Serving web pages: Difference between revisions

Stopping spam and hackers

htaccess

An .htaccess file in a directory on a server tells the server how to handle specified requests or requests from specified internet addresses.

Examples of Apache directives

<Files .htaccess>
order allow,deny
deny from all
</Files>

Prevents anyone from reading the .htaccess file(s).

order allow,deny
deny from 59.92.4.185
deny from 66.225.201
deny from 69.80.96.0/20
allow from all

Prevents anyone from 59.92.4.185, addresses that start with 66.225.201, or addresses that match the first 20 bits of 69.80.96.0.

ErrorDocument 403 "Sorry, requests from your IP address are forbidden

Shows the phrase after " when access is denied to a page.

ErrorDocument 403 /errors/403.html

Replies with the 403.html file when access is denied to a page.

ErrorDocument 404 /errors/404.html

Replies with the 404.html file when the request can't be found.

order allow,deny 
allow from all

Put this in the folder where the 403 file is, and it allows even banned IPs access to the 403 error document (and any other files that are in that folder; better add the Files directive also).

Getting funny characters right

Now that I'm starting, like many, to use UTF-8 encoded data, I need to make sure that PHP connects to MySQL using a UTF-8 pipe. That can be accomplished with a single command in PHP scripts:

mysql_set_charset("utf8");

Processing form input

Putting tags around links automatically

I have forms where people write stories that usually include web links. If I want the links to be clickable, then I usually write <a> tags around the link, repeating the link in the href field. Now I have a string replace function in PHP that will do that automatically:

$html_links = preg_replace('~[^>"](https?://\S+[0-9a-zA-Z/&\?])~', '<a href="$1">$1</a>', $text);//$text being the input text

Explaining the function

• preg_replace searches for the substrings of the third argument ($text here) that match the first argument, replacing them with the second argument.
• ~...~, the search string starts and ends with tildes, just to delimit the beginning and end of the regular expression...They are allowed to be most any symbol, preferably one we're not using in the search string. Slashes and quotes are often used, but we have those two symbols in our search string itself, so I chose tildes.
• [^>"] means "anything but greater than or double-quotes."We make sure we're not finding links that already appear right after quotation marks or greater-than symbols, since that would mean the link already is part of a tag.
• (...)The parentheses mean this section of the found string will be needed later, so save it in a variable, $1.
• http must begin the string we're looking for.
• s?, the question mark makes the s optional, allowing zero or one "s", since https: is just as valid as http:
• ://Then must follow a colon and two forward slashes.
• \S+Then can follow any number of non-whitespace characters, signified by "\S", the plus sign meaning one or more of whatever precedes itself.
• [0-9a-zA-Z/&\?] The URL we find must end in a number, a letter, a slash, an ampersand, or a question mark. We don't include periods or other punctuation because someone might enter a URL followed by punctuation that isn't part of the URL. Because the question mark has a special meaning in regular expressions, we "escape" this one with the escape symbol, a backwards slash. Links could be like any of the following:
  • http://energyteachers.org
  • http://energyteachers.org/
  • http://energyteachers.org/workshopdetail.php?workshop_id=470
  • http://energyteachers.org/workshopdetail.php?
  • http://energyteachers.org/workshopdetail.php?workshop_id=470&

See the section on Perl-Compatible Regular Expressions in the PHP manual: http://www.php.net/manual/en/book.pcre.php

See also

Javascript recipes