.htaccess Tutorials & Tips Information Security

Use .htaccess to allow access only from a single HTTP referrer

Sometimes you want the user to access something (a web page or a downloadable file) only by clicking a link on your own website instead of being able to directly access it by typing in the URL address in the browser address bar. This is achievable by a few lines in .htaccess.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !(www.)?
RewriteRule .* - [F]

Write down the above lines in the .htaccess of the directory that you want users to access only by clicking links on or Direct access to download stuff from the directory or from any other HTTP referrer will fail.

While this may not be bullet proof as referral information can be faked from the client side, it is a simple solution that should suffice in most cases. For example, this can be used to prevent hot linking from other websites that link directly to something on your website, reducing traffic stealing.


The Ultimate Way to Cloak and Hide any Website Address or URL (Stealth Forwarding)

Most of the existing URL cloaking services are only a redirection by a randomly generated short URL. The real URL of the target website or web page will eventually be revealed when the visitor arrives at it after the obscure redirection. So how to ACTUALLY hide and cloak the destination URL of any website or web page so the address bar of the browser stays unchanged? In other words, how to create a stealth forwarding?

With a simple HTML web page, you can do that very easily. Copy and paste the following HTML code into a file named google.html and save it at

<!doctype html>

<style type="text/css">
body {margin:0;}
iframe {padding:0;border:0;position:absolute;width:100%;height:100%;}

<iframe src=""></iframe>


Now navigate to your website It’s Google’s home page no problem. Better yet, the URL in the browser address bar doesn’t change to

Free Webmaster Resources Internet Tools My Products & Services

Create Contact and Survey Forms with the Free Online Form Builder

I just finished creating yet another web application that may be useful to fellow webmasters, It helps you create professional online web forms for your website. Check out what I created just now, a contact form for You can contact me by filling out and submitting the form from now on!

Currently you can add 8 different types of input controls to your forms, namely

  1. Single Line Text
  2. Paragraph Text
  3. Check Boxes
  4. Radio Buttons
  5. Dropdown Selection
  6. Section Break
  7. Arbitrary HTML
  8. Captcha

Captcha is for recognizing and capturing spams and uses one of the 3 available approaches at your choice. The reCaptcha service that’s recently acquired by Google is one of them. So you can be rest assured that your form will stay clear of online spamming.

I’m planning to add more features such as advanced entries management in future but not until this application proves itself to be useful and popular. Before that, a lot of work need to be done to make the whole thing smooth, safe and frustration-free. Please join in the forum and let me know of your ideas.

If all you need is a simple PHP contact form, our company Simple PHP Script has it.

Free Webmaster Resources Internet Tools My Products & Services Web Design Tips and Insights

How to convert .png, .gif, .bmp or .jpg images to .ico icons to make favicon.ico for your website?

image conversion tool Over a year ago I created this online web application Convert Hub by the help of the splendid open source image manipulation library Netpbm. Give it a try, upload an image and convert it to another format. But not just that, it’s also capable of resizing an image, rotating or flipping it.

I love it. It’s simple yet adequately useful. The best part of it for a webmaster like me is that it can convert other image formats such as .bmp, .jpg, .gif and .png to .ico so I can use them as favicon.ico for my sites. Try these US state flags and convert them in any way you want!

It’s a great tool and gained tremendous popularity. I know this because one day DreamHost warned me of overwhelming server resource usage and took it down for good reasons. I had to move it elsewhere and Linode is where it currently resides on.

Server side computing is too expensive for a free application like this. After a few ideas and thoughts, I decided to create a client side software program to do the job instead. It’s called Batch Image Converter. And it proves to be much better. It doesn’t come with a daily limit on the number of conversions allowed per IP but you can do as many conversions as you want. The whole software consists of one single executable file, there’s even no need to go through any installation steps. It’s totally green to your system. What’s best, it can work in batches which means you are able to perform operations such as format conversion and dimension resizing on a lot of images by a single click.

All you need is to download it there. It’s free. The problem is that it only supports Windows for now. I’m planning on rolling out versions for other platforms but this may not happen soon.

Please do let me know what you think of the application in the forum.

PHP Tips & Tutorials

Simplest PHP Hit Counter or Download Counter – Count the Number of Times of Access (Page Views or File Downloads)

Here’s how you can create yourself the simplest PHP hit counter that records the number of times any resource on your website that has been accessed (visited or downloaded). It can be either a web page or a downloadable file package. The hits number will be stored in a plain text file named count.txt.

Hit counter for a web page

You have a web page at here: and you want to display the number of times this page has been visited on the web. Put these lines in mypage.php where you want the hit count displayed:


$hit_count = @file_get_contents('count.txt'); // read the hit count from file
echo $hit_count; //  display the hit count
$hit_count++; // increment the hit count by 1
@file_put_contents('count.txt', $hit_count); // store the new hit count


Depending on the permissions set, you may need to manually create the text file count.txt. With most hosts, however, this snippet should automatically create the file for you. If it doesn’t work, create a text file count.txt in the same directory with mypage.php and put an 0 in it.

Download counter for a downloadable file package

To record the number of times a file has been downloaded, for instance, for a file located at here:, first you need to create a PHP file named download-pics.php, place it in the /download directory and put these lines in it:


$hit_count = @file_get_contents('count.txt');
@file_put_contents('count.txt', $hit_count);

header('Location:'); // redirect to the real file to be downloaded

It’s basically the same with the counter of web page hits except that download-pics.php redirects to the real file URL after recording the hit in count.txt. Similarly, you may need to create count.txt in /download directory and put an 0 in it for the first time.

Now, instead of giving the real URL of the file to your user, you would give them this URL:

So they will download from here instead of from the real URL or the download hit will not be recorded.

To show the number of times has been downloaded, just put these lines in the intended place of any PHP file that’s located in the /download directory (the same directory of count.txt):


$hit_count = @file_get_contents('count.txt');
echo $hit_count;

.htaccess Tutorials & Tips Information Security PHP Tips & Tutorials

Turn off and disable magic_quotes_gpc in .htaccess

It’s not only insecure but it inconveniently commands the use of PHP function stripslashes() every time you pull something from the database or when you get something from the client side. While most of the hosts out there are using factory settings of PHP that turn off magic_quotes_gpc by default, there are a few that don’t.

The value of magic_quotes_gpc cannot be set with the ini_set() function after PHP 4.2.3, some hosts enable custom php.ini in your home directory which you can use to set magic_quotes_gpc to 0 (zero) or false. Otherwise, you’d have to resort to .htaccess to set the PHP configuration values for your local directories.

To turn off magic_quotes and magic_quotes_gpc off in .htaccess, simply put these lines in the .htaccess file of your site / directory wherein you want magic_quotes or magic_quotes_gpc disabled:

php_value magic_quotes 0
php_flag magic_quotes off
php_value magic_quotes_gpc 0
php_flag magic_quotes_gpc off
Free Web Templates

A simple business web template with PHP contact form

The other day I created a simple website template in PHP for one of my friends and he eventually decided that he’s not going to need the website any more so I’m releasing it here for just $2.5 a copy. You are free to use it on any sites that you own.

Just purchase it at here: and use the coupon code: SPECIAL5 to claim the $5 discount. You will be immediately downloading the template after paying via PayPal. Totally automatic.

I wanted to set up a demo for this template but it only works in the root directory of the domain so I’m going to save the trouble. If you decide that you don’t like it after paying and downloading, just let me know via the contact from on the sales page and I’ll issue the refund. No questions asked. 😉

Update: We have also a business directory script and a contact form script readily to be deployed to your website. Very easy to use and install.

Kavoir & Whatever My Products & Services, the simple PayPal online store creator

I just created a simple PayPal store creator, It enables you to sell digital stuff online and collects payments via PayPal. By the help of IPN, it can be accepting orders 24 / 7 and automatically delivering the goods after confirming the customer payment. Completely autopilot.

The original idea was to enable uploading and downloading of the product package. However, because I want to make this free, I’d better not take on the overwhelming bills of bandwidth, so I’m afraid for now, the users / merchants have to host the files themselves and provide but a download link to the cargo when creating the store at

Please feel free to go ahead and test the small application and let me know of your ideas in the forum.

Did I mention that you can create coupons or promo codes for your products so the buyers can get promotional discounts? 😉