Posted by ljmacphee on August 29, 2008 under how to, php, security | 
If something happens in your php script you may want to force an HTTP error, rather than continue or redirect the user to another page. This is very simple to do. Just be sure the first line of output from your script to the browser is
header(’HTTP/1.0 403 Forbidden’);
or
header(’HTTP/1.0 404 Not found’);
Or which ever standard code other than 200 you wish to send.
If you are using the Security Plugin instead of redirecting the attacker to an error page you can send back an HTTP error.
There are two HTML Error pages in the security script, one for blocked ips, one for all else.
// print error page
print “<html>\n”;
print “<head><title>Banned</title></head>\n”;
print “<body>\n”;
print “<h2>Banned: $blacklisted: $code</h2>\n”;
print “<p>If you believe this to be in error please contact <a href=\”mailto:timestocome@gmail.com\”>timestocome@gmail.com</a>”;
print “</body>\n”;
print “</html>\n”;
What you will do is remove or comment out the error page and in it’s place put:
header(’HTTP/1.0 403 Forbidden’);
No print, no extra quotes - use it just as I have it here.
$code = “Sorry but you are listed on our ip blacklist”;
global $wpdb;
header(’HTTP/1.0 403 Forbidden’);
exit();
Feel free to use any of the standard codes.
HTTP/1.1 Error Codes
Posted by ljmacphee on August 18, 2008 under hack your template, how to, php |
While I was building my wonder of me portal page for TimesToCome I thought it’d be neat to add in my twitter stream.
Here is some very simple PHP code to do so. Now I was lazy and I only check for one link in the tweet. 99% of the time that is sufficient. The only thing you need to change is to change the user name from timestocome to your username. Any other changes are optional.
$username = “timestocome”;
$tweets = fetch_rss(’http://twitter.com/statuses/user_timeline/’.$username.’.rss’);
foreach ( $tweets->items as $tweet ){
print “<hr>”;
$twit = ” “.substr(strstr($tweet['description'],’: ‘), 2, strlen($tweet['description'])).” “;
$link = $tweet['link'];
// hack around php null == 0 ugh!
$xtwit = “x” . $twit;
$mark = strpos( $xtwit, “http://” );
if ( $mark > 0 ){ // we have a link in our tweet perhaps more than one
$l = substr ( $xtwit, $mark, strlen($xtwit) );
$l = substr ( $l, 0, strpos( $l, ” ” ));
$full_link = “<a href=\”$l\”>$l</a>”;
$xtwit = str_replace ( $l, $full_link, $xtwit );
$xtwit = substr ( $xtwit, 1, strlen($xtwit));
print “<br><p>$xtwit <a href=\”$link\”>#</a></p>”;
}else{
print “<br><p>$twit <a href=\”$link\”>#</a></p>”;
}
$time = $tweet['pubdate'];
$time = substr( $time, 0, strlen($time)-6);
print ” $time “;
}
Posted by ljmacphee on August 6, 2008 under coppermine, mysql, security |
Coppermine 1.4.19 has been released to fix a MySQL injection flaw, again. This is how TimesToCome was hacked last April and why you now have all these shiny new security tools and information on this website.
I went to the Coppermine site only because there was a huge increase in cross site scripting attempts last night on the Coppermine albums.
Anyhow update if you have not.
Posted by ljmacphee on August 4, 2008 under hack your template, how to, tools |
TimesToCome was once a bleeding edge website. The splash page had a black starry background with a javascript ufo flying around as any self respecting cool website did in the 1990s. Times changed, and animations fell from favor so it went static. Over time the designs changed but the splash page remained just a link list to various sections of the website. TimesToCome was late moving to a blog setup. It is even later in becoming a portal, but better late than never.
RSS feeds can be used to create portals or to being live, current information to your blogs. Magpierss is built into WordPress. So you can easily use it to bring your other blogs rss feeds into your main blog, or to bring breaking news in your subject area to your blog with a custom rss.
TimesToCome was broken up and spread across eight blogs when I modernized it. The portal grabs the rss feeds from all eight blogs using magpierss.
If you need to install magpierss download it and follow the directions in the “INSTALL” file. It was the simplest install of any web software I’ve look at yet.
Be very sure to follow the directions to set up the cache. If you do not then every time the page loads it will grab fresh copies of the feeds slowing it down as well as any sites it is pulling rss feeds from.
Included in magpie are a README file and a cookbook file. Both contain examples of how to use magpierss. You can just cut and paste the examples and change the names to protect the innocent.
If you are pulling a bunch of feeds and using more than the links, be sure to leave lots of white space in your layout. I’m not a design person. The design took me about four times as long to put together as did the code. But it is simple to remember to use large margins and lots and lots of white space to make things legible. I also used the Coppermine script I wrote as a WordPress plugin to bring in three feeds of latest photos to the portal. It breaks up all the text.
So in summery, if you want to build a portal or incorporate live rss into your site use magpierss. If you are using WordPress it is already installed you just need to read the directions.
TimesToCome portal splash page. I refer to it as ‘The Wonder of me page’. ;D
Herself’s Green Things carries just the garden and houseplant blog rss feeds and photos.