Posted by php-manual on Apr 13, 2009 in
PHP 
Google launched their Google App Engine (GAE) a year ago. The free hosting in App Engine is allocated 500 MB of persistent storage and enough CPU and bandwidth for about 5 million page views a month. Also, if you really want more you can see pricing plans.
GAE will support Java going forward. Unfortunately PHP support on the App Engine is still left as the top item in the wishlist. So until Google announces their official PHP support we have a workaround to run PHP using Quercus. Quercus is basically a 100% Java implementation of the PHP language (requires JDK 1.5). Since the App Engine now supports Java this means we can use Quercus to run PHP scripts on the App Engine.
So all you need to use the GAE and run PHP
1) Register a free account.
2) Download this file to your computer.
3) Edit application XML tag in the file war\WEB-INF\appengine-web.xml to the name of the application you have registered.
4) Finally upload your application. I downloaded Google App Engine SDK for Java and use the following command in windows.
appcfg.cmd update C:\projects\phpwithjava\war
To see this in action just visit:
http://phpwithjava.appspot.com/webdigi.php and http://phpwithjava.appspot.com/info.php
NOTE: phpwithjava is my app name with GAE. Image by Aral Balkan.
Tags: appengine, google, PHP, quercus
Posted by iphp on Mar 15, 2009 in
PHP In a recent PHP conference in London some great speakers spoke about new features in PHP to be released in PHP 5.3. PHP 5.3 contains functionality that was scheduled for PHP 6, which takes PHP 5.3 from being a minor release to a significant and huge release. A release that no PHP developer should ignore. Most of these features are pretty complicated additions for novice PHP programmers. I have listed some features and some ways to use them.
1) Namespaces for classes and functions
This feature will help us shorten the class names and function names. To appreciate this feature, we need to go back to the days before there was Object Oriented Programming in PHP. Imagine all the function names with name save(). How would you differentiate if the call save() was to save a blogs or save comments? The solution was to use blog_save() or comment_save() before the introduction of classes in which we could write the save() function within the Blog class or the Comment class. Using classes is obviously a much more elegant solution.
We now have the same situation with the large number of classes and functions. Using namespaces, we could simply separate the two functions above in the code below:
<?php
namespace Blog;
function save()
{
echo "Now saving the blog!";
}
namespace Comment;
function save()
{
echo "Now saving the comment!";
}
// To invoke the functions
Blog\save(); // This prints - Now saving the blog!
Comment\save(); // This prints - Now saving the comment!
?>
EDIT: A final decision was made on October 2008. Developers will have to use \ backslash operator to dereference namespaces.
2) MySQL Native Driver
PHP 5.3 has a native driver specific to PHP, optimised for the ZEND engine. It is an alternative to connect to MySQL server versions newer than 4.1. Being a native driver we should be able to get much faster execution times. The native driver will also be licensed under the PHP license. If you are like most users, you are currently using libmysql (A MySQL database client library) you will be able to easily switch over to mysqlnd without making any changes to your existing PHP Scripts!
3) phar – PHp ARchive
This is a cool new feature. Think of it like an archive, like a .zip file or a .tar file. Besides just being able to group all the files into one simple file, we will be able to deliver and run an entire PHP application from a single file!
We will also be able to use phar archives within PHP, so the following will work in PHP 5.3 and above
<?php
include "singlefilelibrary.phar"
?>
Obviously, there will be a performance hit but the possibilities are endless, imagine being able to upload phpMyAdmin to the server as a single phar file instead of hundreds of small files.
4) Closures & Lambdas
This gets into the list because this is something most web developers would have been familiar with while working on Javascript. A lambda can be declared anywhere and they can be assigned to a variable. A closure on the other hand are lambda funcions but have access to the variables where they were declared. This is something called lexical scoping. To see this in action take a look at this example.
<?php
$hellolambda = function () {
echo "Hello world via Lambda";
}
$hellolambda(); // Outputs Hello world via Lambda
?>
5) All of the rest!
There are a lot of other things in PHP 5.3 which I thought are nice, I have just described all of them very succinctly.
Functors: This allows an object to be invoked as a function.
Traits: This is a new unit of reuse, traits can be incomplete, provides reusability, modularity and structure. In short it is copy-paste glorified!
Magic functions: We have a couple of new magic functions for classes (interceptors) __callstatic() and invoke()
Ternary operator: You can now display the a value that exists $value1 or $value2 using this simple statement echo $value1?:$value2;
There are many more things added like Late Static Binding, Variable Static Calls, Changes to PHP Error Levels, new PHP functions, improvements to help with OpenID, Command line and many more.
Final Thought
Well, this gives us much more to play with. It is definitely a lot to include into PHP 5.3 and I would have expected so many changes to go into PHP 6. I sometimes wonder if there will be anything new left to add into PHP 6 given the fact that so much has been released already. If you are interested in PHP 5.3, do give it a try here, it is in beta at the time of the writing.
Tags: closures, lambdas, namespaces, phar, PHP
Posted by php-manual on Jan 19, 2009 in
PHP,
Security,
Web We all do our best to write excellent code and also keep our installations of popular open source tools like Wordpress, Joomla, Oscommerce, Drupal, phpmyadmin and all its plugins always updated to prevent any attack or hackers using known exploits on them. This article is not aimed at going through all those methods to help you secure your website BUT focuses on how to send you an alert once your website is hacked and running “hidden” code that you didnt write.
Read more…
Tags: hash, PHP, Security, Web, webserver
Posted by php-manual on Jan 16, 2009 in
Web We have all been doing email address validation for a very long time to make sure that the email is correctly formatted. This is to avoid users entering wrongly formatted email address but still they can accidentally give us a wrong email address.
Example of a correctly formatted email address but still wrong:
mailbox.does.not.exist@reddit.com [VALID email fromat but still not correct]
Above case specifically happens when you take important customer email on phone and you type in the wrong email. So is there a QUICK solution to really check the email without sending a test message to the user? Yes.
Read more…
Tags: forms, mail, PHP, Web
Posted by php-manual on Jan 14, 2009 in
PHP Session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person’s session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs (query string) or POST data.
Example of such an attack: Lets take an example of a banking website which provides login to access banking features. (this can be any site which allows users to login).
EG: http://www.poorbanking.com
1) Hacker
Creates a very a link and sends visitors to the site as http://www.poorbanking.com/index.php?PHPSESSID=1234
Lets assume PHPSESSID is the name of the cookie / variable used to store session information. It is very easy for anyone to find this by just visiting the site once.
2) Hacker sends link to the target user.
http://www.poorbanking.com/index.php?PHPSESSID=1234 by email or placed in a blog etc.
3) Victim
Sees the link and clicks on it. The site looks genuine and the victim logs in to the site. At this stage the PHPSESSID is set to PHPSESSID=1234 and user is logged in.
4) The happy hacker
Hacker can keep checking if they can login by simply going to http://www.poorbanking.com/showmeaccount.php?PHPSESSID=1234
where showmeaccount.php is the page after login. They can see that once the user has logged in they can easily get access to the page.
Work around to this problem
Just prior to setting such a session variable, a call to session_regenerate_id() can help to protect against a session fixation attack.
See more information at http://en.wikipedia.org/wiki/Session_fixation
Tags: PHP, Security, session
Follow us on twitter 
