These Days

April 9th, 2006 by Quatrux

Well, I was working hard on these Days to Improve the Personal homepage CMS, well as you see below or maybe not, I have added a lot of security, but in these days I have learned a lot of new things, so now my site runs on a Template and I have wrote some more stuff and now I have a Database Wrapper, I am using a Database class for better usage and stuff.

Furthermore, I made my Site available as real xHTML and run as XML application, also it can be viewed as XML and WML, yes a Mobile WAP version was added, even though I think it is crazy, I did this to have some practice with WAP and WML, but in fact they are easy to use, there isn’t anything special about it. XML has more problems, I need it to work with all the major browsers properly so it requires me some HTTP ACCEPT and USER AGENT checks, with which I am particularly working, different browsers support it differently and I want that old browsers would work too. My current problem is XLS with which am I pissed off, but I think that after a good rest, I will continue and integrate CSS and XLS stylesheets in my XML version.

Posted in Personal, Webmastering | No Comments »

Site Security ?

April 2nd, 2006 by Quatrux

Every Site wants to be secure ? right ? Well, I think I have overdone, but I feel alright now, I totally rewrote my Quatrux theSite CMS and now it is very secure, in fact I can run several sites on it in different directories.. cool isn’t it ? there are library files which is always used, they are placed in a non public directory, I mean /home/user/private/theSite-library/ which are included with php include function. No one can access that directory except for the owner of the files, ftp user and I made a quite cool chmod for it.

The site runs on one index.php file which has several lines to define stuff, and some files in /dir/ directory which is protected by password using .htaccess so no one can access it except for php, perl etc. all the passwords in settings file are hashed using random hasher numbers and I just check the value and never can know it, but for mysql passwords I made it like this ? decrypt($settings['mysql']['password']); and it returns the value, this function is my own written custom function. The other files is just the template for the site. :)

I made two mysql users for my database, one which is selected when you’re browsing the site, his privileges is only to use SELECT and another who is selected while browsing the Panel, it can SELECT, UPDATE and INSERT and nothing more, my database is frequently backed up automatically if something was changed in the panel. :D

The PHP scripts are written nicely and does not throw any errors, I have changed to xHTML 1.0 Transitional and it is Valid, same as CSS. In Fact I am waiting for CSS 3 version :D and with time I will integrate AJAX on my Panel for easy usage, I have learned javascript, now only need practice. ;)

Posted in MySQL, PHP, Webmastering | No Comments »

Did I start to Learn ?

March 31st, 2006 by Quatrux

Now I am thinking about, did I really start to learn much more ? and work much more too ? I again sleep for only average of 5 hours and usually at day/evening time, due to at night the Internet speed is faster and I can work better. I get up early to read history or physics and do my homework, because at mornings my head is fresh, not like at midnights, when every muscle feels tired. I learned javascript together with html dom and dhtml in about 7 hours, but I still did not use everything particularly, I made some nice ideas how to use js for my panel, but I mainly did this, because of AJAX, I am using AJAX at my panel.

Did I mention that I totally changed my CMS ? now it is called Q SiteCMS which works really nice, now the Panel is much more comfortable and some bugs were removed and eventually a lot of code added, rewritten functions and stuff. The queries to the mysql database got different and I created two users for my mysql database, one which is only allowed to SELECT to view the content and other for the PANEL which is only allowed to SELECT, UPDATE, INSERT and I don’t DELETE anything, I just use TRUE on ‘deleted’ field, TRUE = 1. By the way, I ruined my database online, by running a stupid query, I forgot to add WHERE `id`=’24′ and it changed all of the fields to a same value :D so I needed to use a backup, which hadn’t some articles, I needed to rewrite them :(

Posted in MySQL, Personal | No Comments »

Chinchilla is Online

February 28th, 2006 by Quatrux

Well, I spend all this Tuesday creating the chinchilla homepage, I made the graphics with the Gimp and this time the colour scheme is really great, I like it myself, even though it is not professional, it does not need to be it is a site about one of my home pet :D Well, nothing special really, I needed time to write all the content of the homepage and I will need to write more and clear the spelling mistakes I have done on some day I won’t be lazy. So here is the link:

Chinchilla homepage

Posted in Personal, Webmastering | No Comments »

Faustas is online

February 28th, 2006 by Quatrux

Well, I got home and finished making the stuff with Faustas homepage, uploaded the files and made it online friendly, I quite like the layout, even though it is similar to my personal homepage.. I don’t care really, the old layout/site is still working and is online, but because the sites are using the same mysql table, the links on the old one won’t work and you’ll get errors, not all links though. ;) I fixed several php mistakes I have found, but nothing serious, more html stuff though. So here is the address you can see the Faustas homepage:

Faustas homepage

I am thinking of creating more sites about some stuff, but wait and see ;) This is stupid, isn’t it ? so what can I do if I living such a boring life :S

Posted in Dog, Personal, Webmastering | No Comments »

New Design

February 16th, 2006 by Quatrux

I created a new design for the little Quatrux site and now when I finished it, I am really proud about it :D the logo, it really is great, the best graphics I ever created yet and the colours, wow – amazing, I really like this day. I added some javascript and changed some css, but not much work needed to be done to change everything, because my little cms is very nice and easy to use. I thought to program in php a little bit, but got to lazy, talking with a friend, so don’t want to do anything else.. and besides it is almost 1 AM and my head is empty, I was sitting near the computer since 11 AM, so that is a lot, but not my record.

Posted in Webmastering | No Comments »

.htaccess files

December 11th, 2005 by Quatrux

Using .htaccess files on your server is really useful, I found out that you can change php.ini and httpd.conf/apache.conf configuration but if the server lets to do it, well so I will show an example of my htaccess file ;)

Apache [Show Plain Code]:
  1. #######################################
  3. #######################################
  5. #****************************************************+
  6. # Enable this, but some google bots get an 406 error *
  7. #****************************************************+
  9. #Options MultiViews
  11. #*********************************************+
  12. # Alternative to above and googlebot is happy *
  13. #*********************************************+
  15. #Options -Multiviews
  16. #RewriteEngine On
  17. #RewriteBase /
  18. #RewriteRule ^quatrux/(.*) /quatrux.php/$1
  19. #RewriteRule ^quatrux$ /quatrux.php
  21. #******************************************************+
  22. # Manage Index Options                                 *
  23. #                     you can also include HEADER.html *
  24. #                             and README.html files    *
  25. #******************************************************+
  27. #IndexOptions FancyIndexing SuppressHTMLPreamble DescriptionWidth=*
  28. #AddDescription "JPG File" *.jpg
  29. #AddDescription "GIF File" *.gif
  31. #****************************+
  32. # Add new Extensions for PHP *
  33. #****************************+
  35. AddType application/x-httpd-php .q .do
  37. #*************************************************+
  38. # Default Extension for Files having no Extension *
  39. #*************************************************+
  41.  # DefaultType application/x-httpd-php
  43. #************************+
  44. # Default Index Settings *
  45. #************************+
  47. DirectoryIndex index.html index.php
  48. IndexIgnore *
  50. #******************************************************+
  51. # Change default PHP.ini Settings                      *
  52. #            Not all Options are allowed to be changed *
  53. #                      *
  54. #******************************************************+
  56. #===========================\
  57. # ASP TAGS on/off (Boolean) +
  58. #===========================/
  59. php_flag asp_tags off
  60. #=================================\
  61. # SHORT OPEN TAG on/off (Boolean) +
  62. #=================================/
  63.  #php_flag short_open_tag off
  64. #===================================\
  65. # REGISTER GLOBALS on/off (Boolean) +
  66. #===================================/
  67. php_flag register_globals off
  68. #========================================\
  69. # SESSION USE TRANS SID on/off (Boolean) +
  70. #========================================/
  71. php_flag session.use_trans_sid off
  72. #===================================\
  73. # MAGIC QUOTES GPC on/off (Boolean) +
  74. #===================================/
  75.  #php_flag magic_quotes_gpc off
  76. #=======================================\
  77. # MAGIC QUOTES RUNTIME on/off (Boolean) +
  78. #=======================================/
  79.  #php_flag magic_quotes_runtime off
  81. #==============================================\
  82. # MAX EXECUTION TIME time in seconds (Integer) +
  83. #==============================================/
  84. php_value max_execution_time "10"
  85. #=====================================\
  86. # ARG SEPERATOR OUTPUT value (String) +
  87. #=====================================/
  88. php_value arg_separator.output "&"
  89. #=============================\
  90. # URL REWRITER value (String) +
  91. #=============================/
  92. php_value url_rewriter.tags "frame=src"
  93. #=============================\
  94. # INCLUDE PATH value (String) +
  95. #=============================/
  96.  #php_value include_path ".:/home/user/public_html/includes/"
  97. #===========================\
  98. # USER AGENT value (String) +
  99. #===========================/
  100. php_value user_agent "Opera/8.51 (Windows NT 5.1; U; en)"
  101. #====================================\
  102. # UPLOAD MAX FILESIZE size (Integer) +
  103. #====================================/
  104. php_value upload_max_filesize 8M
  105. #==================================\
  106. # Error Reporting number (Integer) +
  107. #==================================/
  108. php_value error_reporting 2047
  110. #******************************************************+
  111. # Error Documents Handler                              *
  112. #          Custom Error Documents are generated by PHP *
  113. #               Valid HTML META and HEADERS are Send   *
  114. #******************************************************+
  116. ErrorDocument 400 /
  117. ErrorDocument 401 /
  118. ErrorDocument 402 /
  119. ErrorDocument 403 /
  120. ErrorDocument 404 /
  121. ErrorDocument 405 /
  122. ErrorDocument 406 /
  123. ErrorDocument 407 /
  124. ErrorDocument 408 /
  125. ErrorDocument 409 /
  126. ErrorDocument 410 /
  127. ErrorDocument 411 /
  128. ErrorDocument 412 /
  129. ErrorDocument 413 /
  130. ErrorDocument 414 /
  131. ErrorDocument 415 /
  132. ErrorDocument 416 /
  133. ErrorDocument 417 /
  134. ErrorDocument 500 /
  135. ErrorDocument 501 /
  136. ErrorDocument 502 /
  137. ErrorDocument 503 /
  138. ErrorDocument 504 /
  139. ErrorDocument 505 /
  141. ####################################
  143. ####################################

well and you could create your own file.php as a custom error page and do anything you like, hope this helps ;)

Posted in PHP, Webmastering | No Comments »

Your guestbook has Spam ?

December 6th, 2005 by Quatrux

Well a lot of people have problems with this, usually the bots find your guestbook and with time start adding some content about casino, gambling, viagra and medicine etc. this is so annoying, you get an email that somebody signed and you need to clean it, wow, what a waste of time ?! and other good robots might index it and that won’t look nice, your site might be thought of being spam one having links to porno sites :D so how can you protect from them, the bad robots ? well the first thing is banning, but as usually they have different IPs it does not help to much, the other thing is cookies, but usually those bots have cookies disabled and sends false headers, so it only might help from some guys spamming your guestbook, those idiots should be shot or their balls could be cut with a big big knife :) The best way is to have a random value of letters and numbers, though I prefer numbers, they look much nicer in the image, yeah so using for example with GD library create an image with that random value, do not forget to have random backgrounds, don’t use one colour, random positions of the letters or numbers, you might even use upper/lower case, but well this protection sometimes annoys the real users.. but that is life, you also should use sessions for this thing to work properly or any method you want. Here is a good PHP function which you can use to generate a value:

  1. < ?php
  3. function random_chars($length = ‘6′) {
  4.         /* Make Random Seed */  $value = ;
  5.         mt_srand((double) microtime() * 1000000);
  6.         $letters = "abcdefghijklmnopqrstuvwxyz"; /* add it if needed ‘123456789′ ‘ABCDEFGHIJKLMOPQRSTUVWXZ’ */
  7.                 for ($i = 0; $i < $length; $i++) {
  8.                         $value .= substr($letters, (mt_rand()%(strlen($letters))), 1);
  9.                 }
  10.         return $value;
  11. }
  13. ?>

So echo random_chars(); will parse a random value every time with the default length of 6, you can change the length you want.

Posted in PHP, Webmastering | 6 Comments »

Functions in PHP

December 4th, 2005 by Quatrux

custom Functions in PHP is one of the best things available to optimize your code, the things you can do with it are enormous, here is my two examples of some functions which you can use.

  1. < ?php
  3. function pw_encode($pass) {
  4.         /* Check Input */
  5.         if (is_string($pass) AND !empty($pass)) {
  6.                 /* Make a Random Seed */        $s = '';
  7.                 for ($i = 0; $i < 8; $i++) {
  8.                         $s .= substr('0123456789abcdef', mt_rand(0,15), 1);
  9.                 }
  10.                 return md5($s.$pass).$s;
  11.         } else {
  12.                 user_error('pw_encode() The input should be non empty string', E_USER_WARNING);
  13.                 return FALSE;
  14.         }
  15. }
  17. function pw_check($pass, $value) {
  18.         /* Check Input */
  19.         if (is_string($pass) AND is_string($value) AND !empty($pass) AND !empty($value)) {
  20.                 /* Get the Seed */
  21.                 $s = substr($value, 32, 8 );
  22.                 /* Check the Passwords */
  23.                 if (md5($s.$pass).$s == $value) {
  24.                         return TRUE;
  25.                 } else {
  26.                         return FALSE;
  27.                 }
  28.         } else {
  29.                 user_error('pw_decode() The both input values should be non empty strings', E_USER_WARNING);
  30.                 return FALSE;
  31.         }
  32. }

so now, how would you use those functions ? it is really simple, if you know some PHP, here is an example, you just need to call the function like an ordinary compiled php function :D

  1. < ?php
  2. /* Encode the Password */
  3. $password = pw_encode(‘my_pass’);
  4. // it is recommended to store the password somewhere in your database
  5. /* Check the Password */
  6. // the password could come from a Post method and the $password from the database or a txt file etc.
  7. if (pw_check($password, ‘my pass’)) {
  8.         echo ‘the password is correct’;
  9. } else {
  10.         echo ‘you forgot your password ?’;
  11. }
  12. ?>

This is just one example, in functions you can’t use variables from outside the script, unless you make them global, or you can use super globals like $_SERVER, $_GET, $_POST, $_SESSION inside the functions also $GLOBALS[] array and constants which you defined using define() like if you would like to use mysql_resource in the function, just pass it through into the function: function name($a, $b, $mysql_connection) {} and whola you can use mysql in the function without needing to connect inside the function, same for ftp and irc gateway connections. Don’t forget that include() function works well in the functions or you can use file() and everything you want, as I said it is enormous thing, imagine your simple site: file index.php

  1. < ?php
  3. /* My Site*/
  4. include "functions.php";
  5. echo_site();
  6. ?>

and the function will just output everything, well it is not the best way but it is possible. ;)
Enough for today :D

Posted in PHP, Webmastering | No Comments »

Output Buffering

December 4th, 2005 by Quatrux

What I found interesting is that output buffering can be really handy and that using it for half of year I had no problems with it, I mean using ob_start() function with gz_handler here is an example, put it somewhere in top of your file:

  1. < ?php
  2. /* Start GZipped or Plain Output Buffering */
  3. if (extension_loaded(‘zlib’) AND (ini_get(‘zlib.output_compression’) != ‘1′ OR ini_get(‘output_handler’) != ‘ob_gzhandler’)) {
  4.         ob_start("ob_gzhandler");
  5. } else {
  6.         ob_start();
  7. }
  8. ?>

using it you can use header() function anywhere in the files even if you wrote echo or made some output, you can edit the output, just read about output buffering functions in the php manual –

because our html has so many the same tags it is just perfect for using gzip on it, it can compress up to 60% of your source, in this way you save bandwidth and time for the user to get the file and it works great because if the user browser can’t decode gzip it won’t be sent with gzip encoding, it saves time because apache does not need to use the resources of sending the file, but it uses a bit of resources to encode using gzip, all in all it is a thing which I found to late, but I am happy I found it, it opened me new possibilities. :D

Posted in PHP, Webmastering | 4 Comments »

    Next Entries »