I am using Spreadsheet_Excel_Writer, which is a component of PEAR, to generate Excel files in a web application.
By default it saves in BIFF5, and I have use setVersion to change the BIFF5 version to BIFF8.
The manual says use of this function will be deprecated. Does anyone know the reason?
It was deprecated because the developers of PEAR Spreadsheet_Excel_Writer always intended to make BIFF8 the default format, and eventually to drop BIFF5 completely as Excel users migrated from Excel95 to Excel98 and later 2003, and the need for backward compatibility with the earlier version was reduced.
However, ongoing development of PEAR Spreadsheet_Excel_Writer atrophied and died before that point was reached; so the interim state remains.
In terms of risk: minimal.
Most of the features of BIFF8 files can still be read by anbody still using Excel95 (the newer features of BIFF8 were never added to Spreadsheet_Excel_Writer); but most Excel users these days have moved on with Excel98 as a minimum version. The newer versions (Excel2007 and Excel2010) can still read BIFF8 files without any problem.
Related
I have a question about encoding zip files with password, which is available from PHP v 7.2
When I am encoding ZIP with method
ZipArchive::setEncryptionName
There are argument method which can be:
ZipArchive::EM_AES_128
ZipArchive::EM_AES_192
ZipArchive::EM_AES_256
Can somebody tell me / explain which to use and why?
I am now using ZipArchive::EM_AES_256 because I am expecting that it is the most secure but my colleague is telling me that he cannot open it (his zip software is not even asking for password).
So is there one which will be working in all the cases? We have software which is used by a lot of people in my country and a lot of old people might get these ZIP files and it is required that they could be opened and that every zip file has a password.
Please consider that they might even use Windows XP etc.
As per your comment, Windows cannot decrypt AES-encrypted archives natively, not even in recent versions such as Windows 10 (see why).
PHP v8.0 adds "traditional pkware encryption" that will allow Windows users to work with files without 3rd party apps (7-Zip, etc).
For PHP v7.x, one needs to either rely on shell commands or use a library that supports ZipCrypto encryption algorithm (sometimes called "pkware" - as per the company that created the zip format). Several out of the most popular zip libraries on packagist use ext-zip, so they won't offer PKWARE encryption on PHP 7.x. However nelexa/zip doesn't and it supports pkware encryption.
I have an excel report which need to be locked from viewing without password authentication. I have tried with following snippets but it's only making it write protect. following is the code snippets I used.
$phpExcelObject->getSecurity()->setLockWindows(true);
$phpExcelObject->getSecurity()->setLockStructure(true);
$phpExcelObject->getSecurity()->setWorkbookPassword("password");
I am using PHPExcel version 1.8.
Seems like this is a know issue with PHPExcel
https://github.com/PHPOffice/PHPExcel/issues/442
Is there any alternative library for this which I can use to make my report password protected?
Thanks.
This isn't an option that PHPExcel supports. If you want to lock a file for reading, then you're very limited in your alternatives. The only libraries that I'm aware of capable of preventing read access to a file without a password are PHP's COM extension, which requires a COM enabled spreadsheet program such as MS Excel or OpenOffice Calc running on the server; the Open Office alternative to COM (PUNO), which requires Open Office installed on the server with Java support enabled; and Ilia Alshanetsky's Excel extension from github, that requires the commercial libXL component installed on your server.
My setup: IIS 7.5, PHP 5.4, Windows 7
I've trying to create a COM Object through PHP but I continue to get access denied. I've also followed a handful of tutorials on how to "grant access" to the ISUR to create the object but to no avail. I read the installation portion relevant to COM interfacing that says:
As of PHP 5.3.15 / 5.4.5, this extension requires php_com_dotnet.dll
to be enabled inside of php.ini in order to use these functions.
Previous versions of PHP enabled these extensions by default.
You are responsible for installing support for the various COM objects
that you intend to use (such as MS Word); we don't and can't bundle
all of those with PHP.
I've enabled the php_com_dotnet.dll file within the ini file but I still can't seem to create the COM object for Excel. Then if you read the second paragraph it says that you have to install support for the various COM objects you intend to use but doesn't specify how to go about doing that.
Question: How do I install support for the MS Excel COM object?
Any help would be appreciated. I've researched this issue but haven't found very much documentation out there.
Don't do this. You're in for a world of pain trying to launch Excel in a web application, especially from PHP.
Microsoft Office apps such as Word and Excel are not designed for server side use. When you try to instantiate an Excel "COM object" you're spinning up a full instance of Excel as a separate process. That is hugely expensive and will never scale. Not only that, to add to your woes, if for whatever reason your script can't release and shut down Excel you'll end up with tens or possibly hundreds of orphaned Excel processes hanging around in memory.
Try something like: https://github.com/PHPOffice/PHPExcel if you need to read and write Excel compatible spreadsheets.
I'm trying to solve how to write PHP in order to execute a report with multiple sheets on OpenOffice spreadsheet file (AKA ods). Now I used this code for generate the OpenOffice spreadsheet report but it can display only one sheet:
<?php
// Export Calc SpreadSheet
header("Content-Type: application/vnd.ms-excel");
header('Content-Disposition: attachment; filename="Report.ods"');
?>
How I can solve this problem?
There are many libraries out there that are able to be used within PHP to create, edit, and serve up spreadsheet files, or Workbooks (which are a collection of sheets...actually the spreadsheet file IS a workbook, even if it is just a single sheet). There are very well known ones, and some not-so-well known ones out there.
Most people will point to these:
PHPExcel - https://phpexcel.codeplex.com/
Spreadsheet_Excel_Writer -
http://pear.php.net/manual/en/package.fileformats.spreadsheet-excel-writer.intro.php
ods-php - http://sourceforge.net/projects/ods-php/
openTBS -
http://www.tinybutstrong.com/plugins/opentbs/tbs_plugin_opentbs.html
there are a few more answers on questions like this one, but there is a daunting number of libraries and options.
My personal choice for a simple, small, openDocument format editor in PHP was ods-php, which is a single php file you include in your application, and instantiate. My use is not going to be creating ODS documents, but rather editing template files and serving up the edited document. You will have to write your own headers and echo the file contents in your own function in your PHP application, but that is not hard at all.
There is a [very] basic example php file included in the ods-php download that shows some of the functions, but if you can follow basic PHP logic, you can look through the library source and figure out its available functions. I'd say it would do just fine for what you need.
On the other hand, if you would rather have a bigger API at your disposal, and your server is decent enough to handle it, I'd recommend any of the other three. Keep in mind, the other three are rather large by comparison, and each has it's own strong and weak points:
PHPExcel is probably the most used by the free community, and is maintained on github constantly (last messed with 6 days ago), but is quite large. Documentation is available on the github site (I provided their old link, which links to their github).
Spreadsheet_Excel_Writer is tool from Pear, and is just as large, although it is no longer maintained, so what is there is 'as-is'. The Pear team is looking for someone to take over its maintenance, but what is there is as far as I can tell working.
openTBS is a single class library extension of the TBS engine (TinyButStrong). You have to install TBS in order to use openTBS, and it is a very good idea to enable zlib for compression capabilities of your files. If you go with openTBS, you not only get the ability to make xml based documents, but you get the functionality of the entire TBS engine at your disposal, which is quite nice if you would like to merge html source templates with your php scripts (check out the site, it might open some new frontiers for you).
there are definitely more libraries and tools out there, but these are the most notable ones I found in my search. My choice was guided by the driving force to keep my server tiny and standalone (it operates on a raspberry pi). If I were to choose a bulky, production environment API, I would probably choose PHPExcel because it has the support it needs to keep being up-to-date with M$' ever-adapting formats.
Is it possible to convert a PHP file to binary and deploy it on a webserver?
Since PHP is a (relatively)portable language, compiling PHP source to bytecode instead of binary code is more preferable. For this purpose there is an experimental project called bcompiler.
Some months ago I searched for it (php code protection or script protection) and my results were:
I provide some description but try to google them and pardon me.
Be careful with your search because you may encounter to php compressors instead and compressors are just about GZIP and other http transfer compression mechanisms.
The most important issues with php script protecting tools are:
How much speed of php runtime performance will get low(down)(how much speed down)
Will we need an extra environment or installed tools on the php server?
Easy handling
You will find about whole description and comparison on: http://www.seocompany.ca/software/free-encryption-software.html
Obfuscators
A lot of obfuscators you will find on the web but there's no guarantee for your codes to work.
Even I found a mixed way with Visual C++ and MSVS for obfuscating php and because also I'm experienced with asp.net I tested it however didn't work.
Converters and Lockers
ion protector (http://www.ioncube.com/): Oh not free but I heard many about his famous name
phc (php compiler): free and was a good case but "Brendan Long" said the truth because phc has a painful install way. However result is magic and has famous name such as ion
php locker: I got it and test it. It had error with compiled code and it's released for lower than php5. Absolutely not free and for who thinking about ccr-ac*ks finding it for php locker is impossible.
Zend Guard: A perfect way to guard but it's harder than phc or ion because you need Zend runtime environment (ZRE) on your server and Zend Guard is absolutely non-free however if you are a Zend guy (zend framework+zend IDE+zend Guard) you should know Zend Guard is compatible with zend IDE and code blocking process will be so easy. I'm not a Zend guy because either of zend framework and zend guard get down runtime speed obviously. I love php speeded runtime.
php -> C/C++ compiling (YES IT'S POSSIBLE) (BEST PERFORMANCE THROUGH THE WORLD): It's not so famous so it's normal if no one talked about.
facebook hiphop: This tool is using by facebook to compile php files on c++/c for getting a better performance however finally we have unreadable compiled codes. I don't remeber but I think it needs a good familiarity to linux or about php recompile mechanism on Microsoft Visual C++. (However DON'T TRUST to my weak memory and google it) (AND FOR LEARNING ABOUT PHP RECOMPILE WAY PLZ REFER TO latest release of php_manual.chm)
Finally I made my self simple php obfuscator using regular expressions which worked on php 5.3 and my complex scripts so I moved on OpenSSL and different encryption mechanisms and got a review on php secure development.
Wishing you be successful.
This is way overdue but should do what you want.
Make your own custom extension with the zend engine as they compile to a c++ dll. Add that dll to your ext location in the php directory. After that you can call your own php scripts as php functions. Keep in mind that php is server side only so no one can get your scripts unless they are copied from the server and handed out.
Download the php source library for the version that you have. [windows.php.net] The zend stuff you need will be included.
Step 1. Create a new project and select "General" under Visual C++ and the empty project option.
Give it a name and Click ok. Mine is Project1 so I will be using that.
Step 2. Right click the solution name and select properties. Select Dynamic Library (.dll) Under Project Defaults/Configuration Type in the Configuration Properties/General item. Be sure that you are changing the Debug config as Release is not used.
Step 3. Under VC++ Directiories add the following under the Include libraries:
C:\php-7.1.8-src\Zend
C:\php-7.1.8-src\win32
C:\php-7.1.8-src\TSRM
C:\php-7.1.8-src\main
C:\php-7.1.8-src
Libraries:
C:\php-7.1.8\dev
Step 4. Under C/C++ Preprocessor add ZEND_DEBUG=0;ZTS=1;ZEND_WIN32;PHP_WIN32 to Preprocessor Definitions
Step 5. Under Linker Input add php7ts.lib. This needs to match the lib for your version of php
Click ok to save the Property settings for your solution.
Now lets add a code file for your function (Project1)
Under the source files folder right click and add Code. I called mine Project1.cpp and here is the source. You'll need to rename config.w32.h.in to config.w32.h and copy it to the directories where it is needed. Intellisense should tell you where it's looking and config.w32.h.in is in the C:\php-7.1.8-src\win32 directory.
// this needs to match the compiler version that php was compiled with
#define _CRT_SECURE_NO_WARNINGS
#define PHP_COMPILER_ID "VC14"
#pragma once
/* You must include config.w32.h first */
#include "win32/config.w32.h"
#include "php.h"
ZEND_FUNCTION(ReturnString);
zend_function_entry Project1_functions[] =
{
ZEND_FE(ReturnString, NULL)
{
NULL, NULL, NULL
}
};
zend_module_entry Project1_module_entry =
{
STANDARD_MODULE_HEADER,
"Project1 Module",
Project1_functions,
NULL, NULL, NULL, NULL, NULL,
NO_VERSION_YET, STANDARD_MODULE_PROPERTIES
};
ZEND_GET_MODULE(Project1)
ZEND_FUNCTION(ReturnString)
{
zval* value;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &value) == FAILURE)
{
RETURN_FALSE;
}
convert_to_string(value);
RETURN_STRING(Z_STRVAL_P(value), true);
}
Press F7 to compile and it should create Project1\Debug\Project1.dll. Copy Project1 to your ext directory C:\php-7.1.8\ext and add an extension=Project1.dll to your php.ini and you should be good to go. If it doesn't work double check your properties to make sure you didn't miss something.
The script is quite simple:
<?php
echo ReturnString("The Returning String");
?>
If the web server is Linux based, you can create a package like .deb or .rpm (depending on the Linux distribution) and easily distribute/deploy it.
BR,
Dawid.
It depends on what you mean by "binary".
If you want to compile (or just obfuscate) your PHP code to keep someone else from modifying then use a bytecode compiler. One example are the tools from Zend, among others. (I prefer Zend's tools because they the primary company behind PHP and fully QA all their tools against all the versions of PHP).
If you want to compile your PHP code and link the PHP runtime to it and then deploy it (like C\C++), then no. Maybe in theory that would be possible but it would be a mess. (Not practical or feasible and don't think anyone has put anything together to try and the output would also be tied to a particular architecture).