Plop in the Ocean

Stage 2: http:BL with Apache2 mod_perl

2010-12-02T11:19:45Z

After my earlier post Referrer and Comment spammers are a PITA I came up with two mod_perl plugins to Apache and an "apache level" firewall.

The reason for the apache-level firewall is two-fold. There is no direct way for the Apache user to manipulate an iptables chain (as it doesn't run as root), and second; I was not happy with suid root access or other forms of message passing to a daemon which would manipulate the firewall for me.

Architecture is thus, in httpd.conf place the following two lines:

PerlPreConnectionHandler PGREGG::httpBLBlock
PerlLogHandler PGREGG::httpBLLog

The first tells apache to run the handler in my httpBLBlock.pm module when a connection is received (before the request has been sent by the client). In this handler, I am simply looking for a filename matching that IP in a directory that is writable by the apache user. The contents of the file are a SCORE:httpBL_answer:[LIST]. Based on this, the module checks the mtime of the filename is in the last SCORE days, then the firewall is in effect. If so, we simply tell apache to drop the connection. If the file has expired, we delete the file.

The second line is more interesting, and what creates the firewall filenames. In order to not impede the general speed of request handling, processing is performed in the Logging section of the Apache process. Our module is called by apache after the response has been sent, but before the access_log entry has been written. In our module we perform the http:BL API call and compute the above SCORE based upon the Threat* level and Age* of the API response. (* both Threat and Age are octets in the DNS lookup). We merely discount the Threat down to zero based on the Age (0-255) where an entry 255 days old reduces the SCORE to zero.
If the SCORE is larger than our trigger level (3) then we create the firewall filename, log the entry in our own httpbl.log and return Apache2::Const::FORBIDDEN. This causes Apache to not log the entry in the normal access_log. Otherwise, if all is ok, we return Apache2::Const::OK and Apache logs the hit as normal.

I have a bit of code tidy up, restructure the config/firewall directory and pull some common code out to a shared module before I can release to the world.

An interesting side effect to publishing the last story out through Planet PHP and other news sources along with the Project Honey Pot image is that when browsers viewed those sources, they all asked for the image off my server. In several cases, these were known spammer, Comment spammer, and other abusers. My server then created the firewall entry blocking them before they were able to follow the links back to my server.

I have been reading up more on Apache Bucket Brigades in an attempt to allow the firewall filter to be placed immediately after the request has been received and allow a custom response to the browser. This may help an otherwise unsuspecting user if their machine had been trojaned. I don't mind admitting I'm thoroughly confused right now :)

Referrer and Comment spammers are a PITA.

2010-11-28T23:18:54Z

This shouldn't be news to anyone - but Referrer and Comment spammers are a real pain in the a*se. Polluting my web logs and making any meaningful log analysis problematic.

So, I now have an itch to scratch and I'm going to do something about it. I would encourage you, the reader, to do something about it too.

Firstly, get yourself over to Project Honey Pot and read up on the project. If you can, set up a Honey Pot or two yourself. Also be sure to read about the http:BL - this works along similar lines to the DNS blacklists used for Email spammers.

Next, I'm going to write a general Apache mod_perl module which will provide integration (lookup) to the http:BL and allow the user to "action"* the abusers. Minimally, it will prevent the normal apache log files from being polluted by diverting the log entries to a httpbl logfile.

* "action" - To provide flexibility, I'm thinking of running an external script with the IP of the abuser. The script can then perform any action you wish. The one I'm going for is an iptables firewall block.

Comments and suggestions welcome.

Project Honey Pot has implementations for several languages, including PHP and Perl (the languages that mean most to me). There may be an implementation for your Web application so you might not be interested in what I'm doing at all :)

Borland, Farewell my sweet.

2009-05-06T14:31:36Z

Today, May 6 2009, marks the day that Borland, that once great master of all software development has finally recognised there was no other recourse but to up and sell itself off in order to survive.

Back when I was a teenager, in the early 80s and personal computing was coming to the fore - I, and many others, aspired to work for that great company Borland. It was the pinnacle of language development and development tools and we wanted to work there. However, based in Ireland it was never to be.

Also, once upon a time I happened to be working for a very promising young company with a fantastic product line called Segue Software, based in Boston, MA. Segue also had its troubles but a new CEO saw its fortunes turn and it was climbing to success. This success was noticed by the aforementioned Borland as it tried to re-invent itself as an Application Lifecycle Management (ALM) company. The same day it was announced that Borland was acquiring Segue, it also announced it was selling its developer tools division (that's Delphi, JBuilder, and later Delphi for PHP, 3rd Rail line of products).

This was such a bitter-sweet time for many. I was overjoyed that I was going to work for Borland (childhood dream) - it didn't matter I wasn't going to work with the developer tools, working for "Borland" would just be cool. Sadness also because our little 200-man company was being consumed by a 1200-man behemoth (relatively) and no-matter which way you looked at it, people were going to lose their jobs. Pretty much the entire US East Coast staff (Segue Head Office) lost their jobs and the office was closed. Product development labs and Technical Support survived, simply by virtue that it was the product and product skills that were purchased, not the G&A functions - they could go.

I 'lived the dream' for the next 2.5 years in the IT department. Despite being remote, I loved working with the rest of the Borland teams as I was intimately involved in the merging/migration of Segue's systems into Borland's. I also had the pleasure of working with several departments to architect and deploy several new platforms (such as product downloads and licensing via Intraware, and the companies Salesforce.com, SFDC, deployment). I'll treasure the time I spent at Borland.

Of course there were several WTF moments. Most significantly, for me, was the company "hanging its hat" on BMS (Business Management Solutions) which ultimately proved to be a hatstand made of jello. Very few, outside of management and that product team, believed in it. Another significant WTF for Borland was, If you plan to be the Application LIFECYCLE Management company - why divest yourself (for a paltry $27m) of two of the world's major AppDev toolsets (Delphi and JBuilder). You've just removed the feeder market and upsell opportunity into your ALM business. Finally, and internal WTF to get off my chest, on what planet does the IT department belong as a subdivision of the HR department?

Borland will live on in the hearts of many of us who knew what she used to be. I think I left Borland a better place than I found it (as long as you don't look at the stock price ;), and I made some good friends. At the end of the day, there isn't much more you can ask from your tenure.
It is sad that today if you ask a typical Software Engineer if they know who Borland is, they'll respond "Who?" which typifies the company's slide into obscurity.

I wish the best of luck to my former colleagues, who I'm sure, will be wondering what is to happen next. I also hope that the new owners, Micro Focus International (who?), have good fortune with their ALM drive. Perhaps the Borland name might live on as a brand for a suite of ALM products - who knows what they'll do.

In the immortal words of Dr. Seuss "Don't cry because it's over. Smile because it happened."

PHP algorithms: Determining if an IP is within a specific range.

2009-04-27T22:48:15Z

I spend a lot of time lurking in the #PHP channel (efnet and freenode, please - no flamewars) and this topic is a commonly asked one that usually gets a simplified answer in the form of using strpos(), or at best an ip2long() in a greater than and less than answer.

Unfortunately although people usually understand that an IP address is simply an unsigned 32 bit integer, and is easily determined, usually with $_SERVER['REMOTE_ADDR'], where the real challenge is - is in specifying the range within which they wish to check that IP address. IP ranges are usually specified in three common ways (in increasing complexity):

Wildcard: 192.168.10.*

Start-End range: 10.1.0.0-10.1.255.255

CIDR*: 172.16.1.0/24

* Classless Inter-Domain Routing

The Wildcard method, or "classy", allows you to work at Class A (10.*.*.*), Class B (172.16.*.*) or Class C (192.168.10.*) levels of granularity which is how we used to do things in the old days (before the Web decided to make the Internet popular). But, increasingly, this just isn't granular enough for practical purposes.

Thus was born CIDR (yes, I'm skipping talking about Start-End ranges for now). CIDR brought about the concept that we really didn't need to break networks on 8, 16, 24 bit boundaries and we could be more granular by allowing the use of any number (from 2-30) to specify a range of networks. Details on why you can't use "31" is beyond the scope of this article.

CIDR renamed the former Class A, B and C networks as /8, /16 and /24 respectively and reflects the left-most significant bits of the 32-bit IP address. Thus was born the ability to specify very specific IP ranges in the form a.b.c.d/xx. However, part of the problem with this is that although it concisely describes the network start and end, most normal mortal humans couldn't decipher it. CIDR addressing can also be specified in the form of a longer netmask, e.g. a.b.c.d/255.255.255.224

Thus, the simplified form of Start IP - End IP was put in place for mere mortals and is typically used by those without a networking background. It also features heavily in consumer broadband routers and notably in Microsoft Windows DHCP server.

So having explained how a range, and by inference, that a netmask is, how can we use this knowledge to help us in determining if an IP is within a range?

What this article will attempt to do is guide you though the construction of algorithms to make the checking of IPs simpler.

Logically, Method 1 (the Wildcard), can be easily converted to Method 2 (Start-End range) by using setting Start and End to the Wildcard string and replacing the "*" character with 0 for the Start and 255 for the End, thus for example, "192.168.10.*" becomes "192.168.10.0-192.168.10.255" which should (I hope) be obvious to everyone.

We can then proceed to evaluate both Method1 and Method2 in the same way. In this we're simply going to use the PHP built in function ip2long() on all 3 values and perform a mathematical check for Start <= IP <= End.

list($lower, $upper) = explode('-', $range, 2); $lower_dec = ip2long($lower); $upper_dec = ip2long($upper); $ip_dec = ip2long($ip); return ( ($ip_dec>=$lower_dec) && ($ip_dec<=$upper_dec) );

We have, however, a complicating factor here - PHP does not do unsigned integers (32 bit) - which would be necessary for this math to work properly. We can negate this by switing to floating point data types. PHP stores floating types as 64 bit and so will have no problem with IPv4 address space (note - this obviously isn't granular enough for 128bit IPv6 addressing). Therefore the simplest way to solve the Start <= IP <= End problem with IPs and floating point numers is the following piece of code:

$lower_dec = (float)sprintf("%u",ip2long($lower)); $upper_dec = (float)sprintf("%u",ip2long($upper)); $ip_dec = (float)sprintf("%u",ip2long($ip)); return ( ($ip_dec>=$lower_dec) && ($ip_dec<=$upper_dec) );

Next we have the challenge of handing the CIDR netmasks. What we could do is to take a CIDR format IPaddress/netmask and calculate the Start and End IPs of that block and proceed as before - but that would be no fun - and would mean I haven't really taught anything through this article.

The method we're going to use here is how all the world's Internet routers determine if a destination IP is in a specific CIDR address space. And we're going to get down and dirty with bitmasks and logical bitwise operators.

So using a real world example, my webserver IP 80.76.201.37 and the netblock within which it resides is 80.76.201.32/27, how does this all work?

Well the /27 indicates that the first 27 bits of the IP address are the same network and IP address in that network (range) will have those same identical first 27 bits. Bits 28-32 are variable and allow 5 bits of variation. If you know your binary, then this means 32 possible IPs. (However with routing, you can't use the bottom and top IP from any range as these are special and mean the network and broadcast addresses respectively. [This is also why a /31 isn't much use (except for PPP links) as you can't use the 2 addresses that space gives you]).

So thinking logically, bitwise, if I take my IP address and the CIDR spec, then all I have to do is check that the first 27 bits all match and I'm good. Correct. So how would we do this in PHP? Sound's simple, lets just use PHP's bitwise logical AND operator: &
Again, correct.

In order to do this we need to convert 27 into what 27 really means - a 32 bit number of 27 ones and 5 zeros in binary (which is what 255.255.255.224 really looks like).

In pseudo-code you could then do if (IP & BITMASK) == (RANGE & BITMASK) then all is good and you know that the IP is within the range.

Visualising this using our real IP address (using the very handy unix tool ipcalc):

Address:   80.76.201.37    01010000.01001100.11001001.00100101
Netmask:   255.255.255.224 11111111.11111111.11111111.11100000
Wildcard:  0.0.0.31        00000000.00000000.00000000.00011111

Network:   80.76.201.32/27 01010000.01001100.11001001.00100000
HostMin:   80.76.201.33    01010000.01001100.11001001.00100001
HostMax:   80.76.201.62    01010000.01001100.11001001.00111110
Broadcast: 80.76.201.63    01010000.01001100.11001001.00111111
Hosts/Net: 30

You can see this in the Wildcard line of 0.0.0.31, and the Network ORed with Wildcard results in the Broadcast address: 80.76.201.63.

Knowing this, then the IP address ANDed with the Network address will result in the same value as the Range ANDed with the Network address and so can be used as a comparison for an IP residing within that broadcast range.

How can we work out this Network address in PHP, again we have two strategies, one is to so a simple substr() and take the left most significant bits of the range and then simply pad out to the right with 0s. Or we can do some math with "NOT of 2 to the power of (32-range) - 1". Thus for our value /27 this gives us the decimal value 31, NOTed results in (65536-31) (representational in the bit form - PHP will see it as a negative integer, but we don't need to worry about that).

I'm sure by now, your screaming for some code (and if you stuck around this long, you really deserve it).

Code to manipulate a range/netmask into a broadcast address, using math, assuming:

$ip = "80.76.201.37";
$range = "80.76.201.32";
$netmask = 27;

We can convert the IPs to long integers using ip2long (denoted by variable_dec - dec being short for decimal):

$range_dec = ip2long($range);
$ip_dec = ip2long($ip);

This gives us the basis of our math, we now just need to work out the broadcast address.

Strategy 1 using str_pad to create a string by padding with 1s and 0s.

$netmask_dec = bindec( str_pad('', $netmask, '1')
. str_pad('', 32-$netmask, '0') );

We can achieve the same result though mathematics by NOTtin the wildcard value. This is our Strategy 2:

$wildcard_dec = pow(2, (32-$netmask)) - 1;
$netmask_dec = ~ $wildcard_dec;

Once we know the netmask address (in decimal) as we have here, we can know that, if by ANDing this with the original IP to check results against the Range ANDed with the Netmask, then the IP is within the range defined by the range/mask.

This can be checked easily with:

return (($ip_dec & $netmask_dec) == ($range_dec & $netmask_dec));

I have pulled all of this logic together in a easily included file to provide a single function called ip_in_range($ip, $range) in which $ip is the IP address you want to validate and $range is a any of the above formats, Wildcard, Start-End addressing or CIDR. The function will return a simple TRUE or FALSE if the IP is in that range.

The source code to the all-in function is available here:

http://pgregg.com/projects/php/ip_in_range/ip_in_range.phps

With an example run (and source code):

http://pgregg.com/projects/php/ip_in_range/test.php

I hope this article has been educational, please feel free to leave comments or feedback.

Update: There have been questions about PHP's signed integers and my use of bit operations in the code. It is important to recognise that when dealing with signed or unsigned 32 bit integers purely as bit patterns for masking with a netmask or broadcast address pattern - the fact that a number (128.0.0.0 or above) really is negative, doesn't have any impact on the validity of the result. The only impact to not having signed 32 bit integers is in the Start-End range check (example 2 above: 10.1.0.0-10.1.255.255) where a range spanning the switch from positive to negative would be catastrophic to the check. We can safely work around that problem by using floating point numbers as we are only doing <= and >= comparisons and not attempting any bitwise operators (which don't work on floats).

tail -# file, in PHP

2009-04-23T20:05:48Z

I read Kevin's Read Line from File article today and thought I would add some sample code I wrote a while back to address a similar task in PHP - How to perform the equivalent of "tail -# filename" in PHP.

A typical task in some applications such as a shoutbox or a simple log file viewer is how to extract the last 'n' lines from a (very) large file - efficiently. There are several approaches one can take to solving the problem (as always in programming there are many ways to skin the proverbial cat) - taking the easy way out and shelling out to run the tail command; or reading the file line by line keeping the last 'n' lines in memory with a queue.

However, here I will demonstrate a fairly tuned method of seeking to the end of the file and stepping back to read sufficient lines to the end of the file. If insufficient lines are returned, it incrementally looks back further in the file until it either can look no further, or sufficient lines are returned.

Assumptions need to be made in order to tune the algorithm for the competing challenges of :

Reading enough lines in
as few reads as possible

My approach to this is to provide an approximation to the average size of a line: $linelength
Multiply by 'n': $linecount
and we have the byte $offset from the end of the file that we will seek to to begin reading.

A check we need to do right here is that we haven't offset to before the beginning of the file, and so we have to override $offset to match the file size.

Also as I'm being over-cautious, I'm going to tell it to offset $linecount + 1 - The main reason for this is by seeking to a specific byte location in the file, we would have to be very lucky to land on the first character of a new line - therefore we must perform a fgets() and throw away that result.

Typically, I want it to be able to read 'n' lines forward from the offset given, however if that proves insufficient, I'm going to grow the offset by 10% and try again. I also want to make it so that the algorithm is better able to tune itself if we grossly underestimate what $linelength should be. In order to do this, we're going to track the string length of each line we do get back and adjust the offset accordingly.

In our example, lets try reading the last 10 lines from Apache's access_log

So let's look at the code so far, nothing interesting, we're just prepping for the interesting stuff:

$linecount = 10; // Number of lines we want to read $linelength = 160; // Apache's logs are typically ~200+ chars // I've set this to < 200 to show the dynamic nature of the algorithm // offset correction. $file = '/usr/local/apache2/logs/access_log.demo'; $fsize = filesize($file);

// check if file is smaller than possible max lines
$offset = ($linecount+1) * $linelength;
if ($offset > $fsize) $offset = $fsize;

Next up we're going to open the file and using our method of seeking to the end of the file, less our offset, here is the meat of our routine:

$fp = fopen($file, 'r'); if ($fp === false) exit; $lines = array(); // array to store the lines we read. $readloop = true; while($readloop) { // we will finish reading when we have read $linecount lines, or the file // just doesn't have $linecount lines // seek to $offset bytes from the end of the file fseek($fp, 0 - $offset, SEEK_END); // discard the first line as it won't be a complete line // unless we're right at the start of the file if ($offset != $fsize) fgets($fp); // tally of the number of bytes in each line we read $linesize = 0; // read from here till the end of the file and remember each line while($line = fgets($fp)) { array_push($lines, $line); $linesize += strlen($line); // total up the char count // if we've been able to get more lines than we need // lose the first entry in the queue // Logically we should decrement $linesize too, but if we // hit the magic number of lines, we are never going to use it if (count($lines) > $linecount) array_shift($lines); } // We have now read all the lines from $offset until the end of the file if (count($lines) == $linecount) { // perfect - have enough lines, can exit the loop $readloop = false; } elseif ($offset >= $fsize) { // file is too small - nothing more we can do, we must exit the loop $readloop = false; } elseif (count($lines) < $linecount) { // try again with a bigger offset $offset = intval($offset * 1.1); // increase offset 10% // but also work out what the offset could be if based on the lines we saw $offset2 = intval($linesize/count($lines) * ($linecount+1)); // and if it is larger, then use that one instead (self-tuning) if ($offset2 > $offset) $offset = $offset2; // Also remember we can't seek back past the start of the file if ($offset > $fsize) $offset = $fsize; echo 'Trying with a bigger offset: ', $offset, "\n"; // and reset $lines = array(); } } // Let's have a look at the lines we read. print_r($lines);

At first glance it might seem line overkill for the task, however stepping through the code you can see the expected while loop with fgets() to read each line. The only thing we are doing at this stage is shifting the first line of the $lines array if we happen to read too many lines, and also tallying up how many characters we managed to read for each line.

If we exit the while/fgets loop with the correct number of lines, then all is well, we can exit the main retry loop and we have the result in $lines.

Where the code gets interesting is what we do if we don't achieve the required number of lines. The simple fix is to step back by a further 10% by increasing the offset and trying again, but remember we also counted up the number of bytes we read for each line we did get, so we can very simply obtain an average real-file line size by dividing this with the number of lines in our $lines array. This enables us to override the previous offset value to something larger, if indeed we were wildly off in our estimates.

By adjusting our offset value and letting the loop repeat, the routine will try again and repeat until it succeeds or fails gracefully by the file not having sufficient lines, in which case it'll return what it could get.

For the complete, working, source code please visit:

http://pgregg.com/projects/php/code/tail-10.phps

Sample execution:

http://pgregg.com/projects/php/code/tail-10.php

TinyURL PHP "flaw" ?

2009-03-19T02:17:26Z

The Register is running a story today TinyURL, your configs are showing which points out that TinyURL has a /php.php page displaying the contents of phpinfo().

The article then goes on to make some scary sounding claims from security consultant Rafal Los "Why would you want to run a web service as 'Administrator' because if I figure out a way to jack that service, I completely, 100% own that machine." and "More importantly... why is this server running as ROOT:WHEEL?!"

Sorry Rafal - but you appear to have no idea how web servers work, or all that much about (web) security.

All unix based webservers start as root if they want to bind to the restricted (and default) port 80, after which they switch to the configured UID for request handling. So, right there, goes all Rafal's claims about pwning the machine.

Check your own server, the _SERVER and _ENV values will reflect the starting shell/environment, which just happens to be root. In other words, there is nothing wrong with the settings. Having said that, they do have register_globals turned on, which isn't ideal - but it isn't a gaping hole if the underlying php code is safely coded.

Also to TinyURL's credit, they are running Suhosin patch to harden their server. They're also running the latest production PHP (which is more than I can say). Granted, they probably don't want to be exposing phpinfo() - but this all just an overblown storm in a teacup.

PHP on LinkedIn.com

2009-02-03T23:04:30Z

Since LinkedIn opened up its Groups system, there has been a huge growth in the number of groups related to PHP. Some with charters, some without; some with a specific community background and others with a specific regional focus. I am posting this to bring attention to some of them.

In order of popularity (member count) some general groups (non-regional) are:

Some of these are useful if you are looking for a job (the recruiters tend to play nice and stay on-topic), others ban job posts and stick to discussions.
There are literally hundreds of groups related to PHP in some shape or fashion - pure PHP, LAMP, PHP&Mysql, Frameworks, and many regional *PUG type groups.

To silent fanfare, Microsoft released SQL Server 2005 Driver for PHP

2008-08-07T15:29:11Z

On July 24, Microsoft released version 1.0 of their native SQL Server 2005 Driver for PHP.

http://www.microsoft.com/downloads/details.aspx?FamilyId=61 ... 597C21A2E2A&displaylang=en

Some months back I downloaded a beta version of this after having problems working with international characters (UTF-8) with PDO and MSSQL and impressively the SQL Server 2005 Driver for PHP worked very well.

Congratulations to Microsoft for continuing with this and their recent contribution to ADODB. I'm looking for better PDO support now

Want to try out the next major version of Delphi for PHP ?

2007-12-19T23:10:08Z

CodeGear is looking for additional beta testers for the next major version of Delphi for PHP (http://www.codegear.com/products/delphi/php).
Interested PHP developers can apply to become a field tester at http://www.surveymonkey.com/s.aspx?sm=AsT7NAxv4zC5WYKIaK9pRw_3d_3d.

FastCGI for IIS (PHP related)

2007-09-28T08:13:09Z

I haven't seen this announced on the PHP blogs (planets) yet and since it may be of interest to those running PHP (with IIS as a CGI) I'll repost the details here.

Joe Stagner's Blog (Microsoft employee) has posted that the IIS team have released the FastCGI extension for IIS 5.1/6.0 as a free download from http://www.iis.net/.

Rather than reword it all, here are the salient bits in Joe's words:

HUGE KUDOS to the IIS team for their hard work and innovation (technical and political) for making FastCGI a reality.)

If your a developer that needs to use a CGI based platform (Like PHP) and work on Windows � then this is a godsend.

They guys went into over-drive to get this ready before the upcoming Zend-Con.

Here are the official particulars.

Since early 2006, Microsoft and Zend have been working together on a technical collaboration with the PHP community to significantly enhance the reliability and performance of PHP on Windows Server 2003 and Windows Server 2008. As part of this collaboration, the IIS product group has been working on a new component for IIS6 and IIS7 called FastCGI Extension which will enable IIS to much more effectively host PHP applications.

Delphi for PHP (aka D4PHP)

2007-05-03T23:03:05Z

Yesterday I installed Delphi for PHP (D4PHP), a new development environment from CodeGear, a Borland company.

D4PHP is CodeGear's first attempt at bringing visual rapid application development to PHP. To be honest my first impression was fear. Here I am, 10+ years into PHP and used to developing raw PHP in vi and Zend Studio, with a couple of forays into Eclipse, staring at a PHP RAD tool without the first clue where to begin.

At first glance, it looks like a familiar IDE environment and my first thought was to File / Open, open a .php and use it as an editor. But no, if I'm going to use it I should use it the way it was meant to be.

"Hello world" was pretty straight forward, but going beyond that left me pretty bewildered, not sure what was going on underneath, nor how it was supposed to plug together. VCLs (Visual Component Library) exist to "simplify" the building of applications, so I thought I would follow the build-a-component guide and turn my preg_find recursive directory iterator/filter/sorter into a VCL. I think I succeeded (it "compiles" ok) but I don't know how to test it!

Make no mistake - D4PHP is a mindshift for traditional PHP developers like myself.

Step back from the POST handlers and sequential logic we are used to and prepare to look at application components that seem to have a life of their own. I have to confess that being a simple procedural kind of guy that thinks OO is mostly hype, D4PHP is a huge concept for me to grapple with. But I think I might just enjoy it.

Code release: preg_find() - A recursive file listing tool for PHP

2007-04-18T22:48:43Z

Version 2.1

I originally wrote this a few years ago and never really promoted it beyond the realms of the #php IRC channel on EfNet. However, it has managed to find its way into applications such as WordPress and many other PHP apps. It is gratifying to know that others are finding it useful.

So what is preg_find() anyway? A short summary for those who have never encountered it: Imaging a recursive capable glob() with the ability to filter the results with a regex (PCRE) and various arguments to modify the results to bring back additional data.

Well today I thought I would add one commonly requested feature. Sorting. Using the power of PHP's anonymous (lambda-style) functions, preg_find() now creates a custom sort routine based on the arguments passed in, filename, dir+filename, last modified, file size, disk usage (yes those last 2 are different) in either ascending or decending order.

Download preg_find.phps
Download preg_find.php in plain text format

A simple example to get started - we'll work on my PHP miscellaneous code directory:

Example 1: List the files (no directories):

Code:

include 'preg_find.php';
$files = preg_find('/./', '../code');
foreach($files as $file) printf("
%s\n", $file);

You can see the result here

Now let us look at a recursive search - this is easy, just pass in the PREG_FIND_RECURSIVE argument.
Example 2: List the files, recursively:

Code:

$files = preg_find('/./', '../code', PREG_FIND_RECURSIVE);
foreach($files as $file) printf("
%s\n", $file);

You can see the result here

Lets go futher, this time we don't want to see any files - only a directory structure.
Example 3: List the directory tree:

Code:

$files = preg_find('/./', '../code', PREG_FIND_DIRONLY|PREG_FIND_RECURSIVE);
foreach($files as $file) printf("
%s\n", $file);

You can see the result here

It should be obvious by now that we are using constants as our modifier arguments. What might not be immediately obvious is that these constants are "bit" values (.e.g. 1, 2, 4, 8, 16, ..., 1024, etc) and using PHP's Bitwise Or operator "|" we can combine modifiers to pass multiple modifiers into the function.

How about a regex? Files starting with str_ and ending in .php
Example 4: Using a regex on the same code as example 1:

Code:

$files = preg_find('/^str_.*?\.php$/D', '../code');
foreach($files as $file) printf("
%s\n", $file);

You can see the result here

What about that funky PREG_FIND_RETURNASSOC modifier?
This will change the output dramatically from a simple file/directory array to an associative array where the key is the filename, and the value is lots of information about that file.

Example5: Use of PREG_FIND_RETURNASSOC

Code:

$files = preg_find('/^str_.*?\.php$/D', '../code', PREG_FIND_RETURNASSOC);
foreach($files as $file) printf("
%s\n", $file);

You can see the result here

As I mentioned earlier, I added sorting capability to the results, so let us look at some examples of that.

Example 6. Sorting the results (of example 1)

Code:

$files = preg_find('/./', '../code', PREG_FIND_SORTKEYS);
foreach($files as $file) printf("
%s\n", $file);

You can see the result here

Example 7. And reverse sort.

Code:

$files = preg_find('/./', '../code', PREG_FIND_SORTKEYS|PREG_FIND_SORTDESC);
foreach($files as $file) printf("
%s\n", $file);

You can see the result here

Ok, thats all well and good, what about something more interesting?

Example 8. Finding the largest 5 files in the tree, sorted by filesize, descending.

Code:

$files = preg_find('/./', '../code',
  PREG_FIND_RECURSIVE|PREG_FIND_RETURNASSOC|PREG_FIND_SORTFILESIZE|PREG_FIND_SORTDESC);
$i=1;
foreach($files as $file => $stats) {
  printf('
%d) %d %s', $i, $stats['stat']['size'], $file);
  $i++;
  if ($i > 5) break;
}

You can see the result here.

Or what about the 10 most recently modified files?

Example 9.

Code:

$files = preg_find('/./', '../code',
  PREG_FIND_RECURSIVE|PREG_FIND_RETURNASSOC|PREG_FIND_SORTMODIFIED|PREG_FIND_SORTDESC);
$i=1;
foreach($files as $file => $stats) {
  printf('
%d) %s - %d bytes - %s', $i,
    date('Y-m-d H:i:s', $stats['stat']['mtime']), $stats['stat']['size'], $file);
  $i++;
  if ($i > 10) break;
}

You can see the result here.

I am keen to receive feedback on what you think of this function. If you have used it in some other application - great, I would love to know. Suggestions, improvements, criticisms are also always welcome.

Compiling PHP, OCI8 on Sparc64 Solaris 10 with Oracle10g

2005-09-27T09:53:18Z

This problem beat me about the head for most of yesterday until I worked out that PHP 5.0.5 doesn't actually know about Oracle 10. 8 and 9, sure thing - otherwise it decides it is an older version (very silly).

The other problem is that when PHP tries to link to the oracle client libraries, by default it attempts to link against the 64 bit libraries - which with PHP being a 32bit app just isn't going to fly.

So here I will attempt to guide you in all that is good with PHP and Oracle 10.

The first thing to do is ensure you have a working Solaris 10 install with Oracle 10g already
installed. As this was to be an actual server machine I installed the full database server including client libraries (which happens by default when you install server). However the purpose of this is not to help you install Oracle - there are plenty of guides out there for that. This is to help you get PHP compiled in this environment - there are no guides for that.

So lets unpack the PHP source:
#->tar xf php-5.0.5.tar
#->cd php-5.0.5
php-5.0.5-#->

Now, If you run a straight ./configure --with-oci8 it will most likely fail being unable to find the oracle install:
checking Oracle version... configure: error: Oracle (OCI8) required libraries not found

We need to tell it where to find the oracle libraries.
./configure --with-oci8=/u01/app/oracle/product/10.2.0/Db_1
(assuming this is where your default database was installed to)

This will enable configure to complete.

Next, naturally, we try to make php - all should go well right up until the final link:
php-5.0.5-#->make
... [snip] ...
ld: fatal: file /u01/app/oracle/product/10.2.0/Db_1/lib/libclntsh.so: wrong ELF class: ELFCLASS64
ld: fatal: File processing errors. No output written to sapi/cgi/php
collect2: ld returned 1 exit status
make: *** [sapi/cgi/php] Error 1

This fails because PHP has decided to link against lib/libclntsh.so when it should have linked against lib32/libclntsh.so

No amount of adding --includedir= and --libdir= on the configure command will result in make doing the right thing and linking against the lib32 version.

The solution? We need to edit the configure script to tell it that lib isn't the be-all and end-all of oracle libraries. This is a pain, I know, but hopefully the PHP people will fix this for 5.0.6 and above.

At line 64660 in configure you will see the line:
elif test -f $OCI8_DIR/lib/libclntsh.$SHLIB_SUFFIX_NAME.10.1; then

Change /lib/ to /lib32/

And at line 69134 you'll notice that it is missing any reference to Oracle 10.1, so we need to add it - add the following two lines just before the 9.0 line:
elif test -f $ORACLE_DIR/lib32/libclntsh.$SHLIB_SUFFIX_NAME.10.1; then
ORACLE_VERSION=10.1

At line 64977 change:
if test -z "$OCI8_DIR/lib" || echo "$OCI8_DIR/lib" | grep '^/' >/dev/null ; then
ai_p=$OCI8_DIR/lib
to:
if test -z "$OCI8_DIR/lib32" || echo "$OCI8_DIR/lib32" | grep '^/' >/dev/null ; then
ai_p=$OCI8_DIR/lib32

Line 64368: add
OCI8_SHARED_LIBADD="-L$OCI8_DIR/lib32"
LIBS="$LIBS -L$OCI8_DIR/lib32"

Now make clean;
cd to your database and rename the lib directory to lib.unused temporarily so that PHP cannot link against it and leave the lib32 one as is.

Switch back to php dir. Run your configure command, make (which should now complete) and make install.

Go back and rename the lib.unused back to lib as other things will need this to exist.

Finally, make sure you add the lib32 path to your LD_LIBRARY_PATH variable before starting apache/php

LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/u01/app/oracle/product/10.2.0/Db_1/lib32"

Your PHP should now be working fine.

Files to help: My "configure" command:
'./configure' \
'--prefix=/usr/local/apache2' \
'--includedir=/space/app/oracle/product/10.2.0/Db_1/rdbms/public' \
'--oldincludedir=/space/app/oracle/product/10.2.0/Db_1/rdbms/public' \
'--libdir=/space/app/oracle/product/10.2.0/Db_1/lib32' \
'--with-apxs2=/usr/local/apache2/bin/apxs' \
'--with-oci8=/u01/app/oracle/product/10.2.0/Db_1'

Diff of the configure script to the regular one supplied with PHP 5.0.5
#->diff php-5.0.5/configure php-5.0.5-working/configure 6:39AM
64367a64368,64369
> OCI8_SHARED_LIBADD="-L$OCI8_DIR/lib32"
> LIBS="$LIBS -L$OCI8_DIR/lib32"
64660c64662
< elif test -f $OCI8_DIR/lib/libclntsh.$SHLIB_SUFFIX_NAME.10.1; then
---
> elif test -f $OCI8_DIR/lib32/libclntsh.$SHLIB_SUFFIX_NAME.10.1; then
64977,64978c64979,64980
< if test -z "$OCI8_DIR/lib" || echo "$OCI8_DIR/lib" | grep '^/' >/dev/null ; then
< ai_p=$OCI8_DIR/lib
---
> if test -z "$OCI8_DIR/lib32" || echo "$OCI8_DIR/lib32" | grep '^/' >/dev/null ; then
> ai_p=$OCI8_DIR/lib32
69133a69136,69137
> elif test -f $ORACLE_DIR/lib32/libclntsh.$SHLIB_SUFFIX_NAME.10.1; then
> ORACLE_VERSION=10.1

Note to PHP developers if they read this - this patch is not one that can be dropped into the regular build - it will only help people who have difficulty installing PHP with OCI8/Oracle10 on Solaris10.

I hope this proves useful to others - it took me >24 hours work to get to this point.

PHP: HTTP Authentication via PHP

2005-09-15T10:56:52Z

When combining sessions with HTTP Auth in order to maintain state. The difficulty surrounding HTTP Auth is that even after you "logout", the browser will continue to send the correct username and password with each request. Thus immediately logging you back in again - unless you use the states to keep track carefully.

In this example we will use two session variables to maintain state and we tell the page that we want to login our logout via an argument in the query string, e.g. ?login ?logout

The two state variables are:

* LOGGEDIN - Very simple state - either you are logged in or not
* LOGGEDOUT - Will be TRUE if we have logged out. It's primary purpose is to scupper the browser provided password and prevent the authentication routines from running. It gets reset to FALSE when we want to login

Additional benefits to this method are that we only need to authenticate upon login once. Normal code implemented HTTP Auth routines authenticate with every page request

Source code: Example page protected with PHP HTTP Auth

Source code: PHP HTTP Auth include file

In order to use this to protect any page you need to copy the auth.inc.php file to your server and then simply include or require it in any page.
You may wish to set the variable $HTTP_AUTH_REALM to a string before including this as this will change the Basic Realm information in the auth dialog box to a string of your choice.

You should also look at the checkpw() function and replace that with something that will check your user credentials correctly. Input is username, password and it should return TRUE or FALSE if the credentials supplied are OK or not.

Finally, on any page to effect a change of state from logged in to logged out or vice-versa, you simply have to make a link to a page with "login" or "logout" in the url's Query String (that is the bit after the ?), e.g. page.php?login

A working example is provided over in my projects section, the default username is "paul" and password is "gregg"

I hope this code serves as useful learning material. Good luck.

String Case Conversion in PHP

2005-08-18T23:50:21Z

Occasionally I read through some comments on the PHP Manual, sometimes to get ideas on different methods of doing things, other times just to try to keep current with some of the vast array of functions available.

Sometimes, I see things that really scare me - code that is written and published with the best will in the world from the author - but yet displays a lack of a deeper understanding of how to solve a problem. One such case was the invert_case() and rand_case() functions which basically looped through each character in a string doing whatever it had to do to each character as it went. Highly inefficient.

Remember, the only difference in ASCII between an uppercase letter and a lowercase letter is a single bit that is 0 for uppercase and 1 for lowercase.

This brief tutorial is based on code available at:
http://www.pgregg.com/projects/php/code/str_case.phps
and you can see example output at:
http://www.pgregg.com/projects/php/code/str_case.php

Surely it would be possible to write some code that would simply flip this bit in each character to the value you want:
- AND with 0 to force uppercase
- OR with 1 to force lowercase
- XOR with 1 to invert the case
- randomly set it to 1 or 0 to set random case.

There are two methods to achieving this, the first makes a simple character mask and performs a bitwise operation on the string as a whole to change it as required. This method is designed to help teach how this works. The second method uses the power of the PCRE engine by using a regex to calculate the changes and apply them in one simple step.

Both solutions are, I believe, elegant and are presented here for you.

Solution #1:

Code:

// Code that will invert the case of every character in $input
    // The solution is to flip the value of 3rd bit in each character
    // if the character is a letter. This is done with XOR against a space (hex 32)
    $stringmask = preg_replace("/[^a-z]/i", chr(0), $input); // replace nonstrings with NULL
    $stringmask = preg_replace("/[a-z]/i", ' ', $stringmask); // replace strings with space
    return $input ^ $stringmask;

The method here is to generate a string mask, in two stages, that will act as a bitmask to XOR the 3rd bit of every letter in the string. Stage 1 is to replace all non-letters will a NULL byte (all zeros) and Stage 2 is to replace all letters with a space (ASCII 32) which just happens to be a byte with just the 3rd bit set to 1 i.e. 00100000
All we have to do then is XOR our input with the string mask and magically the case of all letters in the entire string are flipped.

Solution #2:

Code:

return preg_replace('/[a-z]+/ie', '\'$0\' ^ str_pad(\'\', strlen(\'$0\'), \' \')', $input);

Much more compact and works by using a regex looking for letters and using the i (case insensitive) modifier and most importantly the e (evaluate) modifier so we can replace by executing php code. In this case, we look for batches of letters and replace them with itself XORed with a string of spaces (of the same length).

Similar principles apply to the random case example, but we complicate this slightly by adding and invert mask (to the solution 1 method). This invert mask is created by taking a random amount of spaces (between 0 and the size of the input string). We then pad this out to the size of the original string with NULL bytes and finally randomise the order with str_shuffle(). We then bitwise AND the stringmask and the invertmask so we create a new mask where randomly letters in the mask have spaces or NULLs. We then XOR this to the original string as before and before you know it you have a randomly capitalised string.
The Solution 2 version requires you to remove the + so that we only match a single letter at a time (or else our randomly chosen case would apply to words at a time), and we use a termary to randomly decide on using a space or a NULL:

Code:

return preg_replace('/[a-z]/ie', '(rand(0,1) ? \'$0\' ^ \' \' : \'$0\')', $input);

I hope this has been a worthwhile read and I would certainly welcome feedback on this article.