IBM delves into what's new in PHP 5.3: Part-1 shows you the changes to the object-orientated capabilities, and Part-2 shows you the exciting new possibilities with real closures and lambda functions. ["Read more" for Kroc's personal commentary]
PHP is a language I dislike, but am good at. It is a language that, as long as you stay away from certain parts of it, you'll be safe and it works well. It can even be beautiful in some rare instances.
The very hackish nature of PHP does allow for rapid development, but it's eclectic design makes it a minefield for anybody who isn't personally motivated and regimented about clean, safe and sensible coding.
The new improvements in 5.3 only continue the junk-shop eccentricity of the language. Great when you know you want these things and how to use them, a pain if it's all new to you.
PHP can claim to be "Object Orientated" until the cows come home, but the fact of the matter is PHP's native objects and commands are still painfully procedural, trapped in a stasis field of backwards-compatibility.
Whilst a new high-speed fixed array is nice, the project is trying to solve it's problems by bundling a library rather than entering this stuff into the core syntax. I honestly don't want to use a bolted-on library and to have to instantiate classes for something I would much rather be able to do properly inline with the native syntax array (...). Having to use a library makes for syntaxically unpretty and elongated code, the spawning of more and more one-shot classes and variables until your code starts looking like VB6 meta-programming.
Sunday, December 28, 2008
Saturday, October 18, 2008
ResellersPanel Launches a Free PHP Script Installation Website
ElefanteInstaller.com will help inexperienced webmasters build a personal blog, a community forum or a photo gallery quickly and easily, but will also assist web hosting resellers in presenting their online offers more successfully.
ResellersPanel, the synonym of free reseller web hosting, announces that it has recently launched elefanteinstaller.com – a new website, which offers detailed descriptions, demo versions and the free installation of more than 30 open source PHP scripts, among them phpBB2, WordPress, Joomla, Mambo, osCommerce, Drupal, Coppermine and many others, grouped in the following categories: Blog, Forum, CMS, E-Commerce, Photo Gallery, Wiki, Classified Ads, Calendar, Guestbook, Project Management, Client Management, Ad Management, Customer Support. The one-click automated script installation available through the new Elefante Installer website will help users avoid the difficulties related to the otherwise quite complicated PHP script installation process, which requires at least some basic knowledge of MySQL, phpMyAdmin, the Apache web server, etc., on their part.
Typing the elefanteinstaller.com URL into a web browser will take the visitors to a website where they can see detailed explanations of the functionalities of the various PHP scripts and learn how each script is working in real website environment through the admin and client demo accounts provided. However, if a given reseller’s customer opens elefanteinstaller.com through the respective link placed on that reseller’s web store, the Elefante website will also display the hosting offers of the very reseller whose store the client has been referred from. In this case the name of that reseller’s store will appear in the URL of the Elefante website immediately after the domain name itself, which will increase its brand awareness, and elefanteinstaller.com will in fact serve as an additional reseller web store.
Each web hosting plan offered on the reseller web stores and, respectively, on the new Elefante website, has been optimized to accommodate websites based on the various scripts elefanteinstaller.com is offering, and comes with a free website builder, free domain name registration and PHP script installation options, and a set of free marketing tools for boosting website popularity. Moreover, all users can download for free any of the Joomla templates and WordPress themes currently on offer, and create dynamic, content-rich, professionally-looking, multi-language personal and business websites, online communities, blogs or e-commerce portals quickly and easily.
ResellersPanel, the synonym of free reseller web hosting, announces that it has recently launched elefanteinstaller.com – a new website, which offers detailed descriptions, demo versions and the free installation of more than 30 open source PHP scripts, among them phpBB2, WordPress, Joomla, Mambo, osCommerce, Drupal, Coppermine and many others, grouped in the following categories: Blog, Forum, CMS, E-Commerce, Photo Gallery, Wiki, Classified Ads, Calendar, Guestbook, Project Management, Client Management, Ad Management, Customer Support. The one-click automated script installation available through the new Elefante Installer website will help users avoid the difficulties related to the otherwise quite complicated PHP script installation process, which requires at least some basic knowledge of MySQL, phpMyAdmin, the Apache web server, etc., on their part.
Typing the elefanteinstaller.com URL into a web browser will take the visitors to a website where they can see detailed explanations of the functionalities of the various PHP scripts and learn how each script is working in real website environment through the admin and client demo accounts provided. However, if a given reseller’s customer opens elefanteinstaller.com through the respective link placed on that reseller’s web store, the Elefante website will also display the hosting offers of the very reseller whose store the client has been referred from. In this case the name of that reseller’s store will appear in the URL of the Elefante website immediately after the domain name itself, which will increase its brand awareness, and elefanteinstaller.com will in fact serve as an additional reseller web store.
Each web hosting plan offered on the reseller web stores and, respectively, on the new Elefante website, has been optimized to accommodate websites based on the various scripts elefanteinstaller.com is offering, and comes with a free website builder, free domain name registration and PHP script installation options, and a set of free marketing tools for boosting website popularity. Moreover, all users can download for free any of the Joomla templates and WordPress themes currently on offer, and create dynamic, content-rich, professionally-looking, multi-language personal and business websites, online communities, blogs or e-commerce portals quickly and easily.
Sunday, August 31, 2008
Make It Easy With PHP Website
This is because you need an array of tools to get the job completed; then maintaining them can be a real headache if you lack on the expertise on technical sides. And finally you need to make sure that it has been built right; otherwise you have to begin from the scratch once again.
Sounds an exorbitant task---isn’t it? Not exactly, if you know the right tricks and the trick lies in creating a PHP supported website.
Let’s explain in details why PHP website should be your option.
Pick a sneak into the cyber world and you will find the websites that are making big are all dynamic in character. As opposed to the ordinary websites that flash up just the plain pages on request of the browsers, a PHP website allows many more functions.
PHP is actually a server-side scripting language that can play the role of ‘plugin’ for your web server. A PHP how to clean upholstery website acts smarter by retrieving from a database the latest information, which then will be added to the web page and finally this updated information will reach to the browser that requested it.
Retrieving information from database is a basic characteristic feature of PHP and to maintain the database you need a relational database management system, or RDBMS like MSQL. This software package is particularly good at organization and upholstery cleaning milwaukee of large amounts of information. It is also compatible with other databases like MySQL, Informix, Oracle and many others. Now access to database for information becomes easier when your website use PHP scripting languages.
PHP as an open source code runs on just about every platform including most UNIX, Macs and Windows versions. Being a server side technology, it doesn’t require the user to have any special browser or plug-ins for PHP execution.
Above all, PHP websites are fast, secure and stable. PHP as a scripting language can be easily integrated with various software programs.
So, if you are planning to create dynamic web pages, you must consider PHP websites. This will make possible all sorts of interaction with the users who in turn contribute to customized information to your site.
Sounds an exorbitant task---isn’t it? Not exactly, if you know the right tricks and the trick lies in creating a PHP supported website.
Let’s explain in details why PHP website should be your option.
Pick a sneak into the cyber world and you will find the websites that are making big are all dynamic in character. As opposed to the ordinary websites that flash up just the plain pages on request of the browsers, a PHP website allows many more functions.
PHP is actually a server-side scripting language that can play the role of ‘plugin’ for your web server. A PHP how to clean upholstery website acts smarter by retrieving from a database the latest information, which then will be added to the web page and finally this updated information will reach to the browser that requested it.
Retrieving information from database is a basic characteristic feature of PHP and to maintain the database you need a relational database management system, or RDBMS like MSQL. This software package is particularly good at organization and upholstery cleaning milwaukee of large amounts of information. It is also compatible with other databases like MySQL, Informix, Oracle and many others. Now access to database for information becomes easier when your website use PHP scripting languages.
PHP as an open source code runs on just about every platform including most UNIX, Macs and Windows versions. Being a server side technology, it doesn’t require the user to have any special browser or plug-ins for PHP execution.
Above all, PHP websites are fast, secure and stable. PHP as a scripting language can be easily integrated with various software programs.
So, if you are planning to create dynamic web pages, you must consider PHP websites. This will make possible all sorts of interaction with the users who in turn contribute to customized information to your site.
Sunday, August 3, 2008
Microsoft makes pledges to support Apache, PHP, Ruby
I was surprised to hear of Microsoft’s decision to become a platinum sponsor of the Apache Software Foundation, announced at OSCON late last week.
It wasn’t the only announcement. The Redmond, Wash based Windows giant also shared that it would make a contribution to the PHP community’s ADOdb project — which will expand support for Microsoft SQL Server. This will enable customers to deploy more PHP applications on Microsoft’s database.
What else? Microsoft pledged to extend its Open Specification promise to open up more than 150 additional protocols in Windows Server, the .NET framework and other products.
Microsoft also announced a series of IronRuby updates. These include plans to ship the Ruby libraries implemented in the Ruby programming language with the IronRuby distribution and participate in the RubySpec project.
It’s not clear if Microsoft would have taken these steps if chairman and co-founder Bill Gates was still around. Nevertheless, there’s no doubt that Microsoft’s increasing participation in such projects is a big win for the open source community and for its customers.
Paula Rooney is a Boston-based writer who has followed the tech industry for almost two decades. See her full profile and disclosure of her industry affiliations.
It wasn’t the only announcement. The Redmond, Wash based Windows giant also shared that it would make a contribution to the PHP community’s ADOdb project — which will expand support for Microsoft SQL Server. This will enable customers to deploy more PHP applications on Microsoft’s database.
What else? Microsoft pledged to extend its Open Specification promise to open up more than 150 additional protocols in Windows Server, the .NET framework and other products.
Microsoft also announced a series of IronRuby updates. These include plans to ship the Ruby libraries implemented in the Ruby programming language with the IronRuby distribution and participate in the RubySpec project.
It’s not clear if Microsoft would have taken these steps if chairman and co-founder Bill Gates was still around. Nevertheless, there’s no doubt that Microsoft’s increasing participation in such projects is a big win for the open source community and for its customers.
Paula Rooney is a Boston-based writer who has followed the tech industry for almost two decades. See her full profile and disclosure of her industry affiliations.
Monday, July 7, 2008
Research and Markets: PHP and MySQL: Create-Modify-Reuse
Research and Markets (http://www.researchandmarkets.com/research/c68e0e/php_and_mysql_cre) has announced the addition of the "PHP and MySQL: Create-Modify-Reuse" report to their offering.
- Step-by-step instructions walk readers through real-world applications
- Packed with ready-to-use projects for PHP and MySQL, this book guides readers through several real-world projects that are complete, tested, and ready to be implemented, so that readers can learn by doing
- Clearly explains to readers all aspects of design, such as portability, design flow, and integration, and shows them how to properly secure their applications for real-world implementation
- Authored by a PHP expert who is in tune with common tasks and the various problems faced by developers in everyday circumstances
- Application topics include user management, Web forums, and an image gallery
- Although PHP and MySQL can each be used independently, when they are used together, they open up dynamic options for Web site development
Key Topics Covered:
- User Registration.
- Community Forum.
- Mailing List.
- Search Engine.
- Personal Calendar.
- Ajax File Manager.
- Online Photo Album.
- Shopping Cart.
- Step-by-step instructions walk readers through real-world applications
- Packed with ready-to-use projects for PHP and MySQL, this book guides readers through several real-world projects that are complete, tested, and ready to be implemented, so that readers can learn by doing
- Clearly explains to readers all aspects of design, such as portability, design flow, and integration, and shows them how to properly secure their applications for real-world implementation
- Authored by a PHP expert who is in tune with common tasks and the various problems faced by developers in everyday circumstances
- Application topics include user management, Web forums, and an image gallery
- Although PHP and MySQL can each be used independently, when they are used together, they open up dynamic options for Web site development
Key Topics Covered:
- User Registration.
- Community Forum.
- Mailing List.
- Search Engine.
- Personal Calendar.
- Ajax File Manager.
- Online Photo Album.
- Shopping Cart.
fuzzylime (cms) rss.php Local File Inclusion Vulnerability
Ams has discovered a vulnerability in fuzzylime, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
Input passed to the "p" parameter in rss.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
NOTE: The vulnerability can be exploited to execute arbitrary PHP code by including the code/content.php script.
The vulnerability is confirmed in version 3.01a. Other versions may also be affected.
Input passed to the "p" parameter in rss.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
NOTE: The vulnerability can be exploited to execute arbitrary PHP code by including the code/content.php script.
The vulnerability is confirmed in version 3.01a. Other versions may also be affected.
Saturday, June 14, 2008
Small, awkward and looking for love: Delphi for PHP 2.0
The intent behind Delphi for PHP from CodeGear, last month acquired by Embarcadero Technologies, is clear: to provide an integrated development environment for PHP that matches the speed of development regular Delphi offers for Windows applications.
First released in February 2007, the initial version fell far short of the goal, being buggy and under-documented. I've had a chance to get to grips with Version 2.0, and while CodeGear has added some refinements there remains a ways to go.
Delphi for PHP is based on a third-party product, qstudio from Qadram software, though it now appears to be its only incarnation, and features a Windows-only IDE along with a PHP 5 class library called VCL for PHP.
This component library is an open source project on SourceForge though it appears to have little use outside Delphi for PHP. The link with CodeGear's better-known Delphi for Windows is tenuous: it does not share the same IDE, and the language itself is of course PHP, and nothing to do with Delphi's Pascal. That said, the IDE is superficially similar, and existing Delphi users are meant to feel at home.
The Delphi for PHP installer sets up a complete PHP test environment, including a local Apache 2 and the Nusphere debug listener. You can use it as a basic PHP IDE with the ability to set breakpoints and step through code. The editor in version 2.0 is improved, with code folding, syntax checking and automatic source formatting. The IDE also offers a profiler that times each line of code. That said, the real value of the product is in rapid development with the visual component library (VCL) .
Full PHP environment, tenuous links to the better-known Delphi
You can drag components onto a visual form designer, and set properties and handle events through an object inspector. There are also database components, including Database, Datasource and Query, which support data-aware controls such as a DBGrid as well as standard items like edit controls, labels and checkboxes. New in version 2.0, the Xinha HTML editor is also included, enabling instant HTML editing for users.
First released in February 2007, the initial version fell far short of the goal, being buggy and under-documented. I've had a chance to get to grips with Version 2.0, and while CodeGear has added some refinements there remains a ways to go.
Delphi for PHP is based on a third-party product, qstudio from Qadram software, though it now appears to be its only incarnation, and features a Windows-only IDE along with a PHP 5 class library called VCL for PHP.
This component library is an open source project on SourceForge though it appears to have little use outside Delphi for PHP. The link with CodeGear's better-known Delphi for Windows is tenuous: it does not share the same IDE, and the language itself is of course PHP, and nothing to do with Delphi's Pascal. That said, the IDE is superficially similar, and existing Delphi users are meant to feel at home.
The Delphi for PHP installer sets up a complete PHP test environment, including a local Apache 2 and the Nusphere debug listener. You can use it as a basic PHP IDE with the ability to set breakpoints and step through code. The editor in version 2.0 is improved, with code folding, syntax checking and automatic source formatting. The IDE also offers a profiler that times each line of code. That said, the real value of the product is in rapid development with the visual component library (VCL) .
Full PHP environment, tenuous links to the better-known Delphi
You can drag components onto a visual form designer, and set properties and handle events through an object inspector. There are also database components, including Database, Datasource and Query, which support data-aware controls such as a DBGrid as well as standard items like edit controls, labels and checkboxes. New in version 2.0, the Xinha HTML editor is also included, enabling instant HTML editing for users.
FOG Forum "index.php" Local File Inclusion Vulnerabilities
Description:
CWH Underground has discovered two vulnerabilities in FOG Forum, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "fog_lang" and "fog_skin" parameters in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerabilities are confirmed in version 0.8.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
CWH Underground has discovered two vulnerabilities in FOG Forum, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "fog_lang" and "fog_skin" parameters in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerabilities are confirmed in version 0.8.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Thursday, May 8, 2008
PHP DC conference 2008
The DC PHP Developers Group recently announced Kshemendra Paul as a featured keynote speaker at the DC PHP Conference & Expo, June 2-4, 2008, at George Washington University in Washington, DC. Paul, chief architect for the Office of Management and Budget Executive Office of the President, will be presenting on "Federal E-Government and Enterprise Architecture Updates."Join hundreds of PHP practitioners, business managers, and government officials from around the world in the exchange of ideas and solutions for building a better web application infrastructure. The DC PHP conference will include tracks pertaining to business cases, best practices, the art of PHP, PHP applications, PHP in the enterprise, and Open Source. The full speaker schedule will be announced shortly.
For more information about DC PHP Conference & Expo 2008 and to register, please visit http://www.dcphpconference.com/. Early discounted registration rates affective until April 15, 2008
Call for speakers for Forum PHP Paris 2008
The AFUP, Association Française des Utilisateurs de PHP, is proud to announce the upcoming conference "Forum PHP 2008".
For this unique event in France, we are looking for the best French speaking experts, who want to share their know-how and enthusiasm. This two day conference features one technical day, with the most advanced PHP techniques and a business day, with case studies and examples of successful projects.
How to manage a PHP project (tools, methods, ...)
Insure code quality
Internet and legal issues (intellectual property, ...)
Build a business around
PHP scalibility
Connect services(web services)
Rich User Interfaces (technology choice, implementation, ...)
For this unique event in France, we are looking for the best French speaking experts, who want to share their know-how and enthusiasm. This two day conference features one technical day, with the most advanced PHP techniques and a business day, with case studies and examples of successful projects.
How to manage a PHP project (tools, methods, ...)
Insure code quality
Internet and legal issues (intellectual property, ...)
Build a business around
PHP scalibility
Connect services(web services)
Rich User Interfaces (technology choice, implementation, ...)
PHP 5.2.6 Released
The PHP development team would like to announce the immediateavailability of PHP 5.2.6. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.
Further details about the PHP 5.2.6 release can be found in the release announcement for 5.2.6, the full list of changes is available in the ChangeLog for PHP 5.
Further details about the PHP 5.2.6 release can be found in the release announcement for 5.2.6, the full list of changes is available in the ChangeLog for PHP 5.
Security Enhancements and Fixes in PHP 5.2.6:
Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
Upgraded bundled PCRE to version 7.6
Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
Upgraded bundled PCRE to version 7.6
Subscribe to:
Posts (Atom)
