WordPress 3.0 is here!

I have used WordPress for 5+ years, back when it was just a small, minor blogging platform. Back then, it was a solid, reliable platform, but now, it has grown to be one of the most commonly used CMS (content management system) software online, used by millions of sites, including this one.

True, it is, at it’s core, a blogging platform, but in recent years, it has been used more and more for other applications where static pages and/or other forms of pages rather than blog posts are required.

Rather than go through all of the new features in this latest release here on my blog, I would encourage you to view one of the many excellent write-ups available on other blogs, such as the one that SixRevisions did.

As always, it is best to keep all software fully up-to-date, so I would advise upgrading to this latest version, even if you don’t need the extra features that it offers.

P.S. I am currently able to accept a limited number of additional clients for my PHP Development services. Interested in discussing the possibility of my handling your project for you? Contact me!

A couple minutes ago, I discovered a privacy flaw on a major website.

I signed up to the Presidential Inaugural Committee opt-in form, which then redirected me to another page where they were asking for donations, with my name, email address, and zip code pre-filled.

There was nothing too unusual about that, except the URL to the page was in this format:

https://donate.pic2009.org/page/contribute/firsttoknow?stg_signup_id=xxx (where “xxx” was a number, such as “12345″).

I got curious, and decided to try the number one lower then mine as the “stg_signup_id”, and, sure enough, the form popped up, pre-populated with another persons name, zip code, and email address.

This privacy vulnerability could have been eliminated by better planning, such as putting the information in a cookie on the browser, or something like that, rather then letting them access the data directly from the database with no checking to ensure that they were the same person.

You would think that a site with that kind of exposure would have at least some basic security standards for the data from their visitors, but I suppose not.

Unfortunately, I have found that this is not necessarily all that unusual, even with major websites.

P.S. I am currently able to accept a limited number of additional clients for my PHP Development services. Interested in discussing the possibility of my handling your project for you? Contact me!

As my readers are probably aware, I am definitely a programmer first, and a graphic designer second (or perhaps third or fourth).

However, in working on clients websites, I often find myself needing to pull up Photoshop or Fireworks (my tools of choice) and do some work on graphics, or perhaps spend an hour or two on a CSS file getting formatting adjusted.

Because of that, I was interested in a post by Elite by Design I found in my RSS reader this morning with links to 22 different free icon packs.

I’m always looking for shortcuts in web site development (clients generally like to see work done both fast and well), and using different free libraries such as the jQuery Javascript library or these icon packs are a very efficient way to cut development time, while actually increasing the quality of the end product.

Anyway, check them out!

P.S. I am currently able to accept a limited number of additional clients for my PHP Development services. Interested in discussing the possibility of my handling your project for you? Contact me!

Rule #1 of having a freelance programming business (well, maybe not #1, but fairly high up there):

“Ensure that the domain registration on your blog/email host doesn’t expire.”

I had this domain set to not automatically renew, and unfortunately, it expired earlier this month, and it took me a few days to figure out why all of the potential clients/clients I had been emailing suddenly stopped replying to my emails.

My apologies to everyone for that glitch on my part.

I do, however, now have some time available to take on new work, so if you have a project you would like me to handle for you, please shoot me a message.

Thanks!

P.S. I am currently able to accept a limited number of additional clients for my PHP Development services. Interested in discussing the possibility of my handling your project for you? Contact me!

As many of you know, WordPress is by far my favorite blogging platform (and the one that I use for this blog).

Three days ago, WordPress 2.6.5 was released, and according to the post on WordPress.org, it contains one security fix and three bug fixes.

From their site:

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

You can download the latest package from WordPress.org/Download.

P.S. I am currently able to accept a limited number of additional clients for my PHP Development services. Interested in discussing the possibility of my handling your project for you? Contact me!

Today, I thought I would knock out a relatively light subject before tackling heavier stuff in the upcoming weeks and months. That topic is implementing header redirects with PHP.

Header redirects are redirects that are handled instantaneously and transparently by the browser, and come in two common forms: 301 redirects and 302 redirects.

The difference between the two is that a 301 redirect is used to tell users that a particular page has permanently moved, and a 302 redirect is used to tell users that a page has only been moved temporarily.

To implement a redirect, the following code must be placed in your PHP script before it prints out any output. Because the redirect is sent in the HTTP header, if the PHP script outputs anything before the redirect header is set, PHP will automatically send headers along with the data that is printed out, and it is impossible to add other headers after data is printed.

301 Redirect:

<?php
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://www.prophpdevelopmentblog.com/");
?>

302 Redirect:

<?php
header("HTTP/1.1 302 Moved Temporarily");
header("Location: http://www.prophpdevelopmentblog.com/");
?>

One important thing to keep in mind when considering putting up a redirect, is that search engines will generally follow and pass link popularity on through 301 redirects, but not 302 redirects, so if the redirect is more or less permanent and you would like the search engine indexing/ranking to reflect that, then a 301 is the way to go.

P.S. I am currently able to accept a limited number of additional clients for my PHP Development services. Interested in discussing the possibility of my handling your project for you? Contact me!

A question that is often asked by new PHP programmers is:

“How do we compress the (HTML) page output?”

First of all, why would anyone want to compress their webpages? There are really two reasons why it is useful:

1. The page loads faster, especially for users with slower internet connections
2. The site uses less bandwidth, which means that the site, especially if it gets lots of traffic, is cheaper to run

The downside to compressing page output is that it uses more CPU processing power, but the benefits usually outweigh the extra processing that needs to take place server-side.

Techniques for Compressing Page Output

There are several ways to compress page output, which we will discuss below:

First of all, it is possible to activate it for all content (both PHP and non-PHP) served by your Apache web server by changing the configuration of Apache. However, for this post, we will focus on doing it with PHP, as that is the subject of this blog.

If you have access to your php.ini configuration file, the preferred method of compressing all PHP output is to do it by modifying the following configuration settings in that file to have these values:

zlib.output_compression = On
zlib.output_compression_level = 5

In the above code, “zlib.output_compression_level” should be set to a value between 1 and 9, with the higher values giving more compression, but using more server (CPU) resources.

Alternatively, if you don’t have access to the php.ini file on your server, you can put the compression code directly in your PHP scripts. To do that, put the following line at the top of all of your PHP pages that you want compressed:

Either way you use, once you think you have everything in place, you can use one of many compression testing websites in order to verify that your site is indeed sending compressed output to browsers.

Is it worth it to set up page compression? In most cases, yes.

For example, on one site I was recently working on, we were serving up about 2 Million pages/month without compression. We had complaints of the site loading slowly for some users (the pages were large), as well as the bandwidth getting expensive, so I took steps to set up page compression using the (first) php.ini method.

After getting it configured, I saw a noticeable decrease in page loading time, even for me with my fast internet connection, and the bandwidth bill dropped to only around 30% of what it was before. At the same time, the load on the dual Xeon processor didn’t move up noticeably, so in this case, I considered it to be a success.

P.S. I am currently able to accept a limited number of additional clients for my PHP Development services. Interested in discussing the possibility of my handling your project for you? Contact me!