Archive for category php

Check an array for all null values

Here is a simple function to check an array to see if it contains all null values.

function allNulls($arr) {
    if(is_array($arr) && count(array_diff($arr, array(null))) == 0) { 
            return true;
    return false;

echo (allNulls(array(null,null,null)) ? "true" : "false") . PHP_EOL;
echo (allNulls(array(null,1,null)) ? "true" : "false") . PHP_EOL;
echo (allNulls(array("test",null,null)) ? "true" : "false") . PHP_EOL;
echo (allNulls(array("",null,null)) ? "true" : "false") . PHP_EOL;
echo (allNulls(array(0,null,null)) ? "true" : "false") . PHP_EOL;

Tags: , , ,

Simple PHP Proxy

While developing apps that use external web services, a proxy often comes in handy in order to bypass the pesky XSS security settings found in most browsers. Here is a simple PHP proxy I’ve found quite helpful.


Tags: ,

Reading a file line by line in reverse with PHP

Here is a handy function for reading a file line by line in reverse (from the end of the file).

function rfgets($handle) {
    $line = null;
    $n = 0;

    if ($handle) {
        $line = '';

        $started = false;
        $gotline = false;

        while (!$gotline) {
            if (ftell($handle) == 0) {
                fseek($handle, -1, SEEK_END);
            } else {
                fseek($handle, -2, SEEK_CUR);

            $readres = ($char = fgetc($handle));

            if (false === $readres) {
                $gotline = true;
            } elseif ($char == "\n" || $char == "\r") {
                if ($started)
                    $gotline = true;
                    $started = true;
            } elseif ($started) {
                $line .= $char;

    fseek($handle, 1, SEEK_CUR);

    return strrev($line);

$filename = 'top-1m.csv';

echo "Reverse reading $filename" . PHP_EOL;

$handle = @fopen($filename, 'r');

for ($i = 0; $i < 10; $i++) {
    $buffer = rfgets($handle);
    echo $buffer . PHP_EOL;


The output produced (from the Alexa top 1 million domains list) is:

Reverse reading top-1m.csv

Tags: ,

Reading random lines from a file with PHP

While developing a testing framework I decided it would be nice to use a random sample of records from Alexa’s Top 1 million domains list. Here is the function I wrote to read a random number of lines from the file.

function random_lines($filename, $numlines, $unique=true) {
    if (!file_exists($filename) || !is_readable($filename))
        return null;
    $filesize = filesize($filename);
    $lines = array();
    $n = 0;

    $handle = @fopen($filename, 'r');

    if ($handle) {
        while ($n < $numlines) {
            fseek($handle, rand(0, $filesize));

            $started = false;
            $gotline = false;
            $line = "";

            while (!$gotline) {
                if (false === ($char = fgetc($handle))) {
                    $gotline = true;
                } elseif ($char == "\n" || $char == "\r") {
                    if ($started)
                        $gotline = true;
                        $started = true;
                } elseif ($started) {
                    $line .= $char;

            if ($unique && array_search($line, $lines))

            array_push($lines, $line);


    return $lines;

// Example usage
$lines = random_lines('top-1m.csv', 100);
echo json_encode($lines) . PHP_EOL;

The output produced is:


Tags: , , ,

Certificate Information Extractor

While working with SSL certificate based authentication I developed a handy tool to display the contents of certificates. Both PKCS12 .p12 certificates (commonly used for client authentication) as well as standard public .cer certificates.

Here is my utility to check certificate information.

And if you are looking for a couple of certificates to use to try this tool out, here is a PKCS12 self-signed certificate. Or, you could use my handy self-signed PKCS12 certificate generator and make your own.

Special thanks to John Veldboom for his ColorPal app which helped me make the more appealing to the eye.

Tags: , , ,

Fred Brooks on the promise of object oriented programming

One view of object-oriented programming is that it is a discipline that enforces modularity and clean interfaces. A second view emphasizes encapsulation, the fact that one cannot see, much less design, the inner structure of the pieces. Another view emphasizes inheritance, with its concomitant hierarchical structure of classes, with virtual functions. Yet another view emphasizes strong abstract data-typing, with its assurance that a particular data-type will be manipulated only by operations proper to it.

Now any of these disciplines can be had without taking the whole Smalltalk or C++ package—many of them predated object-oriented technology. The attractiveness of object-oriented approach is that of a multivitamin pill: in one fell swoop (that is, programmer retraining), one gets them all. It is a very promising concept.

Why has object-oriented technique grown slowly? In the nine years since “NSB,” the expectancy has steadily grown. Why has growth been slow? Theories abound. James Coggins, author for four years of the column, “The Best of comp.lang.c++ ” in The C++ Report, offers this explanation:

The problem is that programmers in O-O have been experimenting in incestuous applications and aiming low in abstraction, instead of high. For example, they have been building classes such as linked-list or set instead of classes such as user-interface or radiation beam or finite-element model. Unfortunately the self-same strong type checking in C++ that helps programmers to avoid errors also makes it hard to build big things out of little ones.

He goes back to the basic software problem, and argues that one way to address unmet software needs is to increase the size of the intelligent workforce by enabling and coopting our clients. This argues for top-down design:

we design large-grained classes that address concepts our clients are already working with, they can understand and question the design as it grows, and they can cooperate in the design of test cases. My ophthalmology collaborators don’t care about stacks; they do care about Legendre polynomial shape descriptions of corneas. Small encapsulations yield small benefits.

David Parnas, whose paper was one of the origins of object-oriented concepts, sees the matter differently. He writes me:

The answer is simple. It is because [O-O] has been tied to a variety of complex languages. Instead of teaching people that O-O is a type of design, and giving them design principles, people have taught that O-O is the use of a particular tool. We can write good or bad programs with any tool. Unless we teach people how to design, the languages matter very little. The result is that people do bad designs with these languages and get very little value from them. If the value is small, it won’t catch on.

-Fred Brooks, The Mythical Man-Month, pg. 220

Tags: , ,

Secure client authentication with php-cert-auth

Most websites employ a simple authentication mechanism generally consisting of a username and a password. While this method is certainly acceptable and secure for most applications, I want to take a minute to explore a more complex and, if employed correctly, more secure method of authenticating a user to a website.

This method employs the public key infrastructure (PKI) via client based SSL PKCS12 certificates.

First you need to make sure your server is conigured to use SSL properly. Setting up SSL in Apache is beyond the scope of this post, but here is a great HOWTO on it. You’ll also need to make sure you configure Apache to export the SSL variables it gathers to PHP.

Here is the Apache config setting to allow the SSL environment variables to be correctly exported to PHP (via the $_SERVER variable).

SSLVerifyClient optional_no_ca
SSLVerifyDepth  10

SSLOptions +ExportCertData +StdEnvVars

Next you’ll want to grab a copy of our handy php-cert-auth class from here. The configuration is pretty straightforward, feel free to include config parameters in the class directly if you don’t want to worry about maintaining a seperate configuration file.

Here are a few examples of what our class will allow you to do.

To download a self-signed certificate:

header("Content-Type: application/x-pkcs12");
header('Content-Disposition: attachment; filename=client.p12');

$countryName = "US";
$stateOrProvinceName = "Georgia";
$localityName = "Roswell";
$organizationName = "Werx Limited";
$organizationalUnitName = "Labs";
$commonName = "Wes Widner";
$emailAddress = "[email protected]";

$cert = new WerxLtd_Auth_Cert();
$pks12 = $cert->getPKCS12SelfSigned(

echo $pkcs12;

 * You can also parse the pkcs12 data back out via: openssl_pkcs12_read($pks12, $data, null);

Here is how you could go about authenticating a user:

$cert = new WerxLtd_Auth_Cert();
if($cert->hasClientCert()) {
	$keyid = $cert->getSubjectKeyIdentifier();
	// You can then use this key to query a list of known keys associated with valid users

This package is not designed to work in a stand-alone fashion. It is designed to be a helpful passwordless enhancement to an existing authentication system. Since the subjectKeyIdentifier is unique for each certificate that is issued1, it is wholly possible to associate it with a user’s account and check the supplied user certificate against a list of known client certificates in order to authorize the user in a transparent fashion.

There are many other ways a client certificate can be used to make your application even more secure. Like encrypting information before it is saved to permanent storage. You can also use the information contained in the client certificate to automatically fill in form fields. The biggest pitfall I can see to employing client certificates is the added complexity of the application.

Further reading:

  1. []

Tags: , , , , , , ,

Process forking and threading with PHP

I’ve been working on a rather large web application which is responsible for combining data from a variety of sources and presenting the data to the end user in a clean, unified fashion. During this process we sometimes run into cases where multiple related calls are made, each to perform some transformative work on a single set of data. We decided these calls could be made in a more parallel fashion and as such started looking into ways of parallelizing PHP so that relatively expensive operations could be performed at the same time and then the results combined in the end.

We examined a few possible solutions such as Gearman, popen, and multi curl. However all of these methods seemed to require more overhead than they were worth. What I really wanted to see was something more along the lines of POSIX threads to distribute the work load and shared memory for passing data between the parent and child threads.

After some searching through PHP extensions and the official documentation I ran across PHP’s Process Control Extensions suite which contains PCNTL functions, one of which is pcntl_fork. Combined with PHP’s Shared Memory Functions, this promises to fit the bill of inexpensive distribution of processing tasks along with low-overhead inter process communication.

Here is a sample proof-of-concept script. I’ll outline what it does below:

$data = array();

echo "Parent PID: ".getmypid().PHP_EOL;

function forkTest(array &$data) {
	$pids = array();

	$parent_pid = getmypid();

	for($i = 0; $i < 10; $i++) { 		
		if(getmypid() == $parent_pid) { 			
			$pids[] = pcntl_fork(); 			
			echo "Forking child, \$pids now has ".count($pids)." elements".PHP_EOL; 		
	if (getmypid() == $parent_pid) { 		 
		/* Parent thread */		
		echo "Hello from parent: ".getmypid().PHP_EOL; 		 
		array_push($data, "parent".getmypid()); 		  		 
		/* Process childrens' results as they exit */
		while(count($pids) > 0) {
			$pid = pcntl_waitpid(-1, $status);
			echo "Attempting to open memory with pid: ".$pid.PHP_EOL;
			$shm_id = shmop_open($pid, "a", 0, 0);

			$shm_data = unserialize(shmop_read($shm_id, 0, shmop_size($shm_id)));
			$data = array_merge($data, $shm_data);

			/* Hunt down and remove pid entry */
			foreach($pids as $key => $tpid) {
				if($pid == $tpid) unset($pids[$key]);

		echo "All children exited, \$data now has:".count($data)." elements".PHP_EOL;
		$pids = array();
	} else {
		/* Children threads */
		$pdata = array();
		echo "Hello from child: ".getmypid().PHP_EOL;
		array_push($pdata, "child".getmypid());
		$data_str = serialize($pdata);

		$shm_id = shmop_open(getmypid(), "c", 0644, strlen($data_str));
		if (!$shm_id) {
			echo "Couldn't create shared memory segment".PHP_EOL;
		} else {
			if(shmop_write($shm_id, $data_str, 0) != strlen($data_str)) {
				echo "Couldn't write shared memory data".PHP_EOL;


/* Run the test 10 times */
for($f = 0; $f < 10; $f++) {
	echo "Running $f forkTest()".PHP_EOL;

echo "Fork test finished, \$data now contains ".count($data)." elements".PHP_EOL;
echo "\$data:".PHP_EOL.json_encode($data);

This code describes a function that spawns 10 child worker threads, each of which gets a reference to the global $data array. Each child thread pushes a string element containing the child thread’s process identifier into the array, serializes it, and then places it into a shared memory slot with the process id serving as the shared memory id. The parent process waits for each child thread to exit, gathers the data from shared memory, clears the shared memory, and then combines the results into the master $data array. My test application runs through this function 10 times to demonstrate how forking in PHP can be safe and memory efficient. The result should be a $data array with 110 elements in it. I’ve thrown in sleep commands with a random time between 1 and 10 seconds to show how threads can return at different times.

No doubt optimizations can be made but this should serve as at least a rudimentary example of true and efficient threading in PHP. Well, provided that the work you are planning on doing is worth the overhead (which, small as it may be, still exists and should be factored in) and provided that you do not mind locking your application down to a POSIX environment (meaning the above code will not work on windows platforms).

Tags: , , , , , , ,

Using PHP to write PHP

I ran into a situation recently where I had a very large array object that was not going to change. It was the polygon coordinates for the world countries to be used in KML provided by Thematic Mapping.

I didn’t wan’t to pull this data out of MySQL every time I went to build a map, I wanted to use one giant static array instead. So to write the array back out in a re-usable fashion I developed the following code which can take any array, of any depth, associative or index based, and spit out corresponding PHP that you can copy and paste back into your script.

function phpPrintArr(array $arr) {
	echo "array(".PHP_EOL;

	$c = 1;
	$total = count($arr);

	foreach($arr as $i =>$v) {
		$iq = is_numeric($i) ? '' : '"';
		$vq = is_numeric($v) ? '' : '"';
		$e = $c < $total ? ',' : '';

		if(is_array($v)) {
			echo $iq.$i.$iq.'=>'.PHP_EOL;
			echo $e.PHP_EOL;
		} else {
			echo $iq.$i.$iq.'=>'.$vq.$v.$vq.$e.PHP_EOL;

	echo ")".PHP_EOL;

Oh, and for anyone who is interested in the array of country polygons this produced from the Thematic Mapping Engine data, here is the rather large array. Feel free to use it in your own KML project.

Tags: , , , ,

HipHop for PHP

Earlier this year Facebook developers caused quite a stir in the PHP community by releasing HipHop, the central piece in their high-performance arsenal.

Here is the video of the initial announcement along with some juicy technical details:

If you are interested in seeing how your PHP project fares when run through HipHop, check out the official HipHop project page.

With tools like HipHop, scripting languages like PHP are no longer subject to the charges of gross computational inefficiency. In short, it’s a great day to be a web developer.

Tags: , , , ,