As a result, the best low-budget way of finding postcodes is by using the Google Maps api – which in itself isn’t 100% accurate (but good enough).

So we can use the following code:

<?php
// Specify Postcodes to Geocode
$postcode1 = 'BH151DA';
$postcode2 = 'BH213AP';

// Geocode Postcodes & Get Co-ordinates 1st Postcode
$pc1 = 'http://maps.google.com/maps/geo?q='.$postcode1.',+UK&output=csv&sensor=false';
$data1 = @file_get_contents($pc1);
$result1 = explode(",", $data1);
$custlat1 = $result1[2];
$custlong1 = $result1[3];

// Geocode Postcodes & Get Co-ordinates 2nd Postcode
$pc2 = 'http://maps.google.com/maps/geo?q='.$postcode2.',+UK&output=csv&sensor=false';
$data2 = @file_get_contents($pc2);
$result2 = explode(",", $data2);
$custlat2 = $result2[2];
$custlong2 = $result2[3];

// Work out the distance!
$pi80 = M_PI / 180;
$custlat1 *= $pi80;
$custlong1 *= $pi80;
$custlat2 *= $pi80;
$custlong2 *= $pi80;

$r = 6372.797; // mean radius of Earth in km
$dlat = $custlat2 - $custlat1;
$dlng = $custlong2 - $custlong1;
$a = sin($dlat / 2) * sin($dlat / 2) + cos($lat1) * cos($lat2) * sin($dlng / 2) * sin($dlng / 2);
$c = 2 * atan2(sqrt($a), sqrt(1 - $a));

// Distance in KM
$km = round($r * $c, 2);

// Distance in Miles
$miles = round($km * 0.621371192, 2);

echo 'The distance between '.$postcode1.' and '.$postcode2.' is '.$km.'Km ('.$miles.' miles).';

?>

You could use $result1[0] and $result2[0] to check codes. If the value is anything other than 200 the postcode is invalid. Also note UK is also searched for to guarantee correct results!

The result is also rounded to make sure we only have 2 decimal places. Make sure your postcodes do not have any spaces in when they go to Google, if you’re collecting them from a form maybe use:

function nowhitespace($data) {
return preg_replace('/\s/', '', $data);
}
$postcode1 = nowhitespace($postcode1);

to remove all spaces before processing, and the following to check it’s ok after processing:

if (($result1[0] != 200) || ($result2[0] != 200)) {
echo "<p>Invalid Postcode(s) Entered. Please try again.</p>";
} else {

Good luck!

You can’t use <p> tags, text align, vertical align or even image align as this messes up the display? I had this problem with thumbnails or varying sizes which needed to be centered in a div of specific size.

Using the approach suggested here and classing it as a table cell wasn’t great as it messed up the display…so I just set the image as a background which you can center & put a transparent gif over it to link to. Not ideal but it works!

<div style="background-image: url('thumbnail.gif');  background-repeat: no-repeat; background-position: center; width: 100px;  height: 100px">
<a href="page.php">
<img src="transparent  gif" width="100" height="100" />
</a>
</div>

You could also consider using absolute div tags but that also tends to interfere with surrounding design elements! Other solutions welcome!

There are a number of simple solutions to this problem, I’ll go through a couple below.

1. Use two files (one with the form on and one to process), and redirect back to the first page when the processing is done.

Here’s some sample code for the form page (form.htm):

<form name="form1" method="post" action="process.php">
<input type="text" name="text" id="text">
<input type="submit" name="submit" id="submit" value="Submit">
</form>

and here’s some sample code for the processing page (process.php):

<?php
if (isset($_POST['submit'])) {
$text = $_POST['text'];
$query = mysql_query("Insert into our database etc");
header("Location: form.htm");
}
?>

This uses PHP header to redirect the user back to the form page when the form is processed, or if the user directly visits process.php without the form submission. Bear in mind this is only example code and so is not complete or secure.

2. Use two files (one with the form on and to process and one when finished), redirecting to the second page when finished.

Here is some sample code for the process/form page (form.php):

<?php
if (isset($_POST['submit'])) {
$text = $_POST['text'];
$query = mysql_query("Insert into our database etc");
}
header("Location: thanks.htm");
?>
<form name="form1" method="post" action="form.php">
<input type="text" name="text" id="text">
<input type="submit" name="submit" id="submit" value="Submit">
</form>

and here’s the code for the final page (thanks.htm):

<p>Thanks for filling out our form!</p>

The user can still refresh the final page as much as they want as the processing was done elsewhere.

3. Use one file, doing all the processing and then displaying a thank you message.

This uses a $_GET to tell the script we’ve finished and display a message (form.php):

<?php
if ($_GET['success']) {
echo "Your text was saved successfully!";
} elseif (isset($_POST['submit'])) {
$text = $_POST['text'];
$query = mysql_query("Insert into our database etc");
header("Location: form.php?success=1");
}
?>
<form name="form1" method="post" action="form.php">
<input type="text" name="text" id="text">
<input type="submit" name="submit" id="submit" value="Submit">
</form>

I suppose you could change the echo to a die if you didn’t want to show the form, or add in a final else like this:

<?php
if ($_GET['success']) {
echo "Your text was saved successfully!";
} elseif (isset($_POST['submit'])) {
$text = $_POST['text'];
$query = mysql_query("Insert into our database etc");
header("Location: form.php?success=1");
} else {
?>
<form name="form1" method="post" action="form.php">
<input type="text" name="text" id="text">
<input type="submit" name="submit" id="submit" value="Submit">
</form>
<?php } ?>

so that the form would not be displayed when the Success text was.

4. Involve sessions

You could also involve sessions in your form by storing the POST variables in a session before processing, eg:

$_SESSION['postdata'] = $_POST;

and clearing the session once the processing had been done, eg:

unset($_SESSION['postdata'])

You could also enter a timestamp with each posted form and store this in a database, checking before processing for identical timestamps, it depends on the nature of your application and your personal preference.

Any comments/improvements welcome!

Mediatemple GS Control Panel

However, as I write this one of our personal projects which we put on it’s own Mediatemple server is displaying a MySQL connection error – again. Over the last week it’s been a constant on/off battle made many times worse by the very slow Mediatemple support.

Mediatemple Sport a Speedy 20Hr Response Time

It was acceptable to begin with, 5 hours for the first reply, 13 hours for the second that informed me there was a bigger issue (mediatemple always seem to have MySQL issues), 7 hours later they informed me the issue had been fixed.

25 hours later (yes, TWENTY FIVE), after I had replied saying there was still a problem, they told me it was all running ok…which it was THEN but it had been too slow to work for hours before they replied.

I should probably point out that all of this was mid-week so the only reason I can see for the slow responses is that everyone was busy working on the problem?

Mediatemple Support Home

In the past I have had timely replies to my tickets (2 hour average) which is not as good as some (VPSLatch and PowerVPS being the best I’ve seen) but decent. In fact the response time is estimated at 4 hours 28 mins in the control panel right now. I have had only one instance of downtime for my files but unfortunately there are a couple of other shortcomings of their system including overly complicated domain setup (for subdomains) and how they work with the system. Whereas cPanel (for example) has seperate stats and settings for each domain, Mediatemple’s control panel mixes them together so the Urchin stats show all sites as one.

This post isn’t completely one sided, as the amount of space & bandwidth you’re given is very generous; along with the actual computing ‘budget’ they provide you with being pretty high (with their GPU system). Their website is beautifully designed and works pretty well but is let down by their MySQL system and slightly confusing control panel. You can of course fix the MySQL fault by purchasing a MySQL container at $20/mo, offering excellent response times; but this doubles the monthly cost of the service.

Extra MySQL Packages Are Available

I’d also point out that the Mediatemple terms of use are similar to those found on VPS and dedicated servers, much more relaxed than shared servers. This is still very useful (combined with the high storage space and inclusive bandwidth) for image hosting sites etc that you can’t put elsewhere.

Hopefully this has given you a fairly round view of my time with mediatemple, everybody’s views differ and you’ll have a different experience depending on what cluster you’re on; but I’d suggest a VPS is a better way to go until Mediatemple sort out the annoying MySQL lag.

cURL is a valuable tool for any PHP developer and has extremely useful applications, one of which is logging into remote sites to post forms. This illustrates a flaw with many sites in that they user header redirects (as shown below) in their login systems to keep people away from pages they shouldn’t see, and log them in and out.

if ($_SESSION['logged'] != 1) {
header("Location: login.php");
}

That very simple bit of code checks to see whether a session has been found where logged = 1. If it doesn’t find one then it will redirect the user to login.php without showing them the page.

The problem here is that header location ONLY works when it’s the first thing on a page, otherwise you’ll see an error and then the rest of the page we shouldn’t be seeing – which is what happens with a cURL request. This means the header location redirect doesn’t work and anyone can grab your “protected” page easily and quickly without logging in.

To solve this quickly (without changing your basic login script at all) make sure you have failsafes! The most simple would be to add a die statement as below so that if your redirect fails, they won’t get to see your private page.

if ($_SESSION['logged'] != 1) {
header("Location: login.php") or die("Please <a href='login.php'>login</a> before accessing this page.");
}

Very simple stuff, but there’s lots of sites without it.

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

Oh, well that’s no good. Looked through the code, and found I had spelt one variable wrong.

$_SESSION['user_id'] = $user;

but $user did not exist, it should have been

$_SESSION['user_id'] = $user_id;

So the error/warning appeared because I was referencing a null (or undefined) variable into a session; something which would require register_globals to work.

Register globals would allow you to call file.php?foo=bar; and the script would create a variable $foo with a value of bar automatically – which is not very secure as variables can be pushed into a script (perhaps bypassing form validation etc). Personally I would never use register_globals (set it to off in PHP.ini or your .htaccess) as mistakes like the one I made would go unnoticed & could be abused.

I googled the error after I found that mistake to confirm that was the problem and was amazed to see people simply turning the warnings off rather than fixing the problem…talk about short cuts!

"^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$"

If you’re here through search then you’ve probably already seen a load of these!

The code I’m going to provide:

1. Allows international domains, and special characters in the email address
2. Checks for domain existance
3. Checks for mx records

So…to the code. This was put together from a number of sources, then simply based off an article over at LinuxJournal.

function ValidateEmail($email) {
// Set test to pass
$valid = true;
// Find the last @ in the email
$findats = strrpos($email, "@");
// Check to see if any @'s were found
if (is_bool($findats) && !$findats) {
$valid = false;
}
else {
// Phew, it's still ok, continue...
// Let's split that domain up.
$domain = substr($email, $findats+1);
$local = substr($email, 0, $findats);
// Find the local and domain lengths
$locallength = strlen($local);
$domainlength = strlen($domain);
// Check local (first part)
if ($locallength < 1 || $locallength > 64) {
$valid = false;
}
// Better check the domain too
elseif ($domainlength < 1 || $domainlength > 256) {
$valid = false;
}
// Can't be having dots at the start or end
elseif ($local[0] == '.' || $local[$locallength-1] == '.') {
$valid = false;
}
// Don't want 2 (or more) dots in the email
elseif ((preg_match('/\\.\\./', $local)) || (preg_match('/\\.\\./', $domain))) {
$valid = false;
}
// Make sure the domain has valid chars
elseif (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
$valid = false;
}
// Make sure the local has valid chars, make sure it's quoted right
elseif (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) {
if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) {
$valid = false;
}
}
// Whoa, made it this far? Check for domain existance!
elseif (!(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) {
$valid = false;
}
}
if ($valid) {
echo $email.' is valid!';
}
else {
echo $email.' is not valid!';
}
}

You’d call this with:

ValidateEmail("test@3cc.org");

Fancy trying it? Click here to demo.

Or if you want this code with all the spaces, click here to view the txt

Google provide the following resource for this problem: http://www.google.com/support/a/bin/answer.py?hl=en&answer=33786

But, they recommend using

v=spf1 include:aspmx.googlemail.com ~all

That’s all fine and well…but what about the official website? Oddly, they recommend using – instead of ~ (http://www.openspf.org/FAQ/Common_mistakes)

v=spf1 include:aspmx.googlemail.com -all

But seeing as it’s google hosting my mail, I’ve been using ~ successfully for some time now, with no more bounces.

Testing whether you’re configured correctly

Easy, just send an email to spf-test@openspf.org and you’ll get a bounce right back with the SPF status in (http://www.openspf.org/Tools).

How can I configure my server?

If you have access to all your DNS records for your domain you can add it yourself (for example through WHM or root plesk panel) but on most shared hosts just fire off an email to the support team who will add the record for you.

On Plesk & Cpanel you can add either a SPF record or a TXT record through your DNS editor, making it easy to do this yourself.

What this script can do:

• Backup all of your MySQL databases on a server individually, then package them into a single tar.
• Save that tar locally, on a FTP server or even email it to you

What you need:

• PHP
• MySQL
• Preferably the root mysql login & password (allows you to backup all databases in one go)

I do not guarantee:

• That this will definately work on your server, or Windows servers out of the box.

However it is here for people to use. I have tested it on several linux machines and it runs great.

Download:

Zip containing dbbackup.php & dbbackupconfig.php – dbbackup.zip

What I’ve added:

To upload to a remote FTP server, I added this to the config file:

######################################################################
## FTP Options
######################################################################

// Use FTP Option?
$useftp = true;

// Use passive mode?
$usepassive = true;

// FTP Server Address
$ftp_server = 'host';

// FTP Username & Password
$ftp_user_name = 'username';
$ftp_user_pass = 'password';

and this to the main file below email sending:

// do we ftp the file?
if ($useftp == true) {
$file = $BACKUP_DEST.'/'.$BACKUP_NAME;
$remote_file = $BACKUP_NAME;

// set up basic connection
$conn_id = ftp_connect($ftp_server);

// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);

// turn passive mode on?
ftp_pasv($conn_id, $usepassive);

// upload a file
if (ftp_put($conn_id, $remote_file, $file, FTP_BINARY)) {
 echo "successfully uploaded to ftp: $remotefile\n";
} else {
 echo "There was a problem while uploading $remotefile\n";
}

// close the connection
ftp_close($conn_id);
}

That’s all!

<?php
$string = 'us$$er*&^nam@@e';
$string = cleanabc123($string);
function cleanabc123($data)
{
$data = preg_replace("/[^a-zA-Z0-9\s]/", "", $data);
return $data;
}
// This will be 'username' now
echo $string;
?>

And if you wanted it to also remove whitespace, you could change the function by removing the \s whitespace character.

$data = preg_replace("/[^a-zA-Z0-9]/", "", $data);