2718.us blog » php http://2718.us/blog Miscellaneous Technological Geekery Tue, 18 May 2010 02:42:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.4 Statistics on LiveJournal-based Sites v2.0 http://2718.us/blog/2008/10/22/statistics-on-livejournal-based-sites-v20/ http://2718.us/blog/2008/10/22/statistics-on-livejournal-based-sites-v20/#comments Wed, 22 Oct 2008 18:05:39 +0000 2718.us http://2718.us/blog/?p=111 The reworking of my site that shows comparative statistics on every site based on the code from LiveJournal is now up and live and at a new URL:  http://lj-stat.2718.us/.  Moreover, there are now graphs of the data over time.  The data is updated at noon and midnight central time (U.S.).

One of the things that took the most work to get right was the thickness of the graph lines.  Because of the nature of the graphs, it was an absolute necessity that the lines be drawn with antialiasing enabled.  PHP’s interface to GD (or perhaps it’s GD itself?) ignores the line thickness setting when antialiasing is enabled.  The solution I eventually settled on is to, more or less, draw several one-pixel-wide lines next to and on top of one another to get the appearance of a thicker line.

As an aside, I’m using the technique mentioned here for permanently redirecting the old URL to the new URL:

… if you actually moved something to a new location (forever) use:

<?php
 header("HTTP/1.1 301 Moved Permanently");
 header("Location: http://example.org/foo");
?>
]]>
http://2718.us/blog/2008/10/22/statistics-on-livejournal-based-sites-v20/feed/ 0
A Variety of Issues with Pseudo-Random Numbers in PHP http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/ http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/#comments Mon, 01 Sep 2008 01:10:22 +0000 2718.us http://2718.us/blog/?p=106 It appears that there are now demonstrated exploits of PHP apps that use mt_rand() and/or rand() as a result of issues of seeding in one application affecting the PRNG stream in another application that used the PRNG to generate passwords or similar such things.  From mt_srand and not so random numbers:

… it is strongly recommended for the PHP developers to add more secure random number functions to the PHP core and it is strongly recommended for PHP application developers to keep their fingers away from srand() or mt_srand() and to never ever use rand() or mt_rand() for cryptographic secrets.

It sounds like the PRNGs in PHP, mt_rand() and rand(), shouldn’t be used for anything security-related, and perhaps /dev/random or /dev/srandom or some such should be used instead (though this is much more system-dependent).

]]>
http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/feed/ 0
Best Reference Tools Ever http://2718.us/blog/2008/04/17/best-reference-tools-ever/ http://2718.us/blog/2008/04/17/best-reference-tools-ever/#comments Thu, 17 Apr 2008 20:33:03 +0000 2718.us http://2718.us/blog/?p=23 If, like me, you find yourself doing lots of random web stuff, particularly with all the HTML, CSS, MySQL, and PHP that go along with it, you may find yourself looking for a good reference book so you can quickly check the syntax of that one thing you only use like once a year and for which you can never remember the order of the arguments.  For a longtime, for me, this meant that I programmed with a whole separate browser window on a separate monitor devoted just to having up the reference manuals for PHP and MySQL as well as the W3C pages giving the full specs on HTML and CSS, all in whatever versions I happened to be using that day.  It worked, but not well.  (Which is to say, it worked well enough that I haven’t spent the $10-$20 for a nutshell pocket reference guide in a few years, but I’d still look at them every time I was in a bookstore and think about buying them.)

Then I discovered Bob Stein and VisiBone.  For months now, I’ve had the card collection and MySQL cards.  I’ve still had to have the PHP manual up.  That is, until now, with the new PHP products.  With luck, I should have my PHP+MySQL book by the beginning of next week (since he’s updated the MySQL cards since I bought mine, but the card collection is still up to date, so I didn’t get the everything book).  I keep trying to put my VisiBone reference stuff away, since it’s always out in the middle of my desk, but it never stays put away even for a day before I find myself pulling it out to use again.

]]>
http://2718.us/blog/2008/04/17/best-reference-tools-ever/feed/ 0
Using WordPress for User Authentication, Part 2 http://2718.us/blog/2008/04/16/using-wordpress-for-user-authentication-part-2/ http://2718.us/blog/2008/04/16/using-wordpress-for-user-authentication-part-2/#comments Wed, 16 Apr 2008 18:08:33 +0000 2718.us http://2718.us/blog/?p=22 After implementing other pages that used WordPress to authenticate users and deal with access control, I went to move these pages off to a subdomain, and suddenly found that auth_redirect wasn’t quite working right.  When auth_redirect is called and doesn’t find a logged-in user, it redirects to login and passes the URI of the current page… well sort of.  It passes the request string, but it ignores the server part.  So, when the login page is done and tries to redirect, it’s going back to the main WordPress server, not the subdomain.  Fortunately, auth_redirect is a very simple function to duplicate and it is designated as pluggable–that is, a plugin can be used to redefine auth_redirect, so I’ve now got a plugin that overrides auth_redirect() with auth_redirect($use_current_host = FALSE) so that if I want auth_redirect to pay attention to the host, I call auth_redirect(TRUE).

This is all fine and good, but still doesn’t quite work, since WordPress is smart and won’t just redirect anywhere willy-nilly.  It will only redirect to authorized-for-redirecting servers (wp_safe_redirect, which doesn’t have any documentation in the Codex).  Though undocumented (or at least not well documented in the Codex), the way the authorized host list is handled allows for a plugin to add a filter hook that modifies the allowed list (since the allowed list by default only includes the actual WordPress server name and isn’t exposed as an option/setting anywhere).  Toss that hook into my plugin, add on a settings page to allow the admin to input a comma-separated list of allowed-for-redirecting hosts, and now I can use WordPress to authenticate users on subdomains.

If anyone is interested in this plugin, please let me know and I’ll try to clean it up engouh to make it public.

]]>
http://2718.us/blog/2008/04/16/using-wordpress-for-user-authentication-part-2/feed/ 2
Note to Self: Validate Input before using it in SQL Queries http://2718.us/blog/2008/04/15/note-to-self-validate-input-before-using-it-in-sql-queries/ http://2718.us/blog/2008/04/15/note-to-self-validate-input-before-using-it-in-sql-queries/#comments Tue, 15 Apr 2008 18:53:51 +0000 2718.us http://2718.us/blog/?p=21 Right, of course, I should be doing this already, but having magic quotes in PHP4 may hvae made me a bit lazy in some instances, and just like I’ve been going through and fixing register_globals dependence… As I read here,

Both register_globals and Magic Quotes were implemented in PHP to help beginners who were learning to program in PHP or new to programming in general. One thing I noticed about the upgrade was that neither of the problems I encountered were major, but also that they weren’t related to the actual upgrade to version 5, as they both should have been taken care of already. It brings up the discussion of a good programmer versus a bad/lazy programmer. Most of the sites that had any issues, and the few that had major issues were ones that I had taken over and was hosting but didn’t initially create. The sites were not built so long ago that there was an excuse for using both register_globals and magic quotes, and it shows that having programming standards is important, and that keeping up to date with programming trends and upgrades to the programming language are very important. I’m glad I caught this before I upgraded to verion 6 when I possibly would have had a much harder time solving the problem.

]]>
http://2718.us/blog/2008/04/15/note-to-self-validate-input-before-using-it-in-sql-queries/feed/ 1
Using WordPress for User Authentication http://2718.us/blog/2008/04/12/using-wordpress-for-user-authentication/ http://2718.us/blog/2008/04/12/using-wordpress-for-user-authentication/#comments Sun, 13 Apr 2008 04:56:37 +0000 2718.us http://2718.us/blog/?p=15 Plenty of people seem to have written a lot about how to make WordPress use some other program’s user authentication mechanism, but there seems to be fairly little on how to get at WordPress’s user authentication from some other program.  Fortunately, I found this article, and got what I wanted.

It’s a fairly straight-forward process.  At its simplest:

require_once('wp-config.php');
  1. auth_redirect();

Including wp-config.php (you may have to watch the path) gets you just about all of WordPress and auth_redirect() will check if the user is logged in to WordPress and if not, they get bounced to a login form.

Where things get trickier is if you want to use the authentication on a subdomain (you have to tweak COOKIE_DOMAIN in wp-config.php [to override what’s already in wp-settings.php) or if your blog is in a subdirectory and you want the authentication outside that subdirectory (try tweaking COOKIEPATH).

Oh, and if you try to put the require_once() statement inside a function, you will also need

global $wpdb;

or nothing will work.

The issue of how much memory it consumes to load all of WordPress just to authenticate users is a whole separate issue.

]]>
http://2718.us/blog/2008/04/12/using-wordpress-for-user-authentication/feed/ 4
php5 is fun http://2718.us/blog/2008/04/08/php5-is-fun/ http://2718.us/blog/2008/04/08/php5-is-fun/#comments Tue, 08 Apr 2008 23:15:21 +0000 2718.us http://2718.us/blog/?p=9 A few weeks ago, I upgraded my primary server to some version of php5 (from php4).  It’s been some time since I moved from php3 to php4 (even though I still have some files with a .php3 extension), but I don’t remember it being a huge change.  I upgraded because there was some small feature I wanted…  actually two small features I wanted that weren’t in php4.  One of them was all the curl_multi_ stuff (which parallelized the retrieval of the various LJ clone stats.txt files, making the cache update for that site a much much shorter process).  I don’t, offhand, remember what the other one was, I just know I ran into it again in the past few days and it was some other function that didn’t exist until php5.

Now, what I didn’t know when I did the upgrade was that php5 defaults to having register_globals off.  This is a very good thing.  I’ve been working hard for the past year to make sure any code I was working on didn’t rely on register_globals.  What I didn’t do however, was make sure that any code that was already in use on my server didn’t need register_globals.  This led to a weekend of digging through server error logs to find the scripts that needed to be fixed (if they could easily be fixed) or patch specific chunks of code wholesale by forcing register_globals on in .htaccess.

Lately, though, I’ve been playing with objects/classes.  I like the changes in the object/class stuff in php5 (even though I’m very oldskool and OOP still feels very strange to me, I keep trying to make OOP stuff work).  Komodo Edit, however, doesn’t seem to like it when I use php5 things like protected and private functions and variables.  I suspect this is because my macs have php4 somewhere and Komodo Edit is using the actual php executable to run syntax checks.  I haven’t yet found an easy way to deal with this, since I don’t want to just install php5 over the php4 that’s part of the base OS X install.

]]>
http://2718.us/blog/2008/04/08/php5-is-fun/feed/ 0
Unfortunately, PHP and js are interpreted… http://2718.us/blog/2008/04/06/unfortunately-php-and-js-are-interpreted/ http://2718.us/blog/2008/04/06/unfortunately-php-and-js-are-interpreted/#comments Mon, 07 Apr 2008 03:35:37 +0000 2718.us http://2718.us/blog/?p=6 comic

]]>
http://2718.us/blog/2008/04/06/unfortunately-php-and-js-are-interpreted/feed/ 0