WP-Premium Free

Visit the WP-Premium Website

No related posts.

sudo apt-get install apache2

LAMP’s central software package is Apache, the open-source web server. Although originally designed to run on Unix based machines, webmasters can now install Apache on Windows easily through an XAMPP based installation. In fact, most of the steps in this tutorial can be ignored by choosing to install XAMPP.

sudo apt-get install php5 libapache2-mod-php5
sudo /etc/init.d/apache2 restart

The PHP scripting language will allow webmasters to create any run almost all of the popular web publishing platforms: WordPress, Drupal and MovableType all use PHP on the backend. With hundreds of inbuilt functions, such as file system and socket management, PHP can handle most any web app with ease – from the most basic TODO list app to the largest user-submitted encyclopedia in the world.

sudo apt-get install mysql-server
gksudo gedit /etc/mysql/my.cnf
bind-address = 127.0.0.1 <-- change to IP address
mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yourpassword');
gksudo gedit /etc/php5/apache2/php.ini
extension=mysql.so <-- uncomment (remove semicolon)

Now it’s time to install a RDMS system called MySQL. It’s a server-based database program that can hold information on your webserver, such as blog posts, forums, web stats and large amounts of textual data. After proper configuration, MySQL can scale well enough that some of the most popular websites in the world deploy it: FaceBook, Google and Wikipedia are just a few of the sites that use MySQL to power portions of their web empires.

Two requirements are needed for a basic installation. Upon configuration, MySQL must know which IP address to bind with and a root password needs to be set. After that a single line in php.ini must be changed in order for PHP to load the MySQL extenstion upon loading.

sudo apt-get install libapache2-mod-auth-mysql php5-mysql phpmyadmin

Fourth on the list is to install various tools and Apache mods. This includes MySQL authentication and the MySQL mod that will allow communication between MySQL and PHP5. Another tool is the web-based phpMyAdmin database app, which can be used to administrate MySQL through any popular browser. All of the command-line statements can be issued with phpMyAdmin, and many of those are simplified through use of a GUI.

sudo /etc/init.d/apache2 restart

The final step is to simply restart Apache. After loading, Apache should be able to process and serve PHP scripts that communicate with MySQL (such as WordPress and Drupal) and will load when Linux boots. Any errors encountered during this last step can be debugged and fixed by looking through the log files (usually in /var/log/apache2) and by double-checking one of the configuration files.

No related posts.

A good user-login system should do three things:

• 1. Allow the user to enter a username and password.
• 2. Validate that information and return success or otherwise.
• 3. Perform basic checks on $_SESSION login after the initial login.

The scope of this particular article will focus on the first stage of authentication, which centers on validating user input and establishing a very basic authentication scheme. In later articles, coders will focus on the more advanced concepts of security salts, and techniques to continue validation well after the user has initially logged in, by checking information just as the user’s browser agent and login time.

Assumptions: This tutorial will be using MySQL and PHP. Apache as a server platform is not required, and any server that allows PHP to manage a HTTP POST will work.

For the back end storage solution, many coders may choose to use one of the two versions of MySQL that are included by most shared hosting and VPS providers. With proper scaling configuration, MySQL can handle large sites with hundreds of thousands of users and even by default can handle most any variant of this tutorial.

There are five basic bits of information that are prudent for any login system: the user ID (which should start at zero and increment up for each new user), the users name, password and email, and finally the user-agent string from the browser they logged in through. This user agent string will be updated on each successful login, and can be used to determine if a user is being subjected to a man in the middle attack (which is more advanced, and will be covered in another post). Insert the following SQL statement into phpMyAdmin or MySQL to create the user table.

CREATE TABLE siteusers(
	u_id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
	u_name VARCHAR(32) NOT NULL,
	u_password VARCHAR(32) NOT NULL,
	u_email VARCHAR(128) NOT NULL,
	u_useragent VARCHAR(128) NOT NULL
) ENGINE = MYISAM ;

On the front end, the HTML form consists of three inputs: the username, password and submit button. For now the form code can be placed in a separate form.html file, however the PHP script will not execute unless the method attribute is changed to the correct file path. At the end of this tutorial, all the code is put together and can be safely contained within one single login.php file.

<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
	Username: <input type="text" name="username" /><br />
	Password: <input type="password" name="password" /><br />
	<input type="submit" value="Login.." /><br />
</form>

The following twenty lines of code contain limited commenting, however it is rather easy to understand. Step by step, this code simply detects the browsers state and acts accordingly. If the browser has issued a POST statement, it means the user has likely entered their login credentials and pressed the submit button. From there, it connects to a defined MySQL database and captures the POST variables. Here is where things might get tricky, and require further explaination.
One effective way to deter SQL injection attacks is to escape any variables before using them within a SQL query. This means that PHP adds a back-slash in front of any quotation marks or apostrophes, thus preventing MySQL from unknowingly executing multiple statements (such as defaulting the user ID to an administrator, or forcing MySQL to empy the table entirely). PHP added a function called mysql_escape_string() that can be used as a preemptive measure for SQL injections and malicious users destroying data.

The second part is to calculate a MD5 hash of the password, and this is done so that if an attacker gains access to the database, they will only encounter a list of thirty-two character hashes rather than plaintext passwords. Converting those hashes into the original passwords would take lots of computer power to create a MD5 collision, and not many attempts to do this have been successful. The second section of this tutorial will cover the salt concept, which adds a secondary string to the MD5 calculation, which makes it even harder to convert.

Once the HTTP POST variables are processed, the code then queries the database that was created in the first step for the following: if there is a user with the same username and password as was submitted, return their information; otherwise stop. After this executes, the mysql_num_rows() function counts how many users matched the original query and returns that number. If its zero, the script simply redisplays the login form with an error message claiming the info was invalid, however if one or more users matched, then their username is added into the $_SESSION scope, which is used to validate the user on each subsequent page view.

<?php
	// Edit: select your database here
	mysql_select_db("database-name");

	if($_POST){
		$tempuser	= mysql_escape_string($_POST['username']);
		$temppass	= md5(mysql_escape_string($_POST['password']));

		$res = mysql_query("select * from siteusers where u_name='$tempuser'
		 and u_password='$temppass'");
		$num = mysql_num_rows($res);
		if($num == 0){
			// user entered wrong username or pass; not logged in
			echo "Invalid username or password.";
		}else{
			// user is logged in
			$_SESSION['uname']	= $tempuser;
		}
	}
?>

Connecting it all together, the login form can be returned from within a function, and placed inside of the PHP script, thus condensing everything into thirty or so lines of code.

<?php
	// Edit: select your database here
	mysql_select_db("database-name");

	function showLoginForm($msg){
		$tempMsg = ($msg) ? $msg : "Please login:";
		$temp = "
			<b>$tempMsg</b><br />
			<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">
			Username: &l;tinput type=\"text\" name=\"username\" /><br />
			Password: &l;tinput type=\"password\" name=\"password\" /><br />
			<input type=\"submit\" value=\"Login..\" /><br />
			</form>";
		return $temp;
	}

	if($_POST){
		$tempuser	= mysql_escape_string($_POST['username']);
		$temppass	= md5(mysql_escape_string($_POST['password']));

		$res = mysql_query("select * from siteusers where u_name='$tempuser'
		 and u_password='$temppass'");
		$num = mysql_num_rows($res);
		if($num == 0){
			// user entered wrong username or pass; not logged in
			echo showLoginForm("Invalid username or password.");
		}else{
			// user is logged in
			$_SESSION['uname']	= $tempuser;
			echo "Welcome back, " . $_SESSION['uname'];
		}
	}
?>

As a reminder, this tutorial covered the basic concept of using PHP to authenticate a user. The next part will cover more advanced topics, such as salts, browser strings and using timestamps to expire a users login session.

No related posts.

While some could say such a dramatic change in the way a blog is maintained could destroy an authors rhythm, there’s nothing wrong with ditching any inbuilt editor that is slow and buggy for something that has the potential to increase your productivity. In fact we decided to starting posting from the desktop right away on our brand new blog, and over the course of a week we installed and tested over 25 apps of various ability – some of them were free, and some of them just plain didn’t work. We removed the ones that didn’t cut it and offer you our choices for the ten best Windows based blogging editors.

Pros:

• Extensive editing – use hundreds of Office features to post on your blog.
• Very simple XMLRPC transfer to WordPress
• Inline grammar and spell-checking

Cons:

• Expensive (but has two-month free trial)
• Installs extras such as Groove.
• Learning curve from Office 2003s UI to 2007’s ribbon interface.

Microsoft Office 2007 offers a robust interface that combines all of Word’s famous features into one incredibly useful blog publishing desktop app. With literally hundreds of visual formatting options, possibly the most useful feature includes the ability of embedding charts and diagrams with Office 2007’s SmartArt, choosing from over one-hundred different variations, including matrices, relationship patterns and pie charts.

Pros:

• Increased API support for WordPress and SharePoint.
• Video support – upload from YouTube, MSN and others.
• Extensive plug-in support with hundreds of available third-party add-ons.

Cons:

• No support for WordPress “custom fields”
• Some blog themes don’t download and display correctly.
• Limited support.

Live Writer was initially released as a stand-alone product, but has recently been embedded into the Windows Live set of apps, available from Microsoft. Live Writer is a very polished offering, and is currently the only app on our list that includes a plug-in system  with hundreds of third-party developers.

Great as an all-around blog publishing tool, Live Writer also caters to the photoblog community by allowing photo manipulation functionality through a set of treatment filters. These include the base cropping and resizing, along with more advanced techniques like drop shadows and tilting. Or if you’re really slick, you can simply create an entire photo album and let Live Writer stack and sort your photos. Included support for LightBox and inline image preview, as well as plug-ins for social sites such as Digg, Flickr and Twitter.

Pros:

• Publish to multiple blogs in one click.
• Easy image upload and manipulation.
• Automatic upload of local files just by linking to them.

Cons:

• Old Windows 2000 style interface.
• Only updated twice since Summer of 2007.
• Minor issues while running on Microsoft Vista.

BlogDesk is one of the older offline blog publishing apps, version 1.0 being released in September 2005, and while the app saw major updates during the first two years, BlogDesk has only been updated twice since April of 2008. However, BlogDesk does offer enough core functionality to overcome the lack of updates, and its use of Wizard-style interfaces can boost your productivity by automatically setting up posts through templates and simple macros (such as automatically uploading a local file simply by linking to it in a post draft.)

While many of the apps in our list offer the same features, BlogDesk won us over by letting us modify WordPress custom fields. We use custom fields to attribute thumbnails and front-page excerpts for each post, and none of the other clients even acknowledged this feature. BlogDesk also allows authors to pull and edit posts directly from your blog, and offers handy notebook storage and a contextual tag generator.

Pros:

• Tabbed editor interface.
• Post to multiple blogs.
• Install as a portable application.

Cons:

• Older interface makes app seem outdated.
• Developers have given up on updating it.
• Limited support.

ZoundryRaven is an open-source blog publishing app in need of a good coder or two to pick up on futher development. Overall, ZoundryRaven offers almost everything that the other apps include, but unlike the others, you have access to the source code and thus can fix bugs and add new features should you be so inclined.

ZoundryRaven supports media uploading to a host of different sites, including Picasa and ImageShack, and allows blog owners to maintain and search through all of their posts by indexing tags, links and image data. The major competitive edge is ZoundryRaven’s tabbed interface, which allows for WYSIWYG and XHTML source editing, along with simple drag and drop awareness of images, text and videos from the web.

Pros:

• Template editing.
• Full UTF-8.
• Portable version for use on a flash drive.

Cons:

• Last updated in December of 2007.
• New blog platform APIs are not supported.
• Limited support.

w.bloggar is a very outdated, but Lockergnome recommended Windows based app, that covers all of the things you’d expect, but it’s lack of developer support leaves out many of the new API capabilities introduced with new platform releases such as WordPress 2.8. Authors who are just looking for a bare-bones publishing app will find that the free w.bloggar fits the bill just fine, while anyone looked for more advanced options might want to stick with Live Writer.

Pros:

• Template editing.
• Full UTF-8.
• Portable version for use on a flash drive.

Cons:

• Couldn’t get it to run, even after 3 reboots.
• Took a lot of memory when testing it (over 80MB).
• Written in Java.

Pros:

• Modern user interface and API support.
• YouTube, Flickr and Image embedding.
• Browser integration allowing easy blogging in seconds.

Cons:

• Expensive.
• Took a lot of memory when testing it (over 80MB).
• Written in Java.

BlogJet is a major player in the offline blog publishing space, with honorable mentions in over a dozen books and a magnitude of favorable online press all praising this Windows app as the king of the crop. However, we can’t really vouch for that, since BlogJet shares many of the same feature set as LiveWriter but its price starts at $39.95 for the low end version.

Price aside, BlogJet could end up well worth it for any author looking for a fully-featured blogging tool while on the road or just when hopping coffee shops. It’s post management tool caches all of your posts offline, and allows you to search, open and edit any post through a variety of query possibilities. Blogs with multiple authors, or authors with multiple blogs will favor BlogJet for its ability to manage many sites at once, even if they are using different blogging frameworks.

Pros:

• Post images to Flickr or using your blogs API.
• Portable mode.
• Hot-key support.

Cons:

• No technical support.
• Outdated and clunky interface.
• Doesn’t support the latest WordPress API.

There isn’t much information on Post2Blog, and all we could find on their website was a large text block explaining that the freeware download came with no tech support. In the end, that works out because Post2Blog is easy to figure out and use, and is completely free.

While similar to the other blog editors we’ve reviewed, Post2Blog lets you easily embed advertising in the form of Amazon links, as well as widgets and tags from sites such as Technorati, Delicious and 43 things.

Pros:

• Support for Windows, Mac OS X and Linux.
• Visual Editor with tagging support.
• Works well with Blogger.com.

Cons:

• Official site has the default WordPress theme.
• Last update was summer of 2007.
• Doesn’t support the latest WordPress API.

Bleezer is an older app, and as such we didn’t expect much from it. In fact, since Bleezer’s last update was in summer of 2007, it’s impossible to compare it with newer apps like LiveWriter. However, it’s a free app, and can do what it advertises – and that is providing a visual, wysiwyg interface with all the normal features you’d expect.

Authors who choose Blogger.com over WordPress or TypePad may find Bleezer more suitable, as there were quite a few code updates (during active development) to accommodate the new Blogger API.

The top four major browsers now all have some sort of plug-in or dedicated tool that allows you to quickly blog about your online experience, but Flock was one of the first to implement it. It’s nothing to blog home about (ahem) but Flocks blog posting interface does get the job done, and lets you do simple word processing from within a browser.

Pros:

• Lets you upload images and links.
• Quick and easy to use.

Cons:

• Limited visual editing.
• Just a side-product of the Flock browser.
• Doesn’t support multiple API features.

No related posts.

Information Collected

While we collect very little information about you upon visiting our site, we still feel the need to let you know that we will never sell, rent or otherwise release anything personal, to anyone, unless required to by law. This is pretty much the defacto policy for most websites, but we here at WebHost Checklist (both .net and .org) maintain to never upset our readers in a way that will prohibit them from returning.

Information such as your IP address, and browser’s user-agent string are processed into our Apache logs by default, and information that you manually supply include: your name (or handle), email address, website address and any comments that you submit through the WordPress comment form, or through our contact form on the top of each page. None of this information will ever be used to send unsolicited communication, and will not be used to advertise to you.

We will, however, publish third-party advertising on our site(s), and these third parties may require and or use personal information from you after you click on them. We cannot control what these third-party services do, but our best efforts will be used when choosing which networks to partner with.
If you have any questions about how your personal information is used, or to change any manually submitted information, please use the contact form provided in the JavaScript scroller on the top of every page.

No related posts.

No related posts.

No related posts.