If you have noticed all your blog images breaking after upgrading to WordPress 3.0 from WordPress MU, you will need to make a simple change to the .htaccess file.

1. Remove the wp-content/blogs.php file as it is no longer supported in WordPress 3.0. It has been replaced with wp-includes/ms-files.php
2. Locate the .htaccess file in the root directory
3. Find the following line: 
   RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]
4. Replace it with:
   RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]  
5. This should fix the problem with broken images/files not showing up in the WordPress MU blogs.

As an administrator for a WordPress MU install, I’ve been getting comments about the RSS feed in WordPress not fetching the latest feeds. The RSS feed information that appears on the page ranges from a fetch that is a few hours to a day old. I’ve confirmed this is an issue with 2.9. This is an issue for blogs that need to pull alerts from an RSS feed within a timely basis, e.g. every 10 minutes.

The workaround to this is to use the KB Advanced RSS feed plugin instead of the one that’s in WordPress. Replace the RSS Widget in Appearance ->Widgets with the “KB Advanced RSS” widget.

If you are using WordPress 2.8+ and want to set the cache to refresh more frequently, go to /wp-content/plugins/kb-advanced-rss-widget/versions/wp-2.8.php

Find this code:
// Regardless, we’ll flush the cache every hour. (WP should flush hourly on its own, though.)
$cachetime = get_option( $this->md5_option_ts );
 if ( $cachetime < ( time() – 3600 ) ){

Change the 3600 to the number of seconds you want the cache to refresh. For instance, 600 for 10 minutes. The plugin uses its own RSS caching system.

I give this plugin 5  out of 5 stars.  It works fine with WordPress 2.9.2 and WordPress 2.9.2 MU (even through the documentation states compatibility  up to 2.8) Formatting options, conversion to UTF-8, reverse listing option, and well commented code.

References:
 http://wordpress.org/extend/plugins/kb-advanced-rss-widget/

Reading Excel files in CodeIgniter is actually very easy once you have the right documentation. The first thing you will need to do is utilize the CodeIgniter “Upload” library and add in the Excel Reader library for reading the files. The documentation on the CodeIgniter website in regards to this Excel Reader library is missing some details in implementation. This tutorial will go through the steps of installing the Excel reader library and getting an example implementation working.

Step 1: Download the Excel Reader Library from CodeIgniter’s website.
http://codeigniter.com/wiki/Excel_Reader_Class/

Copy and paste the Excel_reader.php section into notepad or a text editor. Save the file in [CodeIgniter Folder]/system/application/libraries/ as Excel_reader.php

Step 2: Load the Library from your CodeIgniter Application
$this->load->library('excel_reader');

Step 3: Set the load path of the Excel file that has been uploaded
For example:
$uploadpath = "/var/www/uploads/test.xls";

Step 4: Run the Excel Reader Library
$this->excel_reader->read($uploadpath);
// Read the first workbook in the file
$worksheetrows =$this->excel_reader->worksheets[0];

Step 5: Set number of columns in your Excel file
$worksheetcolumns = 5;

Step 6: Run through the table and output the data
I’ve created a quick function that will go through the entire worksheet and output the data for testing.

echo "<table>";
foreach($worksheetrows as $worksheetrow)
{
      echo "<tr>";
     for($i=0; $i<worksheetcolumns; $i++)
    {
           // if the field is not blank -- otherwise CI will throw warnings
           if (isset($worksheetrow[$i]))
                 echo "<td>".$worksheetrow[$i]."</td>";
           // empty field
           else
                 echo "<td>&nbsp; </td>";
     }
     echo "</tr>";
} 
echo "</table>";


This should get you going with reading Excel files in CodeIgniter.

Revised 4/28/2010 with a new fix.

I noticed with the latest version of WordPress, an older template may not display the sidebar correctly. If you look at the source code, you notice a lot of HTML code is missing in the sidebar div. The easiest fix I found was to update the “sidebar.php” file in the template.

To get your old theme working, you will need to edit sidebar.php and have the following:

<div id="sidebar">
<?php if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar('sidebar') ) : ?>
  <?php endif; // end of sidebar1 ?>
</div>

This must exist somewhere within your sidebar.php. Older themes don’t have a sidebar div and thus would break. I usually place this code after the first “<div id=”content-right”>” section.

I’ve been noticing that a lot of documentation in CakePHP seems to be spread out onto many different sites. In my opinion, the CakePHP manual isn’t comprehensive enough for learning.

Here’s a list of useful CakePHP resources I’ve used recently:

CakeForge – Great resource for Open Source CakePHP applications. This site has many more applications than the CakePHP Bakery.
http://cakeforge.org/

Bakery – How to use different CSS files in CakePHP
http://bakery.cakephp.org/articles/view/some-ideas-to-organize-your-css-files-and-autoload-them-in-cakephp

Giga Promoters – CakePHP tutorials and scripts:
http://www.gigapromoters.com/blog/category/cakephp/

I’ll be updating this list as I find more resources.

There appears to be an issue with cookies on Windows Safari that expires  at UTC time and not according to the time zone on your machine.

I tested my PHP code

setcookie("mycookie", $sample_session_variable, time()+10000,'/mydirectory/','mysite.com');

I verified that the cookie expires at the correct time for the following browsers

• Firefox 3.5
• Internet Explorer 8
• Safari (Apple OS X)

However,  Safari 4 (Windows) have cookies are expiring at UTC time.

So if you have are using PHP cookies (or any other scripting language) and they don’t work in Safari, the cause may be the expiration date.

If you plan to have you cookies expiring after more that 24 hours, its not an issue. Its best to set the time() + value to 86400 at the very minimum. This is to ensure Safari (Win) users will have functioning cookies.

setcookie("mycookie", $sample_session_variable, time()+86400,'/mydirectory/','mysite.com');

WordPress 2.8.2 has been released. This affects both WordPress and WordPress MU. I recommend upgrading your current version since it contains a security fix.

WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.

For more details, visit:
http://wordpress.org/development/2009/07/wordpress-2-8-2/

You can automatically upgrade WordPress within your control panel, or manually upgrade via:
http://wordpress.org/download/

WordPress MU download:

http://mu.wordpress.org/download/

I recently implemented a way to limit access by IP range on specific blogs on WordPress MU. As you know, WordPress MU uses Apache Rewrite engine to rewrite URLs. For instance, you have a blog on WordPress MU called “intranet”. Apache Rewrite takes the “intranet” string in the URL and automatically rewrites it as a value in the PHP script. A side effect to Apache Rewrite is that “Directory” .htaccess parameters don’t work. So, if you wanted only your company IPs to access an internal blog, you will need to use Apache Rewrite parameters instead.

Here’s how to limit access to an IP or subnet on a particular blog on your WordPress MU install:

DISCLAIMER: Modifying .htaccess files can break your WordPress MU install. ALWAYS backup your .htaccess file. Simply, copy .htaccess file and rename it to .htaccess-backup. (cp .htaccess .htaccess-backup)

Step 1:

Add a section after the “RewriteEngine On
RewriteBase /…” section

RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.4
RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.5
RewriteCond %{REQUEST_URI} ^/BLOG1
RewriteRule .* - [F]


DO NOT SAVE YET. You will need edit the IP address info and blog info first:

Step 2: Replace the 1.2.3.4 number with your company IPs (its easier if you have an entire subnet or you can use internal IPs)

For a class C, the part after {REMOTE ADDR} would be
!^1\.2\3\.

Step 3: Replace BLOG1 with the blog you want to limit access to those IPs. So http://www.mysite.com/myfirstblog would be “^/blogs/

Optional: If you have WordPressMU installed in a folder (e.g. not your root folder), you will need to append the directory in front of the blog name.

For instance, if you have http://mysite.com/blog (as your WordPress MU root folder) the ^/ BLOG1 would be

^/blog/BLOG1

Optional: Multiple blogs with same access restrictions
By default, the Apache Rewrite treats every line as an AND statement. If you have multiple blogs, you will need to have an [OR] at the end of the line.

RewriteCond %{REQUEST_URI} ^/BLOG1 [OR]
RewriteCond %{REQUEST_URI} ^/BLOG2

Errors?

• Make sure you have ^/ marks in front of the blog names
• IP addresses must have a backslash before each dot. Regular expression for dot is concatenate by default, so it needs to be escaped
• Make sure you don’t forget the !^ sign before the IP, otherwise you will be forbidden.

If all else fails, if can’t fix the error, just copy back the .htaccess-backup to the .htaccess file.

Here’s what I currently use to determine how long it takes to generate a page in PHP. Its only 4 lines of code.

PHP 5

$time_start = microtime(true);
$time_end = microtime(true);
$time = $time_end - $time_start;
echo "Displaying the render time: $time seconds\n";

PHP 4 Version: (8 lines)

Put this at the top of the PHP script:

$render_time_start = microtime_float();


Put this at the end of the script:

$render_time_end = microtime_float();
$render_time = $render_time_end - $render_time_start;
echo $render_time;

function microtime_float(){
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}

I’ve been working on tuning my Apache/MySQL/PHP configuration lately to see how to improve the performance. Lately, I’ve been noticing some crawlers (same IPs all the time) that have been ignoring my robots.txt file and hitting my server really hard with several page requests every second.

So, I decided to run some tests to see where I could speed up my website in the code.

One test was significant. I commented one update statement in my code and that sped up my page 3 times. Page display time went down from 0.15 second to 0.045 second! It seems as though my VMWARE server has slow write access times in comparison to reads, so this is a source of the cause. I decided to use this to my advantage.  So, basically create an array with the blacklisted IPs (but you can’t block them entirely since I need certain crawlers to index websites/etc. for searches)

$is_crawler = 0;
$crawler_array = array("[CRAWLER IP]","[CRAWLER IP2]");
foreach($crawler_array as $crawler_item)
{
if ($crawler_item == $current_ip)
{
$is_crawler = 1;
break;
}
}

In using this, only run the update query if the source IP isn’t a crawler… so something like this:

if ($is_crawler==0)
{
// Run MySQL Update command
} 

Other ways to speed up your MySQL performance.

• Only use ORDER BY when necessary. Ordering is costly with large datasets
• Joins are costly as well. Design a database table cache that has the union set if performance is a concern
• Memcache is a viable option as well for pages that use many tables to generate the page.

 
I attended WordCamp SF for the first time in 2009. There was some exciting news at the camp, especially with the news that WordPress MU functionality is going to get integrated with WordPress. This will be nice considering updates for WordPress MU are usually a month or so behind. What will this mean? Hopefully, it will bring a larger community in maintaining and adding new plugins for WordPress (MU).  The question will be whether it will be easy to convert an existing WordPress MU install over to the new WordPress. (Possibly WordPress 3.0?)

Highlights of the conference:
Timothy Ferriss, nominated as one of Fast Company’s “Most Innovative Business People of 2007,” is an angel investor and author of the #1 New York Times, Wall Street Journal, and BusinessWeek bestseller, The 4-Hour Workweek, which has been sold into 35 languages. He had a lot of good points on tweaking blogs to reach a larger audience.

WordPress gear! I plan on sending out some stickers and buttons I got at the conference.. stay tuned.

BuddyPress There’s a lot of potential with the community aspect of blogs. I’m hoping this functionality will be integrated with WordPress MU.

Community Speakers and Authors: http://2009.sf.wordcamp.org/speakers/#chris Chris Pirillo is an excellent speaker, had a lot of interesting points about the importance of the community.

http://2009.sf.wordcamp.org/speakers/#tara Tara Hunt’s book about the value of building community vs. buying a community.

http://2009.sf.wordcamp.org/speakers/#cali Cali Lewis (GeekBrief.TV) talked about building an interactive audience. Learned a lot about the challenges of video vs. audio cast.

Last but not least, the community! It was great meeting everyone at the after party.

More info about the upcoming merge with WordPress MU and WordPress (see the comments below the post)
http://technosailor.com/2009/05/30/wordcamp-sf-announcement-wordpress-and-wordpress-mu-to-merge/

I have found a really useful plugin in Wordpress MU for making a blog private. Sometimes, committees need a way to share information away from home and they don’t want everything posted to be known by the world. Rather than using the “Password protect post” option, there is a way to only allow registered users that are members of the blog to view the post.

By default, the privacy options in Wordpress MU is limited to 1) Public, allow search engines 2) Public, don’t allow search engines.

http://wpmudev.org/project/More-Privacy-Options

This plugin adds functionality:
3) I would like my blog to be visible only to registered users from blog community
4) I would like my blog to be visible to registered members of this blog
5) I would like my blog to be visible only to administrators

To install:
1) Download the plugin file.
2) Copy the plugin file to the plugin folder in Wordpress MU
3) In the Plugin interface in Wordpress MU, activate the “More Privacy Options” Plugin
4) In the Privacy option of the blog (under Settings -> Privacy) you will have the additional privacy options. Select the “I would like my blog to be visible to registered members of this blog
I would like my blog to be visible to registered members of this blog” option.
5) Note: AFAIK, this is on a site by site basis, so will need to enable this plugin for each blog you want to add it to.

Update 4/28/2010:
If you upgrade WordPress MU to a newer version, you will need to set the “Privacy Settings” again. Occasionally, the WordPress upgrade will reset the privacy settings back to default.

Wordpress MU Control Panel

WordPress introduced a new version of its multi-user blog software in January 2009. I have been using version 2.6 for the past few months and it was working well, although the site management was very confusing to use. Version 2.7 fixes this problem by making the Site Admin menu more uniform with the main dashboard.

The Site Admin is now located on the left hand menu, which is much easier to access than 2.6. (previously on the right side of the control panel. There are six options: Admin, Blogs, Users, Themes, Options, and Upgrade. Pretty straight-forward.

Admin: Create new blogs
Blogs: View each of the blogs, its users, links to edit/de-activate
Users: Manage what each of the users can see/edit/role
Themes: Themes available for blogs.
Site Options: Security/Global settings for WordPress
Upgrade: This is used to upgrade the WordPress version on the individual blogs. You still need to manually copy the latest version of WordPress MU into the folder when a new version comes out. In contrast, the standalone WordPress has a button that will automatically fetch the source and install the latest version for you.

What I like about the new version:
A lot of the things I like about WordPress 2.7, I like it on WordPress MU. Major Upgrades with 2.7 vs. 2.6 include: QuickPress publishing features for quick posting, 1 click upgrade, and all new navigation system on the dashboard.

Site Themes Control Panel

 

Quick Post Feature

There is also redundant menu options on the top menu in WordPress MU. This allows you to quickly switch between different blogs. So, switching between blogs is a one click process vs. a multiple click previously in 2.6. 

Top Toolbar for WordPress MU

Verdict:
WordPress MU 2.7 is definitely worth considering with the new dashboard layout. The main advantage of having MU is that you have the ability to control the settings of all blogs. You can control what themes can be used, ban certain email addresses from registering, control permissions, and set the default welcome email. There is a built-in quota manager for each blog, so you can limit the disk space usage of all blogs. You can also limit the types of files that a user can upload on a blog — such as limiting attachments to PDF, Word Documents, or images. Another advantage of the MU is that you only need to upgrade the blog software in 1 place for several blogs. User management is good, but there still needs to be a way to add a user to multiple blogs in one screen. 

Overall, WordPress MU 2.7 is great resource if you need to support several blogs (blog network) and are a fan of the standalone WordPress software.
WordPress MU Support Forums
http://mu.wordpress.org/forums/

WordPress MU Download
http://mu.wordpress.org/download/

A good practice is to check input strings to make sure users don’t put in mySQL commands in your server. For instance, if a username or password POST variable isn’t filtered, there is a potential for an injection like ‘OR myusername=’. In the past, I’ve been using my own PHP toolkit to “clean” the input variables. But recently, I began searching to see if there are a built-in solution in PHP for this, especially since I’m converting a script written in Python that had the filter MySQLdb.escape_string. Enter mysql_real_escape_string()

1) Step 1: Filter out the backtick character, ` which is often used in mySQL to denote field names

$variable = str_replace("`","",$variable);


2) Step 2: If its a username or password field which does not have a space, you should use ctype_alnum This will determine whether there is a character thats not alphanumeric or numeric. So, spaces will not work.

if (ctype_alnum($variable))
{
//allowed variable
}


3) Step 3: Use the mysql_real_escape_string as long as it exists on your server. If it doesn’t exist, an error message will display. I suggest upgrading your PHP if possible since this function will take care of different character sets/etc. You can use this function after the mySQL connection has been initialized.

if(function_exists("mysql_real_escape_string"))
{
$variable = mysql_real_escape_string(htmlspecialchars($variable, ENT_QUOTES));
}
else
{
echo "mysql_real_escpe_string does not exist on the server. Upgrade PHP to the latest version.";
}


Converting the datetime format is really simple if you let MySQL do the formatting for you.

MySQL 5.1 SELECT DATE_FORMAT manual

For instance, if you wanted to convert the datetime into something that reads
function ConvertNiceDateOnly($date)
{
// Convert mySQL date to nice formatted date
$normaldate = mysql_query("SELECT DATE_FORMAT('$date','%M %e, %Y')");
$normaldate = mysql_fetch_row($normaldate);
$normaldate = $normaldate[0];
return $normaldate;
}


$unixseconds = strtotime($mysqldate);

For instance, you can use this to write a timeout script for login failures. Usually, a system should lock after 3-5 consecutive failed login attempts. I save the timestamp after the 5th consecutive login failure, then run a check on this timestamp if the current time is within the ~5-10 minute lockout window. 5 minutes is 300 seconds, 10 minutes is 600 seconds.

Validating the date in MySQL should be done using preg_match since ereg_* functions will be removed in PHP 6.

More info on PHP 6 changes: http://wiki.php.net/todo/php60 It appears there will be a module that you can use to utilize existing ereg expressions, so that’ll buy some time to port code from ereg* to preg*.
function isValidDate($date){

if (preg_match (“/^([0-9]{4})-([0-9]{2})-([0-9]{2})$/”, $date))
{

return true;
}
else{
return false;
}

}

If you have older scripts, you may encounter warning messages such as “Notice: Undefined variable: ”

As a standard practice, you should define variables in PHP by putting in the variable name = FALSE;
$myvar = FALSE;

This is primarily for local variable names that aren’t passed in through a $_REQUEST or $_POST, etc.