Matt's Blog

Archive for the ‘Programming’ Category

Conditional Comments

Wednesday, August 15th, 2007

Conditional comments are special HTML comments that can be used to do certain things in Internet Explorer only without using any scripting. They only work in Internet Explorer and were introduced starting with version 5. This can be quite useful when making a Website because all Browsers don’t display things exactly the same. Usually Opera, Safari and Firefox all display it alike, but Internet Explorer may display it differently (for me, usually correctly πŸ˜› ). This is where you can use conditional comments to make IE use, say, some different CSS values than other Browsers.

Take Matt’s Blog’s current theme for example (the upcoming theme also does this). I use conditional comments to have a stylesheet called ie7style.css to be loaded if the Browser is Internet Explorer 7. In that stylesheet, it overrides values set in the main stylesheet to make the Sidebar display correctly in IE7. These conditional comments are only recognized in IE. Other browsers just see them as meaning-less HTML comments.

Conditional comments start are usually in the format of:

<!--[if <em>expression</em>]>Special IE Only HTML<![endif]-->

Usually (if not always) the expression contains “IE”. You can then add a version number after that (eg. “IE 7”). Here’s an example of what you would use if you wanted to show it to all versions (above 5) of IE:

<!--[if IE]>Will Show Up in Internet Explorer Only<![endif]-->

For IE 7 only:

<!--[if IE 7]>Will Show Up in Internet Explorer 7 Only<![endif]-->

You can only use operators such as less-than (lt), less-than or equal-to (lte), greater-than (gt) and greater-than or equal-to (gte). Here’s an example:

<!--[if gte IE 7]>Will Show Up in Internet Explorer 7 and Above Only<![endif]-->

Conditional comments are particularly useful for specifying IE only stylesheets that overwrite settings in the main stylesheet, to make your Site look good cross-browser.

You can see the full list of expressions in the Microsoft Developer Network.

Now, if only other Browsers would implement conditional comments…

PHP 4 Killed

Tuesday, July 17th, 2007

PHP 4 End of LifeThe PHP Team has released End of Life information for PHP 4. There will be no more releases of PHP 4 after December 31, 2007 (the end of this year), and critical security issues will no longer be patched after August 8, 2008.

PHP 4 was initially released on May 22, 2000. PHP 4 was a huge step-up from PHP 3, and people started using it soon after it’s release. PHP 5 was initially released on July 13, 2004. Although PHP 5 offered much more better things than PHP 4, PHP 5 adoption was taken very slowly. Mostly because PHP 4 offered everything people needed, and PHP 5 just improved on those features and added some other stuff that people didn’t really need, but they were useful. Even today, in 2007, PHP 5 is still second to PHP 4.

Hopefully the PHP 4 EOL will start to make people use PHP 5. Let’s face it, PHP 4 obsolete. Hosts have plenty of time to get PHP 5 on their servers, and software writers have lots of time to make sure their software works on PHP 5.

PHP 5 adoption by hosts would go a lot quicker if software starting requiring a minimum of PHP 4. is trying to get software writers to make PHP 5.2 a minimum requirement.

We’ve had this discussion on the WordPress WP-Hackers mailing list a couple of times. The majority wants to make PHP 5(.2) a minimum requirement. The “lead developers” haven’t really said much on the discussion, though. Although, by the looks of this post that Matt Mullenweg (founder of WordPress) wrote on his Blog, it doesn’t look like it’ll be happening anytime soon…

Protecting Forms From SPAM

Wednesday, July 11th, 2007

eMoms at HomeΒ is having another Group Research Project, so here’s my post. πŸ˜€ Β 

In this age of the Internet, SPAM is an inevitability. If you have a site that’s open to the public, and it has some type of Form on it, it’s only a matter of time before SPAM starts rolling in.

Sure, you can filter it out at your end, but why not stop it from even getting through? Why not use rudimentary techniques to stop SPAM bots from even getting the comment to the processing stage? These rudimentary techniques are easy for humans to easily pass, but SPAM bots will have a hard time with it.


Probably the most common way of trying to stop SPAM is by using a CAPTCHA. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. What it is a dynamically generated (in other words, on-the-fly) image that containsΒ a random string of letters, numbers and/or other characters or a word. The text is then made less readable by one or more of the follow methods:

  • distorting the text, such as by warping it
  • adding random lines
  • coloured shapes behind the text
  • grids
  • textures on the font
  • colours

There is a large flaw with CAPTCHA’s. People are making SPAM bots smarter and smarter, so CAPTCHA’s need to get harder and harder. That’s fine, but a lot of CAPTCHA’s cross the line of the human being able to read it. So, when it gets to that point, nothing’s going to get through that form, not even stuff from humans.

Another large flaw with CAPTCHA’s are that screen readers can’t read/see them. So when someone who is disabled or visually impaired comes to that form, they won’t be able to type in the CAPTCHA because they won’t know it’s there. Large corporations, such as Microsoft, have developed a way for the CAPTCHA to be spelled out. But, that’s extremely hard, and a waste of time, basically.

I’m not going to provide any code for CAPTCHA’s, mainly because every CAPTCHA should be different.

Simple Math

Another method of prevent simple SPAM bots from submitting SPAM into your forms is to make the submitter do some simple math. And by simple math, I mean like “1+1”, not “-(2x2 + 56 β€’ 3xy3r2wc6)2 = 3456″. πŸ˜‰ Which I don’t even think is possible. πŸ˜› Well, it might be…

Matt Cutts uses this technique on his blog, for comments.

Here’s some proof-of-concept code (note, this code might not work, that’s why it’s called proof-of-concept πŸ˜‰ ):

First of all, you would want to generate some random numbers. Now, since this is simple math, I recommend nothing over 10, so the user will, hopefully, know the answer without even thinking about it. I’m going to use the mt_rand() function. You could also use the rand() function, but mt_rand() is faster and is more random.

So, lets randomise some numbers!

$number1 = mt_rand(1, 10); 
$number2 = mt_rand(1, 10); 
$equation_string = $number1 . "+" . $number2; 
$equation_answer = $number1 + $number2; 

Now, you’ll want to use $equation_string right beside a new text input field.

Now, you could just take out $equation_answer and then store $equation_string in a hidden field and then process it on the flip side of the form. But, to make it easier, we’re going to do something different.

So, what you want to do is store $equation_answer in a hidden field (<input type=”hidden” />). But, wait, don’t leave it raw. By raw, I mean just the answer. It should be encoded first. For this, I’m going to use base64_encode(), simply because it’s decodable and it came to mind first. πŸ˜›

So, replace the second to last line in the code before, with this:

$equation_answer = base64_encode($number1 + $number2);

Then, in the processing part of your form, you’ll want to grab the value of the text field and the hidden field (so make sure you put a id and name on it), use base64_decode() to decode the answer and check if they match. Assuming you put the fields in the variables $user_answer and $equation_answer, respectively: (you better make sure they submitted a number, too)

if (!is_numeric($user_answer)) {
echo "That's Not a Number!";
$equation_answer = base64_decode($equation_answer);
if ($user_answer == $equation_answer) {
// Okay, passed, carry on processing...
else {
// Failed, stop the script...
echo "Your Calculation is Incorrect!";

And, there you have it. πŸ˜€


I have explained two different rudimentary ways of stop simple SPAM bots from even getting to the processing of your form. Please note, that it is nearly impossible to stop SPAM all together, but using a carefully thought out SPAM defense plan, you can a least minimize it.

Matt’s Blog Gets Class B Compliance

Sunday, June 24th, 2007

I have just made it so that all traffic going to will be silently redirected to Which makes Matt’s Blog a Class B (the preferred class) in‘s books.

If you’ve never heard of before, it’s basically a campaign trying to raise the fact that www. is/should be deprecated. They have 3 “ranks” or “classes”. Class A, B and C.

Class A All traffic to and is accepted, and no redirect happens.
Class B The preferred class. All traffic to is silently redirected (301) to
Class C The hardcore class. Traffic to is denied and the user can only access the site through This class is not recommended.

Most hosts default their DNS to Class A. Where all traffic to and is accepted. The problem with Class A is that Search Engines might penalize you for having duplicate content (because you have the same content on and and you might end up with Search Results with and without the “www.“. You could even have 2 different PageRanks for your main page, depending on if you check with www. or no-www. Google allows you to define which domain you would like to show up in their Search Results. You can do this through Google Webmaster Tools. But, Google is only 1 of the many Search Engines.

So, how can you redirect to Well, it’s actually quite simple. This way will only work on Apache servers with mod_rewrite enabled. First, create a file (or open it, if it already exists) in your site’s root called .htaccess (including the period, but nothing before the period). Then, place this code in it (replace domain\.com with your domain name, make sure you escape the period):

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://domain\.com/$1 [R=301,L]

Let’s go over that code now.

RewriteEngine On simply tells Apache to allow you to use the mod_rewrite module (make sure it’s installed, first).

RewriteBase / makes sure we’re working on the root domain.

RewriteCond %{HTTP_HOST} ^www\.domain\.com$ [NC] tells the Server to see if the URI requested has the domain The [NC] tells it that it’s case-insensitive.

RewriteRule ^(.*)$ http://domain\.com/$1 [R=301,L] says that if RewriteCond is true to silently redirect the user to ^(.*)$ holds the value of what was after the original URI. $1 then makes sure that they’ll be redirected to the same page they requested. [R=301,L] will tell the User-Agent (browser, or bot) that the redirect type is 301 Permanent and and L tells the Server that it’s the last rule.

Note: If you’re using WordPress for the site in question, the above code must go above WordPress’ redirect stuff. So place it somewhere above # BEGIN WordPress.

Then, save the file and upload it to your site’s root. Now, all that’s left to do is to get Validated by Go here to do that. Your site should now be a Class B!

That’s it, your site is now even more Search Engine friendly.

Get it? Got it? Good!

BlueFur Code

Tuesday, June 19th, 2007

BlueFur CodeBlueFur Code has now been officially launched!

BlueFur Code is a Group Programming Project that will develop different kinds of PHP-based software. All programmed by whoever wants to help out. I submitted a great way on how to carry this out. By using Subversion (SVN) and Trac we will be able to actually work as a Group and be able to efficiently and easily manage everything.

The first project that we will be working on is a site scraping RSS Feed producer. Basically, it’ll crawl your site and get the content out of it, and shove the updates into an RSS Feed (I’m sure we’ll add more Feed Publishing Standards, such as Atom). Which visitors of said site can subscribe to, and then get the updates to it in a simple Feed. So, basically, you’ll be able to offer a “Site Updates Feed”.

All the software we make will be Free and Open Source (I’m guessing it’ll be under the GNU General Public License).

I think BlueFur Code is a great concept and hopefully it’ll take off well. I can’t wait to see some progress with the Projects. πŸ˜€

The current plan is to allow users to be able to Register on the Trac Project for the project we’re working on, and then they’ll be able to submit tickets, etc without having someone create an account for them, or having anonymous Ticket creation. A test will also be given to determine the contributors PHP/MySQL skill-set level, and Subversion Repository access will be given from there.

If you’d like to help contribute, head over to this BlueFur Code Blog post, and post a comment.

I plan on helping out a lot with the BlueFur Code projects; I’m sure it’ll be fun.

I helped get Trac and Subversion configured and working on BlueFur Code. So, I’ve already started contributing, even before we’ve started working on the Projects. πŸ˜€

I’ll be writing up a post later on how to configure Trac and Subversion.