phpacademy.org Offers FREE PHP Tutorials

Posted by Nessa | Posted in uncategorized | Posted on 31-03-2011

4

There’s a new site out there that’s offering high quality PHP video tutorials – for FREE!  All you PHP gurus, check out phpacademy.org.  They currently have over 200 PHP and MySQL tutorials for both beginner and intermediate users.  Unlike other PHP tutorial sites, phpacademy is unique because the tutorials are all on video, so there’s less boring reading.  Did I also mention that it’s free?

Head on over and check them out, feel free to post comments and reviews here!

Command Line PHP: Part 3

Posted by Nessa | Posted in uncategorized | Posted on 25-05-2010

4

This is part third and final part in my PHP command line tutorial series. If you didn’t see parts 1 and 2:

Command Line PHP: Part 1

Command Line PHP: Part 2

Command Line PHP: Part 2

Posted by Nessa | Posted in uncategorized | Posted on 21-05-2010

3

This post is continuing on my three-part series on command line PHP programming. Missed part one? It’s right behind you. This part will go over command execution and processes.

Command Line PHP – Part 1

Posted by Nessa | Posted in uncategorized | Posted on 18-05-2010

15

PHP isn’t just for websites anymore. In fact, almost every script I’ve written to perform server-side functions is either written in bash or PHP, rather than Perl or Python as preferred by my colleagues. It’s a common belief that PHP isn’t suited for CLI programming since it’s mainly used in web applications, but PHP has over a hundred functions specifically intended for system management.

These kinds of posts can be rather lengthy, so I’m making this into a series with three parts.  Part 1 will go over the basic filesystem functions. You can find a complete listing here, but I’ll just go over a few of the more important and common ones.

Simple API Writing, Part I

Posted by Nessa | Posted in uncategorized | Posted on 09-02-2009

8

A lot of people don’t realize how easy it is to write an API with PHP. It really is as easy as having a simple PHP script accepting GET variables, and when you add in some security, you can pretty much do anything you want with a single script that accepts variables from any authenticated source.  So a little while ago I posted about the new cPanel XML API and how to integrate that with your own scripts – well now, I’ll use that as an example to show you how to write an API for their API, a.k.a, an API connector.   Though in real applications you wouldn’t need an API, all you’d need is a PHP script that accepts GET or POST input to perform some kind of action. In this example, we’ll have a script that automatically adds DNS zones to a nameserver that runs cPanel as well.

Most APIs do the same thing – you have a script, then that script accepts post/get variables, then does something.

The Interface (addzone.php):

You guy remember the one I posted a while back – well, we’ll use the same one only a tad different.  This is the script that runs statically on the server, which accepts the variables passed through the URL:


<?php
// API for adding a DNS zone to ns cluster
$isinclude = “1″; // specifies $isinclude for xmlapi.php
// GET & POST definitions

$key = “098f6bcd4621d373cade4e832627b4f6″;
$domain = $_GET['domain'];
$ip = $_GET['ip'];

// Validation – make sure that we have the right information

if($_POST['key'] != $key){ echo “Invalid key!!”; die(); }
if(empty($domain)){ echo “Domain value missing!!”; die(); }
if(empty($ip)){ echo “IP Value missing!!”; die(); }

$theServer = “ns1.v-nessa.net”; // the server to connect to
$apiPath = “/xml-api/adddns?domain=$domain&ip=$ip”; // the xml api path

$user = “root”; // use to connect to whm as

// ns1 hash (whm > remote access)

$rhash = “e9917f16b3fda69137192725a06b68e7
230e99fd445473807e33d637878641a5
–edited out for sake of length–
f673567ab443acedc77f9aec62ff953f”;

// Include the API connector
include(“xmlapi.php”);

// Output XML Result
$xmlObject=simplexml_load_string($xmlresult);

echo $xmlObject->result->statusmsg . “\n”;

?>

The file that is called via include() is the basic xml function file which constructs all of the variables from the outser script (shown above).  You can get a copy of of xmlapi.php from here, but for this example you need to comment out the output.

Now all we need to do is pass the variables that the script needs in order to know what information to process, which is $ip and $domain.  Therefore, in order to successfully call this API, you would enter the following in a browser:

http://v-nessa.net/api/addzone.php?domain=test.v-nessa.net&ip=205.134.252.71

This will pass the ‘domain’ and ‘ip’ variables to addzone.php, which uses the XML API to connect to WHM and add a dns zone on the nameserver ns1.v-nessa.net.  This is a problem though – what’s to keep outsiders from finding this and abusing it?  Well, there are several forms of non-interactive authentication you can use, such as:

  • Have an allow list of ips that can access the script (look up environmental variables at php.net)
  • Requiring a key or token

I generally use a key, though there are better ways to do this.  The way I’m about to show you is simple and secure, but slightly limits the way your API can be called.

First, I generated an md5 hash and defined it in the scipt (remember $key = “098f6bcd4621d373cade4e832627b4f6″; ?).  Then all I need to do is make sure that key is used whenever I call the API. Notice that in addzone.php it’s defined as a POST variable?  That is mainly for preference but you can just as easily make it a GET variable and just add it to your URL line.  Here I want it to be posted, so I can call the API through cURL as follows:

curl -k http://v-nessa.net/api/addzone.php?domain=test.v-nessa.net&ip=205.134.252.71 -d key = “098f6bcd4621d373cade4e832627b4f6

And there you have it! A very simple way to write an API using POST and GET.


How to Add Services to Chkservd

Posted by Nessa | Posted in uncategorized | Posted on 28-06-2008

5

.!.
.!.

Chkservd is the service in cPanel that checks to make sure that services are running, then restarts them if necessary. It’s also responsible for the ‘Service Manager’ section in cPanel, which is an interface where added services can be easily checked on and off.
To add a new service, create a line in /etc/chkserv.d/chkservd.conf in the same format as the others:

service:1

1 means the service should be enabled, 0 means it’s off.
In /etc/chkserv.d each service has its own file. Create a file called as the name of the service you are monitoring. The contents of the file are in the format of:

#SERVICE = PORT, SEND, RESPONSE, RE-START COMMAND

There are two ways that cPanel checks services with chkservd:

  • Connection-based monitoring – By default, cPanel will try to connect to the service’s specified port, issue a command, and if a response is received within 10 seconds it will consider the service to be online. For instance, FTP:
service[ftpd]=21,QUIT,220,/scripts/restartsrv_ftpserver
  • Process-based monitoring – cPanel will check for a specific process to determine whether it is online. For instance, named:
service[named]=x,x,x,/scripts/restartsrvr_bind,named,named|bind

If you have more than one restart command, you can separate them with semicolons in order of preference that they should be run. Output of these commands will be logged to the chkservd.log
After you’ve created the service’s configuration file, restart chkservd:

/etc/init.d/chkservd restart

You should then see the service listed in WebHost Manager in the ‘service manager section’
Chkservd logs are in /var/log/chkservd.log. Checks are done every 8 minutes, and everyone online service gets a +, offline services get a -. If the service is determined to be offline, the restart command(s) specified in that service’s chkservd configuration file is issued and the output is logged.

If you don’t even have chkservd installed, it’s probably missing and you need to install it.

Alternative PHP Caching FTW

Posted by Nessa | Posted in uncategorized | Posted on 27-06-2008

4

.!.

We get a TON of requests for the PHP APC pecl module because after having adopted suPHP into our configuration, eAccelerator is worthless. It’s quick to install, and especially if you’re running suPHP or phpsuexec, each user can maintain their own settings within their local php.ini without me having to do anything — basically the best thing that a lazy system admin can ask for.

Soooo, here’s how you install it:


wget http://pecl.php.net/get/APC-3.0.17.tgz
tar -xvzf APC-3.0.17.tgz

phpize
./configure && make && make install

Then just add “extension=/apc.so” to your php.ini and you’re done. With PHP under Apache this will load the APC module for everyone, but for suPHP users you’ll need to add it to their php.ini which will also allow them to modify their own APC settings. These are the ones I recommend using:

apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 30
apc.optimization = 0
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1000
apc.mmap_file_mask = /tmp/apc.XXXXXX

Now, if you want to get even sexier with it I came across this little tool that monitors the performance of APC on your server.

Dual Monitor Setup in Ubuntu 7.10, ATI Radeon

Posted by Nessa | Posted in uncategorized | Posted on 12-06-2008

4

The company just bought our department brand hooked up PC’s that include ATI Radeon dual output graphics cards with massive monitors.  This is probably the only time I’d willingly admit that Windows came out ahead, as I spent a good 2 days trying to get my dual monitors to work with Ubuntu.  I finally got it figured out and I’m embarrassed to say that the answer was in front of my the whole time — a fucking GUI!  Anywho, those of you who are having trouble with this as well, here’s what I did to make it work:

My setup:

  • Dell Vostro 200, Dual Core Intel CPUs, 2 Gb RAM
  • ATI Radeon HD 2400 dual output graphics card (both monitors plugged into card)
  • Two Dell 17” monitors

So first, shimmy over to http://ati.amd.com/support/driver.html and select your distro and card model, and download the file to your desktop.

In Terminal, chmod +x ati-driver-installer-<version>.run

Select Linux x86 installation, automatic

After the installation is complete, run:

sudo aticonfig –initial

Reboot.

After reboot, run fglrxinfo and you should get something like this describing your card:

OpenGL vendor string: ATI Technologies Inc.
OpenGL renderer string: ATI Radeon HD 2400 PRO
OpenGL version string: 2.1.7537 Release

At this point you probably see that both monitors are enabled, but are mirroring each other.  If you don’t, you might need to manually active the second:

sudo aticonfig –query-monitor

Use the output of that command and run:

sudo ati-config –enable-monitor=<result1>,<result2>

Replace result1 and result2 with the output of the first command.  Possible results are: none, crt1, crt2, lvds, tv, fmds1, tmds2

If the enable works, make it permanent:

sudo aticonfig –force-monitor=<result1>,<result2>

When both your monitors are up (whether they look how you want or not), in your GNOME gui, go to Applications > ATI Catalyst Control Center. This is where you configure how you want your dual monitors to act.

In Display Manager, set the dropdown to two monitors and change the Display Mode to “Big Desktop” — this will enable both monitors as one long desktop that you can drag your mouse and windows between.  You can also go ahead and set your resolution.

And there you go — easy dual monitor setup for Ubuntu 7.10!

UPDATE: Major issues with graphics after I upgraded to 8.10 – I found these instructions which worked:

http://wiki.cchtml.com/index.php/Ubuntu_Intrepid_Installation_Guide#Installing_the_restricted_drivers_manually

Creating and Installing an SPF Record

Posted by Nessa | Posted in uncategorized | Posted on 09-06-2008

5

.!.

Have you ever received a bounce for spam that was sent by you…only it wasn’t sent by you? Email spoofing is one of the easiest concepts to understand for us, but the hardest to explain to end users who confuse spoofing with email hacking and hijacking. The way I explain it to our customers is that spoofing is simply when someone (usually spammers) sends an email that looks as if it came from one person, when it really came from someone else.

Regardless of what some email providers say, there is no honest and straight forward way to keep people from spoofing your email, unless you have access to the real sender’s mail system. However, there is a way to keep legitimate mail servers from accepting spoofed email by creating an SPF record for your domain.

An SPF record (sender policy framework) in short is a DNS record that you add to your domain’s zone file to specify which hosts are allowed to send mail on behalf of your domain. For the most part you would only want the server hosting your domain to be able to send mail, but hat most of our customers don’t realize is that they unknowingly spoof email all the time! Since ISP’s nowadays block SMTP port 25 for third-party mail servers, a lot of our customers use their ISP to send mail for their domain. This is basically how email is spoofed…you put an email address as the ‘from’ address in an email, and send it from a different mail server. Even though this is legitimate email, they are basically allowing their ISP’s mail servers to send their domain’s email, even though their ISP has no authority or management rights over that email, since the domain is hosted on another server.

We usually require our customers to generate their own SPF records so that they can specify what servers they want to be able to send mail from, that way our hands stay clean if the SPF record causes them to not be able to send email. If you go to www.openspf.org you can easily generate a custom SPF record to add to your DNS zone with little to no hassle. The questions can be a little confusing for newbies, so here’s a quick walkthrough on how to answer them.

Question 1: A-Record

v-nessa.net's IP address is 216.134.252.71 (vps71.inmotionhosting.com).
Does that server send mail for v-nessa.net?

The wizard will attempt to resolve the domain to an IP, then do a rDNS on the IP for a hostname. You usually want to say YES unless your mail is hosted on a different server.

Question 2: MX-Record

This wizard found 2 names for the MX servers for v-nessa.net:
vps71.inmotionhosting.com and v-nessa.net.
MX servers receive mail for v-nessa.net.
Do they also send mail from v-nessa.net?

In most cases, this will be true. Exceptions for this is if you have an irregular MX record modification, or are using another outgoing mail server or domain to send mail.

Question 3: PTR

Do you want to just approve any host whose name ends in v-nessa.net?

Typically, you do not want to enable this setting unless you have mail accounts set up for subdomains or domains that are similar in ending that need to relay through this domain. Or, if you use a subdomain as your sending host (like mail.domain.com, etc)

Question 4: A subs

Do any other servers send mail from v-nessa.net?

The answer is usually no. The only other server that would send on behalf of that domain would be the server name (you may need to ask your host for this), but this was already allowed in question 1. The next two fields can be left blank, unless you specifically have information to add to them.

Question 5: Include

Could mail from v-nessa.net originate through servers belonging to some other domain?

Fill in this field mainly if you are planning on using another mail server or domain (such as your ISP, gmail, etc.) to send mail. Otherwise say no.

Question 6: ~all

Do the above lines describe all the hosts that send mail from v-nessa.net?

Check your answers and hit yes.
At the bottom of the page you’ll see the nicely-generated SPF record that will look something like this:

"v=spf1 a mx ~all"

Adding the Zone Entry

You can add the SPF record either WHM (if you are on a cPanel server) or manually in the zone file of that domain.

The line will look something like this:

v-nessa.net. 14400 IN TXT "v=spf1 a mx ~all"

You can then verify the addition by doing a dig on the domain:

dig v-nessa.net TXT

Sexifying WHM with XML API

Posted by Nessa | Posted in uncategorized | Posted on 07-06-2008

6

.!.

I don’t know about you other cPanel system admins out there, but I find WHM to be very useful for the more advanced and time-consuming tasks, such as installing SSL certificates. However, the easy stuff like changing an account’s package and resetting passwords is a royal pain in the ass as far as convenience is concerned when you have to log into WHM, list accounts, and make whatever change.

I recently became favorable towards the WHM XML API functionality which will let me do a majority of the everyday account-related tasks from command line without ever opening my browser, which is a lot easier when managing thousands of users across multiple servers. Below are a couple scripts I’ve put together using the XML API from a base script in the cPanel forums:

Change account password

Change account package

Both are run via command line, and the arguments passed to the PHP script as variables. For example, to change an account’s password:

./chacctpass myuser mypass1234

Customizing these scripts to perform different functions is easy via the following steps:

- change if ($argc != 3) to the number of command line arguments you wish to pass to the script plus one. In the above example there are two arguments and since the script name counts, add one and that makes 3.

- in the section where the arguments are assigned to variables (like $cpuser, etc), name your variables. The first one should have an array value of 0, then 1, 2, etc.

- edit the usage example, which will come up if the required number of arguments is not provided…you can add any text you like

- if you’re using a hash (which is more secure than user/pass authentication), go fetch your remote access key from WHM and put it in the $hash value within quotes, format intact. Otherwise, put in your WHM user’s username and password

- change the $server variable to your server’s hostname

- change $apipath to the WHM path for the function you are using. You can find a whole list of them here, and most will give you the path to use in the examples sections. In the API path, insert your variable names where the values are suppose to be. For instance:

$apiPath = “/xml-api/passwd?user=myuser&pass=mypass1234″;

Would be:

$apiPath = “/xml-api/passwd?user=$cpuser&pass=$newpass”;

In the header section, uncomment whichever $header .= “Authorization: line that matches your authentication method (user/pass or hash)

Once you’ve configured your API script, chmod to 700 and run from the command line as show in my example. It’s better to lock down the script by changing its ownership only to the user that will be using it, and not giving read, write, or execute permissions to anyone else.

Note: for these scripts to work you have to have PHP compiled with OpenSSL support, otherwise change the socket variables to http over port 2086.