more php. what we'll cover a short history of php parsing variables arrays operators control...
Post on 21-Dec-2015
223 views
TRANSCRIPT
![Page 1: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/1.jpg)
More PHPMore PHP
![Page 2: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/2.jpg)
What we'll coverWhat we'll cover
• A short history of php• Parsing• Variables• Arrays• Operators• Control Structures• Forms• Functions• Accessing the shell• Sockets• Regular Expressions
![Page 3: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/3.jpg)
FormsForms
• Obviously, one of the things you need to handle are forms
• You can make an html only form, and submit that to a php file
• You can also make a single php file that makes the form, and submit that to itself, and on the submit, present a different page, and then after a confirmation present a third page, and so on, and so on….
• We'll talk about both
![Page 4: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/4.jpg)
Simple FormSimple Form
simpleform/simpleform.htmlsimpleform/simpleform.html
<form action="./simpleform.php" method="GET" name="choices"><form action="./simpleform.php" method="GET" name="choices"><p>What is the meaning of life?</p><p>What is the meaning of life?</p><p><textarea rows="1" cols="50" wrap="virtual" <p><textarea rows="1" cols="50" wrap="virtual" name = "answer"></textarea></p>name = "answer"></textarea></p><p>What is your name?</p><p>What is your name?</p><p><textarea rows="1" cols="50" wrap="virtual" <p><textarea rows="1" cols="50" wrap="virtual" name = "name"></textarea></p>name = "name"></textarea></p><p>Where is your car?</p><p>Where is your car?</p><p><textarea rows="1" cols="50" wrap="virtual" <p><textarea rows="1" cols="50" wrap="virtual" name = "car"></textarea></p>name = "car"></textarea></p><p><input type="submit" value="Submit" align="middle" /></p><p><input type="submit" value="Submit" align="middle" /></p></form></form>
![Page 5: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/5.jpg)
Simple Form phpSimple Form php
simpleform/simpleform.phpsimpleform/simpleform.php
<?php<?phpif (count($_GET) < 1) if (count($_GET) < 1) {{ echo "no GETs!";echo "no GETs!"; }}else else {{ echo "Here is the GET array:";echo "Here is the GET array:"; echo "<pre>";echo "<pre>"; print_r($_GET);print_r($_GET); echo "</pre>";echo "</pre>"; }}?>?>
• The php that catches the form reads the GET array
• All this one does is used print_r() to show the results
• Can you think of any advantages or disadvantages to using two separate pages this way?
• What about the first condition? When is it met?
![Page 6: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/6.jpg)
Simple form to itselfSimple form to itself
• To do all of this with one php file, we need a way to detect where we are in the process
• So on first load, we present the form
• On second load, after submitting the form, we process results…
![Page 7: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/7.jpg)
simpleform_self.phpsimpleform_self.php
<?php<?phpif (!$_GET) if (!$_GET) {{ echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"GET\" echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"GET\" name=\"choices\">\n";name=\"choices\">\n"; echo "<p>What is the meaning of life?</p>echo "<p>What is the meaning of life?</p> <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" name = \"answer\"></textarea></p>\n";name = \"answer\"></textarea></p>\n"; echo "<p>What is your name?</p>echo "<p>What is your name?</p>
<p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" name = \"name\"></textarea></p>\n";name = \"name\"></textarea></p>\n";
echo "<p>Where is your car?</p>echo "<p>Where is your car?</p> <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" name = \"car\"></textarea></p>\n";name = \"car\"></textarea></p>\n";
echo '<input type="hidden" value = "111" name = "key_number" />' ;echo '<input type="hidden" value = "111" name = "key_number" />' ; echo '<p><input type="submit" value="Submit" align="middle" /></p>'; echo '<p><input type="submit" value="Submit" align="middle" /></p>'; }}
![Page 8: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/8.jpg)
simpleform_self.phpsimpleform_self.php
else else {{ echo "Here is the GET array:";echo "Here is the GET array:"; echo "<pre>";echo "<pre>"; print_r($_GET);print_r($_GET); echo "</pre>";echo "</pre>"; }}?>?>
</form></form></body></body></html></html>
• When the form is submitted, the url has a GET array
• So it passes past the if statement, and lands on the else, where we process data
• Again, we're just print_r()'ing the results
• There's an error here, can you spot it?
![Page 9: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/9.jpg)
SessionsSessions
• A very useful aspect to php is the ability to maintain session data
• To do this, you create a session, then load it with data
• The session data is stored server side, usually in /etc, and is keyed (but not encrypted), and remains for that url and remote ip
![Page 10: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/10.jpg)
simpleform_self_session.phpsimpleform_self_session.php
• Sessions need to be created before any html headers are sent, so do this at the very top of the page
• Use session_register() to create slots for variables
• After these variables are populated, you can access them via the $_SESSION array
• In this example we'll define a key (randomly generated) and a counter (to track steps)
![Page 11: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/11.jpg)
simpleform_self_session.phpsimpleform_self_session.php
<?php// Start a session, and set a key and a counter// A session is a method of tracking state for a given // browser session, and allows storage of data on the serversession_start(); // create a sessionsession_register('session_key'); // register a session var for a key to // track this session // this is done to help detect reloadssession_register('session_counter'); // session counter is used to // track where we are in // a session?>
![Page 12: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/12.jpg)
// if the session_key is not yet set, generate a random number for the key// and set the session_counter to 0 (this situation indicates that the form// is being loaded for the first time)if (!$_SESSION['session_key']) { $_SESSION['session_key'] = rand(); $_SESSION['counter'] = 0; }
simpleform_self_session.phpsimpleform_self_session.php
• Now, we can check see if the key is set, if not, we're on a first load and we generate a key and set the counter to 0….
![Page 13: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/13.jpg)
// If we don't have key_number, then the user hasn't // If we don't have key_number, then the user hasn't filled in the formfilled in the formif (!$_GET["key_number"]) if (!$_GET["key_number"]) {{ echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"GET\" method=\"GET\" name=\"choices\">\n";name=\"choices\">\n"; echo "<p>What is the meaning of life?</p><p><textarea echo "<p>What is the meaning of life?</p><p><textarea rows=\"1\"rows=\"1\" cols=\"50\" wrap=\"virtual\" name = cols=\"50\" wrap=\"virtual\" name = \"answer\"></textarea></p>\n";\"answer\"></textarea></p>\n"; … … echo '<input type="hidden" value = "' . echo '<input type="hidden" value = "' . $_SESSION['session_key'] . $_SESSION['session_key'] .
'" name = "key_number" />';'" name = "key_number" />'; echo '</form>';echo '</form>'; $_SESSION['counter'] = 1;$_SESSION['counter'] = 1; }}
simpleform_self_session.phpsimpleform_self_session.php
• Then we build the form--note the use of PHP_SELF, and the hidden input….
![Page 14: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/14.jpg)
elseif ($_SESSION['session_key'] == elseif ($_SESSION['session_key'] == $_GET["key_number"] && $_SESSION['counter'] == 1 $_GET["key_number"] && $_SESSION['counter'] == 1 && ($_GET["answer"] && $_GET["name"] && && ($_GET["answer"] && $_GET["name"] && $_GET["car"]))$_GET["car"])) {{ echo "Here is the GET array:";echo "Here is the GET array:"; echo "<pre>";echo "<pre>"; print_r($_GET);print_r($_GET); echo "</pre>";echo "</pre>";
simpleform_self_session.phpsimpleform_self_session.php
• Next, we have an elseif that looks to see that we have the data we need and that there's a key and that counter is set to one
• Then we start by printing the results….
![Page 15: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/15.jpg)
echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"GET\" name=\"choices\">\n";method=\"GET\" name=\"choices\">\n";echo '<input type="hidden" value = "' . echo '<input type="hidden" value = "' . $_SESSION['session_key'] . $_SESSION['session_key'] . '" name = "key_number" />';'" name = "key_number" />';echo '<p>Are these ok?</p>'; echo '<p>Are these ok?</p>'; echo '<input type="radio" value="yes" name = "yes_no" echo '<input type="radio" value="yes" name = "yes_no" />yes />yes <input type="radio" value="no" name = <input type="radio" value="no" name = "yes_no" />no';"yes_no" />no';echo '<p><input type="submit" value="Submit" echo '<p><input type="submit" value="Submit" align="middle" /></p>'; align="middle" /></p>'; echo '</form>'; echo '</form>'; $_SESSION['counter'] = 2;$_SESSION['counter'] = 2; }}
simpleform_self_session.phpsimpleform_self_session.php
• … and then we make a confirmation form and set the counter to 2
• And again we submit the form to itself
![Page 16: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/16.jpg)
// Check again that the session_key matches the // Check again that the session_key matches the key_number, and that we're on step number three, and for key_number, and that we're on step number three, and for "yes""yes"elseif ($_SESSION['session_key'] == $_GET["key_number"] elseif ($_SESSION['session_key'] == $_GET["key_number"] && $_SESSION['counter'] == 2 && $_GET["yes_no"] == "yes")&& $_SESSION['counter'] == 2 && $_GET["yes_no"] == "yes") {{ echo '<p>Cool, everything\'s copacetic.</p>';echo '<p>Cool, everything\'s copacetic.</p>'; // Here you'd do the Good Thing, whatever that is.// Here you'd do the Good Thing, whatever that is. // Destroy the session// Destroy the session session_unset(); session_unset(); session_destroy();session_destroy(); }}
simpleform_self_session.phpsimpleform_self_session.php
• Next, we check for the confirmation and kill the session, if things are good here, we do good things…..
![Page 17: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/17.jpg)
// Check again that the session_key matches the // Check again that the session_key matches the key_number, and that we're on step number three, and for key_number, and that we're on step number three, and for "no""no"elseif ($_SESSION['session_key'] == $_GET["key_number"] elseif ($_SESSION['session_key'] == $_GET["key_number"] && $_SESSION['counter'] == 2 && $_GET["yes_no"] == "no")&& $_SESSION['counter'] == 2 && $_GET["yes_no"] == "no") {{ echo '<p>Oops, sorry, <a echo '<p>Oops, sorry, <a href="./simpleform_self_session.php">href="./simpleform_self_session.php"> try again?</a></p>';try again?</a></p>'; // Here you'd do the Bad Thing, whatever that is // Here you'd do the Bad Thing, whatever that is // Destroy the session// Destroy the session session_unset(); session_unset(); session_destroy();session_destroy(); } }
simpleform_self_session.phpsimpleform_self_session.php
• And we check for badness….
![Page 18: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/18.jpg)
// If no conditions matched, assume something went // If no conditions matched, assume something went wrong and try to copewrong and try to copeelseelse { { echo '<p>I\'m sorry, I found a problem, perhaps echo '<p>I\'m sorry, I found a problem, perhaps you didn\'t fill in all of the boxes. <a you didn\'t fill in all of the boxes. <a href="./simpleform_self_session.php">href="./simpleform_self_session.php"> Continue?</a></p>';Continue?</a></p>'; // Destroy the session// Destroy the session session_unset(); session_unset(); session_destroy();session_destroy(); }}
simpleform_self_session.phpsimpleform_self_session.php
• And a final sanity check• This is not particularly clean, since we're not checking much, and esp. because this is where we land if not all fields are filled in--better ways to deal with this?
![Page 19: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/19.jpg)
User Defined FunctionsUser Defined Functions
• Like javascript, php supports user defined functions
• Declare your functions towards the top of your php file--this is not a requirement, just good practice
• Functions are created when the program is read, and before execution
• Or, build an exterior file with commonly used functions, and give that a version number. Then require that file to reuse your code (see the general functions file in the samples for examples I use)
![Page 20: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/20.jpg)
Passing DataPassing Data
• The simplest way to pass data into a function is through that functions argument list of variable (and arrays are a type of variable)// wrap the variable in pfunction echo_p($wrapped_item) { echo "<p>$wrapped_item</p>"; }
• You can also set default values, but watch placement--defaults to the right please// wrap the variable in h// default to level 2function echo_h($wrapped_item, $level="2") { echo "<h" . $level . ">$wrapped_item</h" . $level. ">\n"; }
12
![Page 21: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/21.jpg)
ScopeScope
• Functions themselves have global scope--functions defined within functions are available everywhere
• Variables assigned or modified inside of a function have their value only within the function
• A variable can be declared global within a function, however, if you want to pass that variable into and out of the function
• Generally, it's better to leave variable scope limited, this makes the function portable….
15
![Page 22: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/22.jpg)
Functions have Global ScopeFunctions have Global Scope
• Unlike variables, functions are global in scope
• But a function doesn't execute until called
• Here, foo() is used to create bar()
• Once foo() is called, bar() exists
• bar() is available outside of foo()
function foo() { function bar() { echo "I don't exist until foo() is called.\n"; } }
/* We can't call bar() yes since it doesn't exist. */
foo();
/* Now we can call bar(), foo()'s processing has made it accessible. */bar();
?> this example is 17.3 from the php manual, up as 14_functions.phpSee also 15_function_scope.php
![Page 23: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/23.jpg)
Functions and Default ValuesFunctions and Default Values
• Defaults must occur to the right
function good_echo_h($wrapped_item, $level="2") { echo "<h" . $level . ">$wrapped_item</h" . $level. ">\n"; }function bad_echo_h($level="2", $wrapped_item) { echo "<h" . $level . ">$wrapped_item</h" . $level. ">\n"; }
good_echo_h("A good heading");good_echo_h("A good heading at level 1", 1);bad_echo_h(2, "A bad heading with level set");bad_echo_h("A bad heading with no level set");
12_function_defaults.php
![Page 24: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/24.jpg)
An Example: Building an FAQAn Example: Building an FAQ
• Core program calls 5 functions, 3 local and 2 external
• 1 Data file and some variables
• This kind of program structure makes understanding a large program much easier…
![Page 25: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/25.jpg)
aformaform
• This is set up in samples and the labs section, both, so you can do the lab to figure this out
• Based on a general survey form I came up with a few years ago
![Page 26: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/26.jpg)
aformaform
• Uses the general_functions file• Data is external in a text file• The code that makes the various types of question in the form is also external
• By keeping data and question types separate, it's easy to use the same program to make different surveys
![Page 27: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/27.jpg)
Leveraging the ShellLeveraging the Shell
![Page 28: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/28.jpg)
Back tick and shell_exec()Back tick and shell_exec()
• Php uses backticks (olde school) and the function shell_exec() to process shell commands (usually through bash)
• Shell commands execute with the environment and rights of the web server
• Opening a shell is not lightweight in terms of ram, so keep in mind it can be expensive
• Very useful if a wheel already exists in your setup (Netcheck is an example)….
04
![Page 29: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/29.jpg)
10_show_source.php10_show_source.php
• I wanted to be able to display source code for the php programs
• There is a function, highlight_file(), that will handle syntax highlighting for a php file
• I could have written the whole thing in php (and that could be a portfolio project), but I already had this file listing shell script….
• This wheel already exists• If the server supports it, files ending in .phps will show highlighted source (this is an apache directive)
• See also http://www.sitepoint.com/article/highlight-source-code-php
![Page 30: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/30.jpg)
SocketsSockets
![Page 31: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/31.jpg)
Theory of SocketsTheory of Sockets
• A socket is a combination of an ip number, a protocol and a port
• Servers listen on a socket, clients will open a connection to that socket
• What gets sent back and forth over the socket connection varies with the protocol
• Generally, when working with a client, you don't specify the local socket you'll use (the os handles that), just the remote socket
![Page 32: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/32.jpg)
An example: Web RequestAn example: Web Request
• This is a socket call to a web server
• $fp represents a "handle" to the socket
• If the handle is created, you have the socket
$fp = fsockopen("www.cs.unc.edu", 80, $errno, $errstr, 30);if (!$fp) { echo "$errstr ($errno)<br />\n";} else { $out = "GET /index.html HTTP/1.1\r\n"; $out .= "Host: www.example.com\r\n"; $out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out); while (!feof($fp)) { echo fgets($fp, 128); } fclose($fp);} 11_webconnection
.php
![Page 33: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/33.jpg)
Sending email with PHPSending email with PHP
• The unix version of PHP includes support for sendmail:mail ( string to, string subject, string message)
• Since windows doesn't support sendmail, the windows build of PHP uses an external smtp server, but uses the same command
• But it doesn't work under OSX by default--OS X uses postfix, and that's off by default
• I could have enabled postfix, but I'm a geek...
![Page 34: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/34.jpg)
Example Protocol: SMTPExample Protocol: SMTP
• By convention, smtp servers listen on ports 25 and 587
• By the rfc, smtp servers communicate in plain text--you can telnet to an smtp server to send email
• Verbs in smtp include helo, mail from, rcpt to, data
• Use "." to end the body of a message (and this is one place where a potential for hacking exists)
![Page 35: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/35.jpg)
An SMTP callAn SMTP callgilgamesh:~ hays$ telnet smtp.unc.edu 25gilgamesh:~ hays$ telnet smtp.unc.edu 25Trying 152.2.1.140...Trying 152.2.1.140...Connected to smtp.unc.edu.Connected to smtp.unc.edu.Escape character is '^]'.Escape character is '^]'.220 smtp.unc.edu ESMTP UNC-Chapel Hill - ITS Email; Tue, 30 Sep 2008 18:56:57 -0400 (EDT)220 smtp.unc.edu ESMTP UNC-Chapel Hill - ITS Email; Tue, 30 Sep 2008 18:56:57 -0400 (EDT)helo gilgameshhelo gilgamesh250 smtp.unc.edu Hello gilgamesh.cs.unc.edu [152.2.131.71], pleased to meet you250 smtp.unc.edu Hello gilgamesh.cs.unc.edu [152.2.131.71], pleased to meet youmail from:[email protected] from:[email protected] 2.1.0 [email protected]... Sender ok250 2.1.0 [email protected]... Sender okrcpt to:[email protected] to:[email protected] 2.1.5 [email protected]... Recipient ok250 2.1.5 [email protected]... Recipient okdatadata354 Enter mail, end with "." on a line by itself354 Enter mail, end with "." on a line by itselfSubject: TestSubject: TestTo: [email protected]: [email protected]: [email protected]: [email protected], this is a test.Howdy, this is a test...250 2.0.0 m8UMuvtq021026 Message accepted for delivery250 2.0.0 m8UMuvtq021026 Message accepted for deliveryquitquit221 2.0.0 smtp.unc.edu closing connection221 2.0.0 smtp.unc.edu closing connectionConnection closed by foreign host.Connection closed by foreign host.
![Page 36: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/36.jpg)
Bits and piecesBits and pieces
• fsockopen opens a connection, and establishes a point to that connection, with server, port and timeout specifiable
• fwrite (or fputs) and fgets write and read to that connection, feof tests for end of file
$fp = fsockopen("www.example.com", 80, $errno, $errstr, 30);if (!$fp) { echo "$errstr ($errno)<br />\n";} else { $out = "GET / HTTP/1.1\r\n"; $out .= "Host: www.example.com\r\n"; $out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out); while (!feof($fp)) { echo fgets($fp, 128); } fclose($fp);} this from php manual… 16
![Page 37: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/37.jpg)
My version of mail…My version of mail…
• I didn't want to enable a mail server, so I hacked an emailer function that:• Checks the message for some possible hacks
• Checks the MX record of the target domain
• Opens a connection to an smtp server• Writes the message to that connection• Checks the responses for success or failure
![Page 38: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/38.jpg)
The callThe call
• Call this function with a message id, an array that contains the tos, a subject line, the message, the ip of the web server, the smtp server to use, and the port:emailer(rand(10000, 30000), $to_list, "[email protected]", "Test", "test test test", $_SERVER["REMOTE_ADDR"], "smtp.unc.edu", "587");
![Page 39: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/39.jpg)
Sanity ChecksSanity Checks
• Check for the to list to be an array (coercion can occur)
• Check for embedded addresses and periods
if (!is_array($email_to)) { die('Sorry, $email_to must be an array'); } $email_subject = str_replace("."," . ",$email_subject); $email_text = str_replace("."," . ",$email_text); $email_subject = str_replace("@"," AT ",$email_subject); $email_text = str_replace("@"," AT ",$email_text);
![Page 40: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/40.jpg)
Check Email ValidityCheck Email Validity
list($username,$domain) = split("@",$email_from); if (!getmxrr($domain,$mxrecords)) { echo "<p>Error: The email domain for the \"from\" address, $email_from, cannot be verified.</p>"; echo "<p>Mail sent from this address may not be deliverable, and replies may not work!</p>"; } // end of if $y=0; while ($email_to[$y] !='') { list($username,$domain) = split("@",$email_to[$y]); if (!getmxrr($domain,$mxrecords)) { echo "<p>Error: The email domain for the \"to\" address, $email_to[$y] cannot be verified.</p>"; echo "<p>Mail sent to this address may not be deliverable!</p>"; } // end of if $y++; } // end of while
![Page 41: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/41.jpg)
Build MessagesBuild Messages
• This part builds an array, message, that contains elements representing each line of the mail connection we need
• We'll walk this array later to send the mail
$x=0; // Build a helo message, using the php server's IP name $message[$x] = "HELO " . $php_server . "\r\n"; $x++; // Set the from address $message[$x] = "MAIL FROM:<" . $email_from . ">\r\n"; $x++;
![Page 42: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/42.jpg)
Now the from and tosNow the from and tos
$y=0; $message[$x] = "RCPT TO:<" . $email_to[$y] . ">\r\n"; $to_list = $email_to[$y]; $x++; // Now do a loop to set the rest of the recipients. // Pull each address out of the array email_to array // and also add that address to the to_list for
inclusion in the headers $y++; while ($email_to[$y] != '') { $message[$x] = "RCPT TO:<" . $email_to[$y] . ">\r\n";
$to_list = $to_list . ", <" . $email_to[$y] . ">"; $x++; $y++; } // end of while
![Page 43: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/43.jpg)
Start a Data StatementStart a Data Statement
• Start the data statement // Set the Data statement $message[$x] = "DATA\r\n"; $x++;
• But the rest of the data statement is messy, it contains all of the header data you get in an email message--take a deep breath….
![Page 44: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/44.jpg)
Email HeadersEmail HeadersMessage-ID: <[email protected]>Date: Thu, 13 Sep 2007 16:20:51 -0400From: [email protected]: [email protected]: TestContent-Type: text/plain; charset=us-asciiContent-Transfer-Encoding: 7bitX-Mailer: Php program running from
wwwx.cs.unc.edu/~hays/INLS668/samples/php/functions/test.php
X-SAV-Scan-By: smf-sav v1.4.1 - http://smfs.sf.net/Received-SAV: Pass (fafnir.cs.unc.edu: sender
[email protected] Sender Address Verification Testreceiver=fafnir.cs.unc.edu; client-ip=152.2.1.139envelope-from=<[email protected]>; helo=smtp.unc.edu;
X-Scanned-By: MIMEDefang 2.62 on 152.2.129.97X-Scanned-By: MIMEDefang 2.62 on 152.2.129.90
![Page 45: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/45.jpg)
Making Email HeadersMaking Email Headers
$message[$x] = "Message-ID: <" . $email_messageid . "@" . $php_server . ">\r\nDate: " . date(r) . "\r\nFrom: " . $email_from . "\r\nTo: " . $to_list . "\r\nSubject: " . $email_subject . "\r\nContent-Type: text/plain; charset=us-ascii\r\nContent-Transfer-Encoding: 7bit\r\nX-Mailer: Php program running from ". $_SERVER["SERVER_NAME"] . $_SERVER["SCRIPT_NAME"] . "\r\n" . $email_text . "\r\n.\r\n";
$x++; // Build a quit message, this is the last step when it comes to the connection
$message[$x] = "QUIT\r\n";
![Page 46: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/46.jpg)
Making the ConnectionMaking the Connection
$stream = fsockopen($smtp_server, $smtp_port, $errno, $errstr, 30);
// Check for error messages from the socket connection. if (!$stream) { echo "<p>I'm sorry, there appears to be a problem sending email. \n";
echo '<p>Please report this error. <a href="mailto:' . $email_admin . '">' . $email_admin . "</a></p>\n";
echo "<p>Also, this error does not mean that anything else went wrong, it only indicates \n";
echo "that the email message this program was trying to send did not go out successfully. \n";
echo "Anything else you were trying to do likely was not affected by
this error.</p>\n"; } // end of if
![Page 47: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/47.jpg)
Peel off the dataPeel off the data
else { // Since we got a socket, send the mail
$x=0; // reset x for the loop while ($message[$x] != '') { $smtp_response = fgets($stream, 1024); // Check for server responses
sleep(1); fputs($stream, $message[$x]); // Put the message line up to the server
![Page 48: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/48.jpg)
Check the Server ResponsesCheck the Server Responses
if (substr($smtp_response, 0, 1) > '3') { echo "<p>I'm sorry, there appears to be a problem
sending email. \n"; echo "The particular message I received was:</p>\n"; echo "<pre>" . $smtp_response . "</pre>"; // Since there has been a nontransient error, try to
reset and quit gracefully fputs($stream, "RSET"); sleep(1); fputs($stream, "QUIT"); sleep(1); // Set the next message to null // Since email failed we just give up and this exits
the loop for us $message[($x + 1)] = ''; } //end of if
![Page 49: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/49.jpg)
See it in actionSee it in action
• This is in the functions folder
• There are earlier versions for comparison (why upgrade, and what to what for?)
![Page 50: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/50.jpg)
Regular ExpressionsRegular Expressions
![Page 51: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/51.jpg)
Simple regular expressionSimple regular expression// Check for malodorous site callsif (ereg("(//)", $_GET[name])){ //echo "Call to an external site"; $email_messageid = date(U); $email_to[0] = "[email protected]"; $email_subject = 'Intrusion Attempt from frame.php'; $email_text = 'There has been an intrusion attempt originating from ' . $HTTP_SERVER_VARS[REMOTE_ADDR] ; $email_from = "[email protected]"; $php_server = $HTTP_SERVER_VARS[HTTP_HOST]; $smtp_server = "smtp.cs.unc.edu"; $smtp_port = "25"; emailer($email_messageid, $email_to, $email_from, $email_subject, $email_text, $php_server, $smtp_server, $smtp_port); }
![Page 52: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/52.jpg)
Regular Expressions SyntaxRegular Expressions Syntax
• Two major dialects, posix and perl (we're using the former)
• The basic usage is "match a_string a_blob", where the string is what you're looking for and the blob is where it might be
• There are a lot of variants that do search and replace, forward and back, etc., but the basic function in PHP is ereg()
![Page 53: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/53.jpg)
ereg() examplesereg() examples
• ereg("fair", $blob) looks for the string "fair"
• ereg([0-9], $blob) looks for any instance of a digit from 0 to 9
• ereg([cq], $blob) looks for either a c or q (this is the same as "c|q"
• ereg(([0-3])|(fair), $blob) looks for any digit 0-3 or the string "fair" (the | is an or)
![Page 54: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/54.jpg)
ereg and Anchorsereg and Anchors
• ereg((^This), $blob) looks for This at the beginning of $blob
• ereg((This$), $blob) looks for This at the end of $blob
![Page 55: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/55.jpg)
More examplesMore examples
• ereg([7-9].ing, $blob) looks for a 7-9 digit, following by any single character, followed by the string "ing" (the period is a wildcard)
• ereg(rx{4,7}, $blob) looks for an r followed by 4-7 x's (the brackets provide the range on the prior character
• ereg([0-9]{5}s, $blob) looks for 5 digits each in the range of 0-9, followed by an s
15_ereg.php
![Page 56: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/56.jpg)
Escaping ereg CharactersEscaping ereg Characters
• ^.[$()|*+?{\ are special characters for regular expressions, and must be escaped with a backslash
• ereg(\[@@@\], $blob) looks for '[@@@]'
• ereg(",\.\[@@, $blob) looks for '",.[@@'
![Page 57: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/57.jpg)
For the masochistic: Some examples of validation
For the masochistic: Some examples of validation
• http://www.ilovejackdaniels.com/php/email-address-validation/
• http://www.zend.com/codex.php?id=371&single=1
• http://scripts.franciscocharrua.com/verify-email-address.php
![Page 58: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/58.jpg)
Regex infoRegex info
• http://www.tin.org/bin/man.cgi?section=7&topic=regex
• http://analyser.oli.tudelft.nl/regex/index.html.en
• http://weblogtoolscollection.com/regex/regex.php
![Page 59: More PHP. What we'll cover A short history of php Parsing Variables Arrays Operators Control Structures Forms Functions Accessing the shell Sockets Regular](https://reader031.vdocuments.us/reader031/viewer/2022032611/56649d565503460f94a34276/html5/thumbnails/59.jpg)
SourcesSources
• http://www.zend.com/zend/art/intro.php
• http://www.php.net/• http://hotwired.lycos.com/webmonkey/programming/php/index.html