DaDaBIK 8.2 Lerici is here, we have now the Ajax lookup drop-down menu

Posted by Eugenio on 19 Dec 2017

Hi all,
DaDaBIK 8.2 Lerici is out!

This is mainly a maintenance release (several bugs have been fixed) but there is also an important new feature: Ajax lookup drop-down menu.

Let me explain the whole story: in DaDaBIK 8.1 we introduced the parameter "User-friendly searchable", which made the search of an option inside a (select_single or select_multiple) drop-down menu very easy . However, if the table providing the options for your menu contained a lot of records, your users could experience problems: the browser needs to load all the options, which sometimes can result in browser freezing/hanging and delay issues.

A new parameter, "Use ajax to load options?" allows to load options dynamically, while the user is typing in the field; this completely remove the problem. You can see the effect in the online demo n.1, choose "products": one of the quick filter is "brand", we have intentionally added 10k records with fake brands but as you can see, there isn't any delay in the page loading. The brands are loaded only when you start typing in the brand quick search box.

In DaDaBIK 8.1 we implemented "User-friendly searchable" drop-down menu using the Chosen jQuery plugin, we have moved now to select2 (https://select2.org/), which works better from different point of views including the fact that now the "user-friendly searchable" parameter also has effect on mobile.

A few other new things:
- For PostgreSQL, it is now possible to choose the schema (before, tables needed to be in the public schema)
- The Chinese Language is now available
- It is now possible to choose, for each table/view, the default function (e.g. you can show the insert form instead of the results grid)

You can see the complete list of new features and bug fixes here https://dadabik.com/index.php?function=show_changelog.

As usual, if you are in your free upgrade timeframe, you can request your free copy from the upgrade page (https://dadabik.com/index.php?function=show_upgrade_new)

If you have a DaDaBIK ENTERPRISE OR PLATINUM license and you are out of your free upgrade timeframe, you can also get DaDaBIK 8.2 by purchasing a maintenance license (€65/€85), which also provides you with an additional year of free upgrade. Even in this case, you can do everything from the upgrade page (https://dadabik.com/index.php?function=show_upgrade_new).



Best,

Eugenio Tacchini
DaDaBIK founder

DaDaBIK 8.1 Lerici is available

Posted by Eugenio on 5 Sep 2017

Hi everybody,
I am glad to announce that DaDaBIK 8.1 is available.

This release contains several bug fixes (thanks for all your feedback!) and some new features.

The most important new features are:

Adoption of the Chosen jQuery plugin
DaDaBIK now optionally provides, for select_single and select_multiple_menu fields, a modern search box that allows to easily find a list element when the number of elements is huge. Furthermore, for select_multiple_menu, a new and more user friendly approach is used to display the selected values.
You can see this new feature in action from the on-line demo, Demo 1. Edit a product in the "products" table and see the "brand" and the "categories" fields.

Before delete hoooks
"Before delete" hooks are now supported.

Exclusion of some tables during installation
It is now possible to exclude from the installation some tables using the $tables_to_exclude and $prefixes_to_exclude parameters in config.php. The $prefixes_to_exclude parameter, in particular, is very useful to easily install and use two or more different DaDaBIK applications using a shared database (e.g. a read-only application that doesn't require authentication + a full-featured app accessible only by admin). The documentation has a new paragraph explaining in details how to share the same database between two or more DaDaBIK applications.

Permissions for autoincrement fields
It is now possible, setting the new $grant_permissions_autoincrement_after_table_installation parameter to 0 in config.php, to hide by default autoincrement fields from all the forms during a table installation or during the application installation.

The list of fixed bugs is long and includes, among the others:

• the fix for a bug that could produce wrong search results where select_multiple_* fields were used
• the fix to a bug related to db synchro: after an "add fields" operation, DaDaBIK lost some of the form configurator settings
• the fix for a bug related to pagination: pagination links didn't work correctly when the results grid was part of a master-details view.

DaDaBIK 8 Lerici is available

Posted by Eugenio on 24 Apr 2017

Hi everybody,
I am very excited to announce that DaDaBIK 8 Lerici is finally available.

Here https://youtu.be/oCb0CR8_I60 you can watch a release video, containing an introduction to the new features.

It is the result of a huge work, mainly aimed at:
- reducing as much as possible the development time of a DaDaBIK application;
- providing built-in tools to analyze your data from inside a DaDaBIK application;
- allowing the injection of custom code in a DaDaBIK application without touching the core code.

DaDaBIK 8 Lerici has been refined and shaped during a quite long beta period, thanks again to all the beta testers!

You may wonder why "Lerici": I decided to give a name to each major release and I named DaDaBIK 8 after a wonderful small town on the Italian coast https://en.wikipedia.org/wiki/Lerici, where I moved for a period of time to focus on the development of DaDaBIK :)

For DaDaBIK 8 Lerici Pro and Enterprise we have maintained the same price of DaDaBIK 7; however, there has been a change with the license: with one DaDaBIK Enterprise license you can create maximum 10 active DaDaBIK applications (please note that you can create as many test applications as you want); the majority of users won't probably be affected by this change. With DaDaBIK Pro, the limit is 5.

As usual, if you are in your free upgrade timeframe (1 year for DaDaBIK Enterprise, 6 months for DaDaBIK PRO), you can request your free copy from the upgrade page.

If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 8.0 by purchasing a maintenance license (€65), which also provides you with an additional year of free upgrade. Even in this case, you can do everything from the upgrade page.

We have also introduced a new, more expensive, version: DaDaBIK PLATINUM: it guarantees three years of free upgrade, the development of 30 applications and an improved supports that also include phone support via Skype/Hangout. You can compare the three versions here

Together with DaDaBIK Enterprise or Platinum, you will also receive Dada Sales, a simple sales management applications created with DaDaBIK, that shows many new features offered by DaDaBIK 8 and that you can use as a base to develop your own applications.

All the on-line demo have been updated to DaDaBIK 8 and a new Demo (again, Dada Sales!) has been added to the list.

Here are some of the new features provided.

1) A new, responsive, front-end
DaDaBIK has a completely new, responsive, front-end. The front-end provides four graphic themes, three different modalities to handle the results grid layout overflow and two options for the menu: the classic dropdown list and a left side menu.
DaDaBIK also provides two display modes for the results grid: 'classi grid' and 'list', the latter displays each field+value couple in a single row and it is useful when you have a lot of columns (to avoid the horizontal scrollbar) or when you are accessing DaDaBIK from mobile.

2) A complete graph reporting tool
DaDaBIK now provides a complete graph reporting tool, which allows to easily produce Pie charts, Bar charts and line charts based on the application data. Both a simple mode (create a graph in two clicks) and an advanced mode (write your custom SQL query as source of the graph) are provided. You can save a report in the menu to access it later in one click.

3) Calculated fields
DaDaBIK now provides calculated form fields, whose value is not directly provided by the user but calculated according to a custom PHP function. For example you might have a total_price field, which is calculated according to the values of other fields, e.g. as price + tax.

4) Smart installation / configuration guessing
A new smart installation procedure allows to save a lot of time during the DaDaBIK application configuration: DaDaBIK tries to guess the correct parameters for a field according to: database field type, database constraints and even field name. For example if you have a referential integrity constraint in your schema, DaDaBIK chooses a select_single field type for the foreign key and set the correct linked fields; if you have a NOT NULL field, DaDaBIK sets the field as required, if your field contains the word "email", DaDaBIK set the field content to "email". All the rules are expressed in PHP function guess_field_dadabik_settings() that the users can customize.

5) Hooks
DaDaBIK now provides HOOKS: a feature that allows you to write some PHP code to be called under certain circumstances. DaDaBIK currently supports after insert, before update, after update and after delete hooks. For example you can easily add some code that, when a new order is register to the system (after insert hook on table orders) automatically updates your stock in a table warehouse. Hooks are defined in the file custom_functions.php.

6) Improved admin section
The admin section has been drastically improved.

There are also several bug fixes, see the complete list of new features and fixes here.


Enjoy! :)

Best,

Eugenio Tacchini
DaDaBIK founder

Security alert - please change your password

Posted by Eugenio on 7 Mar 2017

Dear all,
we have detected an intrusion in our server. The attackers were able to upload PHP files containing malicious code. We don't know when this exactly happened, the files, potentially, could also have been uploaded long time ago.

We don't know if the attackers actually accessed our database but potentially they could have done it, which means they could have accessed the data related to the forum users.

The forum platform we are using ( http://phorum.org ) stores passwords using md5, which means passwords are encrypted but, especially if the password is a common word or is made by using a simple variation / combination of common words, it could be decrypted using an attack based on rainbow tables (https://en.wikipedia.org/wiki/Rainbow_table).

Your forum password, therefore, could have been, potentially, decrypted and your forum account could have been accessed by someone else; please consider that, especially if you have shared sensible information using forum private messages.

I have personally re-written some of the Phorum code in order to implement a much secure approach: passwords are now encrypted with a SALT, which makes infeasible to use a rainbow table. In addition to other security measures we have put in place, our Website - the main URL is now dadabik.com, with dadabik.org redirecting to dadabik.com - has now HTTPS browsing by default.

Please login into the forum and change your password: this is the only way to ensure your password will be stored using the new system. If you login into the forum, the system will actually force you to change your password.
Please also consider to change your password for other services in which you have used the same password you used for the forum.

I am very sorry for the inconvenience and we have worked hard to avoid the same problem will occur in the future.

Best,
Eugenio Tacchini
DaDaBIK Founder

DaDaBIK 7.3.3 is out, vulnerabilities fixed

Posted by Eugenio on 26 Jul 2016

Dear all,
DaDaBIK 7.3.3 is out.

This is a maintenance release that fixes an important vulnerability discovered in the last days.

First of all, the vulnerability we fixed with DaDaBIK 7.3 (back in May) was even worst as we described: in addition to what we said, we must say that an authenticated user (or a user of a DaDaBIK application having authentication disabled) could execute arbitrary SQL queries (even INSERT/DELETE/UPDATE) on the DaDaBIK database (or on other databases if the database user used by DaDaBIK had the needed permissions).

The vulnerability WAS actually fixed with DaDaBIK 7.3. Another similar vulnerability, however, was found in the last days; this one fixed by this 7.3.3; again, the vulnerability allowed an attacker to execute arbitrary queries on the DaDaBIK database or on other databases (if the database user used by DaDaBIK had the needed permissions). In this case, if authentication was enabled, not only the attacker needed to be authenticated to exploit the vulnerability, but also he/she needed to belong to the administrators group.

This will probably be the last 7.x version; as you can see, we have focused on security in the last weeks while the upcoming version 8 will have many BIG new features.

Version 8 will be probably published in Autumn, for sure before the end of 2016 so If you buy DaDaBIK 7.3.3 PRO or ENTERPRISE now, you'll get DaDaBIK 8 as a free upgrade.

As usual, if you are in your free upgrade timeframe (1 year for DaDaBIK Enterprise, 6 months for DaDaBIK PRO), you can request your free copy from the upgrade page.

If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 7.3.3 by purchasing a maintenance license (€65), which also provides you with an additional year of free upgrade (email support@dadabik.org to get the instructions).

One more thing: during the last months we have experienced a problem with our mailing system, due to a technical incompatibility between Sendy (the tool we use to send newsletters) and the CURL version used by our hosting provider. The problem is now fixed but the result is that some users (fortunately just a small fraction) haven't received one or more newsletters. Since some of them were related to important security-related issues, please check the blog page to get informed about our past communications. I also suggest you to follow DaDaBIK on Facebook and on Twitter, we always post there important news.

Best,

Eugenio Tacchini
DaDaBIK founder