Marakana Blog

HTTPS (HTTP over SSL) is the most common mechanism on the internet used to ensure server authenticity and provide data privacy. Unfortunately, SSL is often too complex and prohibitively expensive for many small-scale sites where all that is needed is a secure authentication mechanism.

Challenge-Response Authentication Mechanism

The biggest drawback of a regular non-SSL login is that the password is sent in clear-text, which can be easily sniffed by a potential attacker. But if the password were never to leave the client, there would be no chance of capturing it.

We can use a cryptographically-secure one-way hash function, such as MD5, to convert the password into a 128-bit hash number, which we could send instead. Even though this method would preserve the secrecy of the password, it would fail under a replay attack where an attacker could log in using the sniffed hash.
(more…)

Inheritance is a mechanism of extending an existing class.
By inheriting a class, we create a new class with all functionality of that existing class, and we can add new members to the new class. This way, we can extend existing class without modifying its code.

When we inherit one class from another we say that inherited class is a subclass, because it is created from another class. Term successor can be also used when referring to to the subclass. Class from which we inherit is called a parent class, or predecessor. In our examples we will use terms subclass and parent class.

(more…)

We will be more oriented on objects in PHP5 than PHP4, because there are major changes in object model and more features in PHP5. If you want to use objects in PHP, I would recommend you to switch to PHP5.

In object oriented programming, you have something called class and something called object. A class could be described as a blueprint for an object, description of an object, a template which is used to build an object. When we build an object from a class, we say we have created object of that class. For example, if we use class Animal to build object Cat, then object Cat is of Animal class.

(more…)

Here we will describe "One on one" PHP application architecture.

In this architecture, you have one file for every function you have in your application. Every file contains code to perform only one function and displays results.

Example is same as in "One for all" architecture, but notice the difference in the link code. Also, notice the link in the address bar when you click on link. In "One for all" scripts are executed in context of index.php (address is index.php?cmd=displayserverinfo). In this example, they are executed in their own context (address is cmd1.php). We call the scripts directly, we do not include them.
This approach is good because you can better organize your code (in more files), the code is more "replaceable", but you may have a problem with common functions. For example, if you have a function you need to call in all your scripts (usually security functions, or functions to start displaying a html page), you need to call them in all of these files.

(more…)

We have two architectures we can use to build our PHP application. We will refer to them as "One for all" and "One on one". There are pros and cons for both of them, so you will pick the one that best suits your needs.
Here we will describe "One for all" PHP application architecture.

(more…)

While writing a PHP application (like any other application), you will, very often, find yourself splitting your code into several files. You may do this for a better code organization, ability to use your code elsewhere, to separate graphical presentation from data manipulation, etc…

Sometimes, code in two separate files depends on each other. Or you may have some useful code in a separate file and want to reuse it. Or you just want to organize your application in that way. In other words, you may need to somehow connect two files, so you can use code from both of them. When I say connect, I do not mean physically connect, like append data from one file to another. I'm thinking about some kind of logical connecting, which will enable us to see these two files as one. We are enabled to use code from both files, but they are staying two separate files at the file system.

PHP provides four functions for logical connecting of files.

(more…)

You will need image resizing if you are writing a web gallery. Your image can be resized to fit a certain dimensions, or to make a thumbnail. This short and handy script can help you to do that. Script is using GD library functions to manipulate images. You can make your images larger or smaller.

In the example, we will work on a file from a filesystem, but, you can modify script to work with file from database. To resize just uploaded file, you can pass $_FILE['filename']['tmp_name'] as a input filename.

Function parameters are input filename, output filename, new width, new height and keepAspectRatio, respectively.

Last parameter enables you to keep ratio of width and height of an image. This will prevent image deformation if you do not give accurate new dimensions. It is ON by default.

(more…)

This example shows how to send a simple text email message using PHP.

User has submitted web form and you have to send him a confirmation e-mail.
Before you try to send a message, you have to be sure that the given text is valid e-mail address.
Function uses regular expression to check if given text comply with e-mail address format.

Superglobal variables hold values defined by the server, and defined by a HTTP request.
You can use these values to change the behavior of your script.
We will display all values in superglobal variables, and describe them.

$_GET
Values sent to script via HTTP GET request.
Like this script.php?name1=value1&name2=value2

$_POST
Values sent to script via HTTP GET request.
This is usually data you send by submitting web forms.

$_COOKIE
Values sent via HTTP cookies.
Cookies are name/value pairs, saved at client computer.

$_FILES
With this variable you can handle files sent through web forms.

$_SERVER
Environment variables set by the web server.

$_ENV
Environment variables set by system.

$_REQUEST
This variable joins $_GET, $_POST and $_COOKIE variables. It is simple way to access all values provided to script by HTTP request.

$GLOBALS
This variable joins all superglobals and all variables available in global scope of the script.

(more…)

After looking at string functions, let's look at arrays.
You will find yourself using array very often. In this example we will see just a few of many useful array functions. I will explain these functions in code comments.

(more…)

String functions are widely used across PHP scripts. This is a set of functions you need to know well. Full list of string functions is available in PHP manual, and we encourage you to read all about string functions, because you will for sure use them very often.

In this example, we will see several most commonly used string functions. Code is commented, so you will be able to track what is going on.

(more…)

This is a very practical example. This example shows you how to take a value and compare it against a set of values in an array.
The example shows two ways to accomplish this. The easy way and even easier way.

Here is the example:

(more…)

We use loops to repeat execution of block of code.
There are several loop types. Depending on situation, sometimes it is better to use one kind of loop than another, but every loop can be transformed into another one. This is not so important for beginners, you just need to know that there is good and better use of particular loop.

We have following loops:

for (*1; *2; *3)
{
// block
}

for loop is usually used when we know exactly how many times we need to execute repeating block of code.

for loop has three parameters. First, *1 is statement, and it is executed at the loop very start, and it often used for counter initialization. Second, *2 is a condition which is true or false. Condition is checked at every iteration start. If condition is true, execution will continue, if it is false execution will break. Third, *3 is statement and it is executed at the end of every loop iteration. It is usually used for counter increasing.

while (*)
{
// repeating block of code
}

(more…)

PHP variables holds data. Data has a type. It is a number, text, array… There are four basic, two compound and two special types.
Basic types are integer, float, string and boolean.
Compound types are array and object,
Special types are resource and NULL.

When you are declaring variable, you can declare its type, like this:

integer $variable;
string $variable;
boolean $variable;

You can also declare variable without datatype, in which case PHP will try to determine type of data which a variable holds. Declaring variable without a type is simple, just:

$variable;

(more…)