February 14, 2005
PHP protected file downloads for your site's members
Hey, look! I just made a Google friendly entry title... And I did it because I want people to learn from the mistakes I made.
Suppose you have a website and you want to have some downloads available only to the members. Maybe you'll manually approve each member to protect your bandwidth and so on... What do you do? You'll most likely set up a members system in PHP (or integrate your downloads page with your exisiting members system) and then you'll write a script to check if the user is authenticated and / or has download rights and if yes pass him the file via the script. You do this "via the script" passing instead of a header redirect to the real location of the file because advanced users could note the real location of the file thus circumventing the protection.
If you have big files to protect (relative to your server's memory) don't make the same mistake I did. Do not use any PHP function that loads the file into the memory and than passes it on to the user. You'll expose the server your pages are hosted on to unwanted DoS (Denial of Service) risks. My client had some nice guy coming through an open proxy from Cambodia who hammered the server with 5 to 10 requests per second for software-download.php?id=435. What happened was that PHP tried to load 10 * 85 megs per second and I'll let you do the math and figure out how much it took it to run out of memory... I caught the bastard by activating Apache's mod_status module and watched what was happening in real time.
I'm still thinking about an easy solution for this problem, except splitting up the huge files with RAR or banning more than 1 connection from one user in an X minute interval which creates some database overhead.
Return to Cavnic
Oh yeah. Monday morning or noon, or whatever it is. I'm sitting in front of my computer trying to do some work, my joints hurt and there's a nice blue spot on my left leg where the ski lift dragged me from... Just the usual symptoms showing that this weekend we spent some quality time on the slopes at Cavnic.
Saturday was a really event packed day: Ioana worked in the morning (til 12:30), a friend came and picked us up from Baia Mare, we made a short stop at my parent's house in Baia Sprie to pick up our stuff, arrived to the slopes at 14:30, snowboarded our ass off, returned to Baia Sprie at around five o'clock, went to the birthday of my cousin's kid, ate well, drank well, fought sleepiness, finally arrived back to Baia Mare at about 22:30, little detour to my place to manage those download jobs, then back to Ioana's place and bed.
Sunday was much more straight forward but it started pretty sadly when I woke up and saw it was raining outside. I thoght it will be the same up on the slopes but Ioana insisted that we go and so we went. After all, we had a free ride and nothing to lose. To reach Cavnic from Baia Mare you have to go through Baia Sprie (where we made to usual stop to pick up our equipment) and three villages: Sisesti, Danesti and Surdesti. Well, somewhere after Surdesti we reached another world. The rain or rainy snow we experienced in Baia Mare and Baia Sprie was replaced by genuine snow and the surroundings slowly transformed to a real winter wonderland. The road was bad though and at the end of Cavnic we had to make a stop to equip the front wheels of the trusty Dacia with a pair of chains. We reached the slopes and had a really nice time with hot tea and some warm pie included. And a lot of snowboarding of course.
The only negative event of the weekend happened on our way back when because of the bad weather conditions we made a one-eighty with the car in one curve. Fortunately nothing really serious happened except losing the front bumper. Anyway we got pretty scared. For me it was the first "accident" like experience and I hope I'll never experience something like this again.
Oh, I forgot the important stuff: yesterday Ioana managed to master the skilift. Hurray! :)
February 12, 2005
Google ads and even more spam
So here they are. On the individual posts page, right under the post text and above the comments. According to Google's policies I can't encourage people to click them so I'm not. ;) And yeah, I know the page flickers while loading in Firefox but I guess that's a browser problem.
I decided to insert them because I seem to receive big numbers of visitors daily (over 200). Unfortunately I'm more than sure that most of these visitors (more than 50 percent) are spambots coming through various proxies. Thankfully Jay Allen's MT-Blacklist is doing a wonderful job, because at the time I'm writing this it blocked more than 1000 comment spams and as a plus nothing made it through to be shown on the site itself. Kudos for the great plug-in!
But my referer log is practically unusable after being flooded with viagra, cialis, poker, casinos and the alikes (here's a sad screenshot of the top referers). It looks like after the measures Google and the major weblog software developers took against comment spamming, the spammers are getting back to good ol' referer log spamming. Well, at least my stats are password protected so there's no chance they're getting pagerank from that. Hah!
If you want to see what a slimeball as the ones who are doing this has to say about his "job" read this interview on The Register. What can I say? Nice job...
February 3, 2005
Froogle sells my stuff without my consent
All this time I've been living in error! I thought I'm not selling anything through this site but there came Google to prove me wrong. It looks like they (as in they = Froogle's algorithms) decided that you can buy my TMBase badge from 2003 for $20. And I'm not even bothering to understand what I'm selling on my page containing an entry about the mIRC registration page. It's waaay too twisted...
Here's a screenshot just in case the results vanish over the night. And no, I'm not selling that badge.