I don’t really care if someone sticks in a “fake” email address – to complete registration, the user needs to enter a confirmation code that I send via email, so if they put in a fake address, they never complete registration, and the aborted account signup is eventually purged anyway.  No sweat off my back.

But I do want to catch those few cases where the user makes a legitimate mistake, like mistakenly entering just their name into the email address field.  (Don’t laugh, it happens more often than you’d think.)

One of the biggest mistakes users make when filling out these forms is that they omit the TLD (that’s “Top-Level-Domain,” like .com, or .edu) from the email address.  I assume that it’s mostly new computer users who do this, and I’ve seen it happen often enough that I’m sure these folks just don’t know any better.  So unsophisticated user “billg@microsoft.com” might mistakenly enter only “billg@microsoft”, thinking he did everything correctly.  Then he sits waiting for a confirmation email that never arrives.

I don’t really like fancy email address validation techniques.  They seem so unnecessary.  Programmers like to get all caught up in writing the perfect regular expression that “catches” all cases, and not only is it a complete mess to maintain, but it’s easily circumvented by the end user who types in “fake@fake.com”.  Just use a simple confirmation-email method if you need to verify that the user entered a real email address.  It’s so much better.

Besides, most of these fancy schemes aren’t even correct, and can be cumbersome for users.  For instance, many websites out there don’t allow the plus character (“+”) in an email address, even though “+” is a perfectly valid character in an email address. The plus is also a tremendously useful character for advanced Gmail users who use it for spam prevention and email filtering.  Right now, as you read this, there’s probably some programmer out there who thinks he did a stellar job of writing an email validation script that rejects all pluses. All he did was create problems.

For these reasons, my preferred method has always been to just check if the entered email address contains an “at” sign (“@”).  If it does, I try to send the email.  If not, I tell the user, “Whoops, you’ve made a mistake.”  This catches most errors.   But not all.  It doesn’t catch the billg@microsoft problem.

I searched around a bit and saw that a lot of people are pimping PHP’s native filter_var() function as a way of validating email addresses.  It goes something like this:

if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
      print $_POST['email']. " looks good";
}else{
      print $_POST['email'].   " is a no go";
}

That’s great, but after running some tests, I saw that it doesn’t solve the problem of “billg@microsoft”, either.

PHP’s filter_var reports that user@domain (with no TLD) is a valid email address, even though for my purposes, it isn’t.  I think that filter_var is likely technically correct – user@machine is a fine email address, if you happen to be operating within the confines of whatever network “machine” is a part of.  But on the Internet, it’s not gonna get you very far.  On the Internet, user@machine is completely useless.

To make filter_var more suitable for Internet purposes you need to do something like this:

if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
         if (preg_match("/\@.+?\../", $_POST['email'])){
            print $_POST['email']. " looks good";
         }else{
            print $_POST['email'].   " is a no go - you forgot the TLD!";
         }
      }else{
         print $_POST['email'].   " is a no go";
      }
}

The added preg_match line makes sure that there is some character after the @ sign(.), and that a period follows that character(\.), and that another character follows that period (.).

This catches those users who mistakenly left out the TLD, without getting into silly, overly restrictive input validation techniques that often exclude perfectly valid email addresses and are easily circumvented anyway.  And for those users who enter fake addresses – so be it.  Just send a confirmation email and make them click a link to confirm their email address.  You can’t stop people from putting fake info into your form.  All you can do is ask them to verify what they’ve entered.

Related Posts

• How to Make phpbb3 Forum Links Automatically rel=”nofollow”
• Getting PHP’s print_r Function To Return A String
• PHP Programming: U.S. State list functions / State abbreviation to State name function
• How to Scan a Computer for Open Ports
• The Zen of Taco Bell Programming – Using Unix Tools to Prevent Reinventing the Wheel
• Opera changes third-party iframe cookie handing in latest release
• How To Use Global Variables From Another File In A Perl Module or Package

Spammers like to create posts that link to their own site. They do this for two reasons – one is to drive traffic directly to their site. The other is to increase their Search Engine Results Page ranking (SERP) by adding links to their site.

Search engines use many metrics in determining the position of a page in their search results. One of those is the number of other websites linking in. Because of this, there is a great incentive to create links to one’s own site through spammy comments. This can have a negative impact on the search engine ranking of my own pages, because a site with a lot of spammy links gets categorized as a spammy site by the search engines, and starts to appear lower on the results pages.

I want to continue to let users post useful links, as I think linking can add to a discussion. But I also don’t want to spend a lot of time editing these posts to keep them spam-free. For that reason, I’ve modified phpbb3 to include a ” ‘rel=’nofollow’ ” directive on links posted by users, which tells search engines that they shouldn’t use the fact that my site links to theirs to increase their search engine ranking.

To do so, I had to edit the viewtopic.php file, located in the main phpbb3 directory.

To make the links on your phpbb3 forum automatically have the “nofollow” directive, just search for the following lines, and add preg_replace line, which is #1396 in my example:

   1388    // Second parse bbcode here
   1389    if ($row['bbcode_bitfield'])
   1390    {
   1391       $bbcode->bbcode_second_pass($message, $row['bbcode_uid'], $row['bbcode_bitfield']);
   1392    }
   1393
   1394    $message = bbcode_nl2br($message);
   1395    $message = smiley_text($message);
 1396    $message = preg_replace('/(class="postlink")/','class="postlink" rel="nofollow" target="_blank"',$message);
   1397

Related Posts

• Validating an Email Address with PHP’s filter_var isn’t perfect
• Open Source MyBB has become my forum of choice
• Getting PHP’s print_r Function To Return A String
• PHP Programming: U.S. State list functions / State abbreviation to State name function
• How to Scan a Computer for Open Ports
• The Zen of Taco Bell Programming – Using Unix Tools to Prevent Reinventing the Wheel
• Stop RedPlum Coupons from Clogging Up Your Mailbox

It’s one of the most useful debugging features I’ve seen in any language.

I like it so much that I’ve actually written print_r mimic functions for other languages.

By default, print_r literally prints a variable to the screen. Sometimes it’s useful to have that info not printed though. For instance, you might want to include the print_r result in an email, or an error log, or in a special debugging frame.

Fortunately, print_r has this functionality built in – the function accepts an optional second argument that specifies whether you want the data printed or returned as a string.

To have print_r return the data as a string, include the second argument “true”:

$message = print_r($myObject,true);

If you’re doing anything programmatic with the output, you may want to consider using var_export instead. This function is largely identical to print_r, except that its output is machine parsable rather than human readable. The usage is identical to print_r.

$message = var_export($myObject,true);

All without using ob_start. Nice!

Related Posts

• PHP Programming: U.S. State list functions / State abbreviation to State name function
• Validating an Email Address with PHP’s filter_var isn’t perfect
• How to Scan a Computer for Open Ports
• The Zen of Taco Bell Programming – Using Unix Tools to Prevent Reinventing the Wheel
• How to Make phpbb3 Forum Links Automatically rel=”nofollow”
• How To Use Global Variables From Another File In A Perl Module or Package
• Optimizing the Google Syntax Highlighter Wordpress Plugin Even Further

The problem is, the thing isn’t very robust – it causes every single page on your blog to load up about 10 separate javascript files, regardless of whether the plugin is actually doing anything on that page or not.

I set out to optimize the code, but did a quick search first and found the folks at Fire Studios had already beaten me to it.

They have a couple of good tips on their page – they’ve combined the separate brush files into a single javascript file, and they’ve altered the code so that the files are only loaded on single posts and single pages.

That’s a great fix, but it wasn’t ideal for my site. On this site, most of my single posts and pages do not contain any code at all. So for like 95% of my pages, I don’t need to load the Google Syntax highlighter at all.

I expanded upon their customization with a further restriction – in my version, the plugin only loads if the page or post contains certain tags – namely “code”, “programming”, “perl”, “php”, “javascript”, or “python”, the tags I normally use when sharing a piece of code.

My google_syntax_highlighter.php file

function insert_header() {
   $current_path = get_option('siteurl') .'/wp-content/plugins/' . basename(dirname(__FILE__)) .'/';

    if(is_single() && has_tag(array('code','javascript','perl','python','php','programming'))){
   ?>

   <?php
   }
}

function insert_footer(){
   $current_path = get_option('siteurl') .'/wp-content/plugins/' . basename(dirname(__FILE__)) .'/';
    if(is_single() && has_tag(array('code','javascript','perl','python','php','programming'))){
   ?>



<?php
   }
}
add_action('wp_head','insert_header');
add_action('wp_footer','insert_footer');

Of course, you may want to use different tags, depending on your setup.

Related Posts

• Getting PHP’s print_r Function To Return A String
• PHP Programming: U.S. State list functions / State abbreviation to State name function
• Validating an Email Address with PHP’s filter_var isn’t perfect
• Managing Server Load when unzipping many large files
• How to Scan a Computer for Open Ports
• Disabling TextArea Scrolling in Flash AS3
• The Zen of Taco Bell Programming – Using Unix Tools to Prevent Reinventing the Wheel

1. A PHP function for printing a state select box
2. A PHP function that returns the full state name when passed the abbreviation
3. A PHP snippet for printing a state select box

This function prints a state select box. It accepts the name of the box and the abbreviation of the state that you want selected.

   function printStateSelectBox($name, $selected){
      $state_arr=array( "AK", "AL", "AR", "AZ", "CA", "CO", "CT", "DC",
         "DE", "FL", "GA", "HI", "IA", "ID", "IL", "IN", "KS", "KY", "LA",
         "MA", "MD", "ME", "MI", "MN", "MO", "MS", "MT", "NC", "ND", "NE",
         "NH", "NJ", "NM", "NV", "NY", "OH", "OK", "OR", "PA", "RI", "SC",
         "SD", "TN", "TX", "UT", "VA", "VT", "WA", "WI", "WV", "WY");

      $ret="
";
      if (!$selected){
         $ret.=" \n";
      }else{
         $ret.=" \n";
      }

      foreach ($state_arr as $state){
         if ($selected==$state){
            $ret.="$state\n";
         }else{
            $ret.="$state\n";
         }
      }

      $ret.="

";
      //print "selected is $selected";
      return ($ret);
   }

This function returns the state name when passed the abbreviation.

 function getStateNameByAbbreviation($state){
      if ($state=="AK"){ return "Alaska"; }
      if ($state=="AL"){ return "Alabama"; }
      if ($state=="AR"){ return "Arkansas"; }
      if ($state=="AZ"){ return "Arizona"; }
      if ($state=="CA"){ return "California"; }
      if ($state=="CO"){ return "Colorado"; }
      if ($state=="CT"){ return "Connecticut"; }
      if ($state=="DC"){ return "District of Columbia"; }
      if ($state=="DE"){ return "Delaware"; }
      if ($state=="FL"){ return "Florida"; }
      if ($state=="GA"){ return "Georgia"; }
      if ($state=="HI"){ return "Hawaii"; }
      if ($state=="IA"){ return "Iowa"; }
      if ($state=="ID"){ return "Idaho"; }
      if ($state=="IL"){ return "Illinois"; }
      if ($state=="IN"){ return "Indiana"; }
      if ($state=="KS"){ return "Kansas"; }
      if ($state=="KY"){ return "Kentucky"; }
      if ($state=="LA"){ return "Louisiana"; }
        if ($state=="MA"){ return "Massachusetts"; }
        if ($state=="MD"){ return "Maryland"; }
        if ($state=="ME"){ return "Maine"; }
        if ($state=="MI"){ return "Michigan"; }
        if ($state=="MN"){ return "Minnesota"; }
        if ($state=="MO"){ return "Missouri"; }
        if ($state=="MS"){ return "Mississippi"; }
        if ($state=="MT"){ return "Montana"; }
        if ($state=="NC"){ return "North Carolina"; }
        if ($state=="ND"){ return "North Dakota"; }
        if ($state=="NE"){ return "Nebraska"; }
        if ($state=="NH"){ return "New Hampshire"; }
        if ($state=="NJ"){ return "New Jersey"; }
        if ($state=="NM"){ return "New Mexico"; }
        if ($state=="NV"){ return "Nevada"; }
        if ($state=="NY"){ return "New York"; }
        if ($state=="OH"){ return "Ohio"; }
        if ($state=="OK"){ return "Oklahoma"; }
        if ($state=="OR"){ return "Oregon"; }
        if ($state=="PA"){ return "Pennsylvania"; }
        if ($state=="RI"){ return "Rhode Island"; }
        if ($state=="SC"){ return "South Carolina"; }
        if ($state=="SD"){ return "South Dakota"; }
        if ($state=="TN"){ return "Tennessee"; }
        if ($state=="TX"){ return "Texas"; }
        if ($state=="UT"){ return "Utah"; }
        if ($state=="VA"){ return "Virginia"; }
        if ($state=="VT"){ return "Vermont"; }
        if ($state=="WA"){ return "Washington"; }
        if ($state=="WI"){ return "Wisconsin"; }
        if ($state=="WV"){ return "West Virginia"; }
      if ($state=="WY"){ return "Wyoming"; }

   }

Another snippet for printing a State select box.

$state_list = array('AL'=>"Alabama",  'AK'=>"Alaska",  'AZ'=>"Arizona",  'AR'=>"Arkansas", 'CA'=>"California",  'CO'=>"Colorado",  'CT'=>"Connecticut",  'DE'=>"Delaware",'DC'=>"District Of Columbia",  'FL'=>"Florida",  'GA'=>"Georgia",  'HI'=>"Hawaii", 'ID'=>"Idaho",  'IL'=>"Illinois",  'IN'=>"Indiana",  'IA'=>"Iowa",  'KS'=>"Kansas", 'KY'=>"Kentucky",  'LA'=>"Louisiana",  'ME'=>"Maine",  'MD'=>"Maryland", 'MA'=>"Massachusetts",  'MI'=>"Michigan",  'MN'=>"Minnesota",  'MS'=>"Mississippi", 'MO'=>"Missouri",  'MT'=>"Montana", 'NE'=>"Nebraska", 'NV'=>"Nevada", 'NH'=>"New Hampshire", 'NJ'=>"New Jersey", 'NM'=>"New Mexico", 'NY'=>"New York", 'NC'=>"North Carolina", 'ND'=>"North Dakota", 'OH'=>"Ohio",  'OK'=>"Oklahoma",  'OR'=>"Oregon",'PA'=>"Pennsylvania",  'RI'=>"Rhode Island",  'SC'=>"South Carolina",  'SD'=>"South Dakota", 'TN'=>"Tennessee",  'TX'=>"Texas",  'UT'=>"Utah",  'VT'=>"Vermont",  'VA'=>"Virginia", 'WA'=>"Washington",  'WV'=>"West Virginia",  'WI'=>"Wisconsin",  'WY'=>"Wyoming");

foreach ($state_list as $k=>$v){
   if ($k == $select){
      $sv=" SELECTED ";
   }else{
      $sv="";
   }
   print " $k";
}

Related Posts

• Getting PHP’s print_r Function To Return A String
• Validating an Email Address with PHP’s filter_var isn’t perfect
• How to Scan a Computer for Open Ports
• The Zen of Taco Bell Programming – Using Unix Tools to Prevent Reinventing the Wheel
• How to Make phpbb3 Forum Links Automatically rel=”nofollow”
• How To Use Global Variables From Another File In A Perl Module or Package
• Optimizing the Google Syntax Highlighter Wordpress Plugin Even Further

First, find your php.ini file. If you don’t know where it is, create a php file on your server that contains only the following:

<? phpinfo(); ?>

Load that up in your browser and look for the line that says
Configuration File (php.ini) Path

It’s probably set to something like /usr/local/lib/php.ini.

Once found, open up this file and edit the following lines as you see fit:
file_uploads = On
upload_max_filesize = 30M
post_max_size = 30M

In the above example, I’ve updated my configuration to allow uploads of up to 30 Megs.

Once this is complete, restart apache (using something like “/etc/init.d/httpd restart”) and voila, the file upload size limitation should be lifted.

If you’re trying to insert this large uploaded file into a MySQL database, you may, at this time, run into a second limitation:

An error has occured uploading that fileGot a packet bigger than ‘max_allowed_packet’ bytes
SQL: INSERT INTO …

That’s because mysql also has a limit on how large a single SQL query can be. This, too, can be raised – I edited my mysql configuration file at /etc/my.cnf and changed the max_allowed_packet size to 30M as well:

max_allowed_packet = 30M

After doing so, simply restart mysql using something like “/etc/init.d/mysql restart” and the problem should disappear.

Related Posts

• Linux .forward file not working? Make sure you have the permissions set correctly
• Validating an Email Address with PHP’s filter_var isn’t perfect
• Managing Server Load when unzipping many large files
• Caution: filename not matched error when unzipping multiple files workaround
• How to Scan a Computer for Open Ports
• The Zen of Taco Bell Programming – Using Unix Tools to Prevent Reinventing the Wheel
• How to Make phpbb3 Forum Links Automatically rel=”nofollow”