News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

That Podcast:
Episode 7.5 The Short One in London
September 29, 2014 @ 13:52:09

That Podcast has posted their latest episode today, a shorter add-on to their previous episode (#7): Episode 7.5, "The Short One in London".

Beau and Dave recap SymfonyLive London 2014 in their first live in person recording.

Topics mentioned in this episode include Mybuilder.com, Behat, Drupal and Game of Thrones (along with several members of the community). You can listen to this latest episode either through the in-page player or by downloading the mp3 of the show. If you enjoy the show, check out others in their list and be sure to subscribe to their feed for the latest as they're released.

0 comments voice your opinion now!
thatpodcast ep7.5 short one london symfonylive live recording

Link: http://thatpodcast.io/episodes/episode-7-5-the-short-one-in-london/

Alison Gianotto:
Check User-Submitted URLs for Malware and Phishing in Your Application
April 07, 2014 @ 10:01:59

In her latest post Alison Gianotto looks at a few different ways that you can validate any URLs that your users might give you to ensure they're not anything malicious. She looks at two of the major services, the Google SafeBrowsing API and SURBLs, as well as mentioning a few others.

If you write software for the web that allows users to submit or share URLs (comment systems, mail clients, forums, URL shorteners, etc), you may find yourself in a position where you need to filter out malicious links. Fortunately, there are several free options for you to better protect your systems and your users against bad guys, and they're pretty simple to implement. (My examples are in PHP, but could easily be adapted to whatever language you prefer.)

She starts with an example call to the Google's SafeBrowsing service, making a curl call and parsing the result. The other service, SURBL, makes use of DNS validation calls complete with code examples. She also talks about Phishtank and VirusTotal as other options. She finishes the post with a few suggestions for working with the rate limit restrictions on these services, including things like only checking on click-through and ensuring failure is handled well.

0 comments voice your opinion now!
malware phishing url validate google safebrowsing surbl tutorial

Link: http://www.snipe.net/2014/04/check-user-submitted-urls-for-malware-and-phishing-in-your-application

PHPMaster.com:
Generating One-Time Use URLs
April 10, 2013 @ 11:18:56

On PHPMaster.com there's a new tutorial posted showing you how to generate one-time use URLs that could be used for various things across an application, including things like account verification links.

A one-time URL is a specially crafted address that is valid for one use only. It's usually provided to a user to gain privileged access to a file for a limited time or as part of a particular activity, such as user account validation. In this article I'll show how to generate, implement, and expire one-time URLs.

Included in the post is the SQL to create a sample "pending_users" table that includes a "token" column for storing the generated hash. Code is also included for generating the hash and checking the incoming URL to see if it matches the requested user (and hasn't expired).

As a matter of general house keeping you could write a secondary script to keep expired tokens from accumulating in the database if a user never follows them. The script could be run periodically by an administrator, or preferably set up as a scheduled task or cron job and run automatically.
0 comments voice your opinion now!
onetime url tutorial generate unique

Link: http://phpmaster.com/generating-one-time-use-urls

PHPMaster.com:
Building Your Own URL Shortener
September 21, 2012 @ 12:58:00

On PHPMaster.com today, there's a new tutorial walking you through the creation of a URL shortner - a simple tool that can be used to compact URLs into something easier to manage (and more friendly with services like Twitter).

Most of us are familiar with seeing URLs like bit.ly or t.co on our Twitter or Facebook feeds. These are examples of shortened URLs, which are a short alias or pointer to a longer page link. [...] In this article you'll learn how to create a fully functional URL shortener for your website that will work whether you use a front controller/framework or not. If you use a front controller, I'll discuss you how to easily integrate this URL shortener without having to dig into the controller's programming.

They help you create a simple database to hold the link relationships, the PHP code to create the randomized hash that represents the link and the code to shorten it. There's also the PHP code to take it the other way and decode the shortened version into the full URL. You can find the full code (ready for checkout) over on the PHPMaster.com Github account.

0 comments voice your opinion now!
url shortener service tutorial database


David Müller:
Why URL validation with filter_var might not be a good idea
September 20, 2012 @ 08:09:31

David Müller has a new post to his site today showing why validating URLs with filter_var is a good thing for the security of your application.

Since PHP 5.2 brought us the filter_var function, the time of such [regular expressions-based] monsters was over. [With] the simple, yet effective syntax [and] with a third parameter, filter flags can be passed, [...] 4 flags are available [for URL filtering].

He shows how to use it to filter out a simple XSS issue (a "script" tag in the URL) and some examples of issues that the filter_var function doesn't prevent - like injection of other schemes (like "php://" or "javascript://"). He recommends adding a wrapper around the method to check for the correct scheme (ex. "http" or "https" for URLs) and reminds you that filter_var is not multibyte capable.

0 comments voice your opinion now!
filtervar url validation security filter input


Design Aeon:
Check Dead Links From Database Using PHP CURL
June 18, 2012 @ 09:45:55

On DesignAeon.com there's a recent tutorial posted showing you how to extract URLs from your database and determine which ones are "dead" automatically with the help of cURL.

Checking Deadlinks From the database manually is a Headache ,So why not use a script which return the http status of the particular link and tell us if the link is dead or not.So how do we check the dead links from the database ? How do we programatically check whether the link is dead or not ? To check broken or dead links from Database we will use curl .

Included in the post is a sample script that extracts the URLs from a field in the database (you'd need some extra smarts if you're pulling it from content) and running it though a "checklink" function. If the call to curl_getinfo returns false, the link is marked dead.

0 comments voice your opinion now!
dead link url curl check automatic tutorial database


Gaurish Patil's Blog:
URL rewriting in Yii to hide index.php
April 20, 2012 @ 09:27:06

In this new post to his blog Gaurish Patil shows users of the Yii framework how they can update their configuration settings to hide the "index.php" in their requests and make cleaner URLs.

Finally we figure out the basics of Yii. While working on basic of Yii, I want to rewrite the url to SEO friendly. So I started to search on google, forum got useful information here http://www.yiiframework.com/doc/guide/1.1/en/topics.url To hide the index.php from url I did changes in config/main.php [...] and I created new .htaccess file in the same directory as my index.php file.

The changes are pretty simple - it's mostly a change to the "urlManager" setting to provide some rules for mapping controller and actions to the right place. The .htaccess file uses Apache's mod_rewrite functionality to grab the requested URL and remap it back to lay on top of the "index.php" front controller for the request.

0 comments voice your opinion now!
url rewrite yii framework urlmanager htaccess


Lorna Mitchell's Blog:
Building A RESTful PHP Server Routing the Request
January 23, 2012 @ 11:14:11

Lorna Mitchell is back with a second installment in her "Building a RESTful PHP Server" series with this new post about handling and routing the incoming requests. (You can find the first part about working with the request here)

This is the second part of a series, showing how you might write a RESTful API using PHP. This part covers the routing, autoloading, and controller code for the service, and follows on from the first installment which showed how to parse the incoming request to get all the information you need.

She shows how to grab the controller name from the incoming request (based on her previous code), create the object for it and execute the requested action name. Also included is a sample autoloader and a basic controller - a UsersController with "getAction" and "postAction" methods for responding to GET and POST requests.

0 comments voice your opinion now!
restful server tutorial request routing controller get post action


Sharon Levy's Blog:
PHP Version
January 05, 2012 @ 13:20:40

Sharon Levy has a new post to her blog showing a trick she's come up with to show the PHP version information (usually found in the phpinfo) even when it's disabled.

Sometimes the most crucial, basic piece of information can seem so hard to find. For example, suppose you wanted to find out what version of PHP your remote webhost provides to shared hosting users? What would you do? [...] For development purposes it can be helpful having phpinfo() available, but on a live shared host, you may discover as I did recently that it is no longer available; your host may have disabled it.

She includes three other ways you can use to get the version of PHP you're working with:

  • If you have command line access, running "php -v"
  • Using the phpversion function (or PHP_VERSION constant)
  • Appending a certain value to the URL (only works in some cases)
0 comments voice your opinion now!
find version language method phpinfo phpversion url


Sameer Borate's Blog:
Grabbing the referrer search engine keywords for a site
October 18, 2011 @ 13:25:27

On his blog today Sameer Borate has a new post with a handy bit of code you can use to find the keywords from a search engine referral to help with tracking how visitors have come to your site.

A couple of weeks back I had to write a solution for a client to track the referrer search engine from where the user came to his sites contact page, without using Google Analytics. If a user was to fill the contact form on the website, the referring search engine name and the keyword for which it was refereed was to be emailed along with the contact information. The following is a solution for the same.

The code itself is pretty simple - it checks the $_SERVER['HTTP_REFERER'] and, based on an array of search engine types, looks for a certain "query" keyname in the URL and matches what follows (with a regular expression). This can be useful for not only determining what sort of audience is visiting your site, but could also be used to present a custom message to visitors from certain search engines (or, more complicated, to show different content based on search terms).

0 comments voice your opinion now!
search engine keyword referrer url snippet



Community Events





Don't see your event here?
Let us know!


laravel security introduction version symfony framework opinion composer interview release voicesoftheelephpant community podcast tool list series language library artisanfiles conference

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework