Tag Archives: PHP

Basic HTTP Authentication With PHP

Basic HTTP authentication is rudimentary method of requesting a username and password, then allowing or denying access based on the credentials entered. You’ve probably seen it in action somewhere or another. If you try to subscribe to a protected RSS feed, such as the feed for your friends timeline on Twitter, for example.

It’s not the most user-friendly way to authenticate a user, but it has it’s uses. It’s great for APIs and other things where a pretty interface isn’t being delivered, where a more low-level solution is required. It’s also good for restricting access to parts of your server that most people just don’t need to be accessing.

Basic HTTP Authentication

Continue reading →

40+ Invaluable PHP Tutorials and Resources

My newest post on Net.Tuts+ was published yesterday: 40+ Invaluable PHP Tutorials and Resources

It is a roundup of articles, tutorials and tools of interest to PHP coders, on topics such as security, OOP, frameworks, and WordPress.

PHP is one of the most popular scripting languages on the internet today, and one of the easiest to get into. Whether you’re a PHP newbie, or an experienced code-slinger, there is always something new to discover. A function you’re unfamiliar with a killer timesaving tool, a technique that you forgot about…

Head over to Net.Tuts+ to read the full article.

Transforming Capital Letters With PHP

PHP has some useful functions for dealing with capital letters in string variables. You can make a string all uppercase or lowercase. You can make only the first letter a capital, as in a name, or every other letter a capital for a title or headline.

  • strtoupper() – Make a string all uppercase, as in “I CAN HAS CHEEZBURGER?”
  • strtolower() – The reverse of strtoupper, removes all capitals.
  • ucwords() – Capitalizes the first letter of each word.
  • ucfirst() – Capitalized the first letter of the string. Perfect for displaying user names, as they are generally all lowercase.

Continue reading →

Securing PHP Web Forms

Chris Coyier has written an interesting article on securing form scripts. Serious Form Security talks about token matching, hack logging, and a few other useful techniques to apply to a form processing script. Token matching is definitely a trick worth learning, since it will do a lot to stop bots from submitting data through your form.

The first thing that we are going to do is generate a “token”, essentially a secret code. This token is going to be part of our “session”, meaning it is stored server side. This token also is going to be applied as a hidden input on the form itself when it is first generated in the browser. That means this token exists both on the client side and the server side and we can match them when the form gets submitted and make sure they are the same.

One of the best (worst?) ways to spam forms is to create a script that uses cURL to send POST requests to the URL listed in the form’s action attribute, with some spammy data in the POST fields. (Or malicious data intended to break your script…) By having a pseudo-random token generated like the article describes, it makes things a lot harder. cURL, whether from a command line or an automated script, isn’t going to be able to store the session data and send the token along with the form.

Getting the Number of Words or Characters With PHP

Need to check the number of characters in a string, perhaps for sending user input to Twitter via the API? It can be done easily by using the strlen() function, which simply returns the number of characters in the string passed to it.

$phrase = 'The quick brown fox jumped over the lazy dog.';
echo strlen($phrase);

Counting the number of words in a string variable sounds like it would be a lot harder, doesn’t it? It’s done much the same way, but with the str_word_count() function.

$phrase = 'The quick brown fox jumped over the lazy dog.';
echo str_word_count($phrase);

I hadn’t known about str_word_count() until fairly recently, but I wasn’t too surprised by its existence. PHP certainly excels at string manipulation…

It’s Time for PHP 4 to Be Retired

On December 31, 2007 the PHP Group discountinued support for PHP 4. Since then, there have been no updates to the branch, security or otherwise. PHP 5 is the currently supported branch, and it is far superior to its predecessor.

Web hosts have, for quite some time, delayed upgrading their servers to PHP 5, despite its many advantages. (SimpleXML and better tools for OOP are just a couple invaluable tools that PHP 4 lacks.) Their favorite claim is that it will break everyone’s scripts.

The only scripts that PHP 5.2.x would break are badly-written ones. Popular packages such as WordPress, Joomla, phpBB all work on PHP 5, and some are even dropping support for PHP 4. The only scripts that will have compatibility issues are custom badly-written scripts, and the required updates would be minor. One of the biggest issues would be register_globals, and that could be remedied with some quick updates to scripts, or by turning it back on.

It’s been put off long enough. Web hosts, upgrade to PHP 5 already! The time is long past due.

PHP Version_Compare()

While I was working on a WordPresss plugin recently, I needed to implement a version check. The plugin required WordPress 2.7 or greater, and it made use of several functions available only in PHP 5 and up (such as SimpleXML). It seemed like there should be some sort of version check, so if an installation did not meet the minimum requirements it would exit with an error.

I ended up writing this function:

Continue reading →

WordPress Function to Make Links Clickable

Apparently I’ve been doing things the hard way in my WordPress-related coding. I’ve been using regular expressions to turn URLs into clickable links, when WordPress already has a built-in formatting function to do just that.

Meet make_clickable(). All you have to do is pass a string to it, and it will return the string, but with any web URLs, email addresses or FTP URLs turned into HTML links.

$text = 'This is a cool link: http://www.webmaster-source.com';
echo make_clickable($text);

Will return This is a cool link: http://www.webmaster-source.com. Easy enough, and certainly a more efficient method than writing your own function to do it.

Historical Timestamps in WordPress

Jayvee Fernandez recently wrote on The Blog Herald about WordPress and it’s problems with historical timestamps.

A friend on Plurk asked whether it is possible to use actual historical dates on your blog’s CMS (i.e. 4th of July 1776 for Independence Day). I did some digging and there are posts that address this question.

While this is a neat idea, setting the post date to reflect the time period a work was created (e.g. a photo taken in 1985), it introduces some problems.

  1. You won’t be able to schedule posts to be published at a later date. Setting the timestamp to a historical date will cause it to go live immediately.
  2. Posts with historical dates won’t necessarily be seen on the homepage when they are published. As WordPress (by default) orders posts by date, users would have to browse the archives to find the post. If you’re a master of custom queries, you might be able to remedy it in some way.
  3. I’ve always thought of the post timestamp being the date of publication, not the date of the content’s creation.

Continue reading →

Add Power to Your PHP With Multi-Tiered Applications

Net.Tuts+ recently published an interesting article by Jason Lengstorf. It deals with the separation of PHP code into three tiers, database, processing, and display. (Much like the MVC approach to programming.)

It might not be immediately obvious, but separating your applications into a tiered structure will have a huge impact on your code’s ability to change in the future. For example, if you have a blogging system set up, and it becomes necessary to create an RSS feed for the blog, a properly tiered application would allow you to simply set up an RSS template, then call the database and business functions that you’ve already written.

On the opposite end, if your client suddenly decided that PostgreSQL was a better choice for their organization than MySQL, you would only have to rewrite your database functions, all without touching the business or presentation logic of the application.

This ties-in well with object-oriented programming, of course. By separating your logic into meaningful classes, making it more reusable, your code will end up being much cleaner and more manageable.

If you’ve mastered the basics of PHP, and have moved on to more advanced projects, this is something that is definitely worth reading about.

Add Power to Your PHP With Multi-Tiered Applications [Net.Tuts+]