My Twitter

Posts Tagged ‘PHP’

123

Displaying Recent Tweets via Twitter’s RSS

Wednesday, April 1st, 2009

Twitter has sprung to fame in the last few months, mostly thanks to its fantastic API. Here is a really quick and easy way to display your recent tweets on your website.

<?php # File created on  1st April 2009 by Mike Rogers (http://www.fullondesign.co.uk/).
/*
function - recent_tweets(string $username [, int $limit = 5])
	$username - Your twitter username, such as rogem002
	$limit - Default: 5 - how many tweets you wish to show, must be numeric.
*/

function recent_tweets($username, $limit=5){
	if(!is_numeric($limit)){$limit = 5;}
	$xml = simplexml_load_file('http://search.twitter.com/search.atom?q=from%3A'.urlencode($username));
	$items_count= count($xml->entry);
	if($items_count < $limit){$limit = $items_count;}
	$i = 0;
	$return .= '
<ul>';
	while($i < $limit){
		$return .= '
<li title="'.$xml->entry[$i]->title.'"><!-- '.$xml->entry[$i]->published.' -->'.$xml->entry[$i]->content.'</li>

';
		$i++;
	}
	$return .=  '</ul>

';

	return $return;
}

echo recent_tweets('rogem002', 5);

/*
You are free to share, modify and use this code for commercial  uses. Please give a link back (to http://www.fullondesign.co.uk/ ) if you can, but you don't have you.
*/
?>

Edit: This only works for Twitterers who have privacy settings open (thanks Dan from XDnet.co.uk for the heads up).

1 Comment »

Basic PHP Security

Friday, March 27th, 2009

Saying “Don’t trust your users” would be a little over statement, but in the world of programming it’s the best mindset. Here are some really basic tips for programming in general (but mostly focusing on PHP).

Validate All Input

It’s very important to check all input to your script; a client could accidentally put a semi-colon in a field and possibly break your code. Always check that the user is posting what you expect. Here are some simple methods to validate input.

<?php
// Input must be a number
if(is_numeric($input)){
	echo 'Input is a number';
} else {
	echo 'Input is not a number';
}

// Input can only contain numbers and letters.
if(preg_match('/([^A-z0-9])/', $input)){
	echo 'Input does not contain only numbers and letters.';
} else {
	echo 'Input contains only numbers and letters.';
}

// Input must be an email
if(preg_match('/^([a-zA-Z0-9])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)+/', $input)){
	echo 'Email Is Valid.';
} else {
	echo 'Email Is Invalid.';
}
?>

Hash Passwords

Hashing passwords is mostly important from a privacy view point; if a hacker gets in they could sell your users details.

Use Sessions, not cookies

Never set sensitive data in cookies, users could edit them and potentially cause problems on your website. Instead use Sessions; they are a server side solution which is a little more secure.

<?php
session_start(); // Start the session. Always put this at the top of your html.

// Set some sessions
$_SESSION['name'] = 'Example 1';

// echo session data
echo $_SESSION['name'];
// Would return Example 1
?>

(more…)

No Comments »

Securing Passwords in PHP

Tuesday, March 17th, 2009

Privacy on your website will be paramount to your success. In the world of application development, security can sometimes be overlooked (normally because accessibility is considered more important). Luckily, modern theories in coding mean we now can now be accessible and secure.

Hashing is a really simple technique to hide data using a one way encryption. It’s especially necessary when dealing with users passwords (In a recent study, 60% of respondents use a similar passwords). Here is an example of how to hash using the MD5 function:

<?php
$password = md5('password');
// $password will now return 5f4dcc3b5aa765d61d8327deb882cf99
?>

However, we can improve on this code. Many hackers now use Rainbow tables to reverse the one-way encryption (and thus find out the secret data). Luckily programmers have come up with a new technique to combat this…Adding a pinch of salt to a hash. In programming terms, a salt is essentially an extra piece of information we add to what the user input to make it unusual. Here is an example how to code this:

<?php
$salt = '%$£Salt_Here*(&^';
$password = md5('password'.$salt);
// $password will now return 5747563a265df7a3250884394c0a05e0
?>

Related Posts

PHP Security Consortium: Password Hashing
Essential PHP Security

2 Comments »

Securing publicly available folders

Monday, February 23rd, 2009

Anyone who has ever developed a website which allows users to upload files will tell you “It’s best to think everyone is out to destroy your server”, which unfortunately is the best mindset to be in when setting up any website. One of the main methods used to by hackers to breach security on your website is to upload a file which allows them to execute code.

Here is a very quick and easy solution to stop potential hackers executing files in certain folders.

Open the .htaccess file in the folder you wish to protect and add the following code:

Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi

This will essentially stop the folders returning an index of what is inside them and stop various files from running.

Useful Links

PHP File Upload Security
Apache Tutorial: .htaccess files
Apache, MySQL, and PHP Web Development All-in-one Desk Reference for Dummies

No Comments »

Securing Links

Saturday, February 14th, 2009

Have you ever wanted to secure links on your website (for example hide the real source of a file)? Here is a quick and easy way to do this.

<?php # File created on 11th February 2009 by Mike Rogers (http://www.fullondesign.co.uk/). 

## Start defining constants ## 

define(RUN_ERRORS, TRUE); // Do you want the script to display errors? TRUE = yes you do.

define(redirect_or_echo, 'redirect'); // Do you want to redirect the user to another website, or just echo the other other webpages' content. 'rediect' will redirect, 'echo' will return the web pages constents. I recommend redirect.

## End defining constants ##

/* Start the link codes. The code is the ?code=123 part of the URL. The array should be fotmatted like:

$link['code'] = 'http://URL';

You may find it easier to do this with MySQL or including this as a seperate file. Too many links could lower performance, but for a small website just trying to cloak a few links this is good :) 

*/

$link['1'] = 'http://www.site.com/';

// Start the system.

function external_url($url){

    if($return = @file_get_contents($url)){

        return $return;

    }elseif(function_exists("curl_init")){

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL, $url);

        curl_setopt($ch, CURLOPT_HEADER, 0);

        curl_setopt($ch, CURLOPT_TIMEOUT, 10);

        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 

        $return = curl_exec($ch);

        curl_close($ch);

        return $return;

    }elseif($return = @implode("", @file($url))){

        return $return;

    } else {

        return NULL;

    }

}

// Checks if the code is a number

if(is_numeric($_GET['code']) && is_array($link)){

    if(isset($link[$_GET['code']])){

        if(redirect_or_echo === 'redirect'){

            header('location: '.$link[$_GET['code']]);

        } elseif(redirect_or_echo === 'echo'){

            echo external_url($link[$_GET['code']]);

        }else{

            if(RUN_ERRORS === TRUE){

                echo 'Sorry, an internal error has occoured.';    

            }

        }

    } else {

        if(RUN_ERRORS === TRUE){

            echo 'Sorry, the code you have provided is incorrect.';    

        }

    }

}else{

    if(RUN_ERRORS === TRUE){

        echo 'Sorry, the code you have provided is incorrect.';    

    }

}

/*

You are free to share, modify and use this code for commercial uses. Please give a link back (to http://www.fullondesign.co.uk/ ) if you can, but you don't have you.

You use this at your own risk.

*/

?>

Download the Code

Useful Links

PHP’s Offical Website – It has a fantastic documentation section. Well worth a look.
PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide – The book I learnt PHP from, it’s really good for beginners and reference guide.

No Comments »

123