We have FireSymfony that allows one to view the Symfony, PHP variables in a firebug panel, so I wonder whether there is a similar extension that allows me to view PHP variables for general PHP apps ( not just Symfony apps)?
You may want to check out FirePHP. It is an extension to FireBug that allows sort of an extended logging of PHP through the Firefox Browser/Firebug Console.
Probably somewhat close to what you are looking for, even though you'd still have to make specific use of it in the PHP scripts.
I think that is part of what Symfony supports, exporting PHP variables to client side for debugging.
you see, PHP variables are located on the server, not at the client. Thus when you load the page, you won't be able to see the PHP variables from client side.
Thus if you want to debug PHP variables, you must have a way for your application to export the variables out to the client side for firebug or any other extension to debug.
In other words, it's not really possible for that to happen for ALL php applications.
Another option is Formaldehyde which integrates nicely with Firebug.
Related
I'm trying to write a website in PHP that allows the user to enter PHP code, and then be able to run it on my server. However, I want to be able to disable certain features (file access, database access, etc.). Basically, I want the code to run without any risk to my server, and if the code does attempt to do something dangerous, I just want the code to stop running (I don't mind if it just stops, produces an error, or carries on while ignoring the dangerous code).
Is this possible, and if so, how could I achieve this?
Thanks :)
It is possible using libraries that do some simple checking or limiting.
Take a look at a PECL (PHP Extensions) extension called RunKit_Sandbox http://php.net/manual/en/runkit.sandbox.php or PHPSandbox.
The key to look for on Google is PHP Sandbox, it will find you similar libraries.
vi php.ini
and then find disable_functions,
disable the functions as you want! like this :
disable_functions = exec,passthru,popen,proc_open,shell_exec,system,phpinfo,assert,chroot,getcwd,scandir,delete,rmdir,rename,chgrp,chmod,chown,copy,mkdir,file,file_get_contents,fputs,fwrite,dir
I actually developed a package specifically for these kinds of use cases. It can be fully configured and even used to override dangerous functions and globals.
https://github.com/fieryprophet/php-sandbox
I'm writing some scripts that are free, but only to members within my teaching program. What I want to do is check what sites have installed the script.
I was thinking of obfuscating some PHP that posts back to my server when installed so I can see the domain it's used on. Obviously the user could remove this, but if I was to put a few application variables in with the code it might stop them removing because doing so would break the script.
Any comments on this approach?
if you really want to be sure, use something like Zend Guard (aka Zend Encoder) to encode the php file.
If you want some of it to be user-editable, just encode the core functions (along with your security check) in a separate file and then leave the higher level code open for them to tinker with/modify as required.
I know there are PHP debugging tools available, but I'm curious about doing something like this myself.
Is there a way to obtain the data that is being processed by PHP for debugging purposes? For example, without having to change the code of my PHP application, is there some way, when I run a function, I can see what variables exist within that function, what called that function, what the return value was etc?
The solution doesn't specifically doesn't need to be in PHP, ie this could be somethig that is written in C etc
Well, may I suggest you look into adding firePHP to your code. FirePHP has 2 components, a server side component, and a browser component for firefox, it uses the firebug addon. Once installed properly you can do things like FB::Log($variable) and you will see this information inside of the log portion of firebug, when you click on it, it shows the entire variable broken out. Also if you were to install the error handler, when you get a caught exception, you are able to see the entire stack trace of how this exception was invoked.
Highly recommended.
try PHP xdebug module - http://xdebug.org/
u can log the debugging info,
or output as HTML
changes might required to initiate xdebug
You can use some introspective functions like debug_backtrace, but these will only get you so far. To gather any kind of information, you would need to hook into PHP itself, which you would most likely do with an extension written in C. I'd suggest you check out one of the existing debuggers to see how they do it, for example xdebug.
I'd really like to get deeper into my php scripts and use things like breakpoints, as I'm doing with JS with firebug.
I'd like to know more about what techniques people use, and some solid examples of how to debug with breakpoints a php project.
Thing's I'd like to be able to see..
Properties of objects
Class hierarchies.. where objects are coming from, file names etc.. (useful in ZF/Magento)
Variables, types, content..
headers, post data, get data, session data, cookies..
Network / filesystem status..
I know a lot of this can be done with logging and print_r/vardump etc, but its a bit raw.. and I'd like to be able to use a "continue"/"step-over" etc command on code after hitting a breakpoint, like with firebug.
from php.ini:
zend_extension_ts = c:\wamp\bin\php\php5.2.11\ext\php_xdebug-2.1.0-5.2-vc6.dll;
xdebug.remote_enable=On;
xdebug.remote_host="localhost";
xdebug.remote_port=9000;
xdebug.remote_handler="dbgp";
xdebug + remote debugging + one of the supported clients
Use XDebug, it does most of what you require (not network/filesystem), and with it you can debug from eclipse, zend studio, pdt, or even notepad++
I keep debugging again and again when dealing with Magento, and it is super useful in this case, since Magento's function call stack is very deep.
PHP is interpreted and server side scripting language. So, there are only few editors that supports the break point in PHP. And if you are doing the server side scripting then there is no way to debug your script using break points.
However if you are planning to have basic scripting & debugging then you can go with http://www.firephp.org/. Also if you use Zend Studio editor then you will have many options on hand for debugging your script. Zend Studio supports the break point, run & debug options.
I prefer to log the execution of my script in file.
Thanks
I am writing a small web server, nothing fancy, I basically just want to be able to show some files. I would like to use PHP though, and im wondering if just putting the php code inside of the html will be fine, or if I need to actually use some type of PHP library?
http://www.adp-gmbh.ch/win/misc/webserver.html
I just downloaded that and I am going to use that to work off of. Basically I am writing a serverside game plugin that will allow game server owners to access a web control panel for their server. Some features would be possible with PHP so this is my goal. Any help would be appreciated, thanks!
The PHP won't serve itself. What happens in a web server like Apache is before the PHP is served to the user it is passed through a PHP parser. That PHP parser reads, understands and executes anything between (or even ) tags depending on configuration. The resultant output, usually still HTML, is served by the web server.
There are a number of ways to achieve this. Modules to process PHP have been written by Apache but you do not have to use these. PHP.exe on windows, installed from windows.php.net, will do this for you. Given a PHP file as an argument it will parse the PHP and spit the result back out on the standard output.
So, one option for you is to start PHP.exe from within your web server with a re-directed standard output to your program, and serve the result.
How to create a child process with re-directed IO: http://msdn.microsoft.com/en-us/library/ms682499%28VS.85%29.aspx however, you won't be writing the child process, that'll be PHP.exe
Caveat: I am not sure from a security / in production use perspective if this is the most secure approach, but it would work.
PHP needs to be processed by the PHP runtime. I'm assuming the case you're talking about is that you have a C++ server answering HTTP queries, and you want to write PHP code out with the HTML when you respond to clients.
I'm not aware of any general-purpose PHP library. The most straightforward solution is probably to use PHP as a CGI program.
Here's a link that might be useful for that: http://osdir.com/ml/php-general/2009-06/msg00473.html
This method is nice because you don't need to write the HTML+PHP out to a file first; you can stream it to PHP.
You need execute the PHP page to serve the page it generates.
The easiest thing for you to do would be to add CGI support to your webserver in some basic form. This is non-trivial, but not too difficult. Basically you need to pass PHP an environment and input, and retrieve the output.
Once you have CGI support you can just use any executable, including PHP, to generate webpages.