Web Server Products Catalog
You may have noticed that sometimes you get a list of filenames when you point at a URL. If you point at a directory (rather than a specific file) and the directory doesn't contain a file with the default filename (such as index.html), the Web server may display a list of files for you to select from. You probably don't want your Web server to do this your site won't be very secure if a visitor can look at any file on your site. On other Web sites, you may have seen an error message that reads On those sites, the Web server is set so that it doesn't display a list of filenames when the URL points to a directory. Instead, it delivers this error message. This is more secure than listing the filenames. If the filename is being sent from your Web site, a setting for the Web server needs to be changed. If you aren't the administrator for your Web server, request a change. If you are the administrator, it's up to you to change this behavior. For instance, in Apache, this behavior is...
Communication between your Web site and its visitors is not totally secure. When the files on your Web site are sent to the user's browser, someone on the Internet between you and the user can read the contents of these files as they pass by. For most Web sites, this isn't an issue however, if your site collects or sends credit card numbers or other secret information, use a secure Web server to protect this data. Secure Web servers use Security Sockets Layer (SSL) to protect communication sent to and received from browsers. This is similar to the scrambled telephone calls that you hear about in spy movies. The information is encrypted (translated into coded strings) before it is sent across the Web. The receiving software decrypts it into its original content. In addition, your Web site uses a certificate that verifies your identity. Using a secure Web server is extra work, but it's necessary for some applications. Information about secure Web servers is specific to the Web server...
The server command launches a fast web server written in PHP to serve a symfony application in the dev environment. The default port is 8000. Symfony uses nanoserv for this purpose, in order to bypass completely the web server. This results in a very fast access to the development environment - without any control over the server configuration nor access to its log files. This tool is to be used for debug, not in a production environment.
The web-ls.php program shown in Example 19-4 provides a view of the files inside your web server's document root, formatted like the output of the Unix command ls. Filenames are linked so that you can download each file, and directory names are linked so that you can browse in each directory, as shown in Figure 19-1.
Your Web server needs to be configured to recognize PHP scripts and run them. You can't have Apache and IIS running at the same time using the same port number. Either shut down one Web server or tell them to listen on different ports. Follow the steps in the section for your Web server. You can start it as a service on Windows NT 2000 XP by choosing StartOProgramsOApache HTTPD ServerOControl Apache Server and then selecting Start or Restart. You can start it on Windows 98 Me by choosing StartOProgramsOApache Web ServerOManagement.
You want to do calculations based on the information in your web server's access log file. Calculating statistics this way from web server access logs is easy, but it's not very flexible. The program needs to be modified for different kinds of reports, restricted date ranges, report formatting, and many other features. A better solution for comprehensive web site statistics is to use a program such as analog, available for free at http www.analog.cx. It has many types of reports and configuration options that should satisfy just about every need you may have.
Unless you work with an organization that already has an established Web site hosting environment, eventually you're going to have to evaluate and purchase the services of a Web hosting provider. Thankfully this is an extremely crowded and competitive market, with providers vying for your business, often by offering an impressive array of services, disk space, and bandwidth at very low prices. Generally speaking, hosting providers can be broken into three categories Dedicated server hosting Dedicated server hosting involves leasing an entire Web server, allowing your Web site full reign over server CPU, disk space, and memory resources, as well as control over how the server is configured. This solution is particularly advantageous because you typically have complete control over the server's administration while not having to purchase or maintain the server hardware, hosting facility, or the network connection. Keep in mind this isn't necessarily a high-priority task there's no need...
As mentioned earlier, phpinfo() is your friend. We developed applications for this book on Unix systems running Apache Web servers. But, as PHP runs on a variety of operating systems and Web servers and MySQL runs on Windows as well as Unix, you should be aware of the different variables associated with whatever Web server and operating system you're running. You'll see that the files imported into in our applications via include statements make use of the DOCUMENT_ROOT Apache variable. If you were to attempt to move the application files to a server other than Apache on Windows, you would get an error in the include statements. The better choice when using Microsoft's Personal Web Server is the APPL_PHYSICAL_PATH variable.
To get around cases where uploads are completely disabled by a web server's PHP configuration or where upload limits are too small, phpMyAdmin can read upload files from a special directory located on the web server's file system. This mechanism is applicable for SQL and CSV imports. This error message is expected, since the directory does not exist. It is supposed to have been created inside the current phpMyAdmin installation directory. The message might also indicate that the directory exists, but can't be read by the web server. (In PHP safe mode, the owner of the directory and the owner of the phpMyAdmin-installed scripts must be the same.) Using an SFTP or FTP client, we create the necessary directory and can upload a file there (for example books.sql) bypassing any PHP timeouts or upload maximum limits. Note that the file itself must have permissions that allow the web server to read it. In most cases, the easiest way is to allow everyone to read the file. web server upload...
You should pay close attention to this screen especially if you intend to use your Apache server as a production web server. 4. OK, that's the initial froth out of the way - here's the interesting bit of the installation. The image above shows the Server Information screen. This is where you'll configure your web server. If you are using Windows 95 98 ME you can select either of the options -however Apache will not run as a service and will need to be started manually. You can replicate the functionality offered by running the web server as a service by adding the apache.exe to your start-up menu, that way it will start every time you start your computer. 7. Click Next to select where your web server will be installed. Note that by default it will be installed to C Program Files Apache Group . It's as good a place as any and I recommend you use the default path where possible as it will make troubleshooting easier if something does go wrong at a later date. 8. Click Install and the...
To be able to access and test the new application, the web server has to be configured. Here is an example for Apache, where a new VirtualHost is added in the httpd.conf file Symfony is compatible with other server configurations. You can, for instance, access a symfony application using an alias instead of a virtual host. To discover more about web server configuration, refer to the related chapter.
When the left and right panels are displayed, the window's title changes to reflect which MySQL server, database, and table are active. phpMyAdmin also shows some information about the web server's host name if cfg 'ShowHttpHostTitle' is set to true. What is displayed depends on another setting, cfg ' SetHttpHostTitle ' . If this setting is empty (as it is by default), the true web server's host name appears in the title. We can put another string here, like 'my Web server', and this will be shown instead of the true host name. Seeing the web server's host name can come in handy when we have many phpMyAdmin windows open, thus being connected to more than one web server. Of course, each phpMyAdmin window can itself give access to many MySQL servers.
Let's say we chose phpMyAdmin-2.8.2.tar.gz and downloaded it directly to some directory on the Linux server. We move it to our web server's document root directory (for example, var www html) or to one of its subdirectories (for example, var www html utilities). Then we extract it with the following shell command or by using any graphical file extractor our window manager offers We ensure that the permissions and ownership of the directory and files are appropriate for our web server the web server user or group must be able to read them.
Let's begin the installation process by downloading the necessary software. At a minimum, this will entail downloading PHP and the appropriate Web server (either Apache or IIS 7, depending on your platform and preference). If your platform requires additional downloads, that information will be provided in the appropriate section. Tip In this chapter you'll be guided through the manual installation and configuration process. Manually installing and configuring Apache and PHP is a good idea because it will familiarize you with the many configuration options at your disposal, allowing you to ultimately wield greater control over how your Web sites operate. However, if you're ultimately going to rely on the services of a Web hosting provider and just want to quickly set up a test environment so you can get to coding, consider downloading XAMPP a free automated Apache installer that includes, among other things, PHP, Perl, and MySQL. XAMPP is available for Linux and Windows, with Mac OS X...
Once you successfully install PHP as an Apache module, you should test it to ensure that the web server can recognize PHP scripts and handle them correctly. If you can see this, it means that the installation of the Apache web server software on this system was successful. You may now add content to this directory and replace this page. This page is here because the site administrator has changed the configuration of this web server. Please contact die person responsible for maintaining this server with questions. The Apache Software Foundation, which wrote the web server software this site administrator is using, has nothing to do with maintaining this site and cannot help resolve configuration issues. Save this file as test.php in your web server document root (the htdocs subdirectory of your Apache installation directory) and point your browser to http localhost test.php. You should see a page containing information on the PHP build, as in Figure 2-30.
In certain respects, ApacheBench falsifies the test result, as soon as it runs right on the web server, because ApacheBench needs resources as well. The optimal situation is if you have two computers. One is being tested and the other one runs ApacheBench. However, if you only want to test an optimization option, it is justifiable to run the benchmark directly on the web server.
Some user accounts on a computer, however, aren't for people, but for system processes such as web servers. When the PHP intepreter runs inside of a web server, it has the privileges that the web server's account has. So if the web server is allowed to read a certain file or directory, then the PHP interpreter (and therefore your PHP program) can read that file or directory. If the web server is allowed to change a certain file or write new files in a particular directory, then so can the PHP interpreter and your PHP program. Usually, the privileges extended to a web server's account are more limited than the privileges that go along with a real person's account. The web server (and the PHP interpreter) need to be able to read all of the PHP program files that make up your web site, but they shouldn't be able to change them. If a bug in the web server or an insecure PHP program lets an attacker break in, the PHP program files should be protected against being changed by that attacker.
Instead of transmitting the export file over the network with HTTP, it is possible to save it directly on the file system of the web server. This could be quicker and less sensitive to execution time limits, because the whole transfer from server to client browser is bypassed. Eventually, a file transfer protocol like FTP or SFTP can be used to retrieve the file, since leaving it on the same machine would not provide good backup protection. A special directory has to be created on the web server before saving an export file on it. Usually this is a subdirectory of the main phpMyAdmin directory. We will use save_dir as an example. This directory must have special permissions. First, the web server must have write permissions for this directory. Also, if the web server's PHP component is running in safe mode, the owner of the phpMyAdmin scripts must be the same as the owner of save_dir. On a Linux system, assuming that the web server is running as user apache and the scripts are owned...
HP programs are a series of instructions in a file named with an extension that tells the Web server to look for PHP sections in the file. (The extension is usually .php or .phtml, but it can be anything that the Web server is configured to expect.) PHP begins at the top of the file and executes each instruction, in order, as it comes to it. Instructions are the building blocks of PHP programs.
It can be tricky to understand how all of these pieces integrate. When a web server detects PHP code, it turns over the processing of the page to the PHP interpreter. The server processes the PHP file and sends the resulting HTML file to the browser. If that result includes an external CSS stylesheet, the browser issues a separate request for that stylesheet before displaying the page. Processing PHP on the server is called server-side processing. When you request a web page, you trigger a whole chain of events. Figure 1-2 illustrates this interaction between your computer and the web server, which is the host of the web site. Web host Web server process 2. Your browser breaks apart that address and sends the name of the page to the web server. For example, http www.phone.com directory.html would request the page directory.html from www.phone.com. 3. A program on the web server, called the web server process, takes the request for directory.html and looks for this specific file. 4....
In order to process and develop dynamic web pages, you'll need to use and understand several technologies. There are three main components of creating dynamic web pages a web server, a server-side programming language, and a database. It's a good idea to have an understanding of these three basic components for web development using PHP. We'll start with some rudimentary understanding of the history and purpose of Apache (your web server), PHP (your server-side programming language), and MySQL (your database). This can help you to understand how they fit into the web development picture.
Exporting large databases may or may not work this depends on their size, the options chosen, and the web server's PHP component settings (especially memory size and execution time). Exporting large databases may or may not work this depends on their size, the options chosen, and the web server's PHP component settings (especially memory size and execution time).
To build a web site with PHP, you need a web server. Apache is the most popular web server in the world. It's free, powerful, stable, and secure. What more could you ask for You probably want a database program to use with your web site. One of the most common choices for a database program to go along with PHP is MySQL. This section shows you how to install Apache and MySQL on your computer. The instructions in this section are only for people who are installing PHP on their own computers. If you are using a web-hosting provider's PHP setup, then don't install Apache and MySQL yourself. Your hosting provider has taken care of that for you.
To create your dynamic Web pages, you need access to a Web site that provides your three software tools (see the preceding section). All Web sites include a Web server, but not all Web sites provide MySQL and PHP. These are the most common environments in which you can develop your Web site l A Web site hosted by a Web hosting company The Web site is located on the Web hosting company's computer. The Web hosting company installs and maintains the Web site software and provides space on its computer where you can install the HTML (HyperText Markup Language) files for a Web site. For the world to see the company's Web pages, the HTML files must be in a specific location on the computer. The Web server that delivers the Web pages to the world expects to find the HTML files in a specific directory. The IT department should provide you with access to the directory where the HTML files need to be installed. In most cases, you develop and test your Web pages in a test location and then...
Chances are you're going to rely upon an existing corporate IT infrastructure or a third-party Web hosting provider for hosting your PHP-driven Web sites, alleviating you of the need to attain a deep understanding of how to build and administrate a Web server. However, as most prefer to develop applications on a local workstation or laptop, or on a dedicated development server, you're likely going to need to know how to at least install and configure PHP and a Web server (in this case, Apache and Microsoft IIS). Having at least a rudimentary understanding of this process has a second benefit as well it provides you with the opportunity to learn more about the many features of PHP and the Web server, which might not otherwise be commonly touted. This knowledge can be useful not only in terms of helping you to evaluate whether your Web environment is suited to your vision for a particular project, but also in terms of aiding you in troubleshooting problems with installing third-party...
In this section we'll cover installing the Apache web server and PHP on a UNIX operating system. server. In the UNIX world it has legendary status, beating off many of its commercial rivals to sit at the top of the web server tree of popularity. If you visit the URL shown above you'll be presented with a list of folders containing Apache Web Server installation files for almost every operating system known to man. Select the relevant one for your OS.
In this chapter, you'll learn how to install and configure PHP, and in the process learn how to install the Apache Web server. If you don't already have a working Apache PHP server at your disposal, the material covered here will prove invaluable for working with the examples in later chapters, not to mention for carrying out your own experiments. Specifically, in this chapter, you will learn about
The flush( ) function sends all output that PHP has internally buffered to the web server, but the web server may have internal buffering of its own that delays when the data reaches the browser. Additionally, some browsers don't display data immediately upon receiving it, and some versions of Internet Explorer don't display a page until they've received at least 256 bytes. To force IE to display content, print blank spaces at the beginning of the page
HTTP is not inherently immune to network sniffing (grabbing sensitive data off the wire), so if we want to protect not only our username and password but all the data that travels between our web server and browser, we have to use HTTPS. To do so, assuming that our web server supports HTTPS, we just have to start phpMyAdmin by putting https instead of http in the URL as follows
Download the PHP installation package from http www.php.net downloads.php. There are two versions of the Windows download available the installer download and the zip download. Use the installer download. It is an installation program that you run after downloading. This program copies the PHP interpreter program and supporting files to the right places and helps you configure your web server program to work with the PHP interpreter. The zip version contains the PHP interpreter and a number of PHP extensions but no installation program. If you use the zip version, then you must copy the PHP interpreter program and other files to the right places. The installer download is easier to deal with. Your web server should be installed before you run the PHP installer. If you want to use Apache, follow the instructions in the later section Section A.4.1.1. However, Apache should not be running when you install PHP. Bring up the Apache monitor by double-clicking on the Apache Monitor icon in...
In this section, I'll briefly cover what's involved in setting up up-to-date versions of PHP and MySQL on Mac OS X. Before doing that, however, I'll ask you to make sure that the Apache Web server built into your Mac OS X installation is enabled. 4. If the preference panel says Web Sharing Off, click the Start button to launch the Apache Web server.
When the web server receives a request for a directory or file that it knows is a protected resource, it responds by sending the client browser an authentication challenge. Only after receiving a valid username and password back from the client browser is access granted to the directory or file. The following instructions apply to Windows and UNIX versions of the Apache 1.3.x web server. The file containing usernames and passwords should always be placed outside the web server root, in a directory not accessible through a browser. or else absolutely anyone will be able to download it That said, note that the default Apache configuration blocks remote retrieval of any file beginning with .ht. Next, open your main Apache configuration file, httpd.conf, and look for the tags that reference your web server root. These tags should look something like this
The HTML and CSS that give your web site its pretty face reside in individual files on your web server. So does the PHP code that processes forms and performs other dynamic wizardry. There's a third kind of information necessary to a web application, though data. And while you can store data such as user lists and product information in individual files, most people find it easier to use databases, which are the focus of this chapter. In addition to searchability, database programs usually provide you with a different set of access control options compared to files. It is an exacting process to set things up properly so that your PHP programs can create, edit, and delete files on your web server without opening the door to malicious attackers who could abuse that setup to alter your PHP scripts and data files. A database program makes it easier to arrange the appropriate levels of access to your information. It can be configured so that your PHP programs can read and change some...
The name of the web site on which the PHP inter web server hosts many different virtual domains, particular virtual domain that is being accessed. The directory on the web server computer that ho available on the web site. If the document root is the web site http www.example.com, then a reqi corre usr local htdocs catalog store.php. If your web server is configured to translate user hostnames, this is the hostname of the user makir web server. Because this address-to-name transla expensive (in terms of computational time), most it.
Any document located in a Web server's document tree and possessing adequate privilege is fair game for retrieval by any mechanism capable of executing the GET command, even if it isn't linked from another Web page or doesn't end with an extension recognized by the Web server. Not convinced As an exercise, create a file and inside this file type my secret stuff. Save this file into your public HTML directory under the name of secrets with some really strange extension such as .zkgjg. Obviously, the server isn't going to recognize this extension, but it's going to attempt to serve up the data anyway. Now go to your browser and request that file, using the URL pointing to that file. Scary, isn't it Of course, the user would need to know the name of the file he's interested in retrieving. However, just like the presumption that a file containing the phpinfo() function will be named phpinfo.php, a bit of cunning and the ability to exploit deficiencies in the Web server configuration are...
However, it sends lines to the web server error log that look like this The exact location of your web server error log varies based on how your web server is configured. If you're using Apache, the error log location is specified by the ErrorLog Apache configuration setting.
When the Web server at www.myowncompany.com receives the request, it searches the root directory of its Web space for a file named index.php. If it finds the file, the Web server sends some HTTP headers to the requesting browser containing information about what is being sent, followed by the contents of index.php. For instance, the Web server sends a status line such as the following
In some cases, when the Web server receives a request for a file, it finds the file but determines that the file is password-protected. For example, when you use the Apache Web server, you can specify to Apache that all the files in a directory require the user to enter a password before Apache can send the file contents to the browser. The details of designating files as password-protected are discussed later in this chapter. When the Web server receives a request for a protected file, it responds with the following status line
Machine may or may not be aware that you already have both the Apache web server and PHP 4 installed on your machine. You can start and stop your Apache web server using the Sharing option in System Preferences (see image below). 3. When all the lines have been modified, save the file and restart the web server so that the changes can take effect. Always ensure that you restart the web server following modifications to the web server, changes to the configuration will only take effect when you restart.
When such an HTML document is requested by a user, a PHP-aware Web server can recognize and execute the PHP code blocks and interpolate the resulting output into the HTML document before returning it to the requesting user. The result a Web page or application that almost seems alive, responding intelligently to user actions by virtue of the PHP program logic embedded within it. Figure 1-1 illustrates the process, showing the four elements of the LAMP framework, described later in this section. 2. The Web server handling HTTP requests for the domain receives the request and notes that the URL ends with a . php suffix. Because the server is programmed to automatically redirect all such requests to the PHP layer, it simply invokes the PHP interpreter and passes it the contents of the named file. 4. The results returned by the interpreter are transmitted to Joe's browser by the Web server. A Web server (usually Apache on Linux or IIS on Windows) to intercept HTTP requests and either...
I have broken this example into two parts. I will show how to create a server component that is designed to run beneath a Web server and how to create a client component. The client piece is generic and written for the command line, but you can expand and embed it in a local Web page. The service allows the client to request a record based on an ID from a database. The request is packaged in a WDDX packet. The server receives the packet unserialized, and the requested record returned is packaged in a WDDX packet to the client.
Fetching a URL with the GET Method Recipe 11.3. Fetching a URL with the POST Method Recipe 11.4. Fetching a URL with Cookies Recipe 11.5. Fetching a URL with Headers Recipe 11.6. Fetching an HTTPS URL Recipe 11.7. Debugging the Raw HTTP Exchange Recipe 11.8. Marking Up a Web Page Recipe 11.9. Extracting Links from an HTML File Recipe 11.10. Converting ASCII to HTML Recipe 11.11. Converting HTML to ASCII Recipe 11.12. Removing HTML and PHP Tags Recipe 11.13. Using Smarty Templates Recipe 11.14. Parsing a Web Server Log File Recipe 11.15. Program Finding Stale Links Recipe 11.16. Program Finding Fresh Links
Even the best-maintained databases occasionally develop problems. Hardware failures, in particular, can really throw a monkey wrench into your web pages. Now that you're using a database, just backing up the files (HTML, PHP, and images) on your web server isn't enough. There's nothing worse than informing your web users that they have to reenter information, such as their accounts, or having to recreate your
If there is a slight chance that some of the browsers of your website's users may not support HTTP 1.1, there is no risk when activating the HTTP 1.1 cache features. A browser receiving headers that it doesn't understand simply ignores it, so you are advised to setup the HTTP 1.1 cache mechanisms whenever your web server
One of PHP's advantages is that you can embed PHP code directly alongside HTML. For the code to do anything, the page must be passed to the PHP engine for interpretation. But the Web server doesn't just pass every page rather, it passes only those pages identified by a specific file extension (typically .php) as configured per the instructions in Chapter 2. But even selectively passing only certain pages to the engine would nonetheless be highly inefficient for the engine to consider every line as a potential PHP command. Therefore, the engine needs some means to immediately determine which areas of the page are PHP-enabled. This is logically accomplished by delimiting the PHP code. There are four delimitation variants, all of which are introduced in this section.
Open source products continue to make headway on the Microsoft Windows server platform, with historically predominant Unix-based technologies like the Apache Web server, PHP, the Perl and Python programming languages, and, more recently, MySQL continuing to gain popularity on what was once considered taboo ground for free software. In addition, for many users, the Windows environment offers an ideal testing ground for Web database applications that will ultimately be moved to a production Linux environment. 4. You are prompted to configure the number of concurrent connections estimated for the server. You have three options choose Decision Support (DSS) OLAP, which is intended for a minimal number of concurrent connections (fewer than 20), such as might be needed in a small office setting choose Online Transaction Processing (OLTP), which is intended for high-traffic servers such as that which might be used for a Web server or set your own estimated number of connections. After you...
If you want to parse an XML document located on a remote web server, you can still use simplexml_load_file( ). Just pass the URL of the XML document to simplexml_load_file( ). The function retrieves the remote page and puts it into a SimpleXML object. Example 11-15 prints an HTML list of item titles from the Yahoo News Oddly Enough RSS feed.
A web server is a lot like a clerk at a busy deli full of pushy customers. The customers at the deli shout requests I want a half pound of corned beef and Give me a pound of pastrami, sliced thin The clerk scurries around slicing and wrapping to satisfy the requests. Web clients electronically shout requests ( Give me catalog yak.php or Here's a form submission for you ), and the server, with the PHP interpreter's help, electronically scurries around constructing responses to satisfy the requests. The clerk has an advantage that the web server doesn't, though a memory. She naturally ties together all the requests that come from a particular customer. The PHP interpreter and the web server can't do that without some extra steps. That's where cookies come in. A cookie identifies a particular web client to the web server and to the PHP interpreter. Each time a web client makes a request, it sends the cookie along with the request. The interpreter reads the cookie and figures out that a...
PHP (Hypertext Pre-Processor) is a server-side scripting language that runs on Apache or other similar Web server applications. PHP is one of the most popular server-side scripting languages because it is fairly simple to get started in and can handle robust applications.
Your development site is running well enough on your local development for you to transfer it to a production site hosted on a remote web server. It should be easy to do this. Copy over all the files, including the whole of the system folder, update the config settings, copy over and link to the database, and away you go. Sometimes, it really is that easy.
An additional risk when your web server encrypts data as in this recipe comes from how the data is visible before it's encrypted and written to a file. Someone with root or administrator access to the server can look in the memory the web server process is using and snoop on the unencrypted data and the key. If the operating system swaps the memory image of the web server process to disk, the unencrypted data might also be accessible in this swap file. This kind of attack can be difficult to pull off but can be devastating. Once the encrypted data is in a file, it's unreadable even to an attacker with root access to the web server, but if the attacker can peek at the unencrypted data before it's in that file, the encryption offers little protection.
When transforming XML using XSLT within a Web server environment, it is often the case that the result tree is an HTML document that is to be returned to the requesting browser. It is also possible that the result tree contains an RSS document that is to be sent to a requesting client. Either way, each of these would use the transformToXML() method. The name of this method is The doc parameter, which has already been explained, contains the XML data to be transformed. This method returns the output as a string, which could then possibly be sent through a Web server back to the requesting client. The example in Listing 10-3 illustrates a transformation where the results are just printed.
HTML pages are independent from one another. When a user clicks a link, the Web server sends a new page to the user's browser, but the Web server doesn't know anything about the previous page. For static HTML pages, this process works fine. However, many dynamic applications need information to pass from page to page. For instance, you might want to store a user's name and refer to that person by name on another Web page.
PHP is a programming language designed to generate web pages interactively on the computer serving them, which is called a web server. Unlike HTML, where the web browser uses tags and markup to generate a page, PHP code runs between the requested page and the web server, adding to and changing the basic HTML output.
There are several ways to install symfony on a server, but they are not all adapted to a production environment. For instance, doing a PEAR install requires administrator rights on directories that might not be open to you if you share a web server. Based on the principle that you will probably host several projects using symfony on the production web server, the recommended symfony installation is to uncompress the archive of the framework in a specific directory. Only the lib and data directories are necessary in a production server, so you can get rid of the other files (bin , doc , test and the files from the root directory).
Some problems, such as phpMyAdmin bugs, are in fact caused by the server environment. Sometimes, the web server is not configured to interpret .php tiles correctly, or the PHP component inside the web server does not run with the mysql extension. MySQL accounts may be badly configured. This can happen on home servers as well as hosted servers.
The syntax of this file is not very advanced. It is basically a text file that informs the Web server of specific modifications. For example, have you noticed a Web site that has specialized file extensions, such as the MediaTemple Web host, which has the following format This modification can also be done using the httpd.conf file if you prefer to have the entire Web server be able to use this custom file extension.
Shared memory's speed makes it an ideal way to store data different web server processes need to access frequently when a file or database would be too slow. Example 8-7 shows the pc_Web_Abuse_check class, which uses shared memory to track accesses to web pages in order to cut off users that abuse a site by bombarding it with requests.
Throughout this book, you will develop some Cake applications that I expect you to build on your PC and not on a web server. All my instructions, therefore, will be for a localhost environment, not a remote one, though the setup routines I discuss in this chapter apply to a remote installation as well.
When you install Apache on Windows NT, 2000, or XP, it's automatically installed as a service and started. It's ready to use. You can test it by typing your Web site name (or localhost) into your browser window. You see a welcome Web page that reads, If you can see this, it means that the installation of the Apache Web server software on this system was successful. On Windows 95, 98, and Me, you have to start Apache manually, using the menu.
A good way to avoid unavailability is to have the project root folder configured as a symlink. For instance, imagine that you are currently using the version 123 of your application, and that you want to switch to the version 134. If your web server root is set to home myaccount myproject web and that the production folder looks like that
This either opens an existing database named corporate.db, creates a database named corporate.db within the directory home book 22 , or results in an error, likely because of privilege problems. If you experience problems creating or opening the database, be sure that the user owning the Web server process possesses adequate permissions for writing to this directory.
Prior to delving into an overview of PHP's encryption capabilities, it's worth discussing one caveat to their usage, which applies regardless of the solution. Encryption over the Web is largely useless unless the scripts running the encryption schemes are operating on an SSL-enabled server. Why PHP is a server-side scripting language, so information must be sent to the server in plain-text format before it can be encrypted. There are many ways that an unwanted third party can watch this information as it is transmitted from the user to the server if the user is not operating via a secured connection. For more information about setting up a secure Apache server, check out http www.apache-ssl.org. If you're using a different Web server, refer to your documentation. Chances are that there is at least one, if not several, security solutions for your particular server. With that caveat out of the way, let's review PHP's encryption functions.
The _SERVER superglobal contains information created by the Web server and offers a bevy of information regarding the server and client configuration and the current request environment. Although the value and number of variables found in _SERVER varies by server, you can typically expect to find those defined in the CGI 1.1 specification (available at the National Center for Supercomputing Applications at http hoohoo.ncsa.uiuc.edu cgi env.html). You'll likely find all of these variables to be quite useful in your applications, some of which include the following
In order to understand exactly how Ajax concepts are put together, it is important to know how a web site processes a request and receives a response from a web server. The current standard that browsers use to acquire information from a web server is the HTTP (HyperText Transfer Protocol) method (currently at version HTTP 1.1). This is the means a web browser uses to send out a request from a web site and then receive a response from the web server that is currently in charge of returning the response. HTTP requests work somewhat like e-mail. That is to say that when a request is sent, certain headers are passed along that allow the web server to know exactly what it is to be serving and how to handle the request. While most headers are optional, there is one header that is absolutely required (provided you want more than just the default page on the server) the host header. This header is crucial in that it lets the server know what to serve up.
OAn unmonitored Web server can present a security hazard to the system running it, as well as to any attached network(s). Immediately implementing security measures or stopping the server whenever you don't need it is wise. Rudimentary security measures are covered in Session 4. To stop the server, use the following command usr sbin apachectl stop
The setErrorHandling( ) function introduced in Section 7.4 has an additional mode of operation that gives you increased control over how database errors are handled in your PHP programs. Instead of having a terse error message printed or your program exit when a database error happens, you can have a custom function called. That function can do whatever you want, such as print a more detailed error message or write to the web server error log.
Example 6-3 incorporates the form in Example 6-2 into a complete PHP program that prints the appropriate values from _post after displaying the form. Because the action attribute of the tag in Example 6-3 is catalog.php, you need to save the program in a file called catalog.php on your web server. If you save it in a file with a different name, adjust the action attribute accordingly.
Installing the PHP interpreter is a matter of downloading some files and putting them in the right places on your computer. You must also configure your web server so that it knows about PHP. This section contains instructions on how to do this for computers running Windows, Linux, Unix, and OS X. If you get stuck, check out the installation FAQ at
Chapter 1, provides some general background on PHP and how it interacts with your web browser and a web server. It also shows some PHP programs and what they do to give you an idea of what PHP programs look like. Especially if you're new to programming or building dynamic web sites, it is important to read Chapter 1. The three appendixes provide supplementary material. To run PHP programs, you need to have a copy of the PHP interpreter installed on your computer (or have an account with a web-hosting provider that supports PHP). Appendix A, helps you get up and running, whether you are using Windows, OS X, or Linux.
Here, address is the IP address or host name of the computer on which the MySQL server software is running ('localhost' if it's running on the same computer as the Web server software), and username and password are the same MySQL user name and password you used to connect to the MySQL server in Chapter 2.
If you are accessing a database on the same host computer as your Web server, you can use localhost for the hostname parameter otherwise, you use the hostname you see in your etc hosts file on Linux. You can also get the hostname of your computer by using the uname -n command. The port parameter defaults to 1521, which is the default port for any Oracle installation. This parameter may not be 1521 when you have more than one database on your host computer. Similarly, the service_name parameter defaults to the name of the only database installed on the host computer, which in the case of Oracle Database XE is XE. As a result, the oci_connect() call in Listing 32-1 can be further abbreviated as
In contrast to oci_connect() and oci_new_connect(), you can use oci_pconnect() to create a persistent connection. Persistent connections do not automatically close at the end of a PHP script. Other scripts initiated from the same Web server or middleware server user session are free to use the connection as well as another invocation of the script that originally created the connection. The syntax for oci_pconnect() is as follows
L postMessage.php Builds, displays, validates, and processes an HTML form using the strategies outlined in Chapters 3 and 4. When the user creates a new thread, the Web server runs postReply.php twice. The first time through, postMessage.php displays a form that shows the topic that will own the new thread and a number of empty fields. When the user completes the form and clicks the Post Message button, postMessage. php executes again this time it validates the input and, if everything looks okay, writes the new message to the database.
Section 20.4 discusses reading data from the keyboard in a command-line context. Reading data from standard input isn't very useful in a web context, because information doesn't arrive via standard input. The bodies of HTTP POST and file-upload requests are parsed by PHP and put into special variables. They can't be read on standard input, as they can in some web server and CGI implementations.
Next, we'll walk through installing the core software packages on your local computer. This book focuses on PHP and MySQL, but making this work also usually requires the Apache web server. The PHP interpreter works with the web server when processing dynamic content. Finally, you'll install the MySQL database. Installation is covered for PC, Mac, and Linux systems. You can also use a hosted Internet service provider (ISP) account to develop your pages, if you don't want to install everything locally.
This depends on whether the database server is located on the same machine as the Web server. If this is the case, then encryption will likely be beneficial only if you consider the machine itself insecure. If the database resides on a separate server, then the data could potentially be traveling unsecured from the Web server to the database server, and therefore it would warrant encryption. There is no steadfast rule regarding the use of encryption. You can reach a conclusion only after a careful weighing of security and performance factors.
As we've already successfully completed the Apache web server installation your 6. OK, we're almost there, so far we've installed the Apache web server and PHP4. What we need to do now is tell Apache that we have installed PHP on our system and where it can be found. For this we need to go to the directory where we installed the Apache web server C Program Files Apache Group apache conf and open the file 13. Save this file as phpinfo.php into the root directory of our web server. If you followed the installation instructions to the letter this will be C Program Files Apache Group apache htdocs. Ensure that you restarted the web server after making changes to the configuration file. Changes to the configuration only take effect when you restart the web server.
PHP offers a number of useful predefined variables that are accessible from anywhere within the executing script and provide you with a substantial amount of environment-specific information. You can sift through these variables to retrieve details about the current user session, the user's operating environment, the local operating environment, and more. PHP creates some of the variables, while the availability and value of many of the other variables are specific to the operating system and Web server. Therefore, rather than attempt to assemble a comprehensive list of all possible predefined variables and their possible values, the following code will output all predefined variables pertinent to any given Web server and the script's execution environment
Microsoft Windows remains the operating system of choice even among most open source-minded developers, largely due to reasons of convenience after all, as the dominant desktop operating system, it makes sense that most would prefer to continue using this familiar environment. Yet for reasons of both stability and performance, deploying PHP-driven Web sites on Linux running an Apache Web server has historically been the best choice. But this presents a problem if you'd like to develop and even deploy your PHP-driven Web site on a Windows server running the Microsoft IIS Web server. Microsoft, in collaboration with PHP products and services provider Zend Technologies Ltd., is seeking to eliminate this inconvenience through a new IIS component called FastCGI.
Many things can go wrong in your program that cause the PHP interpreter to generate an error message. You have a choice about where those error messages go. The messages can be sent along with other program output to the web browser. They can also be included in the web server error log. To make error messages display in the browser, set the display_errors configuration directive to On. To send errors to the web server error log, set log_errors to On. You can set them both to On if you want error messages in both places.
This depends on whether the database server is located on the same machine as the Web server. If this is the case, then encryption will likely be beneficial only if you consider your machine itself to be insecure. If the database server resides on a separate server, then the data could potentially be traveling unsecured from the Web server to the database server, and therefore it would warrant encryption. There is no steadfast rule regarding the use of encryption. You can reach a conclusion only after carefully weighing security and performance factors.
This project was a fun one to work on, because it was easy to get going and didn't require any applications other than PHP and the web server. It's a great project to start out this series, letting you use enough of the PEAR packages to see the value of not having to write all the code from scratch.
You can name your include files anything you like, but you should always use the .php extension because if you name them something else, such as .inc, it's possible that a user can request the .inc file and the web server will return the code stored in it. This is a security risk, as it may reveal passwords or details about how your program works that can reveal weaknesses in your code. This is because the PHP interpreter parses only files marked clearly as PHP.
Symfony provides an object called sfTestBrowser, which allows your test to simulate browsing without a browser and, more important, without a web server. Being inside the framework allows this object to bypass completely the http transport layer. This means that the browsing simulated by the sfTestBrowser is fast, and independent of the server configuration, since it does not use it. The tests built with WebTestCase are slower than the ones built with sfTestBrowser, since the web server is in the middle of every request. They also require that you have a working web server configuration. However, the WebTestCase object comes with numerous navigation methods on top of the assert*() ones. Using these methods, you can simulate a complex browsing session. Here is a subset of the WebTestCase navigation methods We could easily do the same test case as previously with a WebTestCase. Beware that you now need to enter full URIs, since they will be requested from the web server
Bandwidth-friendly By default, Magpie caches feed contents for 60 minutes, cutting down on use of unnecessary bandwidth. You're free to modify the default to fit caching preferences on a per-feed basis. If retrieval is requested after the cache has expired, Magpie will retrieve the feed only if it has been changed (by checking the Last-Modified and ETag headers provided by the Web server). In addition, Magpie recognizes HTTP's Gzip content-negotiation ability when supported.
The phpinfo() function offers a great tool for viewing a summary of PHP's configuration on a given server. However, left unprotected on the server, the information it provides is a gold mine for attackers. For example, this function provides information pertinent to the operating system, the PHP and Web server versions, the configuration flags, and a detailed report regarding all available extensions and their versions. Leaving this information accessible to an attacker will greatly increase the likelihood that a potential attack vector will be revealed and subsequently exploited.
Available functions (including details of the input parameters and returned data). For example, the PayPal SOAP (Simple Object Access Protocol) API provides a method you can execute called DoDirectPayment. If you ran a website that used PayPal to process customer transactions, you might call this method, passing in the customer's details and credit card number. The PayPal web server would then return data, indicating the status of the transaction (such as whether it succeeded or failed).
Without a configuration file, phpMyAdmin uses its default settings as defined in libraries config.default.php and tries to connect to a MySQL server on localhost, the same machine where the web server is running, with user root and password no. This is the default setup produced by most MySQL installation procedures, even though it is not really secure. However, if our freshly installed MySQL server still has the default root account, we will be able to login easily and see a warning given by phpMyAdmin about such lack of security.
There might be more that one version offered here always download the latest stable version. We only need to download one file, which includes all the language files and works regardless of the platform (browser, web server, MySQL, or PHP version). If we are using a server supporting only PHP3, the latest stable version of phpMyAdmin is not a good choice to download. I recommend using version 2.2.7-pl1, which is the latest version that supports PHP3. Thus we will have to download a file with .php3 in its name. In this case, while following the present instructions, we will have to transpose to .php3 each time we talk about .php files.
PHP, installed as a module inside the web server, is a popular scripting language in which applications are written to communicate with MySQL on the back-end, and browsers on the front-end. Ironically, the acronym's signification has evolved itself along with the Web evolution, from Personal Home Page to Professional Home Page to its current recursive definition PHP Hypertext Processor. Available on millions of Web domains, it drives its own wave of quickly developed applications.
A majority of the language files are also coded using ISO or Windows character sets, with the goal of supporting older browsers. Also, when connecting to a pre-MySQL 4.1 server, a user can still choose a non-UTF-8 character set if his or her web server or phpMyAdmin version are not configured to recode characters. (See the Data Recoding section in this chapter.)
Almost every system administrator who runs a Web server accessible to the public has seen 10 Min. log entries like the following Don't allow users of your Web server to implement any script without your express permission (and check it yourself). Many scripts are available on the Internet and can be installed by simply copying them to the appropriate cgi-bin directory. However, most of the scripts that are freely available were not written with strict security in mind. Be sure to check for any security holes before allowing users to implement their own scripts. No set of rules can render a Web server's scripts hazard-free, but the guidelines outlined here are a very good start.
Working with files in PHP also means working with remote web pages. A great thing about file handling in PHP is you can open a remote file on another computer as easily as you can open a file that sits on your web server. Most file-handling functions in PHP understand URLs as well as local filenames. However, for this feature to work, the allow_url_fopen configuration directive must be enabled. It is enabled by default, but if you're having problems loading a remote file, check this setting.
The php.ini file holds system-wide configuration for the PHP interpreter. When the web server process starts up, the PHP interpreter reads the php.ini file and adjusts its configuration accordingly. To find the location of your system's php.ini file, examine the output from the phpinfo ( ) function. This function prints a report of the PHP interpreter's configuration. The tiny program in Example A-3 produces a page that looks like the one in Figure A-21.
Updating your server not only provides performance enhancements, but also can ensure your Web server is more secure. PHP, for example, is updated frequently as more enhancements and coding changes are introduced. This is due to new security concerns being discovered, which results in a stronger application overall.
In 1996 Oracle began to break away from its database-only roots and developed the first Web-enabled database, Oracle8i Database. In addition, many other Oracle products use the Oracle database engine as one of their key components, such as Oracle 10g Application Server (Oracle AS). Oracle AS uses Oracle Database 10g as its repository for metadata and the open source Apache, both versions 1.3 and 2.0, for a Web server. Oracle provides many customized modules to more seamlessly integrate middleware functionality with the back-end database. For example, Oracle AS makes a developer's life easier by supporting PL SQL procedures with the module mod_plsql.
The phpinfo() function offers a great tool for viewing a summary of PHP's configuration on a given server. However, left unprotected on the server, the information it provides is a gold mine for attackers. For example, this function provides information pertinent to the operating system, the PHP and Web server versions, and the configuration flags, and a detailed report regarding all available extensions and their versions. Leaving this information accessible to an attacker will greatly increase the likelihood that a potential attack vector will be revealed and subsequently exploited.
Opening remote files with fopen( ) is implemented via a PHP feature called the URL fopen wrapper. It's enabled by default but is disabled by setting allow_url_fopen to off in your php.ini or web server configuration file. If you can't open remote files with fopen( ), check your server configuration.
Tip Remember to set the Content-Type header to text/xml prior to returning the resulting response do
Putting this all together, you can create a server to service the request from the client created in the previous section. It defines two functions, buy_stock() and sell_stock(), that are registered with an XML-RPC server. The only two stocks, defined in the arStocks array, that can be used within these functions are Yahoo (YHOO) and Google (GOOG). The following is the complete code for the server, referenced as the file stocktrader.php by the client. I wrote it to run within a Web server because it leverages the header creation performed by the Web server.