I've inherited a PHP application that has "versions" of pages (viewacct.php, viewacct2.php, viewacct_rcw.php, etc). I want to discover which of these pages are called from other pages in the application and which are not. Is there a tool available that will help with that?
Using whatever tools you would like (Find/Grep/Sed on Linux, I use Visual Studio on windows), it is just a matter of crawling your source tree for references of the filenames in each file.
Similar to FlySwat's answer: any good text editor or IDE with multi-file search should be able to help you find the orphan pages. On Mac OS X I would suggest TextWrangler(free), TextMate($), or BBEdit($$). I've had good success with each of these tools, but your mileage may vary.
If you wish to find out what pages are called by other pages, you need to look at where stuff is being called. Obviously in php code, you can only reference other files via includes or requires and the singular versions of those functions.
So if I were you I would grep your code for include and then require and attempt to make some kind of map showing what is calling what. Eventually you should end up with a pretty clear map of how the php files talk to each other. Then you will need to work out how the various points of the application talk to each other from there via HTML/AJAX etc.
Good luck. I have done it before, it takes a while, but you'll get there, just make sure you document what you find out.
You may want to try out nWire for PHP.
nWire for PHP is an innovative Eclipse plugin (works with Eclipse PDT & Zend Studio 7) which accelerates PHP development by helping developers navigate through their code and better understand the architecture of their application. nWire offers unique tools for real time code visualization, navigation and search.
nWire analyzes all the components and associations in your project. While opening a file you can immediately see where (and if) it is being used.
Related
If I would like to distribute PHP application with installer(package system of OS) how should I proceed? I don't want PHP files to be there, just working application, so when I type 'app' into console, it ends up being launching application, without need to install PHP on system(no php installation on host required). I would also like the application to have patch-able byte-code, so it's in parts, loaded when needed and only part needs to be replaced on update.
What I would do now is following:
->Compile PHP with extensions for specific platform.
->Make binary application which launches '/full/php app' when app is launched.
->Pack it in installer in a way, that there would be binary added to path when added, launching specific installation of PHP which is alongside the app with argument of start point->App would be running.
Problem is:
Maybe I don't want my PHP files to be exposed(in application, there will be available source anyway) is there some ready made stuff to do this? Is there some better way than I proposed?
Alternative: Modifying OP Cache to work with "packing" application to deliver byte codes to modified OP Cache which just reads the cache.
My suggestion would be a tiny tool I just finished, for almost exactly the same problem. (Oh yes I tried all the others but they're old and rusty, sometimes they're stuck with 4.x syntax, have no support, have no proper documentation, etc)
So here's RapidEXE:
http://deneskellner.com/sw/rapidexe
In the classical way, it's not a really-real compiler, just a glorified packer, but does exactly what you need: the output exe will be standalone, carrying everything with it and transparently building an ad-hoc runtime environment. Don't worry, it all happens very fast.
It uses PHP 7.2 / Win64 by default but has 5.x too, for XP compatibility.
It's freeware, obviously. (MIT License.)
(Just telling this because I don't want anyone to think I'm advertising or something. I just took a few minutes to read the guidelines about own-product answers and I'm trying to stay within the Code of the Jedi here.)
However...
I would also like the application to have patch-able byte-code, so it's in parts, loaded when needed and only part needs to be replaced on update.
It's easier to recompile the exe. You can extract the payload pieces of course but the source pack is one big zip; there seems to be no real advantage of handling it separately. Recompiling a project is just one command.
Maybe I don't want my PHP files to be exposed(in application, there will be available source anyway)
In this case, the exe contains your source compressed but eventually they get extracted into a temp folder. They're deleted immediately after run but, well, this is no protection whatsoever. Obfuscation seems to be the only viable option.
If something goes wrong, feel free to comment or drop me a line on developer-at-deneskellner-dot-com. (I mean, I just finished it, it's brand new, it may misbehave so consider it something like a beta for now.)
Happy compiling!
PHP doesn't do that natively, but here are a few ideas:
Self-extracting archive
Many archival programs allow you to create a self-extracting archive and some even allow to run a program after extraction. Configure it so that it extracts php.exe and all your code to a temp folder and then runs ir from there; deleting after the script has complete.
Transpilers/compilers
There's the old HPHC which translates PHP code to C++, and its wikipedia age also contains links to other, similar projects. Perhaps you can take advantage of those.
Modified PHP
PHP itself is opensource. You should be able to modify it withot too much difficulty to take the source code from another location, like some resource compiled directly inside the php.exe.
Use Zend Guard tool that compiles and converts the plain-text PHP scripts into a platform-independent binary format known as a 'Zend Intermediate Code' file. These encoded binary files can then be distributed instead of the plain text PHP. Zend Guard loaders are available for Windows and Linux platform that enables PHP to run the scripts encoded by Zend Guard.
Refer to http://www.zend.com/en/products/zend-guard
I would like to add another answer for anyone who might be Googling for answers.
Peach Pie compiler/runtime
There is an alternative method to run (and build apps from) .php source codes, without using the standard php.exe runtime. The solution is based on C#/.NET and is actually able to compile php source files to .NET bytecode.
This allows you to distribute your program without exposing its source code.
You can learn more about the project at:
https://www.peachpie.io/
You've got 3 overlapping questions.
1. Can I create a stand-alone executable from a PHP application?
Answered in this question. TL;DR: yes, but it's tricky, and many of the tools you might use are semi-abandoned.
2. Can I package my executable for distribution on client machines?
Yes, though it depends on how you answer question 1. If you use the .Net compiler, your options are different to the C++ option.
3. Can I protect my source code once I've created the application?
Again, depends on how you answer question 1. Many compilers include an "obfuscator" option which makes it hard to make sense of any information you get from decompiling the app. However, a determined attacker can probably get through that (this is why software piracy is possible).
Problem
I have a legacy codebase I need to analyze and determine dependencies. Particularly the dependencies on classes (internal/external) and extensions (Memcache, PDO, etc).
What I've Tried
I have reviewed the tools listed in Is there a static code analyzer for PHP files?. Unfortunately, this post is dated and most of the promising tools like phpCallGraph no longer work.
My thought was to analyze the code lexically and look for class tokens. Reviewing a list of these would at least allow me to visually determine dependencies. However finding OtherClass in the following code may be complex:
$classname = 'OtherClass';
echo $classname::doubleColon();
In the end, I doubt I'm the first to need this. I'm sure a tool or combination of tools exist to provide what I need. So I'm asking the SO community before writing this myself.
Update
Ideally this tool will analyze multiple files with complete code coverage. As such, tools like Xdebug, while great, are not solutions to this exact problem.
Instead of phpCallGraph you could use Gopal Vijayaraghavan's inclued extension which in combination with Graphviz gives you a nice looking graph of all included files for a certain execution path.
Example:
Moreover, I'd recommend Xdebug (a PHP debugger) which offers a profiler that outputs data consumable by Valgrind. Use the debugger with a compatible IDE to follow the execution path (which helped me a lot to wade thru e.g. Drupal's massive call-stack).
Combine both and you should get a fairly thourough overview.
EDIT
Searched the web and found nWire for PHP - an eclipse plugin that looks like it could be the right tool for you (30 day free trial which should be enough to give you a head start).
I think PhpCodeAnalyzer is exactly what you're looking for - https://github.com/wapmorgan/PhpCodeAnalyzer
It print list of all used external extensions in code base.
I'm confused as to where exactly I should find com.sun.script.http.ScriptServlet that I've seen in numerous samples across the web.
Is JSR-223 included in JDK 1.6? I've seen people talk about a reference implementation, but the only working link on Oracle's site doesn't seem to include such a class. My non-local environment also uses OpenJDK, which I doubt would have any Sun implementation of JSR-223 anyway! In this case where can I get it from? I'm not even sure what 'it' is in this scenario :/
I want to be able to use PHP as a view technology, invoked from a Servlet. I gather JSR-223 was designed with this sort fo usage in mind, but I'm struggling to figure out
Edit
One guide in particular (http://acet.rdg.ac.uk/projects/vre/jsr223inst.php) mentions invocation of PHP via JNI, which sounds ideal. If there's something in existence as part of the final spec that'd allow me to do this via Servlet, I'd be a very happy bunny.
It's available here. Below is an extract of relevance:
Previously, Ludo and Arun described how to run PHP 5 on GlassFish using Quercus, see here and here. However, it is also possible to invoke the native PHP engine on Glassfish, using jsr223 and a PHP bridge. The following steps should work on Sparc Solaris 10.
Download script.jar and drop it into <glassfish>/lib.
Download libphp5-5.0.1-sparc-S2.so, save it as libphp5.so and drop it into <glassfish>/lib.
Download phptest.war and deploy in Glassfish.
Run the PHP on http://localhost:8080/phptest/hello.php.
The class you mentioned is contained in the script.jar file.
There's Quercus, Caucho's Java reimplementation of PHP in Java, quite easy to package as a WAR. JSR223 is included in Java 6, but the only script engine it's shipped with is Rhino, Mozilla's JavaScript interpreter. There are a number of JSR-223 compatible script engines available, check out the repository. Instructions on how to integrate Quercus in eg Glassfish can be found on Arun Gupta's blog.
I recently had a website developed by an external source. They gave me the source code as well as sql files.
When I extract the source code I see folders like Smarty, fckeditor and many php files. I want to start editing these as I find it to be the best way to learn. What tool should I use. I tried using trial version of PHPdesigner, but it just doesnt open my php files.
Is there any tool that can take all these files in the form of a project and simultaneously show me a visual display of any changes that I make.
I suppose it is very clear that I am new to this. Any help will be greatly appreciated.
Just use simple text editor with some code highlight like Notepad++
It is free to use, very fast and it does what you need.
First of all try to know what are the different file types and which lanuguage are those targeted to. Once you know that you can then decide on the editor.
What i recommend is you try to find out if they used a framework for the website, something like CakePHP or CodeIgniter. The next step after you find out is to go the framework website and start reading the documentation.
If the site id developed in php most likely any type of WYSIWYG editing is going to inaccurate. This is because a number of different files need to be processed and combined by the php interpreter before they come together to make any given page or view. Thus the only way to really preview is to run it on a server. Since you say there are sql files he has laso used a DB to store something so most likely any changes you would need to make are going to be spread between both the php source files and the records in the db.
Aptana (Which is Eclipse based) is great at handling many different file type in one IDE. I would use Studio 2 w/ the plugins you need or if you feel cutting edge try Studio 3. It's cross platform so Linux/Windows or OSX.
I keep seeing all these cool new frameworks for web dev, but am very confused, because 95% of the info I read is all just hype, how do they work?
Is it as simple as providing a link in your html to a server that hosts the framework? Or do you have to download the framework, and install it on your own server?
Do web frameworks work with Winhost.com (windows-based hosting with php), or the many other windows-based hosting providers? Sorry if this is a stupid question, but the pages I have visited are very confusing!
Most of the frameworks would require you to download them and re upload them to your hosting.
Since having some crazy requirements would hit the popularity of such framework, most of the populars one tends to have as less as possible requirements. I.e. you don't need to have specific PHP extensions or PHP settings, so it would be possible to use them on any hosting(PHP5 hosting, zf, symphony and other don't play well with PHP4).
In term of what a framework brings you, you can see a framework as a big code base the you can use to make your development faster. You don't have to reinvent the wheel. Plus a framework would force you to code more cleanly.
Generally speaking and in a nutshell, they allow you to generate HTML (with code) instead of providing static pages to the users. This also means you get to code less and don't repeat yourself.
PHP and Ruby on Rails are examples of web frameworks. You have to get them installed on a server.
Here's how it works.
Static HTML page is the oldest type of webpage. You write some HTML code, and when the server receive request from browser it parses the URL and determine which HTML file corresponds to the URL.
Dynamic page, is similar to static HTML page; but instead of writing HTML code, you write PHP/ASP/Python/CGI/etc code that writes HTML code.
As it happens, a lot of dynamic websites shares a large chunk of similar PHP/ASP/Python/CGI/etc code. A web framework is a set of pre-written code someone else have written; so instead of you writing the code, you offload half of the code-writing to the web framework's authors.
Different framework have different requirements. The simplest are just several simple PHP pages you can include() into your own codes (i.e. installing is a matter of copying the PHP pages into the same directory as your own code). The more complex one might reverse the role, they take control how the page is processed (i.e. installation is more involved, they might need to tweak the server's configurations).