Creating Volumes from your Data

1. Create a single TAR archive of all your data using tar to preserve permissions, directory structures, etc.

[root@linux archive]# tar -cf home.tar /home
tar: Removing leading `/' from member names
[root@linux archive]# ls -la home.tar
-rw-r--r-- 1 root root 304220160 Apr 30 13:34 home.tar

2. Compress your TAR archive using gzip (or any other compressing program of your choice).

[root@linux archive]# gzip home.tar
[root@linux archive]# ls -la home.tar.gz
-rw-r--r-- 1 root root 284859091 Apr 30 13:34 home.tar.gz

3. Use the split command to chop the compressed archive into smaller segments (I’ll be using 100MB pieces).

[root@linux archive]# split -d -b100m home.tar.gz home.tar.gz.
[root@linux archive]# ls -la
total 556940
drwxr-xr-x 2 root root      4096 Apr 30 13:56 .
drwxr-x--- 6 root root      4096 Apr 30 13:31 ..
-rw-r--r-- 1 root root 284859091 Apr 30 13:34 home.tar.gz
-rw-r--r-- 1 root root 104857600 Apr 30 13:56 home.tar.gz.00
-rw-r--r-- 1 root root 104857600 Apr 30 13:56 home.tar.gz.01
-rw-r--r-- 1 root root  75143891 Apr 30 13:57 home.tar.gz.02

4. Create a MD5 checksum (or a SHA1 checksum).

[root@linux archive]# md5sum home.tar.gz* > MD5SUM
[root@linux archive]# cat MD5SUM
cb16175f4acad02f977f74d5c142879b  home.tar.gz
33c745ca49ab6e63b727658ec148cf67  home.tar.gz.00
14e6952b632fbb7f4c0731067afdb46c  home.tar.gz.01
386655357f8553c7730fd792c22fde2a  home.tar.gz.02

Same thing but creating a SHA1 checksum instead (you don’t need two checksums, I just illustrate to use both types — pick one).

[root@linux archive]# sha1sum home.tar.gz* > SHA1SUM
[root@linux archive]# cat SHA1SUM
3858b51622dc9135c192a7c98dec24ccd35c63d6  home.tar.gz
6bc12b26dc1388d70d1a7cc0290dc6c9e8e0f97e  home.tar.gz.00
0683a44538ac65330fe103440e4f2a4a3a652be5  home.tar.gz.01
eb0f65fd0f4b3d98221e3ae8600f1691b536ad1d  home.tar.gz.02

Restoring your Data from the Volumes

You’ve burned or transferred your volumes and now want to restore them to the original. Here are the steps.

1. Verify the checksum against the volumes (ignore the error on the original file).

[root@linux resurrection]# md5sum --check MD5SUM
md5sum: home.tar.gz: No such file or directory
home.tar.gz: FAILED open or read
home.tar.gz.00: OK
home.tar.gz.01: OK
home.tar.gz.02: OK
md5sum: WARNING: 1 of 4 listed files could not be read

Once again, same deal but with the SHA1SUM file.

[root@linux resurrection]# sha1sum --check SHA1SUM
sha1sum: home.tar.gz: No such file or directory
home.tar.gz: FAILED open or read
home.tar.gz.00: OK
home.tar.gz.01: OK
home.tar.gz.02: OK
sha1sum: WARNING: 1 of 4 listed files could not be read

2. Join the volume pieces together using cat (after you finish you can validate the checksum *again* to see if the original file passes an integrity check).

[root@node2 resurrection]# cat home.tar.gz.* > home.tar.gz
[root@node2 resurrection]# ls -la home.tar.gz
-rw-r--r-- 1 root root 284859091 Apr 30 15:23 home.tar.gz

3. Decompress and extract the tar.gz file contents and you’re done.

[root@linux resurrection]# tar zxvf home.tar.gz
... verbose file list ...
[root@linux resurrection]# ls -la
total 556952
drwxr-xr-x 3 root root      4096 Apr 30 15:33 .
drwxr-x--- 7 root root      4096 Apr 30 15:02 ..
drwxr-xr-x 4 root root      4096 Apr 30 13:06 home
-rw-r--r-- 1 root root 284859091 Apr 30 15:23 home.tar.gz
-rw-r--r-- 1 root root 104857600 Apr 30 15:04 home.tar.gz.00
-rw-r--r-- 1 root root 104857600 Apr 30 15:04 home.tar.gz.01
-rw-r--r-- 1 root root  75143891 Apr 30 15:04 home.tar.gz.02
-rw-r--r-- 1 root root       193 Apr 30 15:05 MD5SUM
-rw-r--r-- 1 root root       225 Apr 30 15:05 SHA1SUM

Contents extracted and there is the home directory. The End.

I got the idea of using the split command from this post on the Ubuntu Forum (how to create multi zip files) because I couldn’t get tar or gzip to create multi-volume archives.

This is the code to create the image. It returns an image resource identifier. Note the use of a custom TrueType font — you’ll need to change that line to the path of a font on your system.

<?php
// generate captcha image - returns image handle
function captcha_image($code_string, $img_width=150, $img_height=40) {
  // seed srand
  srand((double)microtime()*1000000);

  // create image
  $im = @imagecreate($img_width, $img_height) or die("Cannot Initialize new GD image stream");

  // security code
  $security_code = $code_string;

  // define font
  $font = "/usr/fonts/ttf/Georgia.ttf";

  // create some colors
  $black = imagecolorallocate($im, 0, 0, 0);
  $white = imagecolorallocate($im, 255, 255, 255);
  $grey = imagecolorallocate($im, 128, 128, 128);

  // randomness, we need lots of randomness 
  // background color -> 1=black, 2=white, 3=grey (more colors can be added)
  // lines -> black bg (1=white or 2=grey), white bg (1=black or 2=grey), grey bg (black only)
  $randval = rand(1, 3);
  if ($randval == 1) {
    $bgcolor = $black;
    $fontcolor = $white;
    $linecolor = ((rand(0, 1) == 0) ? $black : $white);
  } elseif ($randval == 2) {
    $bgcolor = $white;
    $fontcolor = $black;
    $linecolor = ((rand(0, 1) == 0) ? $black : $white);
  } else {
    $bgcolor = $grey;
    $fontcolor = $black;
    $linecolor = ((rand(0, 1) == 0) ? $black : $grey);
  }

  // line positioning and increment
  $x_start = rand(0, 10);
  $x_size = rand(5, 10);
  $y_start = rand(0, 10);
  $y_size = rand(5, 10);

  // fill with background color
  imagefill($im, 0, 0, $bgcolor);

  // initial x position
  $font_x = 10;

  // write text
  for ($i = 0; $i < strlen($security_code); $i++) {
    // font size -> 20 to 35
    $font_size = rand(25, 35);
    // font angle -> -20 to +20
    $font_angle = rand(0, 20);
    if ($font_angle != 0) { if (rand(0, 1) == 0) { $font_angle = -$fone_angle; } }
    // font y position -> if font_size <= 27 then 30 to 35, if font_size > 27 then 30 to 35
    if ($font_size <= 27) { $font_y = rand(25, 30); } else { $font_y = rand(30, 35); }
    // write the text
    imagettftext($im, $font_size, $font_angle, $font_x, $font_y, $fontcolor, $font, $security_code{$i});
    // one more time to make it bolder
    imagettftext($im, $font_size, $font_angle, $font_x+1, $font_y+1, $fontcolor, $font, $security_code{$i});
    // next font x position
    $font_x += ($font_size + 5);
  }

  // draw horizontal lines
  for ($y = $y_start; $y < $img_height; $y += $y_size) {
    imageline($im, 0, $y, $img_width, $y, $linecolor);
  }
  // draw vertical lines
  for ($x = $x_start; $x < $img_width; $x += $x_size) {
    imageline($im, $x, 0, $x, $img_height, $linecolor);
  }

  // return captcha image handle
  return $im;
}
?>

We need a method for generating random four character strings when the captcha is created and displayed to the user. This function will do the trick.

<?php
function secret_key($length=4) {
  $salt = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
  srand((double)microtime()*1000000);
  $i = 0;
  $skey = "";
  while ($i < $length) {
    $num = rand() % strlen($salt);
    $tmp = substr($salt, $num, 1);
    $skey .= $tmp;
    $i++;
  }
  return $skey;
}
?>

With everything in place, we can generate the secret key, create the captcha, and finally display it to the user using this code.

<?php
// set headers
header("Content-type: image/png");
header("Cache-Control: no-cache");
header("Pragma: no-cache");

// generate secret
$skey = secret_key();

// create captcha and output to browser as PNG image
$im = captcha_image($skey);
@imagepng($im);
@imagedestroy($im);
?>

Here is an example of the code in action. The style looks very similar to the images used on Yahoo’s Overture.

Captcha Demo »

Now you know how to create a captcha, so what about verifying the input against the captcha value? This can be accomplished a variety of ways and everyone tends to have their preference.

• One method is to save the secret key in a session variable. As the image is created, store the key in a session variable and once the form is submitted, check the user’s value against the one stored in the session. If they match, proceed but if they fail, return an error and don’t process the form data.
• If you don’t want to use sessions, you could try using temp files. Store the key in a temp file and pass some value as a query string identifying to the script that the key is in that file. Read in the key and MD5 or SHA1 crypt the key and save it in a hidden form field. When the form is submitted, compare the hashed key against the user input (which you will also hash). Process the form data if the keys match.

You can download the provided source file. Use the PHP file as an image source in your HTML IMG tag.

<img src="http://www.yourdomain.com/captcha.php">

Don’t forget to edit the path to the TrueType font you want to use in the captcha_image function. Failure to do so will lead to missing image characters.

Source Files: captcha.zip

If you want to achieve the same effect, here is how I did it (to see it in action, click on the first three XenoCafe links above). All you need is Apache, mod_rewrite, and htaccess. I’m going to skip the step-by-step configuration stuff to cut down the length of this article. If you need help, you can register for an account and post a question to the comments section for this post.

In this mock setup, I’ll use 10.10.100.34 as the IP address of my web server, example.com as the primary domain I want to redirect to, and ourexamples.com as the domain I want to redirect from (to example.com). This is a three step process that involves creating the zone file(s), adding the redirect domains to your Apache httpd.conf VirtualHost configuration, and finally creating the htaccess mod_rewrite rules to redirect all requests for the new domains to your desired domain.

Create a New Zone File for each Domain you Acquired

The primary domain example.com already has a zone file and is a functioning web site, but for ourexamples.com to work we need to create a zone file for it. Here is an example (we only need the minimum – SOA, NS, and the host for web).

$TTL   21600
$ORIGIN ourexamples.com.
@       IN      SOA     ns1.example.com. hostmaster.example.com. (
                        2008012601      ; serial
                        3600            ; refresh
                        600             ; retry
                        86400           ; expiry
                        21600 )         ; minimum

        IN      NS      ns1.example.com.
        IN      NS      ns2.example.com.

        IN      A       10.10.100.34
www     IN      A       10.10.100.34

Now reload the zone(s) for changes to take effect.

Add the Redirect Domains to the Primary Domain’s VirtualHost Definition (using the ServerAlias directive)

Edit your primary domain’s virtual host entry and add the new domain(s) using the ServerAlias directive. Below is an example of editing the example.com virtual host and adding the new redirection domain ourexamples.com (highlighted line).

<VirtualHost *:80>
    ServerAdmin hostmaster@example.com
    ServerName example.com
    ServerAlias www.example.com
    ServerAlias ourexamples.com www.ourexamples.com
    DocumentRoot /web/example/html
    ScriptAlias /cgi-bin/ /web/example/html/cgi-bin/
    ErrorLog /web/example/logs/error_log
    CustomLog /web/example/logs/access_log combined
    <Directory "/web/example/html">
        AllowOverride All
    </Directory>
</VirtualHost>

Restart Apache to reload the virtual host changes. Next we’ll need to create the htaccess file to configure domain redirection.

Using mod_rewrite to Redirect the Domain Requests

If we were to stop here, the new domain would work, however there is no redirection to your primary domain name. It will simply use the same document root and serve the files without any changes to the URL in the browser address bar. If this is what you desire, then stop here, otherwise continue on to bounce all requests from ourexamples.com to example.com.

In the document root of where your HTML files are stored (where DocumentRoot points to in your Apache VirtualHost definition), create a .htaccess with a text editor. Here is the example.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule (.*) http://www.example.com/$1 [L,R=301]
</IfModule>

In short, what this code does is turn on mod_rewrite’s engine, check the HTTP host to see if it matches www.example.com and also checks for empty references; if either case is a yes it rewrites the URL to http://www.example.com using a permanent redirect (HTTP 301 Redirection header). The $1 appends any portion trailing the domain name from the original (directories and/or pages being accessed). This code also forces the ‘www’ prefix on all requests — http://example.com => http://www.example.com and http://ourexamples.com => http://www.example.com and so on

Before we get started…

There are two preliminary steps to complete before we install Openfire. They aren’t essential to its functionality (you can skip them if you’d like), but they’ll make things easier when it comes to managing the administration for you and your users. Those two steps are setting up a DNS alias for the server host name and creating a MySQL database for the backend instead of using the included embedded database.

» Create a DNS Host Name for your Jabber Server

For this guide I’ll use the host name ‘jabber’ for my Openfire server. I run my own DNS server so I’ll be editing my zone file to add the new alias. If you use a third party service for DNS on your domain then you should know how to add new aliases. If you don’t then you should consult their Support documentation for more information.

Open your zone file in a text editor and add your new alias. Yours may look something like this example when you’re done. The highlighted line is what I added.

$TTL    21600
$ORIGIN mydomain.com.

@       IN      SOA     ns1.my-name-server.com. admin.my-name-server.com. (
                        2007122301      ; serial
                        3600            ; refresh
                        600             ; retry
                        86400           ; expiry
                        21600 )         ; minimum

                IN      NS      ns1.my-name-server.com.
                IN      NS      ns2.my-name-server.com.

                IN      MX      10      mx1.my-mail-server.com.
                IN      MX      20      mx2.my-mail-server.com.

                IN      A       10.0.0.100

www             IN      A       10.0.0.100
ftp             IN      A       10.0.0.100
jabber          IN      A       10.0.0.100

Save your changes, flush the cache and reload the zone.

[root@node1 ~]# rndc flush
[root@node1 ~]# rndc reload

» Create the MySQL Database for Openfire Data

Sometimes a tool like phpMyAdmin comes in handy for managing MySQL databases, however I don’t have it installed on this server. Instead I’ll be adding my Openfire database from the MySQL console. All we need to do is create the database, add an user account that has full control over that database, and reload (flush) the privileges.

[root@node1 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 3 to server version: 5.0.22

Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

mysql> CREATE DATABASE `openfire`;
Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER 'openfire'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.01 sec)

mysql> GRANT USAGE ON *.* TO 'openfire'@'localhost' IDENTIFIED BY 'password' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON `openfire`.* TO 'openfire'@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.02 sec)

mysql> quit
Bye
[root@node1 ~]#

Now that all the preliminaries are out of the way, we can move onto installing Openfire.

Download and Install the Openfire Software

Openfire can be downloaded from the Ignite Realtime web site. As of this writing, the latest version available for download is Openfire 3.4.2 for Linux.

We’ll start by downloading the Openfire RPM via wget.

[root@node1 ~]# wget -O openfire-3.4.2-1.i386.rpm http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm
--12:18:13-- http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.4.2-1.i386.rpm
Resolving www.igniterealtime.org... 63.246.20.125
Connecting to www.igniterealtime.org|63.246.20.125|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40451331 (39M) [application/x-rpm]
Saving to: `openfire-3.4.2-1.i386.rpm'

100%[=====================================================================>] 40,451,331   368K/s   in 1m 52s

12:20:05 (354 KB/s) - `openfire-3.4.2-1.i386.rpm' saved [40451331/40451331]

[root@node1 ~]#

Now install the RPM, start the Openfire service, verify it is actively running, and set it to auto-start whenever your server is rebooted.

[root@node1 ~]# rpm -ivh openfire-3.4.2-1.i386.rpm
Preparing...                ########################################### [100%]
   1:openfire               ########################################### [100%]
[root@node1 ~]# /etc/init.d/openfire start
Starting openfire:
[root@node1 ~]# ps -ef | grep -i openfire
root      2508     1  0 07:35 pts/0    00:00:00 su -s /bin/sh -c /opt/openfire/jre/bin/java -server  -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath "/opt/openfire/lib/startup.jar" -jar "/opt/openfire/lib/startup.jar" daemon
daemon    2511  2508 37 07:35 ?        00:00:07 /opt/openfire/jre/bin/java -server -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath /opt/openfire/lib/startup.jar -jar /opt/openfire/lib/startup.jar
root      2526  2414  1 07:35 pts/0    00:00:00 grep -i openfire
[root@node1 ~]# chkconfig --level 235 openfire on
[root@node1 ~]#

Open Ports in your Firewall

If you have a firewall in place you’ll need to open some ports before we can start configuring Openfire through its web interface. Openfire uses ports 5222, 7777, 9090, 9091 for client connections, file transfer proxy, http web administration and the secured administration respectively. If you use iptables tables like I do, add these lines to your /etc/sysconfig/iptables rules file and reload. See my RedHat IPTables Tutorial on XenoCafe for more information on configuring iptables from the ground up.

-A INPUT -p tcp -i eth0 --dport 5222 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 5222 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 7777 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 7777 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 9090 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 9090 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 9091 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 9091 -j ACCEPT

Then reload iptables to accept the new directives.

[root@node1 ~]# iptables-restore < /etc/sysconfig/iptables

Configure Openfire through its Web Interface

1. Launch your favorite browser and go to http://your_jabber_server_ip_address:9090 or if you set up a DNS alias http://jabber.mydomain.com:9090 to go to the Openfire web interface. You’ll be greeted by Openfire’s setup tool. In the first step, select your language. Here we choose English.

2. The next step is to set the server domain. If you opted for an IP address name, enter your server’s IP. If you opted to create a DNS alias, enter the DNS server domain. Here we created jabber.mydomain.com so we’ll enter that. By default the Openfire web interface console ports are 9090 and 9091 for standard and secure respectively. You can use other ports if you wish (NOTE: you’ll have to change your firewall settings if you use different ports), but for this guide we’re sticking with the default values.

3. You have two choices regarding which database to use for Openfire to store its data: an external database like MySQL, MSSQL, PostgreSQL, etc… or to use the bundled embedded database. If you setup a MySQL database like we did in this guide then select the Standard Database Connection option. If you didn’t, the only choice is to use the Embedded Database.

4. To set up your database connection, select the appropriate driver from the Database Driver Presets list (we set up a MySQL database so we’ll select MySQL). The page will refresh and you need to fill in the necessary information (the database host, name, username, and password). You should have this information from when you setup your MySQL database. Per this guide, MySQL is on the same server as my Openfire installation (localhost) and I created a database called ‘openfire’ with a username of ‘openfire’ and set a password.

5. The profile step has to do with the users and groups of chat members and where Openfire will store that information (new users, user groups, etc…). We won’t opt for LDAP to store this information. It is much more convenient to save it in our in our database.

6. We’re almost done. Enter the administrator email address (your email address) and set a password for your Openfire server.

7. Now you’re done! Pat yourself on the back. Click the Login to admin console button.

8. Type in the Openfire admin password you entered in Step 6 and click the Login button.

Welcome to the Openfire Administration Console. Take a look around and get familiar with the layout.

Time to Make Some Openfire Configuration Changes

Your Openfire installation will work out of the box and you can skip this section if you want, but for this tutorial I wanted to make some changes. Namely, I want my server to follow some rules so there is no chaos.

1. I don’t want any other servers to be able to communicate with mine (it’s private and self sufficient)
2. I define the member base so anonymous users cannot create accounts (ideal for an office environment)
3. Finally, all communication between clients and the server is encrypted (force jabber clients to use SSL)

Follow along if you want to use any of these features or jump ahead to the Creating Users and Groups for Jabber Clients section.

1. On the left under Server Settings, click the Server to Server link. In the top panel Service Enabled, choose the Disabled option and click Save Settings.

2. Click the Registration & Login link in the left side menu. Disable both options under Inband Account Registration and Anonymous Login. We’ll leave the Change Password option alone to let users update their passwords as they see fit. Click the Save Settings button at the bottom of the page.

3. Click the Security Settings link on the left. Under Client Connection Security, choose the Required option to force jabber clients to use SSL (NOTE: If the client doesn’t support SSL and this option is enabled, the client will not be able to connect to the server). Click the Save Settings button.

Openfire SSL Certificates

Openfire creates self-signed SSL Certificates by default. Remember the port 9091 from before? If you ever want to access this administration console from a Secure Connection, then you’ll need to restart the Openfire HTTP Server.

Click the Server Certificates link on the left menu.

Click the link in the highlight section.

Openfire will restart the HTTP Web Server and kick you back to the login screen. Log back in and the SSL Certificate should now be in use and you can access the console from SSL.

Creating Users and Groups for Jabber Clients

Since we’re creating a jabber server for a mock office environment, we prohibit anonymous users from creating accounts. Because of this, we will manage all users and groups on a global scale through our Openfire server. This means, all groups and users will be pushed to the clients that log in so they don’t have to add every single user account or group to their client. Also, any changes happen in real-time on the client (new users or groups added, removed, etc…). Kind of cool, huh? This is accomplished through Contact Group List Sharing.

We’ll be creating a mock Developer “Devel” group and add some users to it. Click on the Users/Groups tab on the top.

1. Go to Create New User under the Users section on the left. Fill in the Username, Password, and Confirm Password fields and click the Create User button.

Repeat this process to add all the users you want on your server.

2. Go to Create New Group under the Groups section on the left. Fill in the Group Name and an optional Description. Click the Create Group button.

3. The group has been added. Now we’ll share the contact list so it’s global to all jabber clients that connect to our server. Under the Contact List (Roster) Sharing section, click the Enable contact list group sharing option. In the name field, type in the same name as set for the group. Click the Save Contact List Settings button.

4. Scroll down the page and type in an user name to the Add User field and click the Add button.

Now we have one member in our group. Repeat this for each user you want assigned to this group.

Setting up a Jabber Client (Spark 2.5.8 for Windows)

Our Openfire Jabber Server is useless unless we have clients connect to it and communicate through it. We’ll use Spark from Ignite Realtime. If that doesn’t suit you then you are open to use another jabber client since there are many of them out there (see the client from jabber.org).

1. Download Spark, install it, and launch it.

2. Type in your Openfire user credentials (Username and Password). In the Server field, type in the Openfire Servers IP address or DNS alias. Click the Login button.

3. The contact list will appear once you have successfully logged in. The shared group(s) will be visible (NOTE: groups with no online users will be hidden unless you select the Show empty groups option from the Contacts menu) along with the users of those groups. My contacts are not online as you can see from the picture below.

You’re done. You now have the essentials of configuring your own Jabber server and clients.

This is my last tutorial, guide, howto, whatever you want to call it for 2007. Happy New Year!

1. Start by downloading the small 7.3MB CentOS-5.1-i386-netinstall.iso image and burn it to a disc. There’s also an x86_64 architecture image available that you can download if that’s the type of hardware you’re using.

2. Boot up the designated CentOS PC with your netinstall disc and wait for it to get to boot screen.

Press Enter for the GUI install or type linux text and press Enter for text mode installation.

3. Choose your language. The default selection is English.

Is English your primary language? It is for me.

4. Choose your keyboard type. The default is a US keyboard layout.

My keyboard is as basic as they come. So I’m choosing US.

5. Choose the installation method. For this guide I perform a HTTP install and get the packages from kernel.org.

6. Now it’s time to configure the TCP/IP settings. If you want to acquire an IP from a DHCP server or have no idea what your network settings are, then leave everything on the defaults. However, if you want to use a static IP and save yourself the trouble of editing /etc/sysconfig/network-scripts/ifcfg-eth0 or running setup later, then choose Manual configuration. I don’t have an IPv6 network, so I’ll be using IPv4.

7. Skip this step if you chose DHCP. On this screen enter your network settings (IP address, subnet mask, default gateway, and a dns name server).

8. Enter the web server and directory path to the CentOS packages to get this installation started. I’ll be using the server mirrors.kernel.org. The directory path is centos/5.1/os/i386.

9. Go get something to drink. Retrieving the image may take a while.

10. Follow the rest of the prompts to install CentOS. It’s the same as if you’re doing it from DVD or CD’s, just takes longer because all packages are downloaded. So select your packages, set the root password, etc… The installation time will depend on how many packages you select.

1. Here’s a code snippet to achieve a search for a single field across all tables in a specified database.

<?php
// variables
$dbname = 'my_db';
$dbfield = 'my_field';
// connect to database
$dblink = mysql_connect('localhost', 'user', 'password');
if ($dblink) {
  mysql_select_db($dbname, $dblink);
} else {
  die('Failed to connect to DB');
}
// get table list
$query = "show tables";
$result = mysql_query($query, $dblink);
// loop through table names
while (list($table) =  mysql_fetch_row($result)) {
  // get table description
  $query = "describe $table";
  $result2 = mysql_query($query, $dblink);
  // loop through table description fields
  while ($row = mysql_fetch_array($result2, MYSQL_ASSOC)) {
    // does this field match what we're looking for?
    if ($row['Field'] == $dbfield) {
      echo "Found '".$row['Field']."' in table => $table\n";
    }
  }
  mysql_free_result($result2);
}
mysql_free_result($result);
?>

2. This is a variant to achieve a search for an array of fields across all tables in a specified database.

<?php
// variables
$dbname = 'my_db';
$dbfields = array('my_field1','my_field2','my_field3');
// connect to database
$dblink = mysql_connect('localhost', 'user', 'password');
if ($dblink) {
  mysql_select_db($dbname, $dblink);
} else {
  die('Failed to connect to DB');
}
// get table list
$query = "show tables";
$result = mysql_query($query, $dblink);
// loop through table names
while (list($table) =  mysql_fetch_row($result)) {
  // get table description
  $query = "describe $table";
  $result2 = mysql_query($query, $dblink);
  // loop through table description fields
  while ($row = mysql_fetch_array($result2, MYSQL_ASSOC)) {
    // does this field match any in the array?
    if (in_array($row['Field'], $dbfields)) {
      echo "Found '".$row['Field']."' in table => $table\n";
    }
  }
  mysql_free_result($result2);
}
mysql_free_result($result);
?>

3. And finally, this version searches for an array of fields across all tables and databases in MySQL.

<?php
// variables
$dbfields = array('my_field1','my_field2','my_field3');
// connect to database
$dblink = mysql_connect('localhost', 'user', 'password');
if (!$dblink) {
  die('Failed to connect to DB');
}
// get databases list
$query = "show databases";
$result = mysql_query($query, $dblink);
// loop through table names
while (list($dbname) =  mysql_fetch_row($result)) {
  mysql_select_db($dbname);
  // get table list
  $query = "show tables";
  $result2 = mysql_query($query, $dblink);
  // loop through table names
  while (list($table) =  mysql_fetch_row($result2)) {
    // get table description
    $query = "describe $table";
    $result3 = mysql_query($query, $dblink);
    // loop through table description fields
    while ($row = mysql_fetch_array($result3, MYSQL_ASSOC)) {
      // does this field match what we're looking for?
      if (in_array($row['Field'], $dbfields)) {
        echo "Found '".$row['Field']."' in table => $table of database => $dbname\n";
      }
    }
    mysql_free_result($result3);
  }
  mysql_free_result($result2);
}
mysql_free_result($result);
?>

Be sure to change the variables $dbname, $dbfields, and the mysql_connect options before using these scripts. You can run them by typing

php -f /path/filename

on the command-line or from your web server. If run from the web, change the new line (\n) to a HTML line break (<br>).

Source Files: db-search-fields.zip

I’m writing this article because I’m a victim of people placing links to my images on their site’s without my permission, slowly eating away at the bandwidth I’m paying for, not them. If you’re reading this, it’s likely that the same thing is happening to you and you’re sick of it. With that said, let’s get started.

I make the assumption that you’re using Apache and have root access to your server because you’ll need to see if you have mod_rewrite enabled. If you happen to be in a hosted environment, log in to your control panel and check the documentation for managing .htaccess files. Some control panels like CPanel already have built-in modules that are designed to handle hotlink protection. If you have a dedicated server, log in through SSH or locally if you have that ability.

1. Check to see if the mod_rewrite module is enabled in the Apache httpd.conf file.

nano /etc/httpd/conf/httpd.conf

Look for the “Dynamic Shared Object (DSO) Support” section and make sure you have the following line.

LoadModule rewrite_module modules/mod_rewrite.so

If it is commented out with a # before LoadModule, delete the # and save the change. Restart Apache with

service httpd restart

or

/etc/init.d/httpd restart

for the change to take effect. If mod_rewrite is completely missing from your Apache config, then you may want to take a look at this article on how to configure Apache.

2. Create a .htaccess in your web site’s html root directory or a subdirectory where you want to disable hotlinking. For this example, I only want to disable hotlinking to all image types (gif, jpeg, png, and bmp bitmaps) and have Apache return a HTTP 403 Forbidden error to the leech site. You can block any file type you want, such as pdf’s, mp3’s, etc. You could also serve up an error image to the leech saying something to the effect of “This image was hotlinked from www.yourdomain.com.”

touch .htaccess
nano .htaccess

3. Add this code to your .htaccess file, make the appropriate changes like changing yourdomain.com to your actual domain name, and finally save the .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yourdomain\.com [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [NC,F]
</IfModule>

The matching is done with regular expressions, so you’ll need to know that before you can do complex cases. In short, what this code does is first look for empty referrers, matches your domain by any or no specified subdomains (case insensitive [NC]), rewrite the URL if any jpeg, jpg, gif, bmp, or png is requested (case insensitive [NC]) with a 403 Forbidden ([F]).

By issuing a 403 Forbidden, no image content will be sent back to the leech server, therefore your bandwidth will not be bled dry by hotlinking. As I mentioned earlier, you can send back an error image in place of the actual requested image, however you’ll need to change the RewriteRule line to something like this.

RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/sorry.jpe [L]

Take note at the returned image file name. We send back a jpeg variant (JPE) because we’re set on blocking the other image types. If you send back a file type that you’re blocking, you’ll likely get a 500 Internal Server Error like I did when I first set up hotlink protection. It makes sense, why send back what you’re blocking in the first place. I opted for the 403 Forbidden approach for my sites instead.

Sources:
http://altlab.com/htaccess_tutorial.html
http://www.dagondesign.com/articles/hotlink-protection-with-htaccess/

This little tutorial will show you how to create custom SquirrelMail login pages for many virtual hosts, or in plain English, you have one copy of SquirrelMail and host many web sites on a single server. The purpose is to provide a unique login page for each web site domain without installing multiple copies of SquirrelMail. This is very useful if you are running a webhosting business or you host your friend’s web sites (like I do) and you don’t want SquirrelMail branded with your name but theirs. If that isn’t a good enough reason then how about the fact that the default SquirrelMail login page is boring and you should jazz it up with a custom web site theme.

The following screenshots are examples of some webmail login pages on my server. They all use the same copy of SquirrelMail (version 1.4.6) but with my tweaks each domain has a custom login page.

This walkthrough makes the assumption that you have HTML, PHP, and some graphic design skills. To edit the SquirrelMail files you should know how to copy and paste and understand PHP, but to create your own custom templates you’ll need to know HTML, PHP, and graphics. You should also have root access to your server or have the ability to upload the modified SquirrelMail files to your server. The other obvious assumption is that you have SquirrelMail 1.4.6 installed and configured on your server (using another version of SquirrelMail may work, but I don’t know how much their code changed between revisions). If you don’t have SquirrelMail installed then you can check out my SquirrelMail 1.4.6 tutorial on XenoCafe. With that said, let’s get started.

1. You should already know where SquirrelMail is installed on your server and have it configured for each domain that accesses it. For this howto I’ll use the example directory location of /www/webmail/html/ and the Apache virtual host file for webmail has a ServerAlias directive set for each domain (webmail.domain1.com, webmail.domain2.com, etc…). See my Apache Web Server tutorial for more information on setting up virtual hosts.

2. The way I accomplished custom webmail login pages was to create a directory in /www/webmail/html/ called hosts. This directory is where all your templates are stored for each custom webmail login page and their associated images. Start by creating a host directory in your webmail root directory (for clarification, this is the same top level directory where the SquirrelMail "src" directory exists).

cd /www/webmail/html/
mkdir hosts

3. There are three SquirrelMail PHP files that we’ll need to edit. The primary one is called global.php that resides in the functions directory. We’ll insert our custom function called show_login_page that makes custom logins possible. Let’s take a look at this login page function we’re creating.

function show_login_page( $errTitle="", $errString="" ) {

  $httphost = strtolower( $_SERVER["HTTP_HOST"] );

  switch ($httphost) {
    case "webmail.domain1.com":
      require( SM_PATH . "hosts/domain1/domain1.php" );
      break;

    case "domain2.com":
    case "www.domain2.com":
    case "webmail.domain2.com":
      include( SM_PATH . "hosts/domain2/domain2.php" );
      break;

    default:
      require( SM_PATH . "hosts/default/default.php" );
      break;
  }

}

This function accepts two arguments ($errTitle and $errString). You’ll learn about these later when we modify one of the other SquirrelMail files. $httphost contains the server name of which web site the user is visiting. This is acquired from the global $_SERVER["HTTP_HOST"] PHP variable. We use a switch/case structure to evaluate the HTTP HOST name. Depending on which host is visited the custom template for that host is shown for the login page. The host names are set up through Apache virtual hosts and DNS, in the case of the webmail subdomain. For www.domain.com and domain.com, it is assumed access to the site is coming from a /webmail directory. That can be established via symbolic links like so.

ln -s /www/webmail/html/ /www/domain/html/webmail

So webmail can be accessed from http://webmail.domain.com or from http://www.domain.com/webmail since both paths map to the same physical space. You’ll see the PHP include function being used once a host is matched. The include function inserts your custom login page’s code as part of the HTML output to the web browser. The path to the PHP page is within the hosts directory we created earlier. For each host you want to serve custom logins you’ll create a subdirectory within hosts (I use the domain name without the ending .com, .net, etc). You’ll store your custom login page and image files within that domain directory. The last part of the switch/case is the default login page. This is shown when there are no HTTP HOST matches and thus displays the default SquirrelMail login page.

Open up the functions/global.php file in a text editor and add the show_login_page function to the end of the file right above the ending ?> PHP tag. Customize the hosts for your server and save the file when you’re done.

4. Next we’ll edit the src/login.php page. We’re basically gonna strip out parts of the exsiting SquirrelMail code and replace it with a call to our show_login_page function. Make a backup copy of login.php and open the original in a text editor. Delete everything in the file and insert this code.

<?php

/**
 * login.php -- simple login screen
 *
 * Copyright (c) 1999-2006 The SquirrelMail Project Team
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * This a simple login screen. Some housekeeping is done to clean
 * cookies and find language.
 *
 * @version $Id: login.php,v 1.98.2.11 2006/02/03 22:27:55 jervfors Exp $
 * @package squirrelmail
 */

/**
 * Path for SquirrelMail required files.
 * @ignore
 */
define("SM_PATH","../");

/* SquirrelMail required files. */
require_once(SM_PATH . "functions/strings.php");
require_once(SM_PATH . "config/config.php");
require_once(SM_PATH . "functions/i18n.php");
require_once(SM_PATH . "functions/plugin.php");
require_once(SM_PATH . "functions/constants.php");
require_once(SM_PATH . "functions/page_header.php");
require_once(SM_PATH . "functions/html.php");
require_once(SM_PATH . "functions/global.php");
require_once(SM_PATH . "functions/forms.php");

/**
 * $squirrelmail_language is set by a cookie when the user selects
 * language and logs out
 */
set_up_language($squirrelmail_language, TRUE, TRUE);

/**
 * Find out the base URI to set cookies.
 */
if (!function_exists("sqm_baseuri")){
    require_once(SM_PATH . "functions/display_messages.php");
}
$base_uri = sqm_baseuri();

/*
 * In case the last session was not terminated properly, make sure
 * we get a new one.
 */

sqsession_destroy();

header("Pragma: no-cache");

do_hook("login_cookie");

$loginname_value = (sqGetGlobalVar("loginname", $loginname) ? htmlspecialchars($loginname) : "");

if(sqgetGlobalVar("mailto", $mailto)) {
    $rcptaddress = "<input type=\"hidden\" name=\"mailto\" value=\"$mailto\" />\n";
} else {
    $rcptaddress = "";
}

show_login_page();

?>

Save your changes when you’re done and then we’ll move on to the last file.

5. The last file we edit is functions/display_messages.php. This file contains functions to display any messages (error or otherwise) on the screen, such as login failures, IMAP failures, etc. We need to change the logout_error function so when a login failure occurs that our custom page is shown instead of the default SquirrelMail version. Replace the logout_error function with this code.

function logout_error( $errString, $errTitle = "" ) {

    list($junk, $errString, $errTitle) = do_hook("logout_error", $errString, $errTitle);

    if ( $errTitle == "" ) {
        $errTitle = $errString;
    }

   show_login_page($errTitle, $errString);

}

If you were wondering about those arguments to our show_login_page function, now you can see what they’re for. SquirrelMail uses a hook to capture error messages on events. All we are doing is passing those error values to our login page function. When you intially go to the page, no errors are shown. If you login in and provide invalid information, our same login page will be shown again, but this time it’ll have the error messages within it. It’s similar to a postback but the URL is different. When we defined our login page function, we initialized those arguments with default null string values so no errors would show. When logout_error is called we pass the errors so they will be shown.

6. SquirrelMail’s PHP files are done so what’s left is to go over the steps of creating a custom login theme. I’ll now go over the parts you need to include when creating a template. Here is an example of the default template.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>
<meta name="robots" content="noindex,nofollow">
<link rel="stylesheet" type="text/css" href="../themes/css/verdana-10.css" />
<title>Domain - Login<?php echo (($errTitle != "" ) ? " - ".$errTitle : ""); ?></title><script language="JavaScript" type="text/javascript">
<!--
  function squirrelmail_loginpage_onload() {
    document.forms[0].js_autodetect_results.value = "<?php echo SMPREF_JS_ON; ?>";
    var textElements = 0;
    for (i = 0; i < document.forms[0].elements.length; i++) {
      if (document.forms[0].elements[i].type == "text" || document.forms[0].elements[i].type == "password" ) {
        textElements++;
        if (textElements == <?php echo (isset($loginname) ? 2 : 1); ?>) {
          document.forms[0].elements[i].focus();
          break;
        }
      }
    }
  }
// -->
</script>

<style type="text/css">
<!--
  /* avoid stupid IE6 bug with frames and scrollbars */
  body {
      voice-family: "\"}\"";
      voice-family: inherit;
      width: expression(document.documentElement.clientWidth - 30);
  }
-->
</style>

</head>

<body text="#000000" bgcolor="#ffffff" link="#0000cc" vlink="#0000cc" alink="#0000cc" onLoad="squirrelmail_loginpage_onload();">
<form action="redirect.php" method="post">
<table bgcolor="#ffffff" border="0" cellspacing="0" cellpadding="0" width="100%"><tr><td align="center"><center><img src="http://webmail.domain.com/images/domain_logo.gif" alt="Domain Logo" width="180" height="50" /><br />
<small>SquirrelMail version 1.4.6<br />
  By the SquirrelMail Project Team<br /></small>
<table bgcolor="#ffffff" border="0" width="350"><tr><td bgcolor="#dcdcdc" align="center"><b>Domain Login</b>
</td>
</tr>
<tr><td bgcolor="#ffffff" align="left">
<table bgcolor="#ffffff" align="center" border="0" width="100%"><tr><td align="right" width="30%">Name:</td>
<td align="left" width="*"><input type="text" name="login_username" value="<?php echo $loginname_value; ?>" />
</td>
</tr>

<tr><td align="right" width="30%">Password:</td>
<td align="left" width="*"><input type="password" name="secretkey" />
<input type="hidden" name="js_autodetect_results" value="<?php echo SMPREF_JS_OFF; ?>" />
<?php echo $rcptaddress; ?>
<input type="hidden" name="just_logged_in" value="1" />
</td>
</tr>
</table>
</td>
</tr>
<tr><td align="left"><center><input type="submit" value="Login" />
</center></td>
</tr>
</table>
</center>
<br><?php if ($errString != "" ) { echo "<center><font size=\"2\" face=\"Arial, Helvetica, sans-serif\" color=\"#ff0000\"><strong>$errString</strong></font></center>"; } ?>
</td>
</tr>
</table>
</form>
</body></html>

The code pieces in bold should be included in your template. I won’t go in depth over the code, that’s why I said you should know HTML and PHP.

I’ve included a zip file containing the altered PHP files and a couple templates to give you examples to follow when creating your own custom login pages. Be sure to read the README file included in the zip.

Source Files: sqmail-custom-logins.zip

This mini howto is for information on getting started with Google Sitemaps. Using Google Sitemaps isn’t difficult, but I felt like writing a simple walkthrough for everyone just in case they might be having problems getting started. Please note these instructions assume your web site is hosted on Linux and you have shell access to the server. Google offers a free service called Google Sitemaps that lets you submit all your web site URLs so their spiders know when they have changed and can produce smarter and fresher search results. Google Sitemaps actually does more than that. In fact it tells you if you have any broken links, what search terms your links are showing up under in the search engine result pages (SERPs), and which terms people are clicking on. It’s a neat little service.

http://www.google.com/webmasters/sitemaps/

Here’s how it works in a nutshell.

1. Create a free account with Google or if you have a Gmail account you can use those credentials to log in.

2. Once you log in, you tell Sitemaps your web site address and then it asks you to verify it’s your web site.

3. To verify that the web site is indeed yours, Google gives you a couple of options to verify. One verification method is creating a html file in your webspace. The other is adding a meta tag to a web page. I opt for the file creation so I don’t have to do any editing.

Create an empty file and give it the name of the Google HTML. In this case it’s google4c293907f2980933.html. If you have SSH or Telnet access to your web site, you can also log in and use the touch command to create the file.

touch google4c293907f2980933.html

After you upload or touch the HTML file, click the Verify button. Once verified, click on the Sitemaps tab.

4. Now you need to add a sitemap for your web site. You can create your sitemap by hand or use the Google Sitemap Generator Python script. It’s easier to use the script because all you do is create a URL list and run the sitemap generator and it’ll create the XML file for you.

You can download the Google Sitemap Generator (sitemap_gen-1.4.tar.gz) to your webspace, extract the contents, and then configure it.

tar zxvf sitemap_gen-1.4.tar.gz
cd sitemap_gen-1.4

5. You need to configure sitemap generator for your web site. First you should make a copy of the example files (example_config.xml and exemple_urllist.txt) to names without the preceding ‘example_’.

cp example_config.xml config.xml
cp example_urllist.txt urllist.txt

Since this is a mini howto I won’t go over every single option or advanced configurations. The purpose is to set up a simple, yet working, sitemap configuration. Open config.xml in a text editor. You’ll see a LOT of comments which you should read. To make your life easier, here is a simple configuration that will work. You can delete everything in config.xml and paste this in its place.

<?xml version="1.0" encoding="UTF-8"?>
<site
base_url="http://www.example.com/"
store_into="/var/www/docroot/sitemap.xml.gz"
verbose="1"
>
<urllist  path="urllist.txt"  encoding="UTF-8"  />
<filter  action="drop"  type="wildcard"  pattern="*~" />
<filter  action="drop"  type="regexp"    pattern="/\\.[^/]*" />
</site>

The items in bold you replace with your information. To get your webspace root directory path you can use the pwd command or ask your hosting provider. When you’re done you should save your changes.

Now edit your URL list. Open urllist.txt in your text editor and start adding your URLs. Here is an example.

...
# Example contents of the file:
#
# http://www.example.com/foo/bar
# http://www.example.com/foo/xxx.pdf lastmod=2003-12-31T14:05:06+00:00
# http://www.example.com/foo/yyy?x=12&y=23 changefreq=weekly priority=0.3

# Your new URLs
http://www.example.com/
http://www.example.com/index.html
http://www.example.com/contact.html

If you require more advanced usage then follow the examples in the urllist.txt file. When you’re done adding your URLs, save your changes. It’s time to generate the actual Sitemap XML file.

6. To build your Sitemap XML file you must have Python on your server since the Google Sitemap Generator is a Python script. Here is the command to build your XML.

python sitemap_gen.py --config=config.xml

Here you can see it in action

[root@develbox sitemap_gen]# python sitemap_gen.py --config=config.xml
Reading configuration file: config.xml
Opened URLLIST file: urllist.txt
Sorting and normalizing collected URLs.
Writing Sitemap file "/web/domain/html/sitemap.xml.gz" with 3990 URLs
Notifying search engines.
Notifying: www.google.com
Count of file extensions on URLs:
2999  .html
990  .php
1  /
Number of errors: 0
Number of warnings: 0
[root@develbox sitemap_gen]#

To make life easier like I did you can make a bash script with the build command and just execute that. Save it to a file named build_sitemap and chmod 755 it.

#!/bin/bash
python sitemap_gen.py --config=config.xml

7. Back in the Google Sitemaps web site, you need to specify the URL to the Sitemaps XML file so Google can check your XML file on a periodic basis.

On the Sitemaps tab, select Add General Web Sitemap from the dropdown control and in item 3, type in the URL of your sitemap. Google provides you an example below. Click the Add Web Sitemap button.

When you build your sitemap, the XML file is gzip compressed so a .gz extension is added which makes it sitemap.xml.gz. Also, depending on the path you specified in config.xml for site:store_into, that will determine your XML file’s URL. It’s easier to keep your Sitemap XML file in top level of your webspace so its URL can be http://www.yourdomain.com/sitemap.xml.gz. Besides, it’s not like you’re storing national secrets if someone other than Google downloads your sitemap file.

8. You’re done. Now you can play the waiting game. It may take a while for Google’s spiders to get to all of your pages, but they will eventually. Browse around Google Sitemaps and check out the features. It’s a nifty tool.

Remember, whenever you update your site you should update your URL list (urllist.txt) too, such as removing deleted pages and adding the new ones. Anytime you make a change you should rebuild the Sitemap XML file. Once it’s rebuilt, the Python script will notify Google and your fresh sitemap will be downloaded in a minute or so.