As I promised I will keep posting about website speed and security, I decided to share with you a vulnerability I’ve often seen to download any file from a server. Directory traversal attacks can work in various PHP projects as well as WordPress themes/plugins. Note that this does not apply to PHP only, it can be used with other scripting languages, so consider checking and updating your code to make it secure.
[Read more…]
Detect Mobile Devices on Front-End and Back-end
Depending on each ones needs, we often need ways to detect if our visitors are using an iPad, a smartphone or any other mobile device in order to make out website responsive and even faster by reducing data load. The following are a bunch of classes and snippets you can use to accomplish that, either on the back-end (server side) or on the front-end (client side), depending on each development situation, making it easier to detect mobile devices.
Mobile Detect is a lightweight PHP class for detecting mobile devices (including tablets). It uses the User-Agent string combined with specific HTTP headers to detect the mobile environment.
You may consider this script as being part of the RESS (Responsive Web Design with Server-Side Component) movement. You can find out more on the topic by reading these articles: Improve Mobile Support With Server-Side-Enhanced Responsive Design and RESS: Responsive Design + Server Side Components.
[Read more…]
PHP Project Quality Done the Right Way: Free Test
We all know how frustrating bugs and security breaches are when it comes to fixing especially if you develop a web application that is used by many people and one of the most important things we need to take care of is the code quality which should have the highest standards of security.
SensioLabsInsight automatically analyses the code and behaviour on your application on any PHP projects (custom, WordPress, Joomla, Drupal and the list goes on and on). Issues are detected over 100 rules, all defined by experts after years of extensive practice. These guys are behind Symfony framework and Twig Template engine (which I use on my WordPress projects to separate the HTML from the PHP). Bugs and potential security breaches are classified according to their nature from the minor to the critical ones.
[Read more…]
PHP: Sort Multidimensional Array by Sub-Array Key’s Value
I’d like to share with you my fellow readers a function that I’ve been using in my projects to arrange the order of sub-arrays in a main array. As developers, it’s likely that you encountered this situation where you have a list of items in the database that are fetched in a specific order but you want to display them in the front-end sorted by a value of that item.
[Read more…]
Send HTTP POST Data to Remote URL
I’d like to share with you a function that I use a lot in my web projects. It’s useful to send data through POST from one location to another. It’s very useful if you need to send information from a server to a remote one. For example, you can use AJAX to call a PHP file from your website that when being accessed, it will send POST data to a Remote URL location and get its output, all of this being processed in the background.
/** * SendPostData() * * @param mixed $_p * @param mixed $remote_url * @return */ function SendPostData($_p, $remote_url) { $remote_url = trim($remote_url); $is_https = (substr($remote_url, 0, 5) == 'https'); $fields_string = http_build_query($_p); // Run this code if you have cURL enabled if(function_exists('curl_init')) { // create a new cURL resource $ch = curl_init(); // set URL and other appropriate options curl_setopt($ch, CURLOPT_URL, $remote_url); if($is_https && extension_loaded('openssl')) { curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // grab URL and pass it to the browser $response = curl_exec($ch); // close cURL resource, and free up system resources curl_close($ch); // No cURL? Use an alternative code } else { $context_options = array ( 'http' => array ( 'method' => 'POST', 'header' => "Content-type: application/x-www-form-urlencoded\r\n". "Content-Length: ".strlen($fields_string)."\r\n", 'content' => $fields_string ) ); $context = stream_context_create($context_options); $fp = fopen($remote_url, 'r', false, $context); if (!$fp) { throw new Exception("Problem with $remote_url, $php_errormsg"); } $response = @stream_get_contents($fp); if ($response === false) { throw new Exception("Problem reading data from $remote_url, $php_errormsg"); } } return $response; }
Usage Example:
$response = SendPostData($_POST, 'http://www.myserver2location.com/receive-data.php');
PS: You can use any array variable as the first argument. $_POST is just a common one used in these situations.