Resizing images via the web with PHP

Oftentimes you might want to display an image on the web that is a certain size, whether to avoid breaking your beautiful (CSS of course) layout, preventing download times getting too long or so on. Intelligent people like you would of course not even consider using the HTML <img> tag's width and height properties to fake resizing, the consequence of which is usually that your reader waits for a megabyte of picture to download before seeing a messed-up 10x10 pixel thumbnail. Naughty.

Of course if you have the image in advance, and there's not too many of them, you can resize it on your computer before upload. On the other hand, if the image is getting added later and is somewhat unpredictable in nature - for instance to be uploaded by a visitor to your site - it would be nice to allow them to avoid having to do that themselves, or more likely, ruin your page because they couldn't be bothered to do so. Enter Mr PHP.

Check for spam PHP script instructions


The server you are using this script must support PHP. If you don't know what that means, ask your web host. If you wish to use the logging feature, you need to have a mySQL database installed and configured too.


To start using the script for stopping some of that nasty spam, just download the zip file from here.

Installing and configuring:

First you should configure the script - load up checkforspam.php in a text editor. The things you may need to change are:

  • $maxlinktags = 4; - this defines how many instances of the phrase <a href or [url= it will take to trigger the message as being spam. Spammers often fill out forms with a big pile of links to their awful sites. If a message contains more links that $maxlinktags is set to (4 by default) it will be classified as spam.
  • Your database details. If you wish to log the script's decisions and the contents of the messages it processes along with details of the sender in a mySQL table this is where to configure it. Replace the values in it with the name of your database server, user, password, and a database you have already created.

Then there are two text files for you to add words to that you wish to be banned. Simply load them up in a text editor and add words to them, one per line. If a message or sender's address contains any word in these files, it will cause the message to be classified as spam. bademailwords.txt contains words that are banned in the sender's email address. badmessagewords.txt is the same but for the message content itself. These words act like case-insensitive substrings - that is to say that if you type "viag" into the badmessagewords.txt file, any message with "viag", "Viagra", "vIAg", "EvIaG" and so on would be classified as spam.

All done. Place checkforspam.php, bademailwords.txt and badmessagewords.txt on your webserver somewhere. The files with it are optional but you can use them for testing it if you so wish - once configured you can visit the included testspam.html on your server to check everything is working and how your configuration has tuned the detection.

If you wish to use the logging feature, you will need to create a table in an existing database of your choice. Using your favourite mySQL tool, create the table as defined in webform_messages.sql. Your table should be called webform_messages.

Using the script:

The script simply provides a function check_for_spam which takes three parameters. These are:

  • $from - the email address filled in by the user on the webform (if you don't want to check email addresses, you can always pass a valid-sounding email address to it)
  • $message - the message the user wishes to send
  • $logresult - set to true if you wish to log this attempt, false if not. For this to work you must have configured a mySQL database appropriately as above. If you haven't done this, always set $logresult to false

The file is designed to be included in another file which then calls the check_form_spam function before doing whatever your form would want to do with valid information, for example email it to someone. You can see an example of how this would work in the included checkifspam.php - see it in action by visiting testspam.html in your install.

Here is a basic PHP snippet to show how it could be used. Imagine this is the action page for a form with fields "email" and "message" which includes the website visitor's email address and message to send respectively.

include "checkforspam.php";

if (check_for_spam($_POST['email'],$_POST['message'],false) == true)
print "

Spam detected

Check for spam PHP script

The Poorhouse is deadly opposed to the great evil that is spam, not least the perils of webform spam. Whoever first thought inventing a little program that toured the web typing in "Extra Good Viagra $1!!!" into a contact form and pressing send approximately 100 times a punishment is bad enough to exert.

In the course of being involved in a few sites, the Poorhouse has developed/stolen/borrowed a few simple ideas to combat it by pre-processing the input entered into the form before taking whatever action is required with the information. This could be sending an email to a member of the site, filling an entry in a database, and so on.

Using forms in PHP: using the form's information

Once you have created the form that the user fills in, you now need the page that does something with the information. The page itself will include PHP code in order to deal with the form information, but other than that can have any other content on it as well.

As we are assuming you know how to write basic HTML, the examples below will just illustrate how to use the entries your user put into the previous page's form in this your page. To recap, this secondary page that features the values your user input must be the page mentioned in the "action" attribute of the form they filled in, and the user must have filled in the form and clicked submit to arrive at this page. The key thing here is that you cannot simply test your page by loading it without filling in the form on the first page and pressing submit.

Using forms in PHP: setting up the form

A form is an area of a webpage that gives the user places to enter information, whether it is in the form of a box they can type text into, a dropdown list, a set of check boxes or something different. These individual parts of a form can be called controls, and in HTML terms they should all fall within the opening and closing and tag. A brief guide to writing HTML forms is available from

Using forms in PHP

So Webmasters and mistresses, you've already learned how to make nice pretty forms appear on web pages you're authoring, but now you want them to actually do something? And moreover, probably you want them to do something based on the information your visitor spent hours painstakingly filling out on your site. Otherwise, they might be upset that they bothered to accomplish the form filling in the first place, no?

Typically, once a form is filled in the user presses a submit button and is taken to a new page where something related to the information they entered is done. The trick here then is to understand how information is transmitted from the first page with the form on to the second page where they are taken to, and how to use it once it's there. No-one was born knowing this.

Adding a no wordwrap option to img_assist

Note: this article is outdated now as the official Image Assist module now contains a no-word-wrap feature within it.

The Poorhouse's current favourite way of easily inserting images into Drupal nodes is to use the module img_assist. To use it, you also need to install the image module.

Controlling who sees a block in Drupal

You can configure Drupal block visibility under Admin -> Blocks -> Configure. One option is "expert mode" whereby you can write a snippet of PHP code. If it returns true, the block is shown, otherwise it is hidden.

Drupal stuff

The Poorhouse uses a content management framework called Drupal. Drupal is great. It may be a bit complex to get your head around at first, but it is ultra flexible, modular, decent user community and so on.

This page will contain links to a few notes the Poorhouse has made during the adventure into Drupal, mostly so the Poorhouse can remember what he did if it needs doing it again, but maybe, just maybe, it'll be of interest to other avid readers.

Faking your web browser headers

When you go cruising the web bit of information superhighway with your magic Internet Explorer (or something else if you have better taste), your browser often spills out bits of information about your setup which is then accessible to website authors if they so wish. This is how sites such as this one can tell you things about what browser you are using amongst other kind-of-private information.

This is because behind the scenes your web browser transmits various textual headers to the server hosting the webpage. At a minimum it has to transmit the name of the webpage it wants to download. This command looks something like:

GET /mydirectory/mypage.html HTTP/1.0

Syndicate content