More PHPMore PHP

What we'll coverWhat we'll cover

• A short history of php• Parsing• Variables• Arrays• Operators• Control Structures• Forms• Functions• Accessing the shell• Sockets• Regular Expressions

FormsForms

• Obviously, one of the things you need to handle are forms

• You can make an html only form, and submit that to a php file

• You can also make a single php file that makes the form, and submit that to itself, and on the submit, present a different page, and then after a confirmation present a third page, and so on, and so on….

• We'll talk about both

Simple FormSimple Form

simpleform/simpleform.htmlsimpleform/simpleform.html

<form action="./simpleform.php" method="GET" name="choices"><form action="./simpleform.php" method="GET" name="choices"><p>What is the meaning of life?</p><p>What is the meaning of life?</p><p><textarea rows="1" cols="50" wrap="virtual" <p><textarea rows="1" cols="50" wrap="virtual" name = "answer"></textarea></p>name = "answer"></textarea></p><p>What is your name?</p><p>What is your name?</p><p><textarea rows="1" cols="50" wrap="virtual" <p><textarea rows="1" cols="50" wrap="virtual" name = "name"></textarea></p>name = "name"></textarea></p><p>Where is your car?</p><p>Where is your car?</p><p><textarea rows="1" cols="50" wrap="virtual" <p><textarea rows="1" cols="50" wrap="virtual" name = "car"></textarea></p>name = "car"></textarea></p><p><input type="submit" value="Submit" align="middle" /></p><p><input type="submit" value="Submit" align="middle" /></p></form></form>

Simple Form phpSimple Form php

simpleform/simpleform.phpsimpleform/simpleform.php

<?php<?phpif (count($_GET) < 1) if (count($_GET) < 1) {{ echo "no GETs!";echo "no GETs!"; }}else else {{ echo "Here is the GET array:";echo "Here is the GET array:"; echo "<pre>";echo "<pre>"; print_r($_GET);print_r($_GET); echo "</pre>";echo "</pre>"; }}?>?>

• The php that catches the form reads the GET array

• All this one does is used print_r() to show the results

• Can you think of any advantages or disadvantages to using two separate pages this way?

• What about the first condition? When is it met?

Simple form to itselfSimple form to itself

• To do all of this with one php file, we need a way to detect where we are in the process

• So on first load, we present the form

• On second load, after submitting the form, we process results…

simpleform_self.phpsimpleform_self.php

<?php<?phpif (!$_GET) if (!$_GET) {{ echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"GET\" echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"GET\" name=\"choices\">\n";name=\"choices\">\n"; echo "<p>What is the meaning of life?</p>echo "<p>What is the meaning of life?</p> <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" name = \"answer\"></textarea></p>\n";name = \"answer\"></textarea></p>\n"; echo "<p>What is your name?</p>echo "<p>What is your name?</p>

<p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" name = \"name\"></textarea></p>\n";name = \"name\"></textarea></p>\n";

echo "<p>Where is your car?</p>echo "<p>Where is your car?</p> <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" <p><textarea rows=\"1\" cols=\"50\" wrap=\"virtual\" name = \"car\"></textarea></p>\n";name = \"car\"></textarea></p>\n";

echo '<input type="hidden" value = "111" name = "key_number" />' ;echo '<input type="hidden" value = "111" name = "key_number" />' ; echo '<p><input type="submit" value="Submit" align="middle" /></p>'; echo '<p><input type="submit" value="Submit" align="middle" /></p>'; }}

simpleform_self.phpsimpleform_self.php

else else {{ echo "Here is the GET array:";echo "Here is the GET array:"; echo "<pre>";echo "<pre>"; print_r($_GET);print_r($_GET); echo "</pre>";echo "</pre>"; }}?>?>

</form></form></body></body></html></html>

• When the form is submitted, the url has a GET array

• So it passes past the if statement, and lands on the else, where we process data

• Again, we're just print_r()'ing the results

• There's an error here, can you spot it?

SessionsSessions

• A very useful aspect to php is the ability to maintain session data

• To do this, you create a session, then load it with data

• The session data is stored server side, usually in /etc, and is keyed (but not encrypted), and remains for that url and remote ip

simpleform_self_session.phpsimpleform_self_session.php

• Sessions need to be created before any html headers are sent, so do this at the very top of the page

• Use session_register() to create slots for variables

• After these variables are populated, you can access them via the $_SESSION array

• In this example we'll define a key (randomly generated) and a counter (to track steps)

simpleform_self_session.phpsimpleform_self_session.php

<?php// Start a session, and set a key and a counter// A session is a method of tracking state for a given // browser session, and allows storage of data on the serversession_start(); // create a sessionsession_register('session_key'); // register a session var for a key to // track this session // this is done to help detect reloadssession_register('session_counter'); // session counter is used to // track where we are in // a session?>

// if the session_key is not yet set, generate a random number for the key// and set the session_counter to 0 (this situation indicates that the form// is being loaded for the first time)if (!$_SESSION['session_key']) { $_SESSION['session_key'] = rand(); $_SESSION['counter'] = 0; }

simpleform_self_session.phpsimpleform_self_session.php

• Now, we can check see if the key is set, if not, we're on a first load and we generate a key and set the counter to 0….

// If we don't have key_number, then the user hasn't // If we don't have key_number, then the user hasn't filled in the formfilled in the formif (!$_GET["key_number"]) if (!$_GET["key_number"]) {{ echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"GET\" method=\"GET\" name=\"choices\">\n";name=\"choices\">\n"; echo "<p>What is the meaning of life?</p><p><textarea echo "<p>What is the meaning of life?</p><p><textarea rows=\"1\"rows=\"1\" cols=\"50\" wrap=\"virtual\" name = cols=\"50\" wrap=\"virtual\" name = \"answer\"></textarea></p>\n";\"answer\"></textarea></p>\n"; … … echo '<input type="hidden" value = "' . echo '<input type="hidden" value = "' . $_SESSION['session_key'] . $_SESSION['session_key'] .

'" name = "key_number" />';'" name = "key_number" />'; echo '</form>';echo '</form>'; $_SESSION['counter'] = 1;$_SESSION['counter'] = 1; }}

simpleform_self_session.phpsimpleform_self_session.php

• Then we build the form--note the use of PHP_SELF, and the hidden input….

elseif ($_SESSION['session_key'] == elseif ($_SESSION['session_key'] == $_GET["key_number"] && $_SESSION['counter'] == 1 $_GET["key_number"] && $_SESSION['counter'] == 1 && ($_GET["answer"] && $_GET["name"] && && ($_GET["answer"] && $_GET["name"] && $_GET["car"]))$_GET["car"])) {{ echo "Here is the GET array:";echo "Here is the GET array:"; echo "<pre>";echo "<pre>"; print_r($_GET);print_r($_GET); echo "</pre>";echo "</pre>";

simpleform_self_session.phpsimpleform_self_session.php

• Next, we have an elseif that looks to see that we have the data we need and that there's a key and that counter is set to one

• Then we start by printing the results….

echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"GET\" name=\"choices\">\n";method=\"GET\" name=\"choices\">\n";echo '<input type="hidden" value = "' . echo '<input type="hidden" value = "' . $_SESSION['session_key'] . $_SESSION['session_key'] . '" name = "key_number" />';'" name = "key_number" />';echo '<p>Are these ok?</p>'; echo '<p>Are these ok?</p>'; echo '<input type="radio" value="yes" name = "yes_no" echo '<input type="radio" value="yes" name = "yes_no" />yes />yes <input type="radio" value="no" name = <input type="radio" value="no" name = "yes_no" />no';"yes_no" />no';echo '<p><input type="submit" value="Submit" echo '<p><input type="submit" value="Submit" align="middle" /></p>'; align="middle" /></p>'; echo '</form>'; echo '</form>'; $_SESSION['counter'] = 2;$_SESSION['counter'] = 2; }}

simpleform_self_session.phpsimpleform_self_session.php

• … and then we make a confirmation form and set the counter to 2

• And again we submit the form to itself

// Check again that the session_key matches the // Check again that the session_key matches the key_number, and that we're on step number three, and for key_number, and that we're on step number three, and for "yes""yes"elseif ($_SESSION['session_key'] == $_GET["key_number"] elseif ($_SESSION['session_key'] == $_GET["key_number"] && $_SESSION['counter'] == 2 && $_GET["yes_no"] == "yes")&& $_SESSION['counter'] == 2 && $_GET["yes_no"] == "yes") {{ echo '<p>Cool, everything\'s copacetic.</p>';echo '<p>Cool, everything\'s copacetic.</p>'; // Here you'd do the Good Thing, whatever that is.// Here you'd do the Good Thing, whatever that is. // Destroy the session// Destroy the session session_unset(); session_unset(); session_destroy();session_destroy(); }}

simpleform_self_session.phpsimpleform_self_session.php

• Next, we check for the confirmation and kill the session, if things are good here, we do good things…..

// Check again that the session_key matches the // Check again that the session_key matches the key_number, and that we're on step number three, and for key_number, and that we're on step number three, and for "no""no"elseif ($_SESSION['session_key'] == $_GET["key_number"] elseif ($_SESSION['session_key'] == $_GET["key_number"] && $_SESSION['counter'] == 2 && $_GET["yes_no"] == "no")&& $_SESSION['counter'] == 2 && $_GET["yes_no"] == "no") {{ echo '<p>Oops, sorry, <a echo '<p>Oops, sorry, <a href="./simpleform_self_session.php">href="./simpleform_self_session.php"> try again?</a></p>';try again?</a></p>'; // Here you'd do the Bad Thing, whatever that is // Here you'd do the Bad Thing, whatever that is // Destroy the session// Destroy the session session_unset(); session_unset(); session_destroy();session_destroy(); } }

simpleform_self_session.phpsimpleform_self_session.php

• And we check for badness….

// If no conditions matched, assume something went // If no conditions matched, assume something went wrong and try to copewrong and try to copeelseelse { { echo '<p>I\'m sorry, I found a problem, perhaps echo '<p>I\'m sorry, I found a problem, perhaps you didn\'t fill in all of the boxes. <a you didn\'t fill in all of the boxes. <a href="./simpleform_self_session.php">href="./simpleform_self_session.php"> Continue?</a></p>';Continue?</a></p>'; // Destroy the session// Destroy the session session_unset(); session_unset(); session_destroy();session_destroy(); }}

simpleform_self_session.phpsimpleform_self_session.php

• And a final sanity check• This is not particularly clean, since we're not checking much, and esp. because this is where we land if not all fields are filled in--better ways to deal with this?

User Defined FunctionsUser Defined Functions

• Like javascript, php supports user defined functions

• Declare your functions towards the top of your php file--this is not a requirement, just good practice

• Functions are created when the program is read, and before execution

• Or, build an exterior file with commonly used functions, and give that a version number. Then require that file to reuse your code (see the general functions file in the samples for examples I use)

Passing DataPassing Data

• The simplest way to pass data into a function is through that functions argument list of variable (and arrays are a type of variable)// wrap the variable in pfunction echo_p($wrapped_item) { echo "<p>$wrapped_item</p>"; }

• You can also set default values, but watch placement--defaults to the right please// wrap the variable in h// default to level 2function echo_h($wrapped_item, $level="2") { echo "<h" . $level . ">$wrapped_item</h" . $level. ">\n"; }

12

ScopeScope

• Functions themselves have global scope--functions defined within functions are available everywhere

• Variables assigned or modified inside of a function have their value only within the function

• A variable can be declared global within a function, however, if you want to pass that variable into and out of the function

• Generally, it's better to leave variable scope limited, this makes the function portable….

15

Functions have Global ScopeFunctions have Global Scope

• Unlike variables, functions are global in scope

• But a function doesn't execute until called

• Here, foo() is used to create bar()

• Once foo() is called, bar() exists

• bar() is available outside of foo()

function foo() { function bar() { echo "I don't exist until foo() is called.\n"; } }

/* We can't call bar() yes since it doesn't exist. */

foo();

/* Now we can call bar(), foo()'s processing has made it accessible. */bar();

?> this example is 17.3 from the php manual, up as 14_functions.phpSee also 15_function_scope.php

Functions and Default ValuesFunctions and Default Values

• Defaults must occur to the right

function good_echo_h($wrapped_item, $level="2") { echo "<h" . $level . ">$wrapped_item</h" . $level. ">\n"; }function bad_echo_h($level="2", $wrapped_item) { echo "<h" . $level . ">$wrapped_item</h" . $level. ">\n"; }

good_echo_h("A good heading");good_echo_h("A good heading at level 1", 1);bad_echo_h(2, "A bad heading with level set");bad_echo_h("A bad heading with no level set");

12_function_defaults.php

An Example: Building an FAQAn Example: Building an FAQ

• Core program calls 5 functions, 3 local and 2 external

• 1 Data file and some variables

• This kind of program structure makes understanding a large program much easier…

aformaform

• This is set up in samples and the labs section, both, so you can do the lab to figure this out

• Based on a general survey form I came up with a few years ago

aformaform

• Uses the general_functions file• Data is external in a text file• The code that makes the various types of question in the form is also external

• By keeping data and question types separate, it's easy to use the same program to make different surveys

Leveraging the ShellLeveraging the Shell

Back tick and shell_exec()Back tick and shell_exec()

• Php uses backticks (olde school) and the function shell_exec() to process shell commands (usually through bash)

• Shell commands execute with the environment and rights of the web server

• Opening a shell is not lightweight in terms of ram, so keep in mind it can be expensive

• Very useful if a wheel already exists in your setup (Netcheck is an example)….

04

10_show_source.php10_show_source.php

• I wanted to be able to display source code for the php programs

• There is a function, highlight_file(), that will handle syntax highlighting for a php file

• I could have written the whole thing in php (and that could be a portfolio project), but I already had this file listing shell script….

• This wheel already exists• If the server supports it, files ending in .phps will show highlighted source (this is an apache directive)

• See also http://www.sitepoint.com/article/highlight-source-code-php

SocketsSockets

Theory of SocketsTheory of Sockets

• A socket is a combination of an ip number, a protocol and a port

• Servers listen on a socket, clients will open a connection to that socket

• What gets sent back and forth over the socket connection varies with the protocol

• Generally, when working with a client, you don't specify the local socket you'll use (the os handles that), just the remote socket

An example: Web RequestAn example: Web Request

• This is a socket call to a web server

• $fp represents a "handle" to the socket

• If the handle is created, you have the socket

$fp = fsockopen("www.cs.unc.edu", 80, $errno, $errstr, 30);if (!$fp) { echo "$errstr ($errno)<br />\n";} else { $out = "GET /index.html HTTP/1.1\r\n"; $out .= "Host: www.example.com\r\n"; $out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out); while (!feof($fp)) { echo fgets($fp, 128); } fclose($fp);} 11_webconnection

.php

Sending email with PHPSending email with PHP

• The unix version of PHP includes support for sendmail:mail ( string to, string subject, string message)

• Since windows doesn't support sendmail, the windows build of PHP uses an external smtp server, but uses the same command

• But it doesn't work under OSX by default--OS X uses postfix, and that's off by default

• I could have enabled postfix, but I'm a geek...

Example Protocol: SMTPExample Protocol: SMTP

• By convention, smtp servers listen on ports 25 and 587

• By the rfc, smtp servers communicate in plain text--you can telnet to an smtp server to send email

• Verbs in smtp include helo, mail from, rcpt to, data

• Use "." to end the body of a message (and this is one place where a potential for hacking exists)

An SMTP callAn SMTP callgilgamesh:~ hays$ telnet smtp.unc.edu 25gilgamesh:~ hays$ telnet smtp.unc.edu 25Trying 152.2.1.140...Trying 152.2.1.140...Connected to smtp.unc.edu.Connected to smtp.unc.edu.Escape character is '^]'.Escape character is '^]'.220 smtp.unc.edu ESMTP UNC-Chapel Hill - ITS Email; Tue, 30 Sep 2008 18:56:57 -0400 (EDT)220 smtp.unc.edu ESMTP UNC-Chapel Hill - ITS Email; Tue, 30 Sep 2008 18:56:57 -0400 (EDT)helo gilgameshhelo gilgamesh250 smtp.unc.edu Hello gilgamesh.cs.unc.edu [152.2.131.71], pleased to meet you250 smtp.unc.edu Hello gilgamesh.cs.unc.edu [152.2.131.71], pleased to meet youmail from:hays@cs.unc.edumail from:hays@cs.unc.edu250 2.1.0 hays@cs.unc.edu... Sender ok250 2.1.0 hays@cs.unc.edu... Sender okrcpt to:b@unc.edurcpt to:b@unc.edu250 2.1.5 b@unc.edu... Recipient ok250 2.1.5 b@unc.edu... Recipient okdatadata354 Enter mail, end with "." on a line by itself354 Enter mail, end with "." on a line by itselfSubject: TestSubject: TestTo: b@unc.eduTo: b@unc.eduFrom: hays@cs.unc.eduFrom: hays@cs.unc.eduHowdy, this is a test.Howdy, this is a test...250 2.0.0 m8UMuvtq021026 Message accepted for delivery250 2.0.0 m8UMuvtq021026 Message accepted for deliveryquitquit221 2.0.0 smtp.unc.edu closing connection221 2.0.0 smtp.unc.edu closing connectionConnection closed by foreign host.Connection closed by foreign host.

Bits and piecesBits and pieces

• fsockopen opens a connection, and establishes a point to that connection, with server, port and timeout specifiable

• fwrite (or fputs) and fgets write and read to that connection, feof tests for end of file

$fp = fsockopen("www.example.com", 80, $errno, $errstr, 30);if (!$fp) { echo "$errstr ($errno)<br />\n";} else { $out = "GET / HTTP/1.1\r\n"; $out .= "Host: www.example.com\r\n"; $out .= "Connection: Close\r\n\r\n";

fwrite($fp, $out); while (!feof($fp)) { echo fgets($fp, 128); } fclose($fp);} this from php manual… 16

My version of mail…My version of mail…

• I didn't want to enable a mail server, so I hacked an emailer function that:• Checks the message for some possible hacks

• Checks the MX record of the target domain

• Opens a connection to an smtp server• Writes the message to that connection• Checks the responses for success or failure

The callThe call

• Call this function with a message id, an array that contains the tos, a subject line, the message, the ip of the web server, the smtp server to use, and the port:emailer(rand(10000, 30000), $to_list, "hays@cs.unc.edu", "Test", "test test test", $_SERVER["REMOTE_ADDR"], "smtp.unc.edu", "587");

Sanity ChecksSanity Checks

• Check for the to list to be an array (coercion can occur)

• Check for embedded addresses and periods

if (!is_array($email_to)) { die('Sorry, $email_to must be an array'); } $email_subject = str_replace("."," . ",$email_subject); $email_text = str_replace("."," . ",$email_text); $email_subject = str_replace("@"," AT ",$email_subject); $email_text = str_replace("@"," AT ",$email_text);

Check Email ValidityCheck Email Validity

list($username,$domain) = split("@",$email_from); if (!getmxrr($domain,$mxrecords)) { echo "<p>Error: The email domain for the \"from\" address, $email_from, cannot be verified.</p>"; echo "<p>Mail sent from this address may not be deliverable, and replies may not work!</p>"; } // end of if $y=0; while ($email_to[$y] !='') { list($username,$domain) = split("@",$email_to[$y]); if (!getmxrr($domain,$mxrecords)) { echo "<p>Error: The email domain for the \"to\" address, $email_to[$y] cannot be verified.</p>"; echo "<p>Mail sent to this address may not be deliverable!</p>"; } // end of if $y++; } // end of while

Build MessagesBuild Messages

• This part builds an array, message, that contains elements representing each line of the mail connection we need

• We'll walk this array later to send the mail

$x=0; // Build a helo message, using the php server's IP name $message[$x] = "HELO " . $php_server . "\r\n"; $x++; // Set the from address $message[$x] = "MAIL FROM:<" . $email_from . ">\r\n"; $x++;

Now the from and tosNow the from and tos

$y=0; $message[$x] = "RCPT TO:<" . $email_to[$y] . ">\r\n"; $to_list = $email_to[$y]; $x++; // Now do a loop to set the rest of the recipients. // Pull each address out of the array email_to array // and also add that address to the to_list for

inclusion in the headers $y++; while ($email_to[$y] != '') { $message[$x] = "RCPT TO:<" . $email_to[$y] . ">\r\n";

$to_list = $to_list . ", <" . $email_to[$y] . ">"; $x++; $y++; } // end of while

Start a Data StatementStart a Data Statement

• Start the data statement // Set the Data statement $message[$x] = "DATA\r\n"; $x++;

• But the rest of the data statement is messy, it contains all of the header data you get in an email message--take a deep breath….

Email HeadersEmail HeadersMessage-ID: <11819@152.2.131.71>Date: Thu, 13 Sep 2007 16:20:51 -0400From: hays@cs.unc.eduTo: hays@cs.unc.eduSubject: TestContent-Type: text/plain; charset=us-asciiContent-Transfer-Encoding: 7bitX-Mailer: Php program running from

wwwx.cs.unc.edu/~hays/INLS668/samples/php/functions/test.php

X-SAV-Scan-By: smf-sav v1.4.1 - http://smfs.sf.net/Received-SAV: Pass (fafnir.cs.unc.edu: sender

hays@cs.unc.edupassed Sender Address Verification Testreceiver=fafnir.cs.unc.edu; client-ip=152.2.1.139envelope-from=<hays@cs.unc.edu>; helo=smtp.unc.edu;

X-Scanned-By: MIMEDefang 2.62 on 152.2.129.97X-Scanned-By: MIMEDefang 2.62 on 152.2.129.90

Making Email HeadersMaking Email Headers

$message[$x] = "Message-ID: <" . $email_messageid . "@" . $php_server . ">\r\nDate: " . date(r) . "\r\nFrom: " . $email_from . "\r\nTo: " . $to_list . "\r\nSubject: " . $email_subject . "\r\nContent-Type: text/plain; charset=us-ascii\r\nContent-Transfer-Encoding: 7bit\r\nX-Mailer: Php program running from ". $_SERVER["SERVER_NAME"] . $_SERVER["SCRIPT_NAME"] . "\r\n" . $email_text . "\r\n.\r\n";

$x++; // Build a quit message, this is the last step when it comes to the connection

$message[$x] = "QUIT\r\n";

Making the ConnectionMaking the Connection

$stream = fsockopen($smtp_server, $smtp_port, $errno, $errstr, 30);

// Check for error messages from the socket connection. if (!$stream) { echo "<p>I'm sorry, there appears to be a problem sending email. \n";

echo '<p>Please report this error. <a href="mailto:' . $email_admin . '">' . $email_admin . "</a></p>\n";

echo "<p>Also, this error does not mean that anything else went wrong, it only indicates \n";

echo "that the email message this program was trying to send did not go out successfully. \n";

echo "Anything else you were trying to do likely was not affected by

this error.</p>\n"; } // end of if

Peel off the dataPeel off the data

else { // Since we got a socket, send the mail

$x=0; // reset x for the loop while ($message[$x] != '') { $smtp_response = fgets($stream, 1024); // Check for server responses

sleep(1); fputs($stream, $message[$x]); // Put the message line up to the server

Check the Server ResponsesCheck the Server Responses

if (substr($smtp_response, 0, 1) > '3') { echo "<p>I'm sorry, there appears to be a problem

sending email. \n"; echo "The particular message I received was:</p>\n"; echo "<pre>" . $smtp_response . "</pre>"; // Since there has been a nontransient error, try to

reset and quit gracefully fputs($stream, "RSET"); sleep(1); fputs($stream, "QUIT"); sleep(1); // Set the next message to null // Since email failed we just give up and this exits

the loop for us $message[($x + 1)] = ''; } //end of if

See it in actionSee it in action

• This is in the functions folder

• There are earlier versions for comparison (why upgrade, and what to what for?)

Regular ExpressionsRegular Expressions

Simple regular expressionSimple regular expression// Check for malodorous site callsif (ereg("(//)", $_GET[name])){ //echo "Call to an external site"; $email_messageid = date(U); $email_to[0] = "hays@cs.unc.edu"; $email_subject = 'Intrusion Attempt from frame.php'; $email_text = 'There has been an intrusion attempt originating from ' . $HTTP_SERVER_VARS[REMOTE_ADDR] ; $email_from = "hays@cs.unc.edu"; $php_server = $HTTP_SERVER_VARS[HTTP_HOST]; $smtp_server = "smtp.cs.unc.edu"; $smtp_port = "25"; emailer($email_messageid, $email_to, $email_from, $email_subject, $email_text, $php_server, $smtp_server, $smtp_port); }

Regular Expressions SyntaxRegular Expressions Syntax

• Two major dialects, posix and perl (we're using the former)

• The basic usage is "match a_string a_blob", where the string is what you're looking for and the blob is where it might be

• There are a lot of variants that do search and replace, forward and back, etc., but the basic function in PHP is ereg()

ereg() examplesereg() examples

• ereg("fair", $blob) looks for the string "fair"

• ereg([0-9], $blob) looks for any instance of a digit from 0 to 9

• ereg([cq], $blob) looks for either a c or q (this is the same as "c|q"

• ereg(([0-3])|(fair), $blob) looks for any digit 0-3 or the string "fair" (the | is an or)

ereg and Anchorsereg and Anchors

• ereg((^This), $blob) looks for This at the beginning of $blob

• ereg((This$), $blob) looks for This at the end of $blob

More examplesMore examples

• ereg([7-9].ing, $blob) looks for a 7-9 digit, following by any single character, followed by the string "ing" (the period is a wildcard)

• ereg(rx{4,7}, $blob) looks for an r followed by 4-7 x's (the brackets provide the range on the prior character

• ereg([0-9]{5}s, $blob) looks for 5 digits each in the range of 0-9, followed by an s

15_ereg.php

Escaping ereg CharactersEscaping ereg Characters

• ^.[$()|*+?{\ are special characters for regular expressions, and must be escaped with a backslash

• ereg(\[@@@\], $blob) looks for '[@@@]'

• ereg(",\.\[@@, $blob) looks for '",.[@@'

For the masochistic: Some examples of validation

For the masochistic: Some examples of validation

• http://www.ilovejackdaniels.com/php/email-address-validation/

• http://www.zend.com/codex.php?id=371&single=1

• http://scripts.franciscocharrua.com/verify-email-address.php

Regex infoRegex info

• http://www.tin.org/bin/man.cgi?section=7&topic=regex

• http://analyser.oli.tudelft.nl/regex/index.html.en

• http://weblogtoolscollection.com/regex/regex.php

SourcesSources

• http://www.zend.com/zend/art/intro.php

• http://www.php.net/• http://hotwired.lycos.com/webmonkey/programming/php/index.html