News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPMaster.com:
Server-Side Device Detection with Browscap
July 25, 2013 @ 13:09:12

In a new tutorial posted to PHPMaster.com today, Lukas White talks about using the Browscap functionality to do server-side device/client detection in your applications.

An alternative solution to the problem is to use server-side device detection and then take certain actions based on that information. One possibility is to simply forward requests for a mobile site to a different URL. Another possibility is to adapt the layout - or indeed content - programmatically as it's generated on the server. Taking a server-side approach is the basis of this article, which looks in detail at the Browser Capabilities Project, or Browscap for short, to provide the information on which to base these decisions.

He starts with some of the basics - User-Agent strings that most devices will send to your site and their structure. He then talks about the Browscap project and the PHP support for its use. He shows how to get it all installed via Composer and how to use the "browscap-php" library to get the current browser information. He includes an example of the output and shows how to use this to redirect the user to a mobile site if needed. He also adds in a bit at the end about using it for layout switching or for showing the user the correct download links based on their client.

0 comments voice your opinion now!
serverside useragent browscap tutorial detection

Link: http://phpmaster.com/server-side-device-detection-with-browscap

Cameron McKay:
Counting Syllables and Detecting Rhyme in PHP
August 16, 2012 @ 10:18:57

In this new post to his site, Cameron McKay has posted a bit of interesting code - functionality that detects the number of syllables in words and checks for rhyming in phrases.

The simplicity of the rules got me thinking: how hard would it be to write a program to check if a poem stanza is ottava rima? In this article, we will write a simple ottava rima detector in PHP.

His code takes in the content and performs a few checks, one simple (length) and two custom - "is_iambic_pentameter" and "is_abababcc_rhyme". The code for these two checks are included in the post as well that, in turn, use some other functions to count syllables and vowels and use Arpabet phonetic transcription and monophthongs/diphthongs to detect iambic pentameter and rhyme.

0 comments voice your opinion now!
syllables rhyme detection iambicpentameter tutorial


Henry Hayes' Blog:
Zend Framework UserAgent Browscap Implementation
June 20, 2012 @ 10:55:32

Henry Hayes has a recent post to his blog looking at a the change for the user agent support for the browser detection functionality in the Zend Framework.

Recently it has come to light that Zend Framework are dropping support for the WurflApi Features Adapter in the Zend_Http_UserAgent component. This is due to licensing issues. As of version 1.12 Zend_Http_UserAgent_Mobile constant DEFAULT_FEATURES_ADAPTER_CLASSNAME now specifies that Zend_Http_UserAgent_Features_Adapter_Browscap is now the default mobile adapter.

He shows you how to get the browscap support set up and configured for your PHP installation and what needs to be done to a pre-1.12 ZF release application (using this library) and in a post-1.12 application (almost nothing).

0 comments voice your opinion now!
zendframework browscap browser detection mobile update


C. Sadeesh Kumar's Blog:
Smart File Type Detection Using PHP
August 29, 2011 @ 12:07:53

In a new post today C. Sadeesh Kumar has a quick tip to help your script detect file types without having to rely on the extension to be correct.

In most web applications today, there is a need to allow users to upload images, audio and video files. Sometimes, we also need to restrict certain types of files from being uploaded - an executable file being an obvious example. Security aside, one might also want to prevent users from misusing the upload facility, e.g. uploading copyrighted music files illegally and using the service to promote piracy! In this article, we'll look into a few ways in which we can achieve this.

The trick to his example is in using the Fileinfo PECL extension. With the help of this extension you can look inside the file and pick out the "magic bytes" (the first few bytes of a file) and see what MIME type the file really is. He includes a simple example of using the extension on a file and a file upload script that checks the type and handles the file accordingly.

0 comments voice your opinion now!
file type detection fileinfo extension pecl tutorial


Ibuildings techPortal:
PHP intrusion Detection System (PHPIDS)
August 04, 2009 @ 08:48:42

On the Ibuildings techPortal site today Boy Baukema looks at PHPIDS, the PHP intrusion detection system and how it can start to help protect you and your application feel a little safer.

Just a reminder to everyone who is interested in WebAppSec and hasn't done so already to try PHPIDS, the Intrusion Detection System. [...] Installing PHPIDS is easy. Just download the latest version in your preferred format and then review the the FAQ for sample code on how to install it.

He does warn on one thing though - the system is a basic intrusion detection system and is not as complex as other detection tools. There were some complains he had about what it thought were intrusions and recommends that you only have it pointing to the external side of your application to cause less hassle in the long run.

1 comment voice your opinion now!
phpids security intrusion detection tool


Maurice Svay's Blog:
Face detection in pure PHP (without OpenCV)
June 22, 2009 @ 12:53:22

Maurice Svay has a new blog post that includes a script he's developed to perform facial recognition (detect faces in images) with PHP without the need of the Open-CV library.

OpenCV seems to perform well but you need to be able to install it on your server. In my case, I wanted to have a pure PHP solution, so it can work with most hosts. So I started to think about implementing it myself. [...] I kept searching and finally found a canvas+javascript implementation of face detection at http://blog.kpicturebooth.com/?p=8. The code looked fairly compact and simple. Shouldn't be hard to port to PHP.

The class takes in the filename of an image (just JPG, but could easily be adapted) and a data file to use to run the image through the GD image library and output a JPG similar to this with the face highlighted by a red square.

0 comments voice your opinion now!
gd opencv detection face


HowTo Forge:
Intrusion Detection For PHP Applications With PHPIDS
June 24, 2008 @ 10:22:04

On the HowTo Forge website, there's a recently posted article about using the IDS tool for PHP to help with intrusion detection for your website.

This tutorial explains how to set up IDS tool on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to.

They show the steps you'll need to get things installed and working as well as some of the configuration changes you'll need to add/make (including the creation of an auto-prepend file to make using it all over easy).

0 comments voice your opinion now!
intrusion detection phpids application tutorial install configure


Sebastian Bergmann's Blog:
On PHPUnit and Software Metrics
February 08, 2008 @ 09:31:00

In one of his latest entries, Sebastian Bergmann answers a question from another blogger about the future of software metrics and project mess detection as a part of the PHPUnit project.

When I started to work on these projects, there was no other place for me then to develop them as part of PHPUnit. [...] But the more I thought about it, I realized that these features do not belong into PHPUnit but into a suite of tools that PHPUnit is a well-integrated part of.

He did, however, include it as a part of the PHPUnit 3.2 release at that time. Now, however, there are the tools and platforms to make those tests useful outside of the PHPUnit environment and is allowing him to move it out from the testing application and on to closer integration with other software.

0 comments voice your opinion now!
phpunit software metrics project mess detection integration


Sebastian Bergmann's Blog:
Copy & Paste Detection in PHPUnit 3.2
August 22, 2007 @ 09:31:00

Sebastian Bergmann spotlights another feature of the upcoming PHPUnit version 3.2 - the inclusion of a Project Mess Detector's ability to help find duplicate code.

Duplicate code can be hard to find, especially in a large project. Johann-Peter Hartmann of MAYFLOWER GmbH recently implemented Copy & Paste Detection for PHPUnit's growing set of features that extends its usage scenarios beyond "just unit testing" to a one-stop solution for quality assurance in PHP-based projects.

In his example, Sebastian shows what the response will look like when the tests find duplicate code - giving details like the files involved and the code fragment that was duplicated.

Check out this list in another post on Sebastian's blog for more of the metrics that will be included in the upcoming version.

1 comment voice your opinion now!
phpunit unittest metric software copyandpaste detection mess detector phpunit unittest metric software copyandpaste detection mess detector


Tutorial:
An Introduction to PHPIDS (PHP-Intrusion Detection System)
June 19, 2007 @ 15:28:56

After several weeks of work Mario Heiderich, Lars Strojny and of course myself released the first stable versions of the PHPIDS - currently at version 0.2.2.

You will find the project site on http://php-ids.org/

In this article I would like to present our framework and explain how it can be used, hoping that developers consider it useful to make their application more secure.

The PHPIDS is a system that is meant to be an additional layer of security for any PHP based website or web application. In fact, this layer does not filter input - that would be a task for different layers - but it makes sure that no potential attack against the application goes unnoticed.

Based on a collection of heavily tested regular expressions the PHPIDS is able to efficiently recognize, classify and ultimately react on many different kinds of attacks - including, besides others, XSS, SQL injection, directory traversal, String.fromCharcode attacks, halfwidth/fullwidth encoding attacks and remote code execution. Due to its flexible and easy configuration the PHPIDS reaction will happen in exactly the way the developer intends.

The integration is as simple as can be. Besides PHP 5.2 the only necessary extension is SimpleXML and the following code:


<?php
set_include_path
('../../lib/');
require_once 
'IDS/Monitor.php';
require_once 
'IDS/Filter/Storage.php';

try {

    
// instanciate the storage object and fetch the rules
    
$storage = new IDS_Filter_Storage();
    
$storage->getFilterFromXML('../../lib/default_filter.xml');
    
    
/*
    * Instanciate the IDS and start the detection
    * 
    * here we are using $_GET but you can pass any 
    * array you want like $_SERVER, $_SESSION etc.
    */
    
$get = new IDS_Monitor($_GET$storage);
    
$report $get->run();

    if (!
$report->isEmpty()) {
        
        
// Get the overall impact
        
echo "Impact: {$report->getImpact()}n";
        
        
// Get array of every tag used
        
echo 'Tags: ' join(', '$report->getTags()) . "n";
        
        
// Iterate through the report and get every event (IDS_Event)
        
foreach ($report as $event) {
            echo 
"Variable: {$event->getName()} | Value: {$event->getValue()}n";
            echo 
"Impact: {$event->getImpact()} | Tags: " join(", "$event->getTags()) . "n";
            
            
// Iterator throught every filter 
            
foreach ($event as $filter) {
                echo 
"Description: {$filter->getDescription()}n";
                echo 
"Tags: " join(", "$filter->getTags()) . "n";
            }
        }
    }
    
    
/*
    * Additionally you have the option to store the detected
    * data using IDS_Log_Composite and for example IDS_Log_File
    */
    
require_once '../../lib/IDS/Log/File.php';
    require_once 
'../../lib/IDS/Log/Composite.php';
   
    
$compositeLog = new IDS_Log_Composite();
    
$compositeLog->addLogger(
       
IDS_Log_File::getInstance('log.txt')
    );
    
    if (!
$report->isEmpty()) {
        
$compositeLog->execute($report);
    }

} catch (
Exception $e) {
    
printf(
        
'An error occured: %s',
        
$e->getMessage()
    );
}
?>

Ideally the PHPIDS should be included in a central position of the application or even better via auto_prepend_file. If an attack takes place the IDS result object will be returned filled with data and the programmer can decide the appropriate reaction. For the most part decisions about the reaction are dependent on the detected attacks' cumulative impact.

The impact variable acts as an indicator for an attack's severity and can be used to grade the application's reaction on that attack. For example, if the impact was 3, an appropriate response might be to log the issue in a file, whereas if the impact was around 12, a warning mail to the site owner might be more applicable whilst an impact of 24 or above might print out a message to the attacker stating that his intrusion attempt has been detected and request aborted.

The PHPIDS is heavily tested via phpUnit and profiles via xdebug meaning that you can expect a minimal performance hit to your applications. We are currently using the PHPIDS with great success on several high traffic sites; ormigo.com and neu.de being the two foremost examples of this. Documentation and support is available on the project site or via our forum. Future development for the PHPIDS will possibly rank around detection of fragmented XSS and enhanced detection of heavily encoded attack vectors.

For users of .NET there's the .NETIDS written by Martin Hinks which is a port of the PHPIDS and uses the same filter rules. You will find any related resources on the .NETIDS project page (http://code.google.com/p/dotnetids/). Support for the .NETIDS is also available in the PHPIDS forum.

Regards, Christian Matthies & Mario Heiderich

1 comment voice your opinion now!
tutorial article phpids intrusion detection system tutorial article phpids intrusion detection system



Community Events





Don't see your event here?
Let us know!


library interview configure series introduction developer community language framework wordpress release application install podcast bugfix list laravel code unittest api

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework