This document provides an overview of an online food delivery website project. It includes a table of contents listing 11 chapters that cover topics like introduction, requirement analysis, introduction to PHP and JavaScript, system specification, design, coding, modules, database design, and conclusions. The introduction chapter describes the objectives of the food delivery website, which are to allow easy profile creation, uploading photos, sending messages, adding friends, and securely processing and delivering information to users. The document provides details on the technologies and features used to develop the website.
This document provides notes on web programming unit 2 prepared by Bhavsingh Maloth. It discusses the history and objectives of JavaScript, defining it as a scripting language used to add interactivity to HTML pages. JavaScript can be divided into core, client-side, and server-side components. Core JavaScript is the basis of the language, while client-side JavaScript supports browser controls and user interactions. Server-side JavaScript makes the language useful on web servers. The document also provides examples of how to write text, insert scripts, and use variables in JavaScript.
The document provides an overview of PHP and frameworks. It discusses open source software, widely used open source products like Linux, Apache, MySQL, and PHP. It covers the difference between open source and closed source software, pros and cons of open source, and background information on PHP including its history, variables, data types, conditional and looping statements, functions, arrays, and more. The document also discusses PHP frameworks, popular frameworks like WordPress, Magento and Opencart, and includes an index of topics covered.
This document discusses protections against executing arbitrary PHP code on hardened PHP environments after code execution is achieved. It introduces new techniques to overcome many protections by combining local PHP exploits that leak information and cause memory corruption. Specifically, it shows how important memory structures can be leaked and manipulated to deactivate protections within PHP, Suhosin, the C library, filesystems, compilers, and the operating system kernel.
The document discusses software requirements specification and various technologies used in web development including HTML, Java, Java Server Pages (JSP), JavaScript, and Apache Tomcat server. It provides an overview of each technology, their features and advantages. For software requirements specification, it states that the representation format and contained information should be related to the problem, nested, and revisable. It also notes that the requirements specification produced is helpful at the end of analysis to establish a complete functional representation.
Java technology includes both a programming language and platform. The Java programming language is compiled into bytecode that can run on any Java Virtual Machine (JVM). This allows Java programs to "write once, run anywhere." The Java platform consists of the JVM and Java API libraries. The API provides functionality like GUIs, networking, security, and database connectivity. The document provides details on the Java language features, how programs are compiled and run, the Java platform architecture, and some of the capabilities provided by the Java API libraries.
Java is both a programming language and platform. As a language, Java is object-oriented, portable, high-performance, secure, and robust. Java code is compiled into bytecode that can run on any Java Virtual Machine (JVM). The JVM and Java API provide a software platform that is independent of hardware. The document discusses Java language features and how Java enables "write once, run anywhere" capabilities. It also summarizes the Java networking and database connectivity APIs (JDBC and TCP/IP).
This document provides an overview of PHP (Hypertext Preprocessor), a popular scripting language used to develop dynamic web applications and websites. It discusses what PHP is, how it works with web servers, basic PHP syntax like comments and variables, and PHP data types. Key points covered include that PHP code is executed on the server and outputs HTML, PHP variables do not require declaration, and PHP supports common data types like strings, integers, floats, booleans and arrays.
This document provides an overview of an online food delivery website project. It includes a table of contents listing 11 chapters that cover topics like introduction, requirement analysis, introduction to PHP and JavaScript, system specification, design, coding, modules, database design, and conclusions. The introduction chapter describes the objectives of the food delivery website, which are to allow easy profile creation, uploading photos, sending messages, adding friends, and securely processing and delivering information to users. The document provides details on the technologies and features used to develop the website.
This document provides notes on web programming unit 2 prepared by Bhavsingh Maloth. It discusses the history and objectives of JavaScript, defining it as a scripting language used to add interactivity to HTML pages. JavaScript can be divided into core, client-side, and server-side components. Core JavaScript is the basis of the language, while client-side JavaScript supports browser controls and user interactions. Server-side JavaScript makes the language useful on web servers. The document also provides examples of how to write text, insert scripts, and use variables in JavaScript.
The document provides an overview of PHP and frameworks. It discusses open source software, widely used open source products like Linux, Apache, MySQL, and PHP. It covers the difference between open source and closed source software, pros and cons of open source, and background information on PHP including its history, variables, data types, conditional and looping statements, functions, arrays, and more. The document also discusses PHP frameworks, popular frameworks like WordPress, Magento and Opencart, and includes an index of topics covered.
This document discusses protections against executing arbitrary PHP code on hardened PHP environments after code execution is achieved. It introduces new techniques to overcome many protections by combining local PHP exploits that leak information and cause memory corruption. Specifically, it shows how important memory structures can be leaked and manipulated to deactivate protections within PHP, Suhosin, the C library, filesystems, compilers, and the operating system kernel.
The document discusses software requirements specification and various technologies used in web development including HTML, Java, Java Server Pages (JSP), JavaScript, and Apache Tomcat server. It provides an overview of each technology, their features and advantages. For software requirements specification, it states that the representation format and contained information should be related to the problem, nested, and revisable. It also notes that the requirements specification produced is helpful at the end of analysis to establish a complete functional representation.
Java technology includes both a programming language and platform. The Java programming language is compiled into bytecode that can run on any Java Virtual Machine (JVM). This allows Java programs to "write once, run anywhere." The Java platform consists of the JVM and Java API libraries. The API provides functionality like GUIs, networking, security, and database connectivity. The document provides details on the Java language features, how programs are compiled and run, the Java platform architecture, and some of the capabilities provided by the Java API libraries.
Java is both a programming language and platform. As a language, Java is object-oriented, portable, high-performance, secure, and robust. Java code is compiled into bytecode that can run on any Java Virtual Machine (JVM). The JVM and Java API provide a software platform that is independent of hardware. The document discusses Java language features and how Java enables "write once, run anywhere" capabilities. It also summarizes the Java networking and database connectivity APIs (JDBC and TCP/IP).
This document provides an overview of PHP (Hypertext Preprocessor), a popular scripting language used to develop dynamic web applications and websites. It discusses what PHP is, how it works with web servers, basic PHP syntax like comments and variables, and PHP data types. Key points covered include that PHP code is executed on the server and outputs HTML, PHP variables do not require declaration, and PHP supports common data types like strings, integers, floats, booleans and arrays.
Advanced PHP Web Development Tools in 2015iScripts
Professional web developers make php web development absolutely stunning with the aid of different kinds of tools. A designer prefers tools after checking number of features, and the choice of the right tool for php web development is vital for creating user-friendliness and better interaction
This document provides an introduction to C++ and Java programming languages. It discusses key aspects of C++ like its origins as an extension of C, support for object-oriented programming, keywords, identifiers, comments, and compiler directives. It also covers programming style best practices. For Java, it outlines its origins, characteristics, principles, examples, editions, and the authors. It provides details on Java's portability, security, simplicity, performance and object-oriented nature.
Perl is a sophisticated, general purpose programming language with a rich software development environment. It is platform independent, high level and easy to use, designed to make the difficult jobs easy. It is a portable and scalable language that provides better structure for large programs than any other computer language. It's simple structure, a clearly defined syntax and relatively few keywords that allows the student to pick up the language in a relatively short period of time.and Debug it easily with its built-in debugger. Perl is one of the three P’s in the LAMP stack. According to eweek.com ‘Perl is used in virtually 100 percent of the Fortune 500, in a wide range of mission-critical systems’. According to Active Perl, there are 200 Thousand ActivePerl downloads each month.
This document discusses a source-to-source compiler project. A source-to-source compiler takes a high-level programming language as input and outputs another high-level language. This allows transforming code for parallelization or translating between language versions. The document provides background on compilers, including that compilers translate human-readable code into machine-readable code. It discusses one-pass and multi-pass compilers and cross-compiling code for different architectures.
CakePHP requires PHP 4.3.2 or greater, a database like MySQL, and Apache with mod_rewrite enabled. There are two ways to install CakePHP - a development setup places all files in the web root, while a production setup moves the app/webroot folder to be the new web root. Configuration of Apache, mod_rewrite, and index.php is also needed to set paths and enable the framework.
Zend con 2016 bdd with behat for beginnersAdam Englander
Learn the basics of behavioral driven development (BDD) with Behat to build high quality and well documented applications. You'll learn how BDD can help you deliver greater business value more efficiently while accurately documenting the functionality of your application along the way. You'll learn how to utilize Behat as your BDD tool. With Behat, you'll create tests for the features in your application by utilizing a natural language syntax called Gherkin backed by PHP code to execute the steps executed in the feature's scenarios.
This will be a hands-on tutorial. You'll learn how to implement BDD for a web application. This will include utilizing Selenium WebDriver for real world multi-browser testing including introductions to Selenium Grid and hosted integration services utilizing Selenium.
The Ring programming language version 1.6 book - Part 6 of 189Mahmoud Samir Fayed
The document describes the Ring programming language. It discusses why Ring was created, including wanting a language that is simple, natural, encourages organization, and has transparent implementation. It provides an overview of Ring's design goals, features, and licensing. Key points include that Ring supports multiple paradigms like object-oriented programming and functional programming. It aims to be small, fast, and give programmers memory control. Ring also has a straightforward syntax without semicolons or explicit function endings.
1) The document discusses a mail server communication system developed using PHP that allows secure communication between users within or between organizations.
2) It provides an overview of PHP basics like variables, control statements, and loops to manipulate data and develop scripts.
3) Examples shown include decoding base64 encoded data, using printf to format output, and creating a sign up page to log into a Gmail account to send and receive emails through the PHP mail server communication system.
This document provides an overview of how to write a basic "Hello World" program in Java. It outlines the steps needed, including setting up a development environment with a text editor and the Java Development Kit, creating a Java file with the class and main method, writing the "Hello World" print statement, compiling and running the program. The summary provides a high-level view of the key activities and process for writing a simple first Java program.
This document provides an overview of the Java programming language. It discusses Java as both a programming language and platform. Key points include:
- Java is an object-oriented, platform-independent language that is compiled to bytecode that runs on a Java Virtual Machine.
- Java applications, applets, and servlets can be developed. Applets run in web browsers while applications and servlets run on servers.
- Java's features include simplicity, security, reliability, portability and multi-threading capabilities.
- The history of Java's development at Sun Microsystems in the 1990s is summarized, along with its growth in popularity for internet programming.
This document provides an introduction to the C programming language using a tutorial originally written for the MS-DOS platform and ported to the Applix 1616 operating system. It discusses getting started with C on the Applix 1616, including setting up a development environment and disk, and presents some very simple "hello world" style programs to demonstrate basic C syntax and output functions. It aims to teach C concepts in a simple and incremental way, moving from simple programs with no functionality to programs with basic text output and multiple lines.
international PHP2011_Kore Nordmann_Tobias Schlitt_Modular Application Archit...smueller_sandsmedia
The document discusses HTTP and web application architecture. It describes how HTTP uses a layered architecture with clients making requests to servers using standard methods like GET and POST. It discusses concepts like statelessness, caching, and how to properly use HTTP methods to conform with REST principles and enable features like caching. The document provides guidance on how to design web applications and APIs to fully leverage the capabilities of the HTTP protocol.
This document discusses a proposed Packers and Movers Management System. It includes sections on introduction, advantages, system requirements, software features, and feasibility study. The key points are:
1) The system provides an interactive platform for users to book packers and movers services through a web portal. It allows automatic entries into the database and easy generation of reports.
2) The system requirements include minimum hardware specifications and software including PHP, MySQL, Apache and phpMyAdmin.
3) A feasibility study covers operational feasibility to ensure ease of use, technical feasibility to evaluate the technology used, and economic feasibility to assess the costs.
In this chapter we review the basic rules and recommendations for writing quality program code. We pay attention to naming the identifiers in the program (variables, methods, parameters, classes, etc.), formatting and code organization rules, good practices for composing methods, and principles for writing quality documentation.
PHP is an open source server-side scripting language that allows embedding code directly into HTML pages to create dynamic content. It is intuitive for C and Perl developers to learn and offers excellent connectivity to databases. PHP code is executed on the server, so no special software is needed for the client browser beyond HTML support. PHP shares syntax with Perl and C, using loosely typed variables and supporting control structures like if/else statements.
C# is an object-oriented programming language developed by Microsoft for building robust and durable applications. Some key points about C#:
- It was designed for the .NET framework and combines features from C++, Java, and Visual Basic. C# simplifies C++ and is more modern and type-safe.
- C# is suitable for developing web applications and uses automatic garbage collection. It was introduced as the main language for building components on the .NET platform.
- The .NET framework provides a runtime environment and class libraries. It allows programs written in multiple .NET languages to interoperate. The Common Language Runtime handles memory management, type safety, and exception handling for all .NET programs.
This document provides a tutorial on PHP (Hypertext Preprocessor), a programming language used for web development. It discusses:
- PHP allows developers to create dynamic content that interacts with databases. It is commonly used with MySQL.
- The tutorial is designed for programmers new to PHP concepts with basic computer programming skills.
- It provides an overview of PHP syntax and variable types, and how to set up a PHP development environment on different platforms like Linux, Windows, and MacOS.
This document provides information about accessing and using the EBSCO databases available through Khalifa University libraries. It introduces EBSCO as a database provider and lists some of the key databases available, including Academic Search Complete, Computers & Applied Sciences Complete, Library, Information Science & Technology Abstracts, and GreenFILE. It provides details on database coverage and content. The document also explains how to access the databases through the university library website using a username and password, lists support resources, and encourages creating a personal EBSCO account to save search preferences.
This document provides an outline of grammar topics in English, including parts of speech (nouns, verbs, pronouns), verb tenses and forms, word order, question forms, passive voice, conditionals, gerunds and infinitives, modals, comparatives, clauses and phrase structures. The topics are organized into sections on nouns, verbs, subject-verb agreement, pronouns, verbs as nouns, modals, questions, negatives, imperatives, gerunds, wishes/hopes, preferences, probability, past habits, adjectives, adverbs, prepositions, causatives, passive, infinitives, enough, conditionals, relative clauses, determiners, and redundancy reduction in English
Hugh Clapperton was a Scottish explorer of West and Central Africa in the early 19th century. He made two journeys to Africa: the first from 1816-1827 where he explored the Niger River region with Walter Oudney until Oudney's death, after which Clapperton continued alone. Exhausted, he returned to England in 1825. He immediately embarked on a second expedition in 1826 to continue his exploration of the Niger River region and open trade routes, but he died in Sokoto in 1827 before completing his mission.
Advanced PHP Web Development Tools in 2015iScripts
Professional web developers make php web development absolutely stunning with the aid of different kinds of tools. A designer prefers tools after checking number of features, and the choice of the right tool for php web development is vital for creating user-friendliness and better interaction
This document provides an introduction to C++ and Java programming languages. It discusses key aspects of C++ like its origins as an extension of C, support for object-oriented programming, keywords, identifiers, comments, and compiler directives. It also covers programming style best practices. For Java, it outlines its origins, characteristics, principles, examples, editions, and the authors. It provides details on Java's portability, security, simplicity, performance and object-oriented nature.
Perl is a sophisticated, general purpose programming language with a rich software development environment. It is platform independent, high level and easy to use, designed to make the difficult jobs easy. It is a portable and scalable language that provides better structure for large programs than any other computer language. It's simple structure, a clearly defined syntax and relatively few keywords that allows the student to pick up the language in a relatively short period of time.and Debug it easily with its built-in debugger. Perl is one of the three P’s in the LAMP stack. According to eweek.com ‘Perl is used in virtually 100 percent of the Fortune 500, in a wide range of mission-critical systems’. According to Active Perl, there are 200 Thousand ActivePerl downloads each month.
This document discusses a source-to-source compiler project. A source-to-source compiler takes a high-level programming language as input and outputs another high-level language. This allows transforming code for parallelization or translating between language versions. The document provides background on compilers, including that compilers translate human-readable code into machine-readable code. It discusses one-pass and multi-pass compilers and cross-compiling code for different architectures.
CakePHP requires PHP 4.3.2 or greater, a database like MySQL, and Apache with mod_rewrite enabled. There are two ways to install CakePHP - a development setup places all files in the web root, while a production setup moves the app/webroot folder to be the new web root. Configuration of Apache, mod_rewrite, and index.php is also needed to set paths and enable the framework.
Zend con 2016 bdd with behat for beginnersAdam Englander
Learn the basics of behavioral driven development (BDD) with Behat to build high quality and well documented applications. You'll learn how BDD can help you deliver greater business value more efficiently while accurately documenting the functionality of your application along the way. You'll learn how to utilize Behat as your BDD tool. With Behat, you'll create tests for the features in your application by utilizing a natural language syntax called Gherkin backed by PHP code to execute the steps executed in the feature's scenarios.
This will be a hands-on tutorial. You'll learn how to implement BDD for a web application. This will include utilizing Selenium WebDriver for real world multi-browser testing including introductions to Selenium Grid and hosted integration services utilizing Selenium.
The Ring programming language version 1.6 book - Part 6 of 189Mahmoud Samir Fayed
The document describes the Ring programming language. It discusses why Ring was created, including wanting a language that is simple, natural, encourages organization, and has transparent implementation. It provides an overview of Ring's design goals, features, and licensing. Key points include that Ring supports multiple paradigms like object-oriented programming and functional programming. It aims to be small, fast, and give programmers memory control. Ring also has a straightforward syntax without semicolons or explicit function endings.
1) The document discusses a mail server communication system developed using PHP that allows secure communication between users within or between organizations.
2) It provides an overview of PHP basics like variables, control statements, and loops to manipulate data and develop scripts.
3) Examples shown include decoding base64 encoded data, using printf to format output, and creating a sign up page to log into a Gmail account to send and receive emails through the PHP mail server communication system.
This document provides an overview of how to write a basic "Hello World" program in Java. It outlines the steps needed, including setting up a development environment with a text editor and the Java Development Kit, creating a Java file with the class and main method, writing the "Hello World" print statement, compiling and running the program. The summary provides a high-level view of the key activities and process for writing a simple first Java program.
This document provides an overview of the Java programming language. It discusses Java as both a programming language and platform. Key points include:
- Java is an object-oriented, platform-independent language that is compiled to bytecode that runs on a Java Virtual Machine.
- Java applications, applets, and servlets can be developed. Applets run in web browsers while applications and servlets run on servers.
- Java's features include simplicity, security, reliability, portability and multi-threading capabilities.
- The history of Java's development at Sun Microsystems in the 1990s is summarized, along with its growth in popularity for internet programming.
This document provides an introduction to the C programming language using a tutorial originally written for the MS-DOS platform and ported to the Applix 1616 operating system. It discusses getting started with C on the Applix 1616, including setting up a development environment and disk, and presents some very simple "hello world" style programs to demonstrate basic C syntax and output functions. It aims to teach C concepts in a simple and incremental way, moving from simple programs with no functionality to programs with basic text output and multiple lines.
international PHP2011_Kore Nordmann_Tobias Schlitt_Modular Application Archit...smueller_sandsmedia
The document discusses HTTP and web application architecture. It describes how HTTP uses a layered architecture with clients making requests to servers using standard methods like GET and POST. It discusses concepts like statelessness, caching, and how to properly use HTTP methods to conform with REST principles and enable features like caching. The document provides guidance on how to design web applications and APIs to fully leverage the capabilities of the HTTP protocol.
This document discusses a proposed Packers and Movers Management System. It includes sections on introduction, advantages, system requirements, software features, and feasibility study. The key points are:
1) The system provides an interactive platform for users to book packers and movers services through a web portal. It allows automatic entries into the database and easy generation of reports.
2) The system requirements include minimum hardware specifications and software including PHP, MySQL, Apache and phpMyAdmin.
3) A feasibility study covers operational feasibility to ensure ease of use, technical feasibility to evaluate the technology used, and economic feasibility to assess the costs.
In this chapter we review the basic rules and recommendations for writing quality program code. We pay attention to naming the identifiers in the program (variables, methods, parameters, classes, etc.), formatting and code organization rules, good practices for composing methods, and principles for writing quality documentation.
PHP is an open source server-side scripting language that allows embedding code directly into HTML pages to create dynamic content. It is intuitive for C and Perl developers to learn and offers excellent connectivity to databases. PHP code is executed on the server, so no special software is needed for the client browser beyond HTML support. PHP shares syntax with Perl and C, using loosely typed variables and supporting control structures like if/else statements.
C# is an object-oriented programming language developed by Microsoft for building robust and durable applications. Some key points about C#:
- It was designed for the .NET framework and combines features from C++, Java, and Visual Basic. C# simplifies C++ and is more modern and type-safe.
- C# is suitable for developing web applications and uses automatic garbage collection. It was introduced as the main language for building components on the .NET platform.
- The .NET framework provides a runtime environment and class libraries. It allows programs written in multiple .NET languages to interoperate. The Common Language Runtime handles memory management, type safety, and exception handling for all .NET programs.
This document provides a tutorial on PHP (Hypertext Preprocessor), a programming language used for web development. It discusses:
- PHP allows developers to create dynamic content that interacts with databases. It is commonly used with MySQL.
- The tutorial is designed for programmers new to PHP concepts with basic computer programming skills.
- It provides an overview of PHP syntax and variable types, and how to set up a PHP development environment on different platforms like Linux, Windows, and MacOS.
This document provides information about accessing and using the EBSCO databases available through Khalifa University libraries. It introduces EBSCO as a database provider and lists some of the key databases available, including Academic Search Complete, Computers & Applied Sciences Complete, Library, Information Science & Technology Abstracts, and GreenFILE. It provides details on database coverage and content. The document also explains how to access the databases through the university library website using a username and password, lists support resources, and encourages creating a personal EBSCO account to save search preferences.
This document provides an outline of grammar topics in English, including parts of speech (nouns, verbs, pronouns), verb tenses and forms, word order, question forms, passive voice, conditionals, gerunds and infinitives, modals, comparatives, clauses and phrase structures. The topics are organized into sections on nouns, verbs, subject-verb agreement, pronouns, verbs as nouns, modals, questions, negatives, imperatives, gerunds, wishes/hopes, preferences, probability, past habits, adjectives, adverbs, prepositions, causatives, passive, infinitives, enough, conditionals, relative clauses, determiners, and redundancy reduction in English
Hugh Clapperton was a Scottish explorer of West and Central Africa in the early 19th century. He made two journeys to Africa: the first from 1816-1827 where he explored the Niger River region with Walter Oudney until Oudney's death, after which Clapperton continued alone. Exhausted, he returned to England in 1825. He immediately embarked on a second expedition in 1826 to continue his exploration of the Niger River region and open trade routes, but he died in Sokoto in 1827 before completing his mission.
The document summarizes the unification of Italy and Germany between 1815-1871. It describes how Italy was initially divided but united through the efforts of figures like Cavour, Garibaldi and Victor Emmanuel II, culminating in the Kingdom of Italy in 1861. It also outlines how Germany was originally divided into 39 states, and how Otto Von Bismark as Prime Minister of Prussia led three successful wars that unified most German states under Prussian leadership by 1871.
The document provides instructions for how to write a recipe. It explains that a recipe should include a list of ingredients and directions. For the ingredients list, be specific about quantities needed. For the directions, write clear short sentences describing each step. An example recipe for a yogurt spongecake is also provided to demonstrate how to write out the ingredients list and step-by-step directions.
The Cold War was a period of geopolitical tension between the United States and Soviet Union from the mid-1940s until the early 1990s. During this time, there was no direct military conflict between the two superpowers, but they supported major regional conflicts like the Korean War and the Vietnam War by proxy. Tensions escalated further in events like the Berlin Blockade and Cuban Missile Crisis, and the Cold War only ended in the late 1980s as reformist leader Gorbachev rose to power in the USSR and liberalized communist rule in Eastern Europe.
The document provides an overview of the major events and developments during the French Revolution from 1789 to 1799. It describes the social inequality under the estates system that led to unrest, the storming of the Bastille marking the start of the revolution, the establishment of a constitutional monarchy, growing conflict between the king and the revolution, the establishment of the First French Republic after the royal family's imprisonment, the execution of Louis XVI after a trial, the Reign of Terror under Robespierre and the Committee of Public Safety in which thousands were executed, and the eventual establishment of the Directory government.
The American Revolution began in the late 18th century as the 13 colonies sought independence from Britain. Tensions rose as colonists had no representation in British Parliament but were still subject to taxation. This led to protests like the Boston Tea Party in 1773 and eventually war between the colonies and Britain. The colonies declared independence in 1776 and fought with the aid of France and Spain. Britain recognized American independence in 1783. The new nation was formed with a constitution separating powers among legislative, executive and judicial branches.
Unit 16 - Spain at the beginning of the 20th centuryAna Arias Castro
Spain at the Beginning of the 20th Century documents the political and social changes in Spain from 1902-1939, including the loss of colonies, Alfonso XIII's reign, the establishment of the Second Republic and its reforms, the rise of opposition and the coup d'etat leading to civil war. It then describes the three phases of the Spanish Civil War and its international involvement before concluding with the human consequences like casualties, exile, and life during the brutal conflict.
The document summarizes key aspects of the Industrial Revolution, including:
- Important inventions like the spinning jenny, water frame, and steam engine fueled industrialization.
- Life during the revolution differed greatly between the wealthy, poor, and middle class. The poor lived in cramped homes and conditions were difficult.
- Many people migrated to industrial areas to find work in cities like Manchester and Liverpool.
- Working conditions in factories were dangerous, with long hours and hazardous machinery, though reforms improved safety over time.
- The railways played a major role in transport and helped drive the revolution further.
Hong Kong is a special administrative region located on the eastern side of the Pearl River estuary in China. It has a population of over 7 million people and its three main cities are Victoria City, Kowloon, and New Kowloon. Hong Kong has a mix of Chinese and British influences and is described as the place where East meets West. Some popular traditional aspects of Hong Kong include Cantonese cuisine, feng shui, and Chinese traditions.
The Philippines is an archipelago located in Southeast Asia between the Philippine Sea and the South China Sea. It has a population of over 99 million people and its capital and largest city is Manila. The Philippines was a Spanish colony during the 16th century and was later ceded to the US in 1898, gaining full independence in 1946. It has a diverse culture with influences from Malayo-Polynesian origins as well as Hispanic, Chinese, American and other Asian cultures. Popular sports include basketball, boxing, and volleyball. Famous tourist destinations include Boracay Beach, Mount Mayon, and Vigan.
The document discusses the constructivist learning theory. Constructivism posits that students learn by actively constructing their own understanding through experiences and interactions. Key theorists discussed include Piaget, who saw learning as stages of cognitive development, Bruner, who emphasized discovery-based learning, and Vygotsky, who stressed social learning and scaffolding learning within a student's zone of proximal development. The document outlines implications for constructivist classrooms, including encouraging student exploration, inquiry, and critical thinking with or without technology tools.
This document provides an overview of PHP (Hypertext Preprocessor) including:
- An introduction to PHP as a server-side scripting language used to build dynamic web applications.
- Features of PHP like performance, open source availability, familiar syntax, platform independence, and database support.
- Common PHP applications like handling forms, restricting user access, adding login features, and encrypting data.
- Basic PHP syntax, variables, variable types, scopes, and predefined variables.
- How to set up a PHP development environment using XAMPP which bundles PHP, Apache, and MySQL.
PHP is an open-source scripting language that is widely used for web development. It allows code to be embedded into HTML documents to create dynamic web pages. PHP code is executed on the server side to produce the web page. Some common design patterns used in PHP include the factory pattern, singleton pattern, observer pattern, and strategy pattern. PHP was originally created to generate web pages and communicate with databases, and it remains a popular language for building web applications today.
Furniture showroom management system project.pdfKamal Acharya
The Project deals with the development of the computerized system for maintaining the regular records and services that are undertaken in the furniture business. This project titled "Web Based Integrated Furniture Showroom Management System" has been aimed to design and computerized system that can handle various activities are been carried out at the Furniture Showroom. This application has been developed using PHP Programming Language as its front end and the back end is MYSQL Server In the existing system all the activities and record maintenance of the furniture showroom are done manually by the manager. The Project deals with the development of the computerized system for maintaining the regular records and services that are undertaken in this most important and large business oriented furniture business. This Project also enables the users to perform all the day to day business operations in the furniture showroom business most efficiently.
PHP, which stands for Hypertext Preprocessor, is a widely used and versatile scripting language designed
for web development. Since its inception in the mid-1990s, PHP has played a pivotal role in shaping the
landscape of the internet, powering numerous websites and web applications. In this comprehensive
guide, we will explore PHP web development, covering its history, core features, advantages, popular
frameworks, and its enduring relevance in the ever-evolving world of web development.
PHP is a widely used scripting language originally designed for web development. It allows server-side code to produce dynamic web page content. PHP code is embedded into HTML and executed by a PHP interpreter on the web server to create web pages. It can be deployed on most web servers and operating systems free of charge. Some key points about PHP include:
- It was created by Rasmus Lerdorf in 1995 and is now produced by The PHP Group.
- PHP code is interpreted from HTML files and outputs HTML. It focuses on server-side scripting to generate dynamic web content.
- Popular frameworks built with PHP include CakePHP, Symfony, CodeIgniter, and Zend Framework.
Baluja labs provides the best stage of the project coaching classes with Live training in Php at Janakpuri , New Delhi Balujalabs training is best in the class which includes practical hands on training to each & every students, Baluja labs students are capable of creating dynamic website after the attending the classroom coaching
PHP may seem to be a very easy language but many of don't know how PHP works. We will discuss the less known facts about PHP and we will also cover some common type of software design patterns used with PHP
PHP is an open source server-side scripting language that allows embedding of PHP code within HTML files. It provides dynamic web pages by interacting with users and extracting information from databases or external sources. PHP code is executed on the server rather than the client browser, so it works with any browser. PHP includes features like variables, arrays, control structures, functions and the ability to easily handle forms and access popular databases. PHP 4 offers improved performance, object oriented capabilities and additional optional functions.
PHP is a general-purpose scripting language well-suited for server-side web development that runs on web servers. It allows creation of dynamic web page content by executing PHP code within requested files. PHP is portable across most web servers, operating systems, and platforms and can interface with several database systems. The PHP source code is freely available for users to develop, modify, and expand applications. PHP primarily operates as an interpreter that takes input containing text and PHP instructions and outputs another stream of data commonly in HTML format.
PHP (Hypertext Preprocessor) is a popular general-purpose scripting language that is primarily used for web development. It is a server-side scripting language, which means it is executed on the server and generates dynamic web pages. PHP is embedded within HTML code and can be used to create dynamic content, interact with databases, handle form data, and perform various other web-related tasks.
This document provides information about a Web Engineering II course. It outlines the course instructor, marks distribution including assignments, quizzes, attendance, mid-term and final exam. It then covers several chapters on PHP including its history and evolution, what PHP is, how to set it up, basic syntax and concepts, and differences between echo and print functions.
This document discusses PHP, including what it is, its features, basic syntax, installation, and how to run PHP programs. PHP is a server-side scripting language used to build dynamic web applications and pages. It is open source, platform independent, and has a large library of support. The document outlines how to install PHP using XAMPP, and provides a basic example PHP registration form program. Advantages of PHP include being cross-platform, easy to use, and having open source and powerful library support. Disadvantages include weak typing and poor error handling.
- Yahoo began using PHP around 2001 to replace custom scripting languages as PHP was a modern web-focused language that was easier to maintain and integrate with other software.
- Today, Yahoo uses PHP extensively and has developed best practices around performance, security, and globalization. They leverage opcode caches, custom PHP extensions, and frameworks like Symfony.
- Yahoo contributes to the PHP open source community through projects like the Unicode extension and r3 Template Management Tool for internationalization.
PHP is a widely used server-side scripting language used primarily for developing web applications and sites. It has advantages like being free, open-source, platform independent, and having a simpler syntax compared to other languages. While powerful, PHP also has some disadvantages such as weaker typing that can lead to errors, and not being as suitable for very large applications.
Introduction to PHP for Building Dynamic Web Applications.pdfvanisha30
PHP is a server-side scripting language that is used to build dynamic web applications. It is an open-source language that is widely used for web development, and it can easily integrate with other web technologies such as HTML, CSS, and JavaScript. At CETPA Infotech, you can learn PHP for building dynamic web applications through their comprehensive PHP training program.
The PHP training program at CETPA Infotech covers various topics such as: Introduction to PHP, PHP with MySQL, Object-Oriented PHP, Web Development with PHP, PHP Frameworks.
PHP is one of the most popular programming languages among web developers and programmers, powering 79.2% of all websites to some extent. Some of the most well-known websites and online communities, such as Zoom, Facebook, Wikipedia, and WordPress, use PHP. How can you create better websites with PHP? Let's continue reading.
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Liberarsi dai framework con i Web Component.pptxMassimo Artizzu
In Italian
Presentazione sulle feature e l'utilizzo dei Web Component nell sviluppo di pagine e applicazioni web. Racconto delle ragioni storiche dell'avvento dei Web Component. Evidenziazione dei vantaggi e delle sfide poste, indicazione delle best practices, con particolare accento sulla possibilità di usare web component per facilitare la migrazione delle proprie applicazioni verso nuovi stack tecnologici.
1. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
1 of 18 12/19/2007 5:14 PM
PHP Vulnerabilities in Web Servers
Written By:
David K. Liefer
Steven K. Ziegler
Abstract:
The Internet has grown to be hugely popular and used by people of all different backgrounds and professions.
Individual web pages are created by just about everyone whether or not they have any development
experience or not. PHP (PHP: Hypertext Preprocessor) is one of the more popular scripting languages used by
beginners and advanced users. It is an attractive alternative to Java for the novice user but little do they know
there are some frightening vulnerabilities that can be exploited by clients looking to cause problems or gain
access to private information or resources that cannot be tied to them. A few of these exploits include remote
and local file inclusion or execution. Through these basics types of vulnerabilities a malicious client could
gain complete access to a web server. To avoid these attacks a web developer needs to take care when writing
PHP scripts. The most common mistake made by developers is to unknowingly expose internal variables to
clients or when access is needed not properly sanitizing them to ensure the values make sense for the context
in which they are being used. If un-sanitized variables are used in conjunction with certain PHP function calls
private files can be accessed or remote files can be uploaded and executed. A few of the more dangerous PHP
functions calls are _GET[] or passthru(). These functions need to be used with care or disabled by the system
administrator to avoid problems with badly written PHP scripts. To aid in the detection of potential
vulnerabilities the authors of this paper implemented a Vulnerability Detection Tool (VDT). The tool is a java
based program which takes a set of user defined rules then uses these rules to parse through the contents of
every file in a web development directory. If a defined rule is violated a report giving the filename, line
number, and severity is displayed in the progress window of the GUI. Readers are encouraged to evaluate the
tool, provide feedback to the authors, and when so motivated submit improvements to the tool.
Table of Contents:
1. Introduction
2. Background
2.1 PHP
2.2 Apache Web Server
3. Investigating PHP Vulnerabilities
3.1 PHP Script Vulnerabilities
3.1.1 Local Vulnerabilities
3.1.2 Remote Vulnerabilities
3.2 Vulnerabilities Caused by PHP Configuration
3.3 Other Vulnerabilities
4. Vulnerability Detection Tool
4.1 Basic Tool Design Considerations
4.1.1 Portability
4.1.2 Syntactical Differences
2. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
2 of 18 12/19/2007 5:14 PM
4.1.3 Flexibility to Include New Vulnerabilities
4.2 Tool Requirements, Installation, and Start-Up
4.3 VDT User Manual
4.3.1 Specification of HTML Directory and Configuration File
4.3.2 Search Rule Settings
4.3.3 Configuration Rule Settings
5. Summary
6. References
Download VDT
Acronyms
1. Introduction
In the early days of the Internet most web development was done by professionals. Since then an array of web
development tools, several scripting languages, and easily configurable web server software has made it easier
for the novice to create and host their own website's. One of the more popular scripting languages is PHP. It
has a significant user base and thousands of free scripts can be found all over the internet to perform all kinds
of useful functions. It is an attractive alternative to Java for the novice user but little do they know there are
some frightening vulnerabilities that can exploited by clients looking to cause problems or gain access to
private information or resources that cannot be tied to them. In this paper, the basics behind the PHP scripting
language and Apache web server architecture will be outlined. The latter mainly to understand how requests
and data get forwarded from the web server to the underlining PHP module for interpretation and then passed
back to the web server core where it is sent to the client requesting the information. Any web server could
have been used for this paper, but the Apache web server was chosen dues to its popularity and availability as
an open source product. Next, an investigation of the various PHP vulnerabilities will be conducted to provide
readers with information that will help them write PHP scripts that are not easily exploited. To help find these
vulnerabilities in website source code the writers of this paper have created a simple yet flexible tool that will
recursively check selected directories for files with certain extensions to see if they have violated any of the
predefined or user defined rules. When a rule is violated the severity is reported along with the filename and
line number. The tool is aptly named the Vulnerability Detection Tool and its design and use is also outlined
in this paper.
2. Background
The subject of this paper is to find PHP vulnerabilities in web servers. The web server we chose to use for this
project is Apache, which is an open source product produced by the Apache Software Foundation. A little
background information on PHP and the Apache Web server is probably warranted.
2.1 PHP
The roots of PHP are quite simple and originate with one man. His name was Rasmus Lerdorf and in 1995 he
wrote a simple set of Perl scripts to track accesses of his online resume. He named these scripts "Personal
Home Page Tools". Over time the size and number of Perl scripts got rather large and it was clear that an
implementation in a standard programming language would be required to make it more scalable and easier to
maintain. He chose the C programming language and made the application and source available to everyone.
3. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
3 of 18 12/19/2007 5:14 PM
He called the application "Personal Home Page / Forms Interpreter" or PHP/FI. The new implementation gave
users the ability to communicate with databases and make simple dynamic web applications. Over the years,
PHP/FI became quite popular and in 1997 the second version of PHP/FI was released. This version
incorporated fixes and enhancements from the user community. The official release date for PHP/FI 2.0 was
November 1997 but its life would be short lived because PHP/FI would receive a major overhaul and name
change from some new developers.
A couple of students attempted to use PHP/FI for a university project but realized PHP/FI was not powerful
enough to support the eCommerce application they developed for their project. Their names were Andi
Gutmans and Zeev Suraski. Instead of abandoning PHP/FI they decided to redesign it so it fulfilled the needs
for their project. The new version 3.0 was released, with the cooperation of Rasmus Lerdorf, as a successor to
PHP/FI and was renamed to simply PHP. The new acronym is meant to be recursive for PHP: Hypertext
Preprocessor. The new version contained many enhancements but one of its strongest was extensibility. This
feature alone attracted many developers to create extension modules that added to the functionality of PHP
and also its popularity. The new release also provided a solid infrastructure for different databases, protocols,
and APIs. In addition, its object oriented support and much more consistent and verbose language syntax made
it a powerful web development application.
Once renamed and released Andi Gutmans and Zeev Suraski took over development of PHP. The new version
3.0 added a lot of new functionality but did not do it very efficiently nor was the architecture as modular as the
authors would have liked. To solve this problem a re-write of the PHP core was required.
The re-write of the PHP core was completed and ready to release as version 4 in May of 2000. This version
contained what the authors dubbed as the "Zend Engine" and was named using parts of both their first names.
The "Zend Engine" met all the design requirements for performance and modularity. In addition, it added
many new features such as support of more Web servers, HyperText Transfer Protocol (HTTP) sessions,
output buffering, and fixes for security vulnerabilities dealing with handling user input. The next major
version was released in July 2004 and contains the second version of the Zend Engine, more fixes, and
additional functionality. The latest released version, as of this writing is 5.2.5. Now that we know about the
history of PHP lets look at the language itself to better understand its popularity. In section 3 of this paper
some of the vulnerabilities of PHP will be investigated.
The main idea behind PHP is to be able to write PHP scripts embedded within Hyper Text Markup Language
(HTML). An example of a simple script to echo something onto the web browser is shown in Figure 1 below.
Figure 1: Simple PHP Example
In this simple example the PHP tags allow the web server to know when to send the code to the PHP module
running in the background. When the PHP start tag is encountered the web server application that is
4. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
4 of 18 12/19/2007 5:14 PM
interpreting the HTML code knows to pass this to the PHP module. The PHP module then takes the code and
creates HTML code to write out "Hello World" to the client's browser screen. It is very powerful and different
from client side java scripts because the PHP code is executed on the server and not the client. There are three
main areas of Web development that PHP can handle. These are server-side scripting, command line scripting,
and writing desktop applications. The last type in the list, desktop applications, is not an area that PHP excels
as pointed out by the creators on the PHP website. However, there is an extension for creating Graphical User
Interfaces (GUI) called PHP-GTK [Oglio et al. 2006]. Additionally, PHP can be used by the most popular web
servers on all of the main stream operating systems. To understand some of the vulnerabilities examined in
later sections of this paper we will need to dig a little deeper into basic PHP syntax.
The first time you look at PHP code you will notice some similarities to other scripting languages like Perl or
Tcl. Figure 2 shows how variables are declared in PHP scripts.
Figure 2: Variable Declaration in PHP
The type of variable is detected by the way it is assigned a value and could change over time as the variable is
used in different contexts. On the surface this seems pretty powerful but it could get you into trouble if care is
not taken when using the variable. Also, notice that PHP is like most programming languages in the way a line
ends with a semi-colon. To declare an array it takes a little more work and the variable is fixed to be an array
for life as shown in Figure 3.
Figure 3: Array Declaration in PHP
An array in PHP is actually implemented as an ordered map similar to a map in the Standard Template Library
(STL) for programming languages like C/C++ and Java. This means they will resize themselves automatically
and everything can be indexed using a key value. The difference between this and an STL map is the key is
not a fixed type. It can be any of the allowable PHP types and can differ from element to element in the same
map. The same can be said of the value stored at that keyed location. This would appear to be a very powerful
feature. The next thing to examine is how to operate on the variables using expressions and control structures.
The way variables can be operated on is very similar to most programming languages. Given the similarities a
listing of these operators is not necessary but before writing any PHP scripts it is suggested to review them via
online documentation [Achour, et al. 2007]. The same can be said of the control structures with exception of a
few new types that are unique to the PHP language. Table 1 contains the list of unique control structures and a
short description of their operation. A few of these typically are not considered control structures in most
programming languages but because this is a scripting language they are defined in this manner. Now that we
know a little about the different types of constructs available in PHP lets examine how functions are created
within PHP.
Table 1: Unique Constructs to PHP Scripting Language
5. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
5 of 18 12/19/2007 5:14 PM
A function in PHP looks very similar to a function in most programming languages. It is defined with the
keyword function followed by the function name and a list of parameters enclosed within a set of parenthesis.
The extent of a function is defined by a set of curly brackets. All the code for a function must be enclosed
within these brackets. An added feature that is unique to PHP is the ability to write variable functions. A
variable function is a function that is associated to a variable and can be called by simply appending a set of
parenthesis to a variable. The PHP interpreter will then execute a function of the same name if it exists.
Another unique feature not normally seen in most programming languages is the ability to write a function
within a function. This would be useful when utility functions that are used multiple times but only within a
particular function need to be created. Below in Figure 4, is an example of the syntax for a function.
Figure 4: Function Declaration in PHP
The PHP programming language offers many advanced programming features like robust Object Oriented
Programming (OOP) support, ability to throw and catch exceptions, and the use of references. More
information on the discussed topics and advanced PHP features can be found in the online manual or in
several books on the PHP programming language [Achour, et al. 2007][Sklar-Trachtenberg 2006 Sklar, David,
et al., 2006].
2.2 Apache Web Server
The Apache Web Server is the most widely used web serving application on the web today and is freely
available online [Apache Software Foundation 2007]. The first versions of the Apache web server were
developed and released by Rob McCool at the National Center for Super Computing Applications (NCSA)
which is a department at the University of Illinois, Urbana-Champaign. The initial release was sometime in
1994 and was simply called NCSA HTTP daemon. The history is not very well documented during it infancy.
When Rob McCool left the NCSA towards the end of 1994 all development on the NCSA HTTP daemon
stopped until a group of webmasters conversed via email about orchestrating some way to distribute the many
additions and bug fixes that had been made independently. Over the next few months a core group of
6. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
6 of 18 12/19/2007 5:14 PM
webmasters added the bug fixes to NCSA HTTP v1.3 and released the first official version of the Apache Web
Server in April of 1995. The name Apache was chosen for two reasons. The primary reason for the name was
out of respect for the Apache Native American tribe and their resourcefulness and endurance through troubling
times. Secondly, it was because it was created from a group of patches or in literal terms "a patchy server"
[Apache Wikipedia 2007].
The initial version of the Apache Web Server was a huge success and became quite popular. To improve its
scalability a major overhaul was performed to the server and resulted in Apache Web Server v0.8.8 which was
released in August of 1995. This version sported a modular design and API, pool based memory allocation,
and a new process model. Over the next few months, the development of standard modules was executed to
add more functionality to the web server. At the conclusion of the module development and beta testing the
first major version of Apache was released in December, 1995. Several more versions were released and as its
popularity grew it became clear a more structured environment was needed leading to the formation of the
Apache Software Foundation in 1999. The foundation helped focus the product development plus it provided
both legal and financial backing to the effort. To better understand how PHP is integrated into the Apache
Web Server we have to know the basics behind its architecture.
The Apache Web Server's architecture is modular in design. It allows for the creation of modules using a
standardized set of function calls that are linked in at runtime. This makes it easy for new modules to be made
by the Apache Software Foundation as necessary or a third-party in support of their product, which is how
PHP is supported on all Apache Web Server ports. The callbacks provide a way to communicate with the core
as shown in Figure 5. The Apache Web Server uses various functions or sometimes referred to as handlers
[Dragoi 2006] within a module when they are required to service a client's request. A client request may
consist of several phases that require multiple handler calls from several modules. For example, a PHP script
within a file may be requested from a client. The first thing that might be done, based on the context of the
request, is a handler function will get called to place the file in to memory. Next, the file would get passed to a
handler function within the PHP module to be interpreted and once completed the handler function would
return the data to the Apache core. The Apache core would in turn construct a message containing the return
data to be sent to the client making the request. The client on the other end will receive the server message, the
browser will read it and format it for display using local settings, and then display it to the client on their local
machine. The basics behind Apache modules and how they are called have been described, but how does the
Apache Web Server core receive client requests and decide what order to call the module handler functions?
Figure 5: Modular Structure of Apache Web Server
The heart of the Apache Web Server consists of the core that processes all client requests. When someone
opens a browser and types in a URL it gets converted to an IP address via a Domain Name Service (DNS).
7. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
7 of 18 12/19/2007 5:14 PM
The client browser then requests a connection to the web server address using port 80, which is the standard
HTTP port number used to connect to all web servers. Once the connection is open the web server starts
accepting requests from the clients for information from the website it is serving. When a request comes in
there is a specified order in which the Apache core calls handlers within modules as shown in Figure 6. The
modules contain private resources they use to complete operations and return data.
Figure 6: Handler Functions within a Module
Each handler does not know about other handlers and only takes information from and sends data back to the
Apache core. The handlers that are called are based on the type of requests made by the client. In this paper,
the main point of interest is when a client requests something that requires interpreting PHP code embedded in
the website's source HTML. In some instances the PHP scripts will request data from the client. This data is
received but not checked by the web server and then passed onto the PHP module that will use it to satisfy the
original request made by the client. The next section will discuss how a mischievous client can use this ability
to send unchecked data to exploit certain weaknesses within the PHP language.
3. Investigating PHP Vulnerabilities
Vulnerabilities in PHP can be in several different forms. The basic definition of vulnerability is some
weakness in the system that allows someone to do something malicious to the system, which in this case is the
web server. One form of vulnerability is via a poorly written PHP script by a user, which can be done by
mistake or with malicious intent. Another form is by not understanding all the various settings that can be used
with PHP and thus the administrator of the web server does not implement settings which are necessary for
security. There are other vulnerabilities that exist which can cause a denial of service to the user (crashing the
web server, flooding the network with traffic to where it is unusable, etc.). The following identifies some
examples of these vulnerabilities and gives a more detailed explanation of each type of vulnerability.
3.1 PHP Script Vulnerabilities
While PHP scripts are not inherently bad, the user could either inadvertently write a script that allows the
vulnerability or maliciously create a script to take advantage of certain PHP functions. A web administrator
may not need to worry about such scripts for the main website that he/she manages, but other users on the
8. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
8 of 18 12/19/2007 5:14 PM
system which create and publish web content could create bad PHP scripts. The web server administrator must
be aware of such issues with PHP so none of the pages on the system have vulnerabilities.
There are two major types of PHP vulnerabilities, local and remote. The local vulnerabilities are designed such
that the attack is being made on the system on which the PHP script resides. A remote vulnerability executes a
PHP script on one web server, which in turn goes out to get another PHP script and then is executed on the
web server. In this instance, an attacker could place a PHP script on some other server which would cause
vulnerability to a web server which executed it. Then the attacker can essentially tell the web server they are
trying to exploit to grab that PHP file and execute it, causing the web server to be vulnerable. Specific local
and remote vulnerabilities can be found in the following sections.
3.1.1 Local Vulnerabilities
There is really one major known locally vulnerable command in PHP. This command is the $_GET[]
command, which allows the user to specify arbitrary values as variables through the URL [Achour, et al.
2007]. For example, if a HTML document had the following code shown in Figure 7 it would be considered a
security risk [Wrenholt 2007].
Figure 7: Example of File Inclusion Vulnerability
The $_GET command will take any variable in the URL called "page" and place it in the variable $page. Then
$page is used with the include command. The include command will attempt to parse whatever is in the
variable $page as a PHP script. If the file does not contain PHP script, it will basically just display the contents
of the file. An attacker can then specify whatever they want in the URL and it will be shown on the web page.
If an attacker specifies a URL like http://www.myhost.com/index.php?page=/etc/passwd and index.php
contains the above code, the attacker will see the contents of "/etc/passwd" on the screen.
In order to still use $_GET without being vulnerable, the PHP scripter must sanitize the input to the command.
Only specific inputs can be used with the statement and if anything else is specified the command will not be
executed. An example of code that sanitizes the inputs for the PHP statement shown above is shown in Figure
8 [Wrenholt 2007].
9. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
9 of 18 12/19/2007 5:14 PM
Figure 8: Properly Sanitizing Variables within PHP
this code only home.php or about.php can be specified. Every other input will be ignored (except if nothing is
put in) then the default of home.php is used) so the script is no longer vulnerable.
3.1.2 Remote Vulnerabilities
Another way that a PHP script can introduce vulnerability is through the use of commands which get PHP
scripts from other sites for execution locally. In this scenario, an attacker can set up their own web site which
hosts a PHP script that contains a vulnerable command. The attacker can then tell the web site they wish to
attack to get the vulnerable PHP script from the web site that they set up and execute it. One example of this
type of attack is shown in Figure 9 [Clowes 2007].
Figure 9: Example of Local Execution Vulnerability
The first PHP statement listed is on the server which the attacker wants to exploit. The variable libdir is
defined on the server. An attacker could modify the libdir variable to put in whatever web site they would like
to visit. In this case, if libdir was set to http://attackers.website.org and languages.php existed on that server,
the server would go to http://attackers.website.org and attempt to execute languages.php on its own server.
Within languages.php is the second PHP statement shown above. The passthru command locally executes
10. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
10 of 18 12/19/2007 5:14 PM
whatever is contained in the command as a shell script. In this case, the attacker would see the result of the
shell command "/bin/ls /etc".
There are several different ways that this threat can be avoided. One way to alleviate this threat is to actually
disable the passthru command. Another way to stop the threat is to sanitize the input to the variable in a
similar fashion as was done for the local vulnerability (see Section 3.1.1).
3.2 Vulnerabilities Caused by PHP Configuration
Some vulnerabilities are introduced by incorrectly or not setting certain configuration parameters for the PHP
module. Certain commands are not as well known as others or may not be documented properly. Many of
these configuration parameters are known by the PHP community, but many web server administrators are not
part of that community and do not know much about PHP. The configuration parameters could change and
some could be added (or removed) at any time. The web server administrator would need to keep up with all
of these changes. A few of the configuration settings which should be used are shown in Figure 10.
Figure 10: PHP Configuration Settings
To get rid of these vulnerabilities, the web server administrator would need to add, remove or modify the
configuration settings defined in the configuration settings file (usually "php.ini") to reflect the correct values.
3.3 Other Vulnerabilities
PHP, along with most other applications, has problems that are inadvertently put in the source code which
may cause the application to be vulnerable to certain attacks. Patches and bug fixes are released to fix the
issues, but as development continues on the application, more problems can be introduced. The severity of the
issue depends on the type of bug in the software. The vulnerability introduced could cause a Denial of Service
(DoS) for the users, allow access to certain parts of the system which would compromise its security, give the
attacker the ability to generate large amounts of network traffic to flood the network so it can no longer be
used and so on. The best way to eliminate these bugs is to have the latest version of the software.
4. Vulnerability Detection Tool
Detection of vulnerabilities in PHP scripts and PHP daemon configurations are somewhat difficult and
cumbersome tasks. For PHP scripts, a certain level of knowledge in PHP scripting is required to detect such
vulnerabilities. Certain commands can be used safely in some contexts but could also be used maliciously or
just by mistake by novice PHP scripters. On large web servers with hundreds of pages, the time to search
through all the pages could be extensive. As for PHP daemon configurations, there are certain recommended
settings and practices used by PHP experts to alleviate risks in PHP which the common system administrator
may not know. Thus a tool has been created which recursively searches through HTML for certain PHP
vulnerabilities and attempts to determine if the code is structured in such a way that it can be exploited. This
tool also examines the PHP daemon configuration (and in some cases the HTTP daemon configuration) for
recommended settings and notifies the user if these settings are incorrect or not present. The following
subsections describe the usage of the tool and its design.
11. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
11 of 18 12/19/2007 5:14 PM
4.1 Basic Tool Design Considerations
Several issues were considered when designing the PHP VDT. Such issues included portability between
operating systems, formatting differences in PHP scripts and PHP configuration files and flexibility for
including new vulnerabilities as they become known. These issues are addressed in detail below.
4.1.1 Portability
One design consideration in the design of the tool was portability. PHP and HTTP daemons were created for
many different operating systems. Thus the tool should ideally be made so that it can span all these operating
systems as well. A portable coding language for use in creating the tool would be required to accomplish this.
Therefore Java was used to code the tool so that it could be run on any platform which supported Java (which
happens to be many of the platforms that support PHP daemons).
4.1.2 Syntactical Differences
PHP scripts and PHP configuration files can have different formats depending on the individual
creating/modifying them. Certain PHP script commands and PHP configuration lines ignore white spaces. If
this is the case, certain users may insert more spacing than others (or even use tabs) which could confuse a
tool which attempts to parse the command or line. Thus the tool must be robust enough to be able to handle
different formatting styles and command/line parsing must be independent of that style.
4.1.3 Flexibility to Include New Vulnerabilities
New vulnerabilities could become known at any time. Thus the tool must be able to handle the input of new
vulnerabilities so that the user can take corrective action and not be susceptible to new threats. Currently this
process is a manual process where the user must insert the new vulnerabilities into the tool by hand. A future
extension of the tool could be to include a way to download a list of vulnerabilities which are automatically
imported into the tool for use by the user.
4.2 Tool Requirements, Installation, and Start-Up
System requirements for running the tool are the same requirements which are needed to run Java. The user
must install Java Runtime Environment, preferably the latest version. The tool has been tested with Java
Runtime Environment (JRE) 6 Update 3. Once the JRE is installed, all the user needs to do is download the
PHPVulnTool.zip file and expand it in the desired directory. Then run it using the following command:
java -jar PHPVulnTool.jar
4.3 VDT User Manual
Usage and configuration of the tool is fairly straightforward. Begin using the application by executing the JAR
file with Java (see Section 4.2). The specification of the directory where the HTML files are stored and the file
which contains the PHP configuration (or HTTP daemon configuration) is done before the vulnerability test
can be run. Different settings can be specified which is broken down into two subsections: Search Rules and
Configuration File Rules. The tool can then be closed by selecting File then Exit from the main screen. These
pieces of the tool are explained in detail in the following subsections.
4.3.1 Specification of HTML Directory and Configuration File
12. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
12 of 18 12/19/2007 5:14 PM
In order to perform a recursive search on all the HTML files on the web server, the web server page storage
directory must be specified. This can be done by either clicking on the "HTML Directory" button on the main
screen (see Figure 11) or by manually typing in the directory in the field next to the "HTML Directory"
button. When the tool is first opened, the "Progress" field will not contain any data. When using the "HTML
Directory" button, a window will open that will allow the user to select the directory which contains the
HTML files for the web server (see Figure 12). NOTE: User is only able to select directories in this window
and not files.
Figure 11: Screen of PHP Vulnerability Detection Tool
Figure 12: Choose HTML Directory Dialog
Once the user has selected an HTML Directory, a configuration file must be selected. The user may select the
13. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
13 of 18 12/19/2007 5:14 PM
configuration file for PHP (usually php.ini) by clicking on the "Configuration File" button and then selecting
the file by browsing through the directories (see Figure 13) or by manually typing in the path and file name of
the configuration file. NOTE:
Only a single file can be selected using this method multiple file selections and directory selections are not
allowed. If another configuration file needs to be examined the tool must be run another time with the other
configuration file selected.
Figure 13: Select Configuration File Dialog
4.3.2 Search Rule Settings
One function provided by the tool is to search through each HTML file in a directory and each subdirectory
within the directory selected (in the "HTML Directory" field, see Section 4.3.1). The rules which pertain to
these searches are set in the Search Rule Settings box. This can be accessed via the menu selection Settings
followed by Search Rules. The Search Rules Settings box is shown in Figure 14.
14. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
14 of 18 12/19/2007 5:14 PM
Figure 14: Search Rules Settings Dialog
This dialog contains settings for the vulnerable commands which can be found in the HTML files and also the
HTML file extensions which should be tested for vulnerabilities. The default vulnerable command rules are
"$_GET" and "passthru". These commands pose a potential security threat when used in certain ways. Thus
the tool will search and detect these commands in the HTML files. Commands can be added to the list by
selecting the "Add" button next to the command rules list. When "Add" is selected, a dialog box comes up
which allows the user to enter in the command name for which to search. In order to remove commands from
this list, simply click on the item (or multiple items) in the list and then click the "Remove" button next to the
"Vulnerable Commands List" window.
The lower window of the dialog box shows the "File Extensions to Test" which are the file extensions that the
vulnerability search will investigate for vulnerabilities. The default extensions (which are fairly common) are
".html", ".htm", and ".php". The user can add extensions to this list by clicking the "Add" button next to the
"File Extensions to Test" window. File extensions can be deleted by selecting the appropriate (or multiple) file
extensions that wish to be deleted and then clicking the "Remove" button next to the "File Extensions to Test"
window.
4.3.3 Configuration Rule Settings
Another major function of the tool is to search configuration files for certain settings that would cause a PHP
daemon to be more secure or more vulnerable. To view and/or change these rules, select Settings then
Configuration File Rules... from the menu bar. The Configuration File Rules settings box is shown in Figure
15.
Figure 15: Configuration Rule Settings Dialog
Rules can be defined as required, suggested or disallowed. A rule that is required is a setting which is required
to be present in the configuration file for security reasons and if it is not, a warning will be generated.
Suggested rules are settings that are not absolutely required for security, but by enabling them it will
moderately increase security. If a rule is disallowed, the setting indicated should not be in the configuration
file and a warning will be generated by the tool if it is found in the configuration file.
Items may be added or removed from this list as required. To add a rule to the list, click on the "Add" button.
15. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
15 of 18 12/19/2007 5:14 PM
A dialog will pop up which asks for the rule to search for and then whether it is considered a required,
suggested or disallowed rule. To remove a rule (or rules) from the list, select the rule (or rules) to remove and
click on the "Remove" button.
4.3.4 Searching for Vulnerabilities
Once all of the settings have been made and the HTML directory and configuration file have been set, a scan
for vulnerabilities can be completed. This is completed by clicking the "Check for Vulnerabilities" button in
the main window (see Figure 4-1). A detailed report of progress is given in the "Progress" section of that same
window. Progress indications are grouped into several categories: informational, advisories, and warnings.
The following subsections will describe these message types, give examples of messages and describe what
each message means.
4.3.4.1 Informational Messages
There are several informational messages which indicate progress of the tool to the user. Most of these
messages just report information about what step the tool is currently at in the overall vulnerability check. A
table of messages and their definitions is shown in Table 2.
Table 2: Informational Messages and Corresponding Definitions
4.3.4.2 Advisory Messages
The tool will also inform the user when there is a possible vulnerability found that might require some action.
These types of messages are called advisory messages. What action the user should take or if they should take
action is sometimes dependent on what messages come after it. For instance, if a warning comes after an
advisory message, the advisory message may give useful information about where to find the problem that
corresponds to the warning message. A table of advisory messages and their descriptions is given in Table 3.
Table 3: Advisory Messages and Corresponding Definitions
16. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
16 of 18 12/19/2007 5:14 PM
4.3.4.3 Warning Messages
Messages which indicate a problem that the user needs to address are warning messages. These messages
indicate that either vulnerability in a HTML file has been verified by the tool or that a required setting or
disallowed setting has been found in the configuration file. The user should make changes to the appropriate
files to correct these issues. The list of warning messages and their descriptions can be found in Table 4.
Table 4: Warning Messages and Corresponding Definitions
5. Summary
The combination of the Apache Web Server and PHP scripting language are powerful tools when creating
websites for all types of purposes. Within the PHP scripting language there are powerful constructs for
interfacing with databases, complex file parsing, talking with other services like email and COM, and even
tools to create GUI applications. Just as in real life, with great power comes great responsibility and if web
developers are not careful they can leave their web servers vulnerable to several different types of attacks by
malicious clients. These attacks can range from minor annoyances to bringing the whole system to a standstill.
The worst types of script vulnerabilities are the ones that allow a malicious client to gain access to the web
server by obtaining password hashes or allowing malicious code to be downloaded and executed on the web
server. If the malicious client gains access to enough resources on someone else's web server they can even
launch attacks on other websites. This paper has attempted to give the reader a general knowledge of the PHP
scripting language and the basics behind a popular web servers operation. Using this knowledge, an
investigation of several PHP vulnerabilities was conducted and information was given that web developers can
use to avoid writing PHP scripts that can be exploited. In addition, a simple Java based utility was created by
the authors that checks for basic vulnerabilities in files that constitute a website. These files by default end
with the PHP or HTML extension but other types can be added as well. Likewise, there are some default rules
17. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
17 of 18 12/19/2007 5:14 PM
that are checked and when violated flagged with a predefined severity. Additional rules and associated
severities can be added by the user for other vulnerabilities in PHP, HTML, or other types of scripting
languages as they are discovered. The severities range from suggestions on setup settings to disallowing the
use of certain types of statements in scripts. Future improvements on the tool could include more robust rule
checking logic since the initial version is quite limited on its ability to catch certain types vulnerabilities that
may occur via several layers of code.
6. References
[Achour et al. 2007] Achour, Mehdi, Betz, Friedhelm, Dovgal, Dovgal, Antony, et al., "PHP Manual", Oct.
2007, http://us.php.net/manual/en/index.php/
[Apache Software Foundation 2007] The Apache Software Foundation, "Apache HTTP Server Project
Website", Copyright 2007, http://httpd.apache.org/
[Oglio et al. 2006] Oglio, Pablo Dall, Mattocks, Scott, Narayanan, Anant et al. "PHP-GTK Manual",
Copyright 2001-2006, http://gtk.php.net/manual/en/
[Sklar-Trachtenberg 2006] Sklar, David, Trachtenberg, Adam, "PHP Cookbook 2nd Edition", O'Reilly 2006
[James-Ware 2002] Lee, James, and Ware, Brent, "Open Source Web Development with LAMP: Using Linux,
Apache, MySQL, Perl, and PHP", Addison Wesley Professional 2002
[Dragoi 2006] Dragoi, Octavian Andrei, "The Conceptual Architecture of the Apache Web Server",
Department of Computer Science, University of Waterloo, 2006,
http://www.grad.math.uwaterloo.ca/~oadragoi/CS746G/a1/apache_conceptual_arch.html
[Apache Wikipedia 2007] Anonymous, Wikipedia on Apache Web Server,
http://en.wikipedia.org/wiki/Apache_HTTP_Server
[Wrenholt 2007] Wrenholt, Erik, "Writing Secure PHP Applications", 2007,
http://www.timestretch.com/site/writing_secure_php_apps/
[Clowes 2007] Clowes, Shawn "Exploiting Common Vulnerabilities in PHP Applications", 2007,
http://www.securereality.com.au/studyinscarlet.txt
Download VDT
Select the link below to download the zip file containing the Vulnerability Detection Tool v0.1
Vulnerability Distribution Tool v0.1 (101KB)
List of Acronyms
18. PHP Vulnerabilities in Web Servers http://www.cse.wustl.edu/~jain/cse571-07/ftp/php/
18 of 18 12/19/2007 5:14 PM
DNS - Domain Name Service
DoS - Denial of Service
HTML - HyperText Markup Language
HTTP - HyperText Transfer Protocol
JAR - Java ARchive
JRE - Java Runtime Environment
NCSA - National Center for Supercomputing Applications
OOP - Object Oriented Programming
PHP - PHP Hypertext Preprocessor
PHP/FI - Personal Home Page / Forms Interpreter
PHP - GTK - PHP Hypertext Preprocessor Graphical Tool Kit
STL - Standard Template Library
VDT - Vulnerability Detection Tool
Back to Table of Contents
Last Modified: December 2, 2007