Category Archives: PHP

How to convert between sqlite2 and sqlite3 database

Here’s a short guide on how to convert between sqlite2 to sqlite3 database file:

[bash]
sqlite2 /path/to/mysqlite2.db .dump > backupfile
sqlite3 /path/to/mynewsqlite3.db < backupfile
[/bash]

Using the same method, you can convert sqlite3 db to sqlite2 db too!

p/s: Why you need to convert? because embedded device (read: iPhone and Android) only supports sqlite3 database, while PHP 5 by default supports sqlite2 database.

Thus, this method provide a convenient way to convert between the two different version of sqlite db format.

Securing Ajax and Web Services

It is undeniable that Web services and AJAX-ified interfaces are the trend now. Application that utilizes internet to retrieve data (such as mobile application or other thin client) uses web services alongside with its data format. AJAX-ified interface and website gives a modern and edgy look can make websites more attractive and can create great impression to the users.

However the issue of the web application security would still remain the same, if not more challenging, since there are so many ways to exploit the vulnerability of websites that utilizes Web Services and AJAX transfers on the background.

Therefore, it is imperative to use the right technique in order to evaluate the security of these services before deploying them out in the open.

For that matter, now I’m currently reading Ajax Security (Hoffman,B. & Sullivan, B.) and Securing Ajax applications (Wells, C.) which in my opinion is a pretty good start for somebody like me to understand common methods for securing web services and websites which uses AJAX heavily.

Hopefully the situation would improved as there are a lot of campaigns around to raise the state of awareness of web application security.

My wishlist: PHP Development in the Cloud

I’m not a PHP developer by profession, nor I’m very good at it, there are times where I was required to write PHP web application for my daytime job. While it is still a simple application, nevertheless I grew fond of the simplicity of PHP application development and deployment (though some aspects of the language still confuses me, and sometimes the maintenance is a PITA).

I haven’t developed any PHP application for the masses yet, but if I do, I imagine it would benefit from the use of Cloud, therefore my latest wishlist is this book: PHP Development in the Cloud

php development in the cloud

The book is written by Ivo Jansch and Vito Chin, and it covers Cloud Computing Characteristics and Models, Cloud Computing Architecture and Scalability and how to prevent bottlenecks, Working with Popular Cloud Infrastructures and Platform (covers Amazon, Google and Rackspace) and Working with Popular Cloud Software and Services (OpenID, OAuth, CRM, Maps and Storage).

The book is available from in paperback format from online bookstore (Amazon, Barnes & Nobile, etc) or in digital form from PHP Architect website

5 things that I look for when getting PHP / MySQL Web Hosting

1. SSH Access
Ftp access is not enough anymore as it is insecure (password is being transfered in plaintext). Besides, SSH access enables me to download updates and patch and updates directly inside the web server instead of having to upload it bit-by-bit from FTP server. Normally, some web hosting provider refuses to give SSH access out fear that their security would be compromised, well those providers aren’t for me.

2. PHP / MySQL release
Alot of webserver claimed to have the *latest* release of PHP and MySQL running on their webserver but is it true? Not all latest software are good/great, I will always ensure that the one offered by the web hosting is the most suitable for my application need.

3. Customizable DNS Record (NS)
A feature noticeably lacking in CPanel (I hate CPanel, with a passion). A customizable DNS record allows you to freely change your domain A, MX and CNAME record to point somewhere else. Sometime the domain registrar (ENOM comes in mind) lets you customize your own DNS Record without web hosting providers help. The ability to change DNS Record is important because it lets you host part of your web application somewhere else like by using Google Apps, etc.

4. Shared Hosting or Virtual Private Server (VPS)
Shared Hosting is probably the best choice if you are just starting to learn on how to host your own php/mysql application. Things to look in Shared Webhosting is whether you are within a ‘bad neighborhood’… meaning that whether my website has to share the same server/ip address with notorious spammers as this will affect website reputation. Plus, bad neighborhood is also the main cause for frequent downtime and website slow downs.

VPS is probably a better choice, but it requires some administrative skills from the site operator (read: you!) side. Things to look for in VPS hosting option is the total RAM and processor slice. If you are hosting a busy website with more than 5000++ unique visitors per day, then do not take a VPS with less than 512MB RAM, because you may find that it won’t cut it. Busy websites require higher RAM, it would also help if you use lighttpd or nginx webserver instead of the resource-hungry Apache. One more thing, when surveying for VPS provider, I will almost certainly look for the one that allows on-the-fly resource resizing or at least offer the option of letting users to re-size resources by themselves.

5. Mod Security Filters
This is in case of shared hosting — Mod security in Apache enhances the security of Apache-hosting websites. Although this feature is rarely advertised on the web hosting providers’ site, It is actually one of the most important feature to have, especially if you are going to host high-risk web application. I would prefer one that allow customization in ‘.htaccess’ file.

That’s it, the FIVE (5) things that I always look for when surverying for web hosting provider. Some of you might notice that I didn’t mention SLA (eg: 100% uptime guarantee or money back guarantee, etc). Well, to me SLA as promised by most Web Hosting provider aren’t even remotely realistic as it is not predictable, and most of the Web Hosting provider (including one that offers VPS) grossly oversell their service, so as a result, most of them fail to meet their own SLA. Don’t get me wrong, I rather host with a provider which have great track record with efficient service.

How to find cause of heavy usage on your Apache webserver

Here’s a quick and dirty tips on how to find cause of heavy CPU resources usage on your Apache webserver (especially when running php scripts).

First you need to locate the Apache 2 “access.log” file. By default in Ubuntu, this file is located in “/var/logs/apache2″ directory.

Then you need to run this command to find out which IP address accesses your website the most in a short time.
[code]
tail -10000 access.log| awk '{print $1}' | sort | uniq -c |sort -n
[/code]

The output of the command should contain a list of IP addresses along with the number of hits it made in the last 10,000 access of your website
[code]
47 117.58.252.98
81 202.124.242.186
84 202.124.245.26
182 194.164.101.217
220 208.101.22.146
225 72.167.131.144
3946 93.135.xxx.xxx
[/code]

From here you can easily locate the offending ip address and proceed to block it from accessing your website further using .htaccess file or other blocking method.

Here is an example to block certain ip address from accessing your website using .htaccess file
[code]

order deny,allow
deny from 93.135.xxx.xxx
[/code]

Save .htaccess file in the root directory of your web server (example /var/www), and the ip address wont be available to access your site again.

Hope that would help you!

HP Officejet 5680 – How to Send Fax from Ubuntu Linux Computer

This serves as a continuity from my previous post, I got myself a new and flexible Printer – HP Officejet 5680 All in One.

HP Officejet All-in-One Under Ubuntu
Its all seems rather easy at the way I left off, the printer is fully functioning by just plugging it to my Ubuntu pc, the scanner works well without I having to do anything special, the phone is fully functioning (yeah it is included with the printer) and I am able to send and receive fax without a hitch, something that I cant do without installing 350MB of companion application (half of it was crapware) under WIndows Vista.

Everything worked, what left to do?
What left to do is figuring out how can I send fax directly from Ubuntu (or other Linux base operating system) using only digital files (*.txt, *.pdf, *.ps, *.jpeg), so I don’t have to print those files and fax them one by one anymore.

HP Linux Imaging and Printing project
Through googling, I found that Hewlett Packard (HP) has published open source software tool to deal with their printers. Free and Open Source drivers and printer-specific application directly from manufacturer, which is very cool!

Fortunately Ubuntu already installed HPLIP tools by default with CUPS in my machine. The next step that I should take is to run ‘hp-setup’ as root to configure my printer port and run the ‘hp-sendfax’ application to send the faxes.

Both of these tool requires python-qt3 package which is available from Ubuntu software repository.

Now I can fax my pdf documents directly without having to print them first, a huge saving over ink and paper cost.

hpfax11.png

hp2.png

Conclusion
If you are planning to get a new printer, then I would suggest you get a HP printer. Not only because HP printers are reliable, but they also comes with Free and Open Source drivers and applications for the Linux based operating system. Well that’s a good reason to get HP printers.

Please visit HPLIP project website for more information about HP printers support under Linux based operating system.

[tags]hp,hewlett packard,printer,linux,opensource,ubuntu,foss,drivers,hardware,scanner,officejet[/tags]

I’m selling Webbots, Spiders, and Screen Scrapers Book

Hi there, I’d like to announce here that I’m offering to sell Webbots, Spiders, and Screen Scrapers : A Guide to Developing Internet Agents with Php/cURL for a heavily discounted price to Malaysian. The book is new and it is still in its original packaging from Powells.com, the reason for selling it is there’s a confusion during the ordering process that I received two books of the same title, so I’m selling it.

The book is interesting because it detailed on how to build efficient and stealthy web robots to manage your daily tasks, data mining and website monitoring. There are also 3 chapters in this book which deals with bots designed for crawling other protocol than web (ftp, nntp, emails)

This book is a must have if you’re interested to learn about how to build and deploy webrobots which is still considered a black art even today.

Details
webbots.jpg

My price : RM85 (USD27) – inclusive post cost
Pay to : Maybank,CIMB, Paypal
Delivery : by PosLaju
Condition: New (you can smell the ink + original package)

Please contact me if you’re interested.

RFC 2822 Email Validator in PHP

Here’s regex pattern that checks for email validity that conforms to RFC 2822 specs : regex.txt
This may be useful for you if you’re writing a robust email validation class/function in PHP, that checks for validity according to specs. This will also indirectly address security concern against injection attempt by malicious users.
Additionally, there’s a demo with complete source code for checking email validity using eregi : Validate Email Addresses using Regular Expressions

If you are planning to validate email addresses for use in a home-made php mailer form, then you should read this too : Sanitize Your Forms

You might find it handy as it guard your form againsts malicious users that want to manipulate your form to do Email Injection for spam purposes
[tags]php,regex,email,validator,validate,source code,spam,injection[/tags]

owasp php filters – help sanitize php variables

Internet is full of spam bots, autosubmitters, malicious users and worms that can compromise the security of your website at any given time, therefore you should be suspicious of any data you receive via GET/POST variable in your system.

Among the nasty things that could happen to your system when you don’t filter your data is, SQL injection, Script Injection, Email abusing and Remote Execution the attacker could deface your website or even wipe your entire database if you’re not careful with it.

One of the way to filter your data is to use preg_match to write regex rule for the variable that would be accepted.

However I find writing preg_match sometimes can be tiring, and that’s why I use owasp php filters to simplify the work for me. It consists of one function sanitize(), that take the variable that you want to filter and an option.

The option may be any of this value PARANOID,HTML,INT,FLOAT,LDAP,SQL,SYSTEM and UTF-8 that filters the type of data accordingly. For example if you want your variable to contain only floating-point number, then you can code it like this :

< ?php

require('sanitize.inc.php');

$var=100.50;

$float = sanitize($var,FLOAT);

?>

I isn’t much, but surely it will simplify your php coding a bit more, the other option is self-explanatory save PARANOID, which means that the variable will contain only alphanumeric character after sanitize.

SQL is handy if you want to include the variable value inside an SQL statement, this will avoid the risk of the notorious SQL injection which will affect the security of your data.

you can download OWASP PHP filter here

[tags]php,security,filters,mysql,sql,sql injection,injection[/tags]