Tag Archives: PHP

Installing PHP 5.3.0rc2 for XAMPP (Windows)

Having been unable to find a definitive guide to upgrading the XAMPP PHP version to PHP 5.3.0rc2, I decided to improvise on a guide for installing the PHP 5.3 alpha.

My guide will describe how to upgrade the current XAMPP PHP version to the second release candidate of version 5.3. It is expected that this method will also work for the third release candidate when it is released later this month.
Continue reading Installing PHP 5.3.0rc2 for XAMPP (Windows)

Fyrwerks Update

This project is still very much in early development. Many alterations and additions have been integrated into the final plans; accommodating these will push back a release until early 2009.

More information will be provided once I’ve modified the framework core to adopt some of the most important changes. The Fyrwerks development site will be uploaded when I get around to finishing it (I am hoping to use the first developmental release to power it!).

//-plasm!d-//

PHP Fyrwerks

I am pleased to announce that I am in the process of developing and (at some stage) releasing my personal PHP development framework – Fyrwerks. This has been an ongoing project for some time, it is only recently that I have decided to consider releasing it publicly.

While I can’t give away too many details just yet, the following are some of the features you can expect to see in the first release:

  • A structured framework for installing and maintaining custom PHP web apps.
  • Libraries dedicated to simplifying and object orientating repetitive or complex tasks
  • Fast script execution and reliable communication channels between different services.
  • Compact and easy to set-up.
  • Fully GoPHP5 compliant.

The development site is located at http://fyrwerks.com, some early demos should be available from next month.

Check back soon for updates!

//-plasm!d-//

List PHP extensions with functions

This is a quickie I thought I’d put up on my break. Although it isn’t exactly complex or ground-breaking, its nice to have it at hand if you wanted to see which extensions provide particular functions (without having to refer to php.net of course!)

	$exts = get_loaded_extensions();

	foreach($exts as $ext) {
		$flist[$ext] = get_extension_funcs($ext);
	}
	
	print_r($flist);

This is a nice starting point if you wanted to write a script that determines whether the server you’re installing onto has the necessary PHP extensions loaded.

PHP GUID Exposure

There’s a neat little tutorial on how to access various PHP easteregg images at 0php. The author also describes how to prevent your server from displaying this image (to prevent outside users from being able to determine whether or not your server is running PHP).

I thought I’d make a little script that takes advantage of this easteregg and the inherent format of GIF image files to determine whether PHP is running on a remote server.

<?php
	
	// Configuration.
	$url = 'http://www.example.com/'; // Replace with whichever URL.
	
	// Open the connection.
	$handle = @fopen($url.'?=PHPE9568F36-D428-11d2-A769-00AA001ACF42', 'r');
	if($handle)
		echo("Handle active...
n"); else die("Error creating handle!n"); // Import data into buffer. $buffer = fgets($handle, 4); if($buffer == 'GIF') // <- part of the binary header for GIF files. echo("This server is using PHP!
n"); else echo("This server is NOT using PHP!
n"); // Close up, clean up. $ret = fclose($handle); $handle = NULL; if($ret) echo('Success!'); else die('Failed to close handle!'); ?>

Don’t forget to replace $url with the server address before using this script.

PHP 5.2.x __toString() Support

Since updating to PHP version 5.2.2 (which has been superseded yet again since this post) the default behavior of class objects is to raise an error when cast to a string (usually a ‘Catchable Fatal Error’, citing that the object could not be converted to string!).

This is quite irritating, as previously the default behavior would be to return a unique object identifier. However, there is a quick workaround for this problem should your script rely upon object string casting / this unique object identifier.

The Fix

When creating your class, add in __toString() as a function. This so-called ‘magic function‘ is called when trying to cast an object to string, such as (string) $someObject. The following combines this function with a call to spl_object_hash(), which provides an identifier hash for the object:

<?php

class SomeClass {
	function __toString() {
		return spl_object_hash($this);
	}
}

$someObject = new SomeClass;
echo $someObject;

?>

The above code is fairly self-explanatory and it saves you from at least a few of minutes banging your head on the table 🙂

EXIF and PHP exploitation – The Truth

Introduction

After reading through a couple of tutorials describing the ease with which PHP can be included directly from the EXIF data within a JPEG image, I became suspicious. Surely my eyes deceive me? Is this a late April Fools’? My first point of call was Google – which provided me with a wealth of information on EXIF functions from within PHP, but very little regarding this particular vulnerability.

There was nothing for it… time to jump in and see what the fuss was about!
Continue reading EXIF and PHP exploitation – The Truth

A faster object in_array() for PHP 5

This is a fast and effective way of find an object in an array.

As of PHP v5.2.2 objects do not have a default response to being cast to (string). To make this tutorial work with newer PHP builds, use spl_object_hash() in place of string casting.

Introduction

When a new object is created in PHP it is assigned an internal numeric id value. The only way to destroy an object (thereby deleting its internal id) is to unset() or nullify (=NULL) all references to the object from within the script. It follows that when an object is destroyed, PHP will fill the lowest id available for the next object. For example: if objects with ids 4, 5 and 6 exist – by destroying 5, the next two objects created in PHP will have id 5 and then id 7!

These rules can be exploited to provide a much faster object in_array()!

Theory

Comparison of multidimensional objects will almost always be more processor intensive than string comparison. It occurred to me that a great deal of time could be saved by identifying objects in an array as strings. However, conventional approaches using serialize() tend to exacerbate the problem further as the function itself is quite slow. The following is the proposed function with a demo on how it could be implemented.


/***
	The proposed object_in_array function.
	***/
	function object_in_array($needle, $haystack) {
		/***
		Arguments:
			(object) $needle - The object being searched for.
			(array) $haystack - The array containing objects.
		***/
		$stringArray = array_map(create_function('$in','return (string)$in;'),$haystack);
		$objectString = (string)$needle;
		return in_array($objectString,$stringArray,TRUE);
	
	}
	
	/***
	Prepare an object needle.
	***/
	$needleObject = new stdClass;
	
	/***
	Prepare a sample array including the
	needleObject.
	***/
	$objectArray = array(
		new stdClass,
		new stdClass,
		new stdClass,
		$needleObject
	); 
	
	/***
	Uncomment the block  below to perform
	an analysis of a much larger array.
	***/
	
	/*
	for($i=0;$i < 50000;$i++) {
		$objectArray[] = new stdClass;
	}
	$objectArray[] = $needleObject;
	*/
	
	/***
	Start time-stamp
	***/
	$timeStamp = get_micro_time();
	
	/***
	NOTE: The print() function is included
	in the time analysis as it doesn't contribute
	much to the overal time required.
	***/  
	print(object_in_array($needleObject,$objectArray) ? "Found!n" : "Not found!n");
	
	/***
	End time-stamp and display.
	***/
	$timeStamp = round(get_micro_time() - $timeStamp,6);
	print("Search duration: $timeStamp ms");
	
	/***
	Auxillary timing function. Sorry,
	I can't remember where I got this function
	from or I would credit the author! Google it :-p
	***/
	function get_micro_time() {
		list($microSec, $sec) = explode(" ", microtime());
		return ((float)$microSec + (float)$sec);
	}

The above can be further optimised (clean-up the temporary array, etc.) but serves to show how the array can be copied, recast and used as a search reference for objects. Modification of the above to use the conventional in_array() or foreach() looping drastically increases the duration of the search! With very little modification to the code, the function could even return the object directly and retain the same array processing speed.

A footnote…

I had previously toyed with the idea of using a single array, casting the objects to strings and storing these as the key for each item (then using array_key_exists() ). If you’re not too worried about using the array keys / don’t use them to store useful data, this latter method can be ten-fold faster than the above example!

Accessing private properties in PHP 5 objects

With the introduction of PHP 5 comes the ability to define class properties and methods in a more traditional style to C++ and other popular OOP languages. The three major distinctions are Public (designated by default), Private and Protected.

Demonstration:

class TestClass {

 	public $VarA = 'I am public!';
 	private $VarB = 'I am private!';
 	protected $VarC = 'I am protected!';

}

$NewInstance = new TestClass;

print($NewInstance->VarA); /* No problem */
// print($NewInstance->VarB); /* Error */
// print($NewInstance->VarC); /* Error */

$NewInstance is initiated as an instance of TestClass. $VarA can be easily accessed using $NewInstance->VarA, however trying to access VarB and VarC in the same manner will generate an error as they are designated inaccessable outside the current class (or sublcasses in the case of VarC). It is sometimes necessary to access Private and Protected object variables and this can be achieved very easily using just one line of code:

 	var_dump( (array) $NewInstance );

This will generate a dump containing a list of all object properties, including private and protected variables. Each will have an assigned key that follows the pattern of:

[“?class name?private property name”] = PRIVATE PROPERTIES
[“?*?protected property name”] = PROTECTED PROPERTIES

By type-casting to an array, the object properties are forcibly revealed in the same way you can reduce an object to a string using serialize().