PHP code snippets and examples

Joomla! (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit

,

Yesterday, Melvin Lammerts wrote an article on the account creation with elevated privileges vulnerability in Joomla! < 3.6.4. And included a PoC exploit. This Joomla! vulnerability makes it easy for an attacker to create an user account, even when user registration is turned off. Yikes!

Read more

Always_populate_raw_post_data setting in PHP 5.6 & Magento 2.0

Does Magento 2 throw an error about always_populate_raw_post_data being set to 0? And are you having problems installing or updating Magento with PHP 5.6 and PHP 7? Then read on, because here is how to fix upgrades to Magento 2.0 in PHP 5.6 and higher (PHP 7).

Read more

Send authenticated email over TLS from Zen Cart

Zen Cart is an open source shopping cart software. Unfortunately, Zen Cart has had some difficulties in the past sending authenticated SMTP email from a website. Here is how to let Zen Cart send email over an encrypted TLS connection, when the following condition is met: StartTLS is required. Since Zen Cart v1.5.2 StartTLS support is available.

Read more

PHP 5.6 default_charset change may break HTML output

An important note for everyone who’s upgrading from PHP 5.4 and PHP 5.5, to PHP 5.6: the PHP default_charset in php.ini changed from “empty” to UTF-8, making UTF-8 the default charset in PHP. This may break HTML output if you try to set a different charset in your HTML head. It may also break functions like htmlentities() and htmlspecialchars. For example:

Read more

PHP, MySQL and IPv6: still slow

Years ago, I noticed that PHP connections to MySQL were significantly slower over IPV6 (where a hostname has an IPv6 address or AAAA record), when no MySQL service is listening on that address. The connection is refused, and PHP has to fallback to IPv4. The fallback takes a significant amount of time. Too much time if you’d asked me. Unfortunately this fallback to IPv4 is still slow today…

Read more

Migrate PHP ext/mysql to MySQLi

Convert ext/mysql to MySQLi how-to. This post will show you how to convert your old PHP mysql extension functions to PHP MySQLi extension. Migrating away from ext/mysql to MySQLi – or PHP Data Object (PDO) – is important, because the ext/mysql functions are deprecated as of PHP 5.5.0. If you do not update your PHP code, your website will fail soon!

Read more

How to set a good PHP realpath_cache_size

,

The PHP directive realpath_cache_size sets the size of the realpath cache to be used by PHP. Increasing realpath_cache_size might greatly improve PHP performance, as PHP states: “this value should be increased on systems where PHP opens many files.” Setting a correct value for PHP realpath_cache_size can greatly improve PHP performance and optimize WordPress – and other CMS’s – websites.

Read more

Redirect old URL to new URL or send 404 page with PHP

Redirect pages with PHP. If you’ve moved some old PHP pages, or URLs, to new pages and URLs, you can use the following PHP code snippet to easily redirect all visitors and incoming requests to the new location. This PHP code snippet uses a 301 Moved Permanently redirect, perfect for SEO.

Read more

PHP script to check website availability with PHP/cURL

Here you find a PHP script to check if a website is online availability with PHP/cURL. The following PHP function checks if your website is online available or not. Website uptime and availability is important and you want your website to be always online available. When your website is down, you want to be notified about the downtime.

Read more

Set or remove the read-only attribute assigned to files with PHP chmod

Chmod.php, change file attributes with PHP, to make files read only or normally accessible on Windows IIS servers. Sometimes you need chmod to make files read only on your website, or make them normally accessible in case they already are read only. For instance Drupal’s settings.php configuration file, or WordPress Contact Form 7 temporary captcha files, are examples of read-only files.

Read more

Validate MIME types with PHP Fileinfo

How to check the file type in PHP and secure file uploads: it is important to validate MIME types in PHP. Especially of files uploaded through an upload form to your website. Using PHP, the best way to validate MIME types is with the PHP extension Fileinfo. Any other method might not be as good or secure, and unfortunately those other methods are still wildly used…

Read more

Optimize all MySQL tables with PHP/MySQLi multi_query

The PHP MySQLi extension supports multiple queries, which are concatenated by a semicolon, with mysqli->multi_query. We use this to optimize all MySQL tables, in a single multi-query statement. Neat! Optimizing MySQL tables is important to keep tables small and fast. This boosts MySQL, PHP and website performance and we all love that, don’t we? :)

Read more

Don’t turn off CURLOPT_SSL_VERIFYPEER, fix your PHP configuration

An often heard solution to PHP cURL errors with SSL is to turn off CURLOPT_SSL_VERIFYPEER. Please don’t turn off CURLOPT_SSL_VERIFYPEER, but fix your PHP config instead. This article provides you with two solutions to solve CA certificate validation errors with PHP cURL and OpenSSL. For system administrators and end-users.

Read more

Connect to MS SQL Server with PHP 5.3+

Connect to an SQL Server database with PHP 5.3+ using the SQLSRV API and sqlsrv_connect. As of PHP 5.3.2 you have to use the SQLSRV API functions to connect to an MS SQL Server database from PHP. For example, use sqlsrv_connect() to create a connection resource and open a connection. The main difference with the older mssql functions of PHP is that SQLSRV requires an Array() with connection information, instead of strings.

Read more

Cache MySQL query results with PHP WinCache

Cache MySQL query results in PHP and WinCache. And it turns out to be pretty easy as well! In November 2011, I wrote a post about MySQL query caching with PHP/Zend_Cache, and I recently stumbled upon a blog post Memcached And PHP, Caching Mysql Query Result by KutuKupret. This made me wonder if the same would be easily done with the Windows Cache Extension for PHP.

Read more