On perlmonks today, a user was needing to maintain a PHP app, and wanted to know what the PHP equivalent of perl -wc script.pl was — specifically, they wanted to know how to run a PHP script from the commandline and have it display any warnings (ala perl's strict and warnings pragmas).

Unfortunately, there's not as simple a way to do this in PHP as in perl. Basically, you need to do the following:

• To display errors:

  • In your php.ini file, set display_errors = On, or
  • In your script, add the line ini_set('display_errors', true);

• To show notices, warnings, errors, deprecation notices:

  • In your php.ini file, set error_reporting = E_ALL | E_STRICT, or
  • In your script, add the line error_reporting(E_ALL | E_STRICT);

Alternatively, you can create a file with the lines:

<?php
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', true);

and then set the php.ini setting auto_prepend_file to the path to that file.

NOTE: do not do any of the above on a production system! PHP's error messages often reveal a lot about your applications, including file layout and potential vectors of attack. Turn display_errors off on production machines, set your error_reporting somewhat lower, and log_errors to a file so you can keep track of what's going on on your production system.

The second part of the question was how to run a PHP script on the command line. This is incredibly simple: php myscript.php. No different than any other scripting language.

You can get some good information by using some of the switches, though. -l turns the PHP interpreter into a linter, and can let you know if your code is well-formed (which doesn't necessarily preclude runtime or parse errors). -f will run the script through the parser, which can give you even more information. I typically bind these actions to keys in vim so I can check my work as I go.

If you plan on running your code solely on the commandline, add a shebang to the first line of your script: #!/path/to/php. Then make the script executable, and you're good to go. This is handy for cronjobs, or batch processing scripts.

All of this information is readily available in the PHP manual, and the commandline options are always available by passing the --help switch to the PHP executable. So, start testing your scripts already!

Today, I have released two versions of Cgiapp into the wild, Cgiapp 1.8.0 and Cgiapp2 2.0.0rc1.

Cgiapp 1.8.0 is a performance release. I did a complete code audit of the class, and did a number of changes to improve performance and fix some previously erratic behaviours. Additionally, I tested under both PHP4 and PHP5 to make sure that behaviour is the same in both environments.

However, Cgiapp 1.8.0 markes the last feature release of Cgiapp. I am deprecating the branch in favor of Cgiapp2.

Cgiapp2 is a PHP5-only version of Cgiapp. Some of the changes:

• Cgiapp2 is an abstract class, with the abstract method setup(). Now it is truly non-instantiable!
• Cgiapp2 makes extensive use of visibility operators. Key methods have been marked final, some methods are now protected, others static. See the changelog for more information.
• Cgiapp2 is now E_STRICT compliant.
• Cgiapp2 implements the CGI::Application 4.x series callback hook system. This is basically an observer pattern, allowing developers to register callbacks that execute at different locations in the runtime.
• Cgiapp2 adds some extensive error and exception handling classes, including observable errors and exceptions.
• I created a template interface. If implemented, a template engine can be plugged into the architecture at will — at the superclass, application class, and instance script level, allowing developers to mix-and-match template engines or choose whichever matches their taste, without having to rewrite application code. Three template plugins are included:
  • Smarty
  • Savant2
  • Savant3

Cgiapp and Cgiapp2 are available at Sourceforge.

Keep reading for more information on the evolution of Cgiapp2.

I wrote earlier of my experiences using Windows XP, a move I've considered somewhat unfortunate but necessary. I've added a couple more tools to my toolbox since that have made the environment even better.

I was able to roll a long-needed (and by some, long awaited) bugfix release of Cgiapp this morning. Cgiapp 1.7.1 corrects the following issues:

• Cgiapp5::run() was corrected to call query() instead of cgiapp_get_query() (which caused a fatal error)
• Cgiapp::__call() and Cgiapp5::__call() now report the name of the method called in errors when unable to find matching actions for that method.

As usual, downloads are available on my site as well as via SourceForge.

Update: The link on my site for downloading Cgiapp has been broken; I've now fixed it.

I ran across an article on "How to build a simple caching system, with PHP" on PHPit today. Overall, it's a fairly decent article, and uses some good principles (using the output buffer to capture content, using a callback to grab the captured content). There are a few minor improvements I'd make, however.

Mike and I have just finished our talk on "Setting Up PHP". The number of attendees was N + 1, where N is the number of speakers… which was to be expected, as we were presenting opposite a session on web services, Shiflett's PHP Security talk, and a crash course on the ZCE. However, it's undoubtedly the best presentation missed by attendees. :-)

You can grab our presentation online.

I flew in to San Jose today to visit Zend, and later attend the Zend/PHP Conference and Expo (two days left… register now if you haven't, and have the time to attend; the conference sessions promise to be very interesting).

During the flight, I had plenty of time to go through Ilia's Guide to PHP Security, which I'd ordered several weeks ago, but hadn't had time to read since.

Around the time I was hired by Zend, I was asked, along with Mike Naberezny, to fill in for a tutorial session entitled 'Setting up PHP' for the upcoming Zend/PHP Conference and Expo. The basic premise of the session is to give a step-by-step tutorial on how to setup and configure PHP for various scenarios, such as development, testing, and production.

Mike and I have been working in parallel developing ideas and outlines for the session, and I'm fairly excited to have the opportunity. However, if you're attending the conference and, in particular, this session, I'd love to hear any input you might have — any tricks you'd love to learn, configuration settings you don't understand, use cases you might need. Leave a comment!

Life is in transition for me now. Two weeks ago, we got to bring our handsome baby boy home, and I haven't been sleeping much since (though more than Jen). On top of the sleep deprivation, however, comes more exciting news: I've been hired as a PHP Developer by Zend Technologies!

I was approached by Daniel Kushner in late July regarding another position at Zend, and was flown out at the beginning of August. While I felt the interview went well, I harbored some doubts; work got fairly busy shortly thereafter, and then, of course, Liam was born, and the interview went completely out of my head. Until about three days after Liam's birthday, when Daniel contacted me again about the PHP Developer position.

Work started yesterday, and I was flown to Zend's offices in Cupertino, CA, for orientation and to sit down with both Daniel and others to prepare for the projects on which I will be working. Thankfully, the job will not require that I move, and I will be working out of the 'home office' in Vermont when I return later this week.

The decision to leave NGA was difficult, but the opportunity to work with Zend is just too good to miss. I am honored to be selected by them, and hope this is the beginning of many good things to come.

I've been cobbling together a system at work for the last couple months to allow a single place for changing all network passwords. This includes a variety of database sources, as well as passwd files and smbpasswd files. I've been making use of PEAR's File_Passwd and File_SMBPasswd, and they've greatly simplified the task of updating passwords for those types of systems. However, I've encountered some issues that I never would have expected.

I have the web user in a group called 'samba', and I have the smbpasswd file owned by root:samba. I then set the smbpasswd file to be group +rw. Simple, right? The web user should then be able to update the smbpasswd file without a problem, right? Wrong.

I kept getting errors, and on investigation continually found that the smbpasswd file permissions had reverted to 0600 — i.e., only the root user could access it. I tried using 'chattr -i' on the off-chance that the file had been made immutable (which didn't make sense, as I was able to see the permissions change). No luck.

Based on observations of when the permissions reverted, it appears that the various SMB processes will reset the permissions! An example is when someone attempts to mount a resource from the server; this accesses the smbpasswd file to perform authentication — and at this point the file permissions change. I can find no documentation to support this; these are simply my observations.

So, to get around the behaviour, I created a script that will set the file permissions to what I want them, and then gave sudo privileges to the samba group for that script. This script is then called via system() in the update script just before processing.

It's a hack, and could be made more secure, but it works.