Archive for 'Featured Articles'

Macromedia has publicly accessible XML feeds

Posted on 01. Apr, 2009 by admin.

0

<!– @page { size: 21cm 29.7cm; margin: 2cm } P { margin-bottom: 0.21cm } H3 { margin-bottom: 0.21cm } –>

Macromedia has publicly accessible XML feeds available from the Developer Center. The XML feed contains information about all the latest articles and resources. The Developer Center team updates the feed whenever new content is added to Developer Center.

Why are doing this? The idea came from our developers who wanted to be able to display links to the latest Macromedia news and resources on their websites. We’re making this feed available so that developers can use this information in their Macromedia Flash applications and other parts of their websites.

The XML feed is an RSS 1.0 feed. This feed follows the RSS 1.0 standard.

Note: There was a previous version of the Developer Center XML feed. The first feed was the original Macromedia Resource Feed and has been discontinued. This feed had a custom DTD defined by Macromedia and was designed specifically for the Macromedia Developer center. Use the new RSS 1.0 feed instead.

Macromedia Developer Center RSS 1.0 Feed

The Macromedia Developer Center Center RSS feed is an  RSS 1.0 feed which contains links to all articles, tutorials and other resources published on the Macromedia Developer Center. The feed uses the  Dublin Core Module   to provide additional information fields to the feed.
Macromedia Product RSS Feeds

The Macromedia Product RSS Feeds broadcast product-specific technical information. This includes product updates, security bulletins, and TechNotes, as well as the Developer Center articles included in the Developer Center RSS Feed. Each feed contains information from various sources pertaining to a single product—perfect for developers who specialize in one or two and need to have all the latest product news.

Using the XML feeds

So how are these feeds used? It depends on what application you want to use them in. Here’s a brief overview of two ways to use the XML feeds.

ColdFusion MX
ColdFusion MX has native support for parsing XML. You can use the XML feed as a data source within ColdFusion to create dynamic content for an HTML page or Macromedia Flash application.

Macromedia Flash MX 2004
Macromedia provides the RSS 1.0 feed in an environment where Flash developers can consume it from any domain. The server hosting the RSS feed has a crossdomain.xml policy file that lets all public users consume the feed. For more information on cross-domain security and the crossdomain.xml file.

Macromedia Flash Player has XML parsing capabilities built-in XML parsing capabilities. This means that you can load the XML into the player, parse it, and pull out the information you need. In Macromedia Flash MX Professional 2004, you can use the XMLConnector component to connect to the feed. (To make it even simpler, use the Data Connection wizard to connect to the feed. This is the most direct way to consume the feed.

You could also have the Flash movie load the XML through a middleware page (such as ColdFusion) which resides on the same server as the Flash movie. The middleware page retrieves the XML data, and returns it to Flash. For instructions and downloadable example files

Basically, the Flash movie would use the XML.load action with the CFM file instead of trying to load the XML directly. The ColdFusion page would then load the XML from the actual XML document, and then send it back to Flash.
Reference  Adobe

Continue Reading

Web Developement Blog: Curl Location redirect while open_basedir is set

Posted on 27. Mar, 2009 by admin.

0

Recently on the Web Developement Blog, Olaf showed how to do a Location redirect with cURL
A simple link checker

If you need to check URLs and if you need a script that has to follow possible redirects, you need to use Curl. The option CURLOPT_FOLLOWLOCATION will follow each redirect until the curl client has reached the target website. This option rocks if you need to check URLs. The following simple snippet will check an URL and returns the HTTP_CODE:

$ch = curl_init(‘http://www.domain.com’);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1″);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_exec($ch);
$info = curl_getinfo($ch);
echo $info['http_code'];
curl_close($ch);

Running this code with the directive open_basedir is set you get this error:

Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /home/user/public_html/script.php on line …

What if you can’t disable this nasty directive and you need this function? There are some alternative functions inside the PHP manual but according other comments on that place those are not perfect solutions.
How about executing this script inside the path used by this directive? The default pathes are on my machine (and many others) “/tmp” and “/usr/local/lib/php/”. Do you like to execute your scripts in these directories? If not you need add additional directories to your Apache configuration. Since I like DirectAdmin machines I post the code you need to add to your DA user account (Admin Level -> Custom HTTPD Configurations, you need to ask your hosting provider if you don’t have full access):
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/usr/local/lib/php/:/home/superuser/domains/some-domain.com/some_dir/|
With this setting your websites user has access to the directory “some_dir”, place your link checker script (link_check.php) there after you made this modifications:

$ch = curl_init($argv[1]);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1″);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$data = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
$valid = array(200, 302, 301);
if (in_array($info['http_code'], $valid)) {
echo ‘ok’;
}

(don’t forget to add the php tags to this code)
Now inside your web application you can call this script with this code:

$check = shell_exec(‘/usr/local/bin/php /home/superuser/domains/some-domain.com/some_dir/link_check.php http://domain.com &’);
if ($check == ‘ok’) echo ‘URL is valid!’;

This code works only if safe_mode = off

Continue Reading

Count clicks the right way!

Posted on 27. Mar, 2009 by admin.

0

If you own a link list or directory where the listings are ranked (on some page) on the number of outgoing hits, you’re possible victim of click fraud. There are not only people clicking their own listings many times, ther eare also click bots (remote scripts) which drive the click count “into the sky” in a relative short time.

Click fraud is bad for your sites reputation and is not fair to the listings from other websites. In this PHP code show case we will explain what a webmaster need to do to get his click counter visitor friendly and safe.

First of all don’t worry about if a click doesn’t get counted!

Objectives and requirements

We need to use a link which is informative for the visitor, a link like http://www.domain.com/click.php?id=234 doesn’t show the visitor the target link. better would be http://www.domain.com/browse.php?url=www.external-site.com

We need to identify our visitor, that a click is not counted twice because the visitor click a link twice or more. We store the IP address from the visitor together with a link ID in a database.

We need to protect us against click bots: Many click bots are very smart, they use many IP addresses from different subnets that they look like real people. Some of them even pre-load the website to get the sites referrer information. Since we store the IP address, the click bot can’t be very effective for the fraudulent listing. Check your click results frequently and check outstanding results (if a regular listing gets normally 10 clicks a day and on some days there are many hundreds, then some one has tried hack your click system).

You need two database tables, one for the links and one for the clicks. The first one need only an ID and a column for the URL. The table for the clicks needs a column for the URL id, one for the IP address and one for the timestamp:

CREATE TABLE `links` ( `ident` INT NOT NULL, `url` VARCHAR( 100 ) NOT NULL , INDEX ( `ident` ) , UNIQUE ( `url` ) ) ENGINE = MYISAM ;

CREATE TABLE `clicks` ( `site_id` int(11) NOT NULL, `click_time` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, `ip_adr` varchar(30) NOT NULL, KEY `site_id` (`site_id`) ) ENGINE=MyISAM;

After we created the database tables we need to enter a few links, use a clean way to insert your links. Don’t use the protocol in the beginning (if you need this, store protocol in a extra table column)

At the moment some one has clicked the link our redirect script is executed (don’t forget the PHP tags and the building a database connection):

if (empty($_GET['url'])) {
$url = ‘http://www.yoursite.com/’;
} else {
if (get_magic_quotes_gpc()) $_GET['url'] = stripslashes($_GET['url']);
$gURL = mysql_real_escape_string($_GET['url']);
$result = mysql_query(“SELECT ident FROM links WHERE ident = ‘”.$gURL.”‘”);
if (mysql_num_rows($result) == 1) {
$url = ‘http://’.$gURL;
$id = mysql_result($result, 0, ‘ident’);
$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$time_diff = 3600*24*14; // count ones in 14 days
$sql = sprintf(“SELECT COUNT(*) AS testval FROM clicks WHERE ip_adr = ‘%s’ AND click_time+%d > NOW() AND site_id = %d”, $IP, $time_diff, $id);
$res = mysql_query($sql) or die(mysql_error());
$test = mysql_result($res, 0, ‘testval’);
if ($tell == 0) {
mysql_query(sprintf(“INSERT INTO clicks SET ip_adr = ‘%s’, site_id = %d”, $IP, $gURL));
}
} else {
$url = ‘http://www.yoursite.com/’;
}
}
header(‘Location: ‘.$url);
exit;

First we test if the variable URL exists and check also if there is a records for that URL. I the record exists, we test if there is a click records for the user with from the collected IP address. I the result is empty we add a new click record to our database. If the link is valid the user get redirected to the URL he already clicked, otherwise the visitor gets back to the site homepage.

There are a lot of free or paid scripts with a bad click counting mechanism. Use this snippet to protect your site for click fraud! In most of the cases you need only to add the click database table and you need to modify the SQL data for the links. That’s all!

Continue Reading

Easy payments using Paypal IPN

Posted on 27. Mar, 2009 by admin.

1

There are several PHP scripts and classes to process PayPal payments using their native IPN (Internet payment notification) feature. Because the whole process is based on the data you need to send via a web form to the PayPal payment processor these script look very similar.

The payment / notification process is shown via the following graphic:

Paypal Payment Process

Paypal Payment Process

Inside the form there are several required values to process a payment. PayPal gives the advice to post them all to get everything working. The following variables get some special attention:

business = your PayPal email address
cmd = single payments or subscription service (_xclick or _xclick-subscriptions)
return = the URL where the buyer get back after the payment is processed
cancel_return = the URL where the buyer get back if he has cancelled the payment
notify_url = the location where your IPN script is located
rm = how you need the data submitted from PayPal to your IPN script (1=get, 2=post)
currency_code = the currency you accept for your payment
lc = the country version of PayPal where your buyer is send to

There are much more variables, but we think that the other variables (product, order and shipment information) speak for themselves. Find a complete form provided with the example files.

To run some IPN enabled payment process we need a small script which will double check if the data which is send to the IPN script is valid according the data which is stored on the PayPal server. This feature is very important if your e-commerce accepts automatic payments.

The following code is able to check if the payment is valid against the PayPal server. Use this test to decide if the payment is valid or not.

$url = 'https://www.paypal.com/cgi-bin/webscr';
$postdata = '';
foreach($_POST as $i =&gt; $v) {
$postdata .= $i.'='.urlencode($v).'&amp;';
}
$postdata .= 'cmd=_notify-validate';

$web = parse_url($url);
if ($web['scheme'] == 'https') {
$web['port'] = 443;
$ssl = 'ssl://';
} else {
$web['port'] = 80;
$ssl = '';
}
$fp = @fsockopen($ssl.$web['host'], $web['port'], $errnum, $errstr, 30);

if (!$fp) {
echo $errnum.': '.$errstr;
} else {
fputs($fp, "POST ".$web['path']." HTTP/1.1\r\n");
fputs($fp, "Host: ".$web['host']."\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: ".strlen($postdata)."\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $postdata . "\r\n\r\n");

while(!feof($fp)) {
$info[] = @fgets($fp, 1024);
}
fclose($fp);
$info = implode(',', $info);
if (eregi('VERIFIED', $info)) {
// yes valid, f.e. change payment status
} else {
// invalid, log error or something
}
}

Paypal

As mentioned before there are some complete solutions available on the internet. If your e-copmmerce site doesn’t have a complex product catalog you should use some static code from the PayPal website. For this guide we checked the PHP toolkit provided by PayPal.

Code condition
The first thing I noticed the code is not very clean and is using a coding style which is based on older PHP versions (f.e. for systems using register globals = On)

Implementation
After some code clean-up it was possible to use the included file together with my Shop cart Script. Static variables are defined in one central configuration file and dynamic files are posted via the form in your web application.

IPN features
This script is written to handle the IPN validation process with different methods: cURL, fsockopen, and libcURL. I tried only the fsockopen option because this method looks good to me and should work on almost every web platform.

Documentation
There is a “Readme” file with the information about the most important features. A complete guide is not included and the information about subscription payments is missing in all files and documents. If you decide to start with the original files you should check also the comments within the configuration and example files.

Example files
The included files are good enough to jump start your paypal payment application. All files are included for a single buy button and also for processing the payment f.e. for the items from a shopping cart. The bad thing is that the bad coding style makes it not easy to integrate the script into you own application if you’re an PHP beginner.

As mentioned before I included my own example files to this PayPal payment guide. If you have questions about this code please post them to our forum, we’re glad to help. Don’t forget the code is provided as it is and we’re not responsible for the functions and/or risks while using this code.

Continue Reading

Get Adobe Flash playerPlugin by wpburn.com wordpress themes