Tag Archives: Web Development

Beware of FTP Apps

FTPYesterday I received an email from my hosts saying they had received a report of email spam coming from my site. They said they had removed the offending script and suggested my site had been exploited. Like a good webmaster I logged in and checked my files. Nothing was amiss except a new directory with a random name like rbdfghydhf. I deleted the directory then started checking my server logs to see what requests had been made around the time the directory was created. I found nothing so began the process of deleting old files and scripts, which is something we should do regularly anyway.

So four hours later, after some Battlefield 4, I log back in to find a whole bunch of new directories had been made and again nothing in the logs to indicate how they were created. So I contacted my hosts and asked them to check the ownership of the directories and the files they contained. They eventually got back and told me they had been created via my FTP account from an an IP address in Poland, 77.114.120.185. Given my username and password are not simple things I scanned my computer to make sure it hadn’t been compromised. Two different anti virus programs and no malware found. Then I remembered that about a month or so ago I tested three FTP apps on my Android phone. One didn’t seem to work but the other two worked just fine after some messing with the settings. So by logical deduction I suspect this is how my account details got compromised. I checked the Play Store and only two of the three apps I tested are still listed which is another sign that this was the problem.

The moral of the story, if you need to FTP from your mobile device or anything else that requires your sites login details stick with trusted names or those that have a lot of reviews both good and bad. I was lucky but they could of done some serious damage.

Animated Div Collapsing

A few years ago I was looking for a simple JavaScript to animate the hiding/showing of a div. I came across one that was perfect from harrymaugans.com but the site is currently undergoing a revamp so the original post is no longer there. Anyway the script was perfect but it had one issue, it required that the div’s height be already set and I was working with dynamically populated divs that I wouldn’t know the size of. My original solution was to loop through the divs I was going to hide and set their height to what their height currently was (if that makes sense) before hiding them with display: none;. Anyway I got sidetracked and I felt this solution was inadequate anyway so left it in my test folder. Jump to the present day. I started looking at it again and realised I can grab the original height of the div once it’s display had been changed back to block by the script and it’s height set to 1px ready for the sliding into view. The solution was simply to use scrollHeight which gets the height of a div including any hidden content such as when overflow is set to hidden.

I also added a new function, toggleSlide, which means instead of needing a link to call the slideDown and then one to call the slideUp you can just call toggleSlide and it will either slide it up or down depending on it’s current state.

And so I am offering my version of the script here since I think some people might be in the same boat as me and find my solution useful and also because the original source is no longer available.

Read more »

Use your website to help find missing children in EU

Do you run a website, blog or forum? Then you could help find children missing in Europe. Thanks to the NotFound project, you can make a difference. Install our application and a picture of a missing child automatically gets published on every ‘page not found’ of your website.

In the European Union alone, thousands of children are still missing. They run away from conflicts at home, are the victims of parental abductions, disappear after having travelled across the EU alone, or are abducted by criminals. But there is a way you can help, namely by installing the Notfound application. By doing this, automatically, a picture of a missing child will be posted on every 404 page of your website. This is how you can help Child Focus spread a maximum number of photos and help all missing children find their way home.

Discover the application on www.notfound.org.

Random Character Generation in PHP and JavaScript

I wrote this function in response to someone else’s attempt on a forum I was asked to join. It basically generates a string of random letters and numbers with the letters being in both upper and lower case. It is easy to edit it to only use upper or lower case letters or even add symbols as well. I initially wrote it in PHP and then rewrote it in JavaScript as well.

function randomString($strLen = 32)
{
  // Create our character arrays
  $chrs = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9));
 
  // Just to make the output even more random
  shuffle($chrs);
 
  // Create a holder for our string
  $randStr = '';
 
  // Now loop through the desired number of characters for our string
  for($i=0; $i< $strLen; $i++)
  {
    $randStr .= $chrs[mt_rand(0, (count($chrs) - 1))];
  }
  return $randStr;
}

Using it is simply a case of calling it and specifying how long to make the string otherwise it uses the default length of 32 characters.

echo randomString(12);

To also make it use symbols you just change the array_merge to
Read more »

Sending email via SMTP using PHP

A couple of my users contacted me to say that their host had disabled sendmail and required any scripts they use to now use SMTP to send emails. This resulted in me quickly reading all I could about SMTP and the result is this slightly rough script I am sharing. It’s pretty self explanatory. Put your SMTP server details in the $mailCfg array. Next simply call the smtpMail function which uses the same variables as the standard PHP mail() function but with two additional variables. The additional variables are the email address we are sending from and $mailCfg. I could of put $mailCfg as a global but this way you can include the script in a different script and store the required information where ever you want. The from address is important as most SMTP servers will reject the message if it’s not included.

Just remember the code is far from perfect and was created to do a simple job.

It also has one nice extra function you might find useful… Read more »

Safari 4 and Firefox 3.5b99

Well Apple has gone and released the memory hog that is Safari 4. It does look good but given that it uses a ridiculous amount of memory I think I will pass. It has some nice features that only work on a mac. Go figure.

Also Mozilla has released a new version of Firefox 3.5. It is marked as beta 99 but is basically something between a beta and a release candidate. it has improvements to Tracemonkey, the engine used to clean up memory usage but not sure it works that good at removing things from memory it no longer requires.

Now Google Chrome has excellent memory handling it’s just a shame it’s options are sparse, it has no extension support (even IE supports extensions/plug ins) (apparently as of version 2 it does) and the rendering engine, WebKit, is far from perfect. Sites like Facebook can prove a nightmare at times when it’s divs disappear behind it’s ad bar.

I’ve personally decided to give Firefox a break and use Flock for a few weeks.

Blocking IP Addresses Using htaccess

I’m writing this because blocking by domain on my hosts pretty much kills my web site and so I have had to learn to block ip addresses. Blocking single ip addresses is simple as you just need something like the following

order allow,deny
deny from 9.120.161.206
allow from all

And that will block the computer at ip address 9.120.161.206 from being able to access your site. But what if you want to block a whole range of ip addresses such as 9.120.161.0 to 9.120.161.255? Well then we just leave off the end number like this

order allow,deny
deny from 9.120.161.
allow from all

Ok so now we get to the clever and damn fiddly bit. As of Apache 1.3 we can use CIDR codes to specify ranges of ip addresses. So another way of writing the above code would be

order allow,deny
deny from 9.120.161.0/24
allow from all

and that would do exactly the same as 9.120.161. but we can do so much more. After the break (ie click the read more link) I will show a list of the CIDR codes and what they do.
Read more »

Top Ten Javascript Functions

Whilst surfing the ether we call the internet I came across a list of top ten javascript functions by Dustin Diaz. As the saying goes it does exactly what it says on the tin. It is a collection of ten (and a bonus one) basic javascript functions that most Javascript writers will need/use quite a lot. Such functions as adding onload events to the window even if you’re not sure that it’s already been set by another script. getElementByClass which to me is something that should of been in Javascript from the start 😡 . If you write Javascript then you will find atleast one of the functions useful.

And I know it was written in 2005 but the functions are just as valid today.

Bad Web Devs

I’m a hobbyist web developer and nothing annoys me more than web sites that have obviously paid for someone to build their sites but whoever has built it has done a half arsed job.

My main gripe at the moment is sites that require you to have cookies enabled but have terrible code in place for if you don’t.

A good example is Game who put you in to an infinite redirect loop if you have cookies disabled. In fact you have to enable cookies on their site to see the page that tells you that you needs cookies enabled to view the site 😐

Another bad one I just found, and this one is really really bad, is download.com. You don’t need cookies to view the site but if you have them disabled and click through to view a programs page your browsers memory usage goes through the roof. I tested this in Firefox 3.1 b3, IE8 and Chrome. With all three browsers I had to use task manager to close them thanks to download.com’s sloppy web code.

So please, if you are going to write a site that requires that visitors accept cookies, make sure you have good code in place to handle people like me who have cookies disabled.

Gzipping your pages to save bandwidth

Ok I’ve been playing with Javascript frameworks like Jquery and Prototype. Now by default Jquery is 54KB and Prototype is 130KB (at the time of writing this). As you can see these are not small files. Now this is where gzip comes in. An easy way to describe gzip is that your server zips up the file before sending it to the web browser and the web browser then unzips it. Anyway by gzipping these two files using some PHP I have got Jquery down to 19KB and prototype down to 30KB!!!!

So we have Jquery:
Original Size: 54 KB
Gzipped Size: 19 KB
Data Savings: 64.81%

and prototype:
Original Size: 131 KB
Gzipped Size: 30 KB
Data Savings: 77.1%

All testing done using mod_zip test.

Anyway on to the code.
Read more »

Post Popularity Graphing by Knowledge Ring