Important: All the bulleted points’ headings are hyperlink to
code) Common code link
1.
.htaccess
: This is used to set home page of site
something else than index.* Also, any page opened like *.htm is interpreted as
*.php This is done do hide that its a php site
2. img Folder: files in this folder serve as random
backgrounds for captcha.
3. connect.php : This code loads db details and creates a
connection to db.
4. dbHandler.php: This
code provides common methods which are intermediate functionalities specific to
application and use connect.php to talk to DB.
5. dbdetails.php: When code is deployed at new server, these DB
details will change.
6. captcha.php: This
is the code to generate captcha as an image output to browser. Treat this file
as an image . As per config in htaccess , you can refer it as captcha.htm also.
This will generate two random numbers and save the output in session for future
input verification. Captcha puzzle is printed on random location in a random
image chosen.
7. hkproject1.sql : This
is to generate a table in db with required fields to save opt ins.
10. thankyou.php: This
page is opened after successful submission on register.php and simply shows a
success message based on query string parameters.
1. MySQL : One mistake I did here was, I didn’t pay much attention to environment I used for dev and production. I developed on local using
latest xampp ( Windows based) and deployed on goDaddy linux based localhost MySQL. On dev box root was used as user and blank as password,
lucky me that I kept configurations in separate file, so edits while deployment
were easy. One more thing, after creation of new DB on goDaddy, it takes a
while , before you could actually connect to the DB, for me connection started
working after 3 hrs, during these three hrs I was doing a lot of hook and crook
to connect to db on production. Obviously, turned a waste of time after three
hrs, since it was only first time issue to be faced after DB creation.
One more thing here, in the table we
store opt ins, I created an extra column of type timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP , so that it may be tracked when user actually
signed up, just in case, this info is required in future. Also , ALTER TABLE `signups` ADD PRIMARY KEY
(`email`(256)); The email
was kept primary key here, to avoid multiple signups by same user again and again at DB level itself.
2. DB access: In PHP , which methods I use to connect to MySQL greatly depend on what version of PHP I am using
on both devand
production environment. So be extra careful here to use similar dev box as production. For some fields, I
wanted to allow deliberately some characters like ‘ in the field, so I had to do $firstname =
$this->conn->real_escape_string($firstname);
before putting value in the query.
3. General :
·
At many places, while development, I actually wanted to see errors
and warning which were being suppressed by framework, so had to use : error_reporting(E_ALL);
·
At one place session start code was required to be moved to top of
the php file, before any kind of html even, this seems to be weird behavior
of php
·
I thought, before actually starting session, it was always wise to
check existing one like :
if
((function_exists('session_status') && session_status() !==
PHP_SESSION_ACTIVE) || !session_id()) {
session_start();
}
·
On PHP side, it was easier to validate email format like :
if
(!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
$email = strtolower($email);
$emailValid = true;
}
Here I specifically converted email to lower, because I wanted to
keep this field as primary, and you never know end users behaving as monkeys
who sometime use same email with some characters upper case.
·
On success of submission of data, I took user to thankyou page with variables in query string.
But since I was trying to use query string I made sure to use urlencode
and decode
on sender and consumer side.
·
It is always advisable to hide page extensions to make it
difficult to hackers, so all my pages in my deployed version look like *.htm This I achieved using .htaccess entry : RewriteRule ^(.*)\.htm$ $1.php [NC]
·
Default page in my application was different than index.*, so I
used RewriteEngine on ( enter) DirectoryIndex brrr.php in .htaccess
4. Custom Captcha: For mathematical captcha, I used
sessions to validate user input. I had thousands of images in a fixed folder. I
picked a random image from this folder using scandir($dir);
$randomImage = $dir .
"/" . $images[rand(2, sizeof($images)-1)];
On the top of this image , using imagestring, I printed
the string, whose answer is saved in session. $im =imagecreatefrompng($randomImage);
$textcolor = imagecolorallocate($im, 0, 0, 0);
$randX = rand(0,100); $randY = rand(0,200); imagestring($im, 5, $randX, $randY , $displayText , $textcolor);
header('Content-Type:
image/png'); imagepng($im); imagedestroy($im);
Please note that text is also printed at random location on image.
On UI I also gave a refresh button,
using Jquery code above mentioned php was reloaded and new answer is saved in session
with altogether new captcha to display:
$(document).ready(function
() { $("#reloadCaptcha").click(function () {
$("#myCaptchaImage").attr("src",
"captcha.htm?randomToRefresh=" + (Math.random() * 10));
$("#answer").val(""); ApplycssValidation()
});
});
Please don’t get puzzled with
Math.random in javascript code, which is just to avoid caching of captcha image content on client side.
5. CSS / html / UI / look and feel and
validations on client side: Even though this assignment
was specifically concentrated on PHP / MySQL, but moral
responsibility of a developer is to make sure, it is usable. So I reverse
engineered manywordpress templates to
make something good looking , jquery/javascript validation obviously had to be form specific,
but styles are easy to copy paste , so I did .