PHP

Send emails from localhost(WAMP Server)


If you are developing php project on localhost and you are using mail function on your project that time you may face problem with send mail function. so in this tutorial we are explain how to configure sendmail.

Follow the step below for configure sendmail:

Step 1: Download sendmail

Download sendmail and extract all the files in the folder “C:\sendmail\”

Step 2: Configure sendmail.ini

Open the file “C:\sendmail\sendmail.ini” and add the following params in the corresponding lines:

smtp_server=smtp.gmail.com
smtp_port=465
auth_username=your_address@gmail.com
auth_password=your_password
force_sender=your_address@gmail.com

Step 3 : Configure php.ini

Open the php.ini, find the following lines and add the path to the sendmail executable file. Don’t forget to restart the Apache server after doing that.

sendmail_path = "C:\sendmail\sendmail.exe -t"

Step 4: Test

Create a PHP script with the following code:(test.php)

mail('your_email@gmail.com','Test Mail Working','Mail received Successfully!!!!')

Run your test.php file and check your mail.

 

Advertisements

Filenames with spaces are break the download in Mozilla Firefox


When downloading certain files, you may find that the filename is truncated up to the first space. Thus, a link to download the file “My music.mp3” produces a save dialog containing “My” as the filename. This is a case of the website incorrectly sending the filename, and the browser coping as best it can.

if the file name contains a quote or spaces; then you have to escape that quote or spaces.

So you can use following code for download mp3 file for the solve this issue.

header(‘Content-Disposition: attachment; filename=”‘ . str_replace(‘”‘, ‘\\”‘, $fileName) . ‘”‘);

downlaod.php file:

 <?php

 // $audioFile = "Maid with the Flaxen Hair.mp3";
 $fileName = $_GET['id'];
 // Fetch the file info.
 $filePath = '../uploads/music/' . $fileName;
 
 if(file_exists($filePath)) {
 $fileName = basename($filePath);
 $fileSize = filesize($filePath);

 // Output headers.
 header("Cache-Control: private");
 header("Content-Type: application/force-download");
 header("Content-Type: audio/mpeg, audio/x-mpeg, audio/x-mpeg-3, audio/mpeg3");
 header("Content-Length: ".$fileSize);
// header("Content-Disposition: attachment; filename=".$fileName);
 header('Content-Disposition: attachment; filename="' . str_replace('"', '\\"', $fileName) . '"');

 // Output file.
 readfile ($filePath); 
 exit();
 }
 else {
 die('The provided file path is not valid.');
 }

?>

html file:

 <a href="http://localhost/musiclib/include/download.php?id=my music.mp3"> Download</a>

How to add search function to your website


If you are design any website it important to add search functionality on your site. Visitor or user essay find the content or exact data/page on your site. So add search function in your site and make your site user friendly.

Allowing visitors to search your site is very important. We are so used to being able to search for what we need that when we come across a website with no search function – particularly a large site – we are likely to find it extremely frustrating. A good search function can be used by your visitors as another method of navigation on your site. Adding search functionality should therefore be a priority.

In this articles we are focus on “How to add search function to your website”.

There is no feature in HTML that will perform the search. But you do have  alternative options:

  • You can integrate 3rd-party search engines like Google into your site.
  • You can upload a CGI page which uses PHP, Perl, or another scripting language to perform the local search for you.
  •  JavaScript search engines which work right inside the page , but that requires you to transfer all the data to the client, so it is not a very good idea.

Few people realise this, but you can actually use the major search engines like Google as your site’s search engine, free of charge.

To do this with Google, go to Google Custom Search Engine and complete the online form.

 

This useful script allows your visitors to search the contents of your site by leveraging the 3 most popular search engines- Google, Yahoo, and MSN. Now your site’s search is truly covered!

<a class="left carousel-control" href="#carousel-example-generic" role="button" data-slide="prev">
<span class="glyphicon glyphicon-chevron-left"></span>
</a>
<a class="right carousel-control" href="#carousel-example-generic" role="button" data-slide="next">
<span class="glyphicon glyphicon-chevron-right"></span>
</a>
</div>

<form name="jksearch" action="http://www.google.com/search" method="get" onSubmit="jksitesearch(this)">

<input id="hiddenquery" type="hidden" name="q" />
<input name="qfront" type="text" style="width: 200px" value="database " /> <input type="submit" value="Search" /><br />
<div style="font: bold 11px Verdana;">Google:<input name="se" type="radio" checked> Yahoo:<input name="se" type="radio"> MSN:<input name="se" type="radio">
</div>

<script type="text/javascript">

//Enter domain of site to search.
var domainroot="https://walkeprashant.wordpress.com"

var searchaction=[ //form action for the 3 search engines
"http://www.google.com/search",
"http://search.yahoo.com/search",
"http://search.msn.com/results.aspx"
]

var queryfieldname=["q","p","q"] //name of hidden query form for the 3 search engines

function switchaction(cur, index){
cur.form.action=searchaction[index]
document.getElementById("hiddenquery").name=queryfieldname[index]
}

function jksitesearch(curobj){
for (i=0; i< document.jksearch.se.length; i++){ //loop through radio to see which is checked
if (document.jksearch.se[i].checked==true)
switchaction(document.jksearch.se[i], i)
}
document.getElementById("hiddenquery").value="site:"+domainroot+" "+curobj.qfront.value
}
</script>

</p>

</form>

following disadvantages for 3rd-party search engines:

  • If the search engine decides to discontinue the service, your site search will suddenly fail to work.
  • The results page has the search engine’s advertisements and formatting. You have even less control over the output than when using the third party search engine remotely hosted services.
  • Limited in functionality

You could consider a JavaScript search option. Be aware that not all browsers support JavaScript, although most do nowadays, so this shouldn’t cause a problem.

The best method is to store your information in your database and use server scripting like php and MySQL to query the data

ASP to Wordpress migration

Migrate site from ASP to WordPress


Now a day WordPress is most popular blogging framework. many people are use WordPress for blogging as well as e-commerce application like online shop. using WordPress you can easily manage SEO, Change contain and take your site backup. WordPress framework is user friendly framework and any one can use without technical knowledge.only need some creativity and all depend on your interest.that’s why most of people prefer WordPress for Dynamic web design.

If you have design your site in to ASP and you want to translate/convert in to WordPress then don’t mind. In this tutorial i will explain how to Migrate site from ASP to WordPress without losing your existing url rank .Some time you have migrate site or convert static to dynamic site it may affect on your rankings. so it important to maintain your ranking.

Although WordPress includes built-in migration tools for importing content from other blogging platforms, migrating an ASP-based site is a little more challenging because everything must be moved manually. After you’ve installed WordPress on your server or with its Web host, you are left essentially with a shell into which you need to insert content. Because all WordPress sites are template-driven, the first thing you must do is select a template. After you’ve selected a template, you can begin migrating your ASP site page by page and then uploading any additional media and other content stored on your company’s server.

Select a Template

Step 1 : Log in to your  WordPress dashboard.
Step 2 : Highlight “Appearance” on the main menu and click “Themes” on the menu that appears.

Step 4 : Enter search terms into the Search field and place checkmarks in the provided Feature Filter checkboxes to further refine your search criteria. Press the “Search” button or the “Find Themes” button to display a list of themes that match your search criteria.
Step 5 : Browse through the theme thumbnails. Click the “Preview” link below a theme to preview the theme in your browser. Click “Install Now” to download and install the theme on your WordPress site.
If you want to design same layout of  your ASP site then you need to create theme.
You can refer this link for how to create new theme: http://codex.wordpress.org/Theme_Development
Also you need to design different template for different page layout.( like home page template,contact page template,gallery template,single page template) .
Using above link you can design same theme/layout which look like similar to old one.
or you can hire any WordPress developer for create theme.

Migrate Pages

Step 1 : Open your ASP website and click one of the items on your site’s main menu.
Step 2 : Launch a second browser tab and log in to your WordPress dashboard.
Step 3 : Hover your mouse over “Pages” on the main menu and click “Add New” on the menu that appears.
Step 4 : Enter a title for your page in the provided field. This title should be the same as the page currently being copied from your ASP site.
Step 5: Highlight all of the text on the current page of your ASP site and click “Ctrl-C” on your keyboard to copy it to the clipboard. Switch back to the tab on which your WordPress dashboard is displayed, click your mouse in the Visual editor and press “Ctrl-V” to paste all of the text into the editor. Some images may copy over, too. If this is the case, click them and delete them because they will be linked to the file directory on your old ASP-based site, rather than to your WordPress site. You will instead need to re-upload these images to your WordPress site from your computer.
Step 6 : Place your cursor at the location in the visual editor where you want an image to appear. Click the “Upload/Insert” button to launch the Add Media dialog. Drag and drop the desired image into the dialog or click “Select Files” and double-click the image from its location on your computer to upload it into your WordPress page. Repeat this step for each image or other multimedia file you want to migrate into this WordPress page.
Step 7 : Click the “Publish” button to finish migrating this page from your ASP site to your WordPress site. Repeat these steps for each page you want to migrate into WordPress.

Migrate Media and Other Content

Step 1 : Download the media you want to migrate from your ASP site. Skip this step if the media is already stored on your computer.
Step 2 : Log in to your WordPress Dashboard, highlight “Media” on the main menu and click “Add New” to launch the Add New Media screen. From this screen you can add content to your WordPress library for use at a later date. Compatible content includes videos, images, audio, text files, and more.
Step 3 : Drag and drop your files into the Upload New Media window or click “Select Files” to select files manually. After the files have been uploaded to your WordPress site, you will be prompted to enter titles and descriptions for each file.

Redirections

There is a plugin for changing from one permalink structure to another, but I am quite sure that this will not be enough for your needs. You will have to use some .htaccess rewrite rules.
There are several instances when you administer WordPress blogs where you will need to perform a 301 redirect. It is one of the most important corrective actions you can take when moving content.

one reasons why you should do a permanent 301 redirect are to maintain search engine rankings, such as in Google. If you have an old, ranking URL in Google and move to a new, permanent location, a 301 redirect can pass the search engine ranking score of the old ranking URL (not abruptly; it will take time) to the new URL. Hence the new URL will appear and start to rank in the search engine results, replacing the old URL.

If 301 redirection is not implemented, the old URL will still rank in Google. And no matter what you do, your new URL will never appear in search results unless you do a 301 redirect.

Redirections will more detail in next artical

Database Security


wp-database-backupNowadays, databases are cardinal components of any web based application by enabling websites to provide varying dynamic content. Since very sensitive or secret information can be stored in a database, you should strongly consider protecting your databases.

 

Designing Databases

The first step is always to create the database, unless you want to use one from a third party. When a database is created, it is assigned to an owner, who executed the creation statement. Usually, only the owner (or a superuser) can do anything with the objects in that database, and in order to allow other users to use it, privileges must be granted.

Applications should never connect to the database as its owner or a superuser, because these users can execute any query at will, for example, modifying the schema (e.g. dropping tables) or deleting its entire content.

You may create different database users for every aspect of your application with very limited rights to database objects. The most required privileges should be granted only, and avoid that the same user can interact with the database in different use cases. This means that if intruders gain access to your database using your applications credentials, they can only effect as many changes as your application can.

You are encouraged not to implement all the business logic in the web application (i.e. your script), instead do it in the database schema using views, triggers or rules. If the system evolves, new ports will be intended to open to the database, and you have to re-implement the logic in each separate database client. Over and above, triggers can be used to transparently and automatically handle fields, which often provides insight when debugging problems with your application or tracing back transactions.

Connecting to Database

You may want to establish the connections over SSL to encrypt client/server communications for increased security, or you can use ssh to encrypt the network connection between clients and the database server. If either of these is used, then monitoring your traffic and gaining information about your database will be difficult for a would-be attacker.

Encrypted Storage Model

SSL/SSH protects data travelling from the client to the server: SSL/SSH does not protect persistent data stored in a database. SSL is an on-the-wire protocol.

Once an attacker gains access to your database directly (bypassing the webserver), stored sensitive data may be exposed or misused, unless the information is protected by the database itself. Encrypting the data is a good way to mitigate this threat, but very few databases offer this type of data encryption.

The easiest way to work around this problem is to first create your own encryption package, and then use it from within your PHP scripts. PHP can assist you in this with several extensions, such as Mcrypt and Mhash, covering a wide variety of encryption algorithms. The script encrypts the data before inserting it into the database, and decrypts it when retrieving.

SQL Injection

Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands.

Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build an SQL query.

Owing to the lack of input validation and connecting to the database on behalf of a superuser or the one who can create users, the attacker may create a superuser in your database.

Avoidance Techniques

While it remains obvious that an attacker must possess at least some knowledge of the database architecture in order to conduct a successful attack, obtaining this information is often very simple. For example, if the database is part of an open source or other publicly-available software package with a default installation, this information is completely open and available. This information may also be divulged by closed-source code – even if it’s encoded, obfuscated, or compiled – and even by your very own code through the display of error messages. Other methods include the user of common table and column names. For example, a login form that uses a ‘users’ table with column names ‘id’, ‘username’, and ‘password’.

These attacks are mainly based on exploiting the code not being written with security in mind. Never trust any kind of input, especially that which comes from the client side, even though it comes from a select box, a hidden input field or a cookie. The first example shows that such a blameless query can cause disasters.

  • Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges.
  • Use prepared statements with bound variables. They are provided by PDO, by MySQLi and by other libraries.
  • Check if the given input has the expected data type. PHP has a wide range of input validating functions, from the simplest ones found in Variable Functions and in Character Type Functions (e.g. is_numeric(), ctype_digit() respectively) and onwards to the Perl compatible Regular Expressions support.
  • If the application waits for numerical input, consider verifying data with ctype_digit(), or silently change its type using settype(), or use its numeric representation by sprintf().

  •  If the database layer doesn’t support binding variables then quote each non numeric user supplied value that is passed to the database with the database-specific string escape function (e.g. mysql_real_escape_string(), sqlite_escape_string(), etc.). Generic functions like addslashes() are useful only in a very specific environment (e.g. MySQL in a single-byte character set with disabled NO_BACKSLASH_ESCAPES) so it is better to avoid them.
  • Do not print out any database specific information, especially about the schema, by fair means or foul. See also Error Reporting and Error Handling and Logging Functions.
  • You may use stored procedures and previously defined cursors to abstract data access so that users do not directly access tables or views, but this solution has another impacts.        

Your database contains all your important information if the database is erased or corrupted you lose everything.

Sometimes accident can happen when we least expert it. If you can have made a careless mistake and your database is gone how can you restore your data in your database?

So Backup your database regularly.

If you are use WordPress so you can use backup plugins for take database backup.

WP-Database-Backup :When plugin is installed and active. you can backup your blog database easily in single click.

WP Database Backup

WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click.Manual or automated backupswp-database-backup_download_button

Protect your website from hackers


01. Keep software up to date

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.

If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.

If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.

02. SQL injection

SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.

Consider this query:

"SELECT * FROM table WHERE column = '" + parameter + "';"

 

If an attacker changed the URL parameter to pass in ‘ or ‘1’=’1 this will cause the query to look like this:

"SELECT * FROM table WHERE column = '' OR '1'='1';"

 

Since ‘1’ is equal to ‘1’ this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.

03. XSS

Cross site scripting is when an attacker tries to pass in JavaScript or other scripting code into a web form to attempt to run malicious code for visitors of your site. When creating a form always ensure you check the data being submitted and encode or strip out any HTML.

04. Error messages

Be careful with how much information you give away in your error messages. For example if you have a login form on your website you should think about the language you use to communicate failure when attempting logins. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right. If an attacker tries a brute force attack to get a username and password and the error message gives away when one of the fields are correct then the attacker knows he has one of the fields and can concentrate on the other field.

05. Server side validation/form validation

Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.

06. Passwords

Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.

As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.

Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.

In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.

Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it’s worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.

07. File uploads

Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.

If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won’t attempt to execute files with image extensions, but it isn’t recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.

Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example,  chmod 0666 so it can’t be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

    deny from all
    <Files ~ "^\w+\.(gif|jpe?g|png)$">
    order deny,allow
    allow from all
    </Files>

 

Ultimately, the recommended solution is to prevent direct access to uploaded files all together. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content

Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.

Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don’t have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.

If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.

If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimising the risk of your data being exposed.

Finally, don’t forget about restricting physical access to your server.

09.SSL

SSL is a protocol used to provide security over the Internet. It is a good idea to use a security certificate whenever you are passing personal information between the website and web server or database. Attackers could sniff for this information and if the communication medium is not secure could capture it and use this information to gain access to user accounts and personal data.

10. Website security tools

Once you think you have done all you can then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.

There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers will use in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL injection.

Some free tools that are worth looking at:

  • Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS
  • OpenVAS. Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product.

Subscriptions and Recurring Payments in Paypal


When you use PayPal Subscriptions and Recurring Payments, your customers can purchase automatically recurring subscriptions from your website, or even using a link in an email.

Subscriptions and Recurring Payments is a low-cost way for you to accept credit card and bank account payments for content site subscriptions, newsletter fees, club dues, or recurring donations, and can be fully integrated with your website in a few easy steps. Subscriptions and Recurring Payments is only available for Business or Premier accounts.

What are the benefits?

Save time and money with PayPal’s hassle-free Subscriptions and Recurring Payments:

  • Easy to implement – flexible and automatic billing frees you from sending invoices
  • No up-front costs – you’ll enjoy the same low fee schedule each time you receive other PayPal payments
  • Sell with ease – PayPal maintains detailed transaction records on our website
  • Improve buyer experience – with customisable buttons and secure payments, happy customers become repeat customers

Subscriptions and Recurring Payments Paypal Button

PayPal Subscriptions and Recurring Payments are easy to set up and use:

  1. Log in to your Premier or Business PayPal account.
  2. Click on the Merchant Services tab
  3. Click on the Subscriptions and Recurring Payments link
  4. Specify the name, billing cycle, price and other details of the item you wish to sell
  5. Add more optional information such as postage and packaging, VAT, and option fields (for size, colour, weight, etc.)
  6. Click Create Button Now and the Button Factory will generate customised HTML code
  7. Paste the HTML code on your website to create your Subscribe and Cancel Subscription buttons.

When a buyer clicks the Subscribe button, s/he will be taken to a secure PayPal payment page, where s/he can log in to an existing PayPal account or sign up for a new one, and quickly complete the payment.

Subscriptions and Recurring Payments HTML Code

Experienced HTML users can bypass the Button Factory and create their own PayPal Shopping Cart payment buttons by altering the HTML code directly. The sample code below shows the minimum information you need to create an Add to Cart button (in this case, to purchase a newsletter subscription billed $7.00 USD per month):
<form name="_xclick" action="https://www.sandbox.paypal.com/websc" method="post">
<input type="hidden" name="cmd" value="_xclick-subscriptions">
<input type="hidden" name="business" value="prashant.walke_buz@testpaypal.com">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="no_shipping" value="1">
<input type="image" src="http://www.paypal.com/en_GB/i/btn/x-click-but20.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="a3" value="7.00">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
</form>
paypalPasting the above code into your website would generate a button that looks like this:
If you dynamically generate portions of your site, you can create Subscribe buttons dynamically and save time by updating the variables with information from your database. To use the button above for a different subscription, you would only need to edit three variables:

  • a3 – amount to be invoiced each recurrence
  • t3 – time period (D=days, W=weeks, M=months, Y=years)
  • p3 – number of time periods between each recurrence

For the example above, the variables would be:
$7.00 USD (a3) every 1 (p3) month (t3)

htaccess

What is the .htaccess File?


You may have been working on a website, or reading an article about web development, and heard about the .htaccess file, but wondered what it was, or what, if anything, you can do with it. This tutorial will tell you the basics about .htaccess, and show you a few ways you can use it on your website.

Before we go any farther, let’s explain what the .htaccess file is. htaccess is short for Hypertext Access, and is a configuration file used by Apache-based web servers that controls the directory that it “lives” in–as well as all the subdirectories underneath that directory.

Many times, if you have installed a Content Management System (CMS), such as Drupal, Joomla or WordPress, you likely encountered the .htaccess file. You may not have even had to edit it, but it was among the files that you uploaded to your web server. BTW, that’s its name, .htaccess–it begins with a period, and ends with “htaccess.” If you edit it, you need to make sure that it stays that way, and doesn’t end up with a .txt or .html extension.

Also note that some web hosts do not allow you to edit the .htaccess file–but even on most of those hosts, you can create your own .htaccess file and upload it to specific directories, and as discussed above, it will control those directories and subdirectories below it.

Some of the features of the .htaccess file include the ability to password protect folders, ban users or allow users using IP addresses, stop directory listings, redirect users to another page or directory automatically, create and use custom error pages, change the way files with certain extensions are utilized, or even use a different file as the index file by specifying the file extension or specific file.

Custom Error Pages for Better SEO

One use of the .htaccess file is to redirect users to a custom error page depending on the specific web server error they encounter. By using a custom error page, you can present them with a list of your site’s top articles, a sitemap with links to the various areas of your site, and it can include your site’s navigation system. It can also feature a FAQ, so folks who are looking for information on your site, but can’t find it, are able to narrow down the location of that information on your site without leaving, going back to the search engine, and more than likely not returning to your site.

It’s not difficult to use the .htaccess file to redirect users to a custom error page–but to do it you’ll need to know the proper error code. The most common ones you’ll use are:

  • 400 – Bad request
  • 401 – Authorization Required
  • 403 – Forbidden
  • 404 – File Not Found
  • 500 – Internal Server Error

To use .htaccess with these codes, first you’ll need to open up your favorite text editor, create a new document, and in that document, specify the error message that you’ll be redirecting like this:

ErrorDocument 404 /filenotfound.html

If you wanted to redirect users for another error, such as 500, Internal Server Error, you would do it like this (and so on):

ErrorDocument 500 /servererror.html

Then you’d just save the .htaccess file (remembering to check that it is saved just like that, without some additional extension), and upload it to your web host’s root directory (or whatever directory you are wanting to use it in).

Using a Different File as the Index File

By adding another “command” to the .htaccess file, you can use a different file as the main index file that folks see when they come to your site. In other words, when folks visit http://www.yoursite.com, usually they are presented with http://www.yoursite.com/index.html or http://www.yoursite.com/index.php–but often you have created a special page that you want to use as your site’s main page–and it isn’t any of the traditional pages. Or you may want to take advantage of the latest version of PHP…there are many reasons for needing to use a different file as the index file. Here’s how you would do it, with each type of file being next in line, if the others are not in the directory.

DirectoryIndex index.php3 index.php pictures.pl index.html default.htm

For instance, if there was no file named index.php3 in your directory, then the server would look for a file called index.php. If that file wasn’t present, it would look for one called pictures.pl, and so on.

PAYPAL SANDBOX PAYMENT GATEWAY INTEGRATION


In this tutorial I want to explain how to work with Paypal Sandbox test accounts for payment system development and sending arguments while click buy now button. It’s simple and very easy to integrate in your web projects.

Step:1. you need to create a papal sandbox account login into developer.paypal.com and then click signup now
paypal_integraion
2. you need to activate your account by filling the details and paypal send confirmation link to your mail and you have to confirm the same .
paypal_signup
3.once you confirm your email you need to now click on the test account tab to create test account here paypal gives you a option for where the values are pre configured and another option gives you to create manually i select a pre configuired account at first we need to create two account one is the buyer account and another account is the seller account. (Take a look at Sandbox menu left-side top Sandbox->Test Accounts)
PayPal_createacoount
we need to fill all these details and then click and create a buyer account
now lets create a business account once again i click precofigured account and then lets proceed further
PayPal_accounts
here we have now completed creating a business account and a personal account.
4. paypal gives us a buy now button to make payments and now we add the code to our tutorial

<form name=”_xclick” action=”https://www.sandbox.paypal.com/webscr&#8221; method=”post”>
<input type=”hidden” name=”cmd” value=”_xclick”>
<input type=”hidden” name=”business” value=”test_buz@perenialsys.com “>
<input type=”hidden” name=”currency_code” value=”USD”>
<input type=”hidden” name=”item_name” value=”learnwebscriptstutorial”>
<input type=”hidden” name=”return” value=”https://walkeprashant.wordpress.com/upload_file.php”&gt;
<input type=”hidden” name=”amount” value=”1″>
<input type=”image” src=”http://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif&#8221; border=”0″ name=”submit” alt=”Make payments with PayPal – it’s fast, free and secure!”>
</form>

display-google-map-using-curl-in-php

Display Google Map Using Curl in PHP


Display Google Map Using Curl, this is the preferred way it gives much more control, its also faster then file_get_contents.

1.First Set the url like :

$url ="http://maps.google.com/maps/api/geocode/json?address=PUNE+INDIA&sensor=false";

The important part to point out there is the address=PUNE+INDIA the address expects an address also since this is a web URL it cannot have spaces instead use + in place of a space.

Going to the URL in a browser it get JSON object

2. Set the curl options, the fist option is the url to be called the second option tells the request to bring back data, the rest specify the port and hosts. curl_exec actually runs the curl request.

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_PROXYPORT,3128); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0); $response = curl_exec($ch); curl_close($ch);

3. The data from the curl request are returned and stored in $response from there, decode the json object.

$response = json_decode($response);

5. To specify the item in the object desired go down the result set accordingly, in this case bring back the longitude and latitude and store them to variables.

$lat = $response->results[0]->geometry->location->lat;

$long = $response->results[0]->geometry->location->lng;

Add $lan, $long variable value in to following HTML:

<!DOCTYPE html>
<html>
<head>
<title>Geocoding Example</title>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
<style type="text/css">
#map_canvas { height: 330px; width:550px; }
</style>
<script type="text/javascript"
src="http://maps.googleapis.com/maps/api/js?sensor=false">
</script>
<script type="text/javascript">
function initialize() {
var latlng = new google.maps.LatLng(<?php echo $lat; ?>, <?php echo $long; ?>);
var addressMarker = new google.maps.LatLng(<?php echo $lat; ?>, <?php echo $long; ?>);
var myOptions = {
zoom: 15,
center: latlng,
mapTypeId: google.maps.MapTypeId.ROADMAP
};
var map = new google.maps.Map(document.getElementById("map_canvas"),
myOptions);

marker = new google.maps.Marker({ map:map, position: addressMarker });
}

</script>
</head>
<body onload="initialize()">
<h2>Geocoding Example</h2>
<div id="map_canvas"></div>
</body>
</html>

Example

<?PHP

$url = "http://maps.google.com/maps/api/geocode/json?address=baner+pune&sensor=false";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PROXYPORT, 3128);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$response = curl_exec($ch);
curl_close($ch);

$response = json_decode($response);

$lat = $response->results[0]->geometry->location->lat;
$long = $response->results[0]->geometry->location->lng;
?>

<!DOCTYPE html>
<html>
<head>
<title>Map Example</title>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
<style type="text/css">
#map_canvas { height: 330px; width: 550px; }
</style>
<script type="text/javascript"
src="http://maps.googleapis.com/maps/api/js?sensor=false">
</script>
<script type="text/javascript">
function initialize() {
var latlng = new google.maps.LatLng(<?php echo $lat; ?>, <?php echo $long; ?>);
var addressMarker = new google.maps.LatLng(<?php echo $lat; ?>, <?php echo $long; ?>);
var myOptions = {
zoom: 15,
center: latlng,
mapTypeId: google.maps.MapTypeId.ROADMAP
};
var map = new google.maps.Map(document.getElementById("map_canvas"),
myOptions);

marker = new google.maps.Marker({ map:map, position: addressMarker });
}

</script>
</head>
<body onload="initialize()">
<h2>Map Example</h2>
<div id="map_canvas"></div>
</body>
</html>