Archive for April, 2006
Friday, April 28th, 2006
Yet another article on how to prevent spammers from using your mail scripts to send spam.
Anyone who has an email address can tell you that spam is one of the great banes of the online world. But it’s not only distant servers owned by the spammers that are to blame. It may even be your very own server. Insecure PHP scripts have provided great opportunities for spammers to abuse other’s resources to send out their spam. In particular, it’s the mail() function that can be abused. I myself was the target a few months ago when I noticed spam being sent from an old form on my server that I’d forgotten about. This month’s article looks at techniques that can be used to harden your mail form, and reduce the chances of it being misused.
Link: PHPBuilder.com: Prevent Spam when using PHP’s mail function.
Posted in PHP, Security | No Comments »
Friday, April 28th, 2006
Here’s a cool upload script which gives you a progress bar while your files are uploading. It’s a collection of PHP and Perl scripts. The Perl script overcomes PHP’s limitation of querying the status of the temporary upload file while it’s in transit.
Uber-Uploader is a group of programs written in Perl, PHP and Javascript. It is intended to present a graphical representation of the status of a web based file upload in the form of a progress bar.
Link: Uber-Uploader - A free web based file uploader that displays a progress bar
Posted in PHP, Software | No Comments »
Friday, April 21st, 2006
Do you want to create Word Documents on the Fly through your PHP application? Here’s an article which shows you how to create Word Documents in PHP using XSLT.
Link: Generating Word Documents on the Fly - Pixelated Dreams
Posted in PHP | No Comments »
Thursday, April 20th, 2006
Here’s a class from Simon Willison which allows you to create an easy form generation and validation system for PHP.
Let’s talk about form validation. Here’s what I would class as the ideal validation system for a form in a web application:
1. The form is displayed; you fill it in.
2. You submit the form to the server.
3. If you missed something out or provided invalid input, the form is redisplayed pre-filled with the valid data you already entered.
4. The redisplayed form tells you what you got wrong. It also flags the fields that were incorrect.
5. Loop until you fill the form in correctly.
Writing this once in PHP is trivial, but takes quite a bit of very dull code. Writing this for more than one form quickly becomes a tedious nightmare of duplicating and slightly editing code, which is why so few forms bother.
Link: Simon Willison: Easier form validation with PHP
Posted in PHP, Web Development | No Comments »
Monday, April 10th, 2006
Did you know that you can activate a MySQL to log all queries which take a long time to run? You can use this log to identify queries which may not be optimal and could be bringing down your web application peformance. Here’s a good article on logging slow-queries on MySQL.
The slow query log is one of the less-used logs, as by default it’s not activated, but it’s a useful log for identifying queries that are not optimal. Often, in an under-performing system, especially with the default MyISAM tables (that make use of table-level locking, not row-level locking), a single query may be the cause of problems.
Link: MySQL’s Over-looked and Under-worked Slow Query Log
Posted in Databases | No Comments »
Monday, April 10th, 2006
(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.
In the latest Issue (March 2006):
- Best practices in enterprise database protection
- Quantifying the cost of spyware to the enterprise
- Security for websites - breaking sessions to hack into a machine
- How to win friends and influence people with IT security certifications
- The size of security: the evolution and history of OSSTMM operational security metrics
- PHP and SQL security today
- Apache security: Denial of Service attacks
Download Issue 6 of (IN)SECURE
Link: (IN)SECURE Magazine
Posted in Security, Sites | No Comments »
Friday, April 7th, 2006
FlashObject is a small Javascript file used for embedding Macromedia Flash content. The script can detect the Flash plug-in in all major web browsers (on Mac and PC) and is designed to make embedding Flash movies as easy as possible. It is also very search engine friendly, degrades gracefully, can be used in valid HTML and XHTML 1.0 documents, and is forward compatible, so it should work for years to come.
deconcept › FlashObject: Javascript Flash detection and embed script
Posted in Web Development | No Comments »
Wednesday, April 5th, 2006
There are lots of implementations on sending mails for PHP, but mail parsers have generally been hard to come by.Here’s a new Pear Package which allows you to easily parse mails in PHP. Check below for a script which uses package to parse mails.
< ?php
require_once "ezc/Base/base.php";
function __autoload( $className ){
ezcBase::autoload( $className );
}
$pop3 = new ezcMailPop3Transport( "pop3.example.com" );
$pop3->authenticate( “user”, “password” );
$set = $pop3->fetchAll();
$parser = new ezcMailParser();
$mails = $parser->parseMail( $set );
foreach ( $mails as $mail ) {
echo “From: {$mail->from->email}\n”;
echo “To: “;
foreach ( $mail->to as $to ) {
echo “{$to->name} ({$to->email}) “;
}
echo “\n”;
echo “Subject: {$mail->subject}\n”;
switch ( get_class( $mail->body ) ) {
case ‘ezcMailText’: echo “Text part, “. “type={$mail->body->subType}\n–\n”;
echo $mail->body->text;
echo “\n–\n”;
break;
case ‘ezcMailMultipartMixed’: echo “Multipart mail\n”;
break;
}
echo “\n”;
}
?>
Link: Parsing Mail with PHP - Derick Rethans
Posted in PHP | No Comments »
