1. Plan Your Work, Work Your Plan.

In any project, it works best to put pen to paper and create a plan of action. In programming, we tend to call these algorithms. They take shape as lists, flow charts and diagrams. I do them all the time. They fit into our patterns of daily life quite well. It’s all about making the right decisions, implementing them is the easy part.

Organization and foresight can save you in both web development and life. (Though, there’s something to be said for spontaneity.)

2. There Are An Infinite Number of Solutions To Every Problem.

It’s true. There are a million different ways to do something. In web programming, the metric for appropriateness is the client needs, the hosting environment and project budget/scope. In life, it tends to be your environmental context, i.e. social, economic, political, etc. All in all, there’s no 100% definitive right way to do something, what a pleasure it’s been to accept that truth!

3. Shortcuts Have a Time and a Place.

That epic battle of quality versus quantity. Everyone wants both, whether they are a client or someone in your personal life. There’s a time and a place for libraries of code, pre-existing applications and templates. Ideally, you want to craft your own path, but sometimes you just don’t have the budget. That budget could be a project’s financial budget, it could be a timeline or it could be your mental or physical energy.

I’ve found that context is a key indicator in whether or not I should be using a shortcut in my web (and personal) development.

4. Nothing Ever Goes 100% As You Planned.

It’s hard to meet 100% of people’s expectations. Expectations, even if clearly defined, can still be subjective. Everyone has an image of how they want a project to go, and it’s rarely exactly as they envisioned. The same with life. Perfection is a myth and there’s perfection in imperfection. It’s a great thing, and it’s very relieving to understand that fact and appreciate the moments you have.

5. Specialization is Key.

This is about focus. Remember the old design adage: if everything is important, nothing is important. It’s true. A jack of all trades is an expert in none. Same with life. Keeping your focus on the things that are most important to you will make you successful. For some it’s family, others it’s career and status, and for some: it’s others. The best advice is to find out what you want to specialize in and become an expert. Success is bound to follow.

6. Exercise Is Important!

Practice makes perfect. Exercise your skills and you’ll get better, polished and more refined. The same with your body and mind. The computer is my tool for work, my body and mind are my tools for life. Never stop learning and growing. It keeps you fresh and focused (see #5). Exercising your body will also help your energy levels, concentration and keep you healthy.

7. Nothing Gets Done Until You Do It.

In my industry, we tend to talk a lot about process. What would be great/fun/cool/exciting. But nothing ever happens until we start building the application. Same goes for life. You can talk all you want about what you want to do with yourself, but it’s never going to happen until you take action.

8. There’s Always Someone Better Than You (At Least In Your Mind).

I think I’m a good programmer. I’ve gotten compliments from mentors and people I respect/admire in my industry…then I see some other great professionals’ work and I think, I suck. Not the case! There is always someone better than you at what you’re doing, and if you’re the best, odds are you don’t know it. That’s the nature of hard workers.

It’s important to remember that and avoid becoming stressed out or consumed by what others are doing. That’s just unnecessary distraction. Focus on you and be the best version of yourself – and OWN it. Good things will follow. No one ever stood out by following the crowd anyway.

9. You’ll Never Be Disappointed You Did Something Right the First Time.

So, you’re building a form that accepts payment information. You’re only checking to make sure fields aren’t empty. 1,000 spam submissions hit and plague your clients inbox because you didn’t validate an email address or require a CAPTCHA. Ouch.

If you had took the time in the first place to build it right, this wouldn’t be an issue. You’d be playing some kind of stereotypical gaming console drinking Red Bull or whatever drink the typical web developer is drinking now-a-days and your client would be happy and probably referring you to others.

There’s a classic honorability in doing something right the first time. Same with life. I’ve taken far too many shortcuts when I shouldn’t have in life, and in most cases it’s cause me grief. I have never regretted taking the long road to do something right.

10. There’s No Substitute For Fresh Air and Sunshine On Your Face.

Get out of the house, get away from the screen and breath some fresh air. You need it. You’re body, mind and soul will thank you. You’ll come back with a fresh perspective.

My career is based on machines, and I’ll be the first to admit that human beings weren’t meant to sit in front of them all day. Think of me as the blogging, freelancing Peter Gibbons.

So, I give you the cleaner (special thanks to Michael Safovich for requesting and testing).

What’s it do

It recursively looks through it’s current directory (and subdirectories) for PHP files (by default it’s looking for php, php4, php5 and phtml extensions, but this is customizable) and killing any whitespace in the beginning of the file, turning:

   
   
   
<?php include_once './wp-blog-header.php'; ?>

into this:

<?php include_once './wp-blog-header.php'; ?>

Make sense? Good, here’s the download link.

Tips & Customization

BACK UP YOUR FILES. You agree to take responsibility for running this, because I sure don’t (though I think you’ll be fine).

To run on custom file types, edit the $fileTypes array to include the types you want to strip leading whitespace from.

The script will run for the current directory. You will need to set the $directory variable to contain the path you’d like to recursively clean, in most cases you’d drop the cleaner.php file in your document root and hit it in the browser.

It will run immediately and output a log. Hope it helps. ¡Hasta luego!

The Problem(s)

• Sending mail from PHP’s mail() function and SwiftMailer both seemed to be sending things correctly (returning true and such)
• No emails were being received by any of my email addresses
• postfix was running
• I kept getting an operation has timed out in the error log when trying to connect to SMTP servers (try: tail -f /var/log/mail.log to see it real time)
• I couldn’t even telnet ASPMX.L.GOOGLE.COM 25

What the EFF, right?

Then I start thinking. I can’t get out on port 25, maybe it’s the router. After resetting the password and all settings (I’m a moron, I forgot the user/pass I setup), and re-configuring everything (I use a custom subnet at home to let me VPN special places), I found no option for this in the FiOS Actiontec router admin software.

FiOS is Blocking Port 25

Yep. That had to be it. I called their support line and confirmed it. My residential account had port 25 blocked and according to a few message boards, business accounts with dedicated IP’s were being blocked as well.

How’d I get around it? I found this article on relaying mail through Google SMTP with postfix on Snow Leopard and it saved my life.

I don’t have a lot of time to describe everything, but just follow life-saving article

Thanks, Jules. You literally saved me hundreds to even thousands of dollars in time/energy.

Now everyone, say thanks to Jules…

I have also updated the download of the fix on this page to strip leading white space.

So GoDaddy wasn’t the only host attacked by this malware PHP hack. I’ve found traces on client’s BlueHost shared Linux hosting as well. Apparently some other hosts, including Network Solutions.

One host I use (along with multiple clients) who I haven’t seen or heard about being affected is HostGator. My dedicated box(es) have not been affected either.

This is NOT an issue exclusive to WordPress installs. Tons of WordPress installations have been affected but WordPress is currently the most-installed PHP/MySQL web application on the web today, especially in these shared Linux hosting environments. I’ve seen this same attack affect sites with basic PHP files using only include statements as well as other PHP/MySQL applications such as Joomla (*shudder*).

What the attack seems to be doing

• Adding a line of base64 encrypted PHP to be evaluated before most PHP scripts run
• Common strings in hacked files include:
  • <?php eval(base64_decode(
  • <?php eval(gzinflate(base64_decode(
• Some of this code is injecting content into your page’s output for search engines, some redirecting users
• I’ve found some sites commonly have the file ./wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/style.css.php which is a lot of eval() wrapped base64 encoded strings (it’s been recursively encrypted and after 15 iterations I needed to get back to client work)
• I also found some files without extensions in the ./wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/ directory (t (looks to be a template), lb (links, link back perhaps?) and kwd (keywords) — there was also a file named cnf which looked to be encrypted configuration for the hack as well as another file called csi which contained an IP and Unix timestamp.

Updated Fix for the Hosting Hack

Please note: this is not an all comprehensive fix. This can help clear out some code very quickly but you should still take some drastic efforts (see below) to clean up your site and protect yourself.

Download Shared Hosting Attack Fix »

Instructions:

1. Make time this week to figure out and implement a plan for backing up your site and database, either via your hosting provider, your own shell scripts, or VaultPress.com is looking very good right now if you’re on WordPress.
2. Back up your site files. Even if they are hacked, get a copy of everything locally just in case.
3. Download shared-hosting-fix.php.txt and rename it shared-hosting-fix.php
4. Place the file somewhere in your document root and visit it in a browser to review what files are infected. If you’re not seeing affected files here, make sure the contents of the $hack_str variable on line 30 is the same as the beginning of the hack’s code. Some have been different by a space here and there, which will affect this clean up script.
5. If you have infected files, you can press the “Fix Files” button at the bottom of the page to start the automated task of removing the first line of malicious code
6. Confirm that you want to make the changes on the popups and you will see a simple log display when all is said and done
7. Back up your clean(er) files and take more steps to audit your files and database to try to avoid recurrence

Do More to Clean Up and Protect Yourself (WordPress)

Just a few notes about other things you can (and should) do:

• Make regular backups — Lazy? Checkout VaultPress
• Clear any and all cache files on your server. I’d literally de-activate the caching plugins, remove them and their associated directories and then download and re-install them
• Back up your wp-config.php file and wp-content directory then completely remove all of your WordPress files and directories, then re-upload from a fresh and up-to-date WordPress install. Audit your wp-content directories and wp-config.php file before re-uploading.
• Use some WP Security plugins:
  • WP Security Scan
  • WordPress File Monitor
  • WordPress Exploit Scanner
• Check your database, specifically the wp_options table for suspicious code (see Chris Pearson’s post below, How to Diagnose and Remove the WordPress Pharma Hack

WordPress Security Reference Links

Thanks to some friends at Automattic and in the WordPress community, here are some links for your reference:

• WordPress Security Presentation
  A great WP security presentation by Brad Williams of WebDevStudios
• Securing wp-admin
• Securing wp-config.php
• Moving wp-content
• Installing WP with Clean SVN Repositories
• If you’re a busy, well-to-do, business person who just doesn’t have the time, you could contact and hire a outstanding WordPress and PHP developer and occasional blogger… </shamless_self_promotion>

Some Reference Posts For Reading:

• CONTINUING STORY – Dangerous Malware Alert – Self-Hosted Sites Hack Update – Go Daddy Responds! | WPSecurityLock
• Simple cleanup solution for the latest WordPress hack
• http://smackdown.blogsblogsblogs.com/2010/05/13/hosting-with-godaddy-might-want-to-rethink-that-decision/
• How to Diagnose and Remove the WordPress Pharma Hack
• How to cure your GoDaddy WordPress hacked blog

You’ve read all the articles and seen all the tweets. I won’t comment on my personal/professional opinions of GoDaddy’s shared Linux hosting. What I will do is try to help out my fellow web professional recover from the recurring hacks in GoDaddy’s shared Linux hosting environment.

I WILL SAY THIS: This is not a WordPress issue. It’s a hosting environment issue. I have clients who were hacked that had no WordPress installation installed on their account.

What Happened?

Who knows. Bottom line, some doucher or group of douches have found vulnerabilities in the shared Linux hosting environment GoDaddy sells and have appended a line of base64 encoded PHP to be evaluated before nearly every PHP file is launched. This is normally causing malware warnings in updated browsers and I’ve seen some spoofing/redirects to search engine spiders as well.

What do I do?

Revert to a back-up before a hack or remove the malicious line from each .php file in the entire directory tree of your hosting account.

Fixing the GoDaddy Hosting base64 Malware Hack

I have created a very simple script to allow you to sniff for these files recursively and remove the first line of any files whose first line contains the string: <?php /**/ eval(base64_decode(

This should clear things up, but I offer no guarantee or warranty and am not liable for what this file does. It’s simply a fix I used on a few client sites.

Download the Fix

Instructions:

1. Download the GoDaddy Hosting Malware Hack fix
2. Rename the file godaddy_hack_fix.php and upload to your document root.
3. Visit the file in a browser, e.g. http://yourdomain.com/godaddy_hack_fix.php
4. Review the location and number of files that are assumed infected and back them up (download them to your local machine in case of catastrophy)
5. At the bottom of the script’s output, there’s a Fix Files button. If you’re ready, press it and wait. It will tell you when it’s removed the malicious first line from the files.
6. I’d follow up by personally checking a few random files to ensure you seem right.

This is a quick fix, but not complete. You should ideally remove and update from a back up, but let’s face it, most of us actually back things up. It’s human nature.

Much love. Let me know if this helped you out.

jQuery 1.3 with PHP is a book for experienced PHP programmers want to beef up the user experience of their web applications by adding behaviors that help organize content, optimize the app and streamline the user’s workflow.

I’d recommend that any PHP developer using this have a basic understanding of Javascript and take a few very basic jQuery tutorials before beginning.

Book Format

The book functions as more of functional, real-world examples of building pieces of a content management system than a step-by-step tutorial. For better than novice PHP programmers, this is perfect, as you’ve probably already built similar features using HTML, CSS and PHP alone.

Example code is well organized and is clean, but it’s assumed that you’ve got a solid background in PHP programming and web application security. The book stays focused on it’s topic: jQuery and PHP.

Book Content

As described, the book focuses on real-world examples of features that you may include in a CMS or custom web application for a business:

• Intro/Basics
• jQuery UI Tabs/Accordions
• Forms/Form Validation
• File Management & Uploads
• Calendar
• Images
• Drag/Drop/Sortable
• Data Tables
• Optimization

Content is well organized and all examples use very current code and jQuery plugins. Although jQuery 1.4 was recently released, this book and it’s examples still serve as solid learning tools.

Intro/Basics

The book begins by explaining the assumptions about the audience (developers expected experience) and giving some introductions to jQuery as well as some quick tips to get novice jQueriers started.

jQuery UI Tabs/Accordions

Tabs and accordions are discussed as a means of organizing content. In terms of a CMS, the book describes methods of using PHP to parse output dynamically into tab/accordion behaviors.

Forms/Form Validation

Form data and user-experience, including dynamic loading select elements (drop-down lists) and auto-complete are touched in on in the examples from this chapter. Client-side form validation is also shown, in coordination with server-side validation, incorporating the use of the validation jQuery plugin.

I do appreciate that the book touches on the importance and necessity of server-side validation. Form validation with Javascript, in my opinion, should always be a form of progressive enhancement. Forms should always be validated at the server-level for accuracy and security purposes.

File Management & Uploads

Some examples of creating basic file management features as well as handling file uploads are included in this chapter’s examples. A nice piece included here is the use of the Uploadify jQuery plugin, which uses a flash document to allow users to upload multiple files at once, which is slowly becoming a standard for web apps that allow users to upload files.

Calendar

A nice chapter of this books deals with using a jQuery calendar plugin, which is a very impressive and dynamic feature. Although it’s not for beginners, the examples get the reader to a fairly strong amount of functionality with a clean and very dynamic calendar interface. With a solid understanding of PHP/MySQL programming, one could easily create a fully-functional calendar for their web application/CMS.

Images

The chapter on images uses both server side programming with Image Magick, jQuery code and the jCrop image cropping plugin to create a image management features including resizing, scaling, rotation and cropping. The chapter also touches on outputting images to the buffer, file storage and caching.

This chapter is probably well suited for developers who have played with image manipulation before, and as with the calendar chapter, may require some extra time to follow and completely understand.

Drag/Drop/Sortable

Sortable lists are discussed in the chapter, with examples including setting the sort order of elements such as website navigation/pages. The chapter also gets into connecting lists so that elements can be dragged between. A very valuable user experience behavior to incorporate into a number of features of your custom web application/CMS.

Data Tables

The data table jQuery plugin is used as well to illustrate how to easily create sortable and searchable tables of data within your web application as well as create AJAX-powered pagination.

Optimization

Aspects of optimizing your jQuery and PHP rich web applications is touched on in the final chapter and some great points are made with regards to:

• page load times
• caching and compression
• code organization and re-use
• jQuery and Javasript code/memory optimization
• Content Delivery Network (CDN) like Google and Yahoo!

Summary

All in all I feel that jQuery 1.3 with PHP would be a great resource for an experienced PHP programmer that wants to spice up the user experience of their new or existing web applications.

The examples are real-world scenarios that can be extrapolated on to create truly impressive web applications, especially if you’re building a customized content management system.

Want to give it a read? You can purchase jQuery 1.3 with PHP on the Packt Publishing website.

The problem:

I updated OS X and all of a sudden my local PHP installation isn’t sending mail. No errors, no warnings. Everything functions correctly but the mail never actually makes it to the inbox.

The solution:

Jasper outlines the the solution in his great post. I’m going to mark the steps I took after reading his post, but by all means give the man a thank you, a beer, a hug, or something!

Open terminal, you’ll need it:

1. Turn on the mail server your hostconfig file:
   Run sudo nano -w /etc/hostconfig in Terminal. Look for the line starting MAILSERVER=, if you don’t see it, add it and make sure it reads:

   MAILSERVER=-YES-

   

2. Edit your posfix configuration file:
   First, I normally backup a configuration file before messing with it, since I’m no Terminal guru. If you want to take this precaution too, run this command in Terminal: sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.org

   Now, run sudo nano -w /etc/postfix/main.cf and find the lines defining the myhostname variable. Remove the leading number/pound sign (#) to uncomment the declaration and set it’s value to something you own, or something you can recognize.

   

   Note that if you set this to something obscure like I have, your email messages without from: headers will send from your Apache user (mine’s _www) at this domain. For instance, my emails send from _www@theandystratton.desktop.local. These tend to be blocked by Gmail’s spam filter (and probably most spam filters).

3. Edit your php.ini just in case
   
   Open your php.ini file and uncomment the sendmail_path variable by deleting the leading semicolon (;).

   Set its value to sendmail -t -i so that line reads:
   

   sendmail_path = "sendmail -t -i"

   Restart Apache so the setting applies to you PHP install.

4. Test your mail() script.
   
   Run a sample PHP script to see if you’re able to send mail. If you’d like to see what’s going on or get a confirmation from your log files that the email is working, check out Jasper’s tip using tail to show what’s happening with sendmail/postfix in Terminal in real time.

Did it work for you? Send Jasper some love and thank him. This is an aggregation of his solution and a journal of what helped me, in hopes that his solution can reach more people.

Thanks again, Jasper.

I started by displaying a count($posts), but since I’ve got my installation showing 5 posts per page, that consistently displayed 5 or less posts. Less than desirable.

So, the next step was duplicating the search query so I could get the count, and as usual I like to try to use the WordPress functions as opposed to touching the database directly:

<?php
$tmp_search = new WP_Query('s=' . wp_specialchars($_GET['s']) . '&show_posts=-1');
$count = $tmp_search->post_count;
echo $count . ' results for ' . htmlentities($_GET['s']) . '.';
?>

Unfortunately, the code above still gave me the wrong count. Why? My settings were still set to 5 posts per page; and the WP Query object as assuming this constraint.

The Solution: send posts_per_page=-1 as part of the query.

<?php
$tmp_search = new WP_Query('s=' . wp_specialchars($_GET['s']) . '&show_posts=-1&posts_per_page=-1');
$count = $tmp_search->post_count;
echo $count . ' results for ' . htmlentities($_GET['s']) . '.';
?>

…and there you have it. A nice functional search results page. For even further refinement, I’m limiting my search to blog posts, and excluding pages by including post_type=post in my query.

It’s very simple, simple send a selector string to the jQuery function and call the populate() method:

Let’s assume the following markup in the body:

<form method="post" action="process_form.php">
<p>
    <label for="name">Enter your name:</label>
    <input type="text" name="name" id="name" class="autopop" title="Enter your name..." value="" />
</p>
</form>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.j"></script>
<script type="text/javascript" src="jquery.populate.js"></script>
<script type="text/javascript">
$(function(){
    $("form input.autopop").populate({color: "#999"});
});
</script>

It’s that simple. It’s fast, elegant, and accessible. You can even send an optional settings object with a color property. This will be used for the auto-populated text’s color.

See the demo, or download the zip.

Just visit CheckMyHeaders.com and enjoy.

What’s so great?

Well, I’m sure I’m partial because I built it, but here are a few of the perks:

• Clean, simple interface
• Easy to remember URL: http://checkmyheaders.com – no more search or bookmark clicks
• OpenSearch support for Firefox and IE 7 toolbars
• Bookmarklet support for Safari/Chrome
• Support for SSL links

Let me know what you think, if you like it, link it up!