On a recent project we needed to provide a client our contribution to the site code base as static .html files. To make the development process easier though a number of the developers wanted to include some of the global page assets such as the header and footer using PHP includes in their development environments. This of course normally does not work as the server never passes the page content to the PHP engine to process as it doesn’t have a .php or .phtml extension.
Archive for the ‘PHP’ Category
The other day I was building some file handling functionality into a project I was working on when i came to thinking about the best way to retrieve the extension of a filename with PHP.
The first approach that came to mind was using explode statement to split the string at the full stop giving the extension of the file in the last array element. The second was using substr and strrchr in combination similar to below:
Recently I noticed that the nginx error log for a site I was working with was filling up with timeout messages similar to below:
2012/07/06 17:21:01 [error] 23897#0: *8870 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 22.214.171.124, server: project.com, request: “GET /jobs/update HTTP/1.0″, upstream: “fastcgi://127.0.0.1:9000″, host: “project.com”
2012/07/06 17:41:01 [error] 23897#0: *8960 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 126.96.36.199, server: project.com, request: “GET /jobs/update HTTP/1.0″, upstream: “fastcgi://127.0.0.1:9000″, host: “project.com”
The script in question is normally called via a cron job, pulling alot of information from external sources and then storing for later reference to a local database. Loading the location in a browser resulted in the page working for awhile and then returning with a 504 Gateway timed out error page. So things obviously wern’t happening quick enough for the liking of nginx and it was recording the problem as a timeout error in the log file.
Working on a recent project I found myself in the market for a way to simply calculate what one currency is worth in relation to another. After some looking around I was surprised to find currency conversion can be performed quickly and simply using the Google Calculator API. To use you need only make a request to the API similar to this:
Recently I was trying to debug a piece of code it worked fine in the development and staging environments. But when the code was uploaded to the production server it would break! Looking at the JSON data it appeared the production web server was adding back slashes to the data in the JSON string, breaking the string.
When PHP magic quotes are in use on a server, quotes, backslashes and NULL characters are escaped automatically. The feature was originally added to PHP in an attempt to minimise the the threat from bad form input by automatically escaping form data that could be used for possible SQL injection.
Over time this feature started to cause issues in scenarios like the one above and it was decided it should be scrapped. As of PHP 5.3.0 is deprecated and the feature removed all together with the release of PHP 5.4.0.
Find the magic_quotes_gpc in the server’s php.ini file and set this to off and update any code that needs this feature enabled to function. The production server this problem arose on, originally had an install of OS Commerce installed which I believe is how the setting got enabled in the first place in the case mentioned earlier.
Magic Quotes on PHP.net
Its funny when a new feature is added to your language of choice how quickly it gets embraced and used within your code. Today upon uploading some code to a clients shared hosting environment I was greeted by the following error:
Uploading a file to display phpinfo() I was able to ascertain the server was running PHP 5.2.17. But after a bit of searching I found the __DIR__ magic constant was not added to PHP until 5.3.
Ends up if your code is going to run on older installs the best solution is to replace __DIR__ with dirname(__FILE__) this provides the same functionality as using the __DIR__ magic constant but works with versions of PHP from 4.0.2.
Last week I received a typical run of the mill phishing email littered with the usual bad Engrish making the instructions far from believable but being bored I decided to take a look at the link they were pushing.
They had created a believable enough looking Paypal form asking clueless punters to enter their credit card details in order to avoid having their account being suspended. After playing around with the form for awhile in Firebug I decided to create a quick script to poison their data by submitting a new fake 16 digit VISA number along with random card holder name, CVV number and expiry date every couple of seconds.
After running this script for half an hour I decided that the script while it did the job would be a lot better if the posted data was coming from an anonymous IP address. Here I will run you through the process of setting up TOR & Polipo on a machine to add an element of anonymity to the data being sent and received by your CURL based script using.
Read the rest of this entry »
Good security practices dictate PHP should be configured to never display error messages and notices to screen in a production environment due to its potential to reveal information about your server and application setup. One solution is to enable error logging on the server by setting the log_errors attribute to 1 in your php.ini and reloading Apache. When active by default all errors will be sent to the Apache error log and will appear similar to the line below, unless a different path has been set in the php.ini configuration file using the error_log directive.
Zend Framework 1.9.6 has been released today with over 60 bug fixed included, most of which where found during the bug hunt days last week. The official Zend Framework site reports this release is planned to be the last before the 1.10.0 release.