Sometimes you want the user to access something (a web page or a downloadable file) only by clicking a link on your own website instead of being able to directly access it by typing in the URL address in the browser address bar. This is achievable by a few lines in .htaccess. RewriteEngine On RewriteCond …
Use .htaccess to allow access only from a single HTTP referrer Read More »
Most of the existing URL cloaking services are only a redirection by a randomly generated short URL. The real URL of the target website or web page will eventually be revealed when the visitor arrives at it after the obscure redirection. So how to ACTUALLY hide and cloak the destination URL of any website or …
The Ultimate Way to Cloak and Hide any Website Address or URL (Stealth Forwarding) Read More »
I just finished creating yet another web application that may be useful to fellow webmasters, FormKid.com. It helps you create professional online web forms for your website. Check out what I created just now, a contact form for Kavoir.com. You can contact me by filling out and submitting the form from now on! Currently you …
Create Contact and Survey Forms with FormKid.com the Free Online Form Builder Read More »
Over a year ago I created this online web application Convert Hub by the help of the splendid open source image manipulation library Netpbm. Give it a try, upload an image and convert it to another format. But not just that, it’s also capable of resizing an image, rotating or flipping it. I love it. …
Here’s how you can create yourself the simplest PHP hit counter that records the number of times any resource on your website that has been accessed (visited or downloaded). It can be either a web page or a downloadable file package. The hits number will be stored in a plain text file named count.txt. Hit …
It’s not only insecure but it inconveniently commands the use of PHP function stripslashes() every time you pull something from the database or when you get something from the client side. While most of the hosts out there are using factory settings of PHP that turn off magic_quotes_gpc by default, there are a few that …
Turn off and disable magic_quotes_gpc in .htaccess Read More »
The other day I created a simple website template in PHP for one of my friends and he eventually decided that he’s not going to need the website any more so I’m releasing it here for just $2.5 a copy. You are free to use it on any sites that you own. Just purchase it …
A simple business web template with PHP contact form Read More »
I just created a simple PayPal store creator, WinkCart.com. It enables you to sell digital stuff online and collects payments via PayPal. By the help of IPN, it can be accepting orders 24 / 7 and automatically delivering the goods after confirming the customer payment. Completely autopilot. The original idea was to enable uploading and …
WinkCart.com, the simple PayPal online store creator Read More »
Things couldn’t be worse when you were half way editing something and accidentally navigated away from the editing page after a whole hour of typing work. Hitting the back button of your browser neither helped, all you had done was gone anyway. This must be remedied in some way, if you are creating an application …
JavaScript: Confirmation / Warning before Leaving or Navigating Away from a Page Read More »
It’s easy to target firefox, just write as expected by the standards, at least most of the time. It’s also easy to target IE and any specific versions of them by a few of the famous hacks or the IE conditional comments to selectively include style sheets by version numbers. But how does one write …
CSS: How to write CSS rules to detect or target Chrome, Safari or Opera browsers only? Read More »
Merely good product is far from enough. To rake in profits in the magnitude vast majority of us can only dream of, you need an irresistible product – just like Thesis Theme. Think of something you’ve purchased that’s been insanely useful, beautiful and user friendly and then double it. iPhone has proved it all. It converts massive numbers …
Thesis Theme Review – Don’t just create good products but irresistable ones. Read More »
It’s not easy to become a great PHP developer which may very well take years of training and practice, but this doesn’t mean you shouldn’t do your best to not be a bad one that undermines every project he’s involved in. Based on the project experiences of my team and some recent researches done on …
Security may not make you but it sure can break you. As modern web applications become more and more complexed puzzles and filled with thousands of features catering to a spectrum of user preferences and tastes, the developers are burdened with ever-going responsibilities to keep them sound and safe. There are people (crackers) out there …
Web Application Security Books (PHP, MySQL, Apache), the Best at Amazon Read More »
Here’s a really interesting bit about how you can omit the protocol part of a web address in your web pages. The predominant belief is that an HTTP:// or an HTTPS:// has got to be prefixed to a URL or it won’t work, truth is, it will. Try the following link: Click Me! View the …
It’s not well known but this feature was invented by Microsoft and has been implemented across all major modern browsers ever since IE 5.5. Adding an attribute of contenteditable and assign a value of “true” to it makes the content value / inner text of that element editable by a single click: <blockquote contenteditable="true">Click to …
HTML: Make Content Editable in Element / Tags without JavaScript Read More »
It may considerably reduce XSS attack possibilities if not completely eradicate it. XSS, or Cross Site Scripting, is probably the most common security problems in web applications that engage in heavy user input. If you’ve ever tried to build a web application that users can input data in a lot of different venues, chances are …
It goes without saying that sensitive information such as passwords or pass phrases should never be stored in plain text in the database in the first place. The common practice is to hash the user password and store the resulted hash string. When the user tries to log in and supplies his password, it is …
To send parameters to a PHP script, you can either fabricate a form and post a few variables by the POST method or simply send a request of a URL full of GET value pairs. This way, in the server side PHP script code, you can retrieve these parameters sent from the client in $_POST …
To check if a URL or an email address is valid, the common solution is regular expressions. For instance, to validate an email address in PHP, I would use: if (preg_match(‘|^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$|i’, $email)) { // $email is valid } A simpler and more forgiving one would be: |^\S+@\S+\.\S+$| Which is usually quite enough for signup forms …
It may seem simple at first because most of us should be relying on the server side environmental variable REMOTE_ADDR solely for client IP addresses: echo $_SERVER[‘REMOTE_ADDR’]; Yet it’s barely enough to get the real IP for a variety of circumstances such as when the user is visiting your website from a proxy server. To …
PHP: How to detect / get the real client IP address of website visitors? Read More »
