Category Archives: PHP

SSL termination on load-balanced wordpress

Previously I wrote a post explaining how to do SSL termination with Ha-proxy. It seemed to be working fine, but it was giving me problems about mixed content when loading my blog.

What was happening was that my blog was being served on https://ncona.com, but all the JS, CSS and links where being returned in http. This actually makes a lot of sense because the load balancer is requesting content using http and then forwarding this content to the browser.

Once the problem is understood, the solution is just a matter of finding out how to tell wordpress to render https content when Ha-proxy receives an https request. A way to do this is by sending a header to wordpress when the request came on port 443. We can do this in haproxy.cfg:

1
2
3
4
5
6
7
frontend https-in
        bind *:443 ssl crt /certs/ncona.pem
        reqadd X-Forwarded-Proto:\ https

        acl ncona-web-frontend hdr(host) -i ncona.com www.ncona.com

        use_backend ncona-web if ncona-web-frontend

The reqadd instruction will add a header to the request being sent to the backend. Now we can inspect for this header in wp-config.php:

1
2
3
4
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
  $_SERVER['HTTPS'] = 'on';
  $_SERVER['SERVER_PORT'] = 443;
}

This solved the problem and I can finally serve my blog with https.

Mixins functionality in PHP 5.4 – Traits

PHP 5.4 introduced a technique called traits. This technique aims to provide code re-usability functionality similar to mixins in other programming languages. The most common use case is to reuse methods among different classes.

Here is an example of the syntax;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
trait someMath
{
    function add($a, $b)
    {
        return $a + $b;
    }

    function multiply($a, $b)
    {
        return $a * $b;
    }
}

class Calculator
{
    use someMath;
}

$cal = new Calculator();
echo $cal->add(4, 6); // echoes 10

As you can see traits syntax is very similar to the syntax to create a class. We just need to change the keyword class for trait. Then we can apply the trait inside a class using the use keyword.

Read more »

Zend Framework Authorization

Authorization is the process of specifying access to resources to different users based on defined roles. Zend Framework provides Zend_Acl to define and enforce an Access Control List (ACL).

Resources

In Zend Framework context resources are usually actions you want to control access to. Zend provides the Zend_Acl_Resource class to create resources. Each resource should have a unique ID to identify it.

1
new Zend_Acl_Resource('resourceId');

Then you can add the resource to Zend_Acl using Zend_Acl::add:

1
Zend_Acl::add(new Zend_Acl_Resource('resourceId'));

Read more »

Creating your own PHPCS standard

PHPCS is a great tool to help you make sure the correct coding style is being followed within a project. The problem is that some times the build in standards don’t cover all your needs so it is necessary to build custom rules. I will walk through the process I followed to create my own coding standard based on the build-in Zend standard.

Creating your work environment

In Ubuntu all PHPCS standards are stored in /usr/share/php/PHP/CodeSniffer/Standards/. There is a folder for each standard named after the standard name. I will call my standard Soonick, so I will create a folder with that name.

Read more »

Zend Framework Authentication

Authentication is the process of confirming that a person is who they say they are. In software the most common method of authentication is the use of a password that only the person knows.

Zend_Auth

Zend framework provides Zend_Auth as an interface to authenticate a user against different back-ends (Database, LDAP, etc…). Since all adapters that use Zend_Auth share the same interface you can use any of them with almost no changes in the code.

Authentication is sometimes confused with authorization (the process of verifying if a person has access to a resource), and although they do different things they are related because you have to know the identity of the user before you can check if they have permission to a resource.

Read more »

Profiling PHP applications with Xdebug

Xdebug is a great tool for debugging our PHP code, but another thing it does very well is help us find bottlenecks in our applications. For instructions on installing xDebug you can see my article Debugging PHP code with xDebug.

Enabling the profiler

We can tell xDebug to profile our code by adding this in our php.ini file:

1
2
xdebug.profiler_enable = 1
xdebug.profiler_output_dir = '/path/to/folder/'

xdebug.profiler_output_dir is the folder where xDebug will dump the profile information. Make sure this folder is writable by apache or you won’t see any file generated in that folder.

Read more »

PHP Warning: date(): It is not safe to rely on the system’s timezone settings…

When you get this error the only thing you need to do is add a line similar to this one to your php.ini file:

1
date.timezone = "America/Mexico_City"

You can get a list of the supported timezones on this URL: http://php.net/manual/en/timezones.php. The error should go away after you restart apache.

For Linux systems there are some times two php.ini files, one for apache and one for CLI. Make sure you add the line to both files.

Making an object’s protected and private members public using reflection

This is a very special scenario and you may never want to really do this, but I found myself in the necessity of changing the visibility of an object’s methods an attributes at runtime so I could access them directly.

To do this I had to use reflection and magic methods in a magic way. Since we can’t just plug methods to an object in PHP, I had to create a class with already defined magic methods that would allow me to access the protected and private members of an object using reflection.

This is the class I created with an explanation of what it does:

Read more »

Debugging PHP code with xDebug

Xdebug is a PHP extension which provides debugging, tracing and profiling capabilities.

Installing xDebug in an Ubuntu based distribution is very easy using apt-get:

1
sudo apt-get install php5-xdebug

Just by installing xDebug you will get two very basic but useful rewards: Pretty var_dumps and pretty error messages.

Read more »

Fatal error: Uncaught exception ‘Zend_Controller_Dispatcher_Exception’ with message ‘Invalid controller specified (error)’

By default Zend Framework has a front controller plugin that tries to send all exceptions and errors to a controller named ErrorController. If that controller is not found you will get this error.

The Zend Documentation explains how to make a simple error handler:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
class ErrorController extends Zend_Controller_Action
{
    public function errorAction()
    {
        $errors = $this->_getParam('error_handler');
        $exception = $errors->exception;
        $log = new Zend_Log(
            new Zend_Log_Writer_Stream(
                '/tmp/applicationException.log'
            )
        );
        $log->debug($exception->getMessage() . "\n" .
                $exception->getTraceAsString());
    }
}

Read more »