On PHPMaster.com there's a new tutorial posted showing you how to generate one-time use URLs that could be used for various things across an application, including things like account verification links.

A one-time URL is a specially crafted address that is valid for one use only. It's usually provided to a user to gain privileged access to a file for a limited time or as part of a particular activity, such as user account validation. In this article I'll show how to generate, implement, and expire one-time URLs.

Included in the post is the SQL to create a sample "pending_users" table that includes a "token" column for storing the generated hash. Code is also included for generating the hash and checking the incoming URL to see if it matches the requested user (and hasn't expired).

As a matter of general house keeping you could write a secondary script to keep expired tokens from accumulating in the database if a user never follows them. The script could be run periodically by an administrator, or preferably set up as a scheduled task or cron job and run automatically.

On PHPMaster.com today, there's a new tutorial walking you through the creation of a URL shortner - a simple tool that can be used to compact URLs into something easier to manage (and more friendly with services like Twitter).

Most of us are familiar with seeing URLs like bit.ly or t.co on our Twitter or Facebook feeds. These are examples of shortened URLs, which are a short alias or pointer to a longer page link. [...] In this article you'll learn how to create a fully functional URL shortener for your website that will work whether you use a front controller/framework or not. If you use a front controller, I'll discuss you how to easily integrate this URL shortener without having to dig into the controller's programming.

They help you create a simple database to hold the link relationships, the PHP code to create the randomized hash that represents the link and the code to shorten it. There's also the PHP code to take it the other way and decode the shortened version into the full URL. You can find the full code (ready for checkout) over on the PHPMaster.com Github account.

David Müller has a new post to his site today showing why validating URLs with filter_var is a good thing for the security of your application.

Since PHP 5.2 brought us the filter_var function, the time of such [regular expressions-based] monsters was over. [With] the simple, yet effective syntax [and] with a third parameter, filter flags can be passed, [...] 4 flags are available [for URL filtering].

He shows how to use it to filter out a simple XSS issue (a "script" tag in the URL) and some examples of issues that the filter_var function doesn't prevent - like injection of other schemes (like "php://" or "javascript://"). He recommends adding a wrapper around the method to check for the correct scheme (ex. "http" or "https" for URLs) and reminds you that filter_var is not multibyte capable.

On DesignAeon.com there's a recent tutorial posted showing you how to extract URLs from your database and determine which ones are "dead" automatically with the help of cURL.

Checking Deadlinks From the database manually is a Headache ,So why not use a script which return the http status of the particular link and tell us if the link is dead or not.So how do we check the dead links from the database ? How do we programatically check whether the link is dead or not ? To check broken or dead links from Database we will use curl .

Included in the post is a sample script that extracts the URLs from a field in the database (you'd need some extra smarts if you're pulling it from content) and running it though a "checklink" function. If the call to curl_getinfo returns false, the link is marked dead.

In this new post to his blog Gaurish Patil shows users of the Yii framework how they can update their configuration settings to hide the "index.php" in their requests and make cleaner URLs.

Finally we figure out the basics of Yii. While working on basic of Yii, I want to rewrite the url to SEO friendly. So I started to search on google, forum got useful information here http://www.yiiframework.com/doc/guide/1.1/en/topics.url To hide the index.php from url I did changes in config/main.php [...] and I created new .htaccess file in the same directory as my index.php file.

The changes are pretty simple - it's mostly a change to the "urlManager" setting to provide some rules for mapping controller and actions to the right place. The .htaccess file uses Apache's mod_rewrite functionality to grab the requested URL and remap it back to lay on top of the "index.php" front controller for the request.

Sharon Levy has a new post to her blog showing a trick she's come up with to show the PHP version information (usually found in the phpinfo) even when it's disabled.

Sometimes the most crucial, basic piece of information can seem so hard to find. For example, suppose you wanted to find out what version of PHP your remote webhost provides to shared hosting users? What would you do? [...] For development purposes it can be helpful having phpinfo() available, but on a live shared host, you may discover as I did recently that it is no longer available; your host may have disabled it.

She includes three other ways you can use to get the version of PHP you're working with:

• If you have command line access, running "php -v"
• Using the phpversion function (or PHP_VERSION constant)
• Appending a certain value to the URL (only works in some cases)

On his blog today Sameer Borate has a new post with a handy bit of code you can use to find the keywords from a search engine referral to help with tracking how visitors have come to your site.

A couple of weeks back I had to write a solution for a client to track the referrer search engine from where the user came to his sites contact page, without using Google Analytics. If a user was to fill the contact form on the website, the referring search engine name and the keyword for which it was refereed was to be emailed along with the contact information. The following is a solution for the same.

The code itself is pretty simple - it checks the $_SERVER['HTTP_REFERER'] and, based on an array of search engine types, looks for a certain "query" keyname in the URL and matches what follows (with a regular expression). This can be useful for not only determining what sort of audience is visiting your site, but could also be used to present a custom message to visitors from certain search engines (or, more complicated, to show different content based on search terms).

Lars Tesmer has a suggestion for all of the unit testers out there (you do unit test your code, right?) when needing to test a piece of code that makes a call to something on the file system or a remote resource. Their examples come from tests written against the Assetic codebase.

For our most recent After Work Hacking my co-workers and me decided to write unit tests for the open source project Assetic. That turned out to be a better decision than our last one, yet we still ran into an interesting challenge.

In testing the HttpAsset class from the tool, they came across the problem - a call to a remote/file resource that could not be tested because of a file_get_contents call that depends on an external source. They came up with a few options to try to test this example, some better than others:

• Give it a real URL to test with
• Wrap the file_get_contents inside of a new class (ex. a "ContentFetcher")
• Use vfsStream to mock out the file system in the unit test

In their case, vfsStream couldn't be used due to how the fetch call was made, but the tool can be very handy if you need to mock out an external file system resource.

Lorna Mitchell has a quick post to her blog today showing how you can use a simple curl call from PHP to shorten urls with bit.ly and pull back the result.

I've been looking around for a really simple API that would be a nice place to get started using web services from PHP - and I realised that bit.ly actually fits the bill really well. They have straightforward api docs on google code, and it's also a pretty simple function!

Her code is about three lines consisting of a curl_init call to the bit.ly server with the URL, a curl_setopt to tell it to return the information and a curl_exec to execute. The result is a JSON string easily decoded with a "url" parameter containing the newly minted short URL. She also briefly mentions some of the other features of the bit.ly API including reverse translation and bundling of links.

In a a new tutorial posted on his blog Martin Sik shows you how to "steal" the "did you mean..." functionality that Google's sites currently offer. His example uses cURL to get the current Google request URLs and fetch the associated results.

I really like Google and the classic "did you mean" feature is really great, unfortunately when I wanted to implement it into my project a realized that it's not provided by any of Google's APIs. [...] I believe for most developers [having a large dictionary and extend the dictionary when new terms are available] are unachievable. And so it's for me. So I was thinking if I can bypass these drawbacks and let Google do all the job for me.

The source code is included with the post showing two methods - fetching a "did you mean" block to parse or how a term is attached to a Google URL and the results are returned in JSON and parsed for display. Obviously, this is an external dependency you could consider if you put it into your application, but it can be quite a powerful tool in the right situations.