Any of your pages with facebook widgets on can result in URL’s like

www.example.com/page.php?fb_xd_fragment=

This has several implications. Firstly – it can cause blank pages through unwanted interactions with div areas on the page. We can solve this by adding the following fix just before the </body> tag. This came from http://forum.developers.facebook.net/viewtopic.php?id=60571&p=1 (temporary solutions)

<!-- Correct fb_xd_fragment Bug Start -->
<script>
document.getElementsByTagName('html')[0].style.display='block';
</script>
<!-- Correct fb_xd_fragment Bug End -->

The second, more long term issue is that this page will appear in search results alongside the normal page…resulting in duplicate content. Obviously you could just remove the like button but that’s not an ideal solution. So you can do a couple of things.

Head to webmastertools (https://www.google.com/webmasters/tools/home?hl=en) and add the fb_xd_fragment= as something that should be ignored on your site.

Filtering out fb_xd_fragment in Google Webmaster Tools

Another option is to use .htaccess and 301 redirects to clip out the &fb_xd_fragment=, which is a pain but very easily do-able and removes the requirement to put the display fix on every page. So try this (modified per your site) in your .htaccess.

RewriteCond %{QUERY_STRING} fb_xd_fragment=
RewriteRule ^(.*) http://www.example.com/$1? [R=301]

You could also ignore it and just hope facebook fixes it soon…yeahh bad choices right?

Article on phpBB3 Integration
Article on sending PM’s

I’ve put everything needed into one file as I don’t want to go through and break it up. The previous two posts (linked above) used a seperate phpbb.php file with part of the code in but this just includes everything.

<?php
// All queries --> support@3cc.org
// This is not setup for new thread posting, and has been config'd to not increment post count as this is for a bot.
// Further changes will be needed to clean up code as this is using external functions instead of clear documentation. --dc
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './phpBB3/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

// post send controller
function sendphpbbpost($pmmessage,$userid,$pmsubject) {

include_once('phpBB3/includes/functions_posting.php');
$my_subject = utf8_normalize_nfc(request_var('$pmsubject', '', true));
$message = utf8_normalize_nfc($pmmessage, '', true);
$uid = $bitfield = $options = '';
$allow_bbcode = $allow_smilies = true;
$allow_urls = true;
generate_text_for_storage($message, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies);
$data = array(
// General Posting Settings
'forum_id'          => 7,    // The forum ID in which the post will be placed. (int)
'topic_id'          => 5,    // Post a new topic or in an existing one? Set to 0 to create a new one, if not, specify your topic ID here instead.
'icon_id'           => false,    // The Icon ID in which the post will be displayed with on the viewforum, set to false for icon_id. (int)

// Defining Post Options
'enable_bbcode' => false, // Enable BBcode in this post. (bool)
'enable_smilies'    => true, // Enabe smilies in this post. (bool)
'enable_urls'       => false, // Enable self-parsing URL links in this post. (bool)
'enable_sig'        => true, // Enable the signature of the poster to be displayed in the post. (bool)

// Message Body
'message'           => $message,     // Your text you wish to have submitted. It should pass through generate_text_for_storage() before this. (string)
'message_md5'   => md5($message),    // The md5 hash of your message

// Values from generate_text_for_storage()
'bbcode_bitfield'   => $bitfield,    // Value created from the generate_text_for_storage() function.
'bbcode_uid'        => $uid,     // Value created from the generate_text_for_storage() function.

// Other Options
'post_edit_locked'  => 0,
'topic_title'       => $subject, // Subject/Title of the topic. (string). This is needed for new posts but for our purposes isn't.

// Email Notification Settings
'notify_set'        => false,        // (bool)
'notify'            => false,        // (bool)
'post_time'         => 0,        // Set a specific time, use 0 to let submit_post() take care of getting the proper time (int)
'forum_name'        => '',       // For identifying the name of the forum in a notification email. (string)

// Indexing
'enable_indexing'   => true,
'force_approved_state' => true, // Only runs on 6 onwards...check SUCC
);

//Now send that post...
submit_post('reply', '', '', POST_NORMAL, &$poll, &$data, $update_message = true);

}

$user->data['user_id'] = 2;    // User id of poster.
$auth->acl($user->data); // Re-initiate user after recall
$userid = $user->data['user_id'];
$pmmessage = 'This is a new reply, change this to whatever you want.';
sendphpbbpost($pmmessage,$userid,$pmsubject);

?>

Looking through the code above you will see several points that need changing. It’s currently set to ‘reply’ (change this to ‘post’ for a new post). Change all details to suit really – it’s easy to customise.

This bit of code (use it in conjunction with phpbb.php mentioned in the post linked to above) allows you to call a function to send a PM to any user as long as you have their ID.

<?php
// PM send controller
include_once("phpbb.php");

function sendphpbbpm($pmmessage,$userid,$pmsubject) {
include_once('forum/includes/functions_privmsgs.php');

$message = utf8_normalize_nfc($pmmessage);
$uid = $bitfield = $options = ''; // will be modified by generate_text_for_storage
$allow_bbcode = $allow_smilies = true;
$allow_urls = true;
generate_text_for_storage($message, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies);
$pm_data = array(
'from_user_id'        => 2,
'from_user_ip'        => "127.0.0.1",
'from_username'        => "admin",
'enable_sig'            => false,
'enable_bbcode'        => true,
'enable_smilies'        => true,
'enable_urls'        => false,
'icon_id'            => 0,
'bbcode_bitfield'    => $bitfield,
'bbcode_uid'         => $uid,
'message'            => $message,
'address_list'        => array('u' => array($userid => 'to')),
);

//Now We Have All Data Lets Send The PM!!
submit_pm('post', $pmsubject, $pm_data, false, false);
}

?>

You’ll need to modify the code above slightly to fit your needs, for example changing the admin username and user id, and then calling the function but it’s all pretty simple stuff one you’ve got all this.

To call the function (send the PM) to a fictional user 11:

<?php

$pmsubject = 'Please read this PM.';
$pmmessage = 'Thank you for reading this PM!';

$userid = '11';

sendphpbbpm($pmmessage,$userid,$pmsubject);

?>

Posting threads and replying to threads uses a similar system so I’ll put up some script for that shortly.

One of the best ways of testing your site for scalability (other than getting huge traffic straight away) is to test how long your PHP scripts take to parse. We can do this by comparing the time at the start and end of a script to give us the processing time. The PHP manual shows the following example:

$time_start = microtime(true);
// Script you want to test here
$time_end = microtime(true);
$time = $time_end - $time_start;
echo "Did nothing in $time seconds\n";

But I prefer this for readability (I put this in a common include so I can test the whole site by simply calling some functions…see below):

function starttime() {
$r = explode( ' ', microtime() );
$r = $r[1] + $r[0];
return $r;
}

function endtime($starttime) {
$r = explode( ' ', microtime() );
$r = $r[1] + $r[0];
$r = round($r - $starttime,4);
return '<strong>Execution Time</strong>: '.$r.' seconds<br />';
}

To use this in a script all we’d need to do is place this at the start and end, and do a simple calculation. For example (using sudo code):

$start = starttime();
// Script you want to test here
echo endtime($start);

This will help you discover bottlenecks in your script – there are a load of things you can do to optimise your script; and I find that using functions as above don’t add extra complication to your script.

For a much more comprehensive article and info on optimisation I would highly reccommend heading here: http://phplens.com/lens/php-book/optimizing-debugging-php.php

He has revealed many of the things people thought sped up PHP execution are simply myths dating back to previous PHP versions, making them pointless. This includes things like echo being faster than print and single quoted vars being faster than double quoted ones.

As a result, the best low-budget way of finding postcodes is by using the Google Maps api – which in itself isn’t 100% accurate (but good enough).

So we can use the following code:

<?php
// Specify Postcodes to Geocode
$postcode1 = 'BH151DA';
$postcode2 = 'BH213AP';

// Geocode Postcodes & Get Co-ordinates 1st Postcode
$pc1 = 'http://maps.google.com/maps/geo?q='.$postcode1.',+UK&output=csv&sensor=false';
$data1 = @file_get_contents($pc1);
$result1 = explode(",", $data1);
$custlat1 = $result1[2];
$custlong1 = $result1[3];

// Geocode Postcodes & Get Co-ordinates 2nd Postcode
$pc2 = 'http://maps.google.com/maps/geo?q='.$postcode2.',+UK&output=csv&sensor=false';
$data2 = @file_get_contents($pc2);
$result2 = explode(",", $data2);
$custlat2 = $result2[2];
$custlong2 = $result2[3];

// Work out the distance!
$pi80 = M_PI / 180;
$custlat1 *= $pi80;
$custlong1 *= $pi80;
$custlat2 *= $pi80;
$custlong2 *= $pi80;

$r = 6372.797; // mean radius of Earth in km
$dlat = $custlat2 - $custlat1;
$dlng = $custlong2 - $custlong1;
$a = sin($dlat / 2) * sin($dlat / 2) + cos($custlat1) * cos($custlat2) * sin($dlng / 2) * sin($dlng / 2);
$c = 2 * atan2(sqrt($a), sqrt(1 - $a));

// Distance in KM
$km = round($r * $c, 2);

// Distance in Miles
$miles = round($km * 0.621371192, 2);

echo 'The distance between '.$postcode1.' and '.$postcode2.' is '.$km.'Km ('.$miles.' miles).';

?>

You could use $result1[0] and $result2[0] to check codes. If the value is anything other than 200 the postcode is invalid. Also note UK is also searched for to guarantee correct results!

The result is also rounded to make sure we only have 2 decimal places. Make sure your postcodes do not have any spaces in when they go to Google, if you’re collecting them from a form maybe use:

function nowhitespace($data) {
return preg_replace('/\s/', '', $data);
}
$postcode1 = nowhitespace($postcode1);

to remove all spaces before processing, and the following to check it’s ok after processing:

if (($result1[0] != 200) || ($result2[0] != 200)) {
echo "<p>Invalid Postcode(s) Entered. Please try again.</p>";
} else {

Good luck!

You can’t use <p> tags, text align, vertical align or even image align as this messes up the display? I had this problem with thumbnails or varying sizes which needed to be centered in a div of specific size.

Using the approach suggested here and classing it as a table cell wasn’t great as it messed up the display…so I just set the image as a background which you can center & put a transparent gif over it to link to. Not ideal but it works!

<div style="background-image: url('thumbnail.gif');  background-repeat: no-repeat; background-position: center; width: 100px;  height: 100px">
<a href="page.php">
<img src="transparent  gif" width="100" height="100" />
</a>
</div>

You could also consider using absolute div tags but that also tends to interfere with surrounding design elements! Other solutions welcome!

There are a number of simple solutions to this problem, I’ll go through a couple below.

1. Use two files (one with the form on and one to process), and redirect back to the first page when the processing is done.

Here’s some sample code for the form page (form.htm):

<form name="form1" method="post" action="process.php">
<input type="text" name="text" id="text">
<input type="submit" name="submit" id="submit" value="Submit">
</form>

and here’s some sample code for the processing page (process.php):

<?php
if (isset($_POST['submit'])) {
$text = $_POST['text'];
$query = mysql_query("Insert into our database etc");
header("Location: form.htm");
}
?>

This uses PHP header to redirect the user back to the form page when the form is processed, or if the user directly visits process.php without the form submission. Bear in mind this is only example code and so is not complete or secure.

2. Use two files (one with the form on and to process and one when finished), redirecting to the second page when finished.

Here is some sample code for the process/form page (form.php):

<?php
if (isset($_POST['submit'])) {
$text = $_POST['text'];
$query = mysql_query("Insert into our database etc");
}
header("Location: thanks.htm");
?>
<form name="form1" method="post" action="form.php">
<input type="text" name="text" id="text">
<input type="submit" name="submit" id="submit" value="Submit">
</form>

and here’s the code for the final page (thanks.htm):

<p>Thanks for filling out our form!</p>

The user can still refresh the final page as much as they want as the processing was done elsewhere.

3. Use one file, doing all the processing and then displaying a thank you message.

This uses a $_GET to tell the script we’ve finished and display a message (form.php):

<?php
if ($_GET['success']) {
echo "Your text was saved successfully!";
} elseif (isset($_POST['submit'])) {
$text = $_POST['text'];
$query = mysql_query("Insert into our database etc");
header("Location: form.php?success=1");
}
?>
<form name="form1" method="post" action="form.php">
<input type="text" name="text" id="text">
<input type="submit" name="submit" id="submit" value="Submit">
</form>

I suppose you could change the echo to a die if you didn’t want to show the form, or add in a final else like this:

<?php
if ($_GET['success']) {
echo "Your text was saved successfully!";
} elseif (isset($_POST['submit'])) {
$text = $_POST['text'];
$query = mysql_query("Insert into our database etc");
header("Location: form.php?success=1");
} else {
?>
<form name="form1" method="post" action="form.php">
<input type="text" name="text" id="text">
<input type="submit" name="submit" id="submit" value="Submit">
</form>
<?php } ?>

so that the form would not be displayed when the Success text was.

4. Involve sessions

You could also involve sessions in your form by storing the POST variables in a session before processing, eg:

$_SESSION['postdata'] = $_POST;

and clearing the session once the processing had been done, eg:

unset($_SESSION['postdata'])

You could also enter a timestamp with each posted form and store this in a database, checking before processing for identical timestamps, it depends on the nature of your application and your personal preference.

Any comments/improvements welcome!

cURL is a valuable tool for any PHP developer and has extremely useful applications, one of which is logging into remote sites to post forms. This illustrates a flaw with many sites in that they user header redirects (as shown below) in their login systems to keep people away from pages they shouldn’t see, and log them in and out.

if ($_SESSION['logged'] != 1) {
header("Location: login.php");
}

That very simple bit of code checks to see whether a session has been found where logged = 1. If it doesn’t find one then it will redirect the user to login.php without showing them the page.

The problem here is that header location ONLY works when it’s the first thing on a page, otherwise you’ll see an error and then the rest of the page we shouldn’t be seeing – which is what happens with a cURL request. This means the header location redirect doesn’t work and anyone can grab your “protected” page easily and quickly without logging in.

To solve this quickly (without changing your basic login script at all) make sure you have failsafes! The most simple would be to add a die statement as below so that if your redirect fails, they won’t get to see your private page.

if ($_SESSION['logged'] != 1) {
header("Location: login.php") or die("Please <a href='login.php'>login</a> before accessing this page.");
}

Very simple stuff, but there’s lots of sites without it.

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

Oh, well that’s no good. Looked through the code, and found I had spelt one variable wrong.

$_SESSION['user_id'] = $user;

but $user did not exist, it should have been

$_SESSION['user_id'] = $user_id;

So the error/warning appeared because I was referencing a null (or undefined) variable into a session; something which would require register_globals to work.

Register globals would allow you to call file.php?foo=bar; and the script would create a variable $foo with a value of bar automatically – which is not very secure as variables can be pushed into a script (perhaps bypassing form validation etc). Personally I would never use register_globals (set it to off in PHP.ini or your .htaccess) as mistakes like the one I made would go unnoticed & could be abused.

I googled the error after I found that mistake to confirm that was the problem and was amazed to see people simply turning the warnings off rather than fixing the problem…talk about short cuts!

"^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$"

If you’re here through search then you’ve probably already seen a load of these!

The code I’m going to provide:

1. Allows international domains, and special characters in the email address
2. Checks for domain existance
3. Checks for mx records

So…to the code. This was put together from a number of sources, then simply based off an article over at LinuxJournal.

function ValidateEmail($email) {
// Set test to pass
$valid = true;
// Find the last @ in the email
$findats = strrpos($email, "@");
// Check to see if any @'s were found
if (is_bool($findats) && !$findats) {
$valid = false;
}
else {
// Phew, it's still ok, continue...
// Let's split that domain up.
$domain = substr($email, $findats+1);
$local = substr($email, 0, $findats);
// Find the local and domain lengths
$locallength = strlen($local);
$domainlength = strlen($domain);
// Check local (first part)
if ($locallength < 1 || $locallength > 64) {
$valid = false;
}
// Better check the domain too
elseif ($domainlength < 1 || $domainlength > 256) {
$valid = false;
}
// Can't be having dots at the start or end
elseif ($local[0] == '.' || $local[$locallength-1] == '.') {
$valid = false;
}
// Don't want 2 (or more) dots in the email
elseif ((preg_match('/\\.\\./', $local)) || (preg_match('/\\.\\./', $domain))) {
$valid = false;
}
// Make sure the domain has valid chars
elseif (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
$valid = false;
}
// Make sure the local has valid chars, make sure it's quoted right
elseif (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) {
if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) {
$valid = false;
}
}
// Whoa, made it this far? Check for domain existance!
elseif (!(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) {
$valid = false;
}
}
if ($valid) {
echo $email.' is valid!';
}
else {
echo $email.' is not valid!';
}
}

You’d call this with:

ValidateEmail("test@3cc.org");

Fancy trying it? Click here to demo.

Or if you want this code with all the spaces, click here to view the txt