Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Fighting Recruiter Spam with PHP – Proof of Concept
Oct 03, 2016 @ 11:56:29

On the SitePoint PHP blog editor Bruno Skvorc has a new tutorial posted showing a possible way to "fight recruiting spam" in your inbox with the help of a little bit of PHP.

The biggest concern I have with modern email providers, is the fact that they are all quite bad at spam control. [...] I don’t mean the “Nigerian prince” type of spam, which is mostly blocked successfully (unless you’re using FastMail – they can’t even recognize those) but stuff that I’m really, really not interested in getting. Case in point, recruiter spam.

In this tutorial, we’ll get started with building a custom email processor which can read individual emails, run them through some predefined rules, and act on them. The end result will be very similar to what many providers offer out of the box, but it’ll lay the groundwork for more advanced aspects in future posts.

His example application will do things like: do keyword matching for recruiter-ish things and auto-reply (then delete the original) and purge emails sent after unsubscribing from the service. He builds out the example application on a Homestead Improved VM, coming pre-installed with the IMAP extension for PHP (used to access the user's inbox). He then installs the tedivm/fetch package for the PHP code and shows how to read the emails from your inbox. He uses the FastMail service so he walks through how to hook the script into that service using an "application password".

From there he develops the functionality of the application including:

  • pattern matching on the body contents for "recruiter-ish" terms
  • setting a "points" threshold for the number of matches
  • sending replies with Swiftmailer
  • whitelisting certain terms
  • moving the messages into an "auto-replied" folder so we know who the script talked to

All of the code you'll need is included in the post along with several screenshots that help to ensure you're on the right path.

tagged: recruiter spam inbox script autoreply tutorial imap

Link: https://www.sitepoint.com/fighting-recruiter-spam-with-php-proof-of-concept/

Jelle Raaijmakers:
Dissecting a spammer’s spam script
Apr 19, 2016 @ 13:48:37

In this post to his site Jelle Raaijmakers dives into a script that's commonly injected into vulnerable sites and used by spammers to send messages without the knowledge of the site owner.

Let’s take a look at a PHP script used to send spam. These types of scripts run on servers all over the world and might give you some insight into a spammer’s dedication to annoy the hell out of you. Spammers abuse known flaws in unsecured websites and applications to break into a server and install scripts that are able to send loads of spam.

[...] Everyone running a mildly popular WordPress site knows that exploits can be really easily introduced by installing plugins from a less than reputable source – or by not keeping your plugins up to date. Sometimes, a zero-day exploit for a popular WordPress plugins becomes known and thousands of installations worldwide are infected at once.

He then goes through a script he found in an infected WordPress instance of his own on a shared hosting provider. He talks about what these kinds of scripts usually look like (an encoded eval injected into current scripts) and the process he followed to dissect it:

  • Step 1: determine method of obfuscation
  • Step 2: introduce newlines
  • Step 3: replace the $j10 values
  • Step 4: concatenate constant strings
  • Step 5: replace function invocations
  • Step 6: prettify the PHP code
  • Step 7: remove default $j10 argument
  • Step 8: decode the $pate payload
  • Step 9: replace $_POST references
  • Step 10: map function and variable names

It's not a super simple process, but in the end he's left with the complete PHP script that loads a remotely defined configuration, tries to send the emails and even retries if there's a failure. He includes a few noteworthy things about the script including STMP connection auto-detection and DNS lookups over UDP.

tagged: spammer script dissection reverse engineer email spam security

Link: https://jelleraaijmakers.nl/2016/04/dissecting-spammers-spam-script

Rob Allen:
Using Composer with shared hosting
Dec 28, 2015 @ 09:25:44

Rob Allen has a post to his site talking about using Composer with shared hosting, showing how to use this popular tool even if you're on a shared hosting environment and don't have direct SSH or shell access.

I've seen this sentiment a few times now, so this seems like a good time to point out that you do not need SSH access to your server in order to use Composer. In fact, I don't run Composer on a live server (regardless of whether it's using shared hosting) and it's not on my list of things to do in the near future.

What you do need is a process where you handle your Composer dependencies on your own computer where you have PHP running.

He gives two possible solutions to the problem: either commit your dependencies or create some kind of build script that can execute the Composer install for you on deploy. He gives details on both of these solutions including the process for installing the dependencies with an automated FTP script (run at deploy rather than committed).

tagged: composer shared hosting ftp deploy script commit dependency

Link: https://akrabat.com/using-composer-with-shared-hosting/

Michelangelo van Dam:
Installing PHP 7 on OS X Yosemite
Dec 07, 2015 @ 09:40:34

Michelangelo van Dam has a post to his site, now that PHP 7 is released, showing you how to get it installed on OSX (Yosemite) for your local development.

Yesterday was the release of PHP7.0.0 and I wanted to have it on my mac as fast as possible. Since I'm still using Mac OS X Yosemite I will post here the steps to upgrade my platform, it might be useful for you too.

He starts with the requirements needed for the installation including XCode to be able to compile the PHP from scratch and the latest download of PHP 7 from php.net. He then talks about the benefits of compiling your own installation and shares a script that he uses to compile the PHP version he wants (based on a command line option). Once this is run the typical make and make install are executed and, if all goes well, your output for a /opt/php7/bin/php -v will look the same as his.

tagged: install php7 osx yosemite script compile custom module

Link: http://www.dragonbe.com/2015/12/installing-php-7-on-os-x-yosemite.html

Freek Van der Herten:
Zero downtime deployments with Envoy
Nov 23, 2015 @ 10:52:36

In this post to his site Freek Van der Herten shares an Envoy script that can be used to deploy an application to a remote server with (or without I suppose) one key thing: downtime.

Envoy is Laravel’s official task runner. Using a Blade style syntax tasks can be defined that can be run both locally and remotely. At Spatie, we’ve been using Envoy for quite some time to deploy code on production servers. [...] [Our trusty Envoy scriot] had a big downside: the application would be down for close to a minute. This week I took the time to solve that issue.

He talks about the changes he made to their deployment process towards using a symlink-based system as suggested by this guide. The result is an updated script that follows the same flow. He steps through the changes he made to the script and tweaks used to get the best performance out of the deploy process.

tagged: downtime deployment laravel envoy automation symlink update script

Link: https://murze.be/2015/11/zero-downtime-deployments-with-envoy/

Alejandro Celaya:
Working with sub-namespaced modules in Zend Framework 2 the right way
Aug 20, 2015 @ 10:56:26

Alejandro Celaya has a post showing how he recommends working with sub-namespaced modules in a Zend Framework 2 application. It's based on a previous series of articles on the same topic but improves the methods for handling.

The solution provided in those articles was functional, but it introduced some new problems to deal with. It happens that after some time working with sub-namespaced modules I have found the best way to solve those new problems, and I wanted to write this new article explaining it.

He starts with the two main problems with the use of sub-namespaced modules: the autoloading of the module's files and how it resolves the locations of view scripts. Fortunately, the solution to both issues turns out to be "really easy". Composer's autoloading means that just changing the directory structure helps there and and update to the controller_map value helps with locating view files.

tagged: subnamespaced modules zendframework2 autoload view script location

Link: http://blog.alejandrocelaya.com/2015/08/14/working-with-sub-namespaced-modules-in-zend-framework-2-the-right-way/

Matthew Weier O'Phinney:
Deployment with Zend Server (Part 3 of 8)
Sep 03, 2014 @ 09:34:51

Matthew Weier O'Phinney has posted the third article in his "Deploying Zend Server Tips" series today. In this tip he talks about file permissions and execution of shell commands.

In the first tip, I detailed writing deployment scripts. One of the snippets I shared was a chmod routine. [...] The code is fine; what I did not share is where in the deployment script you should invoke it. As I discovered from experience, this is key.

He points out that the deployment is run under a different user than the web server user. Future writes to those files by the web server could fail because of it, so he recommends running the permission change as the last step of the deployment script. If this ti was interesting and you'd like to check out more, you can find them in the first and second parts of the series.

tagged: zendserver deployment tips series part3 chmod script

Link: https://mwop.net/blog/2014-09-02-zend-server-deployment-part-3.html

PHPBuilder.com:
Using PHP Configuration Patterns Properly
Apr 16, 2014 @ 11:52:11

On PHPBuilder.com today they have a new post showing different configuration patterns for getting localized settings into your applications. They show the use of INI files, PHP scripts, text files, XML data and a database call.

PHP is a cross platform language. It is a server based application so we must think about the configuration settings of the PHP software. There are various ways of creating configurable PHP applications. The configuration flexibility comes as a built in feature in PHP. But we must understand the requirement clearly before making an application configurable. This article explores different PHP configuration patterns and their implementation.

For each of the options mentioned, there's a brief description of what the method is, some of the common uses and a code example showing a basic implementation. The database pattern is the only one without a code example as the database interface varies widely from application to application.

tagged: configuration pattern ini script text xml database

Link: http://www.phpbuilder.com/articles/application-architecture/using-php-configuration-patterns-properly.html

Joshua Thijssen:
Realtime PHPUnit
Feb 05, 2014 @ 09:22:52

Joshua Thijssen has a new post to his site sharing an interesting tool for those using PHPUnit for testing. It's a real-time plugin that executes your tests as soon as something in your files change.

Not all IDEs (actually, i haven’t seen even one IDE that does this), can run your unit-tests as soon as something changes. Inspired by Greg Young’s Mighty Moose system, the following script runs inside a shell, will wait for changes in your PHP-files, and runs the corresponding unit-test as soon as something changes. It doesn’t run the WHOLE unit-tests suite, but merely the test that matches up the source file.

His tool, found here on Github and uses a simple bash script that uses the file name being saved to locate the matching test and execute it, reporting back any errors that might have popped up. This could easily be hooked into most IDEs out there and keep the developer in one place.

tagged: realtime phpunit bash script

Link: https://www.adayinthelifeof.nl/2014/02/02/realtime-phpunit/

Lorna Mitchell:
GitHub-Powered Changelog Scripts
Jan 28, 2014 @ 09:29:20

In her latest post Lorna Mitchell has shared some scripts she uses to automate the creation of a changelog based on the GitHub issue comments and fixes.

My current project does periodic releases, we build a few things, then we work on getting a bunch of user feedback and changing/fixing things before we actually release. [...] When a branch merges in to the main line, we use the "fixes #42" notation to simultaneously close off the issue that it relates to. This has been working pretty well, and today I got the question "what's new since I last saw this project?" - so I created a changelog. It's rather rough-and-ready but I had fun so I thought I'd share.

The script operates off of a local git cloned version of the repository and grabs all commit messages with the tern "fixes" in it. The script then takes the log file, matches the issue ID and then makes a cur call out to the GitHub API to get that issue's description. This is then taken, formatted and dropped into the output.

tagged: changelog script automate changelog generate issue

Link: http://www.lornajane.net/posts/2014/github-powered-changelog-scripts