Web Development -

Web Development

  • How to avoid web content hijacking/copying/Force content to be accessed by only 1 domain name


    This is something that happens a lot and it is very dirty,  as you probably know each site is hosted on a certain IP address.  Sometimes a domain is hosted by a single IP address and the IP address defaults to this very same domain.

    This means that if someone buys domain abcd.com and enters your IP address (the one of your website) as the A record, your content will show up on their domain as if it was their own.

    There is an easy way to prevent this by using .htaccess, these 2 lines of code simply tell Apache that if your content is being accessed by anything other than yourrealdomain.com to redirect to "yourrealdomain.com":


    RewriteCond %{HTTP_HOST} !^yourrealdomain.com
    RewriteRule ^(.*)   http://yourrealdomain.com/$1   [R=permanent,L]

    This will prevent sites from hijacking your content.   I know people say Google can detect duplicate content and which site was the original one, but I don't believe this.  A domain that hijacked one of my sites started getting our content indexed under the domain name they used to hijack my content.

    This is something that you should put in the .htaccess of every site you have to prevent this, it also has the benefit of eliminating difference links pointing to the www. version of your site, this forces everything to your root domain.
     


  • Process/Parse PHP from HTML files using .htaccess and allowoverride


    RemoveHandler .html .htm
    AddType application/x-httpd-php .php .htm .html

    Just add the above into the .htaccess file for your website.

    Also remember that you need to be allowed to override the Apache and this should go into the vhost for your site as shown below:

    # you need the AllowOverride otherwise .htaccess directives will be ignored
    <Directory "/www/vhosts/complaintdb.com/httpdocs">
    Options FollowSymLinks
    AllowOverride All
    </Directory>

  • Enable/Disable PHP Warnings/Logs and Errors from .htaccess with Apache


    Put what you see below into your .htaccessand it will enable errors and notices. (change on to off and 1 to 0 to disable though)

    php_flag display_startup_errors on
    php_flag display_errors on
    php_flag html_errors on

    Now you'll be able to see errors and notices but this should really only be used for debugging purposes and only temporarily as it can be a security issue since errors can reveal information you wouldn't want hackers to know about.

     

     


  • JavaScript get valued of selected <select> drop down l


    JavaScript get valued of selected <select> drop down l

    [code:1:4be190f44a]Package = OrderForm.package.options[OrderForm.package.selectedIndex].value;[/code:1:4be190f44a]

    OrderForm = Name of HTML form the SELECT is inside
    package = Name of SELECT element eg.<select name="package">


    JavaScript says form name is not defined even though it is

    I've integrated this into my design and I got an error saying the Form Name is not defined, even though in a standalone page the same code with the same form name which is defined is there.

    Here is what normally worked:
    [code:1:f5ffccc1a6]
    Package = OrderForm.package.options[OrderForm.package.selectedIndex].value;[/code:1:f5ffccc1a6]

    I also tried:
    [code:1:f5ffccc1a6]
    Package = [b]document[/b].OrderForm.package.options[OrderForm.package.selectedIndex].value;[/code:1:f5ffccc1a6]

    Ok this is messed up........llike I said the code worked fine before, but not with the integration of my site. The whole thing came down to the doctype!

    I have no idea why but here is the bad DOCTYPE:

    [code:1:f5ffccc1a6]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    [/code:1:f5ffccc1a6]

    Good DOCTYPE

    [code:1:f5ffccc1a6] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">[/code:1:f5ffccc1a6]



  • JavasScript how to set or write value in id tag


    JavasScript how to set or write value in id tag

    <div id="price">bla</div>

    I need to set a value inside that DIV tag using Javascript, how would I do it?


    Doesn't work for me:

    [quote:c6b5f693a5]Warning: Element referenced by ID/NAME in the global scope. Use W3C standard document.getElementById() instead.
    Source File: http://hosting.com/vps-order.html
    Line: 19[/quote:c6b5f693a5]
    [code:1:c6b5f693a5]

    <script type="text/javascript">

    function WriteDIVText()
    {
    document.getElementById("DIVText").innerText =
    "Here is replacement text for the division.";
    }

    </script>

    <div id="DIVText" style="border:ridge 3px; padding:5px">
    Here is a division containing text.
    </div>

    <input type="button" value="Write to DIV" onclick="WriteDIVText()"/>[/code:1:c6b5f693a5]


    use "innerHTML" instead and it will work
    [code:1:13693b649f]
    document.getElementById("displaytheprice").innerHTML = "wheeeeeeeeeeeeeeeeee";[/code:1:13693b649f]



  • PHP CURL SSL won't work or connect


    I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself).

    * About to connect() to ip.ip.ip.ip port 25000
    *   Trying ip.ip.ip.ip... * connected
    * Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000
    * successfully set certificate verify locations:
    *   CAfile: /usr/share/ssl/certs/ca-bundle.crt
      CApath: none
    * SSL connection using DHE-RSA-AES256-SHA
    * Server certificate:
    *      subject: /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=domain.com/emailAddress=us@domain.com
    *      start date: 2010-10-20 04:23:10 GMT
    *      expire date: 2011-10-20 04:23:10 GMT
    * SSL: certificate subject name 'domain.com' does not match target host name 'ip.ip.ip.ip'
    * Closing connection #0
    Content-type: text/html
    X-Powered-By: PHP/4.3.9

    The solution

    Add the following to your CURL options:

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,false);

    The VERIFYHOST option is what I was missing.

     

     


  • PHP Email Attachment Corrupt Solution


    I couldn't figure out why this wouldn't work, a test script in the root of my htdocs folder worked fine.

    Within some subdirectories the same code would produce different base64 results but I didn't know hwy.



    Archive:  /tmp/archive.zip
    Zip file size: 6888 bytes, number of entries: 92
    error [/tmp/archive.zip]:  missing 242827681 bytes in zipfile
      (attempting to process anyway)
    error [/tmp/archive.zip]:  attempt to seek before beginning of zipfile
      (please check that you have transferred or created the zipfile in the
      appropriate BINARY mode and that you have compiled UnZip properly)

    Here was the problem in .htaccess!

    It was because magic_quotes_gpc was being turned of by my htaccess within the subdirectory.

    Now after disabling it the e-mail attachment zip is not corrupt and works fine but it was a big headache and definitely required a lot of digging/headscratching.

    #php_flag magic_quotes_gpc off 
    #php_flag magic_quotes_runtime on

    *Update

    It turns out that the real issue was just the "magic_quotes_runtime" being on.  It still works fine with the magic_quotes_gpc being turned off.


  • PHP Fatal error: Call to undefined function mysql_connect()


    PHP Fatal error:  Call to undefined function mysql_connect()

    yum install php-*


  • PHP Warning: imagecreatefromjpeg(): gd-jpeg, libjpeg: recoverable error: Premature end of JPEG file


    I was having an issue with only certain random/jpeg files with the functions imagecreatefromjpeg imagecreatetruecolor and other related ones.

    This issue was annoying basically it seems like a libgd issue/bug with newer versions of PHP and it was difficult to trace-out.  One very useful thing that helped me was using "php-cgi" and passing the query string as an argument eg:

    php-cgi images.php source=IMG.jpg (that way you get all the error messages which lead me to below):

    PHP Warning:  imagecreatefromjpeg(): gd-jpeg, libjpeg: recoverable error: Premature end of JPEG file

    The solution is to tweak the PHP GD settings to ignore this warning

    /etc/php.ini

    [gd]
    ; Tell the jpeg decode to ignore warnings and try to create
    ; a gd image. The warning will then be displayed as notices
    ; disabled by default
    ; http://www.php.net/manual/en/image.configuration.php#ini.image.jpeg-ignore-warning
    gd.jpeg_ignore_warning = 1

     


  • PayPal subscriptions automatically cancelling after creation of profile


    <p>There is a weird quirk with how this works, but there is a variable called &quot;src&quot; that defaults to 0 or disabled if not specified as 1.</p> <p>The default 0 means not to recur billing on a subscription.&nbsp; It's too bad it's not more obvious anywhere nor is there an explanation or warning during payment or after to both the seller and buyer.</p> <p><strong>Here's a proper subscription code example that does recur and does not cancel:</strong></p> <p><strong>Note the following</strong></p> <p>a3= the recurring value</p> <p>p3= the period it recurs on</p> <p>t3 = the period timeframe (eg M for month or Y&nbsp;for year etc..)</p> <pre id="line1"><code><span>&lt;<span class="start-tag">form</span> <span class="attribute-name">name</span>=&quot;<a class="attribute-value">_xclick</a>&quot; <span class="attribute-name">action</span>=&quot;<a href="view-source:https://www.paypal.com/cgi-bin/webscr" class="attribute-value">https://www.paypal.com/cgi-bin/webscr</a>&quot; <span class="attribute-name">method</span>=&quot;<a class="attribute-value">post</a>&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">cmd</a>&quot; <span class="attribute-name">value</span>=&quot;<a class="attribute-value">_xclick-subscriptions</a>&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">business</a>&quot; <span class="attribute-name">value</span>=&quot;your-business-seller-id&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">a3</a>&quot; <span class="attribute-name">value</span>=&quot;<a class="attribute-value">19.99</a>&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">p3</a>&quot; <span class="attribute-name">value</span>=&quot;<a class="attribute-value">3</a>&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">t3</a>&quot; <span class="attribute-name">value</span>=&quot;<a class="attribute-value">M</a>&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">currency_code</a>&quot; <span class="attribute-name">value</span>=&quot;<a class="attribute-value">USD</a>&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">item_name</a>&quot; <span class="attribute-name">value</span>=&quot;Item Name&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">amount</a>&quot; <span class="attribute-name">value</span>=&quot;<a class="attribute-value">19.99</a>&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">hidden</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">src</a>&quot; <span class="attribute-name">value</span>=&quot;<a class="attribute-value">1</a>&quot;&gt;</span><span> </span><span>&lt;<span class="start-tag">input</span> <span class="attribute-name">type</span>=&quot;<a class="attribute-value">image</a>&quot; <span class="attribute-name">src</span>=&quot;<a href="view-source:http://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif" class="attribute-value">http://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif</a>&quot; <span class="attribute-name">border</span>=&quot;<a class="attribute-value">0</a>&quot; <span class="attribute-name">name</span>=&quot;<a class="attribute-value">submit</a>&quot; <span class="attribute-name">alt</span>=&quot;<a class="attribute-value">Make payments with PayPal - it's fast, free and secure!</a>&quot;&gt;</span><span> </span><span><!--<span class="end-tag"-->form</span>&gt;</code></pre>
  • The redirect URI in the request: urn:ietf:wg:oauth:2.0:oob can only be used by a Client ID for native application. It is not allowed for the 'WEB' client type.


    You need to set your application type as "Desktop" even though this would sound counterintuitive.


  • Error code: ssl_error_rx_record_too_long



    An error occurred during a connection to site.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

        The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
        Please contact the website owners to inform them of this problem.

    When the above happens in our experience it is a misconfiguration of your web server, in our case usually it would be Apache and the port you are connecting to is meant for non-SSL. 


  • Force SSL for all URLs Apache htaccess modrewrite


    The best way is as below in .htaccess using modrewrite, any request that is not SSL will be redirected to https://domain.com and the exact same URL

    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]


  • Redirect www host to non-www Linux Apache modrewrite


    The below forces all request to your domain to go to the main non-www root domain.

    Updated code:

    RewriteCond %{HTTP_HOST} !=domain.com
    RewriteRule ^(.*)$ https://newurl.com/subdir/$1 [R=301,L]

    If you don't want it to go to a subdirectory:

    RewriteCond %{HTTP_HOST} !=domain.com
    RewriteRule ^(.*)$ https://newurl.com/$1 [R=301,L]

    Bad code:

    This code is bad because the REQUEST_URI is not valid or correct if you want to rewrite to a subdirectory and may cause a // home page etc...

    RewriteCond %{HTTP_HOST} !=domain.com
    RewriteCond %{HTTP_HOST} !=""
    RewriteRule ^ http://domain.com/%{REQUEST_URI} [R=301,L]



  • How Do you Open/Extract .WARC Internet Archive Files on Linux Ubuntu/Mint/Centos?
  • How To Disable htaccess inheritance or exclude a directory
  • root/home directory has ownership changed to the wrong user/owner mysteriously
  • mdadm and lvm how to completely disable and remove vg/pv/lv
  • sshd[10470]: Authentication refused: bad ownership or modes for directory /root
  • LG Phoenix 2 Escape Disable AT&T Phonebook/Contacts Error Message
  • mdadm frozen and doesn't realize array is dead/missing failed due to unplugged drives
  • Unable to mount location Failed to retrieve share list from server: No such file or directory solution
  • mdadm how to make inactive array active
  • ImageMagick how to trim white space automatically in Linux
  • curl: (1) Protocol "https not supported or disabled in libcurl"
  • Centos 5 OpenSSL does not support TLS 1.2 Apache Error
  • DRBD Split-brain solution
  • How to Properly Secure SSL/TLS Apache Settings against Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST CRIME
  • K9 Mail Android Cannot See or View E-mails Disappear after reading - with Dovecot server. Solution
  • The folder contents could not be displayed connection refused - solution
  • Setting Up System for First Use... Please Wait... - WHMCS Installer
  • ERROR 2013 (HY000): Lost connection to MySQL server during query
  • if script bash check if socket file (mysql.sock) exists
  • ioncube loader install howto on PHP/Centos