MDBitz Development Resources

Beginner web developers may not be fully aware of the security vulnerabilities from shared hosting. Most shared hosting servers work by having a common php installation that uses the same php.ini configurations to run. What this means to the user is that all session information for all users are stored in a common directory on the server. This can allow for users to access the session data for another user’s website and use that information to bypass your sites authentication security.

The good news is that php has multiple methods for modifying the path that session information is saved so that you can put it in a directory that only your user has access to. Taking the time to modify the session.save_path configuration is just one more way to secure your website and any users’ data.

Method 1: Modify the php.ini file

The php.ini file contains the settings used by php upon run time. To update this file simply do a search of the session.save_path and modify the value to a path that is inside your user directory but outside of the web root. For example if your user account was /users/abc123/ and your website was at /users/abc123/www.example.com/ then you would want to have your session information stored at /users/abc123/temp or similar.

session.save_path = /users/abc123/temp

Method 2: Set the path using the session_save_path function

If you don’t have access to modifying the php.ini file then your second option is to use the session_save_path method. This method can be used to both get the current path as well as to set the path. Simply call this function before you do any session handling in your php pages to have it use your desired path.

<?php session_save_path( "/users/abc123/temp" ); ?>

Method 3: Set the path by use of the ini_set function

The ini_set function can be used to override most of the settings that you can set in the php.ini file. It allows you to pass a key value pair of the configuration to be set and the value to give it.

<?php ini_set("session.save_path", "/users/abc123/temp" ); ?>

Modifying the session save path from a shared directory is one more step you can take to secure your php websites. One item to note is that the directory must exist as the session handler will not create the folder if it does not.

Resources

• PHP.net: Session Functions
• PHP.net: session_save_path function
• PHP.net: Runtime Configurations – session.save_path

When writing a post to your WordPress powered blog or website have you ever wished you could split it up into multiple pages? The good news is that you can WordPress comes by default with the ability to create paginated posts by use of the Page-Link tag. This tag notifies WordPress that the following content should be on different page then the proceeding content.

The tag is used by simply inserting the text <!–nextpage–> into your post. There used to be a button to make this task easier on the user but it was removed to clean up the tools bar. You may find that this tag is not working for you in your site, the reason for this is that the theme you are using failed to implement the Page-Link function into their templates to display the pages. You can correct this by calling the wp_link_pages function in your single post template.

<?php wp_link_pages(); ?>

You can fully customize the page link by the usage of various parameters including before, after, next_or_number, and other self explanatory options. For a full list of options check out the Styling Page-Links page of the WordPress Codex.

How many times have you found yourself defining multiple find or search methods for obtaining data in your Web Applications. For example for a Users table you may have a findByName, findById, FindByEmail, and etc. Utilizing the iBATIS framework and SQL Maps we can have all these sql statements condensed into a single dynamic select statement.

To illustrate how this would be completed lets define our User table as the following:

Traditionally to create the above find methods you would create a sql statement for each query. Using iBATIS’s Dynamic SQl we are able to add them all into one statement by use of the dynamic element. To help illustrate lets start with a basic select SQL Map.

<select id="User.find" parameterClass="com.mdbitz.model.User" resultMap="userMap">
    SELECT * 
    FROM USERS
    WHERE 
        FIRST_NAME LIKE #firstName:VARCHAR#
        AND LAST_NAME LIKE #lastName:VARCHAR#
</select>

Using this simple map as a base we could extends it by adding a dynamic clause that only adds the where clauses if a property is set in the parameter object. To do this we would use the isNotNull element that outputs its content only if a property is not null. An updated dynamic map would look like:

<select id="User.find" parameterClass="com.mdbitz.model.User" resultMap="userMap">
    SELECT * 
    FROM USERS
    <dynamic prepend="WHERE">
        <isNotNull property="firstName" prepend="AND">
        FIRST_NAME LIKE #firstName:VARCHAR#
        </isNotNull>
        <isNotNull property="lastName" prepend="AND">
        LAST_NAME LIKE #lastName:VARCHAR#
        </isNotNull>
    </dynamic>
</select>

Using these dynamic statements you could extend this to do any type of find by that you need. You could query by name, phone number, email, id, or any combination of them. In addition to the property you could also use isNull, isEmpty, isNotEmpty, isGreaterThan, IsGreaterEqual, and etc. Instead of dozens of SQL Map statements for each desired search or query. Dynamic SQL allows you to condense your sql query into simpler more robust statements.

Resources

• iBATIS – official site

Very often when developing a WordPress powered blog or website you may find that you need to add custom features. One of the most common feature requests that I have come across is to add an image to the excerpts that get displayed on the main posts/articles page. Some people will try to utilize the excerpt to have the image display but there is a much easier way, the Custom Fields feature of WordPress.

The Custom Fields feature is used to add properties to your posts that you can then use in your template files. The default Custom Fields interface provided by WordPress is pretty basic in that you can enter name value pairs where you can put anything you want as a value.

To make using Custom Fields easier I would suggest utilizing a plugin such as Custom Field Template. This plugin allows you to create templates with defined fields for you to easily create your custom properties to your posts. In addition it enables you to have drop downs, text fields, text areas, and even the media hook in to insert images from your media content or upload them from your computer.

With the introductions to Custom Fields out of the way lets get right into an example on how to enhance your blog using them.

Example : Displaying an image with your blog excerpts

The simplest way to display an image in your blog excerpts is to create a custom field that will hold the image html that you want to display. If using the Custom Field Templateplugin then set the media to true so you can use the built in WordPress media tool to choose and modify your image. Lets assume for our purposes we named this property “img_thumb”. The first step is to identify the template(s) you will need to modify, in this example we will be modifying the main template responsible for showing the blog posts. Lets assume that our excerpts are displayed similar to the following sample code:

<div class="content">
    <h3>
        <a class="link" href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a>
    </h3>
    <div class="entry"><?php the_excerpt(); ?></div>
</div>

In this basic sample we are displaying the post title followed by excerpt. If we wanted to enhance this code to show the thumbnail image then we would have to first obtain the custom fields for the posts using the get_post_custom method, that returns an associated array of all the custom fields for the post.

<?php $custom_fields = get_post_custom(); ?>

Now that we have obtained the custom fields we can use them in our template. Lets modify the template so that we insert the image into our post prior to displaying the excerpt.

<?php $custom_fields = get_post_custom(); ?>
<div class="content">
    <h3>
        <a class="link" href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a>
    </h3>
    <div class="entry"><?php echo $custom_fields['img_thumb'][0]; ?><?php the_excerpt(); ?></div>
</div>

It is important to note the use of the [0] 0 index on the custom field property. As Custom Fields allow for multiple values for the same name it is important to use the index to specify the use of the value. This code above will now display the image in your blog posts. However you may have it so that you don’t have a image for each post, in that case you will want to check if the property exists before using it. If wanted you could even put in a default image to be displayed if a value isn’t entered.

<?php $custom_fields = get_post_custom(); ?>
<div class="content">
    <h3>
        <a class="link" href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a>
    </h3>
    <div class="entry">
        <?php if( $custom_fields['img_thumb'][0] != '' ) {
            echo $custom_fields['img_thumb'][0]; 
        } else { ?>
            <img src="http://www.example.com/wp-content/uploads/2010/02/test.jpg" alt="Alternate Text" title="Image Title" width="114" height="180" />
        <?php } ?>
        <?php the_excerpt(); ?>
    </div>
</div>

You have now enhanced your blog to display an image with your post excerpts. There are an unlimited number of ways to use custom fields in your blog from displaying special content and different layouts. Take the time to determine common content in your posts and then use Custom Fields to save and display this information in the format you need.

Resources

• WordPress Codex: get_post_custom
• WordPress Plugin: Custom Field Template

AddThis is a free easy to utilize web service that enables you to increase your site traffic by enabling visitors to easily bookmark and share your web pages and content with social networks such as Facebook, Twitter, and so many more. The service works by letting you add a customizable button to your site that contains all the popular sharing tools in one place, allowing the visitor to quickly link your content out into the web for others to enjoy.

In addition the AddThis team even has analytics enabled for registered users(free registration) that allows you to see what pages are getting bookmarked or shared and to what services. In the detailed articles found on my site you will see one of the possible formats for the AddThis button. If you have a website or blog that you want to increase traffic to, then this is a free tool/service that you would be well worth integrating.