I’ve been working on tuning my Apache/MySQL/PHP configuration lately to see how to improve the performance. Lately, I’ve been noticing some crawlers that have been ignoring my robots.txt file and hitting my server really hard with several page requests every second. So, I decided to run some tests to see where I could speed up my website in the code.

I attended WordCamp SF for the first time in 2009. There was some exciting news at the camp, especially with the news that WordPress MU functionality is going to get integrated with WordPress. This will be nice considering updates for WordPress MU are usually a month or so behind. What will this mean? Hopefully, it will bring a larger community in maintaining and adding new plugins for WordPress (MU). The question will be whether it will be easy to convert an existing WordPress MU install over to the new WordPress. (Possibly WordPress 3.0?)

I have found a really useful plugin in Wordpress MU for making a blog private. Sometimes, committees need a way to share information away from home and they don’t want everything posted to be known by the world. Rather than using the “Password protect post” option, there is a way to only allow registered users that are members of the blog to view the post.

By default, the privacy options in Wordpress MU is limited to 1) Public, allow search engines 2) Public, don’t allow search engines.

http://wpmudev.org/project/More-Privacy-Options

This plugin adds functionality:
3) I would like my blog to be visible only to registered users from blog community
4) I would like my blog to be visible to registered members of this blog
5) I would like my blog to be visible only to administrators

WordPress introduced a new version of its multi-user blog software in January 2009. I have been using version 2.6 for the past few months and it was working well, although the site management was very confusing to use. Version 2.7 fixes this problem by making the Site Admin menu more uniform with the main dashboard.

A good practice is to check input strings to make sure users don’t put in mySQL commands in your server. For instance, if a username or password POST variable isn’t filtered, there is a potential for an injection like ‘OR myusername=’. In the past, I’ve been using my own PHP toolkit to “clean” the input variables. But recently, I began searching to see if there are a built-in solution in PHP for this, especially since I’m converting a script written in Python that had the filter MySQLdb.escape_string. Enter mysql_real_escape_string()

Converting the datetime format is really simple if you let MySQL do the formatting for you.

MySQL 5.1 SELECT DATE_FORMAT manual

For instance, if you wanted to convert the datetime into something that reads
function ConvertNiceDateOnly($date)
{
// Convert mySQL date to nice formatted date
$normaldate = mysql_query("SELECT DATE_FORMAT('$date','%M %e, %Y')");
$normaldate = mysql_fetch_row($normaldate);
$normaldate = $normaldate[0];
return $normaldate;
}


$unixseconds = strtotime($mysqldate);

For instance, you can use this to write a timeout script for login failures. Usually, a system should lock after 3-5 consecutive failed login attempts. I save the timestamp after the 5th consecutive login failure, then run a check on this timestamp if the current time is within the ~5-10 minute lockout window. 5 minutes is 300 seconds, 10 minutes is 600 seconds.

Validating the date in MySQL should be done using preg_match since ereg_* functions will be removed in PHP 6.

More info on PHP 6 changes: http://wiki.php.net/todo/php60 It appears there will be a module that you can use to utilize existing ereg expressions, so that’ll buy some time to port code from ereg* to preg*.
function isValidDate($date){

if (preg_match (“/^([0-9]{4})-([0-9]{2})-([0-9]{2})$/”, $date))
{

return true;
}
else{
return false;
}

}

If you have older scripts, you may encounter warning messages such as “Notice: Undefined variable: ”

As a standard practice, you should define variables in PHP by putting in the variable name = FALSE;
$myvar = FALSE;

This is primarily for local variable names that aren’t passed in through a $_REQUEST or $_POST, etc.

I found a useful script in PHP that can be used for checking uptime of a server. It can be useful for checking when the servers have a such a significant load that pages can’t be displayed. The benefit or running it locally is that I can configure the script to perform failover functionality if necessary. Online uptime services are good too, but most of them aren’t free. Maybe I should force the server to show a failwhale when the site gets too busy… j/k

Here’s the link to the script.
http://www.programmingtalk.com/showthread.php?t=34999

// the URL you want to ...