Archive for category Tech – Web Development
PHP parameter session.gc_maxlifetime is lower that cookie validity configured in phpMyAdmin
Posted by Rui Miguel Feio in PhpMyAdmin, WAMP on December 5th, 2009
If you have installed a new MySQL version you may be getting the following warning message:
Your PHP parameter session.gc_maxlifetime is lower that cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.
To solve this issue we first need to check what the session.gc_maxlifetime value is in php.ini and what the $cfg['LoginCookieValidity'] is in config.inc.php.
Example:
1. php.ini
session.gc_maxlifetime = 1440
2. config.inc.php
$cfg['LoginCookieValidity'] = 1800;
Now, we only need to make these two values the same. For the sake of this example, we will change the value of $cfg['LoginCookieValidity'] to 1440.
After saving the changes we need to restart the services to make them effective.
Notes:
1.The php.ini file can be found on the php folder.
2. The config.inc.php file can be found on the phpmyadmin folder.
If you’re interested in learning more about PhpMyAdmin then check out the book “Mastering PhpMydmin for Effective MySQL Management“.
Notice: Undefined index: message in /home/example.php on line 9
Posted by Rui Miguel Feio in PHP on September 28th, 2009
If you’re getting this message on PHP this is due to your PHP error reporting settings not being set correctly.
You can suppress the Notice warnings by changing the error reporting settings on PHP.ini (permanent change) or adding an extra line to your PHP script.
Changing PHP.ini:
Changing your PHP.ini makes the change permanent and available to every PHP script you run.
- Edit your PHP.ini file
- Locate the line that has error_reporting without the ; in the beginning (ex: error_reporting = E_ALL)
- Change this to error_reporting = E_ALL & ~E_NOTICE
- Save PHP.ini
Adding line to your script:
Just add the following line to the beginning of your script:
error_reporting (E_ALL ^ E_NOTICE);
Explanation:
error_reporting = E_ALL & ~E_NOTICE tells the system to show all errors and warnings except those for notices.
phpMyAdmin root with no password message
Posted by Rui Miguel Feio in PhpMyAdmin, WAMP on September 17th, 2009
After installing WAMP Server it is common when you first access phpMyAdmin to get the following message:
“Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user ‘.root’.”
To correct this security issue you need to do the following:
- Go to phpMyAdmin
- Select the Privileges tab
- Locate the user “root” that has localhost for a host
- Edit the root user privileges by clicking on the corresponding Edit Privileges button
- On the Change Password section insert the desired password and press Go
- You should now have at the top of the screen the message: “The password for ‘root’@'localhost’ was changed successfully.“
- Now you need to edit file config.inc.php normally located at C:\wamp\apps\phpmyadmin3.2.0.1 (note that the version indication may vary)
- Locate $cfg['Servers'][$i]['auth_type'] = ‘config’; and change from config to cookie so that you get a login window every time you access phpMyAdmin
- Locate $cfg['blowfish_secret'] = ‘ ‘; line. If you don’t have one add it to your config.inc.php file
- Add a secret passphrase to $cfg['blowfish_secret'] = ‘ ‘; for example: $cfg['blowfish_secret'] = ‘secret_pass’;
- Save your changes
- Go to the WAMPServer and select Restart All Services
- Once all the services have been restarted go to phpMyAdmin and enter the username root and your password to access phpMyAmdin
Notes:
- The blowfish_secret passphrase should not be the same as the root password.
- If you don’t add a $cfg['blowfish_secret'] line to the config.inc.php file, when you access phpMyAdmin you’ll get the message: “The configuration file now needs a secret passphrase (blowfish_secret).“
If you’re interested in learning more about PhpMyAdmin then check out the book “Mastering PhpMydmin for Effective MySQL Management“.
Backup and Restore a web site in CPANEL
Posted by Rui Miguel Feio in MySQL, PHP, WordPress on August 16th, 2009
It’s a good practice to make backups prior to submit any changes to your site.
Time and again people skip the backup to find themselves with problems and not having an easy and quick way to undo their changes. This may not seem a big problem, but if the changes were done to the web site of your business and now the web site is not working probably, this means you’re losing money!
Backing up a site is easy and even more if your web server uses CPANEL.
Consider the following steps to BACKUP your site:
- To Backup the files of your site:
- On CPANEL select option Backups
- Under Home Directory select option Download a home directory Backup
- Select Save File
- To Backup the Databases of your site:
- On CPANEL select option Backups
- Under Download a MySQL Database Backup select the Database you wish to Backup
- Select Save File
- Repeat Steps 2 and 3 for any other Database you wish to backup
Consider the following steps to RESTORE your site:
- To Restore the files of your site:
- On CPANEL select option Backups
- Under Restore a Home Directory Backup select Browse and locate the backup you want to restore from
- Select Upload
- To Restore the Databases of your site:
- On CPANEL select option Backups
- Under Restore a MySQL Database select Browse and locate the backup you want to restore from.
- Select Upload
- Repeat Steps 2 and 3 for any other Database you wish to restore
How to move a WordPress site to a different Server or URL
Posted by Rui Miguel Feio in WordPress on August 8th, 2009
Moving a WordPress site from one server to another or to a different Web address (URL) may seem a daunting task and something to stay away from. The truth is that it is quite simple!
Last month I was asked to help moving a WordPress (WP) blog from one server to another and I thought I should share with the world how this can be done.
Performing this task requires 3 major steps:
1. Move the WordPress Source Code
2. Move the WordPress Database
3. Update the WordPress configuration
For the sake of this example I will provide the general instructions for a WordPress running on LAMP (Lunix, Apache, MySQL and PHP) environment with CPanel and I’ll assume that we want to move it from http://www.original-server.com/blog to http://www.destination-server.com/blog.
STEP 1 – Move the WordPress Source Code:
(Original server)- Download the WordPress source files:
1. On CPanel select “File Manager”
2. Tick (check) the folder that contains the WordPress blog source files (ex: blog)
3. Select “Compress” from the menu
4. Select “Compress File(s)”
5. Tick (check) the zip file you’ve just created
6. Select “Download” from the menu and save the zip file locally
7. Once the download is finished delete the zip file from the server
(Destination Server) – Upload the WordPress source code:
1. On CPanel select “File Manager”
2. Select the “Upload” option
3. Locate and select the zip file that contains the WordPress source code you’ve copied into your PC.
4. Upload your file into the new server
5. Select the zip file
6. Select “Extract” from menu
7. Delete Zip file from server
Note: Beware! When you unzip the file if a directory already exists with the same name its content will be replaced!
STEP 2 – Move the WordPress Database:
(Original Server) – Export WordPress Database:
1. On CPanel select option “phpMyAdmin” (MySQL Databases)
2. Select the WordPress Database that you want to export (ex: wp01)
2. Select “Export”
3. Make sure all the Tables are selected
4. Leave all the default options ticked
5. Make sure to download as an SQL file
6. Check “Save as File”
7. Click “Go” and save it locally
Note: In addition you may also select “zipped” or “gzipped” to compress your database when downloading it.
(Destination Server) – Create new Database:
1. On CPanel select “MySQL Databases”
2. Create a new DB for the blog (ex: wp01) and if possible with the same name as it had originally
3. Create a new user for the blog if possible with the same name as originally
4. Associate the new user with the WordPress Database you’ve just created and all privileges to it.
(Locally) – Update WordPress MySQL database:
1. Edit the WordPress SQL database you’ve downloaded from the original server.
2. If the web address URL has changed:
- replace all references of the old URL with the new URL
- note that if on the new server you’re using a different directory, this needs to change too.
3. If the email addresses have changed, replace them with the new addresses.
4. Save your changes.
(Destination server) – Upload WordPress Database:
1. On CPanel, select “phpMyAdmin” (MySQL Databases)
2. Select the WordPress Database
3. Select the “Import” option
4. Locate and select the WordPress SQL Database you have saved locally.
5. Import file
STEP 3 – Update the WordPress configuration:
(Destination Server) – Update config file:
1. On Cpanel select “File Manager”
2. Locate and edit WordPress configuration file “wp-config.php”
3. Update WP DB name with the new WordPress Database name: define(‘DB_NAME’, ‘database_name_goes_here’);
4. Update user name: define(‘DB_USER’, ‘user_name_goes_here’);
5. Update Database password: define(‘DB_PASSWORD’, ‘password_goes_here’);
6. Update hostname (if required): define(‘DB_HOST’, ‘hostname_goes_here’);
7. Save your changes
STEP 4 – Testing:
1. Simply test your blog to make sure that all the functionalities are available
How to select the First row from a MySQL table
Posted by Rui Miguel Feio in MySQL on July 6th, 2009
You can use the following command to get the first row from a MySQL table:
SELECT * FROM table LIMIT 1
Explanation:
table - table name
By limiting the returns to 1 (LIMIT 1) we get the first row from the table.
Example:
SELECT * FROM tusers LIMIT 1
How to select the Last row from a MySQL table
Posted by Rui Miguel Feio in MySQL on July 6th, 2009
You can use the following command to get the last row from a MySQL table:
SELECT * FROM table ORDER BY field DESC LIMIT 1
Explanation:
table - table name
field - table field
This command orders the table by DESCENDING order and limits the number of rows returned to 1. Since DESCENDING reverses the normal table order, we get its last row.
Example:
SELECT * FROM tusers ORDER BY user_id DESC LIMIT 1
Select random rows from a MySQL table
Posted by Rui Miguel Feio in MySQL on July 6th, 2009
If you ever come across the need of randomly select rows from a MySQL table:
SELECT * FROM table WHERE field1 = value ORDER BY RAND() LIMIT x
Explanation:
table - table name
field1 - table field
value - value you want field1 to be
x – number of rows to return
Example:
SELECT * FROM tusers WHERE active_user = ‘Yes‘ ORDER BY RAND() LIMIT 10
This command returns 10 random rows of active users from table tusers.
How to validate an email address format
Posted by Rui Miguel Feio in PHP on July 2nd, 2009
There are several ways of validating an email address format.
Normally, I do it the following way:
1. I first define the regular expression for the email format:
define (“FORMAT”,”^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$”);
2. To validate the email address provided is correct:
if ( !eregi (FORMAT, $email)) echo “The email provided has an invalid format”;
Regular expressions can be a pain to understand and if it’s hard for you then I would recommend you read “Sams Teach Yourself Regular Expressions in 10 Minutes” from Ben Forta.
If however you are simply interested in some practical examples that you could use then I recommend “Regular Expressions Cookbook” from Jan Goyvaerts and Steven Levithan.
PHP security considerations
Posted by Rui Miguel Feio in PHP on July 1st, 2009
When developing a script wether if it’s in PHP or any other language you should always consider the security aspect. I’m sure the last thing you want is to get your script (and ultimately your data) hacked.
To make sure this does not happen there are a few steps you should pay attention at:
- Turn OFF the register_globals option
- Always declare variables in advance
- Check input type, length and format
- Use mysql_real_escape_string() before passing values to a MySQL query
- Use htmlentities() to convert characters to html entities before passing values to a MySQL query
- Turn OFF the error reporting and display
Here are some ways on how to achieve these:
1. To turn OFF the register_global option:
Edit your php.ini and turn it OFF or if you don’t have access to it add the following to the .htaccess file in your server:
php_flag register_globals 0
2. Always declare variables in advance:
Define default values to all the variables you’re going to use in the beginning of your script.
3. Check input type, length and format:
Always make sure that the value of the variable is exactly what the script should expect.
Checking type (example):
if ($settype($var, ‘integer’)) exit(“$var is an invalid value”);
Checking length (example):
if(strlen($var) > 20) exit (“$var has to have a maximum of 20 characters”);
Checking format (example):
$format = “^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$”;
if(!eregi($format, $email)) exit(“$email is not a valid email address”);
4. Use mysql_real_escape_string() before passing values to a MySQL query
Escape the content of your variables before passing them to a MySQL Query to sanitize the values passed to your data base:
$escaped = mysql_real_escape_string($var);
$action = “SELECT * FROM table WHERE field = ‘$escaped’ “;
5. Use htmlentities() to convert characters to html entities before passing values to a MySQL query
Another way to sanitize the values passed to your data base is by using the htmlentities() function. This converts special characters to their corresponding HTML code:
$convert= htmlentities($var);
$action = “SELECT * FROM table WHERE field = ‘$convert’ “;
6. Turn OFF the error reporting and display
You should never allow the system to show the error messages in your live production server because these messages can provide precious information about your system.
You can either set both error_reporting and display_errors to 0 in php.ini or when you execute the scripts with error_reporting(0) and display_errors(0).
If you would like to know more about PHP Security I recommend the book “Pro PHP Security” from Chris Snyder.