PHP Archives

Jul 8

CodeIgniter encryption gotcha

Over the last few weeks, I have been learning CodeIgniter which is an open source PHP framework. It follows the MVC (model-view-controller) methodology, but allows you to utilize your existing PHP skillset. Overall I think CodeIgniter is great so far, but there are are few gotchas to look out for.

I found an issue today regarding the built in encryption library. Basically, the encrypted string might not be the same thing every time. For example, you might want to encrypt a user’s email address. The first time you might encrypt it on a sign up form. Now on the login page, I want to compare the value the user typed in with the database. The problem is, if I encrypt the email again, it most likely will not match even though the original string is the same!

$this->load->library('encrypt');
$a = $this->encrypt->encode('justin');
$b = $this->encrypt->encode('justin');

echo $a == $b ? 'equals' : 'nope!'; //will print nope!

Behind the scenes, CodeIgniter is basically rotating keys to produce different encrypted strings that decrypt to the same thing. It’s actually a really cool and secure way of handling the encryption, but for the purpose of comparing values (on a login form for example) it just doesn’t work.

Alternatives

So, if you need to do some comparisons using your encrypted data, you have a few alternatives. If you want to stick with PHP, you can make use of the mcrypt_encrypt and mycrypt_decrypt functions. If you want a MySQL solution, look into the encryption functions in their manual.

32
Feb 23

PHP natural case sorting

I am not sure how I didn’t know about this PHP function until only a few days ago, but natcasesort() is pretty sweet for sorting arrays. This function is different than a normal sort() function because it implements a sort algorithm that orders alphanumeric strings in the way a human being would while maintaining key/value associations. The sorting is much more in line with what I was expecting for my sorted array. Note that natcasesort() is also case insensitive. If you want case preserved, check out natsort().

The best way to see the difference is with an example. Here’s a PHP array:

$a = array('IMG0.png', 'img12.png', 'img10.png', 'img2.png', 'img1.png', 'IMG3.png');

Continue Reading

36
Feb 2

Check for CREATE VIEW in MySQL 5

I was working on a PHP script the other day which populated a database with some tables, data, and a view. During testing, it was discovered the script would error out for database users that didn’t have the CREATE VIEW privilege. Since the view was a requirement of the project, I had to first check the users database rights. If they couldn’t create a view, the script should error out and inform them their database user needs those rights.

MySQL gives us a way to check a users rights. You can test this by running the following query when you are logged into your server. The following indicates I have full rights when I am logged in as justin.

/* the query */
SHOW GRANTS;

/* the result */
GRANT ALL PRIVILEGES ON *.* TO 'justin'@'localhost' WITH GRANT OPTION

Continue Reading

39
Jan 26

Set PHP’s DOCUMENT_ROOT in IIS

PHP has some pretty handy superglobal arrays such as $_SERVER which gives you all sorts of great info about the server and the executing script. One such variable is $_SERVER['DOCUMENT_ROOT']. The PHP manual describes this variable as the document root directory under which the current script is executing, as defined in the server’s configuration file.

If you are using IIS (a windows webserver), there is a slight problem if you want to use this variable. IIS is lame and doesn’t set this variable most of the time!! Very frustrating to say the least! Luckily, there is a little bit of PHP code that can set this variables for you if you have the misfortune of using a IIS based server. Since $_SERVER is just an array, we are free to manipulate (or in this case add) variables directly to it.

Continue Reading

28
Jan 4

Check if your PHP page is included or not

A very common technique in PHP is to include other files. This is generally accomplished using the include(), include_once(), require(), or require_once() functions. These functions work a little differently, but ultimately insert an external file into your main PHP page where the include line is placed.

In some cases, you might want a PHP page to work as an include file and a standalone page. This is how PowerGallery works – each gallery is a standalone page, but you can also include the gallery into your existing PHP page. In include mode, some of the code is suppressed such as the html, head, and body tags. In standalone mode, the entire page structure is created. This saved me a lot of code duplication since I just had to make one file that could be used for both cases I needed to support.

Continue Reading

45
Dec 17

PowerGallery solution pack

PowerGalleryWebAssist recently released a really cool PHP solution today called PowerGallery. I was the lead engineer on this solution and it was lots of fun to code it. Am I biased since I created this thing? Of course! But I have no doubts you’ll love it too. I don’t want this to sound like a sales pitch, but I am proud of the work we put into this solution pack. I also wanted to set the stage since some of my upcoming tips are direct results of things I learned during development of PowerGallery.
 
 

Continue Reading

2