MDBitz Development Resources

Beginner web developers may not be fully aware of the security vulnerabilities from shared hosting. Most shared hosting servers work by having a common php installation that uses the same php.ini configurations to run. What this means to the user is that all session information for all users are stored in a common directory on the server. This can allow for users to access the session data for another user’s website and use that information to bypass your sites authentication security.

The good news is that php has multiple methods for modifying the path that session information is saved so that you can put it in a directory that only your user has access to. Taking the time to modify the session.save_path configuration is just one more way to secure your website and any users’ data.

Method 1: Modify the php.ini file

The php.ini file contains the settings used by php upon run time. To update this file simply do a search of the session.save_path and modify the value to a path that is inside your user directory but outside of the web root. For example if your user account was /users/abc123/ and your website was at /users/abc123/www.example.com/ then you would want to have your session information stored at /users/abc123/temp or similar.

session.save_path = /users/abc123/temp

Method 2: Set the path using the session_save_path function

If you don’t have access to modifying the php.ini file then your second option is to use the session_save_path method. This method can be used to both get the current path as well as to set the path. Simply call this function before you do any session handling in your php pages to have it use your desired path.

<?php session_save_path( "/users/abc123/temp" ); ?>

Method 3: Set the path by use of the ini_set function

The ini_set function can be used to override most of the settings that you can set in the php.ini file. It allows you to pass a key value pair of the configuration to be set and the value to give it.

<?php ini_set("session.save_path", "/users/abc123/temp" ); ?>

Modifying the session save path from a shared directory is one more step you can take to secure your php websites. One item to note is that the directory must exist as the session handler will not create the folder if it does not.

Resources

• PHP.net: Session Functions
• PHP.net: session_save_path function
• PHP.net: Runtime Configurations – session.save_path

Very often when developing a WordPress powered blog or website you may find that you need to add custom features. One of the most common feature requests that I have come across is to add an image to the excerpts that get displayed on the main posts/articles page. Some people will try to utilize the excerpt to have the image display but there is a much easier way, the Custom Fields feature of WordPress.

The Custom Fields feature is used to add properties to your posts that you can then use in your template files. The default Custom Fields interface provided by WordPress is pretty basic in that you can enter name value pairs where you can put anything you want as a value.

To make using Custom Fields easier I would suggest utilizing a plugin such as Custom Field Template. This plugin allows you to create templates with defined fields for you to easily create your custom properties to your posts. In addition it enables you to have drop downs, text fields, text areas, and even the media hook in to insert images from your media content or upload them from your computer.

With the introductions to Custom Fields out of the way lets get right into an example on how to enhance your blog using them.

Example : Displaying an image with your blog excerpts

The simplest way to display an image in your blog excerpts is to create a custom field that will hold the image html that you want to display. If using the Custom Field Templateplugin then set the media to true so you can use the built in WordPress media tool to choose and modify your image. Lets assume for our purposes we named this property “img_thumb”. The first step is to identify the template(s) you will need to modify, in this example we will be modifying the main template responsible for showing the blog posts. Lets assume that our excerpts are displayed similar to the following sample code:

<div class="content">
    <h3>
        <a class="link" href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a>
    </h3>
    <div class="entry"><?php the_excerpt(); ?></div>
</div>

In this basic sample we are displaying the post title followed by excerpt. If we wanted to enhance this code to show the thumbnail image then we would have to first obtain the custom fields for the posts using the get_post_custom method, that returns an associated array of all the custom fields for the post.

<?php $custom_fields = get_post_custom(); ?>

Now that we have obtained the custom fields we can use them in our template. Lets modify the template so that we insert the image into our post prior to displaying the excerpt.

<?php $custom_fields = get_post_custom(); ?>
<div class="content">
    <h3>
        <a class="link" href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a>
    </h3>
    <div class="entry"><?php echo $custom_fields['img_thumb'][0]; ?><?php the_excerpt(); ?></div>
</div>

It is important to note the use of the [0] 0 index on the custom field property. As Custom Fields allow for multiple values for the same name it is important to use the index to specify the use of the value. This code above will now display the image in your blog posts. However you may have it so that you don’t have a image for each post, in that case you will want to check if the property exists before using it. If wanted you could even put in a default image to be displayed if a value isn’t entered.

<?php $custom_fields = get_post_custom(); ?>
<div class="content">
    <h3>
        <a class="link" href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a>
    </h3>
    <div class="entry">
        <?php if( $custom_fields['img_thumb'][0] != '' ) {
            echo $custom_fields['img_thumb'][0]; 
        } else { ?>
            <img src="http://www.example.com/wp-content/uploads/2010/02/test.jpg" alt="Alternate Text" title="Image Title" width="114" height="180" />
        <?php } ?>
        <?php the_excerpt(); ?>
    </div>
</div>

You have now enhanced your blog to display an image with your post excerpts. There are an unlimited number of ways to use custom fields in your blog from displaying special content and different layouts. Take the time to determine common content in your posts and then use Custom Fields to save and display this information in the format you need.

Resources

• WordPress Codex: get_post_custom
• WordPress Plugin: Custom Field Template

To those just starting to utilize Yahoo Finance to obtain stock information you may get a little disoriented by the query string sl1d1t1c1ohgv. Although at first glance the string sl1d1t1c1ohgv may seem like random letters and numbers it is actually responsible for telling Yahoo Finance what information to return to you. Instead of sending dozens of individual parameters to determine what information to return Yahoo Finance choose to simply concatenate the variables together. Below is a breakdown of what stock information you can return in your quote.

Stock Quote Variables

So what doessl1d1t1c1ohgv stand for?

It tells Yahoo Finance to return the following information about the stock requested.

• Symbol (s)
• Last Trade Value (l1)
• Lat Trade Date (d1)
• Last Trade Time (t1)
• Change (c1)
• Open (o)
• Days High (h)
• Days Low (g)
• Volume (v)

To make accessing the Yahoo Finance Stock Quote service easier for potential users, I have created a Yahoo Finance PHP Wrapper Library that you can utilize to query for stock quotes and information. The library returns the requested data as objects that you can easily extract information from, for full details visit the release page

Resources

• YahooFinanceAPI – PHP Library for accessing Yahoo Stock Finances
• AJAX & JSONP Example – How to pull in Stock information utilizing AJAX and JSONP

It is very common to have an archive in your WordPress blog displaying a list of the months that you have created a post on your blog. This navigation is the result in most cases of the wp_get_archives function of WordPress. However you may not know that you can utilize this same function to display a list of your most recent posts or to display yearly archives, you can even display the number of posts in an archive if desired. These navigational links can be created by use of the type, limit, and show_post_count parameters that can be passed to the wp_get_archives function.

To get started lets look at each of these 3 parameters individually.

• type – the type parameter is used to tell wordpress what type of archive you would like returned. The most commonly used values are “monthly” (the default), “yearly”, and “postbypost” which returns a list of your posts.
• limit – the limit parameter is used to tell wordpress the max number of items you want returned in your archives.
• show_post_count – this parameter as the name implies will cause the number of posts in each archive item to be displayed. So if your archive was “monthly” and you did 12 posts in December 2009 then 12 would be displayed in the link. Please note that on “postbypost” archives this has no effect

Now that you are familiar with the options lets assume you would like to display a Recent Posts archive where you have links to the last 5 posts you did. To do this you would edit the appropriate template file that you would want the list to be displayed in and call the wp_get_archives function with limit=5 and type=”postbypost”. The exact code would look like the following.

<ul class="nav">
    <?php wp_get_archives('type=postbypost&limit=5'); ?>
</ul>

If you wanted to display the last 12 months in your monthly archive and the number of posts you would set a limit=12 and show_post_count =1. As type is defaulted to monthly you would not have to specify that value. The end template code would possible look like:

<ul class="nav">
    <?php wp_get_archives('limit=12&show_post_count=1'); ?>
</ul>

That is all there is to it. There are additional options that you can set to modify the output or to return the archive as a string rather then echoing out the value as well. For full documentation on the function go visit the WordPress Codex wp_get_archives page.

Resources

• WordPress – official site
• WordPress API – wp_get_archives codex page

Release 0.4 is now available of the Harvest API PHP Wrapper Library. This update to the library supports both the Time Tracking and Extended REST APIs, in addition to bug fixes and additional documentation. To stay up-to-date with all the changes visit the main library page available here.