Just spent the last hour trying to figure out why a simple php form was breaking WordPress. The answer was a variable name clash. I used a variable called ‘name’ in my form which seems to be linked the WP tag tags (!).

To get things working I renamed ‘name’ to ‘signUpName’.

Whilst scrabbling around for answers I did come across a good article about a security vulnerability when using the PHP_Self command, it’s well worth a read before you build your next form.

You can see a prototype version of the widget by clicking here.

Template engine

I attempted this built as single piece of php but it quickly became obvious that this was not the right approach. Instead I adapted a simple template engine from my faithful O’Reilly book. This allowed me to separate the logic from the markup

function FillTemplate($inName, $inValues = array()){

	$theTemplateFile = $_SERVER['DOCUMENT_ROOT'].'/templates/'.$inName;
	if($theFile = fopen($theTemplateFile, 'r')){
		$theTemplate = fread($theFile, filesize($theTemplateFile));
		fclose($theFile);
	}
	$theKeys = array_keys($inValues);
	foreach($theKeys as $theKey){
		$theTemplate = str_replace("\{$theKey}",$inValues[$theKey],$theTemplate);
	}

	return $theTemplate;
}

Map Logic

Here’s the source for the Map Logic. As an attempt to make the script secure you can see I’ve used a UK Postcode Regex from Stuart Wade to validate the form input. And also mysql_real_escape_string() on any database calls.

Any security tips would be greatly appreciated

The Map Logic uses four separate templates to handle the interaction, and the error state.

<?php
//Pin counter
connectDB();
$result = mysql_query("SELECT * FROM mapPins");
$num_rows = mysql_num_rows($result);
$bindings['PINCOUNT'] = $num_rows;

//Place Pins
$pinQuery = "SELECT Latitude,Longitude FROM mapPins";
$pinArray = mysql_query($pinQuery)or die('Query failed: '.mysql_error());
$pinCode="";
while ($row = mysql_fetch_array($pinArray, MYSQL_NUM)) {;
	$i++;
	$pinCode .="var latlng$i = new GLatLng($row[0] ,$row[1] );";
	$pinCode .="map.addOverlay(new GMarker(latlng$i));";
}
$bindings['MAPPINS'] = $pinCode;

$bindings['DESTINATION'] = $PHP_SELF;

function centerFromDB($postcode){
	//Connect to the database
	connectDB();
	//Convert the Postcode to all uppercase
	$postcode = strtoupper($postcode);

	//Break the Postcode into array
	$postcode = explode(' ', $postcode);

	//Pull out the relevant fields from our database
	$query = "SELECT Latitude,Longitude FROM postcodes WHERE Pcode= '$postcode[0]'";
	$result = mysql_query($query) or die('Query failed: '.mysql_error());
	return mysql_fetch_array($result, MYSQL_ASSOC);

}

if (isset($_POST['submitPostCode']) & $_POST['code']!="") {
	if(eregi("^([A-PR-UWYZ0-9][A-HK-Y0-9][AEHMNPRTVXY0-9]?[ABEHMNPRVWXY0-9]? {1,2}[0-9][ABD-HJLN-UW-Z]{2}|GIR 0AA)$",mysql_real_escape_string($_POST['code']))){
		$line = centerFromDB(mysql_real_escape_string($_POST['code']));

		//Grab the Postcode from the form
		$postcode = mysql_real_escape_string($_POST['code']);

		//Uppercase
		$postcode = strtoupper($postcode);

		//Break the Postcode into array
		$postcode = explode(' ', $postcode);

		//Output Results
		$bindings['INITIALCENTER'] = "var center = new GLatLng(".$line['Latitude'].", ".$line['Longitude'].");";
		$bindings['OUTCODE'] = $postcode[0];
		$bindings['SECONDHALF'] = $postcode[1];

		$template = "map02.template";
	}else{

		$template = "mapError.template";
	}
}elseif(isset($_POST['plotPoints'])){

	$outCode = mysql_real_escape_string($_GET['outCode']);
	$secondHalf = mysql_real_escape_string($_GET['secondHalf']);
	$mapLat = mysql_real_escape_string($_GET['mapLat']);
	$mapLng = mysql_real_escape_string($_GET['mapLng']);
	$today = date("Y-m-d");

	$line = centerFromDB($outCode.' '.$secondHalf);
	//connect to db
	connectDB();

	//add point to db
	mysql_query("INSERT INTO mapPins (outCode, secondHalf, Latitude, Longitude, theDate) VALUES('$outCode', '$secondHalf', '$mapLat', '$mapLng', '$today') ") or die(mysql_error()); 

	$pinQuery = "SELECT Latitude,Longitude FROM mapPins WHERE outCode='$outCode' AND secondHalf='$secondHalf'";
	$pinArray = mysql_query($pinQuery)or die('Query failed: '.mysql_error());

	$pinCode="";
	while ($row = mysql_fetch_array($pinArray, MYSQL_NUM)) {;
		$i++;
		$pinCode .="var latlng$i = new GLatLng($row[0] ,$row[1] );";
		$pinCode .="map.addOverlay(new GMarker(latlng$i));";
	}
	//new
	$bindings['CURRENTPC'] = $outCode.' '.$secondHalf;
	$bindings['MAPPINS'] = $pinCode;
	$bindings['NEWCENTER'] = "var center = new GLatLng(".$line['Latitude'].", ".$line['Longitude'].");";

	$template = "map03.template";
}else{

	$template = "map01.template";

}

echo FillTemplate($template, $bindings);
?>

Integrating script with WordPress

After developing this script I discovered that WordPress can’t run PHP in the body of a post without a plugin. Strange. So I had to put the prototype on a loose page.

Take a look at the trick I used to capture the output of a WordPress tag so I could incorporate it into Map Logic, and then my templates. In this example I captured the footer code, then bound it to a template tag.

<?php
require('./wp-blog-header.php');
ob_start();
get_footer();
$footer = ob_get_contents();
ob_end_clean();
$bindings['FOOTER'] = $footer;
?>

A sites position on Google work like this:

Position = Relevance of content * Google Rank

So, knowing my current Google rank is going to be handy. There are a bunch of different ways to discover a sites rank from the Google Toolbar, to a million and one websites. As I want to chart the progress of this site I also need a way to periodically record my results.

I need the following components: a script to periodically measure Page Rank, a database to store the results, and a script to chart the results.

Page Rank Script

After a quick search I came across a great Open Source Google Rank script. This script returns code for a graphic so I rewrote the function pr_image($pagerank) to return a number instead.

The Cron job

I set up a Cron Job to periodically call the following script. (This script is placed outside the html directory for security).

<?php
//Connect to the database
include 'connect.php';

//Include the Page Rank script
include("pagerank.php");

$today = date("Y-m-d");

//Discover the current Page Rank
$gpr= new pageRank();
$gpr->printrank("http://www.matthewbyrne.co.uk");
$pageRank = $gpr->get_pr();

// Insert a row of information into the table
mysql_query("INSERT INTO googlePR (theDate, rank) VALUES('$today','$pageRank' ) ") or die(mysql_error()); 

//We've finished with the database, so close the connection
mysql_close($conn);

?>

Charting the results

The results are displayed live in chart (to the right). This script still needs a bit of work, as it will run off the edge of the graphic after a couple of months, but for now does the job just fine. Also, it looks a lot nicer when the bars are not all zero, so I’m keeping my finger crossed that Google moves me up a rank or too.

<?php
//Connect to the database
include 'connect.php';

//set up image
$height = 120;
$img = ImageCreate(230,$height);
$white = ImageColorAllocate($img,0xFF,0xFF,0xFF);
$black = ImageColorAllocate($img,0x00,0x00,0x00);
$blue = ImageColorAllocate($img,0x14,0x8A,0xD6);
$grey = ImageColorAllocate($img,0xCC,0xCC,0xCC);

//Query databasebase
$query= "SELECT * FROM googlePR_MB";
$data = mysql_query("SELECT * FROM googlePR_MB")
or die(mysql_error()); 

//Build array
$results = array();
while($info = mysql_fetch_array( $data )){
	$reformatDate=date('d M',strtotime($info['theDate']));
	array_push($results, array($reformatDate,$info['rank']));
}
//We've finished with the database, so close the connection
//mysql_close($conn);

$resultCount = count($results);

//Generate bars
for ($i=0;$i<=$resultCount;$i++){
	imageFilledRectangle($img,20+(5*$i),($height-1)-($results[$i][1]*10),20+(5*$i)+3,$height,$blue);
}

//Generate y-scale
for ($j=0;$j<10;$j++){
	ImageString($img,1,8,$height-(10*$j), $j,$grey);
}
//Add titles
ImageString($img,1,20,0,"Google Rank for www.matthewbyrne.co.uk", $black);
ImageString($img,1,20,10, $results[0][0]." - ".$results[$resultCount-1][0],$black);

//Output graphic
header('Content-Type: image/png');
ImagePNG($img);
?>