Today, was going to show you comparisons of PHP[/HTML] versus Javascript/Ajax/HTML versus Javascript/HTML methodologies to have a password protected report only reported, securely (or not), to interested parties … ie. bits of talk regarding “security” … but today there is no encryption/decryption talk, and we have decided to just stick to PHP, and later on we may visit some other ideas. Today we extend on the Files Since Primer Tutorial as shown below, for inspiration regarding what might be interesting as subject matter to report on. We aim today to show some methods to address the most obvious weakness of not involving server-side PHP nor Ajax techniques, where if the user uses the browser’s View->Page Source they can discover your password fairly easily. It should be noted that we do not claim that somebody won’t crack this method via other means, but we can say that it helps with the View->Page Source level of security.
So let’s set the scene … we want a report about *.htm* and *.php files that have changed over the last five days on our local Apache MAMP local web server … and we want an email and an alternative means of viewing … why? … because not every Linux web server has mailx installed (as does my local MAMP web server’s laptop).
Take a look at the (Mac laptop Terminal application Linux Bash environment’s) Korn shell script (that in reality you would not want to place within view of your web server’s directories (ie. the web server viewable directories come off parent described in PHP by $_SERVER[“DOCUMENT_ROOT”] so place this file outside these directories) … but we put there for you to take a took at) that you could call todays_list.ksh (and you could execute via crontab or interactively via ./todays_list.ksh (if execute bits set via chmod) or via ksh todays_list.ksh (if not)) which writes out the todaylist.php of below (please note that if you have mailx installed on your web server … see the orange lines on picture above … you may not want to perform any of the PHP or HTML below, because an emailed report will suffice).
The PHP programming source code you could call todaylist.php (produced via todays_list.ksh as above), and hopefully you see that it caters for $_GET[‘pw’] parameter on a web browser’s address bar ( ie. http://www.rjmprogramming.com.au/PHP/Security/todaylist.php?pw=Where%27s%20Wally (a variation of this link could be your Home Page on your favourite browser, to receive information on the report each time you reopen that web browser) ) or via a supervisory HTML file’s form method=’POST’ action=’todaylist.php’ submission scenario (as you see below).
The HTML supervisory programming source code you could call todaylist.html (statically and separately (to the use of the Korn shell script) created by you), and supervising todaylist.php above via the $_POST[‘pw’] form method=’POST’ action=’todaylist.php’ submission scenario.
So, the bottom line is this … have hinted that “Where’s Wally” is the likely password. Forget the Korn shell (it will be in an invisible place, remember), can you find the words “Where’s Wally” anywhere else within the (first two types of) usage of the software below, either with:
- POST method (preferred, as URL will never show “Where’s Wally”) … follow the red arrows in picture above … or …
- GET method (usage of person (not in the know) sniffing around, hopefully, unsuccessfully) … vs …
- GET method (successful user usage of person in the know) … follow the green arrows in picture above ?
Hope I haven’t made this seem too complex, because once you get into PHP, as a server-side language (like ASP.Net as well), these things become much easier and straightforward (to me I prefer PHP to Ajax methodologies, but there will be many who disagree), though with this straightforwardness comes the trade-off that you can give away information you rather would not give away … the dilemma of security in today’s online world.
For your leisure activities after your fastidious studies … here … hope to see you next time.
Previous relevant Files Since Primer Tutorial is shown below.
A while ago we spoke of the Linux commands find and locate in Linux Find and/or Locate Files/Directories Primer Tutorial as shown below. After that you may have been thinking “That’s it! No more carrying on about directory listings and stuff!” … and we say … but on a practical level how can this knowledge be set to good use?
With that in mind, today, we do a tutorial called “Files Since” (and just concentrate on command line work … there may well be Mac Finder and/or Windows Explorer solutions to this problem, but want to stick to command line, for today), because it is easy to get sidetracted sidetracked these days and forget what you’ve been doing, so today for both Mac and Windows we show a scenario of (finding files that):
- are HTML
- have been worked on over the last seven days
- from all directories and subdirectories off where we are now (in relevant command line environment)
Obviously, if you are asleep now, you’ll continue to be asleep, and you can sleep through the next bit just as well.
But if you are still here, this scenario is a doddle for Mac (via Bash environment find command via Terminal application). However, believe it or not, it is not straightforward in a Windows (DOS command line) environment, depending on how user-friendly you want the information to be … let me explain … DOS command line (out of the box) can do a listing sorted by date (descending) of the last file write date for all the subdirectories, but, without some tailoring it can’t cut off the report and not mention superfluous files to your designated date range of interest … for us, 7 days.
You might ask, “How come?” … and that is a good question … but wasting time … so why don’t we create a hybrid DOS/Linux-find-equivalent-of-mtime-switch scenario. What is meant by this is that Windows/DOS does 99% of what anybody wants, and that is good (thanks), but why not try to add on the bit of Linux find (its -mtime -7d (for our case) … (just the d suboption will be assumed)) cute functionality into our Windows/DOS world … with help from here (get yesterday’s date in DOS batch … thanks) and here (brilliant DOS batch string functionality web page … thanks) this became possible and we would like you to try mydir.bat should you wish to try it out. Where should you place mydir.bat in order to try it out on Windows? Well, if “mydir” as a command line command, means nothing, at present on your system, it would be best of all to place mydir.bat somewhere in the path (the directories of which can be gleaned from echo %PATH%), but you may not want it that public, and so, just place mydir.bat in the root directory of interest you want information about, if this is your case … in either scenario mydir.bat works after you have used cd [blah blah] to get to the root directory of your interest. For our example scenarios today the [blah blah] equated to the root directories for the local Apache web server of interest … for Windows the root directory of EasyPHP ( “c:Program FilesEasyPHP-12.1www” ) and for Mac the root directory of MAMP ( /Applications/MAMP/htdocs ). More on this happens on this blog at Cassini++ WebServer Primer Tutorial.
So, in summary, try this tutorial for ideas about command line environment solutions to the “Files since …” scenario that many of us often face when using computers … our commands ended up:
- find . -name “*.htm*” -mtime -7 2> /dev/null # Mac (via Linux Bash via Terminal) NB. Some environments would ask for switch -mtime -7d
- mydir *.htm* /s /t:w /o:-d /m:-7 rem Windows (via DOS command line)
- locate gimp | more -y 13
- find / -name “*gimp*” -type f -print 2> /dev/null | more -y 13
- find $HOME/Documents -name “*.htm*” -type f -exec fgrep body {} /dev/null ;
Previous relevant Linux Find and/or Locate Files/Directories Primer Tutorial is shown below.
Linux (or Unix) servers have two really useful commands which help the user find files and/or directories … locate and find. Doubt there are many people out there who have not mislaid a computer file at some time or other. The GUI options are there, such as Windows Explorer and Mac Finder, but you tend to think, with these, of the one area or folder to search (mind you both are capable of better), whereas you often face the dilemma of having no idea where the file is. The GUIs can help here, but find, for myself, that I always jump to the command line for this, with Windows command line DIR C: [filespec] /s or the Linux/Unix commands for today’s tutorial … locate and find.
So why confuse things with two choices? Well, locate is fast, once set up, because it sets up its own “database” of previous knowledge, and so can pluck out whatever you want really fast from then on, once you use a “sudo” command to set up locate for future use.
The strength of the Linux/Unix find command are its switches like “-type ?” to define what type of file to find, and the way you can use “exec” in a piped scenario, to add more functionality.
So some words about the syntax (and for this, found Linux by Steve Oualline and Eric Foster-Johnson (pp 72-73) an excellent source) where you can hover or click for further information:
So today we see some actions to find and/or locate files/directories with this tutorial.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.
One Response to PHP Where is Wally Test Primer Tutorial