Posted by: Shofiur Rahman

Posted on: August 15, 2012 4:03 pm

-

Zen optimizer acts in a similar way to APC and eAccelerator. It caches the compiled state of PHP scripts, enabling faster execution on consequent requests. To accelerate the performance of PHP scripts, Zen Optimizer also allows us to run scripts encoded by Zend Encoder on the server.

Installing Zend Optimizer

Installing the Zend Optimizer is easier than the other caching solutions, as it comes with a setup wizard.

To install Zend Optimizer follows the steps below:

  1. Download the appropriate package from http://zend.com/store/products/zend-optimizer.php.
  2. Decompress the archive, and go into the newly created directory:

    tar -xvzf ZendOptimizer-2.5.10a-linux-glibc21-i386.tar.gz

    cd ZendOptimizer-2.5.10a-linux-glibc21-i386

  3. Run the install wizard as root:

    ./install.sh

    Run through the wizard, specifying the necessary paths when prompted.

  4. At the end, restart Apache.

Removing Zend Optimizer

To remove Zend Optimizer follows the steps below:

  1. Delete the symbolic link it created for php.ini.
  2. Restore the backed-up original php.ini file to its former location.
  3. Restart Apache

The Zend Optimizer will no longer be active. Now we can delete the Zend Optimizer files—the default location is /usr/local/Zend.

Posted by: Shofiur Rahman

Posted on: July 25, 2012 3:14 pm

-

PHP5 has provided magic methods to make Object Oriented Programming (OOP) easier. These magic methods are specially named methods for all classes, which are called automatically in certain scenarios.

Some Magic methods in PHP5

__construct() Called when an object is instantiated.
__destruct() Called when an object is destroyed.
__call() Provide actions or return values when undefined methods are called on an object.
__get () To specify custom functions to store and retrieve data in properties that are not already defined in the class. It takes one argument, the name of the property.
__set() Same as __get() method but it requires 2 arguments: the name of the property and the new value.
__toString() Returns a custom string value that is automatically used when the object is converted to a string.

Posted by: Shofiur Rahman

Posted on: July 11, 2012 4:13 pm

-

Every day hackers are discovering new exploits and hacking techniques. We can defend some categories of attacks in our PHP script.

Abusing register_globals

It is a setting in php.ini that controls the auto population of variables with the same name as form elements or cookies. If register_globals set to on then it may bring a disaster for your website.

Since PHP 4.2.0, the default value for register_globals is off. But often web hosts will re-enable register_globals to provide compatibility with older scripts. We can get clear concept of register_globals on or off with the following example.

Suppose username is a form element. With register_globals ‘off’, the only way to get the value of this form element using $_POST or $_GET array, depending on form action method. On the other hand, when register_globals is ‘on’, the username field value is accessible using $_POST, $_GET and $username as well.

If you are not able to disable register_globals in php.ini, you can turn it off use an .htaccess file.

php_flag register_globals off

SQL Injection Attacks

SQL injection attacks are simply the inclusion of malicious SQL statements in the place of what should normally be inoffensive data. SQL injection preys on a lack of input scrubbing and data validation.

SQL injection is fairly avoidable with an insignificant preparation and thorough coding practices. If magic_quotes_gpc is enabled, PHP automatically escapes any escape characters (e.g. apostrophes). Unluckily, this activities is applied to all GET, POST and Cookie variables in spite of whether they are going to used in a SQL statement or not. Most of the time it can be annoying. To make sure the data is escaped only when we need it to be, we can turn off magic_quotes_gpc in php.ini, and use addslashes() on all data that is being passed to MySQL. The addslashes() function will automatically escape any unsafe characters so our input will not choke MySQL.

Cross-Site Scripting

Cross-Site Scripting abbreviated XSS, cross-site scripting is the abuse of unfiltered dynamic output, where the invader has the skill to add or change the page’s generated markup. Most commonly, this means the addition of a small bit of JavaScript to the output of a page, which then does something ominous, such as trick another user into revealing their login credentials or credit card information, or possibly divulging cookie or session information for immediate account compromise.

Posted by: Shofiur Rahman

Posted on: July 4, 2012 3:46 pm

-

The basic four steps to generate an image using PHP are as follows:

  • Creating a canvas image on which to work.
  • Drawing Shapes or printing text on that canvas.
  • Outputting the final graphic
  • Cleaning up resources.

Sample PHP script:

// Creating a canvas image

$height = 200;

$width = 200;

$im = imagecreate($width, $height);

$white = imagecolorallocate($im, 255, 255, 255);

$black = imagecolorallocate($im, 0, 0, 0);

// Drawing Shapes or printing text

imagefill($im, 0, 0, $black);

imageline($im, 0, 0, $width, $height, $white);

imagestring($im, 4, 50, 150, 'Label text', $white);

// Output image

header('Content-type: image/png');

imagepng($im);

// Clean up

imagedestroy($im);

?>

Posted by: Shofiur Rahman

Posted on: June 27, 2012 4:32 pm

-

To authenticate a user includes the following steps:

  • Identifying visitors
  • Implementing access control
  • Authentication

Identifying Visitors

The web is fairly anonymous medium, but it is often useful to know who is visiting your site to focus on right business area. You are able to get little about the visitors due to users privacy. With a little work server can find out quite lot about users computers, networks, browsers, etc.  From visitor’s IP address you are able to know visitor’s geographic location.

Implementing access control

Simple access control is not difficult to implement. A simple PHP script is shown below.

<?php
//create short names for variables

$name = $HTTP_POST_VARS['name'];

$password = $HTTP_POST_VARS['password'];

if(empty($name) || empty($password)){

//Visitor needs to enter a name and passwor.

?>

<strong>Please Log In</strong>

<form method=”post” action=”login.php”>
<label>User Name: </label> <input type=”text” name=”name” />
<label>Password:</label> <input type=”password” name=”password” />
<input type=”submit” value=”Log In” />

</form>

<?php

}

else if($name==’user’&& $password==’pass’){

//login successful

}

else {
//login failed
}

?>

Encrypting passwords

To secure the access control you need to implement encryption algorithm on the user login. The PHP function crypt () provides a one-way cryptographic hash function. The prototype for this function is

String crypt (string str [, string salt])

Basic Authentication in PHP

There are some built-in authentication facilities in to HTTP. Scripts or web servers can request authentication from a web browser. The web browser is then responsible for displaying a dialog box or similar device to get required information from the user.

PHP scripts are generally cross-platform, but using basic authentication relies on environment variables set by the server.  A sample of HTTP basic authentication using PHP is shown below.

<?php
// if we are using IIS, we need to set $PHP_AUTH_USER and $PHP_AUTH_PW

if(substr($SERVER_SOFTWARE, 0, 9) == ‘Microsoft’ && !isset($PHP_AUTH_USER) && !isset($PHP_AUTH_PW) && substr($HTTP_AUTHORIZATION, 0, 6) == ‘Basic’)
{

list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(‘:’, base64_decode(substr($HTTP_AUTHORIZATION, 6)));

}

//Replace this if statement with a database query or similar

if($PHP_AUTH_USER!=’user’ || $PHP_AUTH_PW != ‘pass’)

{

// Visitor has not yet given details, or their
// name and password combination are not correct

header(‘WWW-Authenticate: Basic realm=”Realm-Name”‘);
if(substr($SERVER_SOFTWARE, 0, 9) == ‘Microsoft’)
header(‘Status: 401 Unauthorized’);

else
header(‘HTTP/1.0 401 Unauthorized’);

echo ‘You are not authorized to view this resource.’;

}

else {

// visitor provided correct details.

}

?>

Posted by: Peter Andrease

Posted on: June 8, 2012 8:03 am

-
  1. Locate the FTP details of the website and download the entire contents of the current site through an FTP Program, e.g. Filezilla. This should include the wp-admin, wp-content, wp-includes folders and all loose files in the root.
  2. Access the database of the site via the current hosts CPanel or phpMyAdmin and save a copy of the entire database. The Hosts CPanel may have an option to simply backup the database or if using phpMyAdmin go to the ‘Export’ tab, select ‘Quick’ export method in Format ‘SQL’ and just hit ‘GO’ to save to your computer.
  3. Now you have the full contents of your wordpress site, so on the new hosting you will need to create a new database. Again this would need to be done in your new hosts CPanel or hosting panel. When you create your new database make a note of the database name, username and password set.
  4. Once the database is created, you will need to add your downloaded database file. If using phpMyAdmin, select ‘Import’, browse for your database file and hit ‘GO’.
  5. Your database will now be in place, if you are transferring to a different domain name you will need to change the name in two locations on the database. So while in phpMyAdmin go to the wp_options table and the first row item should be ‘siteurl’, click ‘Edit’ and change this to your new domain name. Now go to Page 2 and near the top there will be a ‘home’ row with the site name in again, change this also.
  6. With your database ready you can now get the site in place. Go to your downloaded site and first open the wp-config.phpfile in the root and change the following in red to your new database settings:

    define(‘DB_NAME’, DATABASE NAME);

    define(‘DB_USER’, USERNAME);

    define(‘DB_PASSWORD’, PASSWORD);

    define(‘DB_HOST’, ‘localhost’);

    The MySQL hostname should always be ‘localhost’, unless your new hosting has a specific host type.

  7. Now access the FTP of your new site and remove or backup any files currently there, then upload your entire site to the root.
  8. The website will now be in place so if you need to change nameservers or IPS Tag then you can do this now. Once any transfers are complete, your site will show in the new location, so test the site and subpages in a browser and you should be all done! If any problems occur during this process then contact the hosting company who would be able to provide specific details.

Posted by: SEO Positive

Posted on: February 2, 2011 10:56 am

-

One bug I fixed this week was down to one of the features of file_exists() function. File_exists(string $filename ) will return true if the filename points to a file or directory. Is_file( string $filename ) will return false if the given path is a directory. To check whether filename is actually a file, use is_file().

For both, $filename cannot be a relative path, so I always use document root to ensure an absolute path.


if( file_exists( $_SERVER{'DOCUMENT_ROOT'} . "/images/picture.jpg")) {
...
}
?>

Posted by: SEO Positive

Posted on: November 29, 2010 11:55 am

-

All developers have to transfer sites at some point, if you don’t I envy you. It seems that site transfers always have teething issues with the difference in server builds, operating systems having different compilations of PHP and the rest.

And worst of all, different hosts limitations…

But to transfer a site you need to make a simple list of things that need to be done in order for it to work.

  • Get all files, including hidden files (many a time I’ve been caught up on the .htaccess on a mac being hidden and a site riddled with 404 errors…)
  • Get all database details of the new server
  • Update all calls to databases
  • Use Dream Weaver (for the only things its any good for) to search and replace across the site for the old URL and change it to the new one, and the same with database details)
  • Make sure image, stylesheet, javascript and any other call is base root not an absolute URL (unless externally hosted)
  • Upload everything, including creating the new databases
  • Test everything, fix bugs and teething issues

If you can do all of the above your site will transfer easy peasy.

Posted by: SEO Positive

Posted on: November 24, 2010 1:22 pm

-

Every developer knows just how many if and else statements are needed for validation, data checks, state checks, etc.

And they take up a lot of space and cause necessary amounts of code, this tutorial is about to teach you a way to make your if and else statements all on one single line.

Ternary Operator

The ternary operator is an if else statement compressed to one single line using the ? and : operands, see below for an example ternary operator

$apples = ( $colour == 'green' ) ? 'Tasty green apples' : 'Nasty rotten apples' ;

The above is the exact equivalent to the below:

if( $color == 'green' ) {
       $apples = 'Tasty green apples';
}
else {
      $apples = 'Nasty rotten apples';
}

Which we can all agree is far more troublesome and big, some people say that an if and else statement is easier to read than a ternary operator. It can be argued until man steps foot on Mars its a personal preference thing. Personally, I use the ternary operator wherever possible but sometimes its not possible. See below for an example that you couldn’t use a ternary operator for:

if ( $database->row_result == 'something' ) {
       $database->row_result = substr ( $database->row_result, 0, 100 );
       $this->some_cool_function( $database->row_result );
       return validate_the_above ( );
}
else {
       throw new RunTimeException ( 'the result was in a malformed state' );
       exit;
}

The reason the above will not work in a ternary operator is the required state involves multiple lines of code in order to finish the operation (whatever yours is) and a ternary operator will only handle function calls, variable setting and validation.

In essence the ternary operator is a great getter and setter method (until PHP6 is released with C style getters and setters).

But what if you only wanted to validate something was there and use the else?

Since PHP 5.3 they have made this shortcut available see below for an example.

$apples = ( $colour == 'brown' ) ?: 'Nasty rotten apples';

Notice the above has no true statement and will only set in the event of a false validation.

Posted by: SEO Positive

Posted on: November 22, 2010 9:18 am

-

Anyone asking for the ability to pull data off another website or to globalise a collection of links or anything you want will come across the file_get_contents function. This function is very useful for data scraping or for generalising a collection of links or general content.

The function itself does nothing but puts the source of the web page you supply it into a string available for use throughout your script.

It does have sister functions such as file() which puts the source code into an indexed array (a new array element for every line of code) and CURL.

While there are a huge number of solutions to doing this, file_get_contents is for me the easiest as with regular expressions its unstoppable.

To use file_get_contents():

$data = @file_get_contents( "http://www.bbc.co.uk/" );
if( $data ) echo htmlentities( $data );

The above will output the source code of the very latest BBC home page (with html entities so you get the source not just a reconstructed bbc home page)

Using regular expressions you can pull any piece of data throughout the source code.

Authors
Categories
Archives
Blogroll