Archive for December, 2006
How to write an image gallery script in PHP
Introduction
This is a simple yet useful tutorial on how to write an image gallery script in PHP. It could be used for anything from banner rotation to just a couple of images that you would like to display in rotation on your website. It requires no external libraries, works with php 4.0.3 and above, and will allow you to display all the images in a specifiied directory.
The Code
The code consists of a simple class with two main functions: GetAllFiles() and DisplayImages(). GetAllFiles() retrieves all the images within a specified directory and DisplayImages randomly displays them.
//set your directory here and remember to include the trailing slash
//the script will automatically pull images out of the specified directory and display them
define(”IMAGE_DIRECTORY”, “images/”);
class jrotate {
var $Imagelist = array(); //this stores all of the images that were found in your directory
var $ImageExtList = array(); //this will store the image extensions
function GetAllFiles() {
// Open a known directory, and proceed to read its contents
if (is_dir(IMAGE_DIRECTORY)) {
if ($dh = opendir(IMAGE_DIRECTORY)) {
while (($file = readdir($dh)) !== false) {
//check to see if it is a file
if (filetype(IMAGE_DIRECTORY.$file) == “file”) {
//get the files extension and make sure it is one of our supported image types
$current_ext = substr($file,strlen($file)-3,strlen($file));
if ($current_ext == “jpg” || $current_ext == “gif” || $current_ext == “png”) {
//push the filename and extension onto our arrays
array_push($this->Imagelist,IMAGE_DIRECTORY.$file);
array_push($this->ImageExtList,$current_ext);
}
}
}
closedir($dh);
}
}
}
function DisplayImage() {
//get the total number of images
$imagecount = count($this->Imagelist);
//randomly generate the next image that we will display
$nextimage = rand(0,$imagecount-1);
//determine the image type and return the proper header information
switch($this->ImageExtList) {
case ‘png’:
header(”Content-type: image/png”);
break;
case ‘gif’:
header(”Content-type: image/gif”);
break;
case ‘jpg’:
header(”Content-type: image/jpeg”);
break;
}
//read image into string and output it
$contents = file_get_contents($this->Imagelist[$nextimage]);
echo $contents;
}
} //end class
//create a new instance of the jrotate class
$imagerotator = new jrotate;
//display random image
$imagerotator->GetAllFiles();
$imagerotator->DisplayImage();
//$test = array();
Download
To download the entire script explained here and an example of usage, please go Here
2 commentsHow to create a php upload progress meter
By Justin Silverton
This progess meter is based on the yahoo user interface library and alternative php cache (APC). You will need both of these for it to display properly. PHP 5.2.0 or higher is also required. (I have written a previous article on alternative PHP cache here).
The yahoo user interface library can be found here.
How it works
Once APC is installed and configured, the following needs to be added to your php.ini:
apc.rfc1867 = on
Aside from the Yahoo libraries, this is what makes the progress meter possible using php.
This is called the File Upload Progress hook handler and it is only available
if you compiled APC against PHP 5.2.0 or later. When enabled
any file uploads which includes a field called
APC_UPLOAD_PROGRESS before the file field in an upload form
will cause APC to automatically create an upload_
user cache entry where is the value of the APC_UPLOAD_PROGRESS form entry.

Download
Demo can be found here
Source can be found here
How to install Alternative PHP Cache
By Justin Silverton
What is APC cache?
The Alternative PHP Cache (APC) is a free and open opcode cache for PHP. It was conceived of to provide a free, open, and robust framework for caching and optimizing PHP intermediate code.
Installing
APC Cache is not included with the latest release of php (although it is planned on being included with version 6). It says on the main PHP website that the .dlls can be downloaded from the pecl extensions package, but after downloading and extracting it, I realized that it is not there. I have found the correct .dlls and other files that are needed and they can be download from my server here.
After downloading and extracting the above zip file, complete the following steps:
1) copy the proper php_apc.dll (depending on your version) into your php extensions directory
2) add the following to your php.ini: extension=php_apc.dll (this should be placed under the other extension lines)
3) add the following to your php.ini:
apc.shm_segments=1
apc.optimization=0
apc.shm_size=128
apc.ttl=7200
apc.user_ttl=7200
apc.num_files_hint=1024
apc.mmap_file_mask=/tmp/apc.XXXXXX
apc.enable_cli=1
Note: APC needs a temp path to exist, and be writable by the web server. It checks TMP, TEMP, USERPROFILE environment variables in that order and finally tries the WINDOWS directory if none of those are set.
4) copy apc.php (included with the .zip file) to directory on your web server and launch it.
You should see the following:

APC Cache options
Here is some more information about the various options that can be used to setup apc cache.
apc.enabled This can be set to 0 to disable APC. This is
primarily useful when APC is statically compiled
into PHP, since there is no other way to disable
it (when compiled as a DSO, the zend_extension
line can just be commented-out).
(Default: 1)
apc.shm_segments The number of shared memory segments to allocate
for the compiler cache. If APC is running out of
shared memory but you have already set
apc.shm_size as high as your system allows, you
can try raising this value.
(Default: 1)
apc.shm_size The size of each shared memory segment in MB.
By default, some systems (including most BSD
variants) have very low limits on the size of a
shared memory segment.
(Default: 30)
apc.optimization The optimization level. Zero disables the
optimizer, and higher values use more aggressive
optimizations. Expect very modest speed
improvements. This is experimental.
(Default: 0)
apc.num_files_hint A “hint” about the number of distinct source files
that will be included or requested on your web
server. Set to zero or omit if you’re not sure;
this setting is mainly useful for sites that have
many thousands of source files.
(Default: 1000)
apc.ttl The number of seconds a cache entry is allowed to
idle in a slot in case this cache entry slot is
needed by another entry. Leaving this at zero
means that your cache could potentially fill up
with stale entries while newer entries won’t be
cached.
(Default: 0)
apc.user_ttl The number of seconds a user cache entry is allowed
to idle in a slot in case this cache entry slot is
needed by another entry. Leaving this at zero
means that your cache could potentially fill up
with stale entries while newer entries won’t be
cached.
(Default: 0)
apc.gc_ttl The number of seconds that a cache entry may
remain on the garbage-collection list. This value
provides a failsafe in the event that a server
process dies while executing a cached source file;
if that source file is modified, the memory
allocated for the old version will not be
reclaimed until this TTL reached. Set to zero to
disable this feature.
(Default: 3600)
apc.filters A comma-separated list of POSIX extended regular
expressions. If any pattern matches the source
filename, the file will not be cached. Note that
the filename used for matching is the one passed
to include/require, not the absolute path. If the
first character of the expression is a + then the
expression will be additive in the sense that any
files matched by the expression will be cached, and
if the first character is a - then anything matched
will not be cached. The - case is the default, so
it can be left off.
(Default: “”)
apc.enable_cli Mostly for testing and debugging. Setting this enables APC
for the CLI version of PHP. Normally you wouldn’t want to
create, populate and tear down the APC cache on every CLI
request, but for various test scenarios it is handy to be
able to enable APC for the CLI version of APC easily.
(Default: 0)
apc.max_file_size Prevents large files from being cached.
(Default: 1M)
apc.stat Whether to stat the main script file and the fullpath
includes. If you turn this off you will need to restart
your server in order to update scripts.
(Default: 1)
apc.write_lock On busy servers when you first start up the server, or when
many files are modified, you can end up with all your processes
trying to compile and cache the same files. With write_lock
enabled, only one process at a time will try to compile an
uncached script while the other processes will run uncached
instead of sitting around waiting on a lock.
(Default: 1)
apc.rfc1867 RFC1867 File Upload Progress hook handler is only available
if you compiled APC against PHP 5.2.0 or later. When enabled
any file uploads which includes a field called
APC_UPLOAD_PROGRESS before the file field in an upload form
will cause APC to automatically create an upload_
user cache entry where is the value of the
APC_UPLOAD_PROGRESS form entry.
(Default: 0)
The offical PHP manual page can be found here.
27 commentsA new password flaw found in Firefox 2
By Justin Silverton
In a recent article, a new flaw in firefox 2 is discussed:
“Mozilla’s Firefox 2.0 has long been considered a safer Web browser than Microsoft’s Internet Explorer, but a new flaw in the Firefox Password Manager, which lets users store usernames and passwords for trusted Web sites, could let hackers steal their login data.
The problem, known as a reverse cross-site request, or RCSR, was first discovered by Robert Chapin, a Microsoft Certified Systems Engineer (MCSE) and I.T, consultant. The RCSR appears on blogs, message boards, or group forums that let users add comments with embedded HTML code.
On sites that allow users to enter code, a hacker can embed a form that tricks the user’s browser into sending its username and password information to the hacker’s computer. Because the form is embedded on a trusted Web site, the browser’s built-in antiphishing protection, which is designed to alert users to fraudulent Web sites, does not detect the problem.”
When will this flaw be fixed?
The Mozilla Foundation (the group behind the firefox browser) has classified it as Bug #360493 and also announced that it will be fixed in version 2.0.0.1 or 2.0.0.2.
This attack can be avoided by disabling the browsers’ autosave features for usernames and passwords. In Firefox, the feature is found in the “Options” window under the “Tools” menu.
No comments5 open alternatives to Microsoft Exchange
By Justin Silverton
After the recent announcement by Novell that they were dropping support for the Hula project (an open alternative to Microsoft exchange), I decided to search the Internet for similar applications/projects.
1) Zimbra (commercial and free versions available)
- Desktop client compatibility. Sync mail, contacts, and calendar to Microsoft Outlook and/or to Apple (Mail, Address Book, iCal).
- Professional administration. Real time mailbox backup and restore, high availability clustering, storage cost management.
- Zimbra Mobile. Over-the-air synchronization of mail, contacts, and calendar data with mobile devices.
- Advanced web productivity. Ability to search for content inside attachments and view attachments as HTML instead of downloading.
- Domain management. Ability to re-brand the web client and administer multiple customer domains.
2) Open Xchange (commercial and free versions available)
- Linux Compatibility. Support 30 different linux distributions.
- All Information in One folder. Using one folder, users can store all information needed for a particular project, including all contacts, meetings, and background information.
- Document Management. Automatic versioning, locking of documents during editing, saving from MS Office applications, and access from MS explorer.
3) Scalix (commercial and free versions available)
- Outlook Support. Offers automatic offline mailbox caching and improved PDA syncing.
- Plug-in support. Provides certified plug-ins support for Google Desktop and MSN Search, McAfee VirusScan, Symantec Norton Utilities and Captaris RightFax Outlook Extension.
- Search and Indexing Services. Real-time indexing of private and public folder messages. This results in sub-second mailbox-wide search and retrievals, even in very large mailboxes and folders.
4) Citadel
- Ajax Support. An intuitive, easy-to-use AJAX interface.
- Domain Management. Multiple domain support.
- Easy Installation. installs in minutes without the need to manually integrate all the different components together.
- Contact Management. Saves and organizes thousands of personal and company contacts, telephone, fax, addresses, e-mail contact addresses just to mention a few. Easily configurable with extensive and speedy search capabilities, categorization and remotely accessible.
- Group Calendar. Manage meetings and events for an entire group or individual set of accounts. Attach notes to appointments. Link appointments to contacts and projects. Automatic detection of conflicts.
- Resource Planner. Keep track of your company’s resources such as automobiles, projectors or conference rooms. Searchable timeslots to check for availability of specific resources or resources assigned to a specific group. Automatically check for resource conflicts upon appointment creation.





