PHP

Installing an rpm on Debian

My days of supporting Debian are numbered.  That isn’t a complaint, it will actually be nice to support one platform soon.  Until then I thought I’d share a little.

I needed to install oci8 to support a PHP application.  In doing this I ran into the following two problems, here are the solutions that worked for me (results may vary).

# apt-get install alien
# alien -d oracle-instantclient12.2-basic-12.2.0.1.0-1.x86_64.rpm 
error: db5 error(-30969) from dbenv->open: BDB0091 DB_VERSION_MISMATCH: Database environment version mismatch
error: cannot open Packages index using db5 - (-30969)
error: cannot open Packages database in /tmp/.rpmdb
error: db5 error(-30969) from dbenv->open: BDB0091 DB_VERSION_MISMATCH: Database environment version mismatch
error: cannot open Packages index using db5 - (-30969)
error: cannot open Packages database in /tmp/.rpmdb

The solution for this to do the following:

# rpm --rebuilddb
# alien -d oracle-instantclient12.2-basic-12.2.0.1.0-1.x86_64.rpm

That worked, next up the fix the pecl issue:

# pecl install oci8
Warning: Invalid argument supplied for foreach() in Command.php on line 249
PHP Warning: Invalid argument supplied for foreach() in /usr/share/php/PEAR/Command.php on line 249
PHP Stack trace:
PHP 1. {main}() /usr/share/php/peclcmd.php:0
PHP 2. require_once() /usr/share/php/peclcmd.php:31
PHP 3. PEAR_Command::getCommands() /usr/share/php/pearcmd.php:54
PHP 4. PEAR_Command::registerCommands() /usr/share/php/PEAR/Command.php:302

This one was not as obvious, it required a reinstallation as follows:

# apt-get purge php*-xml
# apt-get autoremove php*-xml
# apt-get install php-xml php7.0-xml
# apt-get purge php*-xml
# pecl install oci8
    (now add extension=oci8.so to the follwing ini files)
# vim /etc/php/7.0/apache2/php.ini 
# vim /etc/php/7.0/cli/php.ini 
# php --ri oci8

That should be it.  Good luck

JumpForward SSO Bridge

The following is example PHP code for use by academic institutions attempting to bridge their current single sign on authentication system with JumpForward.  This code is meant for example purposes only, and is no way meant to reflect finished code.

<?php
  //Author: Dylan F. Marquis
  //Email: dylan(dot)marquis(at)uconn(dot)edu
  //June 2012

  //API Key stored in a variable named $apiKey within the included file
  include '.apikey.php';

  //Filtered input container
  $clean = array();

  //Pull User ID from SSO -> This may differ based on authentication service
  $ssoId = $_SERVER['REMOTE_USER'];

  //Send a SOAP request to API -> Assign response to a variable and pull hash value by property
  try {$client = new SoapClient("https://api.jumpforward.com/services.asmx?WSDL");}
  catch (Exception $e)
  {
       header( 'Location: https://redirect_to_error_page.php' );
       trigger_error('Connection to the JumpForward API failed',E_ERROR);
  }
  $result = $client->GetStudentAthleteLoginHash(array('APIKey' => $apiKey, 'StudentId' => $ssoId));
  $hash = $result->GetStudentAthleteLoginHashResult;

  //Redirect unauthorized users (302)
  if ($hash=="Student Not Found")
  {
       header( 'Location: https:https://redirect_to_error_page.php' );
       trigger_error('StudentID not found by JumpForward Server',E_ERROR);
  }
  else
  {
       //Clean data sent from JumpForward
       if (preg_match('"^[a-zA-Z0-9_!.:/+-=]+(?!><$)$"', $hash))
       {
            $clean['hash'] = $hash;
       }
  else
  {
       header( 'Location: https://https://redirect_to_error_page.php' );
       trigger_error('Invalid data was received from JumpForward API',E_ERROR);
 }
       //POST hash to JumpForward SSO
       echo '<html><head></head><body><form action="https://college.jumpforward.com/sso.aspx" id="hash_form" method="post"><input type="hidden" id="hash" name="hash" value="'.$clean['hash'].'" /><script language="JavaScript" type="text/javascript">document.getElementById("hash_form").submit();</script></form></body></html>';
  }
?>

The filtered input container array $clean bears some explanation. This is not a functional part of the code, it is merely a means to identifying filtered data. This procedure was developed by Chris Shiflett as a way to prevent XSS.

$clean = array();

Additionally, the regular expression being run to filter the hash response from JumpForward, is also unnecessary to the proper functionality of this code. This has been added as a safeguard in the event that the JumpForward server is compromised and sends tainted data back as a response.  The regular expression is set to exclude any character that are not part of the Base64 character set.

if (preg_match('"^[a-zA-Z0-9_!.:/+-=]+(?!><$)$"', $hash))
{
     $clean['hash'] = $hash;
}
Posted in PHP

MySQLi

MySQLi (MySQL Improved) has many advantages over the older PHP MySQL driver.  It takes advantage the newer features built into MySQL 4.1.3 and newer.  Below are some simple examples of basic MySQL functions (SELECT, INSERT, UPDATE and DELETE).

SELECT

$mysqli = new mysqli('$server', '$user', '$pass', '$db');
if (mysqli_connect_errno())
        {
        printf ("Connect failed: %sn", mysqli_connect_error());
        exit();
        }

$query = 'SELECT first_name, last_name FROM table WHERE id=?';

if ($stmt = $mysqli->prepare($query))
        {
        $stmt->bind_param('s', $param);
        $stmt->execute();
        $stmt->bind_result($first_name, $last_name);
        while($stmt->fetch())
        {
        	echo 'Your name is' . $first_name . $last_name;
        }
        $stmt->close();
        }
$mysqli->close();

//id=? in query statement denotes that the ? will be defined in bind_param
//'s' in bind_param is the data type
		#i - interger
		#d - double
		#s - string
		#b - blob (will be sent in packets)

UPDATE

$mysqli = new mysqli('$server', '$user', '$pass', '$db');
if (mysqli_connect_errno())
        {
        printf ("Connect failed: %sn", mysqli_connect_error());
        exit();
        }
$query = 'UPDATE dfunct_dynamic SET title=?, description=?, code=? WHERE id=?';
if ($stmt = $mysqli->prepare($query))
        {
        $stmt->bind_param("sssi", $title, $description, $code, $id);
        $stmt->execute();
        $stmt->close();
        }
$mysqli->close();

INSERT

$mysqli = new mysqli('$server', '$user', '$pass', '$db');
if (mysqli_connect_errno())
        {
        printf ("Connect failed: %sn", mysqli_connect_error());
        exit();
        }
$query = 'INSERT INTO table (first_name, last_name, title) VALUES (?, ?, ?)';
if ($stmt = $mysqli->prepare($query))
        {
        $stmt->bind_param("ssss", $first_name, $ last_name, $title);
        $stmt->execute();
        $stmt->close();
        }
$mysqli->close();

DELETE

$mysqli = new mysqli('$server', '$user', '$pass', '$db');
if (mysqli_connect_errno())
        {
        printf ("Connect failed: %sn", mysqli_connect_error());
        exit();
        }
$query = 'DELETE from dfunct_dynamic WHERE id=?';
if ($stmt = $mysqli->prepare($query))
        {
        $stmt->bind_param("i", $id);
        $stmt->execute();
        $stmt->close();
        }
$mysqli->close();