. Times, apparently, has changed: in the last months I have received several emails from customers (or potential customers) who would like to use DaDaBIK with MS SQL Server in a corporate environment so I decided to reintroduce the support for it, also considering that, respect to some years ago, Microsoft has certainly increased its interest for the PHP world.

Microsoft, in fact, released in 2017 a stable pdo_sqlsrv driver, which is the piece of software we rely on to connect DaDaBIK to MS SQL Server from both Windows and Unix-like systems (you can find details about the requirements in the documentation).

The other improvement is a small but powerful new search operator, a long-awaited and heavily-requested feature: the BETWEEN search operator. You can use it with date* an text field types. When you select between from the search operator menu, an additional textbox appears and allows you to specify the interval between two dates, two numbers or even two generic strings. A typical use is for searching in the interval between two dates. For an example, start the demo n.3 (ERP application), choose invoices -> search -> date -> between and then type 2016-12-01 and 2016-12-31.

As usual, you can find the complete list of the fixed bugs and new features in the change log page.

Enjoy! :)

Best,

Eugenio Tacchini
DaDaBIK founder

DaDaBIK 9.1 is out with a brand new row-level custom filter feature

Posted by Eugenio on 12 Sep 2018

Dear all,

DaDaBIK 9.0 Monterosso has been very well received, thanks for all the words of appreciation!

It's already time for a new version: v. 9.1 Monterosso is out today, you can buy your license here.

As usual, if you are in your free upgrade timeframe, you can request your free copy from the upgrade page. If you have a DaDaBIK ENTERPRISE/PLATINUM license and you are out of your free upgrade timeframe, you can also get DaDaBIK 9.1 by purchasing a maintenance license (€65 / €85).

Version 9.1 is mainly a maintenance release but there are also a few new features, in particular I want to introduce you one of them: row-level custom filters / permissions (available for DaDaBIK Enterprise/Platinum).

You are probably familiar with record ownership: in DaDaBIK you can, for example, set that a record can be read/deleted/modified only by the user (or group) who created it (the owner). This is very useful in many situations: for example in a sales management application, you want that each agent can only see the quotes they inserted. Sometimes, however, this is not enough.

Sometimes in fact you want the records to be filtered by some criteria which is not related to the ownership; take a helpdesk application, for example: let's say the help requests are inserted by some managers and each help request is then assigned by a manger to a member of the IT staff. You might need to filter the requests so that each member of the IT staff can only see the requests assigned to them.

With the new row-level custom filter, you can do that very easily by adding these few lines of code to your custom_functions.php file:
 


$custom_filters['requests'] = 'dadabik_custom_filter_requests';

function dadabik_custom_filter_requests()
{
global $current_user, $current_id_group, $quote;

if ($current_id_group == 3){ // apply the filter only for the IT staff group
    $filter = $quote."assigned_to_request".$quote." = '".$current_user."'";
}
else{
    $filter = "1=1";
}

return $filter;
}

With these few lines, we are saying that we define a custom filter for the table request and that the filter is generated by the custom function dadabik_custom_filter_requests(). Then we write such function, simply saying to add, if the current user is part of the IT staff group, an ADDITIONAL where clause, showing only the requests assigned to him/her (being assigned_to_request the field set by the IT manager).

Here are a few more use cases:



  • In a sales management application, agents can only see orders related to their geographic area

  • In the application for a Physiotherapy practice, each therapist can only view data records belonging to their patients

  • in a multi-schools application, each principal or manager can only view data for students belonging to their school



As you may guess, since you can create your own additional filter, this new feature is very flexible; you can create very simple filters such as :



$filter = $quote.'paid_invoice'.$quote.' = 0';


to show, for everybody, only the invoices where the field paid_invoice is 0 (in this case, the filter is basically an alternatie to a VIEW) or complex filters based on custom criteria / parameters, not necessarily related to the characteristics of the user logged.

I have uploaded a new video tutorial, belonging to the series "How to Create a Web Application with DaDaBIK", where I show more in details the use of the new row-level custom filter features

As usual, you can find the complete list of the fixed bugs and new features in the change log page. About the fixed bugs, in particular, please check the changelog entries related to custom functions and, if you have used the Dada sales app and you have changed something (even just added a new user/group), pay attention to the related change log entry for the security implications.

Enjoy! :)

Best,

Eugenio Tacchini
DaDaBIK founder

DaDaBIK 9 Monterosso is here

Posted by Eugenio on 5 Jul 2018

Dear all,
I am very glad to announce that DaDaBIK 9 Monterosso is finally available!

Here (https://youtu.be/d4h3Dui46B8) you can watch a release video, containing an introduction to the new features.

You can buy your license here.

After “Lerici”, "Monterosso" is another wonderful small town on the Italian coast https://en.wikipedia.org/wiki/Monterosso_al_Mare, one of the five villages in “Cinque Terre”.

DaDaBIK 9 Enterprise, for just 7 days (until July 12th) WILL BE ON SALE AT €95 instead of €160. In bundle, you will find two ready-to-use applications: Dada Sales and Dada HelpDesk (see later for details).

As usual, if you are in your free upgrade timeframe, you can request your free copy from the upgrade page. If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 9.0 by purchasing a maintenance license (€65). Even in this case, you can do everything from the upgrade page.

Our on-line demo page has been updated and two new demos are available (an Help desk application and a Contact form application).?

WHAT’S NEW IN DADABIK 9?

First, there are some important news about the installation process.

You can build a DaDaBIK app starting from an Excel file
It is now possible to build a DaDaBIK app starting from an Excel, CSV or ODS file: you just need to upload the file and DaDaBIK will create the relevant database tables and build an application over them!

Prepackaged apps
You can now create a DaDaBIK app package: it’s a folder containing a manifest.json file (that describes the app) and all the relevant files (custom functions, SQL scripts, custom images, .... ); any DaDaBIK owner can install your app just by copying the package into the new apps folder and choosing the app during the installation process.

Bundled prepackaged apps
DaDaBIK Enterprise/Platinum comes with two bundled prepackaged apps: Dada sales (a sales management application) and Dada HelpDesk (a HelpDesk application. It can be used within a company to manage, for example, the IT help requests). You can install them directly from the installation procedure. At the moment, they are only available for MySQL.

Apart from these changes in the installation process, for DaDaBIK 9 I tried to focus my efforts on the needs of power users, trying to build a proper Rapid Application Development platform.

I have noticed many times that power users at some point tend to work on the DaDaBIK code because they need features which are not (built-in) available or because they just want to add something to the layout. My idea was to make this process as easy and clean as possible, I wanted to allow developers to:

  1. adapt DaDaBIK to their (sometimes complicated) workflows
  2. Introduce their custom code without touching the DaDaBIK core code, therefore preventing problems during upgrades: are you familiar with the "I don't upgrade DaDaBIK because I made too many changes to the code" fear? :)

Here are, therefore, the other improvements you will find in DaDaBIK 9:

Custom buttons
You can now add personalized buttons to your application, specifying for each button a callback PHP or Javascript function to execute. Buttons can be placed in several positions (e.g. on each row of a results grid, on the top of an edit form or near to a form field) and can execute a Javascript function or a PHP function, even via AJAX.

Dashboards
It is now possible to embed a graphic report or a tabular report into a custom page; when logged in as an admin, you can get the embed code by clicking on "show embed code" at the bottom of a graphic report. By embedding one or more reports into a custom page you can easily create a dashboard.

Granular permissions for “CSV Export” and Custom pages

Easier layout customization with layout hooks
With layout hooks you can add custom HTML or PHP code in some parts of the layout without modifying the DaDaBIK core code and therefore making future upgrades easier. There are 13 layout points (including, for example: page header, page footer, edit form header, edit form footer, ...) where you can add layout hooks.

It is now possible to make part of your DaDaBIK application public and part login-protected
This can be useful in several cases, for example if you want to allow unauthenticated users to read a public dataset or if you want to open to the public a registration form or a contact form.

It is now possible, for each field, to specify a custom JavaScript function to execute when an event (e.g. onfocus, onblur, onclick, ...) occurs. For example, you can write a simple JavaScript function that capitalizes the content of a text field when the user leaves the input field (“onblur” event).

There are other new features (including record copy and multiple inserts) and a list of bug fixes (including a huge reduction of memory usage for most of the functionalities and the fix of a problem with select_single and select_single_radio, which could change the selected values unexpectedly). As usual, you can find the complete list in the changelog page.

IONCUBE ENCRYPTION

Please note that part of the DaDaBIK code is now encrypted with Ioncube. Maybe some of you won’t like this, but after having thought a lot about it, I think it is the only proper way for us to protect our intellectual property and to check if customers respect the terms of the license.

Let me highlight some important aspects about this change:

  1. Not all the code is encrypted, the idea is to keep unencrypted the code that users typically want to modify (functions build_results_table, build_details, build_form, header, footer)
  2. Considering the improvements introduced with DaDaBIK 9, it’s very unlikely that you need to modify the core code: you probably can do everything using hooks, custom buttons, custom functions, custom languages and custom pages.
  3. Finally, for users who modified the DaDaBIK core code, I will be glad, if possible, to give some advice about how to migrate their changes to DaDaBIK 9.



To run a PHP application that uses ionCube secured files you need the free ionCube loader. Ioncube is now very popular and the loaders are now installed by default by many hosting services, so in many cases you don’t need to do anything; in some other cases, you have to install it and finally there are also some providers that could prevent the installation of PHP extensions such as ionCube loader (but they are a small minority).

Among the hosting providers that have the ionCube loaders already installed we suggest, as a cheap solution, A2HOSTING, which offers a good shared hosting service at about 4 euros / month, 100% compatible with DaDaBIK (we tested it).

Enjoy! :)


Best,

Eugenio Tacchini
DaDaBIK founder

DaDaBIK 8.3 is out: an important vulnerability fixed, the new PDF print feature is available

Posted by Eugenio on 11 Apr 2018

Dear all,
DaDaBIK 8.3 Lerici is out. DaBIK 8.2 was supposed to be the last 8.x release, however the discovery of an SQL injection vulnerability made me change the plan and I decided to release v. 8.3, which contains a long list of fixes and a couple of new features.

In particular, it contains a fix for an SQL injection vulnerability which allowed an attacker, in particular situations, to execute arbitrary SQL code on the databases they have permissions on. It is very important for you to read all the details in the changelog about this fix and about the others.

In the changelog you will also find the other bugs fixed and the new features.

In particular the new PDF Print feature, one of the features planned to be released with DaDaBIK 9, has been included in DaDaBIK 8.3 (Enterprise/Platinum only) since it was ready to be deployed.

You can use it both from the details page of a record and from the results grid page: in the first case it produces a PDF file containing the information available in the details page, in the second case it produces a PDF file containing N pages, one for each record included in the results grid page.

You can also create an optional custom template file that describes the layout of the PDF document: DaDaBIK allows the user to choose which template file to use, on the fly, during the export to PDF process. The syntax of the template is pure HTML, the conversion between the HTML template and the PDF document is executed using the TCPDF library. The export to PDF feature applied to a record results set, in combination with the use of custom templates, guarantees results similar to the ones you can get using a typical "Mail Merge" feature available in Word Processors.

You can see the PDF feature in action from the on-line demo; from the online demo n.1 (products table) and from the online demo n.2 (customers table), you can also see a custom PDF template in action. You can read all the details about this new feature in the online documentation (paragraph "How to create custom PDF reports / documents").

You will also notice a great improvement in how DaDaBIK handles form errors.

As usual, if you are in your free upgrade timeframe, you can request your free copy from the upgrade page.

If you have a DaDaBIK ENTERPRISE OR PLATINUM license and you are out of your free upgrade timeframe, you can also get DaDaBIK 8.3 by purchasing a maintenance license (€65/€85), which also provides you with an additional year of free upgrade. Even in this case, you can do everything from the upgrade page.



Best,

Eugenio Tacchini
DaDaBIK founder

Page 9 of 28
1  2  3  4  5  6  7  8  9  10  >  >>  

Top