In the final installment of my JavaScript Encryption Demo series, I mentioned that perhaps I’d write about the configuration code in a later article. Well, since I’ve decided to use similar code in my new simple forum software, I’ve decided it’s now or never.
The Header Configuration File
If you get confused, I tend to use header and header.php interchangeably when talking about the header file and that’s simply because I’m writing everything in PHP as opposed to ASP or Coldfusion or any other server-side scripting language.
The header file is simply a file which contains all the configuration parameters along with the HTML output down to and including the <body> tag. It will also contain any custom functions. The header file is automatically prepended by a “.user.ini” file when using FastCGI (like with NginX) and an “.htaccess” file when FastCGI is not used (like with Apache). The footer file, on the other hand, is just a string or two and closing all the open tags including the </body> and </html> tag closures.
Configuration Parameters
There are certain configuration parameters I always like to set, even if they’re already set in the php.ini file. There may come a time when I need to move something to a server where I don’t have access to the php.ini file and I don’t want to rely on it being the way I want it to be.
$site_title = 'Site Title'; $site_url = 'http://' . $_SERVER['HTTP_HOST'];
There is a way to append an “s” onto “http” with some automatic code, but I know in advance I won’t be using SSL.
$page_title = ': ' . substr( $_SERVER['REQUEST_URI'], strrpos( $_SERVER['REQUEST_URI'] , '/' ) +1 , -4 ); if ( $_SERVER['REQUEST_URI'] == '/' || $_SERVER['REQUEST_URI'] == 'index.php' ) $page_title = ''; if ( $_SERVER['REQUEST_URI'] == '/members/' || $_SERVER['REQUEST_URI'] == '/members/index.php' ) $page_title = ': Something'; $page_title = ucwords( str_replace( '-', ' ', $page_title ) );
This is really just an easy way to convert file names into page titles. The only “manual” page titles are for the index pages.
$session_cookie_name = 'forum'; session_name( $session_cookie_name ); session_set_cookie_params( 0, '/', $_SERVER['HTTP_HOST'], 0, 1 ); session_start();
You can’t change session cookie parameters without setting a session name. This can be done in the php.ini file for a single domain, but I’m using multiple virtual servers with one instance of PHP on my virtual private server. This is also a good place to start the session for every page.
if ( substr( $_SERVER['REQUEST_URI'], 0, 9 ) == '/members/' && !isset( $_SESSION['username'] ) ) {
$_SESSION = array();
$params = session_get_cookie_params();
setcookie( session_name( $session_cookie_name ), '', time() - 42000, '/', $_SERVER['HTTP_HOST'], 0, 1 );
session_destroy();
header( 'location: ' . $site_url . '/login.php');
exit;
}
if ( substr( $_SERVER['REQUEST_URI'], 0, 9 ) != '/members/' && isset( $_SESSION['username'] ) ) {
header( 'location:' . $site_url . '/members/');
exit;
}
If access to a member’s page is attempted and the visitor isn’t logged in, this sends the visitor back to the login page. On the other hand, if the visitor is logged in and someone ends up on a not-logged in page, it send them to the index page of the member’s area.
echo '<!DOCTYPE HTML>' . "\n"; echo '<html dir="ltr" lang="en-US">' . "\n"; echo ' <head>' . "\n"; echo ' <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />' . "\n"; echo ' <title>' . $site_title . $page_title . '</title>' . "\n"; echo ' <link href="' . $site_url . '/favicon.ico" rel="shortcut icon" type="image/x-icon" />' . "\n"; echo ' <link href="' . $site_url . '/style.css" media="screen" rel="stylesheet" type="text/css" />' . "\n"; echo ' <script src="' . $site_url . '/functions.js" type="text/javascript"></script>' . "\n"; echo ' </head>' . "\n"; echo ' <body>' . "\n";
This is the HTML output of the header for all pages. You can see that I used the variables I mentioned earlier.
if ( substr( $_SERVER['REQUEST_URI'], 0, 9 ) == '/members/' && $_SERVER['REQUEST_URI'] != '/members/logout.php' ) {
echo ' <script type="text/javascript">' . "\n";
echo ' if ( ( screen.width != ' . $_SESSION['scw'] . ' ) || ( screen.height != ' . $_SESSION['sch'] .' ) || ( new Date().getTimezoneOffset() != ' . $_SESSION['tzo'] . ' ) || ( navigator.userAgent != "' . $_SESSION['ua'] . '" ) ) {' . "\n";
echo ' window.location.replace("' . $site_url . '/logout.php");' . "\n";
echo ' }' . "\n";
echo ' </script>' . "\n";
}
This is a JavaScript routine I’ll use to check the session variables I’ll set, just like validating the login with my JavaScript Encryption Demo. The logout.php page destroys the session and sends the visitor back to the login page. The coding part is identical to the part above where the session isn’t properly set.
The Rest of the File
I’m not quite sure where I’ll put these:
function clean_input( $str ) {
$link = db_connect();
$str = mysqli_real_escape_string( $link, $str );
mysqli_close( $link );
return $str;
}
function db_connect() {
$link = @mysqli_connect( 'localhost', 'db_username', 'db_password', 'db_name' );
if ( mysqli_connect_errno() ) die( 'Failed to connect to server.' );
return $link;
}
I’m not even sure I’ll use MySQL at this point but I probably will. There may end up being more routines placed in this file, but I won’t know what they’ll be, if any, until I start putting the pieces together. In the end, however, the entire software package will be available for download.