Serving web pages
Stopping spam and hackers
htaccess
An .htaccess file in a directory on a server tells the server how to handle specified requests or requests from specified internet addresses.
Examples of Apache directives
- Prevent anyone from reading the .htaccess file(s).
<Files .htaccess> order allow,deny deny from all </Files>
- Prevent certain IPs or ranges of IPs from accessing documents.
order allow,deny deny from 59.92.4.185 deny from 66.225.201 deny from 69.80.96.0/20 allow from all
Prevents anyone from 59.92.4.185, addresses that start with 66.225.201, or addresses that match the first 20 bits of 69.80.96.0.
- Set a custom 403 error message.
ErrorDocument 403 "Sorry, requests from your IP address are forbidden
Shows the phrase after " when access is denied to a page.
- Set a custom 403 document.
ErrorDocument 403 /errors/403.html
Replies with the 403.html file when access is denied to a page.
- Set a custom 404 document.
ErrorDocument 404 /errors/404.html
Replies with the 404.html file when the request can't be found.
- Allow rejects to see 403 file.
order allow,deny allow from all
Put this in the folder where the 403 file is, and it allows even banned IPs access to the 403 error document (and any other files that are in that folder; better add the Files directive also).
Getting funny characters right
Now that I'm starting, like many, to use UTF-8 encoded data, I need to make sure that PHP connects to MySQL using a UTF-8 pipe. That can be accomplished with a single command in PHP scripts:
mysql_set_charset("utf8");
See Switching a web site to UTF-8 for much more.
Processing form input
Putting tags around links automatically
I have forms where people write stories that usually include web links. If I want the links to be clickable, then I usually write <a> tags around the link, repeating the link in the href field. Now I have a string replace function in PHP that will do that automatically:
$html_links = preg_replace('~[^>"](https?://\S+[0-9a-zA-Z/&\?])~', '<a href="$1">$1</a>', $text);//$text being the input text
- Explaining the function
- preg_replace searches for the substrings of the third argument ($text here) that match the first argument, replacing them with the second argument.
- ~...~, the search string starts and ends with tildes, just to delimit the beginning and end of the regular expression...They are allowed to be most any symbol, preferably one we're not using in the search string. Slashes and quotes are often used, but we have those two symbols in our search string itself, so I chose tildes.
- [^>"] means "anything but greater than or double-quotes."We make sure we're not finding links that already appear right after quotation marks or greater-than symbols, since that would mean the link already is part of a tag.
- (...)The parentheses mean this section of the found string will be needed later, so save it in a variable, $1.
- http must begin the string we're looking for.
- s?, the question mark makes the s optional, allowing zero or one "s", since https: is just as valid as http:
- ://Then must follow a colon and two forward slashes.
- \S+Then can follow any number of non-whitespace characters, signified by "\S", the plus sign meaning one or more of whatever precedes itself.
- [0-9a-zA-Z/&\?] The URL we find must end in a number, a letter, a slash, an ampersand, or a question mark. We don't include periods or other punctuation because someone might enter a URL followed by punctuation that isn't part of the URL. Because the question mark has a special meaning in regular expressions, we "escape" this one with the escape symbol, a backwards slash. Links could be like any of the following:
See the section on Perl-Compatible Regular Expressions in the PHP manual: http://www.php.net/manual/en/book.pcre.php
