Smarty Security – Stop .tpl access
WHMCS uses the Smarty template engine. Which means your .tpl files are accessible to anyone that knows the path. Quite easy in WHMCS. Whilst not really a major security risk, its bad practise to all these files to be accessed directly.
Add this code into your .htaccess file.
<Files ~ "\.tpl$">
Order allow,deny
Deny from all
</Files>Detecting MIME types in PHP
Detecting MIME types in PHP used to be hellish.
Use the mime_content_type function I hear you say. Returns the MIME content type for a file as determined by using information from the magic.mime file. No, its garbage and thankfully now depreciated.
The PHP documentation suggests we use the Fileinfo PECL extension. I wasted ten minutes of my day trying to make that work. It even comes packaged with PHP 5.3. Still doesn't work.
FreeTDS installation directory is not a FreeTDS installation directory
I recently discovered an error whilst trying to (re)install an older PHP version on a client's server. My client required PHP recompiling with MS SQL support. This in turn requires FreeTDS. Installing FreeTDS is very simple, but PHP wasn't.
CubeCart Tax Classes on Product Page
A client of mine sells a mix of VAT and VAT exempt products via a CubeCart 4 store I setup.
Although CubeCart allows this and calculates the VAT right on the checkout process, it doesn't have any facility to show the customer which tax class the product falls into on the viewProd page.
Annoying.
The Beauty of Old Code
A client of mine needed a quick image upload feature to a custom administration app. We have jQuery and AJAX and all sorts of modern niceness. Screw that.
Bring back PEAR's HTTP_Upload. Its ancient, but justified, if you install the Stable version it was last updated 11-08-2004, five whole years ago.
Convert phpBB IP Addresses
phpBB stores its IP addresses in a funky format. They're useless to the human eye!
Convert them to normal IPs with the following code
SELECT CONCAT( CONV( substring( poster_ip, 1, 2 ) , 16, 10 ) , '.', CONV( substring( poster_ip, 3, 2 ) , 16, 10 ) , '.', CONV( substring( poster_ip, 5, 2 ) , 16, 10 ) , '.', CONV( substring( poster_ip, 7, 2 ) , 16, 10 ) ) AS IP
FROM phpbb_posts
WHERE `poster_id` = USERID
LIMIT 0 , 30
This code will convert all know IPs from a selected user (In my case 51).
Using Wordpress header and footers externally
I needed to integrate a Wordpress header (header.php) and footer (footer.php) into an external application.
There are quite a few ways round this, but none are really ideal. For example, if you want to include an external page in Wordpress for whatever reason, you could use the Exec-PHP plugin. Simple, hey? No.
How to move Wordpress directory or server – properly
I ran into an annoying, but easily avoided problem the other day. When moving a clients Wordpress site from the development/staging area to it's live domain, I did the usual update "WordPress address" and "Blog address" in the Wordpress settings.
Thats all you need to do, right? No.
WP-O-Matic Bug Fixes Round Up
I've run into quite a few issues in the latest 1.0RC3-7 release of WP-O-Matic. Here's a round up of the bug fixes and addons you need to actually this potentially useful product useful!
Also, it includes a well known MySQL bug fix.
Extra Cover Cricket
I wrote the Extra Cover Cricket site about a year ago to provide a central news hub for syndicated cricket news from around the world. Previously there has never been so much cricket news on a single web site. Seriously!
It was wrote around a single page that provided the home page, the category listing and the single article page. Really simple stuff.