Archive for the ‘Php’ Category
Publish to Facebook page or application’s wall with PHP
Just after implementing the Twitter Oauth API to publish tweets from a PHP application, I thought that doing the same with Facebook would be a piece of cake. Well, not quite, although I’ve finally managed to have the messages published to a page wall, or even to an application’s page wall from an automated script. In this article I explain some of the problems I encountered and how to solved them. I hope this example may be of help if you are having trouble with this.
New MVCLight v0.1a released
I have had the time lately to build a basic MVC framework in PHP, based on the great tutorial by PHPro.org.
It has been designed to be light though structured and functional. It is intended for people who need to develop home-brew solutions and are not happy with the footprint of other frameworks, or for those who just want to have fun while creating their own MVC system.
If you are interested, visit the page for documentation and download here.
Choosing a PHP MVC Framework: Yii Vs. Kohana Vs. Home made MVC
Choosing a framework is never an easy task, there are many aspects to consider, the three most important ones are, from my point of view:
- Available features and community extensions.
- A good documentation with examples.
- A low footprint.
The balance between these three values and the impact of each one on your project will determine the good candidate. Since having a wide range of included features and an active community who provides with extensions, we are sure that the wheel won’t be reinvented. Thus, we can become productive much faster.
ActionScript 3 and cross-domain problem
One of the most typical problems when coding AS3 to, let’s say, read data from an external XML source, is the cross-domain problem. According to security policies, not an url outside the domain where the AS application is being executed can be read, and different subdomains (such as www.yourdomain.com and yourdomain.com) are considered as different ones.
If the external resources you are trying to use come from your own application in another domain / server that you manage, then it can be fixed by adding a cross-domain policy file. This file must be defined on the content source server, and your AS application has to explicitly declare this server as allowed.
Security.allowDomain("domainone.com"); Security.allowDomain("domaintwo.com"); |
But if this is not the case and the content source is on a different remote server like, for instance, when implementing an RSS news reader which grabs content from sources like online news sites, then this problem can be worked out with a PHP proxy file.
Basic web mapper
Sometimes it is useful to have an automated tool to get the full web map of your site. Perhaps not your own web site, since you have already implemented some kind of automatic generation and notification to Google (have not yet?), but a client’s one.
There are a few tools to map an external web site, I tried some in my particular case. They were just adware, or demos, or they obscured the links in the final report… Yeah, of course, sometimes a $30 license is worth it, but you might not want to acquire a new piece of proprietary software every time you need a new feature, might you?
So I decided to write it myself in PHP, not for the money, but for the fun 
Read the rest of this entry »
Tunneling a multipart POST message through PHP and CURL
In this post I’m going to cover a particular solution to a given problem we’ve faced up in our last project. Let’s set the background: there is a complex web application under development on a shared virtual machine, installed on a subdomain of a public network that will change when going to production. We have also a commercial website hosted in a shared server under a domain that should not change, since it is our first step out of this virtual farm.
For this project, we require to integrate some cameras which send pictures via GPRS connections to the server, and we want to provide some user authentication to avoid having anybody posting whatever to this web service. So, we have developed a controller in Code Igniter which gets a camera ID / password from POST, and also the bytes for the image, and proceeds to do some filtering. For instance, camera ID and password should match with the values previously registered in the database, and the picture should be MIME image/jpeg, with a limit of 2MBs. Up to now, nothing special, tested and working with POSTS from the within the website.
The problem came when we found out that cameras only allow to send their information to a root domain, to a particular file, let’s say upload.php. So, we would only need to put this file in the root path and it’s done. Unfortunately, doing so in the application virtual server would result on flashing again all the cameras once we move to a new server and set up a final domain name. We might be able to install this receiver in the commercial website root path, but then we would require to send the message back to the application server in any way, so it is not the best solution we want to solve this issue.
‘Just add a domain that points to this subdomain and you are done’ would you say. Well, yes, that would have done the trick. Unfortunately, we cannot host this domain in the machine since we have no administrator rights on the servers farm. Nor can we just use this external domain because it produces an HTTP redirection which, to make things worse, is not supported by the camera. We’ve even tried with cloaking the url of the receiver with an external subdomain, with no success – since cloaking wraps the real content inside an iframe and it breaks the POST message.
What a headache! it seemed there was no way to implement the system with the full functionality we wanted…
Access Control List (ACL) with Code Igniter
In the last project I’ve worked on, I needed to install any kind of ACL to allow certain methods to be accessed only by some user roles, like website administration, etc. I’m building this website on Code Igniter, so I missed some related features that are available in other PHP frameworks like CakePHP or Zend.
After googling a bit, I found our several methods to get an ACL. Zend framework can be integrated into Code Igniter to use its library, but doesn’t seem really natural to me. I prefer having an previously constructed list, than building it ‘on the fly’ inside my code.
Then I fell into phpGACL, a free software project which allows to solve this problem on an easy way. It uses an API to connect to a database, where tuples of ‘controller’ – ‘method’ – ‘user’ can be stored (actually, AXO – ACO – ARO, acronyms of Access eXtended Object, Access Control Object, Access Request Object). And I developed my first version over this tool, on the most transparent way I was able to find:
Creating Triggers in MySQL from PHP
On my last project, I needed to create tables periodically on a database, to partition data in several identical tables, named according to the year quarter. Instead of using MySQL 5.1 automatic partition, I preferred doing it in a more manual way, to allow accessing individual partitions if suitable to speed up queries.
So I wrote a php script that would run with a cron job and every three months, create a new table, add it some triggers, and remap a MyISAM merged table on another database. Clear and easy, at the beginning. Everything went right until I went for the triggers creation…
Protecting your application from exploits related to include()
Como hemos visto en capítulos anteriores sobre problemas de seguridad y sql injection, hay una serie de aspectos relacionados con la seguridad a tener en cuenta a la hora de diseñar una aplicación web. Uno de los más explotados es la falla abierta por un uso indebido de la función de php include().
Veamos un ejemplo:
1 2 3 4 5 6 7 8 | <a href="?page=home.php">Home</a> | <a href="?page=contact.php">Contact</a> < ?php $page = $_GET['page']; if ($page) include $page; else echo "404, page not found!"; ?> |
En el ejemplo anterior, pasamos como variable ‘$page’ el nombre del archivo (php en este caso, podría ser html u otra extensión), que será cargado en la línea correspondiente mediante ‘include()’. La ausencia de filtrado de esta variable puede dejar nuestra aplicación a merced de cualquier intruso poco experimentado, veamos por qué.
Read the rest of this entry »
Formatting data in XML with PHP
Notice: Article only available in Spanish!
Ahora que ya he explicado cómo crear una clase en php para leer datos de una base de datos, y que también conocemos las bases del lenguaje XML, vamos a crear una clase para formatear estos datos en XML. De este modo, podremos compartir datos entre distintos tipos de aplicaciones, sin necesidad de tener acceso al servidor de bases de datos más que en una de ellas: la pasarela de datos.
Una vez formateamos en correcto XML, podemos ofrecer un documento como XML puro para aplicaciones externas que quieran utilizar nuestros datos, o un RSS estándar para que nuestros visitantes sincronicen las noticias del sitio; podemos también ofrecer un servicio SOAP para aplicaciones que no sólo precisen nuestros datos sino también funciones y servicios avanzados; o podemos simplemente adjuntar una hoja de estilos xls y mostrar nuestro documento en un navegador, como lo haríamos con xhtml y css. Bastante útil, ¿no?
Read the rest of this entry »
