PhpMyChat is a PHP based script, it is very easy-to-install and can create a multi-room chat system using a database as the content storage. Lets go through the steps, in order to install the PhpMyChat on your virtual private server :

1) Open the below URL and download the following zip file – phpMyChat-Plus_1.93_full.zip

http://sourceforge.net/projects/phpmychat/

2) Enter the directory in which you wish PhPMyChat to be installed in the mentioned field. Note that the directory should be the top-level directory on your website.

3) Setting the database:
mysql_setpermission

Name of database :
Username :
Yes to password :yes
Enter Password :
Confirm Password :
Host :localhost
Yes to create :yes
Create Another :no
Exit :0

4) Open your favourite browser, and go to http://example.com/chat/setup.php3
Replace (http://example.com) with your domain name.
Now, choose Go for the auto setup.

5) Now you need to fill the database with the particular information:
host=localhost,
database name=yourdatabasename,
username=
password=
Choose Go to continue the setup

6) Fine Tuning Options:
Choose the options you wish and once it is done simply Click Ok.

7) Now, Go to Admin Register Panel
Here you will require to enter a login and password to use for chat database admin.

When it is driven, just copy and paste the produced text file into your choice of text editor.

9) Now, edit that text file with your login and password of the database.

10) Save the text file by giving the name config.lib.php3

11) Once it is done, simply move the text file into the following folder:
/home/username/public_html/chat/config/

That’s it!

Now you can open your chatroom ready at http://example.com/chat.:

http://example.com/phpMyChat.php3

Related Posts:

• No Related Posts

Microsoft has a Bing API that allows you to use the Bing search engine on your own website. API stands for Application Programming Interface for those that don’t know, and it’s a way to interact with the Bing service to integrate it with your PHP Web application. It’s pretty easy too.

First we need to understand how the Bing API works. Well, going over the Bing API documentation it appears there are several things going on before, during and after a search request to the Bing API through our Web application:

• First, we make the request by a standard HTTP GET request. We specify the GET parameters (for example: index.php?parameter=value&another_parameter=another_value). The Bing API responds to the HTTP GET in a number of data formats, including:
  • JSON (JavaScript Object Notation)
  • XML
  • SOAP

  In this example however, we’ll concentrate on a JSON request. For more information about JSON, see this article on it or do a quick Google search.

• Next, the Bing API responds to the request with a response using JSON. We then use a function to translate the JSON encoded data into PHP arrays for us to work with to display the results to the user.

It’s important to note in order to use the Bing API you need to register for an API key (free, of course) at the Bing Developer Centre. Once you’ve registered you’ll need to use this API key when sending requests to the Bing API through your Web application.

Once you’ve registered and got your API key we can start developing our Bing application immediately. So we’re going to send a request and request a response with the JSON protocol. The Using JSON page has in-depth information about sending requests and subsequent responses from the Bing API using the JSON protocol, so check it out first. Now in a request we’re using many different “classes” in the Bing API (and if you don’t know, the Bing API is object-oriented hence my referral to the word “class” – it simply means different features we can use in the Bing API is split into different sections, such as the SearchRequest class has functions (or “features”) that we use to make a request to the Bing API. The class we always use in a request is the SearchRequest class (as some of the “parameters” required in any type of request are part of the SearchRequest class), which has the following functions:

• AppId – this is how we specify what our API ID is, in order to send a request to the Bing API.
• Query – the actual URL encoded query we make, usually submitted through a form.
• Source – what type of request we’re going to make (Bing refers this to SourceType – see the SourceType page for the list of all types of sources we can use – such as Web, Image and so forth).

(If you don’t understand what “classes” are, or object oriented programming, you could make a Google search after this article What is Object Oriented Programming in PHP to learn about object oriented programming in PHP.)

There are the only required functions we have to use as parameters in the GET request from the SearchRequest class. In actual fact, in order to make a request all we need is the Query, the Source and the AppId.
However there are optional “functions” we can use that specify how many results we want Bing to return to us, etc. That explained in a moment. Now if you make a Web SourceType request, bear in mind you will receive responses from many different classes, including:

• SearchResponse.Version – which displays the version of the Bing API that is dealing with your response. This response is common to all types of SourceType responses.

(Remember, Search Response is a class – the Version bit is part of the SearchResponse class, separated by a period).

• Query.SearchTerms – the search terms the user made; this response is common to all types of SourceType responses.

The following responses are specific to the Web SourceType responses:

• WebResult.Url – the URL of the website in a search result
• WebResult.CacheUrl – if Bing has a cache of the page, the URL to the cache copy will be in CacheUrl.
• WebResult.DateTime – the last time this result was crawled by the Bing search bot.
• WebResult.DeepLinks – if any other pages link to the search
  result’s URL, they will be part of this feature if you wish to display this information.
• WebResult.Description – a description of the search result for you to display if you wish (recommended, of course).
• WebResult.DisplayUrl – the same as the Url one above, but instead it’s formatted so you can display it without removing the http:// as it’s stripped already. This is the “green URL” you see below a search result.
• WebResult.SearchTags – returns the search tags of this request, if you wish to display them, etc.
• WebResult.Title – the title of the search result.

For a full list of responses you get from each time of SourceType request, see Working with SourceTypes page.

Ok, so we’ll get onto the code, here’s a working application – in the code the relevant parts are commented:

<body>
<?php
$search = trim($_POST['search']); // trim whitespace at start and end to ensure no empty query is submitted
if($_POST['submit']) {
if(strlen($search) == 0) {
echo "<p>Error: empty search</p>";
}
else {
$get = file_get_contents("http://api.bing.net/json.aspx?AppId=Your App ID here&Query=".urlencode($search)."&Sources=Web");
$decode = json_decode($get, TRUE); // TRUE for in array format
echo "<p><a href='index.php'>Home</a></p>";
echo "<p><i>1-15 of ".$decode['SearchResponse']['Web']['Total']." results</i></p>"; // total number of results found by Bing for the search query provided
$i = 0; // incremental variable for search result numbering
foreach($decode['SearchResponse']['Web']['Results'] as $res) { // foreach loop, to loop through each array value (result) as $res
$i++; // incrementation
echo "<p>".$i.": <a href='".$res['Url']."'>".$res['Title']."</a><br /><i>".$res['Description']."</i><br /><span style='font-size: 10pt;'>".$res['DisplayUrl']."</span></p>"; // display everything
}
}
}
?>
<div style='text-align: center'>
<h1>Search - powered by Bing</h1>
<form method="post" action="index.php">
<input type="text" name="search" size="50" />
<input type="submit" name="submit" value="Bing" />
</form>
</div>
</body>

By the way, just to let you know that $decode['SearchResponse']['Web']['Results'] contains the the url, Title, Description and DisplayUrl features, which we discussed earlier which is part of the WebResult class but the SourceType is called Web – hence such referral here.

To understand what’s what, why not make a basic application that returns the response from a query?

<body>
<?php
$search = trim($_POST['search']);
if($_POST['submit']) {
if(strlen($search) == 0) {
echo "<p>Error: empty search</p>";
}
else {
$get = file_get_contents("http://api.bing.net/json.aspx?AppId=Your App ID here&Query=".urlencode($search)."&Sources=Web&Web.Count=15");
$decode = json_decode($get, TRUE);
echo "<pre>";
print_r($decode); // let's print it in a more readable format
echo "</pre>";
}
}
?>
<div style='text-align: center'>
<h1>Search - powered by Bing</h1>
<form method="post" action="index.php">
<input type="text" name="search" size="50" />
<input type="submit" name="submit" value="Bing" />
</form>
</div>
</body>

Related Posts:

• No Related Posts

Cookie and Session Fixation

Cookies or sessions are used with all membership scripts, whereby allowing the Website user to stay logged in. It’s a personal preference whether to use cookies or sessions but sessions add extra end-user security, where the session will always expire should the browser be closed (and for those using Windows-based servers, after a specific period of time).

There are many different types of security exploitations hackers can sink their teeth into, some of the most common are SQL injections, where the hacker exploits SQL statements by adding extra code to the statement that tampers with the existing statements within. This can be easily rectified and many new programmers think this is the end of their worries with security-related issues in PHP – but unfortunately there’s more. Don’t blame PHP, these apply to every single programming language out there (especially ASP, too). In-fact, we blame it on the browser really as this is where Cookie Fixation really happens.

Cookie Fixation is where cookie values are tampered with to make it look like the hacker is logged in as a specific user of the site. So they could login as ‘hacker123′ and they see another user is logged in too, they’d use a simple software (or add-on in Firefox) to modify the cookie’s value to change it to that specific username. This is, if the cookie value is assigned to the users’ username.

Most scripts apply permissions based on whether they’re “logged in” and who they’re logged in as. So you’d add $_COOKIE['LoggedIn'], for instance to a SQL statement, and if that username in the database has a value of 2 in field ‘permissions’, then give them administrative permissions. Hence, if some kiddie-hacker changed the session or cookie value, well – its obvious!

So, this is obviously something we don’t want therefore we need to take some measures when setting cookies, etc. It’s a pretty simple task and really, no-one needs to be an expert to fixate cookies/sessions so its best to take action to prevent such thing occurring – it may have bad consequences to your database should administrative powers allow database modification via the application.

So first of all we want to add md5 a random password to a seperate cookie, as well as the users’ password (which is also md5 hashed). This may not be the most secure solution but its better than not having it at all. Research on Google is also essential. So that being said, for every page that the user can be logged in on, we include a seperate file that checks that the seperate cookie is set (active), and that the cookie equals the password or value you have made, and the password of the user (and you’d get this by SELECTing it in a query based on the users’ username in the other cookie). That other cookie will just have the username of the user that is logged in. But if you think logically, if they try to change this cookie’s value, it won’t work.

$_COOKIE['LoggedIn'] // this is the cookie with just the username
$_COOKIE['CheckValidation'] // this is for validation, the cookie with your value and the users’ password

Why won’t it work? Basically because if they try changing $_COOKIE['LoggedIn'], unless their password is the same as the previous user, they’ll be refused entry. This is because we’ll include the seperate file at the top of each page, if everything doesn’t work out and it seems the LoggedIn cookie has been tampered with, then we’ll display an error and use the exit() function below to prevent anymore code from being executed by PHP. Pretty simple stuff huh? Of course, this is not the best way of preventing Cookie Fixation but of course its a start for you which you can upgrade by with research!

So first of all when the user logs in, we’ll add the following two cookies:

setcookie("LoggedIn",$username,time()+604800);
setcookie("CheckValidation",md5("this is your md5 password, make it something random!").$query_username_ob->password,time()+604800);

Note: as you can see ($query_username_ob->password) I have queried for the password from the new account in the database, then fetch_objected it, to return values of the specific fields. This is just an extra security measure just in-case you’re trying to figure out what it is for.

Obviously we’d do this once we validate the user and password matches in the database. After, create a seperate file that is included in each page, with the following code:

$session=$_COOKIE['LoggedIn'];
include(“config.php”);
if($session) { // is user is logged in
$password_check=mysql_query(“SELECT `password` FROM `users` WHERE `username` = ‘”.mysql_real_escape_string($session).”‘”) or exit(include(“error.php”)); // SELECT the password followed by a fetch_object to get it from the database
$pw=mysql_fetch_object($password_check);
if(!$_COOKIE['CheckValidation']) { // so if they tried deleting the cookie, don’t let them in
echo “< p style='font-size:20pt;font-weight:bold;color:red;'>UNAUTHORISED ACCESS: You need both cookies active to use this site! If you received this message in error, < a href = 'logout.php'>Logout and log back in.“;
exit();
}
elseif($_COOKIE['CheckValidation']!=md5(“your-password-here”).$pw->password) { // or if they’ve tried sneakily changing the CheckValidation cookie, say byebye!
echo “< p style='font-size:20pt;font-weight:bold;color:red;'>UNAUTHORISED COOKIE: You have tried logging in with an UNAUTHORISED cookie. You do not have permission to access this site!< / p>“;
exit();
}
}

And that’s how simple it is! Good luck!

Related Posts:

• No Related Posts

Secure PHP Hosting

Security is the utmost importance to us but sometimes security is relied solely on you, the Customer. If you create your own PHP applications; maybe you’re a new PHP developer, you’ll need to take into consideration security of your PHP applications. Some of them include:
• SQL Injections
• HTML & Javascript vulnerabilities in MySQL database values.

Note that all of these vulnerabilities are caused by the programmers themselves in their PHP applications and are not vulnerabilities with the PHP software itself. These vulnerabilities could be prevented in modifications to the PHP configuration but that would mean that 90% of all PHP scripts would probably stop working properly. This is because the 90% of scripts that keep their code secure without the PHP config modification would do the complete reverse and stop working if the config was changed. So this really is an unviable solution for us so therefore it is down to the programmer themself to keep their applications secure. Below we’ll explain about the many vulnerabilities that especiially affect forms used in conjuction with PHP interactivity.
• SQL Injections
This is a big issue and is probably the most lovable thing about PHP to hackers – and it can do disasterous effects to your scripts. SQL injections are where hackers compromise MySQL features in your SQL statements which change the way statements look when executed with a MySQL query. An example being a MySQL comment in a form. Let’s say you had a member system – a hacker could add a MySQL comment to the password field and they’d not need a password at all! If you think logically the SQL statement would be like just SELECTing the username, right? Well the SQL comment does add an AND clause for the password but the value is actually commented out, therefore MySQL accepts it as correct login credentials. To prevent this happening you’d use the mysql_real_escape_string() function which slashes single or double quotations therefore preventing a SQL injection altogether. If you think about it, if the query is like this:

SELECT * FROM `users` WHERE `username` = ‘$value’ AND `password` = ‘$value’

If you slash ‘ it would prevent the value being escaped therefore preventing injections.
• Code in Forms
Imagine you’ve got a form and that form will be submitted to a database and later on retrieved from. If the user adds HTML or even Javascript (which is worst) the user may be able to add redirects or even cause worser attacks using the POST method of the form. If you think about it, a user could be happily submitting data via a form but doesn’t realise there’s a silent Javascript redirect that has a PHP file that’s holding the same POST variables of that page (such as $_POST, $_GET or simply $_REQUEST) and therefore the user’s data is captured quite easily on the external site. To prevent this you can use a variety of options, such as:
• htmlspecialchars() function that turns opening and closing brackets into HTML entities (so it would actually display the brackets and code on the page, instead of parsing it).
• strip_tags() function is a more less-user-friendly option which strips the brackets and HTML/JS code completely.
• preg_match() function is where you can see if the form values have brackets in them and if so refuse the post.

htmlspecialchars syntax: htmlspecialchars($_POST['message'])
strip_tags syntax: strip_tags($_POST['message'])
preg_match syntax:
$str=$_POST['message'];
$look=”/ $look1="/>/”;
if(preg_match($look,$str) || preg_match($look1,$str)) {
echo “Match found!”;
}

For more information you should check out the PHP documentation for list of functions and their uses and explanations at php.net.

Related Posts:

• PHP Web Hosting Service
• php web hosting
• Basic PHP Includes
• PHP Tutorial – Part 7
• PHP Tutorial – Part 6

Discussion boards or “Forums” play an important role for most successful websites. This provides regular visitors for a website as it covers different topics which are discussed online. It adds a community to the forum which automatically increases traffic and asks visitors to come again and again. Forums have a lot of features for members which include posting, voting, private messaging and lots more.

Forum Web Hosting

Choosing Forum Hosting service for your forum can be a quite a hard experience. Forums have become more popular these days with the advancement of internet technology. One of the most important factors in running  forums is quality of web hosting service. You will need enough disk space and bandwidth for your web hosting account so that huge traffic is supported for your website. Another most important factor is server uptime of the web hosting company. Many web hosting companies claim 99% uptime but thats not always true.

Therefore, always choose a right web host for your Forum hosting needs.

Also along with good web hosting service for your forum there is a need to check the database management system. The web hosting servers should have good database management systems. The availability of MySQL Database and phpmyAdmin is essential to manage your forum properly and with ease. Server Security also plays an important role which helps to run the forum or discussion board smoothly.

Following are the most used Forum softwares. Each one is reviewed below:-

Vbulletin Forum Hosting

vBulletin is one of the best software for creating a web forum produced by Jelsoft Enterprises. All you need to have is a license for using vBulletin. Vbulletin Forum hosting is supported on Linux web hosting and Windows web hosting plans. It is a powerful forum software written in PHP and built with strong back end database MySQL. Many companies choose Vbulletin over other software because of its innovations, security and exceptional performance

Read the rest of this entry »

Related Posts:

• Using Cloud to Justify Your Customer Service Efforts
• Switching From Traditional Shared Hosting to Shared Cloud
• When to Consider a Dedicated Server ?
• Web Hosting: who, where, when and why
• Web Hosting | Part 2