I am working with action script 3 and often I see server calls that link to php files.
var serverCall:ServerCall = new ServerCall("getDeviceFirmwareLog", getDeviceFirmwareLogResponse, getDeviceFirmwareLogResponse, false);
This line calls some php functions that cannot be searched in my IDE, so I usually go from here and I would try to grep for that string "getDeviceFirmwareLog" and then I run into some php that makes other weird calls that somehow calls some stuff on the embedded hardware we run. In general when I grep for that string I don't even get any results and I'm so confused as to how it might be connected.
I am much more used to regular code calls and includes that are easier to follow. I've asked some people at work but it seems to get glossed over and I don't want to ask the same question a third time until I've exhausted my other options. I am wondering if there are any general debugging / code following tips for this kind of a setup that could help me understand what is going on in my codebase.
Thanks in advance.
Without intimate knowledge of your environment, I'd say it appears ServerCall is a custom socket class that calls external functions, with n number of arguments.
getDeviceFirmwareLog would therefore be the function being called, and would be a native function to the API of the hardware (not PHP); this is why you wouldn't be able to find it with a grep search.
Consequently, unless it's rigged with event listeners, ServerCall would populate with the requested data asynchronously (which would likely still fire an event when the request completed).
As you're working with both Flash and PHP, it appears as though you might be testing this through a browser. If so, you could always try the native debugging tools in your browser (F12).
The PHP portion is harder as it's server side scripting, however, take a look at the Eclipse Plugin PDT, which offers debugging facilities for PHP code.
Related
I want to make some game in PHP that involves scripting. For obvious reasons I don't want players/users to use PHP that I just include or eval. So I decided to go with LUA.
But I've never experimented with LUA in PHP. So my questions are:
Is allowing user LUA script in (out of the box) PHP a secure solution?
If not, then can I (and how to) make it secure?
What I aim for:
User writes some code with some generic root function, let's say main()
PHP code calls that function and evaluates the results
LUA code should be able to call a select few methods on certain object. For example from class Enemy::isNear() or Enemy::getHP()
LUA code should not be able to call other methods/access other objects/call any global php functions/access any insecure OS stuff
Again, I only scratched LUA very long time ago for, where a game in C allowed for LUA mods. No experience with LUA in PHP at all.
If you are talking about this, the source code indicates it is just creating standard lua instance as with C embedding. It does not seem to define much of the lua-to-host interface whatsoever, so, lua code does not have direct access to the php state.
To have user call Enemy::isNear() you'll have to first put Enemy in the lua state first. It seems that it is capable of semi-intelligently convert php objects to lua tables (lua.c line 386), I'm not sure if method fields will transfer well. At worst you'll need to do implement object wrapping on your own (write a lua "class" whose constructor takes a php object and slaps a metatable on it). There seems to be a way of passing php functions to lua.
Lua should not have access to any php stuff you didn't put in. There are still dangerous lua functions: require, dofile, load, loadstring, loadfile and libraries os and debug in the lua's environment.
You can always check what is available to a lua function by putting in snippet like this:
for k in pairs(_ENV) do print(k) end
Just to be sure you might throw in this line as well:
if not (_G==_ENV) then for k in pairs(_G) do print(k) end end
From this point onwards proceed with lua manual on scoping and other discussions on sandboxing lua (e.g. this. Google finds other results as well). You might also read up on lua closures so that you don't accidentally stove undesirable methods in upvalues.
Finally, there are endless loops in the code while true do end. In case your sandbox does not take care of that (which is likely), you'll have to handle that externally. Probably like this.
I have a very troubling problem at hand. I am using a web-socket server that runs in PHP. The issue is I need to be able to use a setInterval/setTimeout function similar to JavaScript, but within my php socket server.
I do not have the time or resources to convert my entire project over to nodejs/javascript. It will take forever. I love php so much, that I do not want to make the switch. Everything else works fine and I feel like it's not worth it to re-write everything just because I cannot use a similar setInterval function inside php.
Since the php socket server runs through the shell, I can use a setInterval type function using a loop:
http://pastebin.com/nzcvXRph
This code does work as intended, but it seems a bit overboard for resources and I feel like that while loop will suck a lot resources.
Is there anyway I can re-compile PHP from source and include a "while2" loop that only iterates every 500 milliseconds instead of instantly?
I don't think there is a way to recompile PHP from source.
If you want to delay the execution of the loop you could use the sleep function, which is used for delaying execution.
For example, I want to print 10 number after every 2 seconds then the code below should do the job.
for($i=0;$i<=10;$i++)
{
print($i++);
sleep(2);
}
Check thee PHP docs here.
EDIT
Following up what I mentioned in the replies, if you want the user to have its own instance of the run time, then threads would be an option. There is very limited examples of multi threaded application in PHP, I would recommend to check out some examples in JAVA, it shouldn't he hard to understand. Here is a good video tutorial.
For PHP
php.net/threads
Check out the contributor notes, sometimes people write good examples.
I can't build hhvm at the moment for lack of access to a 64-bit VM, so I haven't been able to use the typechecker that they have. Their documentation doesn't seem to describe the operation of the typechecker (hh_server and hh_client?) in any detail.
What I'm wondering, for anyone who's used it, is if the typechecker could be used in this situation:
Let's say someone can't convert their PHP codebase to Hack, so they instead write their PHP with comments in the form of hacklang type annotations, and at build time use a tool to strip the comments out, make a hh file, run the typechecker and report errors.
E.g. original PHP:
<?php
function lar(/* int */ $x)/* : int */
{
return $x;
}
Make a copy of the above, strip out comments, change ?php to ?hh :
<?hh
function lar(int $x): int
{
return $x;
}
Run it through the typechecker and see if it produces errors.
That way you'd get access to legitimate type checking with normal PHP without the need for running it on HHVM. Does the typechecker run in a way amenable to this set up?
I am an engineer at Facebook who works on Hack. You definitely could do this and I wouldn't say it's a bad thing to do, but you'd be missing out on a bunch of great features. The Hack typechecker can be run at build time (hh_server --check /path/to/www), but the best way to run the typechecker is as a daemon. Since the daemon incrementally checks your code in the background, it can report the errors very quickly whenever asked. This allows you to get feedback while you are writing your code rather than after you have finished. This quick feedback loop really helps speed up development.
Some other things that you would be missing out on:
Many language features, like Collections, lambda expressions, runtime enforcement of type annotations, and trailing commas (Paul Tarjan's personal favorite)
HHVM's massive performance boost.
So if you absolutely can't use HHVM then this might be worth considering, but if you can then I strongly recommend HHVM in order to reap the full benefits of Hack.
This is exactly what we did in-house in our development division.
We made a script to convert code between hacklang and php as we wanted to be able to do the type checking without converting our production servers to hhvm (we are planing to do so)
You can find the script on my github page
https://gist.github.com/Chipcius/d3dd4052b07a152870bd#file-hacklang-php-juggler-php
You can convert you files by passing in a directory and a flag to decide the conversion level (decl, partial, strict)
After conversion you can run hh_client just as you were coding hacklang
When you want to turn back you can run the same script on your code with the php flag and it comments out the annotations that need commenting.
workflow example
php hacklang-php-juggler.php <myDir> hack
hh_client
php hacklang-php-juggler.php <myDir> php
Okay, so I'm relatively naive in my knowledge of the PHP VM and I've been wondering about something lately. In particular, what the request lifecycle looks like in PHP for a web application. I found an article here that gives a good explanation, but I feel that there has to be more to the story.
From what the article explains, the script is parsed and executed each time a request is made to the server! This just seems crazy to me!
I'm trying to learn PHP by writing a little micro-framework that takes advantage of many PHP 5.3/5.4 features. As such, I got to thinking about what static means and how long a static class-variable actually lives. I was hoping that my application could have a setup phase which was able to cache its results into a class with static properties. However, if the entire script is parsed and executed on each request, I fail to see how I can avoid running the application initialization steps for every request servered!
I just really hope that I am missing something important here... Any insight is greatly apreciated!
From what the article explains, the script is parsed and executed each time a request is made to the server! This just seems crazy to me!
No, that article is accurate. There are various ways of caching the results of the parsing/compilation, but the script is executed in its entirety each time. No instances of classes or static variables are retained across requests. In essence, each request gets a fresh, never-before execute copy of your application.
I fail to see how I can avoid running the application initialization steps for every request servered!
You can't, nor should you. You need to initialize your app to some blank state for each and every request. You could serialize a bunch of data into $_SESSION which is persisted across requests, but you shouldn't, until you find there is an actual need to do so.
I just really hope that I am missing something important here...
You seem to be worried over nothing. Every PHP site in the world works this way by default, and the vast, vast majority never need to worry about performance problems.
No, you are not missing anything. If you need to keep some application state, you must do it using DB, files, Memcache etc.
As this can sound crazy if you're not used to it, it's sometimes good for scaling and other things - you keep your state in some other services, so you can easily run few instances of PHP server.
A static variable, like any other PHP variable only persists for the life of the script execution and as such does not 'live' anywhere. Persistence between script executions is handled via session handlers.
On my website various php codes run from various programmers from whom I have bought project scripts. Some use a session ( session start etc...)
Some use external include php files and do their math within there and return or echo some things. Some run only when asked to, like the search script.
Is there an easy way for me to monitor, temporary, all the various scripts's their delays in millisecond sothat I can see whats going on below the water?
I have seen once a programmer making something and below the page there were these long listst of sentences and various ms numbers etc.
Q1. Is there a default php function for this? How do I call/toggle this?
Q2. What are the various methods with which such calculations are made?
Q3. How reliable are they? are those milliseconds theory or actual real world result?
Thanks for your insight!
Sam
No defualt method i can thnik of. But its easy.At the start of your script simply place this:
$s = microtime(true);
and at the end
$e = microtime(true);
echo round($e - $s, 2) . " Sec";
Normally you would leave the second parameter of round() as it is, but if you find that your script reports the time as ’0 Sec’ increase the number until you get an answer.check this for more
If you're running an Apache webserver, then you should have the apache benchmarking tool that can give some very accurate information about script timings, even simulating numbers of concurrent users.
From a web browser, the Firebug extension of Firefox can also be useful as a tool for seeing how long your own requests take.
Neither of these methods is purely a timer for the PHP code though
The easiest/fastest way is to install a debugging extension that supports profiling, like XDebug. You can then run a profiling tool (e.g.: KCachegrind) to profile your scripts, graph the results, and figure out what uses the most memory, execution time, etc.
It also provides various other functionalities like stack tracing, etc.