Another day, another issue to resolve… this time it was the turn of phpBB to shed some of the remaining hair from my head. I have however now got to the bottom of this, so this is another post aimed at helping others hindered by this irritating issue.

It seems that the phpBB update changed the owner of the user uploaded avatars to my own id. This meant that phpBB was unable to access these in their current state (often using user 99 (nobody) to access things). I therefore changed the permissions of all files in /images/avatars/upload to CHMOD 644 (so all can read the files). This has solved the issue, allowing anybody (and “nobody”) to access the files. I’ve also had no issue changing an avatar since, this appears to be totally resolved by this process.

Hope that saves someone some stress!

For info, more on CHMOD settings for phpBB can be found here: http://www.phpbb.com/kb/article/chmod-permissions/

A prospective client contacted me yesterday asking whether it was possible to host more than one domain against a BeachyUK hosting package. The answer is yes… and having had a similar question before, I thought it was worth adding a post on this to explain how you can do this using cPanel Addon domains.

cPanel, for anyone who doesn’t know, is a leading Web Control Panel facility, provided by BeachyUK, and many other Web Hosts to their customers. It gives customers a familiar Control Panel to access common functions for their site (statistics, software installation (e.g. forum or blog software), e-mail address setup etc..).

One of the features cPanel comes with is the ability to add Parked or Addon domains to your account (one account per hosting package). This is therefore a completely free way to add additional domains to your account. Sound to good to be true? Well do remember, your account has restrictions in terms of disk space, bandwidth etc.. your Parked and Addon domains will share these limits. You will also find a limit to the number of Parked or Addon domains you can add to your account, dependant on your hosting package.

Parked Domains

This feature effectively allows you to run a single website from multiple domains. This is usually used either:

• For domains you’re temporarily not using (so want to direct the traffic to another of your domains)
  OR – more commonly:
• For alternative domains for your site (e.g. for different extensions). For example, you might be lucky enough own amazon.com, amazon.co.uk and amazonbooks.com. If you wanted these to point to the same site (amazon.com), you’d add amazon.co.uk and amazonbooks.com to your Parked domains in your amazon.com cPanel.

It is worth noting that Parked domains do NOT have their own identity in the sense that a Parked Domain:

• Will redirect users to the main domain (so if amazonbooks.com was parked on amazon.com, typing “amazonbooks.com” in the address bar of your browser would take you to amazon.com, and the address bar would change to show “amazon.com”).
• Do not have separate statistics or log files in cPanel.

Addon Domains

This feature allows you to run multiple domains from a single account, with separated content. The content is held in a subfolder of the main account, but is seamless to the visitor of the Addon domain, to whom it will appear as a standalone site.

To all intents and purposes the Addon domain is a separate domain except:

• You will NOT have a separate cPanel login for the Addon domain, so if you propose to use this feature for friends, family, or Client sites, you will not be able to give them their own access details to a cPanel for their domain. All cPanel actions have to be done using the main domain (domain the Addon domain is added to) cPanel.
• They share a hosting package with the main domain (and any other domains parked or added onto the main domain). This means if the account reaches the hosting package limit for disk space or bandwidth etc.., the main domain, and all parked and Addon domains associated with it will suffer.

In comparison to Parked domains then, Addon domains DO have their own identity in the sense that an Addon domain:

• Will take users to the Addon domain as if a standalone domain (so if amazonbooks.com was an Addon domain on amazon.com, typing “amazonbooks.com” in the address bar of your browser would take you to amazonbooks.com content, and the address bar would remain showing “amazonbooks.com”).
• Do have separate statistics or log files in cPanel, though they need to be accessed from the main domains cPanel.

For information on the number of Parked and Addon domains available with BeachyUK hosting packages, visit http://www.BeachyUK.com/hosting

Obviously I like to keep WordPress up-to-date to ensure it has the latest security patches, and that any new features, or improvements are available to myself, and you lovely readers!

Well of late I’ve had issues upgrading WordPress. I’ve tried the automatic upgrade on several occasions, and in an attempt to keep my cool, I’ve simply walked away from it when it continues to give me a “Installation Failed” message.

It’s clear that this is permission based, as WordPress kind points to the file its just taken ages downloading (the updated version of WordPress) and says it can’t copy the file (locally, it’s already successfully downloaded it to our server). So what’s the issue?

Well I’ve tried a lot of the tricks suggested on the Internet, and I’ve also tried getting very cross with it… it turns out the below fixed it for me, so hopefully it might work for others:

- Simply goto the root directory of your blog by FTP or SSH, and make sure the permissions on your wp-config.php file are set to 0644. Switch the permissions back as soon as you’ve done the upgrade (you must change the permissions back to their original setting as 0644 gives the public access to your config file, which contains your databbase username and password for WordPress).

To minimise any security risk while doing the above, it is worth adding the below to your .htaccess file in the blog root directory. This will prevent people accessing your wp-config.php file while you are doing the upgrade.

<Files wp-config.php>
order allow,deny
deny from all
</Files>

Whether you’re looking to sell some advertising space, sell your domain, or just fancy knowing…. many of us wonder what our domain is really worth.

Here’s a great tool that applies several criteria to come up with a value it deems your domain to be worth:

http://www.dnscoop.com/

It looks at:

• Domain Age
• PageRank (and whether its a valid PageRank)
• Inbound Links
• AlexaRank
• Number of other Domains on same server

In truth, the best way is probably to search for similar sites that are for sale, and see what they end up selling for. But this is a far quicker, and more fun way! One thing we think this doesn’t look at, that is important, is keywords in your domain name.

BeachyUK.com is apparently worth a disappointing $390… with $3 per month possible from links… certainly has us wondering

If you’re looking to have user’s, or maybe just yourself as “Admin” log into your site, PHP is a great way to do this.

In this post, I’ll take you through creating a basic user authentication system using PHP. To ease understanding, I’ll store the user information (username and password) in the script for now. Once you’ve got this looking, you should consider adding code to lookup the user information from a database, this will make the script very scalable.

The Login Page

Let’s start with a basic HTML page with a form to post our users information to us.

<html>
<head>
<title>Login Page</title>
</head>
<body>
<form method="post">
<table width="100%" align="center">
<tr>
<td width="100">Username</td>
<td><input name="usrnme" type="text"></td>
</tr>
<tr>
<td width="100">Password</td>
<td><input name="passwd" type="password"></td>
</tr>
<tr>
<td width="100"> </td>
<td><input type="submit" name="LoginButton" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

This basic HTML page will now act as our login page. You’ll obviously want to make it fit the design of your site, once setup.

Note that there is no form action, this is because, by default your browser will submit to the input page. This way, we can configure the login script into the same page, to warn users when they’ve failed to input information correctly.

Note also that I have set the form method to “post”, this is important as the alternative (“get”) displays the input information in the address bar, and will therefore display, and record in the browsers history, the users information, including their password.

Checking the User Information
At the start, I mentioned that this post will keep things simple, and lookup a password that is stored within the script itself. I would strongly recommend you consider using a database to store user information rather than storing it in a script, even if its only one user today, it will give flexibility to your site, and allow you to reuse your work on other logins that may need many users.

So, we’ve now got a basic login page which posts the username (as “usrnme”) and password (as “passwd”) to the login page again. So now we crank out the PHP to check the user information.

<?php
// Start a PHP session - This must be the first thing you do
session_start();

// Check if user is already logged in - if so, send to default page for a logged in user
if (isset($_SESSION['usr_logged_in'])) {
include ("loggedin.htm");
exit();
}

// Check for posted form (i.e. that user has submitted the form, and not just arrived at login screen for first time
if (isset($_POST['usrnme']) && isset($_POST['passwd'])) {

//Script Improvement - In this position you should consider a database lookup to gather user information for the provided username ("usrnme"). In this example, the user information is hard-coded as below:
$correctusr="admin";
$correctpwd="letmein";

//Check Username and Password matchs expectation - dropping both to lowercase for non-case-sensitive check
if (strtolower($correctusr) == strtolower($_POST['usrnme'])){
//Correct Username - Check Password
if (strtolower($correctpwd) == strtolower($_POST['passwd'])){
// The username and password match
// Set a session variable so further pages know this user is autheticated
$_SESSION['usr_logged_in'] = strtolower($usrnme);
// After login we move to the main page for logged in users
include ("loggedin.htm");
exit();
}else{
// Incorrect Password - don't declare it was password, as this could help a hacker
$error="Error: You entered an invalid username/password";
}
}else{
// Incorrect Username - don't declare it was username, as this could help a hacker
$error="Error: You entered an invalid username/password";
}
}
?>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<form method="post">
<table width="100%" align="center">
<?php
if (isset($error)){
?>
<tr>
<td width="100">Error:</td>
<td>An incorrect username or password was entered. Please try again.</td>
</tr>
<?php
}
?>

<tr>
<td width="100">Username</td>
<td><input name="usrnme" type="text"></td>
</tr>
<tr>
<td width="100">Password</td>
<td><input name="passwd" type="password"></td>
</tr>
<tr>
<td width="100"> </td>
<td><input type="submit" name="LoginButton" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

Essentially the above is the same as before, with two pieces of PHP added. The first checks the posted information for valid user information, setting a session variable and passing the user to the logged in area if valid, or setting the $error variable if not. The second then sits within the HTML, and displays an extra row, with the error message, if set.

What the first piece of PHP also does is check whether the user is already logged in (by checking if the session variable is in-fact already set). This might occur when a user returns to a bookmarked page, or uses the back button. In these cases, we forward the back to the logged in page, so they don’t have to re-login (not essential, but improves the user experience).

Note that the first code line is “session_start();”, this is vital, as any lines appearing before it (including blank lines) can result in the page headers being set, which results in an error like the below. This can be avoided by ensuring the “session_start();” is the first line of code in the file.

Warning: session_start() [function.session-start]: Cannot send session cookie – headers already sent by (output started at /home/exampledomain/public_html/login.php:29) in /home/exampledomain/public_html/login.php on line 15

This is an amazingly common PHP error, and yet is easily avoided. just start the file with a PHP open tag (“<?php”), and carriage return, and then your session_start command.

Keep checking

In the example above, we sent the user to another page once logged in, and logically the user may have multiple pages available to them as a logged in user. So we need to verify that users aren’t accessing these pages directly. We also need to be able to identify the user once at these pages (in-case personalised content is required. Well this isn’t too painful as we used a session variable to store the username once correctly logged in.

Session variables can only be set by the server, so this is hugely safer than any Javascript login metho… scarily employed on some smaller sites that don’t realise its a Client end language and hence open to easy abuse.

Here’s an example page that might feature in our logged in area:

<?php
// Start a PHP session - This must be the first thing you do
session_start();

// Check if user is already logged in - if not, send to login page
if (isset($_SESSION['usr_logged_in'])) {
include ("login.htm");
exit();
}

?>
<html>
<head>
<title>Members Area</title>
</head>
<body>
Welcome <?php echo($_SESSION['usr_logged_in']); ?> to the logged in area!
</body>
</html>

You’ll notice, this page is almost identical to the top of the login page, as it once again opens the session, andreviews the session variable. This time however, we’re looking to see if the session variable has not been set.

If $_SESSION['usr_logged_in'] is set then we have a logged in user, and can display the page. If not, we return them to the login page, to login. The beauty of using the username as the variable content is that it can now be used to lookup user specific information to be displayed. You could, of course, use a separate session variable for storing the username, or any other piece of information you wanted to make available to each page (e.g. account number, real name etc..).

Log Out/Log Off

PHP Sessions do expire, but it is good practice, and better security for your users, if you provide a logout/logoff option.

As we are using the Session Variable $_SESSION['usr_logged_in'] to check for a users logon status, we simply need to unset this variable to log them off. We do however need to remember to open the PHP session before we try to unset the variable (as the variable is held against the PHP session).

Our final script therefore looks something like this (logout.php):

<?php
// Start a PHP session - This must be the first thing you do
session_start();

// Unset the Session Variable, if exists
if (isset($_SESSION['usr_logged_in'])) {
unset($_SESSION['usr_logged_in']);
}

include ("login.htm");
exit();

?>

In the previous post I talked about the importance of backlinks. So here’s my tips for securing for good backlinks for your site:

• Submit your site to web directories
  There are a huge number of web directories around. Submitting to the larger directories (like dmoz.org) is easy, but to really get the benefit, you want to be submitting to a large number of web directories, and this needs to be done automatically.There are many pieces of software, and websites, out there that will submit your site to many web directories on your behalf, some charge a fee, and some don’t. They will cover a huge range of different directories.As BeachyUK offers a Search Engine, and Web Directory Submission service, I’d best mention that now… but there are many others too.
• Buy expired domains
  This is a surprisingly large business, so it must work. We don’t have any experience of this ourselves, as we consider it a short-term and improper practice (can you tell we’re English?!). Basically, it’s based on the fact that websites don’t update their links regularly. So if a website expires with a lot of backlinks to it, the new owner will benefit from these backlinks, even though they pre-date the owners use of the domain.
• Forum Signatures – Yours or buy
  Far too few webmasters make proper use of this. Simply join forums, add a link to your site into your signature, and get stuck in… each time you post on the forum, you’re adding a backlink to your site!For best effect, join relevant forums, and get really involved in the community of the forum. You’ll earn some good backlinks, but will also earn potential custom from the forum, based on the value you’re adding there.
• Link to your site from your social networking profiles
  Particularly where profiles are publicly available (the same is true on forum profiles), adding a link, is another potential backlink.
• Exchange Links
  Most common, people either join Link Exchange sites (where two parties agree to link to each other), or you agree this through a forum, or personal exchange of e-mails. I favour an e-mail to targetted sites, choosing sites of a similar PageRank to yours (otherwise there’s little in it for them), and clearly pointing out the similarities in your customer base.
• Buy links
  Links are always up for sale. You can shop around on dedicated sites, or approach a site directly. Just be careful to ensure you are getting a backlink from a higher rank site than yours, and that it isn’t marked as “nofollow” (which means many Search Engines, like Google will not count the link as a positive backlink).

What are your tips on getting more/better backlinks?

What is PageRank?

PageRank (PR) is one of Google’s  key calculators of the importance of a page of the web.

Put simply, PageRank views links between pages as “votes” for page. In its first iteration this simply means the most heavily “voted” for (linked to) pages are seen as the most “important” in the Google index.

In reality,  this simple image is however played over-and-over, with each iteration taking account of the previous iterations page “importance” to give “important” pages a more heavily weighted “vote”. This, in essence, means a link to BeachyUK.com from a relatively unknown site has less impact on our PageRank than a link from Microsoft.com… seems fair enough really.

But, there’s one more thing that makes PageRank such a heavily watched area… and it’s a secret.

No, really, it is a secret. The formula behind PageRank is a constant secret by Google, and it’s often changing, preventing even the best from reversing the facts back to a formula.

So how do you get a good PageRank?

• Write consist content: Search Engine’s like a site with related keywords
• Fool nobody: If you try to fool a Search Engine, you’re very likely to be blacklisted, getting poor, or zero PageRank from Google. Don’t even think about it.
• Get lots of good, relevant Backlinks: Backlinks are links from other sites, to yours, they are the “votes” in Google’s eyes. But don’t forget about the secret formula, Google doesn’t give a lot away, but it is clear the Backlinks from sites with similar keywords counts for more, so find relevant sites, and exchange links with one another.
• Write good content: This is the best advice I can give anyone. Good content attracts visitors, some of whom will spread the word, creating backlinks to your site
• Search Engine Optimisation: Don’t forget to make sure your site is easy for a Search Engine to read, and written with them in mind, as well as your human visitors. Good basic Meta Tag use, and Search Engine Submission is essential.

Summary

In truth, I don’t believe in PageRank, that is, in trying to boost it. Google is always looking to make PageRank a quality ranking system, so your best bet is to write good content, and link to, and get links from, good (and relevant) sites.

Links

Meta Tag Analyser -http://www.submitexpress.com/analyzer/
This online tool provides excellent feedback on your website from a Search Engine perspective. Don’t be too worried about being 100% in all areas, the key is that you’re considering the Search Engine perspective. So long as you’re achieving 80%+, you should be fine.

Google Technology Overview – http://www.google.com/corporate/tech.html
The official Google statement on PageRank.