I’m going to outline the process of switching from Apache’s default installation of MPM Prefork to that of MPM Worker. I will also be covering the proper installation of FastCGI (mod_fcgid) to further improve your server performance. This guide is ideally intended for individuals running on low-memory VPS servers as memory consumption will likely be far lower with the Worker MPM because it spawns threads as opposed to forking child processes. If you’re intentionally reading this article, you’re probably aware of the performance benefits gained.

The worker MPM uses multiple child processes with many threads each. Each thread handles one connection at a time. Worker generally is a good choice for high-traffic servers because it has a smaller memory footprint than the prefork MPM.

more »

Let’s face it… nobody enjoys spam. A basic PHP contact form is generally susceptible to a massive amount of spam mail. SPF30 is a PHP library which utilizes a number of recommended spambot deterrents in an attempt to reduce form submission spam. SPF30 does not utilize any form of captcha. In addition to spam prevention methods, SPF30 also handles two-way encryption of form data. In other words, your form content cannot be easily sniffed across the wire. This adds a layer of security to your contact forms.

Features

• The form submission contains a hashed value of a system defined secret key, the current date, and the user’s user agent.
• The form submission is invalidated in the event the submission timestamp exceeds a specific timeout period (default 1 hour).
• The form submission is invalidated in the event it was submitted in rapid succession (default 5 seconds).
• A hidden input honeypot is utilized in an attempt to trick bots into passing data with the field.
• A hidden hash field is validated against the submission time, user agent, and secret key.
• A hidden field is sent containing a the array of encrypted fields for decryption to their old field names.
• Decrypted form fields are written directly back to the POST array, abstracting the encryption from your backend handling.
• User specified form field names can undergo two-way DES encryption to obfuscate form field names.
• User submitted form field values can be encrypted on the frontend using a Javascript implementation of DES.
• The encryption method goes beyond simple DES encryption for the purposes of transporting UTF-8 characters in POST data.

more »

There are numerous sites for finding available .COM domain names. Generally, these sites will not turn up the kind of results you are actually looking for when trying to find the perfect domain for your startup, personal site, or business. With the following simple snippet of code you will be able to generate a list of all available two word combinations for a supplied list of keywords. It can be ran from the command line and can output a txt file of all matching domains. I hope you find this as useful as I have. more »

PHP inherently makes parsing an array of uploaded files more difficult than it needs to be due to the ordering of it’s array indices. Below is a quick example array:

$_FILES['fieldname']['name'][1] 		= 'uploadedfile.jpg';
$_FILES['fieldname']['name'][2] 		= 'uploadedfile2.jpg';
$_FILES['fieldname']['type'][1] 		= 'image/jpeg';
$_FILES['fieldname']['type'][2] 		= 'image/jpeg';
$_FILES['fieldname']['tmp_name'][1] 	= '/tmp/rAnDOmCHaRs';
$_FILES['fieldname']['tmp_name'][2] 	= '/tmp/RANdOmcHArs';
$_FILES['fieldname']['error'][1] 		= 0;
$_FILES['fieldname']['error'][2] 		= 0;
$_FILES['fieldname']['size'][1] 		= 1427;
$_FILES['fieldname']['size'][2] 		= 1576;

To combat this, we could create a function to reassemble the multi-dimensional array so that it is based on index rather than key. This allows for easier iteration of files. Here’s an example of the reindex $_FILES['fieldname'] array: more »

Many, if not all, of you have had to deal with creating a secure site login at some point in time. Although there are numerous articles written on the subject it is painstakingly difficult to find useful information from a single source. For this reason I will be discussing various techniques I have used or come across in the past for increasing session security to hinder both session hijacking and brute force password cracking using Rainbow tables or online tools such as GData. I use the word hinder due to the fact no foolproof methods exist for preventing session hijacking or brute force cracking, merely increasing degrees of difficulty. Choose a method wisely based on your site’s current or anticipated traffic, security concerns, and intended site usage. The following examples have been coded using PHP and MySQL. I more than willingly accept comments, suggestions, critiques, and code samples from readers like you as they benefit the community on the whole. more »

There are perhaps hundreds if not thousands of articles on obtaining your visitor’s IP address. The majority if these entries will refer to a small subset of global $_SERVER variables (HTTP_X_FORWARDED_FOR, HTTP_CLIENT_IP, and REMOTE_ADDR). Although both fast and simple solutions utilizing nested ternary operations exist, they are generally prone to a fairly large bug. The HTTP_X_FORWARDED_FOR server directive may contain a comma delimited list of IP addresses based upon several proxy hops prior to the client request packet reaching it’s destination.

After scouring the web I came across two sites demonstrating what appears to be the most accurate IP retrieval method I have come across. I found a number of inefficiencies in the two functions so I’m going to provide you with my optimized version. more »

I wanted to share a very quick snippet of code I conjured up to demonstrate the use of Kohana’s validation library to verify the proper size of an uploaded image submitted from form input. The height and width class vars specify the height/width or max height/max width of the image in pixels depending on the boolean value of EXACT_SIZE. If EXACT_SIZE is false, we assume that both the height and width of the uploaded image must be less than or equal to the two constant sizes. more »