Flux RSS des billets

DotMG's joblog

Work hard at whatever you do! (Ecc. 9. 10a)
La catégorie php a 4 Billets
Publié le 22 Fév 2013, 2:08 pm dans linux, php

I wanted to upgrade this server's PHP to 5.4. According to what I read from Blite official website, running Blite on 5.4 would reduce again my memory usage from 810kB to less than 350kB. But the stable version when I try to upgrade via apt-get install php5 is PHP 5.3.21.

So I tried adding dotdeb repository to my sources.list, then made an apt-get update and apt-get install php5. But the last command, apt-get install php5 removed the package roundcube-sqlite, which was my choice of SQL backend for webmail on this server. At first, I didn't notice the warning about "The following package will be removed", and I made roundcube unusable on the server. PHP 5.4 was successfully installed though. Anything I tried to install roundcube-sqlite failed.

During this time, I could test the performance of Blite, but, unfortunately, I didn't see any change in memory peak usage, I didn't even get the memory usage going below 800kB. In my point of view, there was absolutely no change, no benefit.

I then removed dotdeb from my sources.list, removed php5, and make an apt-get update; apt-get install roundcube to reinstall roundcube, along with PHP 5.3. This made my server go back to its previous state.

This experience made me think that to successfully use latest versions of softwares, the best way to do is compile from source. Having broken dependencies on my packages will be the worst thing I don't need for my servers.

Publié le 4 Oct 2012, 8:15 am dans apache, php

This is the second part of the story about this site in all plain html that needed some revamp. Yesterday, I talked about installing PunBB as a forum, and today, I'll talk about a quick templating.

I think the webmaster used tools like Dreamweaver to build the site. My friend asked me to move one image in the footer of the page. That image was inside a <table>, moving it for one page was not a PITA, but repeating the steps for all .html files would really suck. Other options would be to create a script to do this automatically, or restart from scratch with a templated system. Finally, I found a dirty quirk to do the job, and without changing any file present in the site. It's really simple, I redirect all URL in .html into a script mytemplate.php, passing the filename as a parameter, and do everything in mytemplate.php.

.htaccess to perform the redirection:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^([^/]*).html$ mytemplate.php?page=$1 [L]
RewriteRule ^/?$ mytemplate.php?page=index
</IfModule>

Second step is to copy index.html into mytemplate.php. I stripped all content, leaving only what would be in a template, ie: <head>, header, footer and sidebar part of <body> tag. mytemplate.php is now my template for all .html file. What I removed was replaced with some simple PHP instructions which load the content of the page :

<?php 
if (preg_match('![/\\:]!', $_GET['page'])) return;
$k = file_get_contents($_GET['page'].'.html');
$k = preg_replace('/^.*<!-- end of menu -->/sm', '', $k);
$k = preg_replace('!^\s*<!--start of footer -->.*$!sm', '', $k);
echo $k;
?>
The first instruction is a security measure, just in case someone tries to exploit this template with URL like /mytemplate.php?page=/etc/passwd (although the 2nd line allows only .html file to be read). The second line loads the .html file. The 3rd and 4th lines strip headers and footers, because they are now provided by the template mytemplate.php. Looking for the pattern was the hardest thing to do, but if some of the html files missed these pattern, I could add them manually. And that's it. For any change I need to do, I have to play with mytemplate.php only. The other good surprise is that I can mask all the changes I've made just by disabling the rewriting in .htaccess.
Publié le 3 Oct 2012, 2:31 am dans cms, php

One reseller of webhosting at Dot.MG asked me to revamp one of her customer's website. The old webmaster seems to ignore anything about templating and dynamic pages, all files of the website were served statically. That's a good thing for my servers, but a very bad thing when it comes to touch something in his designs. We'll talk later about how I re-templated this installation.

This site had a bulletin board, which was hosted elsewhere, on free forum hosting, and integrated to his site with ugly <iframe>.

I had to install myself a discussion board, and, it's the first time in years that I had to play again with a bulletin board. Last time I've use one, PhpBB was the king of BBs. One of the forum I like is run by Vanilla and I went on their site to download one look for a download link. I was not looking to download the archive, rather looking for a download link, to copy the URL and use wget on the server. Actually, I feel very uncomfortable with downloading something to my PC and then uploading the file to my servers. I'm now used to get the tarball directly from my test server, doing the install there, and repeat the process on the production box when everything is okay.

But, VanillaForums didn't give a simple download link, the download was on a post form, so I was obviously obliged to use a browser and click the download button. I gave a last chance to Vanilla by passing --post-data to wget, but when this was also failing, I gave up and did a quick search for lightweight forum. Then I saw this stackoverflow discussion where I saw PunBB as one of the candidates. And yes, PunBB has usable download links. At my great surprise, PunBB has support for Sqlite, the installation was easy and straighforward.

And there are the reasons why I chose PunBB.

Publié le 27 Sep 2012, 10:14 pm dans php
I was given a CD containing a website that the owner wanted to transfer to my Madagascar web hosting dot.mg. Well, I don't know how they did burn this disk, but when the copy and installation was completed, the site showed gibberish content and at the bottom of the page a sensitive part of the PHP source were exposed. Some of the PHP source were corrupted, and the <?php markers along with some code were replaced with binary lettersalad. I spotted only one file corrupted, but since this corruption could leak sensitive information, I needed a way to list all corrupted files so that I could reclaim them from the website owner. So, basically, what I want is a tool that checks all php files and list which ones of them contains binary data. The quick solution I created was this very simple command :
 grep -r $'[\x0e-\x1f]' * | grep php
My pattern is $'[\x0e-\x1f'], any character between ascii code hex 0E and 1F. I could have listed all character that cannot appear in normal text files, but somehow, this was sufficient. The option -r iterates through subfolders, and for this, I could not use *.php as file pattern. The first part of this command finds binary characters from 0E to 1F in all files. If a match is found, it outputs texts like
Binary file images/test.jpg matches
Binary file inc/connexion.php matches
Look! grep considered file inc/connexion.php as binary file. What remains is to filter this output and show only php files, that's what piping to grep php stands for. And voilà!