Posts Tagged PHP

Synology Antivirus Essential detects PHP.Exploit.CVE_2015_2331-3

Today my DiskStation emailed me about detecting malware in the system files. When I looked at the log, I saw this:

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

It appears this is a false positive in the ClamAV database.

Further reading:

If your Synology reports the same, simply restore the quarantined file, update virus definitions, and re-scan. It should come up clean. If you had configured Antivirus Essential to automatically delete files, you may have to restore the DSM OS to get the file back.


Leave a comment

Determine if current user is an admin in WordPress using PHP

You can determine if the current logged-in WordPress user is an admin and take a certain action in WordPress using PHP. If you’re using a PHP widget plugin, you can use this code in a PHP widget to show or do something if the current user is an admin. You can also use this to limit the display of a block you might be working on to only admin users while you’re working on it.

This method is ideal because only admins have the manage_options capability.

Comments are welcome below. Thank you.


Leave a comment

How to create an unfiltered input type in Drupal 7

The default input types in Drupal strip out unapproved HTML tags and optionally format links with tags. If you’re creating a block for some more advanced purpose, such as the insertion of JavaScript or other HTML that you don’t want stripped, you will likely want an input type with no filters.

Note that an unfiltered input type will not support PHP; you must enable the PHP module for this. Once you enable the PHP module, it will create an input type specifically for PHP. The PHP block will allow unfiltered HTML, but may present an unnecessary security risk.

To create an unfiltered input type in Drupal 7, do this:

Go to Configuration > Content Authoring > Text Formats

You should see the default text formats appear.

Click add new text format and give your new text format a name, such as “Unfiltered HTML.” Choose the roles that will be allowed access to this input type. Be aware that allowing untrusted users access to an unfiltered input type may have security implications. Don’t check anything under Enabled Filters. Click Save Configuration.

That’s it. Your input type is now ready for use.

Now, if you want to create a block with unfiltered content, such as the display of JavaScript code, simply choose “Unfiltered HTML” as the input type of the block.


Leave a comment

How to generate a unique time-based hash in PHP

This PHP code is especially handy if you want to generate a time-based hash for some security purpose. You can adjust the code to generate hashes every month, every day, or down to every second if that’s what you want. These can be used to generate automatically-changing passwords, password salts, time-based challenges, etc.

NOTE: This is example code only and shouldn’t be copy/pasted for use in a production environment. Instead, modify the code below and change the hash function, the date string, and maybe add your own customizations. See the PHP date() and hash() manual pages for reference.

// length of hash to generate, up to the output length of the hash function used
$length = 12;
// The following should retrieve the date down to your desired resolution.
// If you want a daily code, retrieve only the date-specific parts
// For hourly resolution, retrieve the date and hour, but no minute parts
$today = date("m.d.y"); // e.g. "03.10.01"
$out = substr(hash('md5', $today), 0, $length); // Hash it
echo "$out";

I’m sure there are plenty of other ways, but this is a code snippet that I used. Feel free to share your thoughts on this in the comments below, thanks!

Leave a comment

WordPress 3.2 admin area display errors under suPHP

If you do the automatic upgrade to the recently-released WordPress 3.2 and notice the admin area displays incorrectly, you may need to reset some file permissions.

Simply run the following from your web root:

chmod -R g+r,o+r *

Should be all set.

, ,

Leave a comment

Integrating Smart 404 into the Suffusion WordPress theme

By default, WordPress does very little for a user who lands on a 404 or ‘Not Found’ page. The WordPress Smart 404 plugin can help with this, by attempting to match terms from the URL to published articles. This is something you want especially if you change your categories or tags because your old tag- and category-based URLs will not display anything useful to your visitors. Instead of losing them to a 404 page, show them what they’re looking for — or at least come close.

I use the Suffusion theme here on my blog, and I know it’s a very popular plugin as well, so here’s how to integrate Smart 404 nicely within Suffusion.

Obviously make sure you have both the Suffusion theme and the Smart 404 plugin installed and activated.

Open the theme editor by going to Appearance > Editor and load the 404.php file, change it to include the smart404_suggestions PHP function call as follows:

+ &lt;?php
+ if (function_exists('smart404_suggestions')) {
+ echo &quot;<br /><br />Here's some posts that may be close to what you were looking for:";
+ smart404_suggestions();
+ echo "<br /><br />You might also try searching.";
+ }
+ ?&gt;
  </div><!--/entry -->

This wraps the smart404_suggestions function nicely in a PHP function_exists call, which will prevent PHP errors if you later decide to uninstall the plugin.

Be aware that if you update your theme at any point, you may have to redo this edit.

Questions, comments, and feedback about this are welcome and appreciated. Thank you!


Leave a comment

Bad Behavior on Drupal 7

Bad Behavior is a set of PHP scripts that is designed to keep your blog or forum clean from spam by taking a much different approach than typical solutions. While I could go into a big explanation, you can read all about it here

That said, Drupal 7 is available for download, but the Drupal 6 Bad Behavior module has not yet been ported to Drupal 7. These instructions will help you get a very crude installation of Bad Behavior protecting your Drupal 7 site, albeit in the “no logging” mode, which is not the preferred method. If you’re familiar with Drupal 7 enough to attempt a port, I would ask that you please visit the Drupal 6 module and contact the developer. The Drupal community would greatly appreciate it.

These instructions are based on the Bad Behavior Porting Guide.

First, download Bad Behavior from

When you unzip it, you should have a folder called bad-bahavior.

Upload that folder somewhere to your web root, so that bad-behavior-generic.php is accessible as (These are sample instructions only, advanced users are encouraged to place the scripts wherever they like.)

edit bad-behavior-generic.php

Locate the following line:

'httpbl_key' => '',

Input your http:BL API key from Project Honey Pot. If your API key is ‘exampleAPIkey’, you’ll have this:

'httpbl_key' => 'exampleAPIkey',

edit drupal index.php

Right below the opening <?php tag, insert the following line, making sure it has the correct relative location of bad-behavior-generic.php:


That’s it!

Questions, comments, and feedback are always welcome and appreciated.



Leave a comment

Get your Feedburner follower count in PHP

Important: Please see the update at the bottom of this post.

If you use Feedburner for RSS circulation, here’s a handy ready-to-go way of getting your Feedburner follower counts using PHP. This requires that you have the Feedburner Awareness API enabled for your feed.

Note that the code below uses PHP’s file_get_contents() rather than the preferred cURL function, but it does work. You may also want to cache your result to prevent hitting any API limitations.

function GetFeedburnerFollowerCount($feed){
$feedburner_xml = file_get_contents("".$feed);
$xml = new SimpleXmlElement($feedburner_xml, LIBXML_NOCDATA);
$new_feedburner_followers= $xml->feed->entry['circulation'];
return $new_feedburner_followers;

You can also substitute ‘hits’ or ‘reach’ for ‘circulation’ in the example code.

Update: The Google Feedburner API is no longer available.

Comments are welcome, as always.

Leave a comment

Generate a random password in PHP

Here’s a code snippet that will quickly generate a random password, using PHP. You can specify the characters set and the number of characters.

function generatePassword($length = 6, $chars = '23456789abcdefghijkmnpqrstuvwxyzABCDEFGHIJKMNPQRSTUVWXYZ')
  $password = '';
  $char_length = strlen($chars);
  for ($i = 0; $i < $length; $i++)
    $num = rand() % $char_length;
    $password .= $chars[$num];
  return $password;

Comments are welcome, as always. Have a faster way or a leaner function? Feel free to share!


Leave a comment

How to get your Facebook follower count in PHP

If you’re looking for a way to fetch and display your Facebook follower count in PHP, here is your code. In the below, substitute __ID__ for your numeric ID for your app or page, and __TOKEN__ for your access token.

Please consult the Facebook Graph API documentation for more information.

This method uses file_get_contents() rather than the preferrable cURL() call. Also, don’t forget to cache your queries, or you may experience API throttling. See the Rest & Graph API Best Practices for reference on this.

Here is the code:

function GetFacebookFollowerCount(){
  $json = file_get_contents('');
  $obj = json_decode($json);
  $new_facebook_followers= $obj->data[0]->values[0]->value;
  return $new_facebook_followers;

Comments and feedback are welcome.

, ,

Leave a comment