Inofficial FreeBSD port for Zend Optimizer Plus

Posted by: gdelmatto  :  Category: FreeBSD, PHP

2017-03-12: A US-based company claims that their trademark is infringed by mentioning the terms “(Zend) Optimizer+ / (Zend) Optimizer Plus” on this page. In context of my writings, the use of these terms are clearly related to the well-known open source software by Rogue Wave Software (formerly Zend Technologies), as released in 2013.

While the contents of this page has become somewhat obsolete, as Zend Optimizer+/Opcache has since been integrated into the PHP programming language itself, the content is left here for reference purposes.

Again: I make it absolutely clear that this content exists as a documentation only in the scope if IT terminology and  a well-known open source software product Zend Optimizer (former trademark).

The use of the term specifically relates to the original product name, including file name references. As a reference, the original commit to the source is linked here.

“Zend Optimizer+” has been rebranded to “Zend Opcache” in the meantime.

While just in the process of doing web-server freshup on FreeBSD, I was caught by the good news that Zend Technologies have released their Zend opcode caching engine as open source.

Now it’s called Zend Optimizer+ and hosted over there at github.

As far as I have seen, it did not yet popup as a buildable port on FreeBSD’s ports tree, but that can only take little time for today.
So I quickly made up my own port which you can download here.

To build it, simply download and extract the file to /usr/ports/devel:

cd /usr/ports/devel
fetch -o- | tar -xzpvf -

Then “make install” as usual:

cd /usr/ports/devel/ZendOptimizerPlus
make install

Afterwards, running “php -i” (or phpinfo from a web-accessible script file) should denote it runs “with Zend Optimizer+ 7.0.0-dev”.

Done 🙂

Working around WordPress’ wpdb limitations with MySQL User Variables

Posted by: gdelmatto  :  Category: PHP, Programming

Think about retrieving a data set from MySQL, where you need to add distinct, auto-incremented ID to each row retrieved. Sounds easy?

Well, the ID has to be generated on-the-fly and out of nowhere. Still easy?

One might think about using MySQL user variables to accomplish this, sure. But what if your framework does not allow injecting chained queries because of SQL injection countermeasures?
Read more…

Run command in background from PHP

Posted by: gdelmatto  :  Category: PHP, Programming

While working on my newest project, a PHP- and AJAX-based network management application, I came along the need to run multiple commands on the server and track their return states (basically if they were run successful or not).

While sticking together my framework, I found that forking a process into background from PHP requires some additional steps if you don’t want to break AJAX functionality.
Read more…

Fixing “Cannot find autoconf” error while building PHP extension from a FreeBSD port

Posted by: gdelmatto  :  Category: FreeBSD, Operating Systems, PHP

Today I had to add the PHP ‘bcmath’ extension to my FreeBSD host.
Actually, that’s a fairly easy one-liner:

[root@localhost ~]# cd /usr/ports/math/php5-bcmath && make clean install

However, I ended up with a crude error message:

Cannot find autoconf. Please check your autoconf installation and the
$PHP_AUTOCONF environment variable. Then, rerun this script.

Bummer! So let’s see how to fix this.
Read more…

Obfuscated PHP code in WordPress Themes or PHP scripts may be a security hole!

Posted by: admin  :  Category: PHP, Programming, Security

Gosh, some things really shouldn’t be done!
One thing for example is that stupid attitude to “scramble” PHP code by nesting it a zillion times using eval(), gz_deflate(), base64_encode() and str_rot13.
You find this in some “freely” available PHP scripts and some WordPress Themes as well. Actually nobody seems to care, that this may be well worth considering as a huge security hole!
Read more…

De-Scrambler for obfuscated PHP code

Posted by: admin  :  Category: PHP, Programming, Scripting, Security

Thinking about security risks of obfuscated PHP code found in some freely available PHP scripts and WordPress themes, I wrote a quick’n’dirty De-Scrambler.
Read more…