Simple PHP caching

January 15th, 2010 | PHP
No Comments »

There are many tools around that will help cache your website to increase speed and performance, such as eAccelerator and APC. However these usually require installation on your web server, thus rendering them useless for people who use shared hosting and don’t have access to the server.

Using some simple PHP code we can quite effectively cache a webpage, useful for sites that are database driven and have a large amount of queries or high volumes of traffic.

First we need to setup the folder where the cached files are stored, making sure it has read/write permissions (CHMOD to 0777 – see your FTP client documentation on how to do this).

Next create a file called cache.php which contains the following code:

<?php
// Number of seconds a page should remain cached for
$cache_expires = 3600;

// Path to the cache folder
$cache_folder = "/home/usr/www/cache/";

// Checks whether the page has been cached or not
function is_cached($file) {
 global $cache_folder, $cache_expires;
 $cachefile = $cache_folder . $file;
 $cachefile_created = (file_exists($cachefile)) ? @filemtime($cachefile) : 0;
 return ((time() - $cache_expires) < $cachefile_created);
}

// Reads from a cached file
function read_cache($file) {
 global $cache_folder;
 $cachefile = $cache_folder . $file;
 return file_get_contents($cachefile);
}

// Writes to a cached file
function write_cache($file, $out) {
 global $cache_folder;
 $cachefile = $cache_folder . $file;
 $fp = fopen($cachefile, 'w');
 fwrite($fp, $out);
 fclose($fp);
}

// Let's begin, first work out the cached filename
$cache_file = md5($_SERVER['REQUEST_URI']) . ".html";

// Check if it has already been cached and not expired
// If true then we output the cached file contents and finish
if (is_cached($cache_file)) {
 echo read_cache($cache_file);
 exit();
}

// Ok so the page needs to be cached
// Turn on output buffering
ob_start();

Now in your page you would include cache.php on the first line before you do anything else. This is because if the page is cached we don’t want it to do anything else other than output the cache to the page. If you are still including other files or connecting to databases before checking for the cache you are putting additional load on the server, making this exercise pointless.

Finally create a file called cache_footer.php which contains the following code:

<?php
// Grab the uncached page contents
$cache_contents = ob_get_contents();

// Save it to the cache for next time
write_cache($cache_file, $cache_contents);
?>

You would include this file on the last line of your page, which saves the page in the cache if required.

Putting it altogether a typical page would look like this:

<?php
// Load the cache process
include("cache.php");

// Connect to database
include("config.php");
mysql_connect($db_host, $db_username, $db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
?>
<html>
<body>
<h1>Articles</h1>
<ul>
<?php
// Some query
$q = mysql_query("SELECT * FROM articles ORDER BY id");
while ($r = mysql_fetch_array($q)) {
  echo '<li><a href="view_article.php?id='.$r['id'].'">'.$r['title'].'</a></li>';
}
?>
</ul>
</body>
</html>
<?php
// Save the cache
include("cache_footer.php");
?>

Convert plain text to clickable links in PHP

January 5th, 2010 | PHP
No Comments »

A useful function if you want to convert a link in plain text into a clickable link…

function clickable_links($text) {
  $text = eregi_replace('(((f|ht){1}tp://)[-a-zA-Z0-9@:%_+.~#?&//=]+)', '<a target="_blank" href="\1">\1</a>', $text);
  $text = eregi_replace('([[:space:]()[{}])(www.[-a-zA-Z0-9@:%_+.~#?&//=]+)', '\1<a target="_blank" href="http://\2">\2</a>', $text);
  return $text;
}

How to setup one time download of your files securely

January 3rd, 2010 | MySQL, PHP
2 Comments »

How to setup one time download of your files securelyIf you are selling a digital product and want to offer it for download but are concerned that people will share the URL to the file, you could use a solution like ClickBank. However the advantage of setting up one time downloads from your server instead is that you have more control over what you are selling and you don’t have to pay any fee’s.

Let us assume that you have setup and integrated a payment solution (such as PayPal using the IPN, post coming soon on this) and you have a database setup that holds the payment information.

CREATE TABLE `transactions` (
`id` INT( 5 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`transaction_id` VARCHAR( 50 ) NOT NULL ,
`file_downloaded` TINYINT( 1 ) NOT NULL
) ;

Now we will create download.php which will be the link sent to the user after they have paid to download your files.

To keep it secure you would include the transaction ID (which would be unique to each payment) as part of the query string, so the link would be:

http://www.site.com/download.php?transaction_id=XX

Now you do need the files to be uploaded somewhere on your web server, however the location will never be revealed. The best way is to put them in a folder outside of the web root so that they cant be accessed via HTTP. However if this is not possible then put them in a folder name that cannot be guessed (use a random password generator if you don’t have any ideas).

<?php
// Path to the files to be downloaded
$file = '/home/usr/files/blah.zip';

// Transaction ID
$transaction_id = $_GET['transaction_id'];

// Connect to database
mysql_connect('localhost', 'user', 'pass');
mysql_select_db('dbname');

// Lookup the transaction ID in the database
$query = sprintf("SELECT * FROM transactions WHERE transaction_id='%s'",
mysql_real_escape_string($transaction_id));
$query = mysql_query($query);
$row = mysql_fetch_array($query);

// Valid transaction ID?
if (!$row) {
  die('Invalid transaction ID!');
}

// File already been downloaded?
elseif ($row['file_downloaded'] == 1) {
  die('File has already been downloaded, please contact us if you have any problems');
}

else {

  // It's a valid transaction, update the database so that we know the file has been downloaded for next time
  $query = sprintf("UPDATE transactions SET file_downloaded = 1 WHERE transaction_id='%s'",
  mysql_real_escape_string($transaction_id));
  $query = mysql_query($query);

  // Now force the file to be downloaded
  header('Content-Description: File Transfer');
  header('Content-Type: application/octet-stream');
  header('Content-Disposition: attachment; filename='.basename($file));
  header('Content-Transfer-Encoding: binary');
  header('Expires: 0');
  header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
  header('Pragma: public');
  header('Content-Length: ' . filesize($file));
  ob_clean();
  flush();
  readfile($file);
  exit();

}
?>

Using reCAPTCHA to stop spam in PHP

January 1st, 2010 | PHP
No Comments »

Using reCAPTCHA to stop spam in PHPreCAPTCHA helps prevent automated abuse of your site (such as comment spam or bogus registrations) by using a CAPTCHA to ensure that only humans perform certain actions.

You may have seen reCAPTCHA in use on many websites (including our forum) as it’s completely free and comes with an excellent web service which we are going to implement in this article.

The first thing to do is sign up to reCAPTCHA to receive your public and private key. These keys are used to authorize your account.

Next you need to download the reCAPTCHA library in PHP which can be found on this page. Once you have this you are ready to go.

First we are going to store the public and private key in variables, this would usually go in something like config.php.

<?php
include('recaptchalib.php');
$publickey = "…";
$privatekey = "…";

// Rest of your config goes here…
?>

Now on the page you want to display the CAPTCHA (e.g. register.php) you would include this at the top:

<?php
// Include the config file
include('config.php');

// If the form has been submitted
if (!empty($_POST)) {

  // Send the CAPTCHA results to reCAPTCHA
  $resp = recaptcha_check_answer ($privatekey, $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);

  // Incorrect CAPTCHA?
  if (!$resp->is_valid) {
    $error = 'The reCAPTCHA was not entered correctly!';
  }

  else {
    // Otherwise continue with further validation etc
  }
}
?>

Now on the same page we display the actual CAPTCHA which is generated by the library so we don’t have to worry about any HTML or Javascript.

<form action="" method="post">
<!– Form fields would go here –>
<p><?php echo recaptcha_get_html($publickey); ?></p>
<p><input type="submit" name="submit" value="Complete Sign Up" /></p>
</form>

Sending emails the right way – using PHPMailer and email templates

December 31st, 2009 | PHP
No Comments »

Sending emails the right way - using PHPMailer and email templatesWhen sending mail in PHP its always best to use an SMTP server rather than the mail() function, and the ideal candidate for the job is PHPMailer.

Assuming you have an SMTP server (usually mail.yourdomain.com) and a username and password (to authenticate as some servers won’t allow you to send via SMTP without it) sending mail with PHPMailer is easy as pie.

For websites that send lots of emails with different information it’s a good idea to setup some email templates.

In this example we will create a folder called “email_templates” and will create a file called “register.html” which will contain the login information when someone registers to our site:

<html>
<body>
<h1>Account Details</h1>
<p>Thank you for registering on our site, your account details are as follows:<br>
Username: %username%<br>
Password: %password%
</p>
</body>
</html>

Now here is the code to send this as an email, assuming you have the username and password of the user signed up.

<?php
// Include the PHPMailer class
include('PHPMailer/class.phpmailer.php');

// Retrieve the email template required
$message = file_get_contents('email_templates/register.html');

// Replace the % with the actual information
$message = str_replace('%username%', $username, $message);
$message = str_replace('%password%', $password, $message);

// Setup PHPMailer
$mail = new PHPMailer();
$mail->IsSMTP();

// This is the SMTP mail server
$mail->Host = 'mail.yourdomain.com';

// Remove these next 3 lines if you dont need SMTP authentication
$mail->SMTPAuth = true;
$mail->Username = 'admin@yourdomain.com';
$mail->Password = 'blah';

// Set who the email is coming from
$mail->SetFrom('admin@yourdomain.com', 'Website Admin');

// Set who the email is sending to
$mail->AddAddress('user@gmail.com');

// Set the subject
$mail->Subject = 'Your account information';

//Set the message
$mail->MsgHTML($message);
$mail->AltBody(strip_tags($message));

// Send the email
if(!$mail->Send()) {
 echo "Mailer Error: " . $mail->ErrorInfo;
}
?>

« Previous Page