Website Administration

[jethro]

Website Administration and Maintanence by Jethro
------------------------------------------------

Index:

o Introduction
o Updating
o diary.php
o Log Files
o Website Security
o Conclusion



Introduction
------------

This tutorial assumes that you currently have or are thinking of making
your own website. It can be any type of website, from a personal
homepage, to a commercial website for your company.



Updating
--------

Updating is a very important part of being a webmaster. Don't you hate
looking at a website that hasn't been updated for 5 years, or maybe
was created and then *never* updated!


To see when a webpage was last modified, go to that page and in the
Address Bar enter: "javascript:alert(document.lastModified)" (need I
say it? Without the inverted commas) and hit enter. You should see
something like a date and a time. That's the last time the page was
updated.


****
Quick Note: If you are a Windows user, you can use this in folders,
because folders are seamlessy connected to Internet Explorer, as
shells.
****


So, let's say you have a "recent news" page, where you add information
about what's being going on in your world, or todo with your website,
or about the topic which your website is about. This is the type of
page which obviously has to be updated.


But, because you may be updating this page a lot (like everyday for
example), it can be a real pain to have to FTP it everytime and wait
for it to upload.


Here, I have created a PHP script which updates a page with the
information you input. Test it out first and make any neccessary
changes, to suit the look of your website. It saves the need to upload
any files. The information is saved to "diary.html" (which will be
created if it doesn't already exist, saving the need to "chmod" it)



It's called "diary.php", but you can change all that.


****
Note: I tested it out on my Apache web server and it works fine. If you
have any problems with it, just send me an email.
****

PHP Code:

<?php

### diary.php

###

$submit = $HTTP_POST_VARS["submit"];

if ($submit) {

# Format the entry
  $entry = $HTTP_POST_VARS["entry"];
  $entry = htmlentities($entry);
  $entry = stripslashes($entry);
  $entry = nl2br($entry);
  $date = date("Y-m-d");

# Format the diary page
  $html .= "<div align=\"center\"><center>";
  $html .= "<table border=2 bordercolor=\"#000000\" bordercolordark=\"#000000\" bordercolorlight=\"#000000\">";
  $html .= "<tr>";
  $html .= "<th align=\"left\" valign=\"top\" width=\"300\" bgcolor=\"#FFFFFF\">";
  $html .= "<p align=\"center\"><font face=\"Fixedsys\">$date</font></p>";
  $html .= "</th></tr><tr><td>";
  $html .= "<font face=\"Fixedsys\">$entry</font></td></tr></center></div>

";

# Open diary.html
  $filename = fopen("diary.html","a+");

  if (!$filename) {
    echo "Could not open diary.html
";
  }

# Write to diary.html
  $writeit = fwrite($filename, $html);

  if (!$writeit) {
    echo "Could not write to diary.html
";
  }

# Close diary.html
  $close = fclose($filename);

  if (!$close) {
    echo "Could not close diary.html
";
  }

  include("diary.html");

exit();

}

else {
?>

<html><head>
<title>Online Diary</title>
<style><!--
input,textarea{font-family:Fixedsys;}
//--></style>
</head><body bgcolor=#ffffff>
<form action=give2diary.php method=post>
<p align=center><font face=fixedsys><u>The Date is: <?php echo date("Y-m-d"); ?></u></font></p>
<center><textarea cols=60 rows=10 name=entry></textarea>

<input type=submit value="Record Entry" name=submit><input type=reset></center></form></body></html>

<?php

exit();

}

### The End
##
##############
?>

Log Files
---------


If you are running your own webserver, you will have logs. If you
didn't know this, I suggest you hurry on down to your logs directory
and gaze in amazement at the huge memory they take up, if not properly
cared for.


Open up "access.log" (or wherever your server keeps it's access logs)
and take a look at it. You will probably see hundreds of lines like
this:

159.445.433.33 - - [30/Jul/2002:16:27:08 +0100] "GET /index.php HTTP/1.1" 404 2746

You can safely delete the contents of this file, however, you might
want to take a look at them first. Is your IP the only one there? If
it is, this is a key indication that your website sucks beyond belief.
Unless of course, you're using your server as a development server,
for testing out CGI or PHP scripts. Then it's okay.


Visit http://www.antionline.com/tools-and-...cate/index.php and
run a few of the IP addresses through it. Are most of the IP addresses
from the same country, or from regions that all speak English? This is
all great marketing info and allows you to find out more about your
target market.


Are some places on your website getting more visits than others? Does
this suprise you? Check that all your links are functioning properly
and make sure that a visitor can get the material you have created
easily and quickly. You know yourself how fickle websurfers are.



If you're getting lot's of hits, congratulations. But now for,
debatebly a much more important log file... the error log!


Open it up. You will see lines like:

[Tue Jul 30 16:47:18 2002] [error] [client 159.84.69.23] File does not exist: c:/program files/apache group/apache/htdocs/oldpage.htm

Why doesn't this page exist? Has it been moved? Renamed? If so, why are
people still accessing it. Dead links are very annoying to come
across. And sometimes it hard to track pages and change links whenever
you alter a page.


To deal with this, you can either check your logs regularily or just
make sure that every link and every reference to that page is edited.
Of course, the log-checking is the easier option (usually), but what
if you don't own the webserver and you are being hosted by an ISP?
They'll hardly give you access to the logs (you can try, but please
send me the email you got back because I'm going through an addiction
of BOFH-style humour at the moment).


A possible solution is to create a custom error 404 script which logs
errors to a local file. Then you can periodically check these logs and
make the according changes.


Log files are very useful tools if you use them right.



Website Security
----------------


An important part of maintaining and administrating a website is making
sure that your server cannot be comprimised because of it.


Many people don't seem to understand that when people connect to a
website you are hosting, they are connecting to your computer, just as
if they were FTPing to TELNETing to you.


****
To show you this, use the command: "TELNET localhost 80" and then when
you are in the terminal, enter "GET /index.php" and hit ENTER. The
HTML contents of your webpage will appear. This is what the browser
does. It gets this information and then converts the HTML to what you
see in the browser window.
****


Here are some possible security threats to your website:


Badly written scripts.
For example if you are using a command such as exec("dir
$HTTP_GET_VARS['directory'] > dir_contents") or something nutty like
that, if someone was to feed a newline character in the "directory"
variable, they could wreak all kinds of havoc. exec() is definitely a
function to skip. If you don't think that this could happen to you, go
to Google and enter "phf bug".


Not encrypting data
This is not so much a threat to your box (well, not usually) as it is
to your visitors and/or customers.
If they entrust you with personal information about themselves, such as
names, email addresses, passwords...etc, the least you could do is
encrypt that data. Valuable information like that is too important to
be leaving around your server, in plaintext.
If you are thinking of starting an E-Business or selling goods online,
where visitors need to give information like credit card numbers, you
might want to do some research into the HTTPS protocol, a much more
secure version of the HTTP protocol.


Buffer Overflows
This is a threat in most scenarios, not just in web development. Make
sure your