Whats the difference between a svn_update and doing a echo shell_exec("svn up ".DIR);
My guess is the big block of text that says:
This function is EXPERIMENTAL. The behaviour of this function, its name, and surrounding documentation may change without notice in a future release of PHP. This function should be used at your own risk.
I would expect the 2 operations to be the same as the svn php module tries to be a "native" svn client.
There could be differences in the versions of the 2 clients (php client versus command line client).
You may want to check if the svn user used for both commands is the same. In the php client you must use svn_auth_set_parameter to setup the credentials of the svn user
I hope this will help you,
Jerome Wagner
Related
I wish to be able to do something like:
php --determine-oldest-supported-php-version test.php
And get this output:
7.2
That is, the php binary checks test.php for all function calls or syntax used, and then spits out the oldest version of PHP which would be able to run the script.
The purpose would be for me to create a script which goes through all the .php files in my library/framework and figures out which version of PHP I should consider to be the "oldest supported version".
Currently, I'm doing this manually. Whenever I knowingly use a new feature, function or syntax, I bump up a variable to "7.4" or whatever, and then compare the currently used PHP version against that on runtime. This is not ideal, as you can imagine, and I could very well forget to bump up this value or bump it up too much, or too little, etc.
It would be much nicer to be able to determine this automatically, with such a feature in PHP itself.
I have of course looked through the list of options and PHP has no such feature as far as I can tell. Since I basically answered my own question right away, are there any plans on such a feature in the future?
The only guarantee given is that PHP will remain compatible within the same major version.
You may be interested in looking at the article
Why You Should Be Using Supported PHP Versions.
The tool you are looking for is the GitHub project
PHP_CodeSniffer,
further described in the article
PHPCompatibility update.
You may run it using a command such as:
phpcs --standard=PHPCompatibility --runtime-set testVersion 5.4 <path-of-your-php-files>
If I would like to distribute PHP application with installer(package system of OS) how should I proceed? I don't want PHP files to be there, just working application, so when I type 'app' into console, it ends up being launching application, without need to install PHP on system(no php installation on host required). I would also like the application to have patch-able byte-code, so it's in parts, loaded when needed and only part needs to be replaced on update.
What I would do now is following:
->Compile PHP with extensions for specific platform.
->Make binary application which launches '/full/php app' when app is launched.
->Pack it in installer in a way, that there would be binary added to path when added, launching specific installation of PHP which is alongside the app with argument of start point->App would be running.
Problem is:
Maybe I don't want my PHP files to be exposed(in application, there will be available source anyway) is there some ready made stuff to do this? Is there some better way than I proposed?
Alternative: Modifying OP Cache to work with "packing" application to deliver byte codes to modified OP Cache which just reads the cache.
My suggestion would be a tiny tool I just finished, for almost exactly the same problem. (Oh yes I tried all the others but they're old and rusty, sometimes they're stuck with 4.x syntax, have no support, have no proper documentation, etc)
So here's RapidEXE:
http://deneskellner.com/sw/rapidexe
In the classical way, it's not a really-real compiler, just a glorified packer, but does exactly what you need: the output exe will be standalone, carrying everything with it and transparently building an ad-hoc runtime environment. Don't worry, it all happens very fast.
It uses PHP 7.2 / Win64 by default but has 5.x too, for XP compatibility.
It's freeware, obviously. (MIT License.)
(Just telling this because I don't want anyone to think I'm advertising or something. I just took a few minutes to read the guidelines about own-product answers and I'm trying to stay within the Code of the Jedi here.)
However...
I would also like the application to have patch-able byte-code, so it's in parts, loaded when needed and only part needs to be replaced on update.
It's easier to recompile the exe. You can extract the payload pieces of course but the source pack is one big zip; there seems to be no real advantage of handling it separately. Recompiling a project is just one command.
Maybe I don't want my PHP files to be exposed(in application, there will be available source anyway)
In this case, the exe contains your source compressed but eventually they get extracted into a temp folder. They're deleted immediately after run but, well, this is no protection whatsoever. Obfuscation seems to be the only viable option.
If something goes wrong, feel free to comment or drop me a line on developer-at-deneskellner-dot-com. (I mean, I just finished it, it's brand new, it may misbehave so consider it something like a beta for now.)
Happy compiling!
PHP doesn't do that natively, but here are a few ideas:
Self-extracting archive
Many archival programs allow you to create a self-extracting archive and some even allow to run a program after extraction. Configure it so that it extracts php.exe and all your code to a temp folder and then runs ir from there; deleting after the script has complete.
Transpilers/compilers
There's the old HPHC which translates PHP code to C++, and its wikipedia age also contains links to other, similar projects. Perhaps you can take advantage of those.
Modified PHP
PHP itself is opensource. You should be able to modify it withot too much difficulty to take the source code from another location, like some resource compiled directly inside the php.exe.
Use Zend Guard tool that compiles and converts the plain-text PHP scripts into a platform-independent binary format known as a 'Zend Intermediate Code' file. These encoded binary files can then be distributed instead of the plain text PHP. Zend Guard loaders are available for Windows and Linux platform that enables PHP to run the scripts encoded by Zend Guard.
Refer to http://www.zend.com/en/products/zend-guard
I would like to add another answer for anyone who might be Googling for answers.
Peach Pie compiler/runtime
There is an alternative method to run (and build apps from) .php source codes, without using the standard php.exe runtime. The solution is based on C#/.NET and is actually able to compile php source files to .NET bytecode.
This allows you to distribute your program without exposing its source code.
You can learn more about the project at:
https://www.peachpie.io/
You've got 3 overlapping questions.
1. Can I create a stand-alone executable from a PHP application?
Answered in this question. TL;DR: yes, but it's tricky, and many of the tools you might use are semi-abandoned.
2. Can I package my executable for distribution on client machines?
Yes, though it depends on how you answer question 1. If you use the .Net compiler, your options are different to the C++ option.
3. Can I protect my source code once I've created the application?
Again, depends on how you answer question 1. Many compilers include an "obfuscator" option which makes it hard to make sense of any information you get from decompiling the app. However, a determined attacker can probably get through that (this is why software piracy is possible).
I'm trying to write a website in PHP that allows the user to enter PHP code, and then be able to run it on my server. However, I want to be able to disable certain features (file access, database access, etc.). Basically, I want the code to run without any risk to my server, and if the code does attempt to do something dangerous, I just want the code to stop running (I don't mind if it just stops, produces an error, or carries on while ignoring the dangerous code).
Is this possible, and if so, how could I achieve this?
Thanks :)
It is possible using libraries that do some simple checking or limiting.
Take a look at a PECL (PHP Extensions) extension called RunKit_Sandbox http://php.net/manual/en/runkit.sandbox.php or PHPSandbox.
The key to look for on Google is PHP Sandbox, it will find you similar libraries.
vi php.ini
and then find disable_functions,
disable the functions as you want! like this :
disable_functions = exec,passthru,popen,proc_open,shell_exec,system,phpinfo,assert,chroot,getcwd,scandir,delete,rmdir,rename,chgrp,chmod,chown,copy,mkdir,file,file_get_contents,fputs,fwrite,dir
I actually developed a package specifically for these kinds of use cases. It can be fully configured and even used to override dangerous functions and globals.
https://github.com/fieryprophet/php-sandbox
I'm in the process of writing some epub creation functionality using php5. Currently I am attempting to use ZipArchive but have run into a couple annoyances with it. First of all, there is no functionality to set the compression level. Second of all, ZipArchive::addFile() seems to fail silently and create a corrupt archive whenever I use it. I have been using file_get_contents() + ZipArchive::addFromString() instead but would prefer to just use the documented function for adding files.
I will not post code samples unless someone would really like to help me debug this issue, but rather I'm wondering if there are any other libraries for creating zip (pkzip) archives in PHP that you would recommend. So far, I have seen PclZip, whose site does not seem to be loading, but not much else. I have also considered using exec() + zip (unix command). This code will only run on this one particular linux box so portability is not an issue.
Thanks in advance for any suggestions!
PCLZip is pretty good alternative, with zlib as its only dependency, if you can get access to the site. It's probably temporary, it was certainly accessible between Christmas and New Year.
It's also pretty efficient, even in comparison with ZipArchive
EDIT
You say that you've had problems with ZipArchive's addFile() method. Is this in a Windows environment, or on your Linux server? I know that there have been a few buggy releases of the php_zip library on Win32 that can give this problem, although the latest versions seem OK, and I've not encountered the same problem on other platforms (even the WIN64 version).
I'd use exec() and the Unix command. A native-to-the-system way to solve the problem - the unix utils will always be a step or two ahead from their PEAR counterparts.
I'm desperately searching for a way to generate SNMP traps from PHP. I know the build in methods to use snmpget but I was not able to figure out how to send SNMP traps.
Does anybody know a class / code snippet for it? Searching the web did not bring up anything other than using exec to call cli tools which is definately no option for me.
I suspect that it would be neccessary to use socket_create and corresponding functionality to generate the UDP package manually...
As far as I know, there is no native way for generating traps/informs with php. Even the SNMP extension only permits get and set requests. So the only (quick) way to accomplish this is to call an external tool like net-snmp. The proper command line would be something like
snmptrap -v 1 -c public manager enterprises.spider test-hub 3 0 '' interfaces.iftable.ifentry.ifindex.1 i 1
will send a generic linkUp trap to manager, for interface 1 (taken from the manpage). To execute this from php the net-snmp binaries should be on the path of the system and you could either call exec, shell_exec or proc_open.
Obvisouly you also can send the trap by yourself by encoding it as raw byte array and sending it over an UDP socket, but then you had to implement a BER encoder and a SNMP packet encoder all by yourself which I don't recommend. For your reference, you would need those informations:
Basic Encoding Rules
ASN.1
and some further links found
here
There are no core SNMP trap libraries. Or even any core libraries that will help you package an SNMP udp packet. I did however find this abandoned project. http://code.google.com/p/php-snmp/ which provides most of what you would need to send a simple trap.
A little more active but a lot more complex seems to be http://www.activexperts.com/network-component/howto/snmpts/php/
For anybody searching for such a library these days (in 2019), I found https://github.com/FreeDSx/SNMP which supports sending SNMPv1 and SNMPv2 traps (including inform requests).
I know this question is old, but I just came across it via Google, and thought to update it according to my findings in case someone else also lands here.
As Jek answered, using net-snmp is the best solution.
Although the original post said that he didn't want to use any external components, consider you can now add net-snmp though apt-get (look up package php-snmp) for many Linux distro's, and I'm sure installing on Windows will be equally easy.
The great benefit of using it, is as of PHP 5.3.3, PHP inherintly has built-in interface functions to use SNMP, so that you don't have to use exec, shell_exec or proc_open. Everything can be done in a PHP environment.
See http://php.net/manual/en/book.snmp.php