# Perl/PHP Thread



## Cromewell

Please post any questions relating to Perl/PHP here. Please indicate which language you are using and also specify which external libraries, if any, you are using.

You can also use this thread to post code you wish to share.


----------



## Ankur

Just some queries.
1. PHP include 


		Code:
	

<?php include("header.php"); ?>

I use it in most of my pages to give a connection and select the database. I want to know how secure it is? I have heard that the header.php file is not very secure.

2. How to auto generate/create a page? 
Example. When I joined facebook it did not give me specific page for my profile. The one day it asked me to select a page name for it. I selected one name and the page got generated. What is this technique called? How to auto generated such pages?


----------



## Cromewell

Ankur said:


> Just some queries.
> 1. PHP include
> 
> 
> Code:
> 
> 
> <?php include("header.php"); ?>
> 
> I use it in most of my pages to give a connection and select the database. I want to know how secure it is? I have heard that the header.php file is not very secure.
> 
> 2. How to auto generate/create a page?
> Example. When I joined facebook it did not give me specific page for my profile. The one day it asked me to select a page name for it. I selected one name and the page got generated. What is this technique called? How to auto generated such pages?



1. If header.php isn't very secure that's kind of you own problem, fix the code 

There was a security flaw (may have been addressed by now) where if header.php was missing the php start tag it could get printed out in plain text on every page which references it. That may be the security issue you are talking about.

It's possible with recent versions of php to include remote files. Obviously this is a security concern because you are including a file which you likely don't have source control over, someone could be modifying functions you are using to do undesired things.

2. I don't use facebook at all but I'd imagine it's all database driven. They may be using some kind of mvc framework as well.


----------



## mihir

Ankur said:


> Just some queries.
> 1. PHP include
> 
> 
> Code:
> 
> 
> <?php include("header.php"); ?>
> 
> I use it in most of my pages to give a connection and select the database. I want to know how secure it is? I have heard that the header.php file is not very secure.
> 
> 2. How to auto generate/create a page?
> Example. When I joined facebook it did not give me specific page for my profile. The one day it asked me to select a page name for it. I selected one name and the page got generated. What is this technique called? How to auto generated such pages?


1. What kind of security are you talking about. You can chmod the file. And as cromwell said you can make some changes in the code. What exactly did you hear about header.php being not very secure?
2.You can use php file handling to create a new php page with the profile details as saved as variables. Like you can have a template with appropriate variable to create a php page for every user. Or you can use query strings and url masking. I think facebook uses URL masking


----------



## Cromewell

> 1. What kind of security are you talking about. You can chmod the file. And as cromwell said you can make some changes in the code. What exactly did you hear about header.php being not very secure?


I think what he is talking about is due to the behaviour of the php intrepreter. Lets say you have a php file which manages your connection credentials and someone were to either make an error or intentionally wanted to mess it up and removed the starting <?php. Any page which was including this file would have the contents displayed for all to see.


----------



## Ankur

I want to know how safe is the header.php file? I put my connection details in it. What if someone gets the code on it? They will hack my whole site. I know the php code isn't displayed on Pages but is there a way to see it? I am not aware of any way, if there is a way then what are the preventions?



mihir said:


> 2.You can use php file handling to create a new php page with the profile details as saved as variables. Like you can have a template with appropriate variable to create a php page for every user. Or you can use query strings and url masking. I think facebook uses URL masking


I did not really understand that. 
Example, if I put some text in a text box, e.g name, then after hitting submit I want it to create a page automatically, like sitename.com/name.


----------



## Cromewell

Ankur said:


> I want to know how safe is the header.php file? I put my connection details in it. What if someone gets the code on it? They will hack my whole site. I know the php code isn't displayed on Pages but is there a way to see it? I am not aware of any way, if there is a way then what are the preventions?


As long as you have a server with the php parser they can't get the code unless they break into the server itself. At which time that's probably the least of your trouble.


Ankur said:


> I did not really understand that.
> Example, if I put some text in a text box, e.g name, then after hitting submit I want it to create a page automatically, like sitename.com/name.



It can be done a couple ways, one is with URL Rewrite where it's faked (but looks like a real page to a user/search engine) and the other is a script that actually generates the file structure.


----------



## mihir

I think URL masking is the best method, for regular websites.I am not sure what facebook uses. But I won't be surprised if they create new files for every user they have since they own the appropriate server resources needed to get the job done. But something like creating new files for every user would be very heavy for a regular website


----------



## Ankur

I am now good enough at PHP now and started nice little business with it. I just want to be expert in PHP now. Can anyone tell me any good books where I can find advance PHP stuff?
Online I can find only basics.


----------



## Ankur

Code:
	

<?php
$fp=fopen("mywork.doc","w");
$str="Hello";
fwrite($fp, $str);
fclose($fp);
?>

The above code works fine and prints hello properly, can anyone tell me how to print "Hello" in Bold or Italics or any other format?


----------



## Troncoso

Ankur said:


> Code:
> 
> 
> <?php
> $fp=fopen("mywork.doc","w");
> $str="Hello";
> fwrite($fp, $str);
> fclose($fp);
> ?>
> 
> The above code works fine and prints hello properly, can anyone tell me how to print "Hello" in Bold or Italics or any other format?



You should just be able to add HTML bold tags around it (<b></b>). If you would like to do a lot of formatting and visual things in PHP, it would do you good to learn how to integrate some HTML/CSS into your code.


----------



## Ankur

Troncoso said:


> You should just be able to add HTML bold tags around it (<b></b>). If you would like to do a lot of formatting and visual things in PHP, it would do you good to learn how to integrate some HTML/CSS into your code.



Agreed, but I want to write the string in a word file and not on a webpage. If I put "<b>Hello</b>" in a string and write it in a word file then it will print
<b>Hello</b> in word file.

How I actually I want to print in word file
*Hello*

How actually it is printing
<b>Hello</b>


----------



## Cromewell

Are you trying to write the doc file with using the word xml format? If so you have to use <w:b/> modifier but it's ugly as anything you've ever seen or ever will again.

If you have some library which is helping you with the word doc format, it should have a method to do what you want.


----------



## Ankur

I have created login page for my website, it checks the username and password and the if successful creates a session for that user.
Example: $_Session['user']=$username;

I want to know if other user logs into my site then will the $_Session['user'] variable be overwritten? 
Will there be confusion or any bugs?

Is there a method to solve this problem?
I want to create two different sessions for these two users accessing my site concurrently, how to identify the users?


----------



## kobaj

Ankur said:


> I have created login page for my website, it checks the username and password and the if successful creates a session for that user.
> Example: $_Session['user']=$username;
> 
> I want to know if other user logs into my site then will the $_Session['user'] variable be overwritten?
> Will there be confusion or any bugs?
> 
> Is there a method to solve this problem?
> I want to create two different sessions for these two users accessing my site concurrently, how to identify the users?



No, the session table gives unique ids depending on the user accessing the server. So User A cannot see User B's session variables.

But I'm posting because that is not a very effective way to manage the login of users. As soon as they close their browser/navigate away from the site session variables are recycled. Meaning every time they come back to your website they have to log in /again/. Which, if you're running a banking website is secure yes. But regular website, or forums, or anything of that nature will drive the user insane.

You should use cookies.


----------



## Ankur

It is more of a place where security is needed, I am destroying everything after the user leaves the site, thanks Kobaj I needed that reply, I'm feeling positive now.

Okay now I have some security question, what is SSL, HTTPS?
I can google it but can someone explain me nice in short 

Other tricks to keep my session safe.


----------



## Cromewell

Using sessions is good for security but depending on what you are doing, it's possible to steal someone's session.

SSL/TLS/HTTPS is a secured connection between the server and client. Basically, it defines how the client and server encrypt their communications. You need a certificate to identify your server. You can use a self signed one but the client will complain that the site may not be secure unless your server is a trusted signer.


----------



## Ankur

How to send mail using php? I am using the php mail() function but it is failing, it doesn't even send the details to the spam folder.
I know I have to edit and set the php.ini file but I am using a shared server so how do I edit the details?
Any Help?


----------



## Cromewell

You need an active mail server to send the mail to or it won't work. i.e. sendmail on a linux box. On windows you just need to set the mail server ini property to something php can push the mail to.


----------



## Ankur

The shared server won't allow me to change the php.ini file, I do have an active mail server, is there a way by which I can set my mail server to the settings?


----------



## Cromewell

You can call ini_set to reset the value temporarily for your script. Put it in a shared function place if you have a lot of scripts.


----------



## Ankur

Ok I want to know how can I open a new page on click of a button (not submit button) without Javascript?
Just need to use php! but how?


----------



## Cromewell

Why can't you use Javascript? The only method I know is to use the onclick event. You can make the button a link by using a form but that won't open a new window.


----------



## Ankur

Cromewell said:


> Why can't you use Javascript? The only method I know is to use the onclick event. You can make the button a link by using a form but that won't open a new window.


Mostly a user/hacker will disable JavaScript and then the button won't work. I do know the form action button type.


----------



## Cromewell

I don't know too many people that disable javascript anymore but if it's a concern and you don't mind not using a button you can use a normal anchor tag and put a target in it to open a new window.


----------



## Ankur

Ok this is a bit off topic question, but do you know how to get drop down list on a text box that looks similar too the one like google.
Also how to disable a button when it is clicked? I use onclick="this.disable=true;", it works but the form values don't POST to the action.


----------



## Cromewell

Do you have a page I can look at for their drop downs? Their other controls look kind of jQuery themed but Google will have probably written their own library for it.

For your button add form.submit() to the onclick action.


----------



## Ankur

Cromewell said:


> Do you have a page I can look at for their drop downs? Their other controls look kind of jQuery themed but Google will have probably written their own library for it.


I haven't really seen other websites like that except yahoo and bing, I just want to retrieve data from the database and allow the user to move over the names with their up-down keyboard keys, same like google. 
I found this http://www.roseindia.net/tutorial/ajax/jquery/autocomplete.html
works fine but it is mostly jquery, I just have a feeling I can do the same with ajax, css and php, but don't really understand much of jquery code to convert it.
Here is the output http://www.roseindia.net/ajaxexamples/jquery/autoComplete/


Cromewell said:


> For your button add form.submit() to the onclick action.


But does it disable the button?


----------



## Cromewell

Ok I understand what you're asking for now. I thought you meant how they were styling their selects or something.

Yes, you can definitely recreate it on your own, jQuery makes it a lot easier though. (http://jqueryui.com/demos/autocomplete/)
The gist of what you want to do is have the textbox post to a backend php/asp/whatever page via ajax that queries a database and returns a list available options for autocomplete. You then present the options to the user and have an onclick that populates the clicked option into the textbox.

You leave this.disable=true; and add form.submit(). i.e. <input type="submit" onclick="this.disable=true; form.submit()" />


----------



## Ankur

Nice, thanks, will work on it.


----------



## ayan

Anyone knows how endline marker works in php ? I work as a webdesigner, but i have years of experience on other languages closer to C, that don't have syntactic sugar. 
My problem is , that i enter a text in a textarea, the text has newlines. When i search the string in php for the caracter '\n' or '\r', it doesn't find anything. I want to know how this works bitwise. Thank you in advance


----------



## Cromewell

Writing a newline is just the os newline but if you want your HTML page to have that newline you are probably looking for <br /> (though you may want to adjust your markup to use things like <p>).


----------



## Ankur

I have a website in PHP which hosts user files, these files are in .docx format. My problem is to prevent downloading of this files.
example: my site sitename.com hosts a file filename.docx
So when a user types the URL sitename.com/filename.docx then that file starts downloading.
I just want to ensure that the user who is eligible to download can do it.


----------



## NyxCharon

Are you storing all the uploaded files in one, central directory, or do they each get there own?


----------



## Ankur

NyxCharon said:


> Are you storing all the uploaded files in one, central directory, or do they each get there own?


Yea in one directory, with different folders.


----------



## NyxCharon

In terms of pure code, nothing really comes to mind. I mean you could make each user's folder there username, and when someone attempts to download that file check against that. 

However, the better, (and imo more professional) way to handle something like this would be LDAP authentication, however this is something that needs to be setup on a server so unless you have root access to wherever your hosting this, it's not easily achieved.


----------



## Cromewell

Apache? Look at .htaccess files. Code wise theres not much you can do, its a webserver problem.


----------



## computer7

ayan said:


> Anyone knows how endline marker works in php ? I work as a webdesigner, but i have years of experience on other languages closer to C, that don't have syntactic sugar.
> My problem is , that i enter a text in a textarea, the text has newlines. When i search the string in php for the caracter '\n' or '\r', it doesn't find anything. I want to know how this works bitwise. Thank you in advance



In PHP if you define a string with single quotes, PHP will not interpolate variables within it (including the newline variable \n).

Make sure that when you do the searching, you use double quotes:



		PHP:
	

$position = strpos($_POST['mytextarea'], "\n"); // <-- double quotes


By using single quotes, PHP will literally seach for \n and not new lines.


----------



## Ankur

I have a query here,
I build a software with PHP recently, in that I have to upload a file and process it. It checks every word of the file and processes it accordingly.
This is what I do, at home.php page I have the upload button, the action goes to form_upload.php page, this page has the upload script and processing script (The one that checks the words of the file).
After finishing the whole process, after almost 10-20 seconds, it comes back to the home.php page.

The problem is, the user cannot see anything while this is going on, I want to show them progress bar or some progress. The problem is that there is loading of two different pages. home.php->form_upload.php->home.php

I can use AJAX, but won't that show my important code.


----------



## Cromewell

If you have some output before starting to process the files that should be shown to the user but you could also use AJAX to post and have home.php show a 'processing form' animation.

Something like this: http://www.ajaxf1.com/tutorial/ajax-file-upload-tutorial.html

Looks like jQuery form also has some support for this, which is probably easier than trying to code it all yourself. http://malsup.com/jquery/form/#file-upload


----------



## AntimatterAsh

What exactly are the benifits of Perl over C++, or VB.NET? What does it actually do?


----------



## Cromewell

Perl is a scripting language. It's similar to PHP, though PERL is used much more frequently used to automate command line stuff and in the networking world and used much less on the web now. 

There are also lots of PERLisms where stuff works by seemingly magic, I'm not sure PERL knows how some of it works 

Generally I'd say you could write something faster in Perl but it depends on it's complexity. Object support in Perl is kind of wacky. It's there and it works but it can be quite confusing on a first look.


----------



## AntimatterAsh

Can I use something like visual basic to code it, or another program (no idea what you call them), and what examples could a novice like me do?


----------



## Cromewell

You can't write Perl in VB, you have to write it in PERL 

http://www.perl.org/

If you have a linux machine it will most certainly have Perl installed or at the very least a package for it. To install it on Windows most installs I know of use Active.

You write it as you would PHP, in whatever text editor you like.


----------



## Ankur

I searched a lot for this but couldn't find the solution to my problem. Maybe I couldn't search it well.

I have a folder in the server, with multiple MS word files i.e docx, doc. Basically my whole website is session based, every file upload is placed in some folder, all I want to do is this:
A user with session id "1" can access file "a1.docx"
but the file tends to be public and downloadable to everyone. Can anyone give a solution to this?


----------



## Cromewell

You might be able to fake it by storing the files in a non-public directory (i.e. outside of htdocs) and getting it via an accessor script. Just make sure your directory is read/write for your web user.


----------



## limited

Ankur said:


> Code:
> 
> 
> <?php
> $fp=fopen("mywork.doc","w");
> $str="Hello";
> fwrite($fp, $str);
> fclose($fp);
> ?>
> 
> The above code works fine and prints hello properly, can anyone tell me how to print "Hello" in Bold or Italics or any other format?



<?php
$fp=fopen("mywork.doc","w");
$str="Hello";
fwrite($fp, $str);

echo "<b>";echo "Hello";echo "</b>";
echo "<strong>";echo "Hello";echo "</strong>";
echo "<i>";echo "Hello";echo "</i>";
echo "<em>";echo "Hello";echo "</em>";

fclose($fp);
?>


----------



## Cromewell

limited said:


> <?php
> $fp=fopen("mywork.doc","w");
> $str="Hello";
> fwrite($fp, $str);
> 
> echo "<b>";echo "Hello";echo "</b>";
> echo "<strong>";echo "Hello";echo "</strong>";
> echo "<i>";echo "Hello";echo "</i>";
> echo "<em>";echo "Hello";echo "</em>";
> 
> fclose($fp);
> ?>



While b/strong and I/em tags work, generally these will be done with css and a span tag now, within reason for what you are trying to do. MDN actually does an ok job with it https://developer.mozilla.org/en-US/docs/Web/HTML/Element/b


----------

