Created on Wed Oct 03, 2007 8:08 pm with 11 blog posts
My personal web design blog, i dont know, maybe some tuts, or pretty much anythink that pops in my mind will go here..
Hi everyone,
This is my second blog post in general talk...
So yea, the blog is kind of up and running right now,, no comments or views really, but its ok... 
So I'm strating to focus only in php, and I may also put something up in hacking and securing... but I dont know, it is a little hard sometimes to actually come here and post stuff... 
Well, this will be all for today! And I hope I start to get someone to read this... 
Bye! Hi everyone:
I recently started one of the biggest projects until now (http://kdams.es) and I had to stop for a while and think on how I was going to manage it, and well, here is my list of the most useful steps (from my point of view):
They are not in any kind of order.,.
1- Think of all the stuff you need to program (php, javascript...) and try to find opensource codes that already do that. This way you'll save a lot of time and it is going to be probably better than your own coding...
Now, some scripts that will make your life way easier!
2- Design and simplify the most you can your index page. Do all layout in divs if possible, and then all the css. Once you are done use the Jigsaw CSS validator and make sure it is accesible.
3- Once you have completed step 2, look for the parts that will be always the same (header, footer, navigation...) and create a folder in root (I usually call it core) where you will create html documents with those parts (header.htm, footer.htm...) and once that is done use php to include them in your index instead of the actual code.
4- Also you can add to that core folder your meta tags, your css includes, and javascripts you may have...
5- As a little advice, create another folder for your php library. I usually call it lib, and in there I put for example the admin system, the picture upload system, and every single php function I have goes in there. So that when I need it in a page, I just include the php file I need and thats it.
6- It is not really necessary, but it helps a lot to have something like phpmyadmin or similar stuff to manage your MySQL databases, it also helps to do manual backups and all that.
And well, that is pretty much all by now! I will probably keep adding more tips as I think of them
If you come up with another step you always take, comment it below, and I'll add it!
Luck with your projects! 
Ok, so let's imagine we want to design a webpage, which is the main reason you will be reading this, I guess..., you want to stay away from those heavy-graphic sites that were popular a few years ago, of course. So you will probably be willing to design a nice, simple, and fresh web 2.0-style, web. Which is the most "fashionable" right now..
How to get that modern and simple feeling in your site is not that easy though, and to help you out, there are tons of great tools out there that will make your life so much easier!
First of all, the background, we see a lot of sites using some sort of stripes as background, then usually fading them away into a fill color. Well, just for that there is an amazing tool out there:
The online stripe-generator, very easy to use!
__________________________________________________
Mycoolbutton - simple web 2.0 buttons maker.
__________________________________________________
I just ran out of time!
I will update later this post, and add some more websitess!
For now, enjoy the ones already here! Written by alalex
If we want to learn more about php there are basically two things that will help, all the others might, but are not as useful...
The first thing to do of course is practice, just anything you think that can be possible to do with php, try to do it, try to copy stuff you see others do with php, learn from imitating those who already know.
The other thing that works is reading, read, read, read, until your head aches, anything that has to do with php you shoud read it, and for that, I created this post.
Probably the best you can actually read to learn php is blogs like this one that talk about it, the other things that will have useful information about it are books.
A great site that will help you a lot in this matter is the website FreeComputerBooks.com which is full of interesting books about pretty much any subject related to computers.
After some research, I have created myself a list of good books to read, here it is:
I think that to get a decent level of php those are some basics, plus, they have the benefit of being free!
So have luck with your php learning, and if you have any doubts, just go to the php forum here at frihost! Source: Hostile Graphics.
Written by sunjester
It's a natural thing to secure your website, or so you would think. PHP comes with tons of security features that many web developers dont consider when coding a website. Security is in place to protect your members sensitive data and to prevent defacements or at worst to prevent server comprimise. I will cover a couple security measures that you can use when writing "proper" PHP code. Nobody wants to wake up to a website thats been hacked overnight or while your on the shitter.
Some of the most basic and overlooked things are, cleaning your variables and all user input. Many variables themselves can be overwritten with user specified data from a malicious user. Let's say you have an admin panel on your website thats not the most secure thing y'know, but it works well. Someone finds a hole or bruteforces their way in without any visiable knowledge. That admin panel maybe be able to delete files. Whats to say the attacker doesnt just delete files but goes ahead and deletes passwd entires or other sensitive server files that would stop them from advancing.
all inputs from the "outside" coming in should be checked for malicious content!!! I will not cover security with your database. I have written many articles on SQL injection, if you dont know what it is please research it. Database security is very inmportant, I will not cover it here.
Magic Quotes
Magic quotes are a "godsend" when it comes to dealing with user input. When this option is tunred on (located in your php.ini) it will escapes all single and double quotes, backslashes, and NULL bytes from a users input with a backslash. The problem with turning magic quotes on is that maybe you want your users to use single or double quotes, or when uploading files. If you turn this off you can at "runtime" parse the strings from the user entered data.
If your new to PHP i would suggest turning this on until you learn how to properly parse and display data that users enter. I personally use a "clean" function that i've written. I will give you a basic "on-the-fly" one just for this tutorial so you can start building your own cleaning function.
| Code: |
<?php
function clean($string) {
$string = stripslashes($string);
$string = htmlentities($string);
$string = strip_tags($string);
return $string;
}
?> |
you would use this function like below, if your user was submitting a form that required a username.
| Code: |
<?php
$username = $_POST[username];
echo clean($mystring);
?> |
There are 3 directives for the magic quotes, refer to the php.net website or the php manual. Basically the 3 directives are magic_quotes_gpc, these deal with the request data (get, post, cookies). magic_quotes_runtim e deal with flatfiles and databases, external files. the third is magic_quotes_sybase, this will override the magic_quotes_gpc if its enabled. This one will escape single quotes with another single quote.
__________________________________________________________
Security Through Obscurity
Recently you may not have noticed, I sure have on some websites where an ASP or PERL extension can be found in place of the normal PHP when you know for true, 100% fact that the website is running a php/sql based front and backend. This is "obscurity through security" when instead of telling the attackers your using php scripts you mislead them into thinking your running perl or pythoin or whatever type of script you want.
For example, your run a php script with the .php extension, like normal. Rather than showing the world your "hello.php" script you can actually use Apache to "hide" or "obscure" the real file's extension. So instead of normally using "hello.php" you could disguise the file to viewers as perl, "hello.pl" even though its a PHP script. like so...
| Quote: |
| AddType application/x-httpd-php .asp .py .pl |
my favorite is making up my own file extensions, like .sun or .******
| Quote: |
| AddType application/x-httpd-php .sun .****** .1e3t |
Im sure if an attacker is just looking for something to f* with when he comes across a .sun file that runs like a php file, theyll will be heartbroken and confused. Give it a try. The above codes are for the Apache configuration file. If your on a shared hosting you may not have access to the Apache configuration files, Maybe you could make some suggestions to your host.
__________________________________________________
Register Globals
This is a big change in PHP when 4.2 came out. This is an on/off option in the INI file for php (php.ini). PHP doesnt force you to initial variables like other languages, for this, people think its a very insecure language. When register globals is on it will allow a request to set a variable. The best kind of example is a member login form. Let's say register globals is on..
| Code: |
<?php
if($authed = true) {
echo "my sensitive information";
}
?> |
Any user can get to the "sensitive information" by sending a GET request. You could do this via telnet or by browser, like so sin.php?authed=true, which reveals the sensitive information. Turning them off will defeat this problem. Now when we try to visit the site sin.php?authed=true, It will be blank. Users cannot initialize variables from an external source. Another way to protect your variables from external sources would be to check if they are submitted via a GET or POST request.
| Code: |
<?php
$authed = true;
if(isset($_POST[authed]) || $_GET[authed]) {
echo "variable violation";
} else {
if($authed == true) {
echo "my sensitive information";
}
}
?>
|
By monitoring the GET and POST requests we can check to see if someone is trying to inject something into our variables without the script doing it. Usually followed by not only a message telling them they have wrong the variable, but usually a mail() will follow to notify the admins on the website. I love this one.
_________________________________________________________
Hope you enjoy the post!
For more information about the subject, visit the web of the author:
Source: Hostile Graphics.
Written by sunjester
__________________________________________________________
-->
All blog posts (11)
