DaDaBIK 8.3 is out: an important vulnerability fixed, the new PDF print feature is available

Posted by Eugenio on 11 Apr 2018

Dear all,
DaDaBIK 8.3 Lerici is out. DaBIK 8.2 was supposed to be the last 8.x release, however the discovery of an SQL injection vulnerability made me change the plan and I decided to release v. 8.3, which contains a long list of fixes and a couple of new features.

In particular, it contains a fix for an SQL injection vulnerability which allowed an attacker, in particular situations, to execute arbitrary SQL code on the databases they have permissions on. It is very important for you to read all the details in the changelog about this fix and about the others.

In the changelog you will also find the other bugs fixed and the new features.

In particular the new PDF Print feature, one of the features planned to be released with DaDaBIK 9, has been included in DaDaBIK 8.3 (Enterprise/Platinum only) since it was ready to be deployed.

You can use it both from the details page of a record and from the results grid page: in the first case it produces a PDF file containing the information available in the details page, in the second case it produces a PDF file containing N pages, one for each record included in the results grid page.

You can also create an optional custom template file that describes the layout of the PDF document: DaDaBIK allows the user to choose which template file to use, on the fly, during the export to PDF process. The syntax of the template is pure HTML, the conversion between the HTML template and the PDF document is executed using the TCPDF library. The export to PDF feature applied to a record results set, in combination with the use of custom templates, guarantees results similar to the ones you can get using a typical "Mail Merge" feature available in Word Processors.

You can see the PDF feature in action from the on-line demo; from the online demo n.1 (products table) and from the online demo n.2 (customers table), you can also see a custom PDF template in action. You can read all the details about this new feature in the online documentation (paragraph "How to create custom PDF reports / documents").

You will also notice a great improvement in how DaDaBIK handles form errors.

As usual, if you are in your free upgrade timeframe, you can request your free copy from the upgrade page.

If you have a DaDaBIK ENTERPRISE OR PLATINUM license and you are out of your free upgrade timeframe, you can also get DaDaBIK 8.3 by purchasing a maintenance license (€65/€85), which also provides you with an additional year of free upgrade. Even in this case, you can do everything from the upgrade page.



Best,

Eugenio Tacchini
DaDaBIK founder

DaDaBIK 8.2 Lerici is here, we have now the Ajax lookup drop-down menu

Posted by Eugenio on 19 Dec 2017

Hi all,
DaDaBIK 8.2 Lerici is out!

This is mainly a maintenance release (several bugs have been fixed) but there is also an important new feature: Ajax lookup drop-down menu.

Let me explain the whole story: in DaDaBIK 8.1 we introduced the parameter "User-friendly searchable", which made the search of an option inside a (select_single or select_multiple) drop-down menu very easy . However, if the table providing the options for your menu contained a lot of records, your users could experience problems: the browser needs to load all the options, which sometimes can result in browser freezing/hanging and delay issues.

A new parameter, "Use ajax to load options?" allows to load options dynamically, while the user is typing in the field; this completely remove the problem. You can see the effect in the online demo n.1, choose "products": one of the quick filter is "brand", we have intentionally added 10k records with fake brands but as you can see, there isn't any delay in the page loading. The brands are loaded only when you start typing in the brand quick search box.

In DaDaBIK 8.1 we implemented "User-friendly searchable" drop-down menu using the Chosen jQuery plugin, we have moved now to select2 (https://select2.org/), which works better from different point of views including the fact that now the "user-friendly searchable" parameter also has effect on mobile.

A few other new things:
- For PostgreSQL, it is now possible to choose the schema (before, tables needed to be in the public schema)
- The Chinese Language is now available
- It is now possible to choose, for each table/view, the default function (e.g. you can show the insert form instead of the results grid)

You can see the complete list of new features and bug fixes here https://dadabik.com/index.php?function=show_changelog.

As usual, if you are in your free upgrade timeframe, you can request your free copy from the upgrade page (https://dadabik.com/index.php?function=show_upgrade_new)

If you have a DaDaBIK ENTERPRISE OR PLATINUM license and you are out of your free upgrade timeframe, you can also get DaDaBIK 8.2 by purchasing a maintenance license (€65/€85), which also provides you with an additional year of free upgrade. Even in this case, you can do everything from the upgrade page (https://dadabik.com/index.php?function=show_upgrade_new).



Best,

Eugenio Tacchini
DaDaBIK founder

DaDaBIK 8.1 Lerici is available

Posted by Eugenio on 5 Sep 2017

Hi everybody,
I am glad to announce that DaDaBIK 8.1 is available.

This release contains several bug fixes (thanks for all your feedback!) and some new features.

The most important new features are:

Adoption of the Chosen jQuery plugin
DaDaBIK now optionally provides, for select_single and select_multiple_menu fields, a modern search box that allows to easily find a list element when the number of elements is huge. Furthermore, for select_multiple_menu, a new and more user friendly approach is used to display the selected values.
You can see this new feature in action from the on-line demo, Demo 1. Edit a product in the "products" table and see the "brand" and the "categories" fields.

Before delete hoooks
"Before delete" hooks are now supported.

Exclusion of some tables during installation
It is now possible to exclude from the installation some tables using the $tables_to_exclude and $prefixes_to_exclude parameters in config.php. The $prefixes_to_exclude parameter, in particular, is very useful to easily install and use two or more different DaDaBIK applications using a shared database (e.g. a read-only application that doesn't require authentication + a full-featured app accessible only by admin). The documentation has a new paragraph explaining in details how to share the same database between two or more DaDaBIK applications.

Permissions for autoincrement fields
It is now possible, setting the new $grant_permissions_autoincrement_after_table_installation parameter to 0 in config.php, to hide by default autoincrement fields from all the forms during a table installation or during the application installation.

The list of fixed bugs is long and includes, among the others:

• the fix for a bug that could produce wrong search results where select_multiple_* fields were used
• the fix to a bug related to db synchro: after an "add fields" operation, DaDaBIK lost some of the form configurator settings
• the fix for a bug related to pagination: pagination links didn't work correctly when the results grid was part of a master-details view.

DaDaBIK 8 Lerici is available

Posted by Eugenio on 24 Apr 2017

Hi everybody,
I am very excited to announce that DaDaBIK 8 Lerici is finally available.

Here https://youtu.be/oCb0CR8_I60 you can watch a release video, containing an introduction to the new features.

It is the result of a huge work, mainly aimed at:
- reducing as much as possible the development time of a DaDaBIK application;
- providing built-in tools to analyze your data from inside a DaDaBIK application;
- allowing the injection of custom code in a DaDaBIK application without touching the core code.

DaDaBIK 8 Lerici has been refined and shaped during a quite long beta period, thanks again to all the beta testers!

You may wonder why "Lerici": I decided to give a name to each major release and I named DaDaBIK 8 after a wonderful small town on the Italian coast https://en.wikipedia.org/wiki/Lerici, where I moved for a period of time to focus on the development of DaDaBIK :)

For DaDaBIK 8 Lerici Pro and Enterprise we have maintained the same price of DaDaBIK 7; however, there has been a change with the license: with one DaDaBIK Enterprise license you can create maximum 10 active DaDaBIK applications (please note that you can create as many test applications as you want); the majority of users won't probably be affected by this change. With DaDaBIK Pro, the limit is 5.

As usual, if you are in your free upgrade timeframe (1 year for DaDaBIK Enterprise, 6 months for DaDaBIK PRO), you can request your free copy from the upgrade page.

If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 8.0 by purchasing a maintenance license (€65), which also provides you with an additional year of free upgrade. Even in this case, you can do everything from the upgrade page.

We have also introduced a new, more expensive, version: DaDaBIK PLATINUM: it guarantees three years of free upgrade, the development of 30 applications and an improved supports that also include phone support via Skype/Hangout. You can compare the three versions here

Together with DaDaBIK Enterprise or Platinum, you will also receive Dada Sales, a simple sales management applications created with DaDaBIK, that shows many new features offered by DaDaBIK 8 and that you can use as a base to develop your own applications.

All the on-line demo have been updated to DaDaBIK 8 and a new Demo (again, Dada Sales!) has been added to the list.

Here are some of the new features provided.

1) A new, responsive, front-end
DaDaBIK has a completely new, responsive, front-end. The front-end provides four graphic themes, three different modalities to handle the results grid layout overflow and two options for the menu: the classic dropdown list and a left side menu.
DaDaBIK also provides two display modes for the results grid: 'classi grid' and 'list', the latter displays each field+value couple in a single row and it is useful when you have a lot of columns (to avoid the horizontal scrollbar) or when you are accessing DaDaBIK from mobile.

2) A complete graph reporting tool
DaDaBIK now provides a complete graph reporting tool, which allows to easily produce Pie charts, Bar charts and line charts based on the application data. Both a simple mode (create a graph in two clicks) and an advanced mode (write your custom SQL query as source of the graph) are provided. You can save a report in the menu to access it later in one click.

3) Calculated fields
DaDaBIK now provides calculated form fields, whose value is not directly provided by the user but calculated according to a custom PHP function. For example you might have a total_price field, which is calculated according to the values of other fields, e.g. as price + tax.

4) Smart installation / configuration guessing
A new smart installation procedure allows to save a lot of time during the DaDaBIK application configuration: DaDaBIK tries to guess the correct parameters for a field according to: database field type, database constraints and even field name. For example if you have a referential integrity constraint in your schema, DaDaBIK chooses a select_single field type for the foreign key and set the correct linked fields; if you have a NOT NULL field, DaDaBIK sets the field as required, if your field contains the word "email", DaDaBIK set the field content to "email". All the rules are expressed in PHP function guess_field_dadabik_settings() that the users can customize.

5) Hooks
DaDaBIK now provides HOOKS: a feature that allows you to write some PHP code to be called under certain circumstances. DaDaBIK currently supports after insert, before update, after update and after delete hooks. For example you can easily add some code that, when a new order is register to the system (after insert hook on table orders) automatically updates your stock in a table warehouse. Hooks are defined in the file custom_functions.php.

6) Improved admin section
The admin section has been drastically improved.

There are also several bug fixes, see the complete list of new features and fixes here.


Enjoy! :)

Best,

Eugenio Tacchini
DaDaBIK founder

Security alert - please change your password

Posted by Eugenio on 7 Mar 2017

Dear all,
we have detected an intrusion in our server. The attackers were able to upload PHP files containing malicious code. We don't know when this exactly happened, the files, potentially, could also have been uploaded long time ago.

We don't know if the attackers actually accessed our database but potentially they could have done it, which means they could have accessed the data related to the forum users.

The forum platform we are using ( http://phorum.org ) stores passwords using md5, which means passwords are encrypted but, especially if the password is a common word or is made by using a simple variation / combination of common words, it could be decrypted using an attack based on rainbow tables (https://en.wikipedia.org/wiki/Rainbow_table).

Your forum password, therefore, could have been, potentially, decrypted and your forum account could have been accessed by someone else; please consider that, especially if you have shared sensible information using forum private messages.

I have personally re-written some of the Phorum code in order to implement a much secure approach: passwords are now encrypted with a SALT, which makes infeasible to use a rainbow table. In addition to other security measures we have put in place, our Website - the main URL is now dadabik.com, with dadabik.org redirecting to dadabik.com - has now HTTPS browsing by default.

Please login into the forum and change your password: this is the only way to ensure your password will be stored using the new system. If you login into the forum, the system will actually force you to change your password.
Please also consider to change your password for other services in which you have used the same password you used for the forum.

I am very sorry for the inconvenience and we have worked hard to avoid the same problem will occur in the future.

Best,
Eugenio Tacchini
DaDaBIK Founder