Nginx, SSL & php5-fpm on Debian Wheezy

I decided to take a break from my love affair with Apache and set up a recent development project on Nginx. I’ve seen nothing but good things in terms of speed and performance from Nginx. I decided to set up a LEMP server (Linux, Nginx, MySQL, PHP), minus the MySQL as it’s already installed on my VM host server, and plus SSL. Here’s the full setup tutorial on Debian Wheezy: Step #1 – Installing the packages apt-get install nginx-extras mysql-client apt-get install php5-fpm php5-gd php5-mysql php-apc php-pear php5-cli php5-common php5-curl php5-mcrypt php5-cgi php5-memcached MySQL can be installed into the mix with a simple: apt-get install mysql-server […]

By | October 11th, 2014|Development, Hosting, Linux, MySQL, MySQL, PHP, PHP, PHP Articles, VPS|0 Comments

MySQL Master-Master Replication, Heartbeat, DRBD, Apache, PHP, Varnish MegaHOWTO

I created this HOWTO while building a new development environment today. The intention is to take a single Apache2/Varnish/MySQL environment and scale it to two servers, with one effectively a “hot-standby” – increase redundancy and continuity whilst maintaining current performance. This HOWTO is based on Linux Debian-76-wheezy-64-minimal 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 Our current server has IP and our new server has IP Section #1: Set up MySQL Master/Master Replication First, we’ll set up MySQL master to master replication. In this configuration, data can be written and read from either host. Bear in mind that issues may exist with autoincrement fields when written to at the same time. There are other caveats with replication so ensure to research them along with how to deal with corruption and repair before considering this setup for a live application. Also be sure to be using the same version of MySQL on both servers – this may not always be necessary, however unless you are very familiar with any changes between versions, not doing so could spell disaster. […]

PHP Local and Remote File Inclusion (LFI, RFI) Attacks

PHP supports the ability to ‘include’ or ‘require’ additional files within a script. If unsanitized data is passed to such functions, an attacker may be able to get remote code execution access to the server. A typical include block might look something like this: <?php require("config/"); require("lib/db.lib.php"); require("lib/parser.lib.php"); include("contrib/users/user.contrib.php"); die("This is a test"); ?> Now, it’s also possible to dynamically require or include files based on variables or user input, say for example: […]

By | August 15th, 2013|Linux, PHP, PHP, PHP Articles, Security Consultant|0 Comments

Parsing XML in PHP

I’m sure many php users have needed to read some xml data into a php program and looked around hoping to find a function that can parse an XML file with a few lines of code. The road to simple XML usage may not be that short, but we’ll explore some techniques to get the data you want from an xml source. First define some xml: $contents = ‘ <rss version=”2.0″> <channel> <item> <title>Orange Cat</title> <link></link> <description>A nice tabby.</description> </item> <item> <title>Black Cat</title> <link></link> <description>A shy cat.</description> </item> </channel> </rss> ‘; Then parse the XML with this PHP code: $parser = xml_parser_create(‘UTF-8’); $did_parse = xml_parse_into_struct($parser, trim($contents), $xml_values); if(!$did_parse) { echo xml_error_string(xml_get_error_code($parser)) . " error on line: " . xml_get_current_line_number($parser); } The above example takes an “XML document”, in the form of a string, and parses it into an array ($xml_values). The array style and structure is complicated, but we will go through some simple steps to rearrange it into a usable format. $parser is an object. Functions like xml_parse_into_struct($parser … ) take $parser as an argument. […]

By | December 7th, 2011|PHP, PHP, PHP Articles, PHP Tutorials|Comments Off on Parsing XML in PHP

Simplifying PHP string reading with sscanf()

In this article we’ll see how to use sscanf() to read or parse a string in a customized way. You may have heard of the scan series of functions before, especially in other types of programming. In c based console applications that could read user input and then print text results, scan was the opposite of print. That only has a little bit to do with the function we will be talking about here. sscanf() isn’t something you will use every day. You could try to pick apart strings with other standard string functions, or use variations on preg_match() or preg_replace(). Regardless there are situations where any of these methods might be best. The first example of sscanf will be pretty simple; $scanned_float = 0.0; sscanf("9.64", "%f", $scanned_float); echo $scanned_float; You may have guessed that $scanned_float now equals 9.64. The first parameter is the string to be read. The second is a format string based on the format used by the printf() function. Any additional arguments will be filled with values computed from the function, in order. In this case the format means 1 float value. There is one variable to receive it, $scanned_float. $scanned_float = 0.0; sscanf("height: 9.64", "%f", $scanned_float); echo $scanned_float; […]

By | December 6th, 2011|PHP, PHP, PHP Articles|Comments Off on Simplifying PHP string reading with sscanf()

HTML Character Codes in PHP

PHP is a language that is highly associated with outputting HTML so that the output is shown properly in a browser. If you send the browser text with no context and no concerns for whether it is in HTML format the results are problematic and hard to predict. To format text into HTML there are many conversions that may be needed. A simple example would be converting newlines to <br /> tags. There is a well know PHP function for that of course, nl2br(). If your text uses < somewhere it also needs to be converted since HTML browsers would think it is the start of a tag. &lt; is the correct representation of < in HTML. echo htmlspecialchars(‘In "real" math, 5 < 5.1’); […]

By | December 6th, 2011|PHP, PHP, PHP Articles|Comments Off on HTML Character Codes in PHP

String Comparison in PHP – When are strings equal

It’s simple enough to check if strings are exactly equal in PHP, just use ==, the standard comparison operator. However, this assumes we are only using strings or string type variables. It is a case sensitive comparison only. In this short article we are going to go though some alternate string comparison options and learn what they are good for. First is exact type comparison, === $str1 = "100DollarsCash"; if($str1 == 100) { echo "it equals 100. "; } if($str1 === 100) { echo "it is 100. "; } […]

By | December 6th, 2011|PHP, PHP, PHP Articles|Comments Off on String Comparison in PHP – When are strings equal

PHP Sessions – Let’s Start from the Beginning

You don’t need to know about cookies (though we have an article on cookies here) to get through this article or to use sessions. Just keep in mind that they usually automatically use and set cookies, and like cookies you have to do certain things before the first output is sent (including doctype, <html>, or any whitspace). The main thing you need to do is start a session before output is started. Also, for those familiar with it, output buffering can help give you more flexibility with where session_start() or setcookie() are used. session_start(); […]

By | December 6th, 2011|PHP, PHP, PHP Articles|Comments Off on PHP Sessions – Let’s Start from the Beginning

Cookies – PHP can help with cookies

Cookies are a long standing method of storing information so it can be used again on a per user basis. Prior to database and server based sessions becoming popular cookies saw use in more complex ways. There are still a component of sessions and used on most web sites, from shopping carts to web mail. In PHP it isn’t hard to get started with cookies. setcookie("UserInfo", "3644 Alder St", time() + 3600, "/~phppro/", ""); That example shows an example of setting the cookie UserInfo to a street address. […]

By | December 6th, 2011|PHP, PHP, PHP Articles, PHP Tutorials|Comments Off on Cookies – PHP can help with cookies

Custom Sort Functions – Organizing PHP Arrays

First I am going to demonstrate the use of the php function usort(), and then show an example of how to organize your sorting features. There isn’t much to know about the function but it’s good to practice using it since sorting functions can get pretty complex when needed. //A function must be defined and it must have 2 arguments function sort_by_suffix($a, $b){ $ax = intval(substr($a, 5)); $bx = intval(substr($b, 5)); if ($ax == $bx) return 0; elseif($a < $b) return -1; else return 1; } //an array of made up codes with a suffix at the end of each one $codes = array("G45G-5", "G15G-2", "G11G-1", "G33G-3"); //usort modifies the array rather than returning it. usort($codes, sort_by_suffix); That was an example of sorting by a portion of a string. Whatever part of the string after 5 characters that could be made into a number was used as a sortable value. If it couldn’t find sortable values the order would be unpredictable. If the suffixes were all the same it would also be that way. […]

By | October 8th, 2011|PHP, PHP, PHP Articles|Comments Off on Custom Sort Functions – Organizing PHP Arrays

PHP Regular Expression Techniques – Part 2: Characters

Now we turn to a component of regular expressions that cannot be left out. We will be dealing with characters, how to use them, and how to escape them when needed. Regular expressions are explained in the PHP manual, and in this article we are focusing on the type that are Perl compatible, like in the function preg_match. The pattern is the regular expression we are using in each case. Since it uses a slash at the beginning and end, here’s the first thing to understand about characters in patterns: each character has a meaning or function, and escaping the character gives it a different meaning. preg_replace("/catalog/toys/", "catalog/fun", ""); //this basically cannot work because of the 2nd slash preg_replace("/catalog/toys/", "catalog/fun", ""); //this is correct Escaping a character, as shown, is usually butting the backslash character before it. It is also normal to put it in front of a double quote or another backslash in a PHP string like that anyway, but in patterns we use it for a various things. preg_replace("/[rn]/", "", ""); //removes the newline r and n are also standard php string characters representing newlines. (There may be different systems for newlines from different operating systems and programs, some use n only, some use rn.) The [] brackets in the pattern mean you want to match any character inside the brackets. The function basically means replace r or n with “”. If you wanted to actually match brackets instead of that you can escape them too: [] […]

By | October 8th, 2011|PHP, PHP, PHP Articles, PHP Tutorials|Comments Off on PHP Regular Expression Techniques – Part 2: Characters