Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Websec.io:
Using Canaries for Input Detection and Response
Feb 28, 2018 @ 17:27:51

The Websec.io site has posted a new tutorial today showing how to use "canary" values and the psecio/canary PHP package to detect and respond to potentially malicious input.

I'm sure you've heard the common phrase "a canary in a coal mine" when people talk about safety and detection of issues. When miners used to go down to work, there was a danger of trapped gasses being released as they were digging. Some of these gasses were hard for humans to detect and, if enough was breathed in, could lead to illness or even death. In order to help the miners detect and avoid these kinds of issues, they would take a canary (the bird) down into the mine with them.

[...] The idea of a "canary" value in the security world is pretty similar. A "canary" value is one that - real or faked - is somehow exposed outside of your own system. If this value is used you need to be notified immediately so you can take action and gather more information about the usage and any other associated issues.

The tutorial then introduces the psecio/canary package and shows some of its basic use detecting input and setting up notifications. It also covers some of the package's integrations for notifications with services like Slack, PagerDuty and custom Monolog handling. It also provides an example of it in a more "real world" situation of a Slim framework middleware that detects incoming GET parameters.

tagged: canary detect respond value tutorial package pseciocanary

Link: https://websec.io/2018/02/28/Canary-Input-Detect-Response.html

SitePoint PHP Blog:
How to Build a Twitter Follower-Farmer Detection App with RestDB
May 31, 2017 @ 17:17:03

The SitePoint PHP blog has a tutorial posted for the Twitter users out there showing you how to create a "follower-farmer" detection tool that will scan your account for followers that track your account and then soon after unfollow as a means of gaming the follower system.

Are you active on Twitter? If so, do you often wonder why some accounts seem to follow you only to unfollow you moments (or days) later? It’s probably not something you said – they’re just follower farming.

[...] Follower farming is a known social media hack taking advantage of people who “#followback” as soon as someone follows them. [...] In this post, we’ll build an app which lets you log in via Twitter, grabs your followers, and compares the last fetched follower list with a refreshed list in order to identify the new unfollowers and calculate the duration of their follow, potentially auto-identifying the farmers.

They use a Homestead VM and a fresh Laravel installation to create their application. It makes use of the Socialite package to connect to Twitter using your application's client ID and secret. The application then makes use of the guzzlehttp/oauth-subscriber package to connect to the Twitter API and get a list of current followers. The post also includes the code to create a "FollowerServiceProvider" to make it simpler to get the follower information. He then shows how to set up the RestDB account and push the follower content out to it for storage. The tutorial wraps up with the code required to analyze the followers against "unfollowers" and report back the results.

tagged: twitter follower farmer detect application laravel tutorial

Link: https://www.sitepoint.com/how-to-build-a-twitter-follower-farmer-detection-app-with-restdb/

SitePoint PHP Blog:
How’d They Do It? PHPSnake: Detecting Keypresses
Oct 31, 2016 @ 20:14:23

The SitePoint PHP blog has a new tutorial posted from editor Bruno Skvorc looking at building a "snake" game purely with PHP and handling/catching keypresses.

At a recent conference in Bulgaria, there was a hackathon for which Andrew Carter created a PHP console version of the popular “snake” game. I thought it was a really interesting concept, and since Andrew has a history of using PHP for weird things, I figured I’d demystify and explain how it was done.

The original repository is here, but we’ll build a version of it from scratch in this series so no need to clone it.

They start by defining some of the requirements for the game, including that it is to be CLI based with no browser functionality allowed. With those defined, they get into the code, starting with some of the "boilerplate" code to work with the command line environment, handle output and reading in characters as keys are pressed. The tutorial then gets into mapping the snakes to "directions" do that the keypresses would make the snake go up, down, left or right.

tagged: phpsnake snake detect keypress tutorial commandline

Link: https://www.sitepoint.com/howd-they-do-it-phpsnake-detecting-keypresses/

Master Zend Framework:
Preparing Legacy Applications for PHP 7 with Phan
Sep 08, 2016 @ 17:07:42

The Master Zend Framework site has posted a new tutorial for those making the move in their legacy applications up to the world of PHP 7. In it Matthew Setter shows how to use phan, a static analysis tool, to locate issues that could cause breakage in the upgrade.

Unless you’ve been living under a rock these last 12 - 18 months, you will have heard about PHP 7; the latest version of PHP. Not only is it fast, by some reports it’s up to twice as fast as PHP 5.6, and far less memory hungry.

[...] Unfortunately, your application’s source code may not be 100% compatible with version 7. Upgrading may well leave you with a broken application and a set of unhappy customers. So before you go breaking your site in the interests of speed and being one of the cool kids, find out if your code’s compatible. How? By using a static code analyser, one which gives you all the changes you need to make on your code, so that you can upgrade with confidence.

He then shows how to install the Phan tool via Composer and execute it against your codebase. The result of his commands are a file that contains the issues found during the scan. If there are some "false positives" you'd like to ignore he also shows you how to create a config.php file with these and other values set to make it all more reusable.

tagged: php7 upgrade phan detect static analysis code tutorial

Link: http://www.masterzendframework.com/preparing-for-php7-with-phan/

Oliver John Tibi's Blog:
Mobile-ize Your CakePHP Application
Dec 20, 2011 @ 15:11:10

In a new post to his blog, Oliver John Tibi has the first part of a series looking at mobile-izing your CakePHP application, making it mobile friendly when a mobile browser is detected.

I'll be writing a short series of posts on how to create a mobile version of your CakePHP app. I've always been bragging to my peers how awesome CakePHP is, and so now I'm writing a short tutorial on how to create a mobile-friendly version of a CakePHP app. I promise to make this as easy as possible.

In this first part of the series he helps you do two things - set up some custom routes for the mobile version of the site ("/m") and add in browser detection using the RequestHandler's "isMobile()" method.

tagged: mobile browser detect tutorial series cakephp framework

Link:

Derick Rethans' Blog:
Translating Twitter
Jan 05, 2011 @ 16:05:46

In a new post to his blog Derick Rethans shows how to implement something very handy for those wanting to read all of the posts in their twitter stream, regardless of the language. Using Google web services, he's put together a twitter translation for his twitter client Haunt.

As the author of Xdebug I am interested in finding out what people think of it, and whether they have problems or compliments. I've set-up a twitter account for Xdebug, @xdebug, and my twitter client Haunt also shows me all tweets with the search term xdebug. However, sometimes I get tweets in a language I can't read.

Since there's no language information associated with tweets, Derick used Google's Language Detect web service to get the language code for the text. Another quick call to the Translate service and a suable translation is returned. You can see how it looks in his screenshot. You can find the code for it here.

tagged: translate twitter language google webservice detect

Link:

TheseDays.com:
An Easy Way to Detect Mobile Devices
Aug 11, 2010 @ 13:24:35

On the These Days blog there's a recent post talking about creating a mobile version of your site and how you can detect if the visitor is using a mobile browser or not using WURFL.

WURFL, The Wireless Universal Resource File (WURFL) is an open source project which collects information about all of the different mobile devices in use. It is constantly being updated, so as long as you keep your WURFL definitions up-to-date you don't have to worry about your detection scripts not recognising new devices. By querying a WURFL database with your visitor’s User Agent string, you can not only determine whether the device they are using is a mobile device, but whether it has a touch screen, can make phone calls, is a tablet (iPad) and more.

They include a snippet of code that uses the Tera-WURFL service and a call to getCapabilitiesFromAgent to see what kind of client is making the requests and what it supports.

tagged: detect wurfl wireless mobile device snippet

Link:

Danne Lundqvist's Blog:
Detecting UTF BOM - byte order mark
Apr 29, 2010 @ 16:47:03

In a new post to his blog Danne Lundqvist looks at a common pitfall that could trip you up if you're not careful with your UTF-8 data - not looking for the UTF byte order mark that tells the application if it needs to be handled as UTF content.

One such thing is the occurrence of the UTF byte order mark, or BOM. [...] For UTF-8, especially on Windows, it has become more and more common to use it to indicate that the file is indeed UTF. Most text editors handle this well and you won’t ever see these bytes. As it should be.

He points out what could cause an issue - using strcmp or substr but it can be prevented by looking at and removing those first three bytes if needed. He includes a snippet of code that does just that.

tagged: byteordermark utf utf8 utf16 detect

Link:

David Walsh's Blog:
iPad Detection Using JavaScript or PHP
Apr 13, 2010 @ 17:22:22

David Walsh has a new post to his blog today with some code snippets that can help you detect iPad users when they come to your site.

The hottest device out there right now seems to be the iPad. iPad this, iPad that, iPod your mom. I'm underwhelmed with the device but that doesn't mean I shouldn't try to account for such devices on the websites I create.

He includes three ways to get the job done by matching against the User Agent sent by the browser - Javascript, PHP and with an .htaccess file for an Apache server. As one commenter points out, though, you need to be sure if you already have a redirect on the word "mobile", the iPad's User Agent contains that too.

tagged: ipad apple detect useragent

Link:

PHPFreaks.com:
Protecting php applications with PHPIDS
Dec 22, 2008 @ 14:49:42

On the PHPFreaks.com website there's a new article looking at one way to help protect your website from those evil doers out there looking to cause you and your data harm - PHP-IDS.

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. [...] In a nutshell PHPIDS is an advanced intrusion detection system written with performance on a large scale in mind. The basic installation and configuration is pretty straight forward.

They (briefly) step you through the installation and configuration of the tool and provide a sample script to get the ball rolling - a file that can be auto_prepended to all scripts run on your Apache server to filter and log incoming requests.

tagged: tutorial phpids tool security protect filter log detect install configure

Link:


Trending Topics: