copyright 2009 justin c. klein keane php code auditing session 1 – php foundations justin c. klein...
Post on 21-Dec-2015
223 views
TRANSCRIPT
Copyright 2009 Justin C. Klein Keane
PHP Code Auditing
Session 1 – PHP FoundationsJustin C. Klein Keane
Copyright 2009 Justin C. Klein Keane
Overview
Purpose of these sessions Gage PHP competency Assignments Length of the course
Copyright 2009 Justin C. Klein Keane
What is PHP?
Dynamic scripting language Written in C
Served by a web server (Apache) CLI Current version is PHP 5 http://php.net
Copyright 2009 Justin C. Klein Keane
Commercial Support
Zend (http://www.zend.com) Produces Zend Studio IDE Also produces debuggers, enterprise servers,
etc. Founded by some of the chief PHP
developers
Copyright 2009 Justin C. Klein Keane
Developing PHP
Access to a web server that supports PHP Eclipse using PHP Development Tools (PDT)
Bundle from http://www.eclipse.org/pdt Nice to have Remote System Exporer (RSE)
installed as well http://www.eclipse.org/dsdp/tm/
Best source of documentation is http://php.net
Copyright 2009 Justin C. Klein Keane
PHP Basics
PHP is plain text When a URL is requested Apache parses the
text file and interprets any PHP Apache must be able to read the file Apache interprets the file every time
.php is the common extension but any is possible
Copyright 2009 Justin C. Klein Keane
Structure of PHP
PHP is delimited with:
<?php
?> Any material between the delimiters is
interpreted Text outside of the delimiters is treated as static
Copyright 2009 Justin C. Klein Keane
Simple 'Hello world'
<?php
echo “Hello world”;
?>
Copyright 2009 Justin C. Klein Keane
Web friendly 'Hello world'
<html>
<body>
<?php
echo “Hello world”;
?>
</body>
</html>
Copyright 2009 Justin C. Klein Keane
Apache renders as:
<html>
<body>
Hello world
</body>
</html>
Copyright 2009 Justin C. Klein Keane
PHP Syntax - Comments
// One line comment
/*Multiline comment
*/
# Acceptable but discouraged one line comment
Copyright 2009 Justin C. Klein Keane
PHP Syntax Basics - Variables
Variables are denoted with the $ sign Variables names must be alphanumeric or
undersign PHP variables are case sensitive
Copyright 2009 Justin C. Klein Keane
PHP Variables
Variables are not statically typed Integers can become floats can become strings Variable types include:
Boolean
Integer
Float
String
Array
Object
Resource
NULL
Copyright 2009 Justin C. Klein Keane
Operators
Arithmetic operators +, -, *, /, %
String operators .
Assignment operators =, .=, +=, -=, *=, /=
Copyright 2009 Justin C. Klein Keane
Operators (cont.)
Comparison operators ==, ===, !=, <>, !==, <, >, <=, >=
Increment, decrement operators ++, -- (pre and post)
Logical operators !, &&, ||, and, or, xor
Copyright 2009 Justin C. Klein Keane
Strings
Strings are delimited by quotes Different behavior depending on single or
double quote Example strings:
$a = 'foo'; $b = “$a bar”; $c = $a . $b
Copyright 2009 Justin C. Klein Keane
Arrays
$array = array();$array = ('one', 'two', 'three');$array[0] = 'new one';
$assoc_array = ('one'=>'uno', 'two'=>'dos');$assoc_array['one'] = 'uno nuevo';
Copyright 2009 Justin C. Klein Keane
Control Structures
If Else Elseif and else if
Copyright 2009 Justin C. Klein Keane
If Else Statement
if ($a < $b) {print “$a is less than $b”;
}else {
print “$b is less than $a”;}
Can you spot the logic flaw above?
Copyright 2009 Justin C. Klein Keane
If Else Statement (alt)
if ($a < $b)echo “$a is less than $b”;
else if ($a == $b) echo “$a is equal to $b”;
else echo “$b is less than $a”;
Copyright 2009 Justin C. Klein Keane
Ternary Statement
$result = ($a < $b) ? 'a is less' : 'a is not less';
Copyright 2009 Justin C. Klein Keane
While loops
$a = 1;while ($a < 10) {
echo $a . “<br/>”;$a++;
}
Copyright 2009 Justin C. Klein Keane
Do While Loops
$a = 0;do {
echo $a;$a++;
} while ($a < 10);
Copyright 2009 Justin C. Klein Keane
For loop
for ($a=0; $a<10; $a++) {echo $a . “<br/>”;
}
Copyright 2009 Justin C. Klein Keane
Break Control
for ($a=0; $a<10; $a++) {if ($a == 5) break;echo $a;
}
Copyright 2009 Justin C. Klein Keane
Continue (skip)
for ($a=0; $a<10; $a++) {if ($a==5) continue;print $a;
}
Copyright 2009 Justin C. Klein Keane
Switch
switch ($a) {case 0:
echo 'a is zero';break;
case 1:echo 'a is one';break;
default:echo 'a is something else';
}
Copyright 2009 Justin C. Klein Keane
Functions
function foo() {return “bar”;
}
echo foo();
Copyright 2009 Justin C. Klein Keane
Functions (cont.)
function foo($a='bar') {$a .= “ something”;return $a;
}
$retval = foo('foo');
Copyright 2009 Justin C. Klein Keane
Classes
class Foo {$name;__construct($name) {
$this->name = $name;}
}
$myvar = new Foo('foobar');echo $myvar->name;
Copyright 2009 Justin C. Klein Keane
Classes (cont.)
class Foo {$var = 'bar';function getVar() {
$var = 'inner_var';return $var;
}}
$a = new Foo();$b = $a->getVar();
Copyright 2009 Justin C. Klein Keane
Building PHP with Includes
<?phpinclude('inc/foo.php');require('inc/bar.php');$a = new Foo();echo $a->somevar;
?>
Copyright 2009 Justin C. Klein Keane
Some Useful Built-in Functions for Debugging
die(“message”);
echo “<!-- here -->”;
print_r($variable);
echo phpinfo();
Copyright 2009 Justin C. Klein Keane
For Next Time
1) Install Eclipse PDT
2) Install the RSE extensions
3) Download the VMWare image for development
4) Connect to the VMWare image web root at: /var/www/html
5) Create a new default page with your name and the PHP configuration information