I was working on this mini contact form the other day where a user basically enters in a bunch of info, the form submits to itself via PHP_SELF, and sends out an email. Oddly enough, once I transferred the form to its permanent home and spent a decent chunk of time trying to figure out why it wasn’t working anymore, I discovered that my developement box still had register_globals enabled from a previous project I was working on.  Doh!

This is part of my loop, which basically just grabs all the $_POST variables and their values to compare them with a previous array ($required) that specifies what values should be present in order for the mailer to determine how much of the form was completed:


// Values passed: domain,email

foreach($_POST as $name => $value) {
if(in_array($name,$required)){
if(empty($value) && value != 0 ){
$complete=0;
}else{
$complete=1;
}
}
}

(Ignore the fact that WordPress reformats my coding)

The problem is, when I went to use the names of the variables or their values later in the script, I got nothing. This of course would work with register_globals enabled, but since I prefer to work in a more secure environment, a small adjustment was needed in to make those variables available outside the loop:


// Values passed: domain,email


foreach($_POST as $name => $value) {
$$name = trim($value);
if(in_array($name,$required)){
if(empty($value) && value != 0 ){
$complete=0;
}else{
$complete=1;
}
}
}

Pretty simple stuff, eh? All I did here was tell the loop to actually create a variable and value for each $_POST value that was part of the foreach loop. From there, all I had to do was use these values are normal ($domain,$email,etc)

I recently wrote a PHP script that uses SoapClient to connect to a SOAP server to verify username/password credentials for a monitoring system.  The script basically returns the result as a yes or no – however, as we all know with SOAP, when you hit an error you get a mess of crap that comes back like this:

Uncaught SoapFault exception: [ERROR_BAD_LOGIN] Bad login or password. in /path/to/stuff.php:20

Stack trace:
#0 [internal function]: SoapClient->__call('GetAccountByNam...', Array)
#1 /path/to/stuff(20): Utils_SoapClient->GetAccountByName(Object(SoapVar))
#2 {main}

All I need is an error code, and when the SOAP function fails (which is expected if the login credentials are invalid), the script halts and I don’t get anything.  Luckily, PHP has pretty good exception handling that can tell SOAP to treat output like a test.   For example, the following line of code in the above example passes a username string ($struct) to a SOAP object, and is the line of code that is failing:

$result=$accountService->GetAccountByName(new SoapVar($struct, SOAP_ENC_OBJECT));
$result_username = $result->UserAccount->AccountId;


In my case, if the login credentials being tested are incorrect, the value of the $result variable should be empty.  To suppress the ugly SOAP error and only return what I want, I use exceptions:

try {
$result=$accountService->GetAccountByName(new SoapVar($struct, SOAP_ENC_OBJECT));
}
catch(SoapFault $result){
}
catch(Exception $result){
}

Therefore, I can now use the value of $result as intended:

if(!empty($result_username)){

echo "Login OK";
exit(0);
}else{

echo "Login failed";
exit(1);
}

Those of us fluent in digital photography have come across the term “Exif data” numerous times when it comes to software we use to digitally manipulate photographs. Exif (Exchangeable image file format) data is generally used to identify the properties of the camera that snapped a picture, and usually the software that altered it afterwards. It can tell you when a picture was taken, what kind of camera took it, as well as the camera’s model, shutter speed, focal length, and even provide a thumbnail of the image on the camera’s LCD screen.

Why would you need to extract this information?  If you’re ever uploaded images to stock photography sites and wonder how they know so much about your pictures, it’s because they extract the Exif data from your pictures to provide more information on how they were taken. This quick tutorial will demonstrate how to extract Exif data from an image using PHP.

Enabling the Exif Extension

The Exif functions for PHP may not be native to your installation, so you can check by viewing your phpinfo file or running “php -m” via command line to see a list of modules compiled in. If you don’t see Exif listed, there are three ways you can enable it depending on how you installed PHP:

• If you compiled PHP manually, you can re-compile while adding –enable-exif to the configure line
• If PHP is installed via package (rpm/deb), it should already have Exif enabled. If not, you can install an RPM for the extension manually
• If you use cPanel, run EasyApache and select the Exif extension from the PHP module list, and recompile

Determining the Image Type

The exif_imagetype function identifies the format of an image, but returns the result as a code.  The PHP function reference provides a full list of these return codes, but 1-8 are the most common out of the 16:

1: GIF
2: JPEG
3: PNG
4: SWF
5: PSD
6: BMP
7/8: TIFF

Here’s a code example that lists all the desired valid image types in an array and detects the type of image from the specified file, returning the result in “human readable” format:

<?php
$image = "/path/to/myimage";

$types = array(
1 => "GIF",
2 => "JPEG",
3 => "PNG",
4 => "SWF",
5 => "PSD",
6 => "BMP",
7 => "TIFF",
8 => "TIFF"
);

$imagetype = exif_imagetype($image);

if (array_key_exists($imagetype, $types)) {
echo "Image type is: " . $types[$imagetype];
} else {
echo "Not a valid image type";
}
?>

Reading Exif Header Data

The exif_read_data function can be used to extract header data from JPEG and TIFF files:

<?php
$image = "/path/to/myimage";
$exif = exif_read_data($image, 0, true);
foreach ($exif as $key => $section) {
foreach ($section as $name => $val) {
echo "$key.$name: $val\n";
}
}
?>


This will return the elements of the array from exif_read_data, which can be very long depending on what information is available for the image. There are seven sections (arrays) of data types:

• FILE:  Contains the file’s name, size, timestamp, and what other sections were found (as listed below)
• COMPUTED: Contains the actual attributes of the image
• ANY_TAG:  Any information that is tagged
• IFD0:  Mostly contains information about the camera itself, the software used to edit the image, when it was last modified, etc
• THUMBNAIL: Information about the embedded thumbnail for the image
• COMMENT: Comment headers for JPEG images
• EXIF: Contains more information supplementary to what is in IFD0, mostly related to the camera (includes focal length, zoom ratio, etc)

Depending on the information available for the image, you’ll actually see a lot of data in the output. Say, for instance, you want to only output the IFD0 data to see the information of the camera that took the image:

<?php
$image = "image.jpg";
$exif = exif_read_data($image, 0, true);
foreach ($exif as $key => $section) {
foreach ($section as $name => $val) {
if($key == "IFD0"){
echo "$key.$name: $val\n";
}
}
}
?>

This will output:

IFD0.ImageWidth: 2592
IFD0.ImageLength: 3872
IFD0.BitsPerSample: Array
IFD0.Compression: 1
IFD0.PhotometricInterpretation: 2
IFD0.Make: NIKON CORPORATION
IFD0.Model: NIKON D80
IFD0.Orientation: 1
IFD0.UndefinedTag:0x0000:
IFD0.XResolution: 72/10000
IFD0.YResolution: 72/1
IFD0.PlanarConfiguration: 1
IFD0.ResolutionUnit: 2
IFD0.Software: Adobe Photoshop CS4 Windows
IFD0.DateTime: 2010:02:06 22:24:09
IFD0.Exif_IFD_Pointer: 304

Or, you can further narrow down the output by specifying specific values in the $exif multi-dimensional array:

<?php
$image = "image.jpg";
$exif = exif_read_data($image, 0, true);
echo "Software: " . $exif['IFD0']['Software'] . "\n";
?>

This will return:

Software: Adobe Photoshop CS4 Windows

Using Exif to generate a thumbnail

As touched on previously, many cameras and image manipulation software will include an embedded thumbnail for an image. You can extract this thumbnail using the exif_thumbnail function:

<?php
$image = "image.jpg";
$thumbnail = exif_thumbnail($image, $width, $height, $type);
echo "<img  width='$width' height='$height' src='data:image;base64,".base64_encode($thumbnail)."'>";
?>

Keep in mind that the thumbnail generated here is from the Exif data – there are other ways to create a thumbnails using many of the PHP image functions.

It’s useful for ISP’s and email service providers to run occasional RBL checks against their IPs to know when they are being blacklisted by populate CBL services. I’ve written a simple script that utilizes the DNSBL pear library to check against common blacklists, when given a list of IPs in a file.

First, you need to download or install the NET_DNSBL pear module. (Command: pear install NET_DNSBL)

<?php
require_once('Net/DNSBL.php');

$iplist = file("/path/to/iplist");

foreach ($iplist as $ip){

$dnsbl = new Net_DNSBL();

$dnsbl->setBlacklists(array(
'sbl-xbl.spamhaus.org',
'dnsbl.sorbs.net',
'bl.spamcop.net',
'dnsbl-1.uceprotect.net',
'dnsbl-2.uceprotect.net',
'dnsbl-3.uceprotect.net',
'isps.spamblocked.com',
'zen.spamhaus.org'
));

if ($dnsbl->isListed($ip)) {

echo "IP $ip is blacklisted!\n";

}

else {
echo "IP $ip not listed\n";
}
}

?>

Of course, this script can be very easily modified to pull IPs from a database, or assign the $ip variable from a GET or POST request (like from a form or API).  Here’s an exclusive list of some RBL’s you can check against using this script, by adding them to the array shown:

asiaspam.spamblocked.com
bl.deadbeef.com
bl.emailbasura.org
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org    cdl.anti-spam.org.cn
combined.abuse.ch
combined.rbl.msrbl.net
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.abuse.ch
dnsbl.ahbl.org
dnsbl.cyberlogic.net
dnsbl.inps.de
dnsbl.njabl.org
dnsbl.sorbs.net
drone.abuse.ch
duinv.aupads.org
dul.dnsbl.sorbs.net
dul.ru
dyna.spamrats.com
dynip.rothen.com
eurospam.spamblocked.com
fl.chickenboner.biz
http.dnsbl.sorbs.net
images.rbl.msrbl.net
ips.backscatterer.org
isps.spamblocked.com
ix.dnsbl.manitu.net
korea.services.net
lacnic.spamblocked.com
misc.dnsbl.sorbs.net
noptr.spamrats.com
ohps.dnsbl.net.au
omrs.dnsbl.net.au
orvedb.aupads.org
osps.dnsbl.net.au
osrs.dnsbl.net.au
owfs.dnsbl.net.au
owps.dnsbl.net.au
pbl.spamhaus.org
phishing.rbl.msrbl.net
probes.dnsbl.net.au
proxy.bl.gweep.ca
proxy.block.transip.nl
psbl.surriel.com
rbl.interserver.net
rdts.dnsbl.net.au
relays.bl.gweep.ca
relays.bl.kundenserver.de
relays.nether.net
residential.block.transip.nl
ricn.dnsbl.net.au
rmst.dnsbl.net.au
sbl.spamhaus.org
short.rbl.jp
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.dnsbl.sorbs.net
spam.rbl.msrbl.net
spam.spamrats.com
spamlist.or.kr
spamrbl.imp.ch
t3direct.dnsbl.net.au
tor.ahbl.org
tor.dnsbl.sectoor.de
torserver.tor.dnsbl.sectoor.de
ubl.lashback.com
ubl.unsubscore.com
virbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
xbl.spamhaus.org
zen.spamhaus.org

PHP has a couple DNS functions you can use to perform record lookups.

Most of us are familiar with the two basic ones – gethostbyname() and gethostbyaddr(), both of which perform a single function – returning a hostname or IP address. Here’s an example of both:

<?php

$ip = gethostbyname("v-nessa.net");
$host = gethostbyaddr("69.174.114.71");

echo "v-nessa.net has the IP $ip, which reverses to $host";
?>

The above will return:

v-nessa.net has the IP 69.174.114.71, which has a PTR of server.v-nessa.net

Similarly to gethostbyname, there’s gethostbynamel which is useful for hostnames with multiple A records:

$ips = gethostbynamel("test.v-nessa.net");
foreach ($ips as $ip => $value){
echo $value . "\n";
}

Will return:

69.174.114.71
69.174.115.243

A more advanced function is dns_get_record, which can pull any valid record for a hostname or IP.  Think about the dig command you use in Unix to find DNS records:

nessa@nessa-desktop:~$ dig +short v-nessa.net A
69.174.114.71

The dns_get_record function works in a similar way, and can obtain the following DNS record types:

DNS_A, DNS_CNAME, DNS_HINFO, DNS_MX, DNS_NS, DNS_PTR, DNS_SOA, DNS_TXT, DNS_AAAA, DNS_SRV, DNS_NAPTR, DNS_A6, DNS_ALL or DNS_ANY.

The following will give you a similar result:

$recs = dns_get_record("v-nessa.net", DNS_A);
print_r($recs);

Will return:

Array
(
[0] => Array
(
[host] => v-nessa.net
[type] => A
[ip] => 69.174.114.71
[class] => IN
[ttl] => 13728
)
)

If you want to obtain multiple DNS types, you can do so by separating the record types with a plus sign:

$recs = dns_get_record("v-nessa.net", DNS_A + DNS_MX);

Will return:

Array
(
[0] => Array
(
[host] => v-nessa.net
[type] => A
[ip] => 69.174.114.71
[class] => IN
[ttl] => 13736
)

[1] => Array
(
[host] => v-nessa.net
[type] => MX
[pri] => 0
[target] => v-nessa.net
[class] => IN
[ttl] => 14145
)

)

You’ll notice that the output is a double array, so to call individual values you can do either of the following:

// will return the IP for array 0 ( A record)

echo $recs[0]['ip'];

// will return results for common records

foreach ($recs as $type => $value){
echo $value[ip] . "\n";
}

Similar to the example above, you can use the DNS_ALL type to show any records available for the hostname, and use a minus sign to exclude certain record types. For example, the below code will return all DNS results for v-nessa.net, but exclude NS records:

$recs = dns_get_record("v-nessa.net", DNS_ALL - DNS_NS );

foreach ($recs as $type => $value){
echo $value[type] . "\n";
}

The following records were returned:

A
SOA
MX
TXT

Here’s a more practical example – a simple PHP DNS lookup script. Say you have a form on your site that allows a user to type in a hostname and select a type of record: A, MX, NS, and TXT. The passed form values are $host and $type, and the below script will accept the variables and output the results according to the record type:

HTML Form:

<form action="dns.php" method="POST">
Hostname: <input type="text" name="host" />
Type: <select name="type">
<option value="a">A</option>
<option value="mx">MX</option>
<option value="ns">NS</option>
<option value="txt">TXT</option> </select>
</form>

PHP Script (dns.php):

<?php

if(!empty($_POST['host']) && !empty($_POST['type'])){

    // Grab variable from form and define valid types

    $host = $_POST['host'];
    $type = strtoupper($_POST['type');
    $validtypes=array("A","MX","NS","TXT");

    // Check that dns type is defined or allowed

    if(!defined("DNS_" . $type) or !in_array($type,$validtypes)){
       echo "Invalid DNS Type!";
    }else{

       $type = constant("DNS_" . $type);
       $rec = dns_get_record($host, $type);

       // Set result types - can be modified by using available elements from $rec array

       switch($type){
             case DNS_A:
                    $recvals=array("Hostname" => "host","Type" => "type", "IP" => "ip");
                    break;
             case DNS_MX:
                    $recvals=array("Hostname" => "host","Type" => "type", "Target" => "target", "Priority" => "pri");
                    break;
             case DNS_NS:
                    $recvals=array("Hostname" => "host","Type" => "type", "Target" => "target");
                    break;
             case DNS_TXT:
                    $recvals=array("Hostname" => "host","Type" => "type", "Record" => "txt");
                    break;
        }

      // Output results

      foreach ($rec as $arr => $num){
             foreach ($recvals as $title => $value){
                    echo $title . " : " . $num[$value] . "\n";
             }
      }

    }
} else {

     echo "Either hostname or record type is missing";
}

It’s of course easy to modify the above code accordingly, and I’m sure there may be better ways to do this. Feel free to post your own code snippets or comments.

This is part third and final part in my PHP command line tutorial series. If you didn’t see parts 1 and 2:

Command Line PHP: Part 1

Command Line PHP: Part 2

More File and Disk Functions

Getting Disk Space and Usage

The disk_total_size and disk_free_space functions can tell you how much disk space you have and how much is available, respectively:

$disksize = disk_total_space("/");
$size = round(number_format($disksize / 1024 / 1024 / 1024, 2));

$diskfree = disk_free_space("/");
$freesize = round(number_format($diskfree / 1024 / 1024 / 1024, 2));

echo "Total Disk Size: $size GB\n";
echo "Free Disk Space: $freesize GB";

Finding Files

A little-known function called glob works sort of like the locate command, in that it will find files that match a certain string, but it only looks in the current folder and is not recursive. For example, the below code will search for all files in the current folder that end with .txt:

foreach (glob("*.txt") as $file) {
echo "$file size " . filesize($file) . "\n";
}

You can also use something like this example to run as a loop and recursively search through folders.

Getting File Path Information

The famous pathinfo function can give you information about a file on your system:

$file = "/etc/php5/cli/php.ini";
if(file_exists($file)){
$info = pathinfo($file);
print_r($info);
}

This will print out an array like below:

Array
(
[dirname] => /etc/php5/cli
[basename] => php.ini
[extension] => ini
[filename] => php
)

Which you can echo out values to and use in your scripts, for example:

$file = "/etc/php5/cli/php.ini";
if(file_exists($file)){
$info = pathinfo($file);
$dir = $info[dirname];
chdir($dir);
echo "Changed directory to" . getcwd();
}

There are also similar functions that will provide the same information, individually:

$file = "/etc/php5/cli/php.ini";

echo "Absolute File Name: " . realpath($file) . "\n";
echo "File Name: " . basename($file) . "\n";
echo "File path: " . dirname($file) . "\n";

This will return:

Absolute File Name: /etc/php5/cli/php.ini
File Name: php.ini
File path: /etc/php5/cli

Some Random Script Fragments and Functions

Prompt a user for input:

fwrite(STDOUT, "Hello...\nWhat is your name? ");
$name = trim(fgets(STDIN));
fwrite(STDOUT, "Hello, $name!\n");

Print out your username and date:

$me = exec('whoami');
echo "Hello, " . $me . " The time is currently " .date("r") . "\n";

Generate random strings and passwords:

echo crypt("mypassword","randomsalt");
echo md5("mypassword");

Random password, variable length:

function randomPass($length) {

$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;

while ($i <= $length) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}

return $pass;
}

$password = randomPass(10);

echo "Your random password is: $password";

List loaded PHP extensions, check is specific extension is loaded:

$extensions = get_loaded_extensions();
foreach ($extensions as &$value) {
echo $value . "\n";
}

if (!extension_loaded('gd')) {
echo "GD extension is not loaded";
exit;
}

Get Server’s CPU Load:

$load = sys_getloadavg();
echo "Current: " . $load[0] . "\n";
echo "5-min: " . $load[1] . "\n";
echo "15-min: " . $load[2] . "\n";

Get PHP memory limit and convert to human-readable format:

function convert($size)
{
$unit=array('b','kb','mb','gb','tb','pb');
return @round($size/pow(1024,($i=floor(log($size,1024)))),2).' '.$unit[$i];
}
echo convert(memory_get_usage(true));

Some Useful Links/Tutorials

Command Line PHP Tutorial
Simple System Maintenance with PHP-CLI – Simple System Maintenance with PHP-CLI
Command Line PHP (IBM)
Running Daemons in PHP
PHP Class for Coloring Command Line Output
PHP Command Line Progress Bar

This post is continuing on my three-part series on command line PHP programming. Missed part one? It’s right behind you. This part will go over command execution and processes.

Command Execution

Let’s start with the basics – you need to execute an arbitrary command from your PHP script. The exec, shell_exec, passthru, and system functions will take care of this for you:

exec("/usr/bin/perl /scripts/myscript.pl");

will do about the same thing as:

system("/usr/bin/perl /scripts/myscript.pl");

and

shell_exec("/usr/bin/perl /scripts/myscript.pl");

So what’s the difference between the three? A little, but not much. The system function will place the output of the command in an output stream, and display the results whether you tell it to or not. However, it’s mostly useful to return a yes or no output (in the form of 1, 0, or -1) based on the exit code of the command it was executing. For example, the below script views the /proc/cpuinfo file and outputs a boolean value on whether the command executed:

$cpuinfo = system("cat /proc/cpuinfo",$exitcode);
echo $exitcode;

I could then use the boolean value to write an if statement, which is more accurate because I’m basing the condition on the output of the command itself rather than PHP returning output based on the fact that the command ran, ignoring errors the command may have posted:

if($exitcode == 1){
echo "Command executed, but finished with errors";
}

The annoying part with the system function though is that it doesn’t suppress the output of the command itself, but rather sends it directly to the output stream. What if you want to format the output of the command? Then you would use exec. Below is an example of using the exec command to list the contents of a folder and only output .tar files (using substr to split the string)

$dir = exec("ls .",$output);
foreach ($output as $file)
{
if (strtolower(substr($file, -4)) == '.tar')
echo "$file\n";
}

The shell_exec function allows you to emulate a shell environment. For example, in Linux you have a choice of shells like sh, bash, and ksh that, allow you to do things such as while loops. Using shell_exec is about the same as using the backtick operator, which is generally how you’re run commands within a Perl script:

$output = shell_exec('ls nonexistentfile 2>&1 1> /dev/null');

// Does the same as

$output = `ls nonexistent file 2>&1 1> /dev/null`l

Finally, there’s the passthru function which, when invoked, immediately displays raw ouput of the command being executed. This is intended for browsers, to display binary data such as images, and not necessarily something you’re use on the command line:

header('Content-Type: image/jpg');
passthru('cat /home/user/public_html/images/image.png');


A Word on Security

A lot of hosts block command execution functions with the disable_functions setting in php.ini or by using safe mode, and for good reason. A lot of malicious scripts contain code with executable functions, and especially when the value of command or argument is passed as a variable, the results can be destructive. Here’s an example of a simple script that lists files, that accepts a folder name as a argument:

$folder = $argv[1];
exec("ls $folder");

We’d have a security problem if someone passed this as the first argument for $folder:

myfolder && cat /etc/shadow

To prevent this, PHP has built-in functions to escape shell arguments and commands, in order to prevent things that could be dangerous:

escapeshellarg: Encloses command arguments in single quotes so the argument is passed as one string:

exec('ls '.escapeshellarg($folder));

escapeshellcmd: Escapes characters that can be used to trick a shell command (like the && I used to execute cat)

Process Management & POSIX

PHP has internal  functions that allow you to manage processes, such as proc_open, proc_close, etc. However, I admit that these tend to be difficult to learn an understand, while posix functions tend to do the job with less hassle.  Posix functions are basically system-level functions. In the below script, I’m going to change the user that the script runs as, view simple information about the process, then start a counter to 1 million but kill it when it reaches 50:

$user = posix_getpwnam($vnessa5);
posix_setuid($user['uid']);
posix_setgid($user['gid']);
$pid = getmypid();

print_r(posix_times());
echo "Script owner: ". get_current_user() . "(" . getmyuid() . ")\n";
$i=0;
while( $i < 10000000 ){
$i++;
if($i == 50){
echo "Reached 50 - killing!";
posix_kill($pid,1);
}
}

Similarly, posix_getpid and getmypid do the same thing. If the script is a child of another process, you can get the parent process’s ID with posix_getppid. The getrusage function can also be used to get more informative information than posix_times. To kill a process, you can see I used posix_kill, with the process ID and exit code as arguments. This is what happened when I ran the script:

Array
(
[ticks] => 1279790432
[utime] => 0
[stime] => 0
[cutime] => 0
[cstime] => 0
)
Script owner: root(0)
Reached 50 - killing!Hangup

Keep in mind that in most situations, using die() to bail out of a script is more appropriate that using kill. I could rewrite that part of the code to say this instead:

die("Reached 50 - Bailing out!);

I also found a nice post on running background processes, that you might want to check out here.

Environmental Variables

Environmental variables tend to be a major part of command line scripting, and is something that is part of PHP as well. Let’s start with defining an environmental variable with putenv and retrieving it with getenv:

putenv("PATH=/fakebin");

if(!exec("test testdir")){
echo "Could not execute test - path is " . getenv('PATH') ;
}

In the above script, I set the $PATH environmental variable to /fakebin, so when I went to execute the ‘test’ command (which is a valid Linux command located in /usr/bin/test), the scirpt could not find it since the command was not in /fakebin. This is about the same as setting the $PATH environment in a user’s .bashrc file. Keep in mind that the variable change lasts as long as the script does – after the script exits, the environmental variable is returned to its normal state. You can use getenv to pull any environmental variable, similar to the $_SERVER superglobal.

A nice function for getting information about the current server is php_uname. You use it about the same way as the uname command in Linux:

echo php_uname();

Will return:

Linux server.v-nessa.net 2.6.18-028stab064.7 #1 SMP Wed Aug 26 13:11:07 MSD 2009 x86_64

You can further filter the output using the same arguments as uname, for instance, if I only need the server name:

echo php_uname(n);

PHP 5.3 also introduces a void function called gethostname which will get the hostname of your machine as well.

The Server Superglobal

The $_SERVER superglobal is used to get environmental variables pursuant to the server and environment for the script you are running.  While it’s normally used in web applications, some of the values can be used for command line scripts as well:

echo "This file's name is " . $_SERVER['PHP_SELF'];

So you’ve made it part two of the series. Stay tuned for part three, which will go over specific system-level tasks and functions, with useful code snippets.

Next: Command Line PHP: Part 3

PHP isn’t just for websites anymore. In fact, almost every script I’ve written to perform server-side functions is either written in bash or PHP, rather than Perl or Python as preferred by my colleagues. It’s a common belief that PHP isn’t suited for CLI programming since it’s mainly used in web applications, but PHP has over a hundred functions specifically intended for system management.

These kinds of posts can be rather lengthy, so I’m making this into a series with three parts.  Part 1 will go over the basic filesystem functions. You can find a complete listing here, but I’ll just go over a few of the more important and common ones.

The hashbang

As with any CLI script, the first line of your PHP script should contain the executable binary for PHP. You can usually find this by running:

which php

On my server the location is /usr/bin/php, so here’s the first line of my script:

#!/usr/bin/php

If you installed PHP in a custom location, you’ll need to specify that binary instead. You can also specify command line options like -f, -c, etc.  Then set the permissions of your script to 755 to allow it to execute.

Accepting arguments with PHP

A major part of CLI scripting is the ability to accept arguments. For this, we’ll write a simple script called asl.php which will parse my name, sex, and location as arguments:

[nessa@server] ./test.php 23 female virginia

Here’s the script:

#!/usr/bin/php
<?php

print_r($argv);

?>

The $argv variable is native, and parses as an array. So running this script will produce the following output:

Array
(
[0] => ./asl.php
[1] => 23
[2] => female
[3] => virginia
)

So if I only wanted to echo out my age, I can use the following code:

echo $argv[1];

If you notice, there are four values instead of the three that I passed. As with most scripting languages, PHP considers the filename as the first (0) variable. To remove the first variable, use the array_shift function:

array_shift($argv);

This means now that using value #1 as shown in the example above will output “female” instead of 23, making the command line order more correct, but this tends to be confusing for some people since it makes the first value 0 instead of 1. I usually prefer NOT to shift the array unless having the file name in there is going to adversely affect the intended functionality of the script.

From here ( keeping in mind that I’m not shifting the array anymore), I can assign the arguments to variables and access them from the script:

$age = $argv[1];
$gender = $argv[2];
$location = $argv[3];
// echo out the values
echo "Hello, I am $age-year-old $gender from $location";

In some cases you may want to validate the number of arguments passed, or what they contain. For instance, the below example is requiring that all three variables are passed (however, the code says four, since you have to include the script name as the first “argument”, as mentioned before):

if ($argc != 4) {
die("Usage: asl.php <age> <gender> <location>\n");
}

You can of course specify less than (<) or greater than (>) values operators.  In the next example, I want to make sure that the “age” argument is a number:

if (!is_numeric($age)){
die("$age is not a number");
}

I’m sure by now you get the idea =)

PHP File and Folder Management

Creating files and folders, and checking their accessibility

Continuing my above example, I want to end up with a file in /opt/app/users called “users.txt” that contains a list of all the output of asl.php. I first need to see if  /opt/app/users exists using the is_dir function, and if it doesn’t, create it with mkdir, then enter into that directory with chdir:

$dirname = "/opt/app/users;
if(!is_dir($dirname)){
mkdir($dirname, 0755);
}
chdir($dirname);

What if /opt/app doesn’t exist and I need to create the entire structure? The mkdir function has a recursive flag that is set to false by default, but can be enabled as so:

$dirstructure = "/opt/app/users";

if (!mkdir($dirstructure, 0, true)) {
die('Failed to create folders!');
}

Now that the folders are created and verified, I use file_exists and is_readable to make sure that my users.txt file is there and can be seen. If not, we’ll use one of the file functions to create it:

$cwd = getcwd();
$filename = $cwd . "/users.txt;
if(file_exists($filename) && is_readable($filename)){
echo "File Exists and is readable";
}else{
echo "File does not exist or is not readable";
touch($filename);
}

If you notice, I added the getcwd function to look for a file called users.txt in my current directory. If you need to see whether a file is executable instead of readable, you can simply use the is_executable function, or to see if it’s writable, use is_writable:

$filename = '/opt/app/users/users.txt';

if (!is_executable($filename)) {
echo $filename.' is not executable';
}
if (!is_writable($filename)) {
echo $filename.' is not writable';
}

Note that the result of these commands is based on the user running them. For instance, if the file is owned by the user root and is set to 600 permissions (root read/write only), but the user ‘user1′ is running the script, the tests in the above lines of code will fail since that user does not have permissions to the file in question.

Creating and deleting files

There are a few functions you can use to create files with PHP. Here are the most commonly used: fopen, file_put_contents, touch, If you want to delete a file, simply use unlink.  In the below example

$filename = "/opt/app/users/users.txt";
unlink($filename);


Unlink is not to be confused with the opposite of symlink, which creates a symbolic link  (shortbut) between files:

symlimk("/opt/app/users/users.txt", "/home/nessa/Desktop/users.txt-shortcut");

And rmdir will remove a folder:

if (!is_dir('temp')) {
mkdir('temp');
}
rmdir('temp');

Writing to files

The most common way to write to files is using the fopen function. Using my original example, asl.php is going to write the values of the arguments to a file called users.txt:

$filename = "/opt/app/users/users.txt";
$fh = fopen($filename, 'w') or die("can't open file");
$data = $age . $gender . $location;
fwrite($fh, $date);
fclose($fh);

Reading contents of a file

If you want the script to read the file, you can use a number of function such as readfile, file_get_contents, fopen, fread, and file. The actual function you would use depends on what you’re planning on doing with the data. If you simply want to display the contents of the file as a string:

$filename = "/opt/app/users/users.txt";
$data = file_get_contents($filename);
echo $data;

Will display:

23 female virginia

If you need a more programmatic way of displaying the data, such as reading each column as a set of values (like if you’re inserting all this into a database), you’d use the file() function which will load the contents of the file into an array. Here’s a simple loop that echoes out each line in the file:

$filename = "/opt/app/users/users.txt";
$lines = file($filename);

foreach ($lines as $line_num => $line)
{
print "{$line_num} : " . $line . "\n";
}

Reading contents of a folder

You can use the opendir function to run a loop and read the contents of a folder:

// open the current directory by opendir

$dirname = "/opt/app";
$handle=opendir($dirname);

while (($file = readdir($handle))!==false) {
echo "$file \n";
}

closedir($handle);

Changing permissions and ownership:

In the above example where I was checking to see if the file was readable, I didn’t actually specify anything to address permissions – instead, I just created the file. To change the permissions or ownership of files, you can use the chmod and chown functions.

$filename = "/opt/appf/users/users.txt";
$username = posix_getpwuid(fileowner($filename));

// Get the octal value of permissions
$perms = substr(sprintf('%o', fileperms($filename')), -4);

if($username[name] != "nessa" && $perms != "0755" ){
chmod($filename, 0755);
chown($filename, "nessa");
echo "Permissions fixed";
}else{
echo "Permissions are correct";

If you want to change the umask (that is, the default permissions of files created by the script), you can use the umask function – which actually revokes permissions instead of setting them.

Copying, moving, and renaming

Say I want to rename the /opt/app folder to /etc/app. I’d use the rename function as so, validating on whether of not it was renamed successfully:

if(!rename("/opt/app","/etc/app")){
echo "Rename failed";
}

You can also use the copy function to copy files, noting that if the “new” file or folder already exists, it will be overwritten.

if(!copy("/opt/app","/etc/app")){
echo "Copy failed";
}

User and File information

Getting user and group data

The fileowner function as shown above will return the UID of the file, but I specified the username. You can use posix_getpwuid to return an array with the user’s information in a more usable format:

Array
(
[name] => nessa
[passwd] => x
[uid] => 1000
[gid] => 1000
[gecos] => Vanessa V.,,,
[dir] => /home/nessa
[shell] => /bin/bash
)

So you can simply echo out the array values of $username based on the keys. For example, to get the shell of the user in the above example, simply echo to the ‘shell’ key from the $username array:

echo $username[shell];

If you want to get group information for a file, you can use the same method, but with filegroup and posix_getgrgid:

$filename = "/opt/app/users/users.txt";
print_r(posix_getgrgid(filegroup($filename)));

Getting file information

You can also get information about a file using the stat or fstat functions, which return the results to an array:

$filename = "/opt/app/users/users.txt";
$stat = stat($filename);
print_r($stat);

Will return a giant array of information for the file. If you only want to return one value, say, the size, echo it out like you would a normal array:

echo $stat[size];

So here we’ve finished the first part of PHP command line scripting, which covered the use of files, folder, and users. The next parts will go over command execution and process management.

See: Command Line PHP: Part 2, Command Line PHP: Part 3

I don’t know about you other cPanel system admins out there, but I find WHM to be very useful for the more advanced and time-consuming tasks, such as installing SSL certificates. However, the easy stuff like changing an account’s package and resetting passwords is a royal pain in the ass as far as convenience is concerned when you have to log into WHM, list accounts, and make whatever change.

I recently became favorable towards the WHM XML API functionality which will let me do a majority of the everyday account-related tasks from command line without ever opening my browser, which is a lot easier when managing thousands of users across multiple servers. Below are a couple scripts I’ve put together using the XML API from a base script in the cPanel forums:

Change account password

Change account package

Both are run via command line, and the arguments passed to the PHP script as variables. For example, to change an account’s password:

./chacctpass myuser mypass1234

Customizing these scripts to perform different functions is easy via the following steps:

- change if ($argc != 3) to the number of command line arguments you wish to pass to the script plus one. In the above example there are two arguments and since the script name counts, add one and that makes 3.

- in the section where the arguments are assigned to variables (like $cpuser, etc), name your variables. The first one should have an array value of 0, then 1, 2, etc.

- edit the usage example, which will come up if the required number of arguments is not provided…you can add any text you like

- if you’re using a hash (which is more secure than user/pass authentication), go fetch your remote access key from WHM and put it in the $hash value within quotes, format intact. Otherwise, put in your WHM user’s username and password

- change the $server variable to your server’s hostname

- change $apipath to the WHM path for the function you are using. You can find a whole list of them here, and most will give you the path to use in the examples sections. In the API path, insert your variable names where the values are suppose to be. For instance:

$apiPath = “/xml-api/passwd?user=myuser&pass=mypass1234″;

Would be:

$apiPath = “/xml-api/passwd?user=$cpuser&pass=$newpass”;

In the header section, uncomment whichever $header .= “Authorization: line that matches your authentication method (user/pass or hash)

Once you’ve configured your API script, chmod to 700 and run from the command line as show in my example. It’s better to lock down the script by changing its ownership only to the user that will be using it, and not giving read, write, or execute permissions to anyone else.

Note: for these scripts to work you have to have PHP compiled with OpenSSL support, otherwise change the socket variables to http over port 2086.

I have this recurring nightmare of PHP apps that don’t trim whitespace when entering info. As a habitual copy and paster, it would be nice if some programmers could tend to my laziness and reluctance to type. Yes, Tony, I’m talking about you. Ever hear of the trim() function? Yea, it’s the Brazilian wax of PHP you inconsiderate bastard.

$text = "some text with extra spaces ";
$trimmed = trim($text);
echo $trimmed;