sping.php

<?php

/* -------- Configuration -------- */

define('VERSION', '1.0');

define('USERAGENT', 'sPing/'.VERSION);
define('TIMEOUT', 10); // seconds

$sites = array(
   'http://www.site1.com',
   'http://www.site2.com',
   'http://www.site3.com',
);

/* ------------------------------- */

if ( ! function_exists('curl_init')) { die("cURL is not available and is required.n"); }

$ch = curl_init();

$options = array(
   CURLOPT_USERAGENT => USERAGENT,
   CURLOPT_TIMEOUT => TIMEOUT,
   CURLOPT_VERBOSE => false,
   CURLOPT_RETURNTRANSFER => true,
   CURLOPT_FRESH_CONNECT => true
);

curl_setopt_array($ch, $options);

foreach($sites as $site)
{
   curl_setopt ($ch, CURLOPT_URL, $site);
   $output = curl_exec($ch);

   $status = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);

   if ($status != 200 && $status != 304)
   {
      echo $site." returned ".$status."n";
   }
}

You can customize the maximum allowed timeout (in seconds) and the user agent used when making the request. I use a unique user agent so I can track and exclude requests from this script in web server logs & statistics.

This script works best when run periodically via cron and piping the output to mail with the -e parameter. This tells mail only to send an e-mail if the message body is not null (meaning that one of the sites is acting up, the script produced output, and we want to know about it).

./sping.php | /usr/bin/mail -e -s "[`hostname`] Abnormal HTTP statuses" alerts@mydomain.com

Lastly, while you CAN run this script on the same server where the sites live (for catching things like syntax errors introduced by your team mate, hacking up files at 4 AM, or memory issues that might cause your sites to blank screen), it makes more sense to run this on a second, stable server with 24/7 connectivity in case the server completely crashes. It’s most effective to monitor from the view of the public (the “visitor” or the “customer”).

Features

• Simple to install and easy to configure via an Admin options page.
• Ability to set a destination e-mail address where submissions will be delivered. (If one is not set or an error occurs, submissions are logged to the web server’s error log.)
• Ability to configure an optional list of subjects to be displayed to the user in a drop-down. (If subjects are not configured, the drop-down is hidden.)
• Lightweight and contained in a single file.
• Secure. Malicious code from nasty users within submissions will be stripped away before hitting your inbox.
• Compatible with WordPress 2.x, including 2.7!

How to Install

1. Extract the .zip archive to your wp-content/plugins directory.
2. Activate the plugin in the Admin panel.
3. Configure the options on the “Contact Form” page under “Settings”.
4. Add the “[contactform]” shortcode to any of your pages, and voila!

Download

• FTN Contact Form v1.0

Styling

“Wait! My form and error messages look ugly!”

OK, so style them. Try something like this:

/* FTN Contact Form */
#ftn_contactform ul {list-style-type:none; padding-left:0;}
#ftn_contactform ul li {margin-bottom:6px;}
#ftn_contactform label {display:block; font-weight:bold; font-size:12px;}
#ftn_contactform .textbox {padding:4px; border:1px solid #ccc; width:300px;}
#ftn_contactform textarea.textbox {height:150px; width:400px;}

/* Generic errors and info messages */
div.msg {margin-bottom:20px; padding:10px;}
div.msg ul {padding:0; margin:0 0 0 20px;}

div.errormsg {background:#ffffe5; border:1px solid #ffe5b2;}
div.errormsg em {font-style:normal; color:#d74117; font-weight:bold;}
div.errormsg ul {padding:8px 0 0 20px; margin:0;}

div.successmsg {font-weight:bold; background:#f4f9f2; border:1px solid #A8CF9B; color:#5A8F47;}

After looking at several WordPress object cache backends I stumbled across Dougal Campbell’s XCache Object Cache Plugin for WordPress 2.5+, which seems to be the best one out there. There’s only one major issue with it: it always assumes that user data should be shared.

I’m not sure if this is a bug or an attempted enhancement, though I’ve read about several people experiencing the same issues as I was upon first installation. This issue is present in the current, latest version of the plugin, 0.7d.

In my particular environment, I use the same WordPress code to power completely unique and independent websites. I don’t want them sharing any data between databases. Dougal’s clever plugin prefixes each cache key with the site’s database name constant and blog_id (for WPMU) to make this happen. Sort of. For example, a particular post’s cache key might look something like:

my_db_name:wp_1:posts:19

Great, right? This seems to work in every case except for user data (’users’, ‘usermeta’ and ‘userlogins’). The cache keys are not prefixed and therefore sites are clobbering each others’ user caches, or possibly reading user caches that belong to another site! Not good. This is clearly a problem when attempting to log into site A’s administration panel, receiving an ‘incorrect username or password’ message, but having it happily accept credentials from site B’s database.

The solution?

Replace line 191 in version 0.7d of “object-cache.php”, which originally reads:

if (false !== array_search($group, $this->global_groups))

with the line:

if (defined('VHOST') && false !== array_search($group, $this->global_groups))

And voila, ALL of your cache keys will be properly prefixed. Since WPMU uses virtual host magic to do its sub-domain routing, checking whether the VHOST constant is defined is a great way to determine if the WordPress version is infact WPMU. In the revised code, if the particular site is using a plain old vanilla WordPress install, we probably don’t want to share any data so might as well save ourselves a call to array_search() and ALWAYS prefix the cache key.

Thanks Dougal for a great object cache backend and hopefully this post helps clear up issues that other users may be experiencing. It’s also worth pointing out that most of the other backends out there don’t even prefix the keys, which creates a huge mess in cases like mine. Dougal’s elegant approach is also available for APC and eAccelerator I think.

XCache seems to be slightly outperforming APC at a quick glance and I haven’t had a chance to really tune it yet. I’m hoping to get some concrete stats up in the near future.

Unpacking and Examination

I ordered the RouterBOARD 532A (R5 series) CPU board, the RB532 matching metal enclosure with 2 holes for external swivel antennas (for later wireless expansion), and the two-part, 18V power supply all from Titan Wireless, LLC for a grand total of $224.45. Doesn’t mean you need to spend this much, I happened to buy the Ferrari of CPU boards. There are cheaper RouterBOARD models which are more than suitable for any home or office network. There’s also a software license factored into the price; more about this later. A quick word about Titan Wireless: I placed the order on a Monday with standard shipping and it shipped same-day within 4 hours, along with a confirmation e-mail and UPS tracking number. Each item came meticulously bubble-wrapped and everything looking mint. I definitely recommend this company for extremely fast service, quality, and prices (no I’m not affiliated).

The 532A differs from the straight 532 in that it has double the RAM (64MB vs. 32) and double the on-board NAND storage (128MB vs. 64). If you’re looking to buy this model, make sure you’re getting the R5 series. These are already running at the max 400 MHz, whereas previous versions come stock at 266 MHz, but can be changed. I chose this model because it won’t be limiting as I scale out its responsibilities and services, and the network and pipe size… and because I don’t want to buy another one any time soon. Your needs may be different. Let’s look at some of the 532A’s specs (adapted from the User’s Guide):

• CPU: MIPS32 4Kc based 400MHz embedded processor
• Memory: 64MB DDR on-board memory
• Boot loader: RouterBOOT, 1Mbit flash chip
• Storage: 128MB on-board NAND memory and the ability to add a CompactFlash type I/II card (including IBM/Hitachi Microdrives)
• Ethernet: (1) IDT Korina 10/100 Mbit/s Fast Ethernet port supporting Auto-MDI/X, and (2) VIA VT6105 10/100 Mbit/s Fast Ethernet ports supporting Auto-MDI/X
• Expansion: Two MiniPCI Type IIIA/IIIB slots, and a RouterBOARD daughterboard socket
• Serial port: One DB9 RS232C asynchronous serial port
• LEDs: Power, 2 LED pairs for MiniPCI slots, 1 user LED
• Speaker: Mini PC-Speaker
• Power: IEEE802.3af Power over Ethernet: 12V or 48V DC mode and a power jack 6..22V (with overvoltage protection) or 25..60V DC – jumper selectable
• Dimensions: 14.0 cm x 14.0 cm (5.51 in x 5.51 in)

In a nutshell, this thing is tiny but packs a lot of power: fast processor with generous memory and on-board storage, three Ethernet interfaces with one supporting Power-over-Ethernet (PoE), two MiniPCI slots for adding wireless cards and other devices, a serial port for direct access to the console and basically a way to bail you out in case you did something stupid like disabled all the Ethernet ports by accident or added an overly restrictive firewall rule, and a whole lot more. It’s worth pointing out that many distributors say the PoE port will not do power over data lines, but in fact the R5 series board does! You might also wonder what three Ethernet interfaces can do for you. Consider these configuration options:

• Configure 1 wide area network (WAN) port, and 2 local area network (LAN) ports: use your WAN port to connect you to the Internet, and your two LAN ports to segment your network: one network for users, and one for servers or a testbed for network projects.
• Two WAN ports, and one LAN port: two WAN ports can connect your LAN to two providers (e.g. 2 distinct DSL connections) for redundancy at home or at the office.

Okay, enough about features and possibilities. Let’s get it running…

Assembly

I’m not going to insult your intelligence; it’s actually really simple. Unpack the board and enclosure, and stand clear of static (ground yourself) or you’ll damage your new investment. If you have any MiniPCI cards or a CompactFlash card, install them now. Seat the board into the enclosure and use the 4 silver screws to lock it down. Use the machine screw and wing-nut to install the ground tap.

Slide the cover on and use the 4 black screws to seal it up. MikroTik is also kind enough to supply rubber feet and a sticker with your router’s serial number and the MAC addresses of each Ethernet interface - place these on the bottom as you see fit. This thing is amazingly small:

(oops I forgot to install the ground tap before taking this shot)

Power-on and Connecting

Depending on where you purchase your equipment, your RouterBOARD may require you to install your own software or may include pre-installed software. With RouterBOARDs, there are two major choices: use MikroTik’s RouterOS (commercial software which you need to buy a license for), or just install Linux. My first thought: since there are CF card Debian reference images available for the RB500 series and I’m a huge Debian fan, there’s no question here. But wait, remember that $224.45 we spent? Included is a Level 4 licensed version of RouterOS 2.9.x, already installed (read about the different licenses, but an L4 is quite generous). After reading about all of RouterOS’s functionality, and not really having the time to build the router from a base Linux install, I decided to give it a whirl - and I’m happy I did. Before you read on, definitely check out the RouterOS 2.9 Reference Manual and what it’s capable of.

I’m going off on a tangent again… connect the power to your RouterBOARD and watch it light up. You’ll hear one beep on boot, and two beeps when it’s up. One problem: how do we connect to it?

The router has no default IP addresses configured. You can tap into the console with a PC and a serial cable to configure this (settings are between 9600 and 115200 bits/s depending on board model, 8 data bits, 1 stop bit, no parity, and hardware RTS/CTS flow control). You can also connect by MAC address using MikroTik’s WinBox tool (yes, you need Windows). Since I was using my MacBook Pro and was away from home, neither method was graceful, but we’ll only need to do this once to get IP running so I ran WinBox in Parallels (WinBox runs under Wine for linux users). While I prefer the command line, I’ll admit WinBox is a decent tool. Connect one of your router’s Ethernet ports directly to your computer (I chose the one marked Eth2) and make sure the link lights come on. You can use a straight-thru cable or a cross-over since the ports are auto-sensing. You can also connect it to your existing network but it might cause problems when configuring DHCP, etc. From this point forward, I will assume you are connecting directly to your computer to avoid any issues.

Download WinBox and run it. Click the “…” next to the “Connect To” field, and if you’ve got everything hooked up properly, you should see your router listed here. Use “admin” for the username, and a blank password and hit “Connect”. Upon first connect, WinBox will download some plug-ins from the router to customize the functionality based on your RouterOS version and the packages that are enabled. Welcome to the pilot’s cockpit…

Basic Configuration

I’ll try not to bore those with reasonable networking experience by getting into basic networking principles or Security 101, but I’m also trying to give the less experienced folks a cookbook for configuring a RouterBOARD to function as an off-the-shelf router/gateway to provide access the Internet, DHCP, decent security, and a foundation for learning.

Interface and IP Configuration

Click “Interfaces” to view the on-board Ethernet ports. Let’s rename them to something more informative than the default names. For my configuration, I’ll be using one port (the PoE-enabled one, labeled Eth1 on the router’s enclosure, and ether1 in the software) to connect to my broadband modem, and I’ll use Eth2/ether2 to connect to my home network through a switch. Since I won’t use Eth3/ether3 right now, let’s disable it by clicking on it and clicking the “x” icon - it should turn gray. Double-click ether1 and change it’s name to wan0 so we know this connects to the Internet (or WAN), and change ether2’s name to lan0 since it connects to the local, internal network (or LAN). When you change ether2, you’ll be disconnected since the router temporarily takes the port offline for the changes to take effect - just re-connect and you’re good to go. Your configuration may look something like this:

Now let’s set up IP. We need to (1) give the router a static, internal IP address for devices on the local network to be able to reach it, and (2) tell the external, WAN interface to use DHCP and get an IP address from our ISP. Click the “IP” menu, and go to “Addresses”. Click the “+” icon to give lan0 a non-routable, internal address. By convention, it’s often the first or one of the first addresses in the range (I’m using 192.168.1.1), and you’ll enter your network, broadcast, and specify which interface we’re assigning to (lan0, right?). Here’s my configuration:

• Address: 192.168.1.1/24
• Network: 192.168.1.0
• Broadcast: 192.168.1.255
• Interface: lan0

Your RouterBOARD is now communicating on your LAN using the IP address you’ve just assigned to it. Before we disconnect to test it, we need to realize that in order to communicate with the router via IP, our own computer needs an IP address on the same subnet. We can either (1) configure one statically by assigning our computer something like 192.168.1.2, on a subnet of 255.255.255.0, or (2) configure our router as a DHCP server, which will hand out the appropriate IP addresses to computers on the network. For ease of administration and simplicity, let’s choose option #2 - plus it will give us some experience with DHCP. Make sure the computer you’re working on does not have a static IP address assigned, and is configured to use DHCP.

DHCP

Setting up a DHCP server is a three-step process: (1) setting up a pool of addresses, (2) establishing the DHCP “network”, and (3) configuring the DHCP server itself.

Step 1: create the pool by going to IP > Pool. Click the “+” to add a new pool. I did something like:

• Name: lan0_dhcppool
• Addresses: 192.168.1.100-192.168.1.199

For home use, I like to keep this “segment” of the class for guest machines or devices that will be connecting and disconnecting frequently, without any specific needs beyond Internet access. Similarly, I reserve 192.168.1.1-192.168.1.10 for static leases for servers, and .11-.99 for stationary desktop static leases. You can come up with your own conventions.

Step 2: create the network by navigating to IP > DHCP Server. Click the “Networks” tab, and click the (yes, you guessed it) “+” to add a new network. We’ll be using DHCP on our entire network, so add something like:

• Address: 192.168.1.0/24
• Gateway: 192.168.1.1

The gateway is important because this instructs the DHCP server to tell clients: “use the router’s IP as your gateway”. We aren’t specifying hard values for DNS because these will be automatically obtained from our ISP. These two components are all we need to get the local LAN connected to the Internet.

Step 3: set up the DHCP server. Still in the “DHCP Server” screen, click the DHCP tab and add a server:

• Name: lan0_dhcpserver
• Interface: lan0
• Lease Time: 3d 00:00:00
• Address Pool: lan0_dhcppool (we created this, remember?)

Congrats, disconnect WinBox by closing it, and then relaunch it. Assuming you’re handy with your operating system’s TCP/IP stack, make sure you’ve gotten an IP address assigned by the router (ipconfig on Windows, ifconfig on Linux…) Rather than connecting by MAC address, enter your router’s IP address (like 192.168.1.1) and click connect. It’s working, right? Let’s get on the Internet.

Internet and NAT

Assuming you have a dynamically assigned IP address from your ISP, let’s tell the router to use DHCP to obtain it. Click “IP”, then “DHCP Client”. Add a client on the wan0 interface (you may need to fill in hostname and/or Client ID depending on your provider). Click “Renew”. If you glance back at the “DHCP Client” window, the “IP Address” field should populate with a valid Internet IP address given to you by your provider. If not, one thing to check is if your provider requires you to register your MAC address with them to get an address. If you swapped out your old router for a RouterBOARD, you’ll need to give them a call and read off your wan0 MAC address so they can provision it.

So we have wan0 with an Internet IP, and lan0 with a local IP - still no Internet. We need NAT. Network Address Translation (or NAT) basically does the underlying translation between your local and meaningless IP addresses and the wide-open Internet. When internal devices make outbound connections, NAT slaps your wan0 IP address on those packets, and packets destined into your LAN are magically routed appropriately. Go to IP > Firewall. Add a new NAT rule (these screens are getting more complicated now). Configure it something like this:

In the “General” tab:

• Chain: srcnat
• Out. Interface: wan0

In the “Action” tab:

• Action: masquerade

So now all of your client machines which have been assigned an address via DHCP from the router can now directly access the Internet.

Security

Yes, your router is connected to the Internet and relatively insecure. I suppose I should have made this one of the first steps, before connecting to the Internet but we’re living on the edge here. Here are some tips for hardening your router against those malicious, crafty cyberthugs:

1. Configure a firewall! The RouterOS firewall is based on ipchains, now iptables (read up if you aren’t familiar with this logic). There are many examples out there, both simple and fairly complex ones. Google around… if I have time, I’ll post one. A best practice to keep in mind is: allow and conservatively configure what you need, and drop the rest.
2. Disable unused services. Click “IP”, then “Services”. Disable what you aren’t using. I only have ssh enabled for remote administration. Chances are you want to disable everything else. Furthermore, you can restrict ssh to only accept connections on your local network if you aren’t connecting remotely. Also, not in this list are the Bandwidth Test Server, or BTest (which keeps web port 2000 open), the MAC WinBox server, and MAC Ping Server. These are located in the “Tools” menu; make sure you disable BTest and lock down the MAC WinBox server as needed. You can also run a port-scan on your router to see what’s open using a tool like nmap.
3. Disable unused packages (this doubles as a resource optimization as well). Go to System > Packages and disable what you aren’t using. I’m currently using:
   • advanced-tools
   • dhcp
   • ntp
   • routerboard
   • routing
   • security
   • system
   • user-manager
4. Change the default password, and better yet, disable the admin user and add your own. Click “Users” and configure to your liking. Note you can specify which address range a particular user can connect from. Speaking of passwords, there’s also a “Password” menu option in the main WinBox menu. I’m not exactly sure what this does… maybe it’s used when connecting to the console via serial. In any case, change this too.
5. Take other precautions that I probably forgot to include in this list.

Conclusion

And here it is, built, configured, and in use…

The RouterBOARD 532A has been as solid as a rock since I purchased it, with the exception of a few power failures - I’ve been meaning to plug it into the UPS. It’s important to check log files routinely to make sure things are functioning properly and there are no security issues. It’s also important to periodically check for new versions of RouterOS and update your router when necessary. The upgrade process is a breeze: (1) enable FTP server if it is not already enabled, (2) upload new packages to the root directory, (3) reboot. RouterOS 2.9 is packed with tons of features and this post barely scrapes the surface of the device’s capabilities. At the time of writing, RouterOS 3.0 rc3 is available as well which adds even more functionality. I also did not touch on command line configuration via the terminal. You can access this with a serial cable, via telnet or ssh, or right within WinBox. The command line interface may seen a bit odd at first, but it soon becomes your best friend. For example, here’s how you might list your router’s interfaces via the command line, connected remotely via ssh:

My only complaint thus far is the lack of RSA key support for ssh (only DSA keys are supported). Development of RouterOS and other MikroTik software is quite active. Check out The Dude, a network monitoring tool which scans subnets for devices, draws and maps network topology, and can send event-based alerts as needed.

Give me your thoughts, let me know what’s missing, and tell me if I screwed something up.

names.csv

1,James,admin,active
2,Jake,user,active
3,Paul,user,active
4,Suzie,moderator,active
5,Brenda,user,inactive

We need to import this data into a MySQL table, and we’ll assume we have a structure that supports the data. For simplicity, something like:

CREATE TABLE users (
id INT(4) NOT NULL,
name VARCHAR(25) NOT NULL,
type VARCHAR(25) NOT NULL,
mode VARCHAR(25) NOT NULL
);

We’ll also assume we have the MySQL server running on localhost, and an account with username ‘test’, password ‘1234′, with access to database ‘mydb’. Here’s a quick and dirty import script.

import.php

<?php
/* Import CSV file into MySQL
*
* DISCLAIMER
* This is *sample* code.
* Input data is not sanitized.
* Code may not necessarily be optimized for maximum performance.
* Do not use this code in production!
*/

// ------------------------
$db_host = 'localhost';
$db_user = 'test';
$db_pass = '1234';
$db_name = 'test';

$table = 'users';
// ------------------------

if ( ! $db = mysql_connect($db_host, $db_user, $db_pass)) die('Could not connect to database: '.mysql_error());
if ( ! mysql_select_db($db_name, $db)) die('Could not select database: '.mysql_error());

// get the table's columns
if ( ! $desc = mysql_query('DESCRIBE '.$table)) die ('Could not get columns from table: '.mysql_error());

$fields = array();
while($col = mysql_fetch_array($desc))
$fields[] = $col['Field'];

$fields_string = implode(', ', $fields);
$fields_count = count($fields);

// read and parse lines from CSV file
if ( ! $file = file('names.csv', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES)) die ('Could not open input file');

foreach($file as $line)
{
   $line_values = explode(',', $line);

   // build SQL statement
   $sql = 'INSERT INTO '.$table.' ('.$fields_string.') VALUES (';

   $values = '';
   for ($i = 0; $i < $fields_count; $i++)
   {
      if (is_numeric($line_values[$i]))
         $values .= (($values == '') ? $line_values[$i] : ', '.$line_values[$i]);
      else
         $values .= (($values == '') ? "'".$line_values[$i]."'" : ", '".$line_values[$i]."'");
   }

   $sql .= $values;
   $sql .= ')';

   // do the insert
   mysql_query($sql) or die(mysql_error());
   echo $sql."\n";
}

mysql_close($db);

The script will connect to the database and fetch all of the column names from the table. It will then open and parse the CSV file and insert, in order, each line in the CSV file as a row in the table. If a line in the CSV file contains more fields than the table, they will be ignored.

Place the script in the same directory as the CSV file and execute it. (PHP 5+ only)

shell> php import.php

Note: This is one solution to the problem using PHP. You can just as easily import data from any text file directly from the MySQL command line:

LOAD DATA LOCAL INFILE '/names.csv'
INTO TABLE users
FIELDS TERMINATED BY ','
LINES TERMINATED BY '\n'
(id, name, type, mode);