Newbie: Intro to cron
Date: 30-Dec-99
Author: cogNiTioN <cognition@attrition.org>

Cron

This file is an introduction to cron, it covers the basics of what cron does,
and how to use it.

What is cron?

Cron is the name of program that enables unix users to execute commands or
scripts (groups of commands) automatically at a specified time/date. It is
normally used for sys admin commands, like makewhatis, which builds a
search database for the man -k command, or for running a backup script,
but can be used for anything. A common use for it today is connecting to
the internet and downloading your email.

This file will look at Vixie Cron, a version of cron authored by Paul Vixie.

How to start Cron

Cron is a daemon, which means that it only needs to be started once, and will
lay dormant until it is required. A Web server is a daemon, it stays dormant
until it gets asked for a web page. The cron daemon, or crond, stays dormant
until a time specified in one of the config files, or crontabs.

On most Linux distributions crond is automatically installed and entered into
the start up scripts. To find out if it's running do the following:

cog@pingu $ ps aux | grep crond
root       311  0.0  0.7  1284  112 ?        S    Dec24   0:00 crond
cog       8606  4.0  2.6  1148  388 tty2     S    12:47   0:00 grep crond

The top line shows that crond is running, the bottom line is the search
we just run.

If it's not running then either you killed it since the last time you rebooted,
or it wasn't started.

To start it, just add the line crond to one of your start up scripts. The
process automatically goes into the back ground, so you don't have to force
it with &. Cron will be started next time you reboot. To run it without
rebooting, just type crond as root:

root@pingu # crond

With lots of daemons, (e.g. httpd and syslogd) they need to be restarted
after the config files have been changed so that the program has a chance
to reload them. Vixie Cron will automatically reload the files after they
have been edited with the crontab command. Some cron versions reload the
files every minute, and some require restarting, but Vixie Cron just loads
the files if they have changed.

Using cron

There are a few different ways to use cron (surprise, surprise). 

In the /etc directory you will probably find some sub directories called
'cron.hourly', 'cron.daily', 'cron.weekly' and 'cron.monthly'. If you place
a script into one of those directories it will be run either hourly, daily,
weekly or monthly, depending on the name of the directory. 

If you want more flexibility than this, you can edit a crontab (the name
for cron's config files). The main config file is normally /etc/crontab.
On a default RedHat install, the crontab will look something like this:

root@pingu # cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

The first part is almost self explanatory; it sets the variables for cron.

SHELL is the 'shell' cron runs under. If unspecified, it will default to
the entry in the /etc/passwd file.

PATH contains the directories which will be in the search path for cron
e.g if you've got a program 'foo' in the directory /usr/cog/bin, it might
be worth adding /usr/cog/bin to the path, as it will stop you having to use
the full path to 'foo' every time you want to call it.

MAILTO is who gets mailed the output of each command. If a command cron is
running has output (e.g. status reports, or errors), cron will email the output
to whoever is specified in this variable. If no one if specified, then the
output will be mailed to the owner of the process that produced the output.

HOME is the home directory that is used for cron. If unspecified, it will
default to the entry in the /etc/passwd file.

Now for the more complicated second part of a crontab file.
An entry in cron is made up of a series of fields, much like the /etc/passwd
file is, but in the crontab they are separated by a space. There are normally
seven fields in one entry. The fields are:

minute hour dom month dow user cmd

minute	This controls what minute of the hour the command will run on,
	 and is between '0' and '59'
hour	This controls what hour the command will run on, and is specified in
         the 24 hour clock, values must be between 0 and 23 (0 is midnight)
dom	This is the Day of Month, that you want the command run on, e.g. to
	 run a command on the 19th of each month, the dom would be 19.
month	This is the month a specified command will run on, it may be specified
	 numerically (0-12), or as the name of the month (e.g. May)
dow	This is the Day of Week that you want a command to be run on, it can
	 also be numeric (0-7) or as the name of the day (e.g. sun).
user	This is the user who runs the command.
cmd	This is the command that you want run. This field may contain
	 multiple words or spaces.

If you don't wish to specify a value for a field, just place a * in the
field.

e.g.
01 * * * * root echo "This command is run at one min past every hour"
17 8 * * * root echo "This command is run daily at 8:17 am"
17 20 * * * root echo "This command is run daily at 8:17 pm"
00 4 * * 0 root echo "This command is run at 4 am every Sunday"
* 4 * * Sun root echo "So is this"
42 4 1 * * root echo "This command is run 4:42 am every 1st of the month"
01 * 19 07 * root echo "This command is run hourly on the 19th of July"

Notes:

Under dow 0 and 7 are both Sunday.

If both the dom and dow are specified, the command will be executed when
either of the events happen.
e.g.
* 12 16 * Mon root cmd
Will run cmd at midday every Monday and every 16th, and will produce the
same result as both of these entries put together would:
* 12 16 * * root cmd
* 12 * * Mon root cmd

Vixie Cron also accepts lists in the fields. Lists can be in the form, 1,2,3
(meaning 1 and 2 and 3) or 1-3 (also meaning 1 and 2 and 3).
e.g.
59 11 * * 1,2,3,4,5 root backup.sh
Will run backup.sh at 11:59 Monday, Tuesday, Wednesday, Thursday and Friday,
as will:
59 11 * * 1-5 root backup.sh 

Cron also supports 'step' values.
A value of */2 in the dom field would mean the command runs every two days
and likewise, */5 in the hours field would mean the command runs every
5 hours.
e.g.
* 12 10-16/2 * * root backup.sh
is the same as:
* 12 10,12,14,16 * * root backup.sh

*/15 9-17 * * * root connection.test
Will run connection.test every 15 mins between the hours or 9am and 5pm

Lists can also be combined with each other, or with steps:
* 12 1-15,17,20-25 * * root cmd
Will run cmd every midday between the 1st and the 15th as well as the 20th
and 25th (inclusive) and also on the 17th of every month.
* 12 10-16/2 * * root backup.sh
is the same as:
* 12 10,12,14,16 * * root backup.sh

When using the names of weekdays or months, it isn't case sensitive, but only
the first three letters should be used, e.g. Mon, sun or Mar, jul.

Comments are allowed in crontabs, but they must be preceded with a '#', and
must be on a line by them self.  


Multiuser cron

As Unix is a multiuser OS, some of the apps have to be able to support
multiple users, cron is one of these. Each user can have their own crontab
file, which can be created/edited/removed by the command crontab. This
command creates an individual crontab file and although this is a text file,
as the /etc/crontab is, it shouldn't be edited directly. The crontab file is
often stored in /var/spool/cron/crontabs/<user> (Unix/Slackware/*BSD),
/var/spool/cron/<user> (RedHat) or /var/cron/tabs/<user> (SuSE),
but might be kept elsewhere depending on what Un*x flavor you're running.

To edit (or create) your crontab file, use the command crontab -e, and this
will load up the editor specified in the environment variables EDITOR or
VISUAL, to change the editor invoked on Bourne-compliant shells, try:
cog@pingu $ export EDITOR=vi
On C shells:
cog@pingu $ setenv EDITOR vi
You can of course substitute vi for the text editor of your choice.

Your own personal crontab follows exactly the same format as the main
/etc/crontab file does, except that you need not specify the MAILTO
variable, as this entry defaults to the process owner, so you would be mailed
the output anyway, but if you so wish, this variable can be specified.
You also need not have the user field in the crontab entries. e.g.

min hr dom month dow cmd

Once you have written your crontab file, and exited the editor, then it will
check the syntax of the file, and give you a chance to fix any errors.

If you want to write your crontab without using the crontab command, you can
write it in a normal text file, using your editor of choice, and then use the
crontab command to replace your current crontab with the file you just wrote.
e.g. if you wrote a crontab called cogs.cron.file, you would use the cmd

cog@pingu $ crontab cogs.cron.file

to replace your existing crontab with the one in cogs.cron.file.

You can use

cog@pingu $ crontab -l

to list your current crontab, and

cog@pingu $ crontab -r

will remove (i.e. delete) your current crontab.

Privileged users can also change other user's crontab with:

root@pingu # crontab -u

and then following it with either the name of a file to replace the
existing user's crontab, or one of the -e, -l or -r options.

According to the documentation the crontab command can be confused by the
su command, so if you running a su'ed shell, then it is recommended you
use the -u option anyway.

Controlling Access to cron

Cron has a built in feature of allowing you to specify who may, and who
may not use it. It does this by the use of /etc/cron.allow and /etc/cron.deny
files. These files work the same way as the allow/deny files for other
daemons do. To stop a user using cron, just put their name in cron.deny, to
allow a user put their name in the cron.allow. If you wanted to prevent all
users from using cron, you could add the line ALL to the cron.deny file:

root@pingu # echo ALL >>/etc/cron.deny

If you want user cog to be able to use cron, you would add the line cog
to the cron.allow file:

root@pingu # echo cog >>/etc/cron.allow

If there is neither a cron.allow nor a cron.deny file, then the use of cron
is unrestricted (i.e. every user can use it).  If you were to put the name of
some users into the cron.allow file, without creating a cron.deny file, it
would have the same effect as creating a cron.deny file with ALL in it.
This means that any subsequent users that require cron access should be
put in to the cron.allow file.

Output from cron

As I've said before, the output from cron gets mailed to the owner of the
process, or the person specified in the MAILTO variable, but what if you
don't want that? If you want to mail the output to someone else, you can
just pipe the output to the command mail.
e.g.

cmd | mail -s "Subject of mail" user

If you wish to mail the output to someone not located on the machine, in the
above example, substitute user for the email address of the person who
wishes to receive the output.

If you have a command that is run often, and you don't want to be emailed
the output every time, you can redirect the output to a log file (or
/dev/null, if you really don't want the output).
e,g

cmd >> log.file

Notice we're using two > signs so that the output appends the log file and
doesn't clobber previous output.
The above example only redirects the standard output, not the standard error,
if you want all output stored in the log file, this should do the trick:

cmd >> logfile 2>&1

You can then set up a cron job that mails you the contents of the file at
specified time intervals, using the cmd:

mail -s "logfile for cmd" <log.file
 

Now you should be able to use cron to automate things a bit more.
A future file going into more detail, explaining the differences between
the various different crons and with more worked examples, is planned.


Additional Reference:

Man pages: cron(8) crontab(5) crontab(1)

Book: _Running Linux_ (O'Reilly ISBN: 1-56592-469-X)

Introduction

Many beginning and intermediate PHP programmers seem to think the header() function is some kind of strange voodoo. They work from examples and code snippets and are able to get things done with it, but they don’t know quite how it works. That was certainly the way I regarded header() the first time I saw it.

In reality, it’s quite simple. In this tutorial, I’ll explain a little about how HTTP headers work, how they relate to PHP, and a little about their meta tag equivalents.

Hopefully by the time you’re done reading this, you’ll feel more confident about how to use the header() function, and even have some new ideas about how it can help you. We’ll also cover some other important topics related to HTTP headers and PHP. Before we talk about any programming at all, though, we need to quickly (and incompletely) go over how HTTP (HyperText Transfer Protocol) works in general.

HTTP Overview

Headers: words in a conversation

HTTP is the protocol (the set of ‘rules’) for transferring data (e.g. HTML in web pages, pictures, files) between web servers and client browsers, and usually takes place on port 80. This is where the ‘http://‘ in website URLs comes from.

The first time most people make a web page, they write the HTML on their computer, view it locally in a browser, upload it to their server, and view it on the web. It might seem like viewing a page locally and viewing it on the server is exactly the same, and that the only data going back and forth between the server and the browser is the HTML and any images included in the page. But there is actually a lot of other information that you do not see when you view a file on the web — the headers.

Headers can be separated into two broad types: Request headers that your browser sends to the server when you request a file, and Response headers that the server sends to the browser when it serves the file. Think of these headers as the words in a conversation taking place between the browser and the server. I like to imagine the server as a librarian, and the browser as a researcher asking for a library resource. The browser walks up to the server at the main desk (port 80) and says something like, “Hi, my name is Mozilla, and I’m looking for the resource with the call number ‘www.expertsrt.com’. Can you get it for me?” The server listens, and responds “Yes, I found it, let me send it to you. The data in the item is HTML text, and it says ‘<html>…’” The browser reads through, and comes to an image tag, and asks the server for item with the location in the src attribute. The server looks, finds the file and says “This file is a PNG image, and the data is….” You get the idea.

Another conversation might go like this:

Browser: Hi, I’m Mozilla, can I have the file at ‘www.expertsrt.com/moved.html’?
Server: That file is no longer there, it is at ‘www.expertsrt.com/newloc.html’.
Browser: Hi, I’m Mozilla, can I have the file at ‘www.expertsrt.com/newloc.html’?
Server: I found the file. Look at it for 10 seconds and then ask me again. It’s HTML text and it reads….
…10 seconds…
Browser:> Hi, I’m Mozilla, can I have the file at ‘www.expertsrt.com/newloc.html’?
Server: I found the file. Look at it for 10 seconds and then ask me again. It’s HTML text and it reads….
…10 seconds…
Browser: Hi, I’m Mozilla, can I have the file at ‘www.expertsrt.com/newloc.html’?
Server: I found the file. Look at it for 10 seconds and then ask me again. It’s HTML text and it reads….
….and so on, until the browser is redirected by the user….

As you can see, there is a lot going on that headers control. Using the header() function, you can make the server send any headers that you need want, which allows you to do some really cool things beyond just sending plain old HTML.

Seeing the whole conversation

Before moving ahead, let’s get a better idea of how HTTP headers work by viewing a webpage without a browser, so we can see the converation in is entirety. Start by opening a command prompt (in windows, go to Start->Run, type cmd, and click “OK”…if you’re using linux you probably already know). At the prompt, type:

telnet expertsrt.com 80

and press Enter. This will connect you to expertsrt.com on port 80. Next, copy and paste just the text below:

GET / HTTP/1.1
Host: expertsrt.com

Don’t worry if when you type or paste the text, it does not show up in your command window and all you see is the cursor — it is indeed being sent to the server. The first line says you are using the GET request method to get the resource / (i.e. the file in the base directory of the host), and that you are using HTTP version 1.1. The second tells the server which host you want to connect to. When you finish typing ‘expertsrt.com’, hit Enter twice (and twice only). You should almost immediately get a response that looks like:

HTTP/1.1 301 Moved Permanently
Date: Wed, 08 Feb 2006 07:44:07 GMT
Server: Apache/2.0.54 (Debian GNU/Linux) mod_auth_pgsql/2.0.2b1 mod_ssl/2.0.54 OpenSSL/0.9.7e
Location: http://www.expertsrt.com/
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.expertsrt.com/">here</a>.</p>
</body></html>

Whoops! Looks like we requested a resource that wasn’t there; it’s been permanently moved to the new Location http://www.expertsrt.com. If you were using a browser, you’d only see the HTML — everything before the first blank line is the headers. In fact, modern browsers are even smarter than that — when they see the Location header on the third line, they automatically go there so you don’t have to type in a new URL. Let’s go to the new URL. By this point, you probably got disconnected while you were reading this. If so, just press your up arrow on the keyboard to get your telnet command back, and press enter to reconnect. If you’re still connected, you can just go ahead and type the following:

GET / HTTP/1.1
Host: www.expertsrt.com

and press Enter twice after the second line. You’ll get another similar response telling you that the page is actually at http://www.expertsrt.com/index.php. The server is particular, isn’t it? Repeat the above, but this time type

GET /index.php HTTP/1.1
Host: www.expertsrt.com

Notice that the name of the file we want is in the first line. This time we get flooded with text: the HTML from ERT’s homepage. The headers look like

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2006 08:20:07 GMT
Server: Apache/2.0.54 (Debian GNU/Linux) mod_auth_pgsql/2.0.2b1 mod_ssl/2.0.54 OpenSSL/0.9.7e
X-Powered-By: PHP/4.4.0
Transfer-Encoding: chunked
Content-Type: text/html

Simple, no?. Let’s move forward and see how this relates to your programming. Don’t worry if you didn’t understand every single thing that we just did. The important thing is to have a general feel for how the browser and server talk to each other, and to realize that there is nothing magic about it. The take home points are:

• The browser and the server talk to each other using headers
• Headers are sent before the main content, and are separated from the main content by a a double-CRLF/newline.
• In the header section, there is one header per line. The name of the header comes first, followed by a colon and a space, followed by the content/value of the header:

  Header-Name: header-value

• Headers can contain many types of information and instructions that the server and browser use to help each other know what to do next

Note: If you’re the type who likes to really dig into the details, you can look at RFC 2616 for the complete HTTP/1.1 specification in all its glory. In particular, Section 14 offers a complete definition for each header field.

PHP header(): The Basics

Notice the response headers X-Powered-By: PHP/4.4.0 and Content-Type: text/html that were returned when we finally got to the homepage. PHP was designed from the beginning to output HTML (the ‘H’ in PHP stands for ‘Hypertext’), and the first time a script generates output (e.g. by using echo), PHP automatically includes those headers for you. This is very convenient, but also contributes to the confusion many PHP beginners have regarding headers — in more ‘bare bones’ languages like Perl that were not originally designed for the web, sending output without including your own headers produces the dreaded ‘500 Internal Server Error’, so Perl web programmers have no choice but to learn about headers immediately.

The header() function sends HTTP response headers; nothing more, nothing less.

Using this function, you can make your scripts send headers of your choosing to the browser, and create some very useful and dynamic results. However, the first thing you need to know about the header() function is that you have to use it before PHP has sent any output (and therefore its default headers).

I doubt there is a PHP programmer in the world who has never seen an error that looks like

Warning: Cannot modify header information – headers already sent by…..

As we said above, the response headers are separated from the content by a blank line. This means you can only send them once, and if your script has any output (even a blank line or space before your opening <?php tag), PHP does so without asking you. For example, consider the script below, which seems logical enough:

Welcome to my website!<br />
<?php
if($test){
echo "You're in!";
}
else{
header('Location: http://www.mysite.com/someotherpage.php');
}
?>

What this script is trying to do is redirect the visitor using the Location header if $test is not true. Do you see the problem? The ‘Welcome…’ text gets sent no matter what, so the headers are automatically sent. By the time header() is called, it’s already too late: instead of getting redirected, the user will just see an error message (or if you have error reporting off, nothing but the ‘Welcome…’ text).

There are basically two solutions to this. The first is to rewrite the code

<?php
if($test){
echo 'Welcome to my website<br />You're in!';
}
else{
header('Location: http://www.mysite.com/someotherpage.php');
}
?>

The second is output buffering, which can be somewhat more elegant and easy to use. In our example above, rewriting the code wasn’t much trouble, but imagine if there had been quite a bit of HTML to move around — it could be pretty cumbersome, and it might make our code harder to follow. While our first example caused an error, the logic of the program was fine. Output buffering allows you to hold on to (‘buffer’) output (even HTML outside of PHP code tags) and send it to the browser only when you explicitly say to do so. This way you can program however you would like to, and explicitly send the output after you’ve specified any headers you need to. The two relevant functiosns are ob_start(), which turns output buffering on, and ob_flush(), which sends the content that has accumulated in the buffer:

<?php
ob_start(); //begin buffering the output
?>
Welcome to my website!
<?php
if(true){
echo "You're in!";
}
else{
header('Location: http://www.mysite.com/someotherpage.php');
}

ob_flush(); //output the data in the buffer
?>

I encourage you to read more about all of the output buffering functions, which can be quite useful. You should flush the output buffer as soon as possible, especially if you have quite a bit of content to send. Otherwise, your page will appear to load slower, becuase the content will be sent only after it has been entirely assembled, rather than as it is available.

Note: The 2nd argument If you call header() more than once for the same header field, the value for that header will be the one included in the last call you made. For example,

<?php
header('Some-Header: Value-1');
header('Some-Header: Value-2');
?>

would produce the header Some-Header: Value-2. You can cause both headers to be sent by using the second replace argument for header, which is true by default. If you set this to false, the second header value will not replace the first, and both will be sent. So the code

<?php
header('Some-Header: Value-1');
header('Some-Header: Value-2', false); //don't replace the first value
?>

will produce the header Some-Header: Value-1, Value-2. You will rarely need this, but is good to know.

Armed with a good understanding of how HTTP headers and PHP work together, let’s look at some specific examples of using this functionality.

PHP header(): Some Examples

Note: The code snippets appearing below are just that: snippets from complete working code. When you you include them in your own programs, remember to define all your variables, assign default values, and adhere to other good programming practices.

Redirecting with the Location header

We’ve seen this one a couple times above: it redirects the browser.

<?php
header('Location: http://www.mysite.com/new_location.html');
?>

While you can somtimes get away with supplying a relative URL for the value, according to the HTTP specification, you should really use an absolute URL.

One mistake that is easy to make with the Location header is not calling exit directly afterwards (you may not always want to do this, but usually you do). The reason this is a mistake is that the PHP code of the page continues to execute even though the user has gone to a new location. In the best case, this uses system resources unnecessarily. In the worst case, you may perform tasks that you never meant to. Consider the code below:

<?php
//Redirect users with access level below 4
if (check_access_level($username) < 4){
header('Location: http://www.mysite.com/someotherpage.php');
}

//Mail users with higher access level the secret code
mail_secret_code($username);
echo ‘The secret email is on its way!’;
?>

Unauthorized users are indeed redirected, but in fact, they too will receive the email, because the script continues to run. To avoid this, the part for authorized users could be wrapped in an else{} statement, but it is cleaner and easier to call exit immediately after the header command to end the execution of the script:

<?php
//Redirect users with access level below 4
if (check_access_level($username) < 4){
header('Location: http://www.mysite.com/someotherpage.php');
exit; //stop script execution
}

//Mail users with higher access level the secret code
mail_secret_code($username);
echo ‘The secret email is on its way!’;
?>

Redirecting with the Refresh header

The Refresh redirects users like the Location header does, but you can add a delay before the user is redirected. For example, the following code would redirect the user to a new page after displaying the current one for 10 seconds:

<?php
header('Refresh: 10; url=http://www.mysite.com/otherpage.php');
echo 'You will be redirected in 10 seconds';
?>

Another common application is to force a page to update repeatedly by ‘redirecting’ to the current page (see the second ‘conversation’ above). For example, here is a simple page that will ‘count’ down from 10, with a 3 second pause between numbers:

<?php
if(!isset($_GET['n'])){
$_GET['n'] = 10;
}

if($_GET['n'] > 0){
header(‘Refresh: 3; url=’ . $_SERVER['PHP_SELF'].‘?n=’ . ($_GET['n']-1) );
echo $_GET['n'];
}
else{
echo ‘BLAST OFF!’;
}
?>

Note: If the refresh time is set to 0, then the Refresh header is effectively the same as the Location header.

Serving different types of files and generating dynamic content using the Content-Type header

The Content-Type header tells the browser what type of data the server is about to send. Using this header, you can have your PHP scripts output anything from plain text files to images or zip files. The table below lists frequently-used MIME types:

You can do several interesting things with this. For example, perhaps you want to send the user a pre-formatted text file rather than HTML:

<?php
header('Content-Type: text/plain');
echo $plain_text_content;
?>

Or perhaps you’d like to prompt the user to download the file, rather than viewing it in the browser. With the help of the Content-Disposition header, it’s easy to do, and you can even suggest a file name for the user to use:

<?php
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; '
.'filename="plain_text_file.txt"');
echo $plain_text_content;
?>

Maybe you need to serve a file for download, but you’d like to obscure its true location and name, and only serve it to users who are logged in:

<?php
if($b_is_logged_in){
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; '
.'filename="'.$different_filename.'"');
readfile('/path/to/files/' . $filename);
}
else{
echo 'You are not authorized to view this file';
}
?>

Perhaps you’ve dynamically generated an image using PHP’s image functions and you want to display it to the user. You could create a file build_image.php like this

Type	Description
text/html	HTML (PHP default)
text/plain	Plain Text
image/gif	GIF Image
image/jpeg	JPEG Image
image/png	PNG Image
video/mpeg	MPEG Video
audio/wav	WAV Audio
audio/mpeg	MP3 Audio
video/mov video/quicktime	Quicktime Video
video/x-ms-wmv	Windows WMV video
audio/x-ms-wma	Windows WMA audio
audio/x-realaudio	RealPlayer Audio/Video (.rm)
audio/x-pn-realaudio	RealPlayer Audio/Video (.ram)
video/x-msvideo video/avi	AVI Video
application/pdf	PDF Document
application/msword	MS Word .doc file
application/zip	Zip File
application/octet-stream	Misc. data. Use to force download or open with application.*
x-foo/x-bar	Misc. data. Use to force download or open with application.*

<?php
//build the image above
header('Content-Type: image/jpeg');
imagejpeg($image_resouce);
?>

Note: Beware of magic_quotes! PHP’s automatic escaping of special characters with a backslash may seem like a good idea at first, but most good programmers generally agree that it (a) encourages sloppy programming that does not validate input and (b) causes annoyances in well-written code that would not occur if “magic quoting” were turned off. One such annoyance is the corruption of binary data. In the example above, if magic_quotes_runtime is on, the data that readfile() outputs may have backslashes added to it, thus corrupting the file that is sent to the user. Ideally, you should turn magic_quotes_runtime off in your php.ini file to avoid this, but if you do not have access to the configuration file, you can also use the set_magic_quotes_runtime() function (pass is the 0 (zero) integer) to turn the setting off.

Happily, the minutes of a recent PHP Developer meeting show that they have decided to abandon magic quotes in future versions (6+) of PHP. Until everyone upgrades, however, keeping the problems this feature can cause in mind can save you quite a bit of trouble and frustration.
You might pass the parameters necessary to generate the image via the URL so you can access them in the $_GET array. Then in another page, you might include this image using an img tag:

<img src="build_image.php<?php echo "?$user_id&$caption"; ?>">

The possibilities are more or less endless. The more PHP programming you do, the more you will find that the Content-Type header truly is your friend.

Note: The way that browser are supposed to handle content of various MIME types, and the way they actually do may not always be consistent (especially with Internet Explorer), so you’re well-advised to test your pages in the browsers you need to support to make sure they behave as expected. The PHP Manual has many helpful tips in the user-contributed comments on the header() page.

Preventing Page Caching

PHP pages often generate very dynamic content, and to prevent users from missing updates by viewing cached pages, it is often helpful to be able to tell browsers not to cache certain pages. The following snippet works quite well on the browsers that are likely to visit your site:

<?php
header('Cache-Control: no-cache, no-store, must-revalidate'); //HTTP/1.1
header('Expires: Sun, 01 Jul 2005 00:00:00 GMT');
header('Pragma: no-cache'); //HTTP/1.0
?>

The Expires header can be any date in the past. As with MIME types, browsers (especially older ones) may not always listen properly to your caching instructions (although most modern ones will).

Other Applications

There are other ways you can use headers as well, such as setting the HTTP Response Code, or in performing HTTP Authentication (if you are running PHP as an Apache module). Now that you understand how header() works and how to use it, you’ll be able to do all sorts of things you might not have thought of before.

Request Headers in PHP

We’ve covered some of the things you can do with response headers above. We can also get a great deal of information from the request headers received by the server from the browser. There are two ways to access these. First, many of the values in the $_SERVER array are determined from the request headers. Second, if PHP is installed as an Apache module, then apache_request_headers() will return an array of all request headers (even those not in $_SERVER).

Security first: don’t trust request headers

Since request headers are set by the browser, which is controlled by the client, you must never trust request headers for information that is important to the security of your site. A good example is the $_SERVER['HTTP_REFERER'] variable, which should hold the URL of the page that referred the user to the current one. A common mistake among beginners is to think that they can use this to make sure that users only access pages through a certain path, and that they therefore do not need to worry about server side data validation. For example, consider this code, which attempts to make sure that data has been submitted from a specific page, rather than a custom form on another website:

<?php
if($_SERVER['HTTP_REFERER'] != 'http://www.mysite.com/myform.html'){
header('Refresh: 5; url=http://www.mysite.com/myform.html');
echo 'You must use the form on my site...redirecting now.';
}
else{
insert_data($_POST['var1'], $_POST['var2']);
}
?>

This might work to deter an unsophisticated hacker who is using his web browser to submit data through a custom form, but someone who is a little more savvy could easily submit data via a telnet session like we did above, including the request header

Referer: http://www.mysite.com/myform.html

and easily defeat this ‘protection’. The moral of the story is: use HTTP request headers to gather statistics and to help make the user experience more pleasant — most request headers you receive will be supplied by standard browsers and will be entirely truthful…But do not rely on request headers for any issues pertaining to security.

Using HTTP request headers

There are several things you can do with these. Using $_SERVER['HTTP_USER_AGENT'] you can detect the type of browser the user says it has. You might check the $_SERVER['HTTP_ACCEPT_LANGUAGE'] (perhaps along with $_SERVER['HTTP_ACCEPT_CHARSET'] and some IP address geolocation) to help determine the best language in which to serve your pages to a given user. Although $_SERVER['HTTP_REFERER'] is not reliable for security purposes, it could be useful as an aid for building statistics about your website traffic or customizing content to match the path the user took to reach a given page. If for some reason you want to manipulate the raw query string used when the page was accessed, you can look in $_SERVER['QUERY_STRING']. Looking in $_SERVER['REQUEST_METHOD'] will tell you whether your page was accessed via GET or POST. There’s quite a bit of information there for you to find creative uses for.

HTML Meta Tag HTTP Header Equivalents

Chances are, before reading this article, you have seen or used the HTML meta tag below to redirect a user:

<meta http-equiv="refresh" content="0;http://www.mysite.com/somepage.html" />

Look familiar? The ‘http-equiv’ meta tags are ‘equivalent’ to HTTP response headers, and were introduced so that people writing HTML pages without server side programming would have access to the powerful functionality described above. Using these meta tags is simple: they can be placed anywhere in the <head> of the document, and their http-equiv attribute contains the header name, while the content attribute contains the value for the header.

I’ve found that these, like the HTTP headers in general, often produce confusion, but now they should seem quite simple to you. Although I usually prefer to use the PHP header() function, these meta tag HTTP header equivalents are often very handy for things like specifying the character set. For example, I often use this is my HTML pages (and sometimes my PHP ones):

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

Note: Support for HTTP headers as equivalet meta tags is not uniformally supported, so it is usually safer and faster to use the headers themselves if you can. Also, it should be obvious that some headers and values will not work as meta equivalents: you cannot set the Content-Type to image/png when the real headers have been sent and the browser is already reading the HTML

Conclusion

Now that you are done with this article, you should have a pretty firm grasp of how HTTP works, how request and response headers are used, and how you can employ this functionality in your programming. This reasonably detailed knowledge should also enable you to start thinking more critically about your web application efficiency and security. I hope that as you move forward with your programming, you will find that you’ve become quite comfortable working with HTTP headers, and that you are able to exploit them to make your job easier and your pages better.

As a parting thought, remember that headers are like words: they convey information and ask for certain actions to be performed, but by themselves they don’t force anything to happen. 99.9% of the time, cooperative browsers are talking to cooperative servers, and everything happens smoothly. But you have to remember that, as in life, every once in a while you’ll run across a jerk (a hacker), or someone who’s got his own way of doing things (Internet Explorer). Web development is very much a job of customer service, so you’ve got to do your best to keep the crooks out, and accomodate the customers with ’special needs.’

Source: http://www.expertsrt.com

In some cases, the action execution ends by requesting a new action execution. For instance, an action handling a form submission in a POST request usually redirects to another action after updating the database. Another example is an action alias: the index action is often a way to display a list, and actually forwards to a list action.

The action class provides two methods to execute another action:

• If the action forwards the call to another action:

  $this->forward('otherModule', 'index');

• If the action results in a web redirection:

  $this->redirect('otherModule/index'); $this->redirect('http://www.google.com/');

The code located after a forward or a redirect in an action is never executed. You can consider that these calls are equivalent to a return statement. They throw an sfStopException to stop the execution of the action; this exception is later caught by symfony and simply ignored.

The choice between a redirect or a forward is sometimes tricky. To choose the best solution, keep in mind that a forward is internal to the application and transparent to the user. As far as the user is concerned, the displayed URL is the same as the one requested. In contrast, a redirect is a message to the user’s browser, involving a new request from it and a change in the final resulting URL.

If the action is called from a submitted form with method="post", you should always do a redirect. The main advantage is that if the user refreshes the resulting page, the form will not be submitted again; in addition, the back button works as expected by displaying the form and not an alert asking the user if he wants to resubmit a POST request.

There is a special kind of forward that is used very commonly. The forward404() method forwards to a “page not found” action. This method is often called when a parameter necessary to the action execution is not present in the request (thus detecting a wrongly typed URL). Listing 6-12 shows an example of a show action expecting an id parameter.

Listing 6-12 – Use of the forward404() Method

public function executeShow() {   $article = ArticlePeer::retrieveByPK($this->getRequestParameter('id'));   if (!$article)   {     $this->forward404();   } }

If you are looking for the error 404 action and template, you will find them in the $sf_symfony_ data_dir/modules/default/ directory. You can customize this page by adding a new default module to your application, overriding the one located in the framework, and by defining an error404 action and an error404Success template inside. Alternatively, you can set the error_404_module and error_404_ action constants in the settings.yml file to use an existing action.

Experience shows that, most of the time, an action makes a redirect or a forward after testing something, such as in Listing 6-12. That’s why the sfActions class has a few more methods, named forwardIf(), forwardUnless(), forward404If(), forward404Unless(), redirectIf(), and redirectUnless(). These methods simply take an additional parameter representing a condition that triggers the execution if tested true (for the xxxIf() methods) or false (for the xxxUnless() methods), as illustrated in Listing 6-13.

Listing 6-13 – Use of the forward404If() Method

// This action is equivalent to the one shown in Listing 6-12 public function executeShow() {   $article = ArticlePeer::retrieveByPK($this->getRequestParameter('id'));   $this->forward404If(!$article); }   // So is this one public function executeShow() {   $article = ArticlePeer::retrieveByPK($this->getRequestParameter('id'));   $this->forward404Unless($article); }

Using these methods will not only keep your code short, but it will also make it more readable.

When the action calls forward404() or its fellow methods, symfony throws an sfError404Exception that manages the 404 response. This means that if you need to display a 404 message from somewhere where you don’t want to access the controller, you can just throw a similar exception.

Chữa côn trùng chui vào tai
-Khi côn trùng chui vào tai, bạn hãy hướng tai mình vào ánh đèn sáng, vì côn trùng dễ bị thu hút bởi ánh sáng.
Xua muỗi
-Muỗi khá “ghét” hành lá. Vậy khi nào quên mua thuốc chống muỗi thì chúng ta có thể bóp vài lá hành sống để dưới gầm bàn thì không có “chàng” muỗi ghé thăm.
Tỏi đuổi gián
-Gián kỵ mùi tỏi, tỏi với liều lượng thấp có thể giết ấu trùng. Ðể tỏi tươi trong tủ thức ăn thì gián không có chui vào.
Hoa vạn thọ giúp đuổi ong
-Cây hoa Vạn Thọ được trồng sát hay chung quanh cái ghế ngoài vườn thì mấy con ong không thích tới thăm.
Khi bị ong và muỗi chích, kiến cắn
-Nên rửa ngay vết ong hoặc muỗi chích bằng nước muối thật mặn (càng mặn càng đỡ đau), sau đó dùng bông gòn thấm nước nóng có pha muối hoặc giấm chua đắp lên chỗ bị chích. Nếu chúng ta bị ong chích và vết thương gây nhiều nhức nhối, khó chịu thì chúng ta thử lấy nhíp nhổ ngòi của ong ra. Sau đó, chỉ cần lấy lá ngò tây vò nát đắp lên chỗ đau. Khoảng vài phút, vết thương sẽ dễ chịu hơn. Riêng đối với trường hợp bị muỗi chích, kiến cắn thì đơn giản hơn, chúng ta chỉ cần cắt những khoanh hành tây đắp lên chỗ những vết muỗi cắn, kiến cắn. Trong vòng vài phút, chúng ta sẽ cảm thấy hết ngứa ngáy, khó chịu. Lá bạc hà bóp nhỏ và đắp lên cũng có tác dụng như trên.
Diệt mối
-Thuốc sát trùng chỉ làm chết những con mối xuất hiện ngoài khe rãnh, còn những con ẩn núp bên trong hay những trứng mối ở trong ổ vẫn còn như thường và vẫn chờ dịp làm hại chúng ta như thường. Chúng ta hãy chịu khó làm theo cách sau: mua một ít nụ đinh hương ở tiệm thuốc, cắm những nụ đinh hương đó vào trong một trái cam tươi, để nguyên trái cam tươi đó vào những nơi có mối đang ăn hại đồ vật. Chính mùi nụ đinh hương tiết ra làm tiệt đường sinh sản của giống mối. Nên nhớ dùng cho đến khi bị khô héo thì lại tiếp tục làm như vậy.
Trừ kiến
-Tuy sức phá hoại của kiến không đáng kể, nhưng các chị em nội trợ không khỏi bực mình khi thấy từng bầy kiến hôi, kiến lửa kéo nhau đi trên vách hay trên sàn nhà. Ngoài những loại kiến bò dưới đất ra, vào mùa mưa, ở nông thôn còn có kiến cánh. Loại này không phá hoại gì mấy nhưng kiến bay đầy nhà cũng gây nhiều phiền phức.
-Chúng ta có thể tránh những phiền toái này bằng cách: nghiền nát đường và bột men bánh mì với số lượng bằng nhau. Sau đó, chúng ta nhỏ vào đó vài giọt nước và trộn lại như bột làm bánh. Tiếp theo, chúng ta đem bột này để vào những nơi có ổ kiến. Mùi đường sẽ làm cho kiến kéo ra tha những miếng bột này vào tổ để ăn với nhau.
-Bột men bánh mì khi chạy vào bụng kiến sẽ nở lớn ra và kiến sẽ vỡ bụng mà chết. Phương pháp này lạ đối với người Việt Nam nhưng lại là phương pháp thông dụng nhất của Tây Phương. Các bạn hãy áp dụng thử xem kết quả thế nào?

NHẬT TRIỀU(tuoitre online)

Có thể uống siro giảm ho trước khi quyết định dùng kháng sinh. Ảnh: Corbis.

Trời quá nóng, nhiều bà mẹ băn khoăn vì nếu không bật máy điều hòa thì trẻ vật vã khó chịu, mà bật thì sợ trẻ bị viêm họng và ho.

Bác sĩ Phạm Mạnh Thân, Trưởng phòng kế hoạch tổng hợp Bệnh viện Xanh Pôn (Hà Nội), cho biết, trong những ngày nắng nóng này, số người lớn và trẻ em đến khám do viêm đường hô hấp đều tăng. Đặc biệt, có đến 80-85% trẻ đến khám bệnh là do vấn đề ở đường hô hấp. Bác sĩ cũng giải đáp những thắc mắc thường gặp về hiện tượng này:

- Tại sao khi trời nóng, con người lại dễ bị viêm họng?

- Thời tiết nóng làm giảm sức đề kháng của cơ thể nên dễ gây viêm đường hô hấp, nếu nặng có thể gây viêm họng mủ, viêm amiđan mủ. Nguy cơ càng cao khi có sự thay đổi nhiệt độ đột ngột, chẳng hạn như: Uống nước quá lạnh khi đang nóng hay khi đang toát mồ hôi, vừa ở ngoài trời nóng về đã tắm nước lạnh, từ bên ngoài bước ngay vào phòng lạnh hoặc ngược lại…

Đặc biệt, việc uống nước lạnh rất dễ gây viêm đường hô hấp bởi nó làm nhiệt độ ở vùng họng giảm đột ngột. Tuy nhiên, đây lại là sở thích và thói quen của nhiều người trong mùa hè. Tốt nhất chỉ nên uống nước mát vừa, nếu thích nước lạnh thì chỉ nên uống từ từ từng ngụm nhỏ.

- Nhiều người cho rằng việc dùng máy điều hòa nhiệt độ rất có hại cho đường hô hấp, nhất là trẻ em. Điều đó có đúng không?

- Bởi cái nóng làm giảm sức để kháng nên việc dùng máy điều hòa vào những ngày quá nóng là cần thiết. Những ngày nóng thường đi kèm với độ ẩm cao, cơ thể rất khó tự cân bằng nên sinh ra mệt mỏi, nhất là trẻ em sẽ kém ăn, toát mồ hôi và dễ bị viêm họng.

Tuy nhiên, nếu dùng điều hòa không hợp lý thì thiết bị tiện nghi này lại là yếu tố gây viêm đường hô hấp. Tránh nằm ở nơi luồng gió trực tiếp phả vào. Nhiệt độ chỉ nên để ở mức 24 độ C. Nên tạo ra một “vùng đệm” có nhiệt độ vừa phải trước khi vào hoặc ra khỏi phòng lạnh. Khi không bật máy, cần mở cửa phòng cho thoáng khí, thường xuyên vệ sinh máy lạnh để tránh nhiễm bẩn.

- Với những nhà không có máy điều hòa thì sao?

- Việc dùng quạt máy giúp mọi người dễ chịu hơn nếu không có máy điều hòa. Tuy nhiên vào những ngày độ ẩm không khí cao, quạt máy không giúp được gì nhiều, dù nằm quạt vẫn ra mồ hôi. Trong trường hợp này vẫn nên dùng quạt với cường độ vừa phải, đồng thời dùng khăn lau mồ hôi thường xuyên cho trẻ. Tránh để quạt thốc gió vào mặt.

- Có nên tắm nước lạnh vào mùa nóng?

- Để làm dịu cơn nóng, nhiều người bơm nước từ bể chứa ngầm dưới nền nhà để tắm, bởi nước trong bể thường mát lạnh, chỉ 8-12 độ C. Với những người khỏe mạnh đã quen rèn luyện với sự thay đổi môi trường, nước lạnh này làm họ khoan khoái. Nhưng với người yếu và trẻ em, tắm nước lạnh như vậy không tốt, dễ gây cảm hoặc viêm đường hô hấp. Tốt nhất nên tắm nước khoảng 20 độ C, nghĩa là pha nước lạnh này với nước ở bể chứa ngoài trời (nhiệt độ khoảng 30-32 độ C), hoặc dự trữ nước ở các thùng chứa trong nhà.

- Có nên dùng kháng sinh khi bị viêm họng, ho do nắng nóng?

 - Có đến 90-95% trường hợp viêm đường hô hấp khi nắng nóng là do virus, chỉ 5-10% do vi khuẩn. Vì vậy với đa số bệnh nhân, việc dùng kháng sinh là vô ích, thậm chí làm tăng nguy cơ nhờn thuốc trong những lần ốm sau. Vì vậy ban đầu, chỉ nên tăng sức đề kháng bằng chế độ ăn và bổ sung sinh tố, dùng thuốc chữa triệu chứng như hạ sốt nếu sốt cao, siro ho hoặc các loại thuốc nam chữa ho nếu ho nhiều. Sau vài ngày không đỡ, nên đến bác sĩ để được chỉ định kháng sinh nếu cần. Nếu đi khám khi mới có triệu chứng, bác sĩ cũng không cho dùng kháng sinh ngay.

Hải Hà

Here is FireBird

I am lying alone with my head on the phone
Thinking of you till it hurts
I know you’re hurt too
but what else can we do
Tormented and torn apart

I wish I could carry your smile in my heart
For times when my life seems so low
It would make me believe what tomorrow could bring
When today doesn’t really know, doesn’t really know

CHORUS
I’m all out of love, I’m so lost without you
I know you were right, believing for so long
I’m all out of love, what am I without you
I can’t be too late to say that
I was so wrong

I want you to come back and carry me home
Away from this long lonely nights
I’m reaching for you, are you feeling it too
Does the feeling seem oh, so right

And what would you say if I called on you now
And said that I can’t hold on?
There’s no easy way, it gets harder each day
Please love me or I’ll be gone, I’ll be gone

CHORUS

Ooh, what are you thinking of
What are you thinking of
What are you thinking of
what are you thinking of

Today, it is a bad day with me.
Why? Why do someone say about that with me? They don’t understand or really want that. I don’t know.
What? What happen with me in a new day? I don’t know.

But i am happy beacause of having some good friends who really understand and share my troubles.

Tonight, i have a meeting with my old friend. Hopefully, It is better.

Chuyện kể rằng có 1 ngư ông nằm dài thư giãn trên bãi biển. Một thương gia giàu có nổi tiếng đi ngang qua, nhiền thầy bèn hỏi chuyện ngư ông: “Tại sao ông lại nằm đây, ông không đi làm, ông không thấy bao nhiêu người đổ mồ hôi sôi nước mắt làm việc ngoài kia đó sao ?”.
Ngư ông bình thản hỏi lại: “Thế theo ông làm việc vất vả để làm gì ?”.
Thương gia rất ngạt nhiên: “Ông thật là lạ, làm việc thì mới có tiền”.
Người ngư phủ vẫn với giọng nói như vậy: “Vậy thế ông kiếm được tiền rồi để làm gì”.
Người thương gia bắt đầu cảm thấy khó chịu nhưng vẫn có gắng trả lời: “Tôi thật chưa gặp ai như ông, có tiền ông có thể mua được mọi thứ: nhà cửa, xe hơi, đi du lịch,… Chẳng lẻ ông chưa bao giờ nghĩ đến nó”.
“Tôi biết nhưng tại sao ông lại thích được tất cả những thứ đó ?” – Ngư ông nói.
Thương gia cảm thấy tức giận và trả lời: “Ừ thì ông cứ nằm đẩy thư giãn thoải mái, ông có thể nằm dài trên bãi biển mà chẳng phải lo nghĩ gì”.
Ngư ông trả lời:”Thế ông không thấy tui nằm rất xung sướng và thoải mái đó sao!”.

Trong đời, nhiều người nghĩ họ sẽ hạnh phúc, vui vẻ khi có được nhiều của cải vật chất và họ mãi mê kiếm tìm nó trong quá khứ, hiện tại và tương lai. Tuy nhiên, nếu dành 1 chút thời gian dừng lại và quan sát những gì mình đang có họ sẽ thấy ngay niềm hạnh phúc đơn giản mà quá khứ họ đã kiếm tìm được. Hiện tại là tương lai của quá khứ và là quá khứ của tương lai, nếu chúng ta bỏ qua hiện tại thì ngây lập tức chúng ta mất cả quá khứ lẫn tương lai, đồng nghĩa với việc chúng ta mất đi hạnh phúc. Có 1 câu rất hay: “Hãy sống từng ngày trọn vẹn, trân quý những người ngay bên cạnh mình, những thứ mình đang có và yêu cuộc sống mình hơn“.