<?php
// Coded by Mike Rogers (http://www.fullondesign.co.uk/) 1st October 2010.

function shorten($url, $qr=NULL){
	if(function_exists('curl_init')){
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_URL, 'http://goo.gl/api/shorten');
		curl_setopt($ch, CURLOPT_POST, TRUE);
		curl_setopt($ch, CURLOPT_POSTFIELDS, 'security_token=null&url='.urlencode($url));

		$results = curl_exec($ch);
		$headerInfo = curl_getinfo($ch);
		curl_close($ch);

		if ($headerInfo['http_code'] === 201){ // HTTP Code 201 = Created
			$results = json_decode($results);
			if(isset($results->short_url)){
				$qr = !is_null($qr)?'.qr':'';
				return $results->short_url.$qr;
			}
			return FALSE;
		}
		return FALSE;	

	}
	trigger_error("cURL required to shorten URLs.", E_USER_WARNING); // Show the user a neat error.
	return FALSE;
}

// Example: Just the Short URL
echo shorten('http://www.google.com/');

// Example: Give the Short Code URL and image it.
$qrURL = shorten('http://www.google.com/', TRUE);
echo '<img src="'.$qrURL.'" />';
?>

If you want to read up a bit more about the goo.gl shortener, take a look at Matt Cutts post on his blog.

Edit – Added QR Support.

Video Stream Caching

One of the big annoyances I have with streaming video files (normally on websites such as YouTube & Megavideo) is whenever I go to jump to another section of the video I lose what I currently have already loaded. It would be really useful if I could quickly go back to the section I’ve previously loaded.

This is a mock up I done, the video I used is from RayWilliamJohnson

I’m quite sure this would need to be implemented by the software, but I can’t see how it would be difficult to add.

Facebook – Pop-up chat

Pop-ups are a double edge sword; on the one hand they have been used incorrectly and become an utter annoyance. But on the other, they also can drastically improve a users experience with a website. For example the Facebook chat system is very inconvenient as I have to be looking at a Facebook page to talk to people. On a big screen this might not be a big issue, but on a small screen this makes it surprisingly difficult to  multi-task.

Oh noes! I can’t see the chat & watch the video

However, if Facebook make the chat system as a desktop application or just available in a pop-up I suspect that would solve issue.

JavaScript Library Integrated into browsers

It seems silly that I have to keep re-downloading the same file (A Javascript Library) to make a webpage more exciting. I would love to see not just jQuery, but most JavaScript libraries integrated into browsers (maybe as a add-on or something?) to speed up the download times of webpages.

On the other hand, it could be time to consider a new browser based language which is designed to make surfers & developers lives easier. For example adding a new attribute to html forms which allowed for browser specific (so people with screen readers will not be disadvantaged) validation.

<form>
<fieldset>
<label>Phone Number:
<input name="price" type="text" value="090 111 050" /></label>
</fieldset>
</form>

OpenID/Facebook Connect – More widely adopted

I hate having to sign up to websites, especially when I could just as easily use a login details from a single source. It would be really cool if more websites allowed for a “one click registration” option.

Adobe Flash – Video Player Standardization

One of my biggest pet hates is going onto a nice website just to find features I expect to find, or actions I believe are normal are just not present on the video players. For example I think it is normal for a click on a video to mean “pause” and a double click to go to full screen mode. I think this is just something Web Developers need to consider.

<?php
/*
errors class - Helps management of errors in a script.

@version
	1.0
@author
	Mike Rogers (FullOnDesin.co.uk)
@last updated
	03 June 2009
@usage
	You are free to share, modify and use this code for commercial or non-commercial uses.
	Please give a link back (to http://www.fullondesign.co.uk/ ) if you can, but you don't have you.
	You use this at your own risk.
*/
class errors {
	var $errors_data;

	/*
	Add the error from $new_error into an array of errors.

	@param
		$new_error	string The text related to your error.
	@return:
		True - Error has been Added
	@example
		add_error('Username is Incorrect');
	*/
	public function add_error($new_error){
		$this->errors_data[] = $new_error;
		return TRUE;
	}

	/*
		Outputs the errors.

	@param
		None
	@return:
		- A div (ID - error) which contains the errors.
		NULL - No errors
	@example
		echo output_errors();
	*/
	public function output_errors(){
		if(is_array($this->errors_data)){
			// Cycle through the errors.
			foreach($this->errors_data as $error)	{
				$return .= '<p>'.$error.'</p>';
			}
		// Add it to the error div
		return '<div id="error">'.$return.'</div>';
		}
		return NULL;
	}
}

// @Example - creating the class:
$errors = new errors;

// @Example - Add an error
$errors->add_error('Username is incorrect');

// @Example - Return the errors
echo $errors->output_errors();
?>

If you are looking to fully integrate a script similar to the above, there is a really good post regarding the set_error_handler() function on Tinsology ( PHP Error Handling ).

The Core Components

• API – Lets you talk to the facebook servers. [put picture here explaining in detail]
• FBML – Facebook markup language, it’s like a cute little html snippet which facebook turns into normal HTML.
• XFBML – A javascript which lets you use FBML in iframes.
• FQL – Lets you run SQL type query’s.
• FBJS – This changes your javascript so you can only work within a close environment.
• PHP Client Libraries – The PHP Facebook provides to communicate with their servers.

The fun stuff

Assuming you have downloaded the required files, you can now start playing with the facebook API. Here is the basic shell for any Facebook application:

<?php
# Start by Defining everything the code needs to talk to facebook. Facebook provides these when you sign up.
define(YOUR_API_KEY, '');
define(YOUR_SECRET_CODE, '');

// Include the facebook API PHP classes.
require_once('facebook.php');

// Connect to facebook
$facebook = new Facebook(YOUR_API_KEY,YOUR_SECRET_CODE);

// Return everything facebook has sent to you.
echo '
<pre'.'>Debug:' . print_r($facebook,true) . '</pre'.'>';
?>

As you guessed, that does basically just returns the data sent by facebook. If you want to try this out yourself, take a look at the Facebook Developer App.

<?php # File created on 25th April 2009 by Mike Rogers (http://www.fullondesign.co.uk/). 

## Start defining constants ##
define(LOG_URL, '/home/user/download_logs/'); // Put the location of where you want to put the logs. Make sure this is absolute
# $_GET['ID'] - this is the ID of the file we want. It gets the value from the URL.

## Now set the data you wish to use - this can be moved to an include if you want ##
$file[0] = 'http://www.example.com/file.pdf';

## Define the functions required to update the file.
function update_file($filename, $value){
	if(is_writable($filename) && is_readable($filename)){
		if(file_put_contents($filename, $value)){
			return TRUE;
		}
	}
	return NULL;
}
function pull_file($filename){
	if(is_writable($filename) && is_readable($filename)){
		return file_get_contents($filename);
	}
	return NULL;
}
function rebuild_file($filename){
	if(is_writable($filename) && is_readable($filename)){
		file_put_contents($filename, '1');
	}
}

if(is_numeric($_GET['ID'])){ // Meaning the Data sent is safe.

	// Build log file URL
	$filename = LOG_URL.$_GET['ID'].'.log.txt';
	$value = pull_file($filename);

	header('location:'.$file[$_GET['ID']]);

	// Update logs
	if(is_numeric($value)){
		update_file($filename, ($value+1));
	} else { // Meaning the file does not exist or has been messed with.
		rebuild_file($filename);
	}
} else {
	echo 'Sorry, there was an error.';
}

/* If you want to see how many people have downloaded a file, run something like:
# pull_file(LOG_URL.numberishere.'.log.txt');
/*

You are free to share, modify and use this code for commercial uses. Please give a link back (to http://www.fullondesign.co.uk/ ) if you can, but you don't have you.

I claim no liability for this code, you use it at your own risk.

*/

?>

You can run this by changing the URL that accesses the file. For example:
file.php?ID=0

Feel free to edit and share this code.

Comment & Document

It’s really important that people understand why you are doing certain things in certain ways. Adding a quick comment above sections of code should be adequate, but documenting classes and functions (Even if it’s in a Wiki) is fantastic.

Give Variables, Functions and Classes Meaningful names

Nothing is worse than trying to figure out what a function called “SIDFE()” does. Give everything a name that if someone else looked at it, they could figure out what it does. The above is a real example I have come across while adjusting a clients website, if the other programmer had called it something like Scan_Incomming_Data_For_Evil() it would have been a lot more straightforward.

White space

As you can see, a little space here and there makes life a lot easier.

No one likes to have to search for the start of a function. Make sure you indent your code and keep it easy to read quickly.

Never Delete – Comment out

This one is a little hard to grasp, but imagine you just fixed a bug (say 100 lines of code to fix it) and something else has broken. It makes sense to be able to go back and see the old code without modification of the new code. Also, doing this helps people see where an old bug was (assuming you comment that the section of code is evil) for future reference.

Use Braces

Braces are those neat } and { things. If you don’t use them on various functions it’s a pain to figure out where a loop starts and finishes. This is especially important when programming on a large scale because no one likes debugging fugly code. Here is an example of good and bad code:

<?php
/* Examples of annoying code */
if ( $coder === 'Silly' ) bang_head(); 

while ( $coder === 'Silly' )
    bang_head();

/* Examples of good code*/
if ( $coder !== 'Silly' ){ Drink_Beer(); }

while ( $coder !== 'Silly' ){
    Drink_Beer();
}
?>

Useful Links

PHP coding guidelines
10 Useful PHP Tips Revisited

<?php # File created on  1st April 2009 by Mike Rogers (http://www.fullondesign.co.uk/).
/*
function - recent_tweets(string $username [, int $limit = 5])
	$username - Your twitter username, such as rogem002
	$limit - Default: 5 - how many tweets you wish to show, must be numeric.
*/

function recent_tweets($username, $limit=5){
	if(!is_numeric($limit)){$limit = 5;}
	$xml = simplexml_load_file('http://search.twitter.com/search.atom?q=from%3A'.urlencode($username));
	$items_count= count($xml->entry);
	if($items_count < $limit){$limit = $items_count;}
	$i = 0;
	$return .= '
<ul>';
	while($i < $limit){
		$return .= '
<li title="'.$xml->entry[$i]->title.'"><!-- '.$xml->entry[$i]->published.' -->'.$xml->entry[$i]->content.'</li>

';
		$i++;
	}
	$return .=  '</ul>

';

	return $return;
}

echo recent_tweets('rogem002', 5);

/*
You are free to share, modify and use this code for commercial  uses. Please give a link back (to http://www.fullondesign.co.uk/ ) if you can, but you don't have you.
*/
?>

Edit: This only works for Twitterers who have privacy settings open (thanks Dan from XDnet.co.uk for the heads up).

Validate All Input

It’s very important to check all input to your script; a client could accidentally put a semi-colon in a field and possibly break your code. Always check that the user is posting what you expect. Here are some simple methods to validate input.

<?php
// Input must be a number
if(is_numeric($input)){
	echo 'Input is a number';
} else {
	echo 'Input is not a number';
}

// Input can only contain numbers and letters.
if(preg_match('/([^A-z0-9])/', $input)){
	echo 'Input does not contain only numbers and letters.';
} else {
	echo 'Input contains only numbers and letters.';
}

// Input must be an email
if(preg_match('/^([a-zA-Z0-9])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)+/', $input)){
	echo 'Email Is Valid.';
} else {
	echo 'Email Is Invalid.';
}
?>

Hash Passwords

Hashing passwords is mostly important from a privacy view point; if a hacker gets in they could sell your users details.

Use Sessions, not cookies

Never set sensitive data in cookies, users could edit them and potentially cause problems on your website. Instead use Sessions; they are a server side solution which is a little more secure.

<?php
session_start(); // Start the session. Always put this at the top of your html.

// Set some sessions
$_SESSION['name'] = 'Example 1';

// echo session data
echo $_SESSION['name'];
// Would return Example 1
?>

Related Links

PHP and MySQL Web Development (Developer’s Library)
Using Regular Expressions with PHP
10 Advanced PHP Tips To Improve Your Programming

Hashing is a really simple technique to hide data using a one way encryption. It’s especially necessary when dealing with users passwords (In a recent study, 60% of respondents use a similar passwords). Here is an example of how to hash using the MD5 function:

<?php
$password = md5('password');
// $password will now return 5f4dcc3b5aa765d61d8327deb882cf99
?>

However, we can improve on this code. Many hackers now use Rainbow tables to reverse the one-way encryption (and thus find out the secret data). Luckily programmers have come up with a new technique to combat this…Adding a pinch of salt to a hash. In programming terms, a salt is essentially an extra piece of information we add to what the user input to make it unusual. Here is an example how to code this:

<?php
$salt = '%$£Salt_Here*(&^';
$password = md5('password'.$salt);
// $password will now return 5747563a265df7a3250884394c0a05e0
?>

Related Posts

PHP Security Consortium: Password Hashing
Essential PHP Security

Here is a very quick and easy solution to stop potential hackers executing files in certain folders.

Open the .htaccess file in the folder you wish to protect and add the following code:

Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi

This will essentially stop the folders returning an index of what is inside them and stop various files from running.

Useful Links

PHP File Upload Security
Apache Tutorial: .htaccess files
Apache, MySQL, and PHP Web Development All-in-one Desk Reference for Dummies