A WordPress YouTube Plugin – The FuTube Player

Recently we were looking for a Flash video player to use on our websites. Youtube’s default player was a little bloated, so one of our developers at Fubra built an alternative youtube flv player, which looks a bit like this:

[futube video=”gE1KGHUb9zw” author=”by Fubra Limited” color=”#336699″ hd=”true” height=”300″ title=”FuTube Player” width=”400″]

We’ve also released this as a wordpress plugin. You can install it via subversion if you prefer using the instructions below.

Installing the WordPress Plugin via Subversion

From the command line, navigate to your WordPress plugins folder and then edit the svn externals for the folder.

cd wp-content/plugins/
svn propedit svn:externals .

This should open the file in your favourite text editor (I use vim). You should add a line like:

futube http://svn.wp-plugins.org/futube-video-player/trunk/

Save and exit, then run:

svn update

PHP GovTalk Class

As part of our commitment to open source, we have begun work on PHP class to make it easier to for developers to work with the UK’s government gateway. The project is hosted on Google Code, and is called php govtalk.

GovTalk is a set of standards for interacting electronically with government services.

In the future we will extend the class to work with individual government API’s such as Companies House, and HMRC. This will then be used on a number of projects, including our online accounting product, Clear Books.

We welcome contributions from other developers in the community, so if you want to help please contact any of the project admins.

Testing the Yii Framework

Installing

First, download the Yii Framework to somewhere sensible. I prefer to use subversion to check out the code:

svn co http://yii.googlecode.com/svn/branches/1.0 /usr/share/php/Yii

This will take a few minutes. Once it’s done, you can use the Yii Command Runner (yiic) to set up your web application:

/usr/share/php/Yii/framework/yiic webapp /var/www/html/appname

If everything went well, you should be able to access your web app with:

http://hostname/appname/

You should see a screen like the following one:

yii-default-screen

Configuring

Set up the config script to be able to connect to your database.

/var/www/html/webapp/protected/config/main.php

Uncomment the DB section, and add in your database connection details:

'db'=>array(
			'connectionString'=>'mysql:host=localhost;dbname=http_auth',
			'username'=>'root',
			'password'=>'d2x@1A1!aa!a!',
			'emulatePrepare'=>true
		),

Developing with Subversion, Unfuddle and OSX

Today I’m going to be helping one of our investment companies, ByteWire set themselves up with a subversion based development environment for their Street Crime game. They will use a straight forward workflow whereby they will develop and test their code locally on their iMacs, commit working code to a subversion repository, and then check out code the live site when they are happy with it.

UNFUDDLE

We’re going to be using Unfuddle to provide subversion hosting, project management and bug tracking.

  • Create a free unfuddle account, e.g. Bytewire
  • Set up your first project e.g. Street Crime
  • Create a repository: http://bytewire.unfuddle.com/svn/bytewire_streetcrime/

LOCAL DOMAIN ON OSX

Set-up a local test domain on OS X

  • Add it to the hosts file
printf "127.0.0.1\tstreetcrime\n" | sudo tee -a /etc/hosts
  • This should now be accessible via http://streetcrime/

MAMP

MAMP is an excellent bundle of Apache, MySQL and PHP for use on Macs. These tools do come pre-installed with Leopard by default, but php in particular is missing a fair few modules which you can only really add by re-compiling – MAMP makes it a lot easier. It installs new versions of PHP, MySQL and Apache alongside the default versions (on different ports), so that both can be run at the same time.

    • Create a folder where the site code will be placed, e.g. /Applications/MAMP/htdocs/streetcrime/http/
    • Open up /Applications/MAMP/conf/apache/httpd.conf with a text editor.
    • Uncomment the NameVirtualHost line, and add a couple of news lines to define the new virtual host. It should look like:
NameVirtualHost *

<VirtualHost *>
DocumentRoot /Applications/MAMP/htdocs/
ServerName localhost
</VirtualHost>

<VirtualHost *>
DocumentRoot /Applications/MAMP/htdocs/streetcrime/http/
ServerName streetcrime
</VirtualHost>
  • Restart MAMP through the MAMP control applet or widget. You should then be able to access the site at http://streetcrime:8888/

INITIAL COMMIT OF CODE

  • Make the trunk folder inside the repository where your site code will initially be kept.
svn -m '' mkdir http://bytewire.unfuddle.com/svn/bytewire_streetcrime/trunk/
  • Check out the trunk to your project top level folder
svn co http://bytewire.unfuddle.com/svn/bytewire_streetcrime/trunk/ /sites/street-crime.com/
  • Check through the folder structure and look for anything that should be excluded:
du -h --max-depth=1 /sites/street-crime.com/http/
  • Edit the svn:ignore property
svn add /sites/street-crime.com/http/
svn propedit svn:ignore /sites/street-crime.com/http/
  • List the files & folders that you want to ignore, and then save and quit.
PSD
gangster-game-forum
gangster-game-wiki
gangster-game-blog
logs
uploads
  • Add the remaining files and commit (excluding uploads etc with svn:ignore)
svn add --force /sites/street-crime.com/http/
svn commit -m 'Importing main files'

CHECKING OUT CODE TO THE OSX DEVELOPMENT WORKSTATION

  • Change directory to the folder you set up locally for development.
cd /Applications/MAMP/htdocs/streetcrime/
rmdir http
svn co http://bytewire.unfuddle.com/svn/bytewire_streetcrime/trunk/ .

TESTING THE SITE

  • Visit http://streetcrime:8888/ – it showed a blank page for me. That would suggest error reporting is off, so enable in /Applications/MAMP/conf/php5/php.ini


WAMP SMTP Server – Send outgoing emails

If you are running WAMP and you want to be able to send outgoing e-mails via PHP’s mail function, then you will need to edit the php.ini file and change

SMTP = localhost

to

SMTP = smtp.yourisp.com

Replacing smtp.yourisp.com with the address of your ISP’s SMTP server, e.g. smtp.ntlworld.com. The php.ini is in the bin directory of the active Apache, which will be something like:

c:\wamp\bin\apache\apache2.2.8\bin

However, if you are using Zend Mail and you get an error along the lines of

Warning: mail() [function.mail]: SMTP server response: 501 <"Bill Gates" <[email protected]>>: "@" or "." expected after """"

Then you should probably bypass PHP’s mail functions altogether, and connect directly to the SMTP server from Zend Mail:

require_once 'Zend/Mail/Transport/Smtp.php';
$tr = new Zend_Mail_Transport_Smtp('mail.example.com');
Zend_Mail::setDefaultTransport($tr);

So to send a mail from WAMP using Zend Framework’s Mail functions, you would use the following:

require_once 'Zend/Mail.php';
require_once 'Zend/Mail/Transport/Smtp.php';

$tr = new Zend_Mail_Transport_Smtp('mail.example.com');
Zend_Mail::setDefaultTransport($tr);

$mail = new Zend_Mail();
$mail->setBodyText($setBodyHtml);
$mail->setFrom('[email protected]', 'Bill Gates');
$mail->addTo($email, $name);
$mail->setSubject($subject);
$mail->send();

PHP Web Application Security

Here are some tips to help you think more about security when developing a web app. 

  1. Buy a good book on the subject, such as Securing PHP Web Applications and implement what you learn in your code.
  2. Read through Web Application Security section on of the SANS Institute 2007 top 20 security risks. There are some useful tips on securing PHP in particular. 
    • Check PHP configuration settings:
      • Turn register_globals off, use super globals such as $_GET instead (from PHP 4.2.0 this is the default).
      • Turn allow_url_fopen off (unless you really need it).
      • Disable magic_quotes.
      • Configure open_basedir for each site to restrict access from PHP scripts to certain directories.
      • Consider running PHP with FastCGi instead of mod_php
    • Use best practices when developing:
      • ALWAYS validate user input! This is probably the most important point in the entire list. There are many nasty bots and spiders going round the web trying to break into your site, and the most common way in is through your web forms. There are various validation libraries out there to make your life easier  (e.g. PEAR Validate, Zend Filter Input)- use them!
      • Avoid SQL injections. If you validate user input correctly, then this should help you avoid SQL injection vulnerabilities. To be doubly safe you could use a database abstraction layer, that if used correctly with prepare statements, will automatically escape user input data. Check out PDO and Zend DB.
      • Avoid XSS attacks. An XSS attack is where malicious users are able to inject their own code in to pages on your site that may be viewed by other users. You could strip tags from user input, and encode html entities in any plain text being output.
      • Don’t transmit passwords and other secret information over plain text, submit to a secure URL.
      • Be careful when allowing uploads. Check the file types, and only allow files you expect. Resample uploaded images in case there is any hidden code inside.
      • Use sessions instead of cookies, unless you really need the persistence of a cookie. Sessions are temporary and keep everything except the session ID hidden from the user’s machine.
      • Peer review your code. Get another developer to look through it, two heads are better than one!
  3. Download the Wapiti and Grendel Scan web application vulnerability scanning tools and run them on your sites.

This is of course an overly simple list, and it can’t protect against things like logic flaws, but at least – if you were wondering where to start then I hope it will give you some useful inspiration!

PHP Adsense Report Script

Currently there is no Adsense API for accessing account statistics / reports. Fortunately, Alex Polski (Victor Klepikovskiy) runs a project on Google Code that provides a PHP class to login and download a variety of reports from Adsense. 

So, if you want to monitor your Adsense reports in your own systems, you should give his PHP Adsense Account Library a try. 

It supports:

  • Parse overview stats into an associative array.
  • Shows quick stats for Today
  • Show quick stats for Yesterday
  • Show quick stats for Last 7 Days
  • Show quick stats for This Month
  • Show quick stats for Last Month
  • Show quick stats since Last Payment
  • Get a specific report as a CSV file
  • Get a specific report as an associative array.

Installing Zend Framework on OS X (Leopard)

Today I needed to use Zend Framework on my iMac’s local web server, so here’s how I installed it. 

I prefer using subversion where possible to download any open source projects, and since Zend have an svn repository available I decided to use that. 

sudo svn co http://framework.zend.com/svn/framework/standard/branches/release-1.7/library/ /usr/lib/php/libraries/zend-framework-1.7/

This will follow the latest updates to version 1.7 – you can simply run svn update anytime a minor version is released.

You can then include this in any of your projects with:

set_include_path(
get_include_path().PATH_SEPARATOR.
'/usr/lib/php/libraries/zend-framework-1.7/');

Although I’ve gone through these steps on my OS X Leopard workstation, they would also work equally well on other Unix / Linux distributions like Ubuntu, Centos, Fedora etc..

Fixing a blank screen with the WordPress Mollom Plugin

If you get a white screen after the Mollom Captcha step when trying to add a comment to your blog, then check your PHP errors logs. I was experiencing this problem, and looking into the logs showed the following:

[09-Feb-2009 11:11:53] PHP Fatal error:  Call to undefined function mb_convert_encoding() in /sites/pyrosoft.co.uk/http/blog/wp-content/plugins/wp-mollom/wp-mollom.php on line 1371

The mb_convert_encoding() function is part of the PHP mb_string module, so fixing this was relatively easy. As my server was running Centos 5, I could just use yum to install the mb_string functions:

yum install php-mbstring

And then finally, I restarted Apache:

apachectl graceful