A Nautilus shell

We do a lot of development in PHP here at Easytech. Many times you need to test a bit of PHP code. If you played around with python you surely used the python shell. Fortunately the people at Facebook have created a similar shell for PHP (ironically written in python!). You can find it here: http://www.phpsh.org/. From there you can access the GIT repository or download a tgz or zip file.

Currently I couldn’t find a DEB package for Ubuntu. If you want to install it just follow the following steps (you need python installed)

$ cd ~/Devel/PHP (o donde lo quieran tirar)
$ wget http://github.com/facebook/phpsh/tarball/master
$ tar zxvf facebook-phpsh-*
$ cd facebook-phpsh-*
$ sudo python setup.py install

thats it! To test some PHP weirdness…

$ phpsh
Starting php
type ‘h’ or ‘help’ to see instructions & features
php> var_dump( 1 == ‘1′ )
bool(true)
 
php>

Very often when I review other peoples PHP code I come across an old problem: generating a list of comma separated values from a list of things. This happens often when you want to, say, write an SQL query with a WHERE field IN (a,b,c,…,x) and you have an array with a, b, etc.

Another example is when you want to create an include path by concatenating a list of directories with the PATH_SEPARATOR. Yet another example is when you want to build a path concatenating them with the DIRECTORY_SEPARATOR.

The usual code to accomplish looks something like this:

<?php
     // loop through list an generate string
    $line = ;
    foreach( $list as $el ) {
        $line .= $el . ‘,’;
    }

    $line = substr( $line, 0, strlen( $line ) - 1 );
?>
 

Read the rest of this entry »

If you are developing a module for Drupal you might need to use tabs to simplify a bit a screen which has too much functionality. Typically a settings page that might need too many options to comfortably fit on a single screen. Since I had to search and experiment a bit to find out how to do it I decided to write a short post with my findings. In this article I assume you have a basic understanding on writing Drupal modules.

Read the rest of this entry »

Drupal has a sophisticated module system that allows developers to extend the CMSs functionality very easily. Each module “hooks” into Drupal by implementing hook functions. On way to use this feature is to hook different URLs to module functions. Essentially the developer in his module declares an array of url paths and what function should be called when that path is requested. This small post will show you how you can determine which module handles a specific URL. This can be quite useful for debugging and/or browsing other peoples source code to learn how to do something.

Every module in Drupal that hooks to a URL path needs to implement the hook_menu function. This hook basically tells Drupal what paths will be handled by this module. This information is read when the module is enabled and stored in a database table. In Drupal 6 this information is cached so if you modify the array returned by the hook_menu function you need to clear the cache. To determine what module is handling what path you simply need to query the menu_router table. A simple query to do this is:

SELECT
  path
  , file
  , page_callback
  , type
  , title
FROM
  menu_router m
ORDER BY
  path

This table has more information that might be useful: access_callback and access_arguments store information related to what access function is called to determine who has access to that path, page_arguments stores information related to what arguments to pass to the callback function. This is specially relevant when the page_callback function is drupal_get_form in which case Drupal will render a form and this field stores the name of the form to render.

An example usage might be:

$ drush sql cli
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1859
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> SELECT path, file, page_callback FROM menu_router ORDER BY path;

+-----------------------------------+---------------------------------+------------------------------+
| path                              | file                            | page_callback                |
+-----------------------------------+---------------------------------+------------------------------+
| admin                             | modules/system/system.admin.inc | system_main_admin_page       |
| admin/build                       | modules/system/system.admin.inc | system_admin_menu_block_page |
| admin/build/block                 | modules/block/block.admin.inc   | block_admin_display          |
| admin/build/block/add             | modules/block/block.admin.inc   | drupal_get_form              |
| admin/build/block/configure       | modules/block/block.admin.inc   | drupal_get_form              |
| admin/build/block/delete          | modules/block/block.admin.inc   | drupal_get_form              |
| admin/build/block/list            | modules/block/block.admin.inc   | block_admin_display          |
| admin/build/block/list/bluemarine | modules/block/block.admin.inc   | block_admin_display          |
| admin/build/block/list/chameleon  | modules/block/block.admin.inc   | block_admin_display          |
| admin/build/block/list/donline    | modules/block/block.admin.inc   | block_admin_display          |
  .....

mysql>

Today I needed to generate source code documentation for a webservice APIs we are in coding. One of the guys in the office suggested I take a look at Zend_Reflection. It turns out its quite simple to write PHP code to parse source files and extract the documentation from them. I took a little time to write this sample program.

This program is quite simple: it has a single class called TestClass with one method: addIntegers(). Below this class I wrote a little code which parses the file and then outputs the information. You can use this and a templating system to generate doc. I used it to write the documentation so that we can easily add it to our Wiki.

The script I wrote parses the documentation style used in Zend Framework. Here’s a sample class:

<?php

/**
 * This is a sample test class.
 *
 * This class has only one method: addIntegers() which adds
 * two integers. Its a sample class for our test.
 *
 */

class TestClass
{
    /**
     * This method adds two integers.
     *
     * This method adds the two given integers and returns
     * its sum. If only one integer is given it sums zero.
     *
     * @param int $number1  The first integer
     * @param int $number2  The second integer
     * @return int The sum of $number1 and $number2.
     *
     */

    public function addIntegers( $number1, $number2 = 0 ) {
         return $number1 + $number2;
    }
}

 

Read the rest of the post to see how to easily parse this code…
Read the rest of this entry »

Zend Framework recently introduced the concept of modules so that your applications become more manegable. The application on startup will load the resources defined in the main application.ini file. To configure each module there is a resource called modules that calls the bootstraping code for each module on every request. If you want to load resources on a per module basis you need to write a bootstrap for each module. This can also generate clashes if two modules try to load the same resource. Additionally this process can have a negative impact on your applications performance.

In this blog I propose a different strategy: I created a controller action plugin that will load resources dynamically using the main bootstraping code. The idea is that after the routes are parsed and before the action is executed this code will load the module’s config file and call the bootstrap again so that it will load the resources defined in this config.

This method has several advantages: only the resources for the module that is being called are loaded. Becuase only one config file is read there is no possiblity of clashes.

Here’s the code:

<?php

/**
 * Bootstraps the module used in the current request
 * It merges the options from main application.ini with the options from a
 * module specific application.ini.
 * I’m using the fact that a resources are loaded only once, so a resource
 * declared in main application.ini is initialized there. If you wish to use some resource
 * in every module use the key default (see bellow).
 *
 * The keys default and disable in the main application.ini have a special meaning.
 * default: It is merged initally so a key default.resources.xxx is added as resource.xxx
 *          so it load the resource xxx as a default for all modules
 * disable: It is used to disable keys after merging so a key disable.resources.xxx disables
 *          this resource in all modules.
 */

class Easytech_Controller_Plugin_ModuleBootstrap extends Zend_Controller_Plugin_Abstract
{
    const MODULE_APPLICATION_INI = "configs/application.ini";

    protected $_bootstrap;

    protected $_autoloader;

    public function dispatchLoopStartup( Zend_Controller_Request_Abstract $request )
    {
        $moduleName = $request->getModuleName();
        if ( empty( $moduleName ) ) {
            $moduleName = ‘default’;
        }

        $front = Zend_Controller_Front::getInstance();
        $moduleDir = $front->getModuleDirectory( $moduleName );
        if ( empty( $moduleDir ) ) {
            $moduleDir = APPLICATION_PATH;
        }
       
        // Para ser usado en los ini.
        define(‘MODULE_PATH’, $moduleDir );
        define(‘MODULE_NAME’, $moduleName );

        // Create a autoloader for this module
        $autoloader = new Zend_Application_Module_Autoloader(array(
            ‘namespace’ => $moduleName,
            ‘basePath’  => $moduleDir,
            ));

        $this->_bootstrap = $front->getParam(‘bootstrap’);
        $globalOptions = $this->_bootstrap->getOptions();

        // Default options from main application.ini
        $options = array();
        if ( isset( $globalOptions[‘default’] ) ) {
            $options = $globalOptions[‘default’];
        }
        if ( isset( $globalOptions[ $moduleName ] ) ) {
            $options = $this->_bootstrap->mergeOptions($options, $globalOptions[ $moduleName ]);
        }

        $applicationFile = $moduleDir . DIRECTORY_SEPARATOR . self::MODULE_APPLICATION_INI;
        if ( isset( $globalOptions[ ‘application_file’ ] ) ) {
            $applicationFile  = $moduleDir . DIRECTORY_SEPARATOR . $globalOptions[ ‘application_file’ ];
        }
        $options = $this->_bootstrap->mergeOptions( $options, $this->_loadConfig( $applicationFile ) );
        if ( isset( $globalOptions[‘disable’] ) ) {
            $options = $this->unsetOptions($options, $globalOptions[‘disable’] );
        }
        $this->_bootstrap->setOptions( $options );
        $this->_bootstrap->bootstrap();
    }

    /**
     * Unset options recursively.
     *
     * @param  array $array1
     * @param  mixed $array2
     * @return array
     */

    public function unsetOptions(array $array1, $array2 = null)
    {
        if (is_array($array2)) {
            foreach ($array2 as $key => $val) {
                if ( ! isset( $array1[ $key ] ) ) {
                    continue;
                }
                if ( is_array( $array2[ $key ] ) ) {
                    $array1[ $key ] = $this->unsetOptions( $array1[ $key ], $array2[ $key ]);
                } else {
                    unset( $array1[ $key ] );
                }
            }
        }
        return $array1;
    }

   /**
     * Based heavily on Zend_Application->_loadConfig
     * Load configuration file of options
     *
     * @param  string $file
     * @throws Zend_Application_Exception When invalid configuration file is provided
     * @return array
     */

    protected function _loadConfig($file)
    {
        if (! Zend_Loader::isReadable($file) ) {
            return;
        }
        $environment = $this->_bootstrap->getApplication()->getEnvironment();
        $suffix      = strtolower(pathinfo($file, PATHINFO_EXTENSION));

        switch ($suffix) {
            case ‘ini’:
                $config = new Zend_Config_Ini($file, $environment);
                break;

            case ‘xml’:
                $config = new Zend_Config_Xml($file, $environment);
                break;

            case ‘php’:
            case ‘inc’:
                $config = include $file;
                if (!is_array($config)) {
                    throw new Zend_Application_Exception(‘Invalid configuration file provided; PHP file does not return array value’);
                }
                return $config;
                break;

            default:
                throw new Zend_Application_Exception(‘Invalid configuration file provided; unknown config type’);
                break;
            }
            return $config->toArray();
        }

    }
 

When developing multi-organization web applications it is of utmost importance that data from one organization is not visible to the other. There are several software aproaches for this. Usually this can be solved by having an organization ID and whenever a query is made a ‘where’ clause is added to filter by organization. Although this approach works fine it is up to developers to always filter by org_id but its certainly error prone.

To solve this problem there are other approaches. One is that each organization gets a copy of the database and a single database user to log to this database. When the user logs in the application uses the URL to determine the organization (say: http://organization.domain.com/login). With the organization name extracted from the URL, the aplication determines which database instance, database user and password to use for the application to use. This obviously solves the problem since, by definition, there is no way data from the two organizations can mix: they live in different databases alltogether.

Read the rest of this entry »


Sometimes I need to use data from a csv (comma separated values) in an oracle procedure. The best way to do that is inserting the data into a db table using sqlloader and then reading it from the PL/SQL.

In this post I will show you how to use sql loader to load a csv file exported from excel into an oracle table.

Suppose that you got a XLS spreadsheet with contact data: first name, last name, security number, phone number.

First, create a table where the file will be loaded:

CREATE TABLE people_from_csv
   (first_name varchar2(200)
   ,last_name varchar2(200)
   ,security_number number
   ,phone_number varchar2(50)
   );

In my xls (people.xls) I have the following info:

First Name Last Name Secutiry Number Phone Number
John Doe 00000001 11111123456
John 01 Doe 00000002 11111123457
John 02 Doe 00000003 11111123458
John 03 Doe 00000004 11111123459
John 04 Doe 00000005 11111123460
John 05 Doe 00000006 11111123461
John 06 Doe 00000007 11111123462

Save the data as a comma delimited file.

File -> Save As
Change File name to people_csv
Select ‘Text CSV ’ in the File type drop down box.

If you open the people_csv.csv file in a text editor (vi in my case), you will see it in a comma separated format. Two commas will denote fields without a value, these will be loaded as nulls into the Oracle table.

CSV file:

First Name,Last Name,Secutiry Number,Phone Number
John ,Doe,00000001,11111123456
John 01,Doe,00000002,11111123457
John 02,Doe,00000003,11111123458
John 03,Doe,00000004,11111123459
John 04,Doe,00000005,11111123460
John 05,Doe,00000006,11111123461
John 06,Doe,00000007,11111123462

Create the following sql loader control file (people_ctrl.txt)

LOAD DATA
INFILE ‘people_csv.csv’
INTO TABLE people_from_csv
FIELDS TERMINATED BY ‘,’
( first_name, last_name , security_number, phone_number)

at last  run the sql loader to put the info into the db table.

$ sqlldr usr/pwd control=people_ctrl.txt log=csvlog

SQL*Loader: Release 9.2.0.8.0 - Production on Tue Jan 13 17:26:53 2009

Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.

Commit point reached - logical record count 7

Now I can use the data from sql with a simple query:

SQL> SELECT phone_number FROM people_from_csv;

PHONE_NUMBER
————————————————–
11111123456
11111123457
11111123458
11111123459
11111123460
11111123461
11111123462

7 rows selected.

curl es un programa que nos permite transferir datos (o archivos) desde o hasta un servidor, a través de distintos protocolos (entre ellos HTTP, FTP, SCP, etc).

hackers usando curl para testear un SQL injection.





hackers usando curl para testear un SQL injection

Lo interesante (y lo más usado entre los code-monkeys de Easytech) es su uso para emular POSTs a ciertas URLs, sin tener que pasar por la página en el browser.

si no lo tienen, pueden bajarlo del link anterior, aunque tiene fama de estar en todos los repos de las distros conocidas.

En mi caso particular, curl me fue muy útil para hacer un POST a una de las webapps que desarrollamos, y poder chequear el XML que devolvía, sin complicaciones ni pasar por un web-browser.

un PM de Easytech le enseña a un junior a probar sus Forms con curl.















un PM de Easytech le enseña a un junior a probar sus Forms con curl.

empecemos por lo más básico, emular un formulario. esto lo hacemos con curl -F, o curl -d (dependiendo del content-type que querramos usar). La sintáxis sería algo como:

curl -d "nombre_campo1=valor_campo1&amp;nombre_campo2=valor_campo2&amp;nombre_campoN=valor_campoN" url_a_donde_hacemos_el_post.com

Otro uso interesante es el de hacer upload de files, emulando un de un form html. La sintáxis:

curl -F "nombre_del_input=@path_al_file_a_subir" url_a_donde_hacemos_el_post.com

o…

curl -F "nombre_del_input=@path_al_file_a_subir;filename=nombre_del_file" url_a_donde_hacemos_el_post.com

… si queremos un nombre específico para el file.

Nótese que la arroba delante del path del file es obligatoria.

Claro que, lo que yo quería, era ver qué me devolvía la aplicación (en este caso es un upload de un file a un servidor que devolvía un XML con datos). Para hacer esto tenemos varias formas, u opciones, para pasarle al comando curl, como ser –verbose, –trace, o –trace-ascii. Cada una muestra distintas cosas, dependiendo lo que necesitemos. En mi caso, el servidor devolvía el XML con un simple fpassthru, para lo que trace-ascii venía perfecto.

La sintáxis, entonces, sería así:

curl –trace-ascii -F "nombre_del_input=@path_al_file_a_subir;filename=nombre_del_file" url_a_donde_hacemos_el_post.com

la aplicación recibió el file a uploadear como si de un form se tratase, y al devolver el XML, curl lo mostró por stdout. Ideal para debuggear desde la terminal en un servidor remoto o sin tener que pasar por la aplicación web.

Dicen por ahí que también es muy útil para testear vulnerabilidades en algunos sitios con poca validación de formularios, pero eso es demasiado oscuro para mí.

hacker sexy tipea un script con 2 joysticks.












hacker sexy tipea un script con 2 joysticks.

Para ver más ejemplos, consulten acá o en el man de curl, por supuesto.

Como es costumbre, todos los veranos Easytech organiza un “día de campo” bien merecido por los developers que tanto sufrimos durante el año (no podemos vivir manejando helicópteros de juguete todo el día).

Para distendernos, fuimos obligados a hacer deporte (terrestre Y ACUÁTICO). Además, no consultamos nuestros mails en todo el día (Bueno, en realidad sí, había Wi-Fi).

En agradecimiento por ese exquisito matambrito a la pizza (y por organizar el evento un día laboral), compartimos las fotos que documentan el hecho: