CodeIgniter router config for dynamic url (url shortener or seo friendly url)

There's so many tricks to this. We can use mod_rewrite on some specific pattern, or force our CI to use one Master-Controller, or rewrite CI router mechanism.

But I am going to use the easiest one, only changing CI router.php config
At first I use this on CI routes.php

1
$route['(:any)'] = "incidents/detail_shortened/$1";

As expected, It's kind of working, but it makes all of my controller inaccessible, that is because any '/controllername/parameter/' format will match with '(:any)' and will be redirected to our 'incidents/detail_shortened/'.

To stop controllers redirected by the CI router, I have to explicitly define all of my controllers on the routes.php first (since it's handled in sequence)

This is the code for that:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
$route['default_controller'] = "welcome";
$route['404_override'] = 'help/show404';
 
// define all 'normal' possible routing path
$route['callbacks'] = 'callbacks';
$route['callbacks/(:any)'] = 'callbacks/$1';
 
$route['faqs'] = 'faqs';
$route['faqs/(:any)'] = 'faqs/$1';
 
$route['help'] = 'help';
$route['help/(:any)'] = 'help/$1';
 
$route['welcome'] = 'welcome';
 
$route['welcome/(:any)'] = 'welcome/$1';
 
// the last resort (dynamic)
$route['(:any)'] = "incidents/detail_shortened/$1";

And now it works🙂 all controller will he handled normally, and my shortened dynamic url will be properly
handled by my `incidents` controller.

P.S:
This applies to CodeIgniter 2.0 (i am not sure whether it works for CI < 2.0)

You can also apply this scenario for your SEO friendly dynamic URL (e.g.http://phpgr.blogspot.com/content-title-that-is-seo-friendly)

How to Improve the Security of your WordPress Blog

WordPress is the most popular self-hosted content management system (CMS) on the Internet and therefore, like Microsoft Windows, it is also the most popular target of attacks. The software is open source, hosted on Github, and hackers are always looking for bugs and vulnerabilities that can be exploited to gain access to other WordPress sites.

WordPressThe least you can do to keep your WordPress installation secure is ensure that it is always running the latest version of WordPress.org software and also the various themes and plugins are update. Here are few other things you can do to improve the security of your WordPress blogs:

#1. Login with your WordPress account

When you install a WordPress blog, the first user is called "admin" by default. You should create a different user to manage your WordPress blog and either remove the "admin" user or change the role from "administrator" to "subscriber."

You can either create a completely random (hard to guess) username or a better alternative would be that you enable single sign-on with Jetpack and use your WordPress.com account to log into your self-hosted WordPress blog.

#2. Do not advertise your WordPress version to the world

WordPress sites always publish the version number thus making it easier for people to determine if you are running an outdated non-patched version of WordPress.

It is easy to remove the WordPress version from page but you need to make one more change. Delete the readme.html file from your WordPress installation directory as it also advertises your WordPress version to the world.

#3. Don't let others "Write" to your WordPress directory

Login to your WordPress Linux shell and execute the following command to get a list of all "open" directories where any other user can write files.

find . -type d -perm -o=w

You may also want to execute the following two commands in your shell to set the right permissions for all your WordPress files and folders (reference).

find /your/wordpress/folder/ -type d -exec chmod 755 {} \;  find /your/wordpress/folder/ -type f -exec chmod 644 {} \;

For directories, 755 (rwxr-xr-x) means that only the owner has write permission while others have read and execute permissions. For files, 644 (rw-r–r–) means that file owners have read and write permissions while others can only read the files.

#4. Rename your WordPress tables prefix

If you have installed WordPress using the default options, your WordPress tables have names like wp_posts or wp_users. It is thus a good idea to change the prefix of tables (wp_) to some random value. The Change DB Prefix plugin lets you rename your table prefix to any other string with a click.

#5. Prevent users from browsing your WordPress directories

This is important. Open the .htaccess file in your WordPress root directory and add the following line at the top.

Options -Indexes

It will prevent the outside world from seeing a listing of files available in your directories in case the default index.html or index.php files are absent from those directories.

#6. Update the WordPress Security Keys

Go here to generate six security keys for your WordPress blog. Open the wp-config.php file inside the WordPress directory and overwrite the default keys with the new ones.

These random salts make your stored WordPress passwords more secure and the other advantage is that if someone is logged into WordPress without your knowledge, they will get logged out immediately as their cookies will become invalid now.

#7. Keep a log of WordPress PHP and Database errors

The error logs can sometimes offer strong hints on what kind of invalid database queries and file requests are hitting your WordPress installation. I prefer theError Log Monitor as it periodically sends the error logs by email and also displays them as a widget inside your WordPress dashboard.

To enable error logging in WordPress, add the following code to your wp-config.php file and remember to replace /path/to/error.log with the actual path of your log file. The error.log file should be placed in a folder not accessible from the browser (reference).

define('WP_DEBUG', true);  if (WP_DEBUG) {   define('WP_DEBUG_DISPLAY', false);   @ini_set('log_errors', 'On');   @ini_set('display_errors', 'Off');   @ini_set('error_log', '/path/to/error.log');  }

#9. Password Protect the Admin Dashboard

It is always a good idea to password protect the wp-admin folder of your WordPress since none of the files in this area are intended for people who are visiting your public WordPress website. Once protected, even authorized users will have to enter two passwords to log in to their WordPress Admin dashboard.

10. Track login activity on your WordPress server

You can use the "last -i" command in Linux to get a listing of all users who have logged into your WordPress server along with their IP addresses. If you find an unknown IP address in this list, it is definitely time to change your password.

Also, the following command will show the user login activity for a longer period of time grouped by IP addresses (replace USERNAME with your shell user name).

last -if /var/log/wtmp.1 | grep USERNAME | awk '{print $3}' | sort | uniq -c

Monitor your WordPress with Plugins

The WordPress.org repository contains quite a few good security related plugins that will continuously monitor your WordPress site for intrusions and other suspicious activity. Here are the essential ones that I would recommend.

  1. Exploit Scanner – It will quickly scan all your WordPress files and blog posts and list the ones that may have malicious code. Spam links may be hidden in your WordPress blog posts using CSS or IFRAMES and the plugin will detect them as well.
  2. WordFence Security – This is an extremely powerful security plugin that you should have. It will compare your WordPress core files with the original files in the repository so any modifications are instantly detected. Also, the plugin will lock out users after 'n' number of unsuccessful login attempts.
  3. WP Notifier – If you don't login to your WordPress Admin dashboard too often, this plugin is for you. It will send you email alerts whenever new updates are available for the installed themes, plugins and core WordPress.
  4. VIP Scanner – The "official" security plugin will scan your WordPress themes for any problems. It will also detect any advertising code that may have been injected into your WordPress templates.
  5. Sucuri Security – It monitors your WordPress for any changes to the core files, sends email notifications when any file or post is updated and also maintains a log of user login activity including failed logins.

Tip: You can also use the following Linux command to get a list of all files that have been modified in the last 3 days. Change mtime to mmin to see files modified "n" minutes ago.

find . -type f -mtime -3 | grep -v "/Maildir/" | grep -v "/logs/"

Secure your WordPress Login Page

Your WordPress login page is accessible to the world but if you wish to prevent non-authorized users from logging into WordPress, you have three choices.

  1. Password Protect with .htaccess – This involves protecting the wp-admin folder of your WordPress with a username and password in addition to your regular WordPress credentials.
  2. Google Authenticator – This excellent plugin adds two-step verification to your WordPress blog similar to your Google Account. You'll have to enter the password and also the time-dependent code generated on your mobile phone.
  3. Password-less Login – Use the Clef plugin to log into your WordPress website by scanning a QR code and you can remotely end the session with your mobile phone itself.

How to Add Speech Recognition to your Website

Open the Google website on your desktop computer and you'll find a little microphone icon embedded inside the search box. Click the icon, say something and your voice is quickly transcribed into words. Unlike earlier speech recognition products, you no longer have to train the browser to understand your speech and, for those who don't know touch typing, speech is often a faster mode of input than the keyboard.

Sounds like magic, right? Well, did you know that you can also include similar speech recognition capabilities to your own website with a few lines of code. Visitors can search your website, or even fill forms, using just their voice. Both Google Chrome and Firefox browsers support the speech recognition API.

Web Speech Recognition

Before we dive into the actual implementation, let's play with a working demo. If you are viewing this page inside Google Chrome (desktop or mobile), click the voice icon inside the search box and say a search query. You may have allow the browser to access your microphone. When you are done speaking, the search results page will open automatically.

Add Voice Recognition to your Website

The HTML5 Web Speech API has been around for few years now but it takes slightly more work now to include it in your website.

Earlier, you could add the attribute x-webkit-speech to any form input field and it would become voice capable. The x-webkit-speech attribute has however been deprecated and you are now required to use the JavaScript API to include speech recognition. Here's the updated code:

  1. <!-- CSS Styles -->
  2. <style>
  3. .speech {border: 1px solid #DDD; width: 300px; padding: 0; margin: 0}
  4. .speech input {border: 0; width: 240px; display: inline-block; height: 30px;}
  5. .speech img {float: right; width: 40px }
  6. </style>
  7.  
  8. <!-- Search Form -->
  9. <form id="labnol" method="get" action="https://www.google.com/search">
  10. <div class="speech">
  11. <input type="text" name="q" id="transcript" placeholder="Speak" />
  12. <img onclick="startDictation()" src="//i.imgur.com/cHidSVu.gif" />
  13. </div>
  14. </form>
  15.  
  16. <!-- HTML5 Speech Recognition API -->
  17. <script>
  18. function startDictation() {
  19.  
  20. if (window.hasOwnProperty('webkitSpeechRecognition')) {
  21.  
  22. var recognition = new webkitSpeechRecognition();
  23.  
  24. recognition.continuous = false;
  25. recognition.interimResults = false;
  26.  
  27. recognition.lang = "en-US";
  28. recognition.start();
  29.  
  30. recognition.onresult = function(e) {
  31. document.getElementById('transcript').value
  32. = e.results[0][0].transcript;
  33. recognition.stop();
  34. document.getElementById('labnol').submit();
  35. };
  36.  
  37. recognition.onerror = function(e) {
  38. recognition.stop();
  39. }
  40.  
  41. }
  42. }
  43. </script>

We have the CSS to place the microphone image inside the input box, the form code containing the input button and the JavaScript that does all the heavy work.

When the user click the mic image inside the search box, the JavaScript checks if the user's browser supports speech recognition. If so, it waits for the transcribed text to arrive from Google servers and then submits the form.

The Dictation App also uses the speech recognition API though it writes the transcribed text to textarea field instead of an input box.

Some notes:

  1. If the HTML form / search box is embedded inside an HTTPS website, the browser will not repeatedly ask for permission to use the microphone.
  2. You can change the value of the recognition.lang property from 'en-US' to another language (like hi-In for Hindi or fr-FR for Français). See the complete list of supported languages.