Webnetics UK Ltd. - Forums - Programming

Forum Etiquette and Common Sense

Sun, 27 Mar 2011 12:29:51 +0000

Common rules

1. Only one account per person is permitted.
2. Do not pretend to be/represent somebody else. Your account will be deleted if found to be in breach of this rule.
3. When registering, a valid email address has to be used. Disposable email addresses are not permitted. If found, we will remove the account in question.
4. Keep all posts on-topic.
5. All posts must be in English, unless posted in a specific international forum. If posting in a international forum, please use the language of that forum, and not English.
6. DO NOT SEND SUPPORT REQUESTS VIA PM, unless expressly invited to do so. Using PM to actively solicit work is not allowed. Post, in accord with the rules in the correct forum. Abuse of the PM system in this way can lead to your membership being removed.
7. Do not discuss illegal activities.
8. No useless posts. This includes: Thread bumping, useless one liners, repeated requests about new versions, Flamewars, Trolling and Spamming.
9. Do not propose/link to any site that contains warez/copyrighted software/materials that can be downloaded illegally.
10. Do not link to any site that contains adult content, sexually oriented material or might otherwise be considered offensive. Any post containing an inappropriate link will be deleted and the poster will receive a warning.

At all times

1. Keep all commentary civil, and be courteous at all times. Constructive criticism is welcome, but insults directed towards other users or the site admins will not be tolerated. Coarse/insulting language will not be tolerated.
2. Choose an appropriate subject line. Try to summarise the problem briefly in the subject, and elaborate in the message itself. A title like "Have you seen this..." or "Help needed!!!!" will be deleted.
3. Spend 10 minutes with the admin panel before posting common sense questions like "How do I see orders", or "How do I add products". If you go through each admin menu you will find all you need to know about the basic features.
4. Search before posting. You may need to search multiple variation of the terms.
5. Any posts deemed to be self promotion, advertising, or spam can and will be removed. NO SPAM - NO ADVERTISING eg. Posting and making excessive, inappropriate and unnecessary references to your products and websites is self promotion.
6. Don't lump sum mods and inquiries in one post. People asking for help and at the same time attaching a contribution should be avoided. Contributions go in the contrib thread. Help goes in one of the support threads, based on the affected element (modules, templates, languages, general, etc).
7. Bugs go into the bug area ONLY after you have searched the bug forum and found nothing similar.
8. Hijacking threads because you feel the need to whine or complain about your personal opinions that have nothing to do with the main topic of the thread will be instantly deleted at will!
9. If you feel a post violates any of these rules, or you need to bring it to the attention of a moderator (move threads/close/split), please use the â€˜report this postâ€™ link to notify the moderators.

Signatures & Avatars

1. Must be setup in your Profile (user Control Panel) , and not manually added to your messages.
2. May not contain any pricing, sales, product etc. details.
3. Only exact URLs allowed ie not LOOK HERE - No tinyurls, affiliate links etc either, only exact, literal URLs
4. Maximum font size should not be larger than normal +1.
5. Signature shall not have more than 4 lines (at a line width of 75 chars).
6. Any signature or avatar that is offensive or insulting to either us, our members, or our staff, is prohibited.
7. Signature size should not exceed the maximum size of 60 x 180 px (height x width).
8. Avatar size should not exceed the maximum size of 75 x 75 px (height x width).
9. Signature & Avatar images may not contain any copyright material (e.g. trademarks)
10. We reserve the right to ask you to change and/or remove your signature or avatar at any time, for any reason.

Failure to abide by these rules may result in an editing, negative moderation or deletion of your post.
We reserve the right to ban users from the site.
We reserve the right to change these rules at any time.

Cache it! (PHP) - Part 1

Sat, 06 Sep 2008 10:32:17 +0000

In the good old days when building web sites was as easy as knocking up a few pages, the delivery of a web page to a browser was a simple matter of having the web server fetch a file. A site's visitors would see its small, text-only pages almost immediately, unless they were using particularly slow modems. Once the page was downloaded, the browser would store it somewhere on your local computer so that, should the page be requested again, after performing a quick check with the server to ensure the page hadn't been updated, the browser could display the locally cached version. Pages were served as quickly and efficiently as possible, and everyone was happy.

Then dynamic web pages came along and spoiled the party by introducing two problems:

â€¢ When a request for a dynamic web page is received by the server, some intermediate processing must be completed, such as the execution of scripts by the engine. This processing introduces a delay before the web server begins to deliver the output to the browser. This may not be a significant delay where simple PHP scripts are concerned, but for a more complex application, the PHP engine may have a lot of work to do before the page is finally ready for delivery. This extra work results in a noticeable time lag between the user's requests and the actual display of pages noticeable time lag between the user's requests and the actual display of pages in the browser.

â€¢ A typical web server, such as, uses the time of file modification to inform a web browser of a requested page's age, allowing the browser to take appropriate action. With dynamic web pages, the actual PHP script may change only occasionally; meanwhile, the content it display s, which is often fetched from a database, will change frequently. The web server has no way of discerning updates to the database, so it doesn't send a last modified date. If the client (that is, the user's browser) has no indication of how long the data will remain valid, it will take a guess. This is problematic if the browser decides to use a locally cached version of the page which is now out of date, or if the browser decides to request from the server a fresh copy of the page, which actually has no new content, making the request redundant. The web server will always respond with a freshly constructed version of the page, regardless of whether or not the data in the database has actually changed.

To avoid the possibility of a web site visitor viewing out-of-date content, most web developers use a meta tag or HTTP headers to tell the browser never to use a cached version of the page. However, this negates the web browser's natural ability to cache web pages, and entails some serious disadvantages. For example, the content delivered by a dynamic page may only change once a day, so there's certainly a benefit to be gained by having the browser cache a page--even if only for 24 hours.

If you're working with a small PHP application, it's usually possible to live with both issues. But as your site increases in complexity --and attracts more traffic--you'll begin to run into performance problems. Both these issues can be solved, however: the first with server-side caching; the second, by taking control of [6] caching from within your application. The exact approach you use to solve these problems will depend on your application, but in this chapter, we'll consider both PHP and a number of class libraries from as possible panaceas for your web page woes.

How do I prevent web browsers from caching a page?

If timely information is crucial to your web site and you wish to prevent out-of-date content from ever being visible, you need to understand how to prevent web browsers--and proxy servers--from caching pages in the first place.

Answer

There are two possible approaches we could take to solving this problem: using HTML meta tags, and using HTTP headers.

Using HTML Meta Tags

The most basic approach to the prevention of page caching is one that utilizes HTML meta tags:

The insertion of a date that's already passed into the Expires meta tag tells the browser that the cached copy of the page is always out of date. Upon encountering this tag, the browser usually won't cache the page. Although the Pragma: no-cache meta tag isn't guaranteed, it's a fairly well-supported convention that most web browsers follow. However, the two issues associated with this approach, which we'll discuss below, may prompt you to look at the alternative solution.

Using HTTPHeaders

A better approach is to use the HTTP protocol itself, with the help of PHP's header function, to produce the equivalent of the two HTML meta tags above:

PHP Code:
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Pragma: no-cache');
?>

We can go one step further than this, using the Cache-Control header that's supported by HTTP 1.1 -capable browsers:

PHP Code:
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
?>

Summary

Using the Expires meta tag sounds like a good approach, but two problems are associated with it:

Using the Expires meta tag sounds like a good approach, but two problems are associated with it:

â€¢ The browser first has to download the page in order to read the meta tags. If a tag wasn't present when the page was first requested by a browser, the browser will remain blissfully ignorant and keep its cached copy of the original.
â€¢ Proxy servers that cache web pages, such as those common to ISPs, generally won't read the HTML documents themselves. A web browser might know that it shouldn't cache the page, but the proxy server between the browser and the web server probably doesn't--it will continue to deliver the same out-of-date page to the client.

On the other hand, using the HTTP protocol to prevent page caching essentially guarantees that no web browser or intervening proxy server will cache the page, so visitors will alway s receive the latest content. In fact, the first header should accomplish this on its own; this is the best way to ensure a page is not cached. The Cache-Control and Pragma headers are added for some degree of insurance. Although they don't work on all browsers or proxies, the Cache-Control and Pragma headers will catch some cases in which the Expires header doesn't work as intended--if the client computer's date is set incorrectly, for example.

Of course, to disallow caching entirely introduces the problems we discussed at the start of this chapter: it negates the web browser's natural ability to cache pages, and can create unnecessary overhead, as new versions of pages are always requested, even though those pages may not have been updated since the browser's last request. We'll look at the solution to these issues in just a moment.

To be continued â€¦â€¦.

Next-gen CAPTCHAs

Sat, 02 Aug 2008 10:00:45 +0000

It seemed like such a straightforward idea: create a simple test that would baffle computers, but humans could solve easily. And for a few years the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) has done its job, successfully protecting forums, wilds, web mail services and other online resources from being exploited by bots. But concerns are increasingly being raised about the technology, and even the best CAPTCHA systems are now beginning to appear vulnerable.

It all started as guesswork, when eBay bots were discovered back in 2006. Had someone discovered a way for malware to break the registration system? Possibly, but there wasn't enough information to definitively say that eBay's CAPTCHA had been broken.

The doubts disappeared in 2007, though, when the eBayCaptcha Populator was released as a Firefox add-on. The tool promised to detect and enter the eBay CAPTCHA code automatically, saving you the trouble. Soon afterwards a number of web- based CAPTCHA-cracking services appeared, and now even Gmail has been broken. The Jiffy Gmail Creator promises to "create unlimited Gmail accounts in seconds flat without breaking a sweat", and is being sold for $77 a copy.

As CAPTCHA begins to fail, so the consequences can be seen elsewhere. Earlier this year, sparn sent from Gmail doubled in a month, for instance, while the zombie accounts have reportedly been used to attack services including the likes of Craigslist.

The traditional response has been to try to make the CAPTCHA more difficult. Add extra colours and noise to an image, say. Distort and rotate letters, perhaps add some images too. But you can't do this forever. RapidShare's notorious 'kitten' CAPTCHA is so tricky even humans have problems using it, yet apparently hackers have broken the system already.

It's plain that we need a different approach, and image-based CAPTCHA could be it. Implement KittenAuth and you'll see a grid of cute animal photos while being asked to 'select all the dolphins' (or hedgehogs, rabbits, or whatever else is chosen). Sounds good, but even here there are weaknesses. The small database only contains a few images by default, which leaves it vulnerable to attack.

Unusually, our best hope for security could come from a Microsoft project, Asirra. It's even simpler than KittenAuth â€” you just have to recognise cats and dogs â€” but is backed by a database of over three million images. The system is in beta right now.

Testing eCommerce Websites!

Sat, 02 Aug 2008 09:59:18 +0000

Virtual Web Designs are currently in the process of building a bespoke multi shop eCommerce website which will access all itâ€™s products from one database (6 different urlâ€™s). Testing will be a major part of this website build. So we though we would share some of our thoughts on how we will go about testing this sort of eCommerce website.

Although a lot of time and consideration is usually spent on preparing the creative side and content aspects of websites, functionality and web application testing is often neglected. This can be an oversight for which a company's reputation may pay dearly. According to the research, bugs found after release can not only spell doom for a project, but also cost 80 to 1,000 times more to fix than if they were found during pre- deployment testing.

Usually the best way to ensure web applications meet the demands of visitors, while meeting internal deadlines, is to keep testing simple. Here's an analogy: in order to check the plumbing of a major sports stadium in the US on the eve of opening day, the entire workforce got together and flushed the toilets simultaneously. This simple, labour intensive approach is often used to load-test new web applications, with lots of people asked to log in at the same time. However, not only is this approach logistically challenging, it's often impossible to realistically simulate the number of users who might hit the site.

This is where Rapid Bottleneck Identification (RBI) comes in. Every web application has at least one bottleneckâ€” an element of hardware, software or bandwidth that places defining limits on data flow or processing speed. In addition, applications are only as efficient as their least efficient elements, and it's here that bottlenecks directly impact on performance and scalability.

While the best testing should be quick and simple, it needs to be thorough, which is why RBI is a great testing methodology for web developers.

Back to basics

Performance testing often begins with scenarios that are overly complicated: exercising too many components makes it easy for bottlenecks to hide. By starting with basic system-level testing you can check the web application's performance before it's even deployed.

Furthermore, applying a modular approach helps simplify things. You start by testing the simplest possible test case and gradually build in complexity. If this works, testing moves on. If the next stage fails, you can identify where your bottleneck is. What's useful about the modular method is that after uncovering each bottleneck, you've already ruled out previously tested components. For example, if you hit the homepage and encounter no problems, but then decide to execute a search, which shows poor performance, you've established that the cause of the bottleneck is the search functionality.

All performance testing should begin with assessing the basic network infrastructure supporting the web applications. If this cannot uphold anticipated user load, then even an infinitely scalable application will bottleneck.

Next, it's time to focus on web applications. The approach, again, should be to start with the simplest possible test case and then to add complexity. For typical eCommerce applications this means testing the homepage first, then adding pages and business functions until complete transactions are being tested, first individually and then in complex scenario usage patterns.

Once this is complete, transactions can be put into scenario concurrency tests. These must reflect real user behaviour (for example, 50 per cent just browse, 35 per cent search, in per cent register and log in and five per cent add to the shopping cart and make a purchase). But the virtual users who are testing the site must execute the steps of those transactions using the same pace and behaviour as real-world visitors.

Testing is a bit like insurance â€” usually you don't realise it's not good enough until it's too late. So, whether or not you conduct performance testing in-house or via a managed service, it's important that it's done methodically and rigorously.

Browser Type

Sun, 27 Apr 2008 10:52:01 +0000

Find out what type of browser and their computer details are with this simple PHP script which informs you of your visitor Browser details. This is good information so you can improve your website for a more targeted audience.

This is a simple script which will allow you to see what type of browser your website visitors are using. This can give you a better idea of your target audience.

PHP Code:

/*****************************************************
         ** Filename.....â€¦...: vistorcheck.php
         ** Package Name.....: Free Version
         ** Client ..........: N/A
         ** Specification No.: SVWD-0005
         ** Author..â€¦.....â€¦..: Virtual Web Designs (Webnetics UK Ltd.)
         ** Contact.....â€¦.â€¦..: support@vwdesigns.co.uk
         ** File Version.....: 1.0
         ** Date .......â€¦â€¦...: 12/04/2008
         ** Change No.. .....: N/A    
         ** Last Changed ....: N/A
         *****************************************************/
## GET THE DETAILS
$date=(date("F j, Y"));                      ## Current date

$time=(date("H:i:s"));                       ##  Current time
$IPnumber=getenv("REMOTE_ADDR");             ## IP Number assigned to your DUN
$Browser=$_SERVER["HTTP_USER_AGENT"];        ## Browser agent
$ReferURL=$_SERVER["HTTP_REFERER"];          ##  Refferal URL
$ServerName=$_SERVER["SERVER_NAME"];         ##
$ServerSoftware=$_SERVER["SERVER_SOFTWARE"]; ##
?>


    
        Visitor Browser Check

        
        
            
        
    

    
        Visitor Browser Check


        

        
                if (isset($_POST["op"]) && ($_POST["op"] == "visitorcheck"))
            {
            print "";
            print
                "
CURRENT DATE:

$date at $time


YOUR IP NUMBER:

$IPnumber\">$IPnumber


 
SERVER NAME:
$ServerName


 
SERVER SOFTWARE:
$ServerSoftware

 
YOUR BROWSER:
$Browser


PAGE REFERRER:

$ReferURL\">$ReferURL


";
            }
        ?>


        

        
        Click the button below to see your Browser Statistics:


        
            
            
        

        

        

        
        Software by Virtual Web Designs

Robot Visit - Check when the search engines are visiting

Sun, 27 Apr 2008 10:50:16 +0000

Receive instant notification by email when a search engine spider has visited your website. This is a great way to monitor and manage your search engine submission plan.

â€¢ Are you getting listed on search engines?
â€¢ Do you want to know when your pages are getting indexed?
â€¢ Do you want to know what search engines are visiting and when?
â€¢ Are you an affiliate for many merchant programs and need to keep track of stats?

Then this is the script for you. Simply copy and paste a one line code into your website and as soon as a search engine spider visits your website you will receive an email notification containing the following information:

â€¢ Name of the Search Engine
â€¢ Name of the Spider
â€¢ Name of the page visited
â€¢ Exact day and time of visit

This gives you a great way to monitor if your website is being indexed by the major search engines. It also provides a great way of collecting stats of the habits of the search engine spiders. Giving you the opportunity to create search engine friendly pages which are correctly optimised for maximum search engine positioning.

Feature List

â€¢ Supports all the major search engines
â€¢ One step easy install
â€¢ Email notification of Spider visits.
â€¢ No database is required.
â€¢ Easy and simple to use.
â€¢ No special PHP knowledge required.

Currently supports the following search engines:

â€¢ Googlebot - [Google] - www.google.com
â€¢ Alta Vita - [Scooter] - www.altavista.com
â€¢ Teoma - [Ask Jeeves/Teoma] - www.teoma.com
â€¢ Lycos - [Lycos_Spider_(T-Rex)] - www.lycos.com
â€¢ Inktomi - [Slurp] - www.inktomi.com
â€¢ Mirago - [HenryTheMiragorobot] - www.mirago.com
â€¢ AlltheWeb - [FAST-WebCrawler] - www.alltheweb.com

PHP Code:
DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <head>
        <title>RobotVisit v1.0title>

        <meta http-equiv = "Content-Type" content = "text/html; charset=iso-8859-1">
    head>

    <body>
        PHP
        /*****************************************************
         ** Filename.....â€¦...: robotvisit.php
         ** Package Name.....: Free Version
         ** Client ..........: N/A
         ** Specification No.: SVWD-0004
         ** Author..â€¦.....â€¦..: Virtual Web Designs (Webnetics UK Ltd.)
         ** Contact.....â€¦.â€¦..: support@vwdesigns.co.uk
         ** File Version.....: 1.0
         ** Date .......â€¦â€¦...: 1/04/2008
         ** Change No.. .....: N/A    
         ** Last Changed ....: N/A
         *****************************************************/


        ############## START OF CONFIG SECTION #############
        ## Change the following to suit your needs:
        $EmailAddress=""; ## NOTIFICATION EMAIL ADDRESS

        $EmailAddress=preg_replace("/[\n\r]+/", "", "$EmailAddress");
        ############## END OF CONFIG SECTION #############

        $footer="------------------------------------------------------------------------------
RobotVisit v1.0 - Virtual Web Designs
------------------------------------------------------------------------------";
        $today=date("F j, Y, g:i a"); ## GET THE TIME OF THE ROBOT VISIT
        $header=
            "-----------------------------------------------------------------------------
     SEARCH ENGINE ROBOT HAS VISITED YOUR WEBSITE
-----------------------------------------------------------------------------";

        ##  GOOGLE SEARCH ENGINE
        if (eregi("Googlebot", $HTTP_USER_AGENT))
            {
            global $header;
            global $footer;
            global $today;

            if ($QUERY_STRING != "")
                {
                $GoogleLink="http://" . $SERVER_NAME . $PHP_SELF . '?' . $QUERY_STRING;
                }
            else
                {
                $GoogleLink="http://" . $SERVER_NAME . $PHP_SELF;
                }

            $GoogleEmail="
" . $header . "
Hi There,
The Search Engine robot Googlebot has been detected on your website.
Googlebot has visited http://$SERVER_NAME

Googlebot has crawled the page " . $GoogleLink . "
Time of visit - " . $today . "

Search Engine Link: http://www.google.com
" . $footer . "
";
            @mail("$EmailAddress", "Google Robot Visit", $GoogleEmail, "From: $EmailAddress");
            }

        ##    ALTAVISTA SEARCH ENGINE
        if (eregi("Scooter", $HTTP_USER_AGENT))
            {
            global $header;
            global $footer;
            global $today;

            if ($QUERY_STRING != "")
                {
                $AVLink="http://" . $SERVER_NAME . $PHP_SELF . '?' . $QUERY_STRING;
                }
            else
                {
                $AVLink="http://" . $SERVER_NAME . $PHP_SELF;
                }
            $AVEmail="
" . $header . "
Hi There,
The Search Engine robot Scooter has been detected on your website.
Scooter has visited http://$SERVER_NAME

Scooter has crawled the page " . $AVLink . "
Time of visit - " . $today . "

Search Engine Link: http://www.altavista.com
" . $footer . "
";
            @mail("$EmailAddress", "AltaVista Robot Visit", $AVEmail, "From: $EmailAddress");
            }

        ## ALL THE WEB SEARCH ENGINE
        if (eregi("FAST-WebCrawler", $HTTP_USER_AGENT))
            {
            global $header;
            global $footer;
            global $today;

            if ($QUERY_STRING != "")
                {
                $FASTLink="http://" . $SERVER_NAME . $PHP_SELF . '?' . $QUERY_STRING;
                }
            else
                {
                $FASTLink="http://" . $SERVER_NAME . $PHP_SELF;
                }
            $FASTEmail="
" . $header . "
Hi There,
The Search Engine robot FAST-WebCrawler has been detected on your website.
FAST-WebCrawler has visited http://$SERVER_NAME

FAST-WebCrawler has crawled the page " . $FASTLink . "
Time of visit - " . $today . "

Search Engine Link: http://www.alltheweb.com
" . $footer . "
";
            @mail("$EmailAddress", "AllTheWeb Robot Visit", $FASTEmail, "From: $EmailAddress");
            }

        ## ASK JEEVES - TEOMA
        if (eregi("Ask Jeeves/Teoma", $HTTP_USER_AGENT))
            {
            global $header;
            global $footer;
            global $today;

            if ($QUERY_STRING != "")
                {
                $ASKLink="http://" . $SERVER_NAME . $PHP_SELF . '?' . $QUERY_STRING;
                }
            else
                {
                $ASKLink="http://" . $SERVER_NAME . $PHP_SELF;
                }
            $ASKEmail="
" . $header . "
Hi There,
The Search Engine robot Ask Jeeves/Teoma has been detected on your website.
Ask Jeeves/Teoma has visited http://$SERVER_NAME

Ask Jeeves/Teoma has crawled the page " . $ASKLink . "
Time of visit - " . $today . "

Search Engine Link: http://www.ask.com & http://www.teoma.com
" . $footer . "
";
            @mail("$EmailAddress", "Ask Jeeves-Teoma Robot Visit", $ASKEmail, "From: $EmailAddress");
            }

        ##  INKTOMI DIRECTORY
        if (eregi("Slurp", $HTTP_USER_AGENT))
            {
            global $header;
            global $footer;
            global $today;

            if ($QUERY_STRING != "")
                {
                $SLURPLink="http://" . $SERVER_NAME . $PHP_SELF . '?' . $QUERY_STRING;
                }
            else
                {
                $SLURPLink="http://" . $SERVER_NAME . $PHP_SELF;
                }
            $SLURPEmail="
" . $header . "
Hi There,
The Search Engine robot Slurp has been detected on your website.
Slurp has visited http://$SERVER_NAME

Slurp has crawled the page " . $SLURPLink . "
Time of visit - " . $today . "

Search Engine Link: http://www.inktomi.com
" . $footer . "
";
            @mail("$EmailAddress", "Inktomi Robot Visit", $SLURPEmail, "From: $EmailAddress");
            }

        ##  MIRAGO SEARCH ENGINE
        if (eregi("HenryTheMiragorobot", $HTTP_USER_AGENT))
            {
            global $header;
            global $footer;
            global $today;

            if ($QUERY_STRING != "")
                {
                $MiragoLink="http://" . $SERVER_NAME . $PHP_SELF . '?' . $QUERY_STRING;
                }
            else
                {
                $MiragoLink="http://" . $SERVER_NAME . $PHP_SELF;
                }
            $MiragoEmail="
" . $header . "
Hi There,
The Search Engine robot HenryTheMiragorobot has been detected on your website.
HenryTheMiragorobot has visited http://$SERVER_NAME

HenryTheMiragorobot has crawled the page " . $MiragoLink . "
Time of visit - " . $today . "

Search Engine Link: http://www.mirago.com
" . $footer . "
";
            @mail("$EmailAddress", "Mirago Robot Visit", $MiragoEmail, "From: $EmailAddress");
            }

        ##  LYCOS SEARCH ENGINE
        if (eregi("Lycos_Spider_(T-Rex)", $HTTP_USER_AGENT))
            {
            global $header;
            global $footer;
            global $today;

            if ($QUERY_STRING != "")
                {
                $LycosLink="http://" . $SERVER_NAME . $PHP_SELF . '?' . $QUERY_STRING;
                }
            else
                {
                $LycosLink="http://" . $SERVER_NAME . $PHP_SELF;
                }
            $LycosEmail="
" . $header . "
Hi There,
The Search Engine robot Lycos_Spider_(T-Rex) has been detected on your website.
Lycos_Spider_(T-Rex) has visited http://$SERVER_NAME

Lycos_Spider_(T-Rex) has crawled the page " . $LycosLink . "
Time of visit - " . $today . "

Search Engine Link: http://www.lycos.com
" . $footer . "
";
            @mail("$EmailAddress", "Lycos Robot Visit", $LycosEmail, "From: $EmailAddress");
            }
        ?>
    
 

Installation

To install the PHP RobotVisit to your website, simply add the code below to your webpage and upload the robotvisit.php file in the same directory as the pages the code below has been pasted into. Please note that the page extension needs to be .php or PHP equivalent.

The nearer the top of the page the better as this will give a better indication of when you have been visited by one of the robots. The code can be added to as many or as few pages as you require. Ideally it should be inserted before the opening tag. Paste the code below in as many pages on your website as required.

PHP Code:
include "robotvisit.php" ?>

Warning (!): [/php]If you have a large traffic website, you may be wise to use this script sparingly, because if you have a good listing on the search engines you could end up receiving quite a few emails! I did this on one of my Affiliate script websites and ended up with over a 1000 emails that day!. But then at least you know your website has a good listing on the search engines.

Bug Reporting

Tue, 22 Apr 2008 18:39:47 +0000

Anybody who has written software for public use will probably have received at least one bad bug report. Virtual Web Designs are not exempted from this rule.

Reports that say nothing ("It doesn't work!"); reports that make no sense; reports that don't give enough information; reports that give wrong information. Reports of problems that turn out to be user error; reports of problems that turn out to be the fault of somebody else's program; reports of problems that turn out to be network failures.

There's a reason why technical support is seen as a horrible job to be in, and that reason is bad bug reports. However, not all bug reports are unpleasant: We currently maintain a lot of software, and we sometimes receive wonderfully clear, helpful, informative bug reports.

I'll try to state clearly what makes a good bug report. Ideally I would like everybody in the world to read this blog before reporting any bugs to anybody. Certainly I would like every body who reports bugs to us to have read it.

In a nutshell, the aim of a bug report is to enable the software developer to see the program failing in front of them. You can either show them in person (Not always possible), or give us careful and detailed instructions on how to make it fail. If they can make it fail, they will try to gather extra information until they know the cause. If we can't make it fail, we will have to ask you to gather that information for us.

In bug reports, try to make very clear what are actual facts ("I was at the computer and this happened") and what are speculations ("I think the problem might be this"). Leave out speculations if you want to, but don't leave out facts.

When you report a bug, you are doing so because you want the bug fixed. There is no point in swearing at us or being deliberately unhelpful: it may be their fault and your problem, and you might be right to be angry with them, but the bug will get fixed faster if you help us by supplying all the information we need. Remember also that if the software has been supplied free by us, then we are providing it out of kindness of our own heart.

If you can find a list of known bugs, it's worth reading it to see if the bug you've just found is already known or not. If it's already known, it probably isn't worth reporting again, but if you think you have more information than the report in the bug list, you might want to contact us anyway. We might be able to fix the bug more easily if you can give us additional information.

We are in the process of writing our bug reporting system called VrBugTracker.

All our bug reports can be found at http://www.vrforge.net

Guide

â€¢ The first aim of a bug report is to let the software developer see the failure with their own eyes. If you can't be with them to make it fail in front of them, give them detailed instructions so that they can make it fail for themselves.
â€¢ In case the first aim doesn't succeed, and the programmer can't see it failing themselves, the second aim of a bug report is to describe what went wrong. Describe everything in detail. State what you saw, and also state what you expected to see. Write down the error messages, especially if they have numbers in.
â€¢ When software does something unexpected. Do nothing until you're calm, and don't try and refresh the software.
â€¢ By all means try to diagnose the fault yourself if you think you can, but if you do, you should still report the symptoms as well.
â€¢ Be ready to provide extra information if we require it. We aren't being deliberately awkward. Have the software version number(s) ready, because we will we will need this. All software versions will be found at the footer of the page or in the admin side. If this is commercial software this will have vx.x, if this bespoke software it will have vwd-xxx vx.x.
â€¢ Write clearly. Say what you mean, and make sure it can't be misinterpreted.
â€¢ Above all, be precise. We like precision.

Choosing a Coding Standard

Wed, 26 Mar 2008 19:17:04 +0000

How many times have you reformatted a co-workerâ€™s (or former employeeâ€™s) code to make it more readable? How many times has someone done the same to your code? We can consider such actions to be a net loss of coding time.

So we decide to use a coding standard within Virtual Web Designs.

Taken from our own internal document VWD-129 Issue c

Coding standards are very important:

file naming and placement
variable, function, and class naming conventions
indentation rules
documentation and comment guidelines
â€¦ and much, much more.

Rather than creating our own standard, we decided to adopt a public standard.

The benefits of using a public standard are:

Itâ€™s programmer-neutral.

Instead of one programmer or group of programmers dictating their own preferences, choosing a public standard is a programmer-neutral solution.

The issues have been settled.

A public standard will have undergone heavy debate already. While not everyone will be able to agree that the outcome is the best one, everyone has agreed that the standards represent the best collective solutions.

Use it as hiring criterion.

When adopting a public standard, you can use it as a criterion of employment: â€œApplicant must know and be able to use XYZ Coding Standards.â€

Itâ€™s better for code distribution.

For instance, if youâ€™re following PEAR Coding Standards, your code will be in a formatâ€”both the physical, on-disk format, as well as the format in which the code is writtenâ€”that can easily be packaged and installed using the PEAR installer, or via a PEAR channel.

So, what public standards are available? We decide to look at some of the most popular standards available:

PEAR, at http://pear.php.net/manual/en/standards.php
Zend Framework, at http://framework.zend.com/manual/en/codi...ndard.html
eZ Components, at http://svn.ez.no/svn/ezcomponents/docs/guidelines/

With some additions of their own, these coding standards were all originally derived from the Horde project.. Horde and PEAR coding standards are identical at this point. Zend Framework standards basically follow those of PEAR, with a few slight changes; all in all, however, Zend Framework remains compatible with PEAR. eZ Components standards are basically only used by the eZ Components project and those developers who code with it.

PEAR coding standards are widely adopted, and are used in high-profile projects. Overall, when it came to a choosing a standard we decided on the PEARâ€™s standard, as we found this to be the best option and used with most software houses.

The basics of PEAR coding standards are summarised as follows:

â€¢ There is one class per file.
â€¢ Underscores in class names map to the directory separator: for example, Net_SMTP maps to Net/SMTP.php.
â€¢ There is One True Brace: class and function declarations have the opening brace on the following line at the same indentation level as the declaration; in other control structures, the opening brace remains on the same line as the statement.
â€¢ Code indentation should equal four spaces per indentation level.
â€¢ Variables, functions, and classes are named using camelCase or studlyCaps; variable and function names should begin lowercased, while classes should begin uppercased.
â€¢ Private and protected properties and methods should be named with a leading underscore.
â€¢ All classes, functions, and methods should have a docblock.

Summary

Using a coding standard lets us ensure that youâ€™ll we are able to maintain the code of are fellow programmers, and vice versa.

How do I add a watermark to an image?

Tue, 25 Mar 2008 19:36:05 +0000

Here a simple routine to protect your photos with a watermark. If you want to place some identifying image or text within the original image to show that you own the copyright to it.

With the GD library and PHP, watermarkingâ€™s itâ€™s easy as 123.

The imagestring function can be used to place text within an image, while the imagecopymerge function can be used to place another image within your original image. Using either of these functions is extremely easy.

Displaying a Text Watermark

Adding text to an image is the simplest form of watermarking.

PHP Code:
// Load the original image
$image = imagecreatefromjpeg('your image direcory/image.jpg');

// Get a color and allocate to the image pallet
$color = imagecolorallocate($image, 68, 68, 68);

// Add the text to the image
imagestring($image, 5, 90, 0, "Virtual Web Designsâ€™", $color);

// Send the HTTP content header
header('Content-Type: image/jpg');

// Display the final image
imagejpeg($image);
?>

The imagecolorallocate function allows you to create a new colour to use for drawing on the image by specifying the red, green, and blue components. This function returns a number, which identifies that color in the image.

Once you have the color in hand, you can use the imagestring function to place the text over the image. The first of the functionâ€™s arguments is the image, and the second is a font numberâ€”the numbers 1â€“5 refer to built-in fonts. You can use imageloadfont to make other fonts available. The third and fourth arguments represent the horizontal and vertical coordinates at which the text should be drawn on the image. The fifth argument contains the text you wish to be placed in the image, and the last argument specifies the color of the text.

Displaying a Graphical Watermark

A logo or some other identifiable graphic with a transparent background is easily placed over another image.

PHP Code:
// Load the original image
$image = imagecreatefromjpeg('your image directory/thumb_image.jpg');

// Get image width
$iWidth = imagesx($image);

// Get the watermark image
$watermark = imagecreatefrompng('your image directory/vwd_logo.png');

// Get the height and width
$wmWidth = imagesx($watermark);
$wmHeight = imagesy($watermark);

// Find the far right position
$xPos = $iWidth - $wmWidth;

// Copy the watermark to the top right of original image
imagecopymerge($image, $watermark, $xPos, 0, 0, 0, $wmWidth, $wmHeight, 50); 

// Send the HTTP content header
header('Content-Type: image/jpg');

// Display the final image
imagepng($image);
?>

The process is a simple matter. Load the original image and the watermark image; then, once the original imageâ€™s height and width have been obtained, use imagecopymerge to place the watermark on the original image. The first two arguments to the imagecopymerge function are the original or destination image object, and the source image objectâ€”the watermark, in our case. The next four arguments represent the x and y coordinates of the destination image and source image respectively, starting from the top-left corner of the images. The following two arguments represent the width and height of the source image. The last argument represents the level of transparency desired for true color imagesâ€”an argument of 100 specifies no transparency, while an argument of 0 causes the original image to remain unmarked by the watermark.

Top 7 PHP Security Blunders

Fri, 29 Feb 2008 15:31:59 +0000

SQL Injection Vulnerabilities

SQL injection vulnerabilities are yet another class of input validation flaws. Specifically, they allow for the exploitation of a database query. For example, in your PHP script, you might ask the user for a user ID and password, then check for the user by passing the database a query and checking the result.

PHP Code:
SELECT * FROM users WHERE name='$username' AND pass='$password'; 

However, if the user who's logging in is devious, he may enter the following as his password:

PHP Code:
' OR '1'='1 

This results in the query being sent to the database as:

PHP Code:
SELECT * FROM users WHERE name='known_user' AND pass='' OR '1'='1'; 

This will return the username without validating the password -- the malicious user has gained entry to your application as a user of his choice. To alleviate this problem, you need to escape dangerous characters from the user-submitted values, most particularly the single quotes ('). The simplest way to do this is to use PHP's addslashes() function.

PHP Code:
$username = addslashes($_POST["username"]); 
$password = addslashes($_POST["password"]); 

But depending on your PHP configuration, this may not be necessary! PHP's much-reviled magic quotes feature is enabled by default in current versions of PHP. This feature, which can be disabled by setting the magic_quotes_gpc php.ini variable to Off, will automatically apply addslashes to all values submitted via GET, POST or cookies. This feature safeguards against inexperienced developers who might otherwise leave security holes like the one described above, but it has an unfortunate impact on performance when input values do not need to be escaped for use in database queries. Thus, most experienced developers elect to switch this feature off.

If you're developing software that may be installed on shared servers where you might not be able to change the php.ini file, use code to check that status of magic_quotes_gpc and, if it is turned on, pass all input values through PHP's stripslashes() function. You can then apply addslashes() to any values destined for use in database queries as you would normally.

PHP Code:
if (get_magic_quotes_gpc()){ 
 $_GET = array_map('stripslashes', $_GET); 
 $_POST = array_map('stripslashes', $_POST); 
 $_COOKIE = array_map('stripslashes', $_COOKIE); 
} 

SQL injection flaws do not always lead to privilege escalation. For instance, they can allow a malicious user to output selected database records if the result of the query is printed to your HTML output.

You should always check user-provided data that will be used in a query for the characters '",;() and, possibly, for the keywords "FROM", "LIKE" , and "WHERE" in a case-insensitive fashion. These are the characters and keywords that are useful in a SQL insertion attack, so if you strip them from user inputs in which they're unnecessary, you'll have much less to worry about from this type of flaw.

Error Reporting

You should ensure that your display_errors php.ini value is set to "0". Otherwise, any errors that are encountered in your code, such as database connection errors, will be output to the end user's browser. A malicious user could leverage this flaw to gain information about the internal workings of your application, simply by providing bad input and reading the error messages that result.

The display_errors value can be set at runtime using the ini_set function, but this is not as desirable as setting it in the ini file, since a fatal compilation error of your script will still be displayed: if the script has a fatal error and cannot run, the ini_set function is not run.

Instead of displaying errors, set the error_log ini variable to "1" and check your PHP error log frequently for caught errors. Alternatively, you can develop your own error handling functions that are automatically invoked when PHP encounters an error, and can email you or execute other PHP code of your choice.

This is a wise precaution to take, as you will be notified of an error and have it fixed possibly before malicious users even know the problem exists. Read the PHP manual pages on error handling and learn about the set_error_handler() function.

Data Handling Errors

Data handling errors aren't specific to PHP per se, but PHP application developers still need to be aware of them. This class of error arises when data is handled in an insecure manner, which makes it available to possible interception or modification by malicious parties.

The most common type of data handling error is in the unencrypted HTTP transmission of sensitive data that should be transmitted via HTTPS. Credit card numbers and customer information are the most common types of secured data, but if you transmit usernames and passwords over a regular HTTP connection, and those usernames and passwords allow access to sensitive material, you might as well transmit the sensitive material itself over an unencrypted connection.

Use SSL security whenever you transmit sensitive data from your application to a user's browser. Otherwise, a malicious eavesdropper on any router between your server and the end user can very easily sniff the sensitive information out of the network packets.

The same type of risk can occur when applications are updated using FTP, which is an insecure protocol. Transferring a PHP file that contains database passwords to your remote Webserver over an insecure protocol like FTP can allow an eavesdropper to sniff the packets and reveal your password. Always use a secure protocol like SFTP or SCP to transmit sensitive files. Never allow sensitive information to be sent by your application via email, either. An email message is readable by anyone who's capable of reading the network traffic. A good rule of thumb is that if you wouldn't write the information on the back of a postcard and put it through the mail, you shouldn't send it via email, either. The chance anyone will actually intercept the message may be low, but why risk it?

It's important to minimize your exposure to data handling flaws. For example, if your application is an online store, is it necessary to save the credit card numbers attached to orders that are more than six months old? Archive the data and store it offline, limiting the amount of data that can be compromised if your Webserver is breached. It's basic security practice not only to attempt to prevent an intrusion or compromise, but also to mitigate the negative effects of a successful compromise. No security system is ever perfect, so don't assume that yours is. Take steps to minimize the fallout if you do suffer a penetration.

Configuring PHP For Security

Generally, most new PHP installations that use recent PHP releases are configured with much stronger security defaults than was standard in past PHP releases. However, your application may be installed on a legacy server that has had its version of PHP upgraded, but not the php.ini file. In this case, the default settings may not be as secure as the default settings on a fresh install.

You should create a page that calls the phpinfo() function to list your php.ini variables and scan them for insecure settings. Keep this page in a restricted place and do not allow public access to it. The output of phpinfo() contains information that a potential hacker might find extremely useful.

Some settings to consider when configuring PHP for security include:

1. register_globals: The bad man of PHP security is register_globals, which used to default to "on" in older releases of PHP but has since been changed to default to "off". It exports all user input as global variables. Check this setting and disable it -- no buts, no exceptions. Just do it! This setting is possibly responsible for more PHP security flaws than any other single cause. If you're on a shared host, and they won't let you disable register_globals, get a new host!

2. safe_mode: The safe mode setting can be very useful to prevent unauthorized access to local system files. It works by only allowing the reading of files that are owned by the user account that owns the executing PHP script. If your application opens local files often, consider enabling this setting.

3. disable_functions: This setting can only be set in your php.ini file, not at runtime. It can be set to a list of functions that you would like disabled in your PHP installation. It can help prevent the possible execution of harmful PHP code. Some functions that are useful to disable if you do not use them are system and exec, which allow the execution of external programs.

Read the security section of the PHP manual and get to know it well. Treat it as material for a test you'll take and get to know it backwards and forwards. You will be tested on the material by the hackers who will indubitably attempt to penetrate your site. You get a passing grade on the test if the hackers give up and move on to an easier target whose grasp of these concepts is insufficient.

Further Reading

The following sites are recommended reading to maintain your security knowledge, as we use these sites a lot. New flaws and new forms of exploits are discovered all the time, so you cannot afford to rest on your laurels and assume you have all the bases covered. As I stated in the introduction to this blog, "Security is a process", but security education is also a process, and your knowledge must be maintained.

OWASP, The Open Web Application Security Project, is a non-profit organisation dedicated to "finding and fighting the causes of insecure software". The resources it provides are invaluable and the group has many local chapters that hold regular meetings with seminars and roundtable discussions. Highly recommended.

CGISecurity.Net is another good site dealing with Web application security. They have some interesting FAQs and more in-depth documentation on some of the types of flaws I've discussed in this blog.

The security section of the PHP Manual is a key resource that I mentioned above, but I include it here again, since it's full of great information that's directly applicable to PHP. Don't gloss over the comments at the bottom of each page: some of the best and most up-to-date information can be found in the user-contributed notes.

The PHP Security Consortium offers a library with links to other helpful resources, PHP-specific summaries of the SecurityFocus newsletters, the PHP Security Guide, and a couple of articles.

The BugTraq mailing list is a great source of security related advisories that you should read if you're interested in security in general. You may be shocked by the number of advisories that involve popular PHP applications allowing SQL insertion, Cross Site Scripting and some of the other flaws I've discussed here.

Linux Security is another good site that is not necessarily restricted to PHP but, since you are likely running a Linux Webserver to host your PHP applications, it's useful to try to stay up to date on the latest advisories and news related to your chosen Linux distribution. Don't assume your hosting company is on top of these developments; be aware on your own -- your security is only as good as your weakest point. It does you no good to have a tightly secured PHP application running on a server with an outdated service that exposes a well-known and exploitable flaw.

Summary

As I've shown in this blog, there are many things to be aware of when programming secure PHP applications, though this is true with any language, and any server platform. PHP is no less secure than many other common development languages. The most important thing is to develop a proper security mindset and to know your tools well. I hope you enjoyed this blog and learned something as well!

POD vs mysql_function?

Fri, 29 Feb 2008 15:17:36 +0000

PDO, the PHP Data Objects extension, is a data-access abstraction layer. Basically, itâ€™s a consistent interface for multiple databases. No longer will you have to use the mysql_* functions, the sqlite_* functions, or the pg_* functions, or write wrappers for them to work with your database. Instead, you can simply use the PDO interface to work with all three functions using the same methods. And, if you change databases, youâ€™ll only have to change the DSN (or Data Source Name) of the PDO to make your code work.

PDO uses specific database drivers to interact with various databases, so you canâ€™t use PDO by itself. Youâ€™ll need to enable the drivers youâ€™ll use with PDO, so be sure to research how to do it for your specific host operating system on the PDO manual page.

PDO is shipped with PHP 5.1 and is available from PECL for PHP 5.0. Unfortunately, as PDO requires the new PHP 5 object oriented features, itâ€™s not available for PHP 4. In this blog, all of our interactions with the database will use PDO to interact with the MySQL back end.

How do I access a database?

Before we can do anything with a database, we need to talk to it. And to talk to it, we must make a database connection. Logical, isnâ€™t it?

Example

Hereâ€™s how we connect to a MySQL database on the localhost:

mysqlConnect.php

PHP Code:
    $dsn = 'mysql:host=localhost;dbname=world;'; 
    $user = 'user';
    $password = 'secret'; try 
{ 
    $dbh = new PDO($dsn, $user, $password); 
} 
    catch (PDOException $e)
{
    echo 'Connection failed: ' . $e->getMessage(); 
} 
?>

Weâ€™d use this code to connect to a SQLite database on the localhost:

sqliteConnect.php

PHP Code:
   $dsn = 'sqlite2:"C:\sqlite\world.db"'; try 
{ 
   $dbh = new PDO($dsn);
 } 
   catch (PDOException $e) 
{ 
   echo 'Connection failed: ' . $e->getMessage(); 
}
?>

Summary

Notice that in these two examples above, we simply create a new PDO object. Only the connection data for the PDO constructor differs in each case: for the SQLite connection, we need just the DSN; the MySQL connection also requires username and password arguments in order to connect to the database.

Whatâ€™s New in PHP 5.3

Fri, 29 Feb 2008 15:13:27 +0000

PHP 6 is just around the corner, but for developers who just can't wait, there's good news -- many of the features originally planned for PHP 6 have been back-ported to PHP 5.3, a final stable release of which is due in the first half of this year.

This news might also be welcomed by those that wish to use some of the new features, but whose hosting providers will not be upgrading to version 6 for some time -- hosting providers have traditionally delayed major version updates while acceptance testing is performed (read: the stability has been proven elsewhere first). Many hosting companies will probably delay upgrading their service offerings until version 6.1 to be released. A minor upgrade from 5.2.x to 5.3, however, will be less of a hurdle for most hosting companies.

Autoloading Namespaced Classes

If you're defining the magic __autoload function to include class definition files on demand, then you're probably making use of a directory that includes all your class files. Before we could use namespaces, this approach would suffice, as each class would be required to have a unique name. Now, though, it's possible to have multiple classes with the same name.

Luckily, the __autoload function will be passed the fully namespaced reference to the class. So in the examples above, you might expect a call such as:

PHP Code:
__autoload( 'MyCompany::Blog::User' ); 

You can now perform a string replace operation on this parameter to convert the double colons to another character. The most obvious substitute would be a directory separator character:

PHP Code:
function __autoload( $classname ) { 
       $classname = strtolower( $classname ); 
       $classname = str_replace( '::', DIRECTORY_SEPARATOR, $classname ); 
       require_once( dirname( __FILE__ ) . '/' . $classname . '.class.php ' ); 
} 

This would take the expected call above and include the file ./classes/mycompany/blog/user.class.php.

Late Static Binding

Late static binding provides the ability for a parent class to use a static method that has been overridden in a child class. You might imagine this would be the default behaviour, but consider the following example:

PHP Code:


class ParentClass { 
    
       static public function say( $str ) { 
               self::do_print( $str ); 
       } 

       static public function do_print( $str ) { 
               echo "Parent says $str
"; 
       } 

} 

class ChildClass extends ParentClass { 
        
       static public function do_print( $str ) { 
               echo "Child says $str
"; 
       } 

} 

ChildClass::say( 'Hello' );

You would probably expect this to return "Child says Hello". While I understand why you might expect this, you'll be disappointed to see it return "Parent says Hello".

The reason for this is that references to self:: and __CLASS__ resolve to the class in which these references are used. PHP 5.3 now includes a static:: reference that resolves to the static class called at runtime:

PHP Code:
static public function say( $str ) { 
               static::do_print( $str ); 
       } 

With the addition of the static:: reference, the script will return the string "Child says Hello".

__callstatic
Until now, PHP has supported a number of magic methods in classes that you'll already be familiar with, such as __set, __get and __call. PHP 5.3 introduces the __callstatic method, which acts exactly like the call method, but it operates in a static context. In other words, the method acts on unrecognized static calls directly on the class.

The following example illustrates the concept:

PHP Code:


class Factory { 

       static function GetDatabaseHandle() { 
               echo 'Returns a database handle
'; 
       } 

       static function __callstatic( $methodname, $args ) { 
               echo 'Unknown static method ' . $methodname . '' . 
                       ' called with parameters:
'; 
               echo '' . print_r( $args, true ) . '
'; 
       } 
} 

Factory::GetDatabaseHandle(); 
Factory::CreateUser(); 
Factory::CreateBlogPost( 'Author', 'Post Title', 'Post Body' );

Variable Static Calls

When is a static member or method not static? When it's dynamically referenced, of course!

Once again, this is an enhancement that brings object functionality to your classes. In addition to having variable variables and variable method calls, you can now also have variable static calls. Taking the factory class defined in the previous section, we could achieve the same results by invoking the following code:

PHP Code:
$classname = 'Factory'; 
$methodname = 'CreateUser'; 
$classname::$methodname(); 

$methodname = 'CreateBlogPost'; 
$author = 'Author'; 
$posttitle = 'Post Title'; 
$postbody = 'Post Body'; 

$classname::$methodname( $author, $posttitle, $postbody ); 
You can create dynamic namespaces like so: 
php 
require_once( 'lib/autoload.php' ); 

$class = 'MyCompany::Blog::User'; 
$user = new $class(); 
$user->set('fullname', 'Ben Balbo'); 
$user->save(); 

These little touches can make your code more readable and allow you full flexibility in an object oriented sense.

MySQL Native Driver

Until version 5.3 of PHP, any interaction with MySQL usually occurred in conjunction with libmysql -- a MySQL database client library.

PHP 5.3's native MySQL driver has been designed from the ground up for PHP and the ZEND engine, which brings about a number of advantages. Most obviously, the native driver is specific to PHP, and has therefore been optimised for the ZEND engine. This produces a client with a smaller footprint and faster execution times.

Secondly, the native driver makes use of the ZEND engine's memory management and, unlike libmysql, it will obey the memory limit settings in PHP.

The native driver has been licensed under the PHP license to avoid licensing issues.

Additional OpenSSL Functions

If you've ever had to perform any OpenSSL-related actions in your scripts, (such as generating a Diffie Hellman key or encrypting content) you'll either have performed this operation in user-land, or passed the request to a system call.

A patch to the OpenSSL functionality in PHP 5.3 provides the extra functions required to perform these actions through the OpenSSL library, which not only makes your life easier and your applications faster, but allows you to reuse the proven code that comes with OpenSSL.

This will be great news for anyone that's currently working with OpenID.

Improved Command Line Parameter Support

Hopefully, you'll be aware of the fact that PHP is more than just a scripting language for the Web. The command line version of PHP runs outside of the web server's environment and is useful for automating system and application processes.

For example, the getopt function of PHP has been around for a while, but has been limited to a number of system types; most commonly, it didn't function under a Windows operating system environment.

As of PHP 5.3, the getopt function is no longer system dependent.

XSLT Profiling

XSLT is a complex beast, and most users of this templating mechanism will be familiar with xsltproc's profiling option. As of PHP 5.3, you can profile the transforms from within your PHP scripts.

PHP Code:
$doc = new DOMDocument(); 
$xsl = new XSLTProcessor(); 

$doc->load('./lib/collection.xsl'); 
$xsl->importStyleSheet($doc); 

$doc->load('./lib/collection.xml '); 
$xsl->setProfiling("/tmp/xslt-profiling.txt"); 
echo $xsl->transformToXML($doc); 

echo 'Profile report'; 
echo '' . file_get_contents( '/tmp/xslt-profiling.txt' ) . ''; 

The information produced by the profile will look something like this:

number match name mode Calls Tot 100us Avg
0 collection 1 4 4
1 cd 2 1 0

Total 3 5

New Error Levels
PHP is certainly a language that has a few, er, quirks. For example, why doesn't E_ALL include all error levels?

Well now it does! Yes, PHP 5.3 now includes E_STRICT as part of E_ALL.

Furthermore, while E_STRICT used to report on both the usage of functionality that might become deprecated in the near future, and on bad programming practices such as defining an abstract static method, in PHP 5.3, these two errors are split into E_DEPRECATED and E_STRICT respectively, which makes a lot more sense.

Other Minor Improvements

There's a handful of other improvements coming in PHP 5.3 that either don't warrant an entire section in this article, or were untestable at the time this article was written, such as:

â€¢ Sqlite3 support via the ext/sqlite extension
â€¢ SPL's DirectoryIterator, which now implements ArrayAccess
â€¢ Two news functions: array_replace and array_replace_recursive. While these functions were undefined when tested under PHP 5.3.0, the C code that implements them suggests that they will contain similar functionality to array_merge. One exception, however, is that the array_replace function will only update values in the first array where the keys match in both arrays. Any keys that are present in the second array but don't appear in the first will be ignored.

Summary

PHP 5.3 contains much functionality that was originally slated for inclusion in PHP 6, which takes it from being a minor upgrade to a significant release that every PHP developer should start thinking about. We touched on some of the new features in this blog, and looked at some code that demonstrates how you might go about using these new features.

Rotating Banner System

Wed, 06 Feb 2008 11:11:59 +0000

When we create a eCommerce site for our clients, one of the many things we always get asked, can have a rotating banner system. We have decided to put together some information on how to create a rotating banner system with php & MySQL.
You will need a limited knowledge of mySQL including how to create a mySQL table.

Introduction

Dynamic banner display means that the same banner advertisement changes with each refresh of the page, if ajax is used with php this can also be done in real time. This enables the display of ads on a Web site without having to clutter a single Web page.

Banners can be a viable source of income. Statistical information reporting the number of "hits" (the number of times the banner is displayed) and "clicks" (times the banner is clicked on) can be generated to justify the use of each banner.

This blog will provide instructions for developing a simple banner advertisement rotation system in PHP.

The banner advertisement script will enable you to:

Â· Automate rotation of a banner upon every refresh of the page.
Â· Keep track of banner statistics, including number of displays and actual clicks without the use of cookies, regardless of the banner destination.
Â· Switch banners in and out of active rotation without having to delete them from the database.

To achieve these features:

Â· Identifying each banner uniquely by assigning it a unique 32 byte ID.
Â· Give you the option to select the order in which the banners will be displayed.
Â· Generating the necessary HTML to display the banner correctly and dynamically based on the data provided and associated with the unique ID.
Â· Providing a means of tracking banner hits without interfering with its original destination link.

Banner Details

When structuring the database, the actual data associated with the banner follows a unique ID. The question is what data is really necessary and in what form should it take in the table?

For example, should the actual banner graphic be included within the database, say as a BLOB field, or should only the filename to the graphic be provided?

We have opted to include the banner graphic's filename as a string, represented by the column 'SRC'.

Note: The 'SRC' Field can only store a limited sized URL or file path; it is defined as VARCHAR (255).

The first field in our table structure is the ID field. This field serves as our unique banner identifier. Banner IDs can be defined using the statement below. In doing so, you can expect to receive a unique ID 32 characters in length:

PHP Code:
= md5 (uniqid (rand())); ?>

The next three fields represent their HTML counterparts.

Â· HREF: Banner's URL, used as part of the tag.
Â· SRC: Graphic to be displayed when using the tag.
Â· ALT: Alternative banner description, when using the tag.

Note: From the fields listed above, only the ALT field is not mandatory and can be set to NULL.

The Hits and Clicks integer fields maintain display and click-through statistics respectively.

Two enumerated fields, Active and Pos, are used as follows:

Â· Pos field: Used as a flag field to indicate that this banner has already been displayed in this rotation cycle.
Â· Active field: Used to determine whether or not the banner is active.

The b_order integer field rounds out the table shown below. b_order defines the order in which a banner will be displayed. If you choose to display your banners in a particular sequence then this field will be mandatory. You would assign each banner a position and record it here.

Column Descripton Req'd?

ID Unique Banner ID, a MD5 32 Character String Y
HREF The URL to use in the banner's tag Y
SRC The Graphic to use in the banner's tag Y
ALT The alternate description for the banner graphic. Used for N
hits The Hit (or display) stetisticsfor the banner N
clicks The Click statistics for the banner N
active Is this banner currently in active rotation? Y
pos This fields serves as a "last used" identifier for PHP to track what banner was last displayed N
b_order The Order the banner will be displayed Y

The Database Definition

Displayed below is the mySQL table definition for the set of banner records.

Banner Table Definitions

Name Type Key
ID VARCHAR (32) Primary Key
HREF VARCHAR (255)
SRC VARCHAR (255)
ALT VARCHAR (255)
hits INT(10)
click INT(10)
active ENUM('T', 'F')
pos ENUM('A',NULL)

Note: When defining your table ensure that the fields ID, URL and file are set with the NOT NULL Property (or similar).

The mySQL Statement

The following CREATE TABLE statement may be used create the above table:

PHP Code:
CREATE TABLE banner(
ID VARCHAR(32) NOT NULL PRIMARY KEY,
HREF VARCHAR(255) NOT NULL,
SRC VARCHAR(255) NOT NULL,
ALT VARCHAR(255),
hits INT(10) DEFAULT 0,
clicks INT(10) DEFAULT 0,
active ENUM('T', 'F') NOT NULL DEFAULT 'T',
pos ENUM('A', ''),
b_order INT(10) NOT NULL DEFAULT 1); 

You can include your file before any output to the user is sent, using the following code:

PHP Code:
include("/path/to/included.php"); 

Example

You have created a Web page and would like to generate some advertising revenue by inserting a rotating banner advertisement somewhere on that page.

The script presented in this blog is a self-contained application. However, it must be included before any output is sent to the user. The entire script is contained within a single file (complete with the function to display the banner).

To add a rotating banner:

Â· Insert the following function call: display_banner(); Calling this function with no parameters will cause the script to simply pick the next appropriate banner (meaning the next active banner available) and display the HTML behind it. The two optional parameters, $bannerID and $query_extra are used under special-case circumstances outlined below.
Â·
o $bannerID is used to force the script to display a specific banner based on its ID. When the specific banner is displayed, it does not affect the normal rotation pattern of the banners.
o $query_extra is used to include specific, relevant variables along with the banner itself when a user clicks on it. $query_extra is an array and must be formatted in the following way:

PHP Code:
array("var1name"=>"var1value", "var2name"=>"var2value"); 

This feature is for the case where you might want to display a banner that links to another section of your site. If you use Sessions on your site, a normal redirect could potentially lose the current session data (if a GET method is being used instead of cookies). To compensate for this, $query_extra should be appended to the end of the banner's URL. This would enable you to keep your session data intact. This feature also could be used to transfer any extra required data regarding your banner to an external site if the situation warrants.

o display_banner() generates the proper HTML complete with a tag that points to $PHP_SELF and passes the proper banner ID back to itself (which then triggers the redirect logic).

Script Overview

With the example firmly in mind, the remainder of this section presents the contents of the banner script. The basic code-flow of the script is outlined below:

Step 1: Opening of page, Load pre-pended script file or execute include statement.
Step 2: Is a banner ID been given? If so, go to step 7. Otherwise, step 3.
Step 3: Load selected banner's data and add 1 to the banner's display statistics.
Step 4: Display HTML for banner using loaded information.
Step 5: Continue displaying page as normal.
Step 6: Reload the Web page and pass itself the banner ID of given banner clicked.
Step 7: Add 1 to the banner's click statistics.
Step 8: Redirect User to page specified in database for given banner ID.

What you need to do

Â· Open the page: Process a clicked banner if a banner ID is present. Otherwise, display the requested page as expected.
Â· Select a banner for display: Decide which banner to display.
Â· Generate the HTML: Output the required HTML.
Â· Special Case: Appending extra GET method data.

Open the Page

To track banner clicks, it is necessary to include the required code at the beginning of every page that will display the banner.

This code, nested within an if statement, is activated only when a banner has been clicked. Otherwise, the original page is displayed as expected.

Be sure to call the Display_Banner() function within the original page's script to display the banner at that page's preferred location. It is not necessary to call Display_Banner() on every page you include the auto-prepend script, rather only where you want a banner displayed.

Code Flow

Â· Check for the existence of $_bannerID (exists only if the user has clicked on a banner).
Â· Open a connection to the Database.
Â· Gather information about the banner from the database and validate the banner ID.
Â· Alter Statistics and re-direct user to the proper URL using the header() function.

PHP Code:
if(isset($_bannerID)) {
$DB = new DB_BANNER;
$DB->query("SELECT * FROM banner 
WHERE(uniqueid=$_bannerID)");
if($DB->num_rows() != 0) {<BRDBINCCLKS($_BANNERID);
$url = $DB->f("HREF"). $_query_extra;
Header("Location: $url");
}
}
?>

Select a Banner for Display

Having already created an auto-prepend file (see Prerequisites), our task now is to process the data and generate the required HTML to display a given banner.

In the Script Flow presented below, the tag of the banner is set to point to itself (i.e. the same page). It passes the ID of the banner that was just displayed. When the user clicks on the banner and the page is re-loaded (with the passed banner ID) the auto-prepended code is triggered and the appropriate action is taken.

Note: If we were not concerned with statistics, this step would have been a simple matter of putting the correct URL in the tag.

The script features two banner selection methods:

Â· Default method: Banners are displayed in a predefined order based on the b_order column in the table.
Â· Forced method: The script forces the display a specific banner based on it's banner ID.

Both of these methods are accessed by calling the function display_banner(). This function takes two optional parameters - a string that would contain a specific banner ID and a second string for extra query parameters.

Note: If you would like the script to behave in the default manner but still pass extra parameters using $query_extra, you must set the first parameter of display_banner() to the value "none" (case sensitive).

Code Flow

Â· Check to see if a banner ID was provided
Â· Check for the existence of any banners in the database
Â· Check to see if there are banners that have not been displayed yet. If not, reset the database so that all the banners can be displayed.
Â· By default, retrieve all of the banners that have not yet been displayed, ordered by the b_order column. Otherwise, retrieve the banner based on the banner ID provided.
Â· Take the first row returned and use it as the next banner to be displayed
Â· Construct the proper HTML for the banner based on the database data and the $query_extra array.

The $query_extra parameter of the display_banner() function is used to append extra GET method data to the end of the banner URL. This data should be an associative array representing the variables you would like to pass along with the banner ID when the banner is clicked (such as a session ID).

Â· If the banner was selected by rotation, meaning by default, flag the selected banner so that it will not be displayed twice in a row.

PHP Code:
function Display_Banner($bannerID = "none", 
$query_extra = "") {
global $DB, $_bannercfg, $PHP_SELF;
if($bannerID == "none") {
$DB->query("SELECT * FROM banner WHERE pos='' LIMIT 1");
if($DB->num_rows() == 0) {
$DB->query("UPDATE banner SET pos='' WHERE(pos='A')");
}
$DB->query("SELECT * FROM banner WHERE(pos='') 
ORDER BY b_order LIMIT 1"); 
} else {
$DB->query("SELECT * FROM banner 
WHERE(ID='$bannerID')"); 
}
if($DB->num_rows() == 0) {
return false;
}
$DB->next_record();
$ban_data = $DB->Record; 

Generate the HTML

In this stage of the script, the HTML is generated. The following basic HTML format is used to display our banner â€“ the fields encased in '%' symbols define where PHP will fill in appropriate values:

PHP Code:
<A HREF="%HREF%">
<IMG SRC="%SRC%" ALT="%ALT%" BORDER=0>
A> 

Note: Be aware that when extra data is passed along using the $query_extra parameter, it is appended in the proper format to the HREF field.

Once the banner has been displayed, the script ends unless the user clicks on the banner. In such a case, the variables $_bannerID and any data brought along with the $query_extra parameter is passed to itself (which in turn activates the source from the "Opening the page" section and takes the proper actions).

Code Flow

Â· Construct the HTML for the GET method.
Â· Make the extra query string.
Â· Construct the HTML for the banner and include the GET we constructed previously.
Â· Flag the banner.
Â· Echo the HTML.

PHP Code:

$get = "?_bannerid=";
$get .= urlencode($ban_data['ID']);
unset($query);
if(is_array($query_extra)) {
foreach($query_extra as $key => $val) { 
$get .= "&$key=".urlencode($val); 
}
}
$html = "$PHP_SELF$get'>"
. "$_bannercfg[srcpath]$ban_data[SRC]' "
. "ALT='$ban_data[ALT] "
. "BORDER='$_bannercfg[border]'>"
. "

";
if($bannerID == "none") {
$DB->query("UPDATE banner SET pos='A' 
WHERE(ID='".$ban_data['ID']."')");
}
echo $html;
return true;
}
?>

Special Case: Appending Extra GET Method Data

Sometimes it is necessary to pass data along with a banner that, although is important to a third party or script, is irrelvant to this particular banner script.

For example, assume that in order to receive credit for the click-through (we'll call this ID parameter "tracker" with a value of "foo"), you need to pass an ID code to a URL that is being pointed to by the banner.

In order to pass this ID, you would need to include it as the $query_extra parameter when calling Display_Banner()as follows.

Code Flow

Â· Place the tracker ID code into a associative array with the key set as the parameter name (tracker) and the value set at it's value (foo).
Â· Pass the array to Display_Banner() as it's second parameter

PHP Code:
// Display a banner using default behavior
// But still passing the tracker parameter
$trackerID = array("tracker"=>"foo");
Display_Banner("none", $trackerID); 
// Display another banner specifically by
// passing it's ID and the tracker parameter
Display_Banner("dka932ndksla2931kdn1ksla231na23k", $trackerID); 
?>

The Script

Note: The PHP elements are found within the marks.

The code contains comments preceded by // or /* and */ marks.

PHP Code:
// Check to see if the banner ID flag is set
if(isset($_bannerID)) {
// Create an instance of the Database Layer 
$DB = new DB_BANNER;
// Get info about banner from DB 
$DB->query("SELECT * FROM banner 
WHERE(uniqueid=$_bannerID)"); 
// Check to see if Banner ID is valid before doing 
// anything else 
if($DB->num_rows() != 0) { 
// Increment Click Counter 
dbIncClks($_bannerID); 
// Redirect user to new location, $_query_extra 
// is the Extra parameters that were given to the 
// script back in dbShowBan(). This feature is 
// for if you want a banner on your own site, to 
// your own site, but use sessions and don't want 
// the user to lose their session when they 
// click. 
$url = $DB->f("URL"). $_query_extra;
Header("Location: $url"); 
} 
} 
function Display_Banner($bannerID = "none", 
$query_extra = "") { 
// Grab the Database Layer and the Config options 
global $DB, $_bannercfg, $PHP_SELF; 
// Did we pass a BannerID? 
if($bannerID == "none") { 
// If Not, Grab the next in rotation 
// First, make sure that there is something to select
$DB->query("SELECT * FROM banner WHERE pos='' 
LIMIT 1"); 
// If there is nothing, then everything has 
// been displayed
// Time to start from square 1 
if($DB->num_rows() == 0) { 
$DB->query("UPDATE banner SET pos='' WHERE(pos='A')"); 
}
// Finally, select the next banner 
$DB->query("SELECT * FROM banner WHERE(pos='') 
ORDER BY b_order LIMIT 1"); 
} else {
// If so, Grab the requested Banner 
$DB->query("SELECT * FROM banner 
WHERE(ID='$bannerID')");
} 
// Make sure we grabbed something 
if($DB->num_rows() == 0) { 
return false;
}
$DB->next_record(); 
// Saved the data we got in a separate array 
$ban_data = $DB->Record; 
// Construct the HTML for the GET 
$get = "?_bannerid=".urlencode($ban_data['ID']); 
// Make the extra query string 
if(is_array($query_extra)) { 
foreach($query_extra as $key => $val) {
$get .= "&$key=".urlencode($val);
} 
} 
// Construct the HTML for the banner and include the GET // we constructed previously. 
$html = "$PHP_SELF$get'>"
. "$_bannercfg[srcpath]$ban_data[SRC]' "
. "ALT='$ban_data[ALT] "
. "BORDER='$_bannercfg[border]'>"
. ""; 
// Increment the hits
dbIncHits($ban_data['ID']); 
// Flag the banner used as displayed (if it was selected 
// by rotation) In special cases, we're not going to flag 
// anything 
if($bannerID == "none") {
$DB->query("UPDATE banner SET pos='A' 
WHERE(ID='".$ban_data['ID']."')");
}
// Finally, echo the HTML
echo $html;
// Return True
return true;
}
function dbIncClks($_bannerID) {
global $DB;
$DB->query("SELECT clicks FROM banner 
WHERE(ID='$_bannerID')");
If($DB->num_rows() == 0) {
return false;
}
$DB->query("UPDATE banner SET clicks=".($DB->f('clicks')+1)." WHERE(ID='$_bannerID')");
} 
function dbIncHits($_bannerID) {
global $DB;
$DB->query("SELECT hits FROM banner 
WHERE(ID='$_bannerID')");
If($DB->num_rows() == 0) {
return false;
}
$DB->query("UPDATE banner SET hits=".($DB->f('clicks')+1)." WHERE(ID='$_bannerID')");
}
?>

Why Use PHP?

Wed, 06 Feb 2008 10:58:24 +0000

If you need to embed dynamic text into static text, youâ€™ll find PHP extremely useful. It was designed for this, and it excels at it. PHP is also very useful for integrating web pages with databases.

The PHP scripting language resembles JavaScript, Java, and Perl, These languages all share a common ancestor, the C programming language. PHP is most different from JavaScript and Java. PHP is a server-side scripting language. All of the â€œworkâ€ is done on the server. JavaScript (and Java) generally run on the client. They have little access to the information that the server has, and mediated access to information on the client. They can do lots of things on the client that PHP cannot. PHP has full access to the information that the server has, and very little access to information that the client has. In fact, it only has information that the client tells the server and that the server passes on to PHP.

Because it is on the server, however, PHP cannot be modified by the client. While you cannot necessarily trust the information that the client gives to PHP, you can trust that your PHP is doing what you told it to do.

Because PHP is on the server end, your PHP scripts can affect your server--such as by keeping an activity log or updating a database.

PHP and Perl often work side-by-side. These are both server-side. Where PHP excels at embedding dynamic content, Perl excels at modifying (or â€œfilteringâ€) streams of text. PHP excels at putting things into documents, and Perl excels at finding things in documents. After you have learned PHP, you may well find Perl useful for many tasks, especially for command-line tasks. PHP has an advantage over Perl on most web sites because PHP is usually loaded as part of the web server. When scripting languages â€œrunâ€, the system has to first load the â€œinterpreterâ€ and then â€œcompileâ€ the language into code that the machine can understand. When you tell PHP to echo the current time to the web page, the computer needs to have your command translated into numbers that it can understand. Because the PHP interpreter is already loaded as part of the web serverâ€™s software, it is always running. This cuts out half of that process. The interpreter is already loaded, and it can go directly to compiling the language into code. When web servers see a request to run a Perl script, they usually have to first load the Perl interpreter. This happens very quickly, but when there are thousands or tens of thousands of requests coming every second, every â€œvery quicklyâ€ can add up.

C programs are â€œpre-compiledâ€. They cut out both steps in that process: no interpreter is needed because the program is already compiled into code the machine understands. Because of this, however, C programs must be compiled every time you switch to a new machine. If you move to a different host, you will usually have to recompile your C programs.
Sometimes youâ€™ll even have to recompile your C programs when your ISP upgrades their serverâ€™s system software. And many ISPs do not provide you with a C compiler. Youâ€™ll find that PHP is more â€œportableâ€ than C in this respect: if it works on one server, it will usually work on any other server that has it. Most ISPs that provide server-side scripting provide PHP.

Do you want to implement your own search friendly url engine?

Wed, 05 Dec 2007 15:01:04 +0000

This is one version of URL rewrite engine, which is not dependent on Apache mod_rewrite. It is relatively easy to implement in other systems or to adapt to your specs. We currently use this version on some of our

This is an evil url: www.notfriendly.com/index.php?menuID=28&type=article
This is a good url: www.friendly.com/index/menuID_28-type_article

My solution is to the URL processing in PHP. If you follow these steps you will have your own Apache compatible URL rewrite engine in no time.

Step 1.

In your .htaccess file (If you don't have one, then create a new one in the folder where your index.php resides) add the following:

ForceType application/x-httpd-php

This simply tells your apache server to treat "index" in the url as "index.php". If you are using a server other than apache, then you will need to configure it to do this.

Step 2.

Implement the class below so that an instance is create each time index.php is executed. What this does is it takes the special url www.friendly.com/index/menuID_28-type_article and splits it into www.friendly.com/index/ and menuID_28-type_article strings, then it creates an array:

array['menuID'] = 28
array['type'] = article

You cannot use $_GET['paramName'], instead call getItem($key) method in UrlFilter passing the name of the parameter you want, for exaple: $this->urlFilter -> getItem("menuID").

You can use any number of parameters, and name them as you wish, all you have to do is use the getItem() method and you got yourself nice URLs. Ofcourse you will need to build your links correctly for this to work, use getOriginalUrl() for this, then add your parameters to it: /param_value-param2_value2-param3_value3 and so on...

// constructs search friendly urls and create correct url paths for links and images

class UrlFilter {
var $origUrl;
var $numOfItems;
var $itemsMap;

function UrlFilter()
{
$this->processURI();
$this->constructBaseUrl();
}

function processURI()
{
$array = explode("index", $_SERVER['PHP_SELF']);
$newUrl = str_replace("/", "", $array[count($array)-1]);
$array = explode("-", $newUrl);
$num = count($array);
$this->numOfItems = $num;
$url_array = array();

$items = explode("-", $newUrl);
$num = count($items);
for ($i = 0 ; $i < $num ; $i++) {
$item = explode("_", $items[$i]);
$this->itemsMap[$item[0]] = $item[1] ;
}
}

function constructBaseUrl()
{
// need to construct the original url
$array = explode("index", $_SERVER['PHP_SELF']);
$num = count($array);
$this->origUrl = "";
for ($i = 0; $i < $num-1 ; $i++) {
$this->origUrl = $this->origUrl . $array[$i];
}
}

function getItem($key)
{
if (array_key_exists($key, $this->itemsMap)) {
return $this->itemsMap[$key];
} else {
return null;
}
}

function getOriginalUrl()
{
return $this->origUrl . "index";
}

function getBaseUrl()
{
return $this->origUrl;
}

}