I found an amazing resource, completely worth sharing.
It’s Free Online Course Material from MIT (yes, THE Massachusetts Institute of Technology MIT…).
It’s got free lecture notes, exams, and videos from actual MIT courses.
just another php hacker
After reading about the Just Another Perl Hacker code snippets on Wikipedia, I was pretty intrigued. The only problem is, I hate Perl. So, here is my version: just another php hacker.
I cleaned the code up a little bit here for readability (which is against the point, I guess).
foreach(explode("2","1152117298211521162114") as $z) {
$h .= chr($z);
}
$f = (string)(2*19*227*11489);
$q = chr($h($f,(int)$f[3],(int)$f[2]+1)).chr($h($f,(int)$f[2]+1,(int)$f[0]/3)).chr($h($f,(int)$f[strlen($f)-1]+1,(int)$f[0]/3));
$z = eval("\$u=".$q."(".str_replace("3",").$q(","117311031153101311431053973108310531223101").");");
$w = "a:23:{i:0F106F1F11F2F-2F3F1F4F-84F5F65F6F13F7F1F8F5F9F-12F10F-3F11F13F12F-82F13F80F14F-8F15F8F16F-80F17F72F18F-7F19F2F20F8F21F-6F22F13;}";
$b = str_replace("F",";i:", $w);
foreach($u($b) as $c) {
echo($q($s+=$c));
}
Here is the more obfuscated text:
foreach(explode("2","1152117298211521162114")as$z){$h.=chr($z);}$f=(string)(2*19*227*11489);$q=chr($h($f,(int)$f[3],(int)$f[2]+1)).chr($h($f,(int)$f[2]+1,(int)$f[0]/3)).chr($h($f,(int)$f[strlen($f)-1]+1,(int)$f[0]/3));$z=eval("\$u=".$q."(".str_replace("3",").$q(","117311031153101311431053973108310531223101").");");$b=str_replace("F",";i:","a:23:{i:0F106F1F11F2F-2F3F1F4F-84F5F65F6F13F7F1F8F5F9F-12F10F-3F11F13F12F-82F13F80F14F-8F15F8F16F-80F17F72F18F-7F19F2F20F8F21F-6F22F13;}");foreach($u($b)as$c){echo($q($s+=$c));}
Export to spreadsheet with PHP
With PHP, it is extremely simple to create a file that can be interpreted by speadsheet programs, such as Excel or OpenOffice.org.
When you think about what this really means, it should be clear how simple it is. We’ll do this with by created a CSV file. CSV stands for Comma-Separated Values. So basically, we’ll print out a text file with a csv MIME type, and some separated values. The MIME type can either be “text/csv” or “text/x-csv”. The standard, per the name, is to separated the values with a comma, and all values that contain a comma should be wrapped in double quotes. For example:
we,are,separated
"And here, ",we have a, comma in a value
Another way, which may be the more common practice, per my version of OpenOffice.org, is to separate the values with a semicolon:
One;Two;Three
I’ll use the semicolon method. Here is a quick script that will create a small CSV file, which can be read by a spreadsheet program:
header("Content-type: text/csv");
$data = array(
array(
"a-1",
"a-2",
"a-3",
),
array(
"b-1",
"b-2",
"b-3",
),
array(
"c-1",
"c-2",
"c-3",
),
);
foreach($data as $row) {
echo implode(";", $row) . "\n\r";
}
Now, this will prompt the user for a download, which will end in a .php filename. If you have access, and are using Apache, you can solve this with a little .htaccess. Simply putting a .htaccess file in the directory, with this in it, should do the trick.
AddType application/x-httpd-php .csv
With that, working properly, you should be able to create PHP scripts that use a .csv extension. Then, when you run the above script, save it as “mydata.csv” and the downloader should see no connection to PHP.
Now, how can we use this in a little more realistic scenario? Well, we can use this to create CSV dumps of SQL result sets.
$query = @mysql_query($sql);
$data = array();
while($row = @mysql_fetch_assoc($query)) {
//first time through, grab the keys
if(!sizeof($data)) {
$data[] = array_keys($row);
}
$tmp = array();
foreach($row as $key=>$value) {
$tmp[] = $value;
}
$data[] = $tmp;
}
foreach($data as $row) {
echo implode(";", $row) . "\n\r";
}
And there you have it! That script should be capable of turning your queries into a spreadsheet readable file. Fun, right?
Implementing the Singleton pattern in PHP
In short, the Singleton Pattern is a design pattern used when we want only ONE instance of a class to be initialized. This is useful in CPU/Memory intensive classes, such as database handle abstractions.
The Singleton Pattern is a pretty fundamental pattern, worth learning about, if you aren’t already aware. It’s characterized by a private constructor, which can only be called by class member methods, and a public static accessor method, to return a reference to the object.
Here is a quick example of how it can be implemented in PHP (There are other ways, as well).
class Singleton {
private static $__instance;
protected $_value;
private function __construct() {
$this->_value = rand();
}
public static function getInstance() {
if(!isset(self::$__instance)) {
self::$__instance = new Singleton();
}
return self::$__instance;
}
public function display() {
echo $this->_value . "<br />";
}
}
Use it like this:
$foo = Singleton::getInstance(); $foo->display(); $bar = Singleton::getInstance(); $bar->display();
Running C/C++ Code as a CGI Script
When I first had the realization that this was not only possible, but really simple, I was very excited. Using C/C++ to create dynamic web applications isn’t new. In fact, C and Perl were originally the primary method for dynamic web based applications. Well, the Internet has been around long enough, that even Perl is beginning to become obsolete (Thank God).
C++ Web applications are not going to be a game-changer. If this were true, it would have happened a long time ago. Will I forget about PHP? Of course not! Many (probably most) shared hosting solutions won’t even allow you (with very good reason) to execute arbitrary binary files on their servers. Mine won’t. You also can’t (to my knowledge) do this technique on Windows servers.
I WILL, probably, write a few C++ web applications to run on my laptop, just because I’m a nerd, and the satisfaction I’d get if from just knowing every time I hit the Home button, I’m seeing web pages dished up by a C++ script… I’ll stop there.
What kind of solutions do I see this as a replacement for PHP (or Ruby, or Python, or ASP, or JSP, or whatever you use)?
- You are looking to build a robust web application to be run on your own private web servers.
- You are looking to build a high-end distributable web-based software package.
- You are looking to build a web application, and have the ability to run arbitrary binary scripts on your server (such as a private server), and runtime speed is crucial.
I’m thinking, if Twitter was written in C/C++, we wouldn’t have as many Twitter-outages 
.
For example, a software package, where the codebase sits on a server, and clients (or internal employees), interface with it through a web browser. Now we’re talking APPLICATION, more than just a website.
With FastCGI and precompiled binary scripts, well-written C/C++ code will trump compile-on-the-fly approaches of PHP, Perl, Python, etc. (Of course PHP has memcache..)
Enough jibber-jabber. Let’s create a C++ CGI script! First, you’ll need to configure Apache to execute CGI scripts. It’s general practice (but you may not care.. I don’t) to create a single directory, and only allow CGI scripts in that directory to be executed. You’ve probably seen a lot of cgi-bin/ directories on various websites. Let’s say we create a directory at /var/www/cgi. In this directory, we’ll put our CGI scripts. Let’s tell Apache.
You’ll want to edit your httpd.conf file (on Ubuntu, it’s in /etc/apache2). Add this (as root/sudo):
<Directory /var/www/cgi>
Options ExecCGI
AddHandler cgi-script .cgi
</Directory>
The Options ExecCGI line is the one that allows CGI scripts to be executed. If instead of using a single directory, you opted to make the whole ServerRoot allow CGI scripts (like I did), you’ll want to make sure the Options aren’t overridden elsewhere in the server conf. Namely, check for something in /etc/apache2/sites-available/default (or where ever else your system may store Apache config). In this file, You may see another <Directory> block for your server root. Add ExecCGI to the Options list.
You can also create arbitrary file extensions for your CGI scripts with the AddHandler directive. Imagine the possibilities.
Now, restart Apache. On Ubuntu:
sudo /etc/init.d/apache2 restart
When Apache comes back up, you should be ready to roll. You may feel like throwing in a test Perl script before we get to the C++, just to make sure things are working as expected. If you aren’t a Perl Monk (most of us aren’t), do this:
which perl
Will tell you where perl is installed (if at all). It’s probably /usr/bin/perl. So then, create this Perl script:
#!/usr/bin/perl print qq(Content-type: text/html\n\n); print qq(Hello, world!);
Make sure to chmod that bad boy to at least 755, and hit it in the browser, you should see “Hello, world!”. If not, you probably got one of these:
- You saw the perl code
- You got Forbidden
- Internal Server Error
- File not found
That means the CGI script didn’t attempt to execute, check back over the steps, make sure you restarted Apache.
You either aren’t allowed to execute CGI scripts, or didn’t get the right permissions.
Perl code is probably messed up. Check out tail /var/logs/apache2/error.log for what SHOULD be a more detailed error message.
You probably have a typo in the filename or the address bar .
Well, hopefully you have that working now, lets throw down some C++ code.
I’m not going to teach you C++, so if this code doesn’t make sense, you should look into learning C++ before approaching this technique (obviously).
#include <iostream>
#include <cstdlib>
using namespace std;
int main() {
cout << "Content-type: text/html\n\n";
cout << "Hello World (Wide Web)<br />" << endl;
cout << getenv("REMOTE_ADDR") << endl;
}
Save this as hello.C, or whatever you want.. and compile the code:
g++ -o hello.cgi hello.C
Now, make sure that hello.cgi is in /var/www/cgi (or wherever you specified), and hit it in the web browser. You should see an output something like:
Hello World (Wide Web)
127.0.1.1
127.0.1.1
One of the biggest pitfalls I can foresee, is that server-side scripting is not an interactive technique. Thats why scripting languages are perfect for dynamic web pages. C++, not being a scripting language by nature may cause you some headaches. Just be sure to write smart, efficient code.
You can also download a C++ CGI library, to help out with accessing header data, such as Cookies, GET and POST variables, etc. Here is a link to an ANSI C library for CGI Programming.
Protecting Your Web Application’s Code
If you have ever considered commercial web application development, you’ve probably faced the challenge of protecting your intellectual property. I’ve spent the past few months researching and pondering this very problem.
There are many possibilities and issues here. Dynamic web applications are generally written in a client-side scripting language. The nature of these scripting languages is to compile on-the-fly. This means you store the code, in plain-sight. Not very good when you’re trying to sell software, and anyone who purchases it has the ability to reverse engineer your product.
Some technologies, such as JSP, allow you to compile the code down to bytecode, however, by nature of its design, Java bytecode is compact and simple to reverse engineer. Encryption techniques such as ZendGuard are crackable (unencryption has to happen somewhere). ActionScript (Flash) is promising, it compiles down to binary SWF files, however, tools exist to convert these SWF files into their FLA counterparts.
There may be no guaranteed, fool-proof way to protect your code, but one thing that has obviously worked well for stand-alone software vendors is binary compilation. Great, so how do I compile my web code to binary? Simple! Just write your web applications in C/C++ (or other language that compiles to binaries), and run them as CGI scripts.
I had a major AH-HA moment, when I realized that all a CGI script needs to do, is print out the content MIME type, and the actual content, Apache will take care of the rest. This approach will only work on Unix based hosts, as Windows does binaries a little different (suckers). But as the vast majority of web hosts run on Unix, this isn’t a huge deal.
I’m going to create a 2nd post, demonstrating this technique. Look for it in the not-so-distant future.
Update: The 2nd post is up! Running C/C++ Code as a CGI Script
Bought a New Book about Website Optimization
Stopped by Borders yesterday, and picked up a new book, cleverly titled Website Optimization
I was looking for a book which covered SEO, and this fits the bill. O’Reilly books are pretty well known for their quality in the techie field. Paraphrased from the back cover, here is what it has inside:
- “Best practices to improve search engine rankings”
- “Keyword optimization and guerilla PR techniques”
- “Optimize pay-per-click campaigns”
- “Maximize conversion rates by using landing page guidelines to increase leads and sales…”
- “Tune website performance by utilizing XHTML, CSS, and Ajax techniques…”
Glancing through, it looks pretty solid, and has a 5-star rating on Amazon
I have a lot of time off work coming up soon, due to the holidays, vacation, etc. I hope to get through the book soon, and will definitely post my reaction.
Worth Blogging About
Well, I thought I’d take a moment to bring up some news. Saturday, I officially made my first move towards becoming a successful affiliate marketer, with my first day of profit. It was only about $20 worth of profit, but, I hope to see that number grow, especially as the holiday shopping season kicks into full gear.
Perhaps, as I see more success, I’ll make more posts about my affiliate marketing ventures. Yeah, one of those guys.
PHP Bitwise Operators and Access Control Lists
Bitwise operators are a very handy tool that can be used in PHP. The problem is they just aren’t used very often. I really like bitwise operators, but like other PHP developers, I just don’t use them very often. I think the cause of this is that developers just don’t realize when they COULD be using bitwise operators.
A very good example of where you should be using bitwise operators is in Access Control Lists (ACLs). An ACL is basically a list of who has access to what. Well, a simple way to introduce you to access control is via Unix permissions. Most of you are probably familiar with the chmod command. Most of you also probably don’t have the codes memorized. Here is a great little PHP script that will:
A: Help you understand bitwise operators and how you might use them, and
B: Help you understand and memorize the chmod codes.
define("EXECUTE", 1);
define("WRITE", 2);
define("READ", 4);
for($i = 0; $i <= 7; $i++) {
$x = ($i & EXECUTE) ? "x" : "-";
$w = ($i & WRITE) ? "w" : "-";
$r = ($i & READ) ? "r" : "-";
echo "{$i} = {$r}{$w}{$x}<br />";
}
This will output:
0 = –––
1 = ––x
2 = –w–
3 = –wx
4 = r––
5 = r–x
6 = rw–
7 = rwx
1 = ––x
2 = –w–
3 = –wx
4 = r––
5 = r–x
6 = rw–
7 = rwx
A little note, about chmod, just in case you were wondering now: a chmod code is three digits. The first digit is the access code for the file’s owner, the second digit is the access code for the group of the file’s owner, and the third digit is the access code for everyone else. So, let’s take a code: 754. What does this mean? Well, let’s use that list we just created to look it up. The first digit, 7, as stated, maps to the file’s owner, so according to our list, the owner has full permissions, rwx. Next, the second digit is a 5, and that maps to the file owner’s group; the group has r-x access: read and execute, but no write permissions. The final digit, everyone else, is a 4: read-only access.
Now, how can you apply this to your code? Well, as long as you keep the integer assignments as powers of 2, you can have an infinite number of access codes:
define("MAGIC", 8);
$wizard = READ | WRITE | EXECUTE | MAGIC;
if($wizard & MAGIC) {
echo "Wizards can do magic <br />";
}
One Month Milestone
It’s now been over one month since I started this blog. Just thought I’d point that out. Have I made any valuable posts yet? I’d like to think so, but thats up for you to decide. Aside from my blog, I’ve been working diligently on a few side projects, and some extra pages for my SeanJordan.me domain.
I’m that kind of person that always has 4,000 “entrepreneur” ideas going on in the back of my mind. As I start unrolling some of these, I’ll be sure to let you in on them. I have a good one coming up that I’d like to share, so be sure to stay tuned. I’ll share as much as I can on my process of packaging up the finished product, how I market it, and any success I have.
It’s been one whole month, and I’m just now getting to 10 posts. I’d hoped I would do better, I’ll try to in the future!
