Posted by iphp on Mar 15, 2009 in
PHP In a recent PHP conference in London some great speakers spoke about new features in PHP to be released in PHP 5.3. PHP 5.3 contains functionality that was scheduled for PHP 6, which takes PHP 5.3 from being a minor release to a significant and huge release. A release that no PHP developer should ignore. Most of these features are pretty complicated additions for novice PHP programmers. I have listed some features and some ways to use them.
1) Namespaces for classes and functions
This feature will help us shorten the class names and function names. To appreciate this feature, we need to go back to the days before there was Object Oriented Programming in PHP. Imagine all the function names with name save(). How would you differentiate if the call save() was to save a blogs or save comments? The solution was to use blog_save() or comment_save() before the introduction of classes in which we could write the save() function within the Blog class or the Comment class. Using classes is obviously a much more elegant solution.
We now have the same situation with the large number of classes and functions. Using namespaces, we could simply separate the two functions above in the code below:
<?php
namespace Blog;
function save()
{
echo "Now saving the blog!";
}
namespace Comment;
function save()
{
echo "Now saving the comment!";
}
// To invoke the functions
Blog\save(); // This prints - Now saving the blog!
Comment\save(); // This prints - Now saving the comment!
?>
EDIT: A final decision was made on October 2008. Developers will have to use \ backslash operator to dereference namespaces.
2) MySQL Native Driver
PHP 5.3 has a native driver specific to PHP, optimised for the ZEND engine. It is an alternative to connect to MySQL server versions newer than 4.1. Being a native driver we should be able to get much faster execution times. The native driver will also be licensed under the PHP license. If you are like most users, you are currently using libmysql (A MySQL database client library) you will be able to easily switch over to mysqlnd without making any changes to your existing PHP Scripts!
3) phar - PHp ARchive
This is a cool new feature. Think of it like an archive, like a .zip file or a .tar file. Besides just being able to group all the files into one simple file, we will be able to deliver and run an entire PHP application from a single file!
We will also be able to use phar archives within PHP, so the following will work in PHP 5.3 and above
<?php
include "singlefilelibrary.phar"
?>
Obviously, there will be a performance hit but the possibilities are endless, imagine being able to upload phpMyAdmin to the server as a single phar file instead of hundreds of small files.
4) Closures & Lambdas
This gets into the list because this is something most web developers would have been familiar with while working on Javascript. A lambda can be declared anywhere and they can be assigned to a variable. A closure on the other hand are lambda funcions but have access to the variables where they were declared. This is something called lexical scoping. To see this in action take a look at this example.
<?php
$hellolambda = function () {
echo "Hello world via Lambda";
}
$hellolambda(); // Outputs Hello world via Lambda
?>
5) All of the rest!
There are a lot of other things in PHP 5.3 which I thought are nice, I have just described all of them very succinctly.
Functors: This allows an object to be invoked as a function.
Traits: This is a new unit of reuse, traits can be incomplete, provides reusability, modularity and structure. In short it is copy-paste glorified!
Magic functions: We have a couple of new magic functions for classes (interceptors) __callstatic() and invoke()
Ternary operator: You can now display the a value that exists $value1 or $value2 using this simple statement echo $value1?:$value2;
There are many more things added like Late Static Binding, Variable Static Calls, Changes to PHP Error Levels, new PHP functions, improvements to help with OpenID, Command line and many more.
Final Thought
Well, this gives us much more to play with. It is definitely a lot to include into PHP 5.3 and I would have expected so many changes to go into PHP 6. I sometimes wonder if there will be anything new left to add into PHP 6 given the fact that so much has been released already. If you are interested in PHP 5.3, do give it a try here, it is in beta at the time of the writing.
Tags: closures, lambdas, namespaces, phar, PHP
Posted by admin on Mar 12, 2009 in
Web I was just trying to add Adsense to this blog and found several plugins available to add Google adsense to wordpress. Finally, I managed to add Google Adsense to this blog without any plugins - this solution takes around 5 mins to setup and it only uses the text widget available in wordpress by default.
Step 1: Login to your blog as administrator
Step 2: Click on Appearance
Step 3: Select Widgets
Step 4: Select the sidebar you want (Default Sidebar 1)
Step 5: Add Text widget
Step 6: Click on Edit widget
Step 7: Enter Caption. I have used “Useful Links”
Step 8: Paste your Google Adsense code in the text area. See example code & screenshot
Example:
<script type="text/javascript">
<!--
google_ad_client = "pub-9990819195828769";
google_ad_slot = "7810166087";
google_ad_width = 200;
google_ad_height = 200;
// --></script>
<script src="http://pagead2.googlesyndication.com/pagead/show_ads.js"
type="text/javascript"></script>
Screenshot
Wordpress Text Widget - Add Google Adsense code
Step 9: Click done & Save changes.
You should now be able to see Ads from Google showing on the left side of your sidebar. Just like we have on the top right of this page.
Tags: adsense, google, wordpress
Posted by iphp on Mar 3, 2009 in
Miscellaneous This article is to help fellow web developers get started with working on Adobe AIR! Using Adobe AIR, you will be able to create desktop applications which are cross-operating system using just HTML, JS and a bit of XML.
Adobe Air works great on Windows, Linux, Mac and hopefully a lot of future operating systems and mobile devices. If you get an application working, it should work and display exactly as it does across all the other operating systems as all AIR installations use WebKit. This article will give you an insight into how I got it working on Windows and Linux. We need Abobe AIR SDK to develop and build AIR applications. You can get Adobe AIR SDK from this link here.
Setting up AIR SDK on Ubuntu
1) Get Adobe AIR SDK from http://adobe.com/go/getairsdk (Choose Linux)
2) Extract contents of the file into a location that you prefer
3) Pick the adl and adt files and place them in your bin directory on your machine OR set a path to the bin folder so that these files are accessible
4) Once you have it all setup, you should be able to run adl on your terminal and get a message back instead of the standard “command not found”
5) You will have to save both of the files (AIRHello.xml and AIRHello.html into a folder)
6) On the terminal, go into the folder where the files are saved and run “adl AIRHello.xml” and that’s it you
Setting up AIR SDK on Windows
1) Get Adobe AIR SDK from http://adobe.com/go/getairsdk (Choose Windows)
2) Extract contents of the file into a location that you prefer
3) Go to Start > My Computer (Right click Properties) > Advanced Tab > Environment Variables > Path > Edit and add the path to your bin folder
4) Once you have it all setup you should be able to run adl on your command line and get a message back instead of the standard “command not found”
5) Make sure that on the command line if you type “path” you get to see the new entry.
6) You will have to save both of the files (AIRHello.xml and AIRHello.html into any folder)
6) On the command line browse to the folder where files are saved and run “adl AIRHello.xml” and that’s it!
AIRHello.xml
<?xml version="1.0" encoding="utf-8" ?>
<application xmlns="http://ns.adobe.com/air/application/1.0">
<id>uk.co.webdigi.AIRHello</id>
<filename>AIRHello</filename>
<name>Hello World</name>
<description>This is a sample Adobe AIR application.</description>
<version>1.0</version>
<initialWindow>
<content>AIRHello.html</content>
<title>Hello by Webdigi</title>
<systemChrome>standard</systemChrome>
<transparent>false</transparent>
<visible>true</visible>
<minimizable>true</minimizable>
<maximizable>true</maximizable>
<resizable>true</resizable>
<width>500</width>
<height>500</height>
<x>150</x>
<y>150</y>
<minSize>300 300</minSize>
<maxSize>800 800</maxSize>
</initialWindow>
</application>
AIRHello.html
AIRHello
<div>
<h2>Hello World</h2>
</div>
This should get you started on working with Adobe AIR! You can easily create AIR applications using just HTML, Javascript and XML, all tools that web developers regularly use. You can do more advanced stuff like system tray alerts, drag and drop, sounds, file access and many more stuff that you can’t do on a traditional web browser.
Tags: adobe air
Posted by php-manual on Feb 18, 2009 in
IT I recently decided to run a test to see how well users can collaborate using social bookmarking sites like reddit & digg. This was assuming that users will collaborate and can accomplish something together!
How the test works
1) Each visitor to the site will be given any ONE random letter of a phrase (one per IP address).
2) They have to use the comments or any method to share with other users know the letter they got.
3) All users have only two attempts to guess the phrase. After they have used their attempts they can share their guesses in the comments section.
EG: If the phrase was “wild goose chase”. Visitors to the page might get any letter from ‘w’ through to ‘e’ and so on. Users use the comment section to share their letters and work together and find out the phrase. This is how a test looked on reddit.
Result of test on Reddit
Phrase / Word Section posted Time to finish
Observatory Programming 14.5 minutes
Starbucks Coffee Entertainment 107.3 minutes
Wild Goose Chase WTF 225.6 minutes
Result of test on DIGG
Phrase / Word Time to finish
Spill the beans 580.5 minutes
Observations on the test results
1) Although more than 5000 visitors saw each page. There were around 105 comments and around 20 - 30 users who actively participate to guess the phrase.
2) Thanks to proxy servers used - Some users (esp in programming section) could get more letters from the system.
3) Reddit edit comments helps a lot as users can change their comments any number of times.
4) Another interesting observation was that some people lie that they got a letter which was not actually given to them. It was good to see users upvote the letters in the comments that they have also got to confirm a letter.
5) Reddit programming users managed to find the word in just under 15 minutes of starting the test. WOW!
Reddit users win the collaboration test!
I am looking for any other fun ideas of a collabortive test? Looking forward to hear your ideas!
Tags: collaborative, digg, fun, reddit, test
Posted by php-manual on Feb 4, 2009 in
IT The Official Google Store which sells a range of Google labelled products doesn’t use Google Checkout for credit card processing but instead uses Worldpay.
Google Store uses Oscommerce (popular open source PHP ecommece store management program) and free open source plugins are available to integrate google checkout with oscommece in minutes (eg: http://code.google.com/p/google-checkout-oscommerce/). I wonder why they cant simply use Google checkout to deal with credit cards on their own site?
Screenshots
1) Google store without Google checkout option for payment.
2) Worldpay message when checkout starts.
Another question
OK, now we know that Google store doesnt have Google Checkout support at the moment. Then how does the store have the google checkout badge on their sponsored listing?
Google search result shows the Google Checkout badge
Try a Google search for “Google Store” and you can see the sponsored link has Google checkout badge on it.
NOTE: I love Google and use most of their products. Just don’t understand why they cant use their own checkout in their official store.
Tags: google, google checkout, google store, oscommerce, worldpay
Posted by iphp on Jan 26, 2009 in
PHP Recently we had to work on a Windows server 2008 (web edition) machine with IIS 7.0 and we ran into the strangest of errors. The server stops running the script with this message :
Server Error
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
Cause:
This error happens on the default configuration of windows server 2008. The server logs do not say a lot except for the fact that the php file is causing an error. This happens for the following reasons on the server:
- PHP Fatal error (Something that you did or didn’t do caused the server to run into a fatal error)
- PHP error_reporting is on and there are some errors (Anything from a NOTICE or WARNING can cause this)
How to rectify:
Obviously the best way to resolve the error is find out what is wrong with the PHP code. But how do you do this if the server won’t show you what the error is? One of the best ways to find what is wrong with your PHP script is to try to login to the machine via RDP. This works only if you have remote desktop access. Once in RDP try to go to the same URL but using the server’s Internet explorer. Accessing the server locally will avoid the 500 Internal Server Error and show you what is wrong with the PHP file as on a development environment. The server just shows you the PHP error messages and the rest of your script output is not shown.
Change IIS 7.0 Setting
Alternatively to the above, you can always change the configuration using the Configuration Editor of IIS 7.0. You will find this under the Section > system.webServer/httpErrors. You have to change errorMode to Detailed from the usual DetailedLocalOnly and then click on Apply.
This is a good security measure as it will not accidentally show your PHP errors to the users of your system.
Tags: IIS 7.0, Server Error, Windows Server 2008
Posted by php-manual on Jan 19, 2009 in
PHP,
Security,
Web We all do our best to write excellent code and also keep our installations of popular open source tools like Wordpress, Joomla, Oscommerce, Drupal, phpmyadmin and all its plugins always updated to prevent any attack or hackers using known exploits on them. This article is not aimed at going through all those methods to help you secure your website BUT focuses on how to send you an alert once your website is hacked and running “hidden” code that you didnt write.
Read more…
Tags: hash, PHP, Security, Web, webserver
Posted by php-manual on Jan 16, 2009 in
Web We have all been doing email address validation for a very long time to make sure that the email is correctly formatted. This is to avoid users entering wrongly formatted email address but still they can accidentally give us a wrong email address.
Example of a correctly formatted email address but still wrong:
mailbox.does.not.exist@reddit.com [VALID email fromat but still not correct]
Above case specifically happens when you take important customer email on phone and you type in the wrong email. So is there a QUICK solution to really check the email without sending a test message to the user? Yes.
Read more…
Tags: forms, mail, PHP, Web
Posted by php-manual on Jan 14, 2009 in
Web What is CAPTCHA?
CAPTCHA is an acronym for “completely automated public Turing test to tell computers and humans apart.” This can be with images / audio or whatever we will see in future.
Why do sites use it?
CAPTCHA is used to prevent bots from automatically submitting forms with SPAM or other unwanted content. Google and other companies use it to prevent bots from creating multiple Gmail accounts.
What is wrong with it?
Users will have to enter this additional information every time they have to submit a form. This is getting more and more difficult to decode for humans as the bots are getting better at it. I am sure that everyone reading this post has atleast once got a CAPTCHA entered wrongly.
Alternative Simple soultion:
NOTE: Does not apply for highly targeted sites like gmail, yahoo mail and others alike.
However,
If you have a sales form which requires an entry of username, email and phone number for a call back
OR
a simple contact us form with just name, number, description.
1) Have server validation of data.
All the forms have only client validation in javascript. Just validate in server and you can have 70% of spam bot submissions caught.
EG: If your form has Name, Email, Telephone.
The bot will send some 500 character text in Name and valid email and some random data in phone field. A simple validation on the server to trash Name having more than 30 characters will do the trick.
2) Hidden input element
Add an extra text input element to your form. In an external style sheet you set the element to display: none; thus making it invisible to all users with CSS enabled. Spam bots will usually fill all fields in a form you know that any forms submitted where this invisible field is not empty are spam.
With the above two simple steps you can see that most sites can avoid spam messages and still not having to use a captcha.
So in short - for all the websites with simple contact forms why do we use CAPTCHA and risk giving the customer an additional field to fill and risk not to getting them to fill it at all ??
Tags: captcha, forms, Web
Posted by php-manual on Jan 14, 2009 in
PHP Session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person’s session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs (query string) or POST data.
Example of such an attack: Lets take an example of a banking website which provides login to access banking features. (this can be any site which allows users to login).
EG: http://www.poorbanking.com
1) Hacker
Creates a very a link and sends visitors to the site as http://www.poorbanking.com/index.php?PHPSESSID=1234
Lets assume PHPSESSID is the name of the cookie / variable used to store session information. It is very easy for anyone to find this by just visiting the site once.
2) Hacker sends link to the target user.
http://www.poorbanking.com/index.php?PHPSESSID=1234 by email or placed in a blog etc.
3) Victim
Sees the link and clicks on it. The site looks genuine and the victim logs in to the site. At this stage the PHPSESSID is set to PHPSESSID=1234 and user is logged in.
4) The happy hacker
Hacker can keep checking if they can login by simply going to http://www.poorbanking.com/showmeaccount.php?PHPSESSID=1234
where showmeaccount.php is the page after login. They can see that once the user has logged in they can easily get access to the page.
Work around to this problem
Just prior to setting such a session variable, a call to session_regenerate_id() can help to protect against a session fixation attack.
See more information at http://en.wikipedia.org/wiki/Session_fixation
Tags: PHP, Security, session
Follow us on twitter 
