Friday, April 15, 2016

PHP 7 with Microsoft SQL Server Driver Released



Microsoft announced on 12th April 2016 early technical preview of the Microsoft Driver 4.0.3 for PHP for SQL Server, using this driver you can connect your PHP application with Microsoft SQL Server currently this server is available only for PHP 7. This Driver enable you to access SQL Server, Azure SQL Database and Azure SQL DW from your PHP 7 apps.

Download Driver


Future Plans

Microsoft plan on a Linux port, expand SQL 16 Feature Support (example: Always Encrypted), build verification/fundamental tests, bug fixes.
This early technical preview provide some limited support on this github page here

We hope this add-on will help you in your future development.

Source: https://blogs.msdn.microsoft.com/sqlphp/2016/04/12/early-technical-preview-of-microsoft-drivers-4-0-3-for-php-for-sql-server-released/

Friday, March 4, 2016

Different between CodeIgniter and Laravel frameworks

Different between CodeIgniter and Laravel frameworks


Here, let us make a brief analysis and know the differences between Laravel and CodeIgniter.

Laravel pros and cons

It is common knowledge that, for web application development, Laravel offers expressive, elegant syntax. Such has been its design. The laravel developer will enjoy the development process. Routing, authentication, sessions are some tasks, which are commonly performed, and are made easier, thanks to Laravel.

Importantly, this framework is designed for the PHP's latest version. Therefore, unit testing support and authentication, which are the base development components, are inbuilt. It is commendable that Laravel framework folds with the blade template engine in a smooth manner.

One area where Laravel outdoes CodeIgniter is it has got exceptions. These, with exceedingly detailed stacktrace aren't available for developers who use CodeIgniter..

Use of libraries and models is easier as Laravel has object-oriented libraries. These libraries are supported with autocomplete feature.

Laravel has its own command-line interface. Called as Artisan, it enables developers to perform abundant tasks. So what tasks? Tasks like migrating databases and seeding databases. Also performed is clearing the cache, etc.

Object-Relational Mapping or ORM in Laravel is simple, eloquent and fast. That said, developers will find it very easy to organize the application's database.

Laravel is best suited for building RESTful APIs. Apart from that, Laravel handles event queuing.

However, Routing in Laravel may be odd at times. Owing to the recent entry of Laravel, it may be a bit tougher if not altogether, to get to find answers. Notwithstanding this fact, the numerous forums and IRC are very much active in helping people find answers.


CodeIgniter pros and cons

It is simple, and also quick to set up CodeIgniter. Just download the preferred version from CodeIgniter homepage. Otherwise, from GitHub. Thereafter, unzip the contents.

Nothing can beat CodeIgniter in terms of documentation, which is clear and very well structured. It is such that all the particular concepts of CodeIgniter which are commonly used are explained clearly, that too, with examples.

CodeIgniter is stable. The popular framework has the advantage of having been tested by the developers in large number. Having said that, the chances of bugs or any other problems going unnoticed is minimal.

The templating engine, which is inbuilt in CodeIgniter, is easy to use and is based on mustache-like templating language. Learning this language is simple even for new developers.

No matter whether you know anything about MVC architecture or not; it is very easy to use CodeIgniter.

CodeIgniter offers output caching. Web pages can be cached so that the loading time can be reduced. Besides, efficiency and performance can be enhanced.

Developers using CodeIgniter can easily seek support. Because this framework has a very big community which uses the framework for smaller projects and also very large projects.

It may be an overstatement to call CodeIgniter obsolete. However, it is to be noted that the framework has been released at the time of PHP 4. Many new features were added later to PHP. Hence, the need for extending code files arises to make this framework work.

Another drawback of CodeIgniter is that it does not offer default modular separation.

Both frameworks, which are unique and similar in many ways have their own set of advantages and disadvantages. However, it is the requirements of the developers that decide which is to be preferred. All that said, if you are a developer working on modern apps, it is suggested you go for Laravel. Every Laravel developer company attributes their ease of web development to this framework.

Wednesday, June 10, 2015

Get webpage loading time using PHP



Execution of server side scripting need to optimize in order to get the Optimized page loading time. In this case most of the Server Side Response typically not more than 2 to 30 seconds. In this case we need to find the Exact page loading time in PHP using the following Script.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

function page_loading_time()
{
    list ($msec, $sec) = explode(' ', microtime());
    $microtime = (float)$msec + (float)$sec;
    return $microtime;
}

$start=page_loading_time();

usleep(100000);  // Delaying page output 0.1 second for testing purpose.

echo "
";
$end = page_loading_time();
// Print results.
echo 'Page Loading Time: ' . round($end - $start, 2) . ' seconds';   


?>

Friday, May 29, 2015

Generate and save file in directory using PHP

4everTutorials

In this lesson we will see how to generate file and save into new directory using PHP. So we will generate a HTML, PHP or any other type of file and save it into a newly created or existed directory.

Step 1: At first we have to select an existing directory or create a new directory by using mkdir() function.


<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

$dir_path = "depth1/depth2/depth3";
 
mkdir($dir_path, 0777, true);

?>

Here, $dir_path is the path to the expected directory/folder of your hard drive.
And ’0777′ is the default permission of the folder/file (widest possible access).

So, the file will be located in this directory: current_directory/depth1/depth2/depth3

But if you want to create the folder outside the current directory, then use “../” for each level you want to go back for the new directory.

For example, if your current directory is “C:\xampp\htdocs\cd” and you want to create the new folder inside “xampp” folder then you have to write like the following-


<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

$dir_path = "../../test";
 
mkdir($dir_path, 0777, true);

?>


So, path for the new directory will be “C:\xampp\test”.

Step 2: After creating the directory simply put the generated file to the directory by using file_put_contents() function.

<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

file_put_contents($dir_path."/name-of-file.html", $content);
file_put_contents($dir_path."/name-of-file.php", $content);
file_put_contents($dir_path."/name-of-file.txt", $content);

?>

Here, name-of-file is the expected name of your file and $content is the the data that you want to save in the file.

Thursday, May 7, 2015

Text rasterization service script using php


This is an example of using Gd / FreeType to generate image text labels with TTF font. Provided script could be used as "text rasterization service" to generate arbitrarily text-images for a web site. MD5-based authorization is used to avoid image generation by unauthorized users.

Compatible with:

PHP 5 or higher
PHP 4.1 or higher
Gd 2.x, FreeType support in PHP


Our "text rasterization service" does the following:

Receives text generation parameters(text and font-size) and md5 sign of secret key + parameters.

Checks(by md5 sign) if rasterized text image exists in cache directory. If so, sends it to web browser and quits.

Checks md5 authorization: computes md5 of secret key + parameters. If computed md5-sign equals to provided md5-sign, then request is valid. Otherwise — somebody else is trying to use our "text rasterization service".

Generates text image with imagettftext. Image size exactly matches text size (using imagettfbbox)

Sends generated image to browser

So, it is possible to automatically generate a lot of image text labels for a whole web site. Caching technique will decrease server load: images would be generated only once.



<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

// Checking for gd and Freetype support 
if (!function_exists('gd_info'))
  die('No gd support in PHP.');

$gd = gd_info();
if ($gd["FreeType Support"] == false)
  die('No FreeType support in gd');

// If you're sure about gd & freetype support
// -- comment out this block 



// directory for caching generated images 
// should be writable 
$cache_dir = '/home/path/to/cache'; // DO NOT FORGET TO CHANGE


// testing cache dir 
// remove these lines if you're sure 
// that your cache dir is really writable to PHP scripts
$tf = $cache_dir.'/'.md5(rand()).".test";
$f = @fopen($tf, "w");
if ($f == false)
    die("Fatal error! {$cache_dir} is not writable. Set 'chmod 777 {$cache_dir}' 
           or something like this");
fclose($f);
unlink($tf);
// testing cache dir END 




// full path to preferred TTF font 
// you could change this to be HTTP parameter 
$font = '/home/path/to/font/FuturaBook.ttf'; // DO NOT FORGET TO CHANGE


// md5 secret 
$md5_secret_key = 'changeme'; // DO NOT FORGET TO CHANGE


// md5 sign of parameters
$auth_sign = isset($_GET['a'])?$_GET['a']:'';

// checking for cached file:
$cache_file = $cache_dir.'/'.$auth_sign.'.png';

if (file_exists($cache_file))
{
  // if cached file exists
  // output it and quit
  header("Content-type: image/png");
  readfile($cache_file);
  exit();
}

// no cached file exists 


// input parameters: text and size 
$text = isset($_GET['text'])?$_GET['text']:'default';

$font_size = isset($_GET['size'])?intval($_GET['size']):30;
if ($font_size == 0) $font_size = 30;
// 


// basic sign checking: 
$computed_sign = md5($md5_secret_key.$text.$font_size);
// computing md5 sum of concatenation 
// of secret key and parameters

// hmac-based alrorithm would fit this case more 
// but for real-world purpose md5 of concatenation
// is enought 

if ($computed_sign != $auth_sign)
  die('Auth failed'); // auth error, provided sign is invalid 


// getting bounding box 
$bbox = imagettfbbox($font_size, 0, $font, $text);
// imagettfbbox returns very strange results 
// so transforming them to plain width and height 

$size_w = abs($bbox[2] - $bbox[0]);
// width: right corner X - left corner X

$size_h = abs($bbox[7] - $bbox[1]);
// height: top Y - bottom Y

// This is a lower-left corner 
// but imagettfbbox() sets (0,0) point
// inside bounding box
// so we shifting lower-left corner
$x = -abs($bbox[0]); 
$y = $size_h - abs($bbox[1]);

$im = imagecreatetruecolor($size_w, $size_h);
// creating image

$back = imagecolorallocate($im, 255, 255, 255); // background color
$fore = imagecolorallocate($im, 0, 0, 0); // foreground color

imagefilledrectangle($im, 0, 0, $size_w - 1, $size_h - 1, $back);
// filling with background color

imagettftext($im, $font_size, 0, $x, $y, $fore, $font, $text);
// rendering text

imagepng($im, $cache_file); // outputing PNG image to file cache 

imagedestroy($im); // destroy image 


// sending data from cache file 
header("Content-type: image/png");
readfile($cache_file);


?>


To generate image 'Hello World', 90 pixels size you should call this script as (assuming you've saved it as font.php):


<img src="./font.php?text=Hello+World&size=90&a=4c9a240e98490275d845c96fdb8e5a19">


Note parameter 'a=4c9a240e98490275d845c96fdb8e5a19'. '4c9a240e98490275d845c96fdb8e5a19' is a result of md5('changemeHello World90'): concatenation of secret key, text and font size.

You could use some helper function to set script arguments, like 'image_params':
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

$md5_secret_key = 'changeme';

// returns parameters and md5 sign for 
// text generating service
function img_params($text, $size) 
{
  global $md5_secret_key;
  $p = '?text='.urlencode($text).'&size='.$size.'&a=';
  return $p.md5($md5_secret_key.$text.$size);
}

?>

<html><head><title>Test</title></head>
<body>

<center>
<img src="./font.php<?php echo img_params('Hello World', 90);?>">
</center>

</body>
</html>
 

Thursday, April 2, 2015

Htaccess code syntax to prevent your wordpress website from attackers

Htaccess code syntax to prevent your wordpress website from attackers 
Hypertext access (.htaccess) file is the common name of a directory-level configuration file which allows decentralised management of web server configuration. A .htaccess file is always added to the root directory, it can override many other configuration settings which includes server’s global configuration, content type and character set.



 A .htaccess file can be used for lots of hacks that will secure and improve functionality for WordPress blogs and websites. Following are lists of main htaccess code snippets which will improve and prevent WordPress sites from hackers. Some will allow to block specific IP addresses to visit the site, redirect visitors to maintenance page when particular site is redesigned or modified, prevent IP addresses to login into the wordpress admin section etc.


Blacklist undesired users and bots ip address
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/


order allow,deny
allow from all
deny from 132.151.389
deny from 91.131.784
deny from 773.966.769
deny from 178.406.880



?>


Redirect visitors to a maintenance page
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.php$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123
RewriteRule $ /maintenance.php [R=302,L]


?>


Redirect www to non www or vice versa
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.yourblogpath.com [NC]
RewriteRule ^(.*)$ http://yourblogpath.com/$1 [L,R=301]
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^yourblogpath.com [NC]
RewriteRule ^(.*)$ http://www.yourblogpath.com/$1 [L,R=301]


?>


Force Caching with htaccess
The following htaccess code won’t help the initial pageload, but it will significantly help subsequent pageloads by sending 304 statuses when requested elements haven’t been modified.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

FileETag MTime Size
ExpiresActive on
ExpiresDefault "access plus x seconds"


?>


Allow only your IP adress on the wp-admin directory
Replace your IP with allow from xx.xx.xx.xx which will only allow your IP to access wp-admin directory.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Wordpress Admin Access Control"
AuthType Basic

order deny,allow
deny from all
allow from xx.xx.xx.xx



?>


The easiest way to ban a WordPress spammer
To block certain IP address from accessing your blog enter the following code into .htaccess file and replace example IP address with the one you want to ban.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/


## USER IP BANNING

order allow,deny
deny from 670.45.145.125
allow from all


?>


Deny access to your wp-config.php file
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

# protect wpconfig.php

order allow,deny
deny from all



?>



Limit the File upload size to 10MB
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

# limit file uploads to 10mb
LimitRequestBody 10240000


?>


Password protected directories
A simple way to password protect blog directories
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/

AuthType Basic
AuthName "restricted area"
AuthUserFile /usr/local/var/www/html/.htpasses
require valid-user


?>


Quickly secure plugin files
WordPress plugin files might have a loop hole and may allow hackers to get into your website. To prevent others to have direct access to plugin files use following code.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/


  order allow,deny
  allow from all



?>

Saturday, March 21, 2015

Popular Security Libraries for PHP Developers

Today, PHP is one of the most popular web programming language for creating dynamic websites. There is bunches of data on the web that PHP developers make utilization of. On the other hand, few of them are obsolete and can manage anybody to compose "awful code.

In this post, we have introduced to popular PHP security libraries that will help them to create security interfaces for web applications. If you have any suggestion regarding PHP Security Libraries please write in comment box. Thanks

Popular Security Libraries for PHP Developers


HTML Purifier

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C’s specifications.

URLcrypt

URLcrypt makes it easy to securely transmit short pieces of binary data in a URL. Use it to securely store things like user IDs, download expiration dates, and more. URLcrypt uses 256-bit AES symmetric encryption to securely encrypt data, and encodes and decodes Base 32 strings that can be used directly in URLs.

PHP Intrusion Detection System

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

TCrypto

TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library. By default, a cookie will be used as a storage backend. TCrypto has been designed from the ground up with security in mind. Safe algorithms and modes. Automatic and safe initialization vector creation. Encryption and authentication key creation (Keytool) using strong randomness. Key rotation (versioned keys). TCrypto can be used as a scalable “session handler”. Especially scalable, if cookies are used as a storage backend. This is a bit like Ruby on Rails sessions.

PHP Password Lib

PHP-PasswordLib aims to be an all-inclusive cryptographic library for all cryptographic needs. It is meant to be easy to install and use, yet extensible and powerful enough for even the most experienced developer.

PHPSecLib

phpseclib is designed to be ultra-compatible. It works on PHP4+ (PHP4, assuming the use ofPHP_Compat) and doesn’t require any extensions. For purposes of speed, mcrypt is used if it’s available as is gmp or bcmath (in that order), but they are not required.

Hybrid Auth

HybridAuth is an open source PHP library for authenticating through multiple social services and ID providers. The services supported include OpenID,Facebook, LinkedIn, Google,Twitter, Windows Live, Foursquare, Vimeo, Yahoo, PayPal and more. It can be integrated easily into existing websites by inserting a file and few lines to the sign-in/up pages.

Security Check – Sensiolabs

This tool is almost essential to both beginners and experienced PHP coders. The way it works is quite simple, you upload your .lockfile and it does the rest for you. If you look at the stats, the numbers of vulnerabilities found is quite staggering, don’t be surprised if your own projects might output some nasty stuff that you have missed.

SecurityMultiTool

A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks. The purpose of the library is to serve as both a useful set of utilities and to act as a set of reference implementations which can be learned from. It may be used by applications regardless of whether they are web application framework based or not. The use of a web application framework does not guarantee your security.

 

© 2014 4everTutorials. All rights resevered.

Back To Top