Web Dev Blog

Why Change Your php.ini file?

Both PHP for Windows and Linux ship with pre-configured .ini files with settings common to most PHP setups. The Windows installer (which I recommend if you’re using Windows for a development machine, or even have your live site on Windows) goes a step further and also will add lines to your php.ini file through a simple GUI that enable both your web server and desired PHP extensions.

Most people will leave these the rest of the .ini file unchanged, but there are some changes that can make life much easier. Below are my recommendations for changes to the default php.ini file. The line number is next to each changed line, and is accurate for Windows PHP 5.25 distributions.

Short Tags

Short tags are PHP tags like this <? ?> and were very common a few years ago and taught to me in my Web Technologies class at NYU. You should generally allow these, especially if you are working with inherited code. This setting was the cause of over an hour of frustration when I moved an application to a new server and it suddenly wouldn’t load.

131 Orig: short_open_tag = Off
131 Mine: short_open_tag = On

Maximum Execution Time

For some reason this is only set to 30 seconds by default. Some heavy hitting scripts that write to disk, retrieve information from the web, or other things where waiting is involved, can run longer than 30 seconds. The cron.php script for a Drupal site that I work on customarily runs for over a minute.

303 Orig: max_execution_time = 30
303 Mine: max_execution_time = 240

Memory Limit

I’ve found that many high traffic sites will run out of memory when this is set to 128m. This setting is per script, so if 10 scripts are executing at once, you can easily max out your memory. If you’re using more than 64m for a certain script, you need to optimize your code, or split up functionality into more than one script.

306 Orig: memory_limit = 128M
306 Mine: memory_limit = 64M

Display Errors

I would recommend the following change only for development machines, not live severs. When set to “On”, PHP will output the error directly to the screen in addition to your error log (if enabled.) This can be very useful for debugging.

372 Orig: display_errors = Off
372 Mine: display_errors = On

Error Log

This is another setting I would only recommend doing on a development machine, not a live server. When uncommented and supplied with a valid filename, this will output all errors and warnings to an error log file in the base directory of your server root. Again, very helpful for debugging and development.

428 Orig: ;error_log = filename
428 Mine: error_log = errors.txt

Upload Filesize

On the chance that you are uploading files in your scripts, this is a handy change to make. I’ve found that 4M is a much friendlier setting, especially with digital picture uploads, which are regularly more than 2M.

597 Orig: upload_max_filesize = 2M
597 Mine: upload_max_filesize = 4M

Session Name

When using sessions, PHP will create cookies to store information and the below setting will be the name of the cookie. When in doubt, give a malicious user as little information as possible, and this setting exposes the fact that you are using PHP sessions. Pick a more general name.

1010 Orig: session.name = PHPSESSID
1010 Mine: session.name = XYZ

Don’t forget to restart your web server after making any of the above changes.

Debugging Can Be Difficult

Debugging a PHP script can be a difficult task, especially when code is located over many files. Trying to debug a complicated CMS like Drupal, where function calls are not always explicit and may be implemented as hooks, can be an outright nightmare.

Magic Constants

Luckily, PHP has a few not so well known magic constants that can greatly aid developers. I think the most useful of all is the __FUNCTION__ constant. This function will return the name of the function that it is called in. To use effectively add either of the following two statements to the first line of each function in the file(s) of code you are executing:

echo('Current Function: ' . __FUNCTION__);
error_log('Current Function: ' . __FUNCTION__);

After you execute your script or page, you will get a chronologically ordered function by function run-down of what has been executed. Note that you must choose either echo or error_log ouput, where appropriate. Echo will output directly to the screen, but may not work as expected in some circumstances where your output is buffered, or echo’s happen amid hidden page elements. The most reliable way is to use error_log() to output to your server’s PHP error log. Unfortunately, this log may not be viewable in some hosted site situations where you have limited access to PHP’s configuration.

Other magic constants are also available for debugging object oriented PHP code including __CLASS__ and __METHOD__. The constant __FUNCTION__ will return the same method information when a function is inside of a class, so you can just use __FUNCTION__ instead of __METHOD__.

The last two magic constants are __FILE__ and __LINE__ which do pretty much exactly what you think they would do. For more information on PHP’s magic constants, check out this PHP manual page.

Background

Displaying your email address on your site as text has always been risky. Why? Long ago, spammers created bots that searched the web for email address (by looking for something in the xxxx@yyyy.com format) and then spammed them to oblivion. As a result, web developers often use little tricks like writing out the @ symbol (xxxx at yyyy.com) or inserting a little image of an @ symbol between the username and the domain to prevent a spambot from reading the address. Another problem arises when a user wants to display their name on a website, but doesn’t want a search engine to be able to read the name and then associate it with the site in the engine’s search results. PHP allows a solution for both of these scenarios that is versatile and easy to implement.

Dynamically Generated Images

One of the many powers of PHP is its ability to generate images dynamically, meaning on the fly, when a page is requested. PHP uses the GD extension to create gifs, pngs, jpegs, etc and manipulate them with a small set of predefined functions. The idea here is to display a dynamically generated image of your name or email address that is invisible to search engines, because it is an image and not text.

Why not use Photoshop or another similar program to make an image of a name for one time use? Well you could do this, but what about a situation where data is displayed dynamically, like on a blogging site, where new users sign without the intervention of a web developer? You wouldn’t want to have to manually create an image each time this happened. Dynamically created images in PHP are the solution.

Inserting Dynamic Images Into Your Site

PHP scripts that generate images can only generate images. They cannot have html or other PHP elements echo’d out to the screen. In order to get them to work, you have to isolate the script that generates the image from the script (or page) that displays the image. Let’s say we want to display our email address on our page home.php, and we have a script that generates the image of our email address in email_address.php. To accomplish this, we would need to have an <img> tag on home.php that pointed to email_address.php. Here is what the tag on home.php could look like:

<img src="email_address.php" alt="" />

Note that we are substituting our image generating script into the spot where we would normally have the name of an image, but we keep the “.php” extension.

The Script

To use this script, copy the below code into a file and save it as disguise_text.php and upload it to your server. Then, follow the instructions in the “Implementing the Script” section.

<?php
//get name from passed arg
$text= base64_decode(urldecode($_GET[text]));
//width per char is based on experimentation - yours may be different
$width_per_char = 6.25;
//image height and width
$length = $width_per_char * strlen($text);
$height = 15;
//create image
$img = imagecreatetruecolor($length, $height);
//define used colors
$white = imagecolorallocate($img, 255, 255, 255);
$black = imagecolorallocate($img, 0, 0, 0);
//set the background to white
imagefilledrectangle($img, 0, 0, $length, $height, $white);
//write name in black
imagestring($img, 2, 2, 2, $text, $black);
//output header and generate image
header("Content-Type: image/png");
imagepng($img);
?>

Implementing the Script

After you have uploaded the above script to your server as disguise_text.php, insert the following image tag into the page you want to display the image (paste onto one line - it is separated due to column width):

<img src="http://www.ebrueggeman.com/blog/wp-admin/disguise_text.php?
text=<?php echo urlencode(base64_encode('jwaters@apple.com')); ?>" 
alt="email address" />

Here is what the above code actually generates:

Notes

Without getting overly complicated, the example we have uses size 2 of PHP’s default font to display the text. The auto image width feature of the script is based on the width of this particular font with this size. If you are going to change the font, make sure to change the $width_per_char and $height variables to accurately represent your font. Also, as shown above, the script only works for pages with white backgrounds. To display the image with a different color background, change the RGB values of the “$white = imagecolorallocate($img, 255, 255, 255);” code to match your background.

Conclusion

Generating images in PHP is easy if you know the basics, and hiding text from search engines can be a useful tool. Check out this related article on Image Optimization in PHP