Preventing access to backup PHP~ files in Apache

Many Linux command-line people use the VI editor; but if you’re like me and prefer Emacs, you often run into the “problem” that Emacs creates backup files using the original filename and appending a tilde (~) to the end of the filename. E.g. “secret.conf.php” becomes “secret.conf.php~”.

There are a number of ways to go around this, of course. One way is to configure a separate directory for each user where Emacs stores its backup files, and then make that directory readable only by the user.

Why is this a problem? Well, if you’re using Emacs to quickly modify PHP applications’ configuration files, like the database configuration file, you’ll leave a trail of .php~ files. These files are typically not parsed by the PHP processor, instead they are handled by the text file handler in Apache. Meaning, if I enter the url http://myverycoolsite.com/secret.conf.php~, Apache will gladly display its actual contents, just like if you were editing the file.

This can be prevented by using the .. configuration construct in Apache like so:

<Files ~ “\.(html\~|htmls\~|php\~|phps\~|php3\~|php4\~)$”>
  Order allow,deny
  Deny from all
</Files>

Perhaps not the most elegant of solutions, but it works. It will result in an “Forbidden” response from Apache. Check out the Apache documentation for more details on this directive.

You can go back to sleep now 🙂

Nullifying pointers in PHP

Using pointers in PHP is quite useful at times; but it can also leave you dumbstruck with serious debugging on your hands. Consider this construct:

[code]for ($i = 0; $i < 10; $i++) { $p1 = null; if ($Buffer [$i]['type'] == 'scanthis']) { $p1 =& $Buffer [$i]['data']; } .. if ($p1 != null) .. }//for[/code]
This will in effect dereference and overwrite a given [‘data’] array member of $Buffer if [‘scanthis’] evaluates to true. But I still want to use “null” as an indicator to whether or not to do something.

So I replace the above with:

[code]for ($i = 0; $i < 10; $i++) { unset ($p1); <-- $p1 = null; if ($Buffer [$i]['type'] == 'scanthis']) { $p1 =& $Buffer [$i]['data']; } .. if ($p1 != null) .. }//for [/code]
This will destroy $p1, but not what it’s pointing to, and then it sets $p1 to null, just like before.

This is obvious when you look at it, and there are a number of other ways to accomplish what I describe above, but it had me stumped for a while 🙂

Delphi for PHP

So Borland (or CodeGear) finally realized the web was a place where old Delphi developers may hang around on, and decided to release Delphi for PHP (!). I haven’t looked at the product myself, other than screenshots, but it sounds like someone at Borland or CodeGear got their flashbulb working a bit too late. Had this product been out a few years ago, it might have been an interesting package. As an IDE and framework platform, it may still have some merit, in particular for “quick and dirty” needs. And, I suppose, for someone who has spent a lot of time working with Delphi/Kylix and want to publish “generic PHP apps” without having to learn too many new things in order to do so, Delphi for PHP may be a good solution.

Having worked with Turbo Pascal since version 2.x (yes, I’m that old), and then Borland Pascal, Object Pascal, Delphi, Turbo C/C++, Borland C/C++, I would probably have been interested in Delphi for PHP, five years ago. But I’d say it takes a lot more than a revamped Delphi interface sporting PHP code, to get people with tools like ZDE and all the available PHP frameworks, to switch their development environment.

TASM anyone? Or perhaps Microsoft will now release MASM for PHP. Another hotseller might be Sidekick for the Web! 🙂

I wish CodeGear the best of luck, and I hope this will bring forth even more competent PHP developers.

Other related links:
  Delphi Wiki: http://delphi.wikia.com
  Slashdot: Delphi for PHP released
  CodeGear: Delphi for PHP
  First impressions: Tim Anderson’s ITWriting
  Other impressions: The Joel on Software Discussion Group
  InfoWorld: CodeGear extends Delphi for PHP, Vista, AJAX
  Professional PHP: Delphi for PHP

SwiftMailer 3

Swift is a fully OOP Library for sending e-mails from PHP websites and applications. It does not rely on PHP’s native mail() function which is known for using high server resources when sending multiple emails. Instead, Swift communicates directly with an SMTP server or a MTA binary to send mail quickly and efficiently.

Early versions of Swift were comparable to PHPMailer. Swift has since evolved and matured into a fully-fledged object-oriented mailing solution. Compared with PHPMailer, the interface for Swift is both tighter and more intuitive.”

So describes Chris Corbyn his Swift or SwiftMailer project for PHP. I’ve been using it since version 2.x and can happily recommend it to any serious PHP developer out there (in stating this, I’m by no means claiming to be a serious PHP developer of course :-). Chris provides for both PHP4 and PHP5 compliant packages.

SwiftMailer is more than just a replacement for PHPmailer, XpertMailer, and other similar packages. Version three sports a much more flexible plugin architecture.

Do you PHP? Do it Swiftly.

You’ll find SwiftMailer on www.swiftmailer.org.

Javascript Terminal [Emulator | Console]

I had an idea, one of many useless ideas I’m sure, but nevertheless an idea. To test my idea I need to find a good Javascript-only (AJAX is OK, but pure client-side Javascript or ECMASCRIPT is a requirement) terminal emulator. This turned out to be just a little bit harder than I expected.

I found found a zillion links (possibly more, the counts aren’t in yet) on Google and other search engines; I found a ton of half-way solutions that were client and server based, and I found, of course, the “standard” Java terminal/console window applets. But I did not find very many pure client-side terminal emulators. Anyterm seems nice, but it requires server-side support in the form of some Apache mods, which I would like to avoid if at all possible. There is a stand-alone daemon (experimental) for Anyterm, but again, I want client-side only.

I need one that isn’t restricted in any way as far as usage goes. The “prettiest” one by far thus far in the hunt is the stuf presented at www.masswerk.at, but it has restrictions on usage that I’m not entirely sure I qualify for.

I also found JSterm, which might be a step in the right direction. Perhaps studying the code, I could make the necessary modifications myself. Then there’s AjaxTerm, but it’s Python, not Javascript.

Aaargh!

Ho ho.. another night of past 01:00, time to hit the sack before I diminish by sorely needed beauty sleep even more 🙂

Update 2006-10-07 @ 21:24

WebTTY may also be of some interest, you can find it here.