Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ServerSide Magazine:
Session Hijacking
Dec 12, 2008 @ 10:23:42

In this recent article from ServerSide Magazine they look at a security issue that can be hard to detect if you're not sure what you're looking for - session hijacking - and how you can help to prevent it on your site.

A must have for the attacker in a session hijack is the Session Identifier so he can impersonate the attack. Let’s presume for example that you have your website hosted on a shared hosting on which PHP is installed as an Apache module, thing that makes session files belong to the web user, in other words: accessible.

He breaks it out into three potential kinds of session hijack methods - prediction, capture and fixation - with definitions for each. He also makes recommendations of some secure practices to follow to help prevent some of these issues (like not trusting users, using $_COOKIE and $_SESSION correctly and using a security token too along with the session ID).

tagged: hijack session predict capture fixation secure practice

Link:

Zend Developer Zone:
View Helpers in Zend Framework
Apr 29, 2008 @ 14:38:27

The Zend Developer Zone has posted a new tutorial (from Matthew Weier O'Phinney) about a handy feature of the Zend Framework's view layer - view helpers that can be added in and reused across an application to do some pretty cool stuff.

A View Helper is simply a class that follows particular naming conventions, When attached to a view object, you can call the helper as if it were a method of the view object itself. The View object retains helper instances, which means that they retain states between calls.

View helpers can be use to do things like manipulate view data for more complex operations and carrying over data between two views, limiting the number of fetches that have to be done. He shows how to create a simple helper - My_Helper_FooBar - that just appends "fooBar " to whatever's passed in. He also talks about some of the default view helpers (like form fields), partials, the doctype() helper, capturing/caching content to be used later and the use of placeholders.

tagged: zendframework view helper form partial doctype capture placeholder

Link:

Cesarodas.com:
gCache: Helping PHP to work faster
Jun 28, 2007 @ 11:26:00

On Cesarodas.com, Saddor as created a simple class to help with caching information in a PHP application - specifically when it comes to capturing output (like HTML generated for the page).

Usually we need to find a way to help php to reduce the number of query to a database, because as a friend told me: "Most of time php is awaiting for a database to response". And that is wasted resource (time, processor, main memory). The developer need to find a way to store some pages until it changes or something like that. There are many cache classes over there, but exist many problems, I will focus on two problems. Implementation and concurrence.

His gCache class uses capture/endcapture methods to define where the content starts and ends and, once the information is stored, checks with a valid method and echoes the content if it's been cached. An example of the class in action is also included.

tagged: cache output capture class cache output capture class

Link:

Cesarodas.com:
gCache: Helping PHP to work faster
Jun 28, 2007 @ 11:26:00

On Cesarodas.com, Saddor as created a simple class to help with caching information in a PHP application - specifically when it comes to capturing output (like HTML generated for the page).

Usually we need to find a way to help php to reduce the number of query to a database, because as a friend told me: "Most of time php is awaiting for a database to response". And that is wasted resource (time, processor, main memory). The developer need to find a way to store some pages until it changes or something like that. There are many cache classes over there, but exist many problems, I will focus on two problems. Implementation and concurrence.

His gCache class uses capture/endcapture methods to define where the content starts and ends and, once the information is stored, checks with a valid method and echoes the content if it's been cached. An example of the class in action is also included.

tagged: cache output capture class cache output capture class

Link:

Pierre-Alain Joye's Blog:
Screen capture with PHP and GD
Apr 18, 2007 @ 07:53:00

In a new blog post today, Pierre-Alain Joye shows a method for doing a screen capture with just PHP and the GD functionality (an updated library, a DLL).

To get a snapshot of a HTML page, a window or a complete screen was always something tricky to do in PHP. For one of my current projects, I had to check that our changes did not affect visually any page. An easy way to achieve this goal is to compare the rendered pages in the browsers itself, easy and time consuming (for a human being :D).

That's why I finally sit down and implemented imagegrabscreen and imagegrabwindow . They capture respectively the whole screen or a window (using its handle).

He includes a few examples including grabbing a default screenshot, grabbing just the contents of a certain application (like Internet Explorer), and grabbing a fullscreened IE window too.

tagged: screen capture gd graphics imagegrabscreen imagegrabwindow screen capture gd graphics imagegrabscreen imagegrabwindow

Link:

Pierre-Alain Joye's Blog:
Screen capture with PHP and GD
Apr 18, 2007 @ 07:53:00

In a new blog post today, Pierre-Alain Joye shows a method for doing a screen capture with just PHP and the GD functionality (an updated library, a DLL).

To get a snapshot of a HTML page, a window or a complete screen was always something tricky to do in PHP. For one of my current projects, I had to check that our changes did not affect visually any page. An easy way to achieve this goal is to compare the rendered pages in the browsers itself, easy and time consuming (for a human being :D).

That's why I finally sit down and implemented imagegrabscreen and imagegrabwindow . They capture respectively the whole screen or a window (using its handle).

He includes a few examples including grabbing a default screenshot, grabbing just the contents of a certain application (like Internet Explorer), and grabbing a fullscreened IE window too.

tagged: screen capture gd graphics imagegrabscreen imagegrabwindow screen capture gd graphics imagegrabscreen imagegrabwindow

Link: