Nov 06 2012

Generating List of affected file from patch files of Git with PHP

Category: PHP,Programmingksg91 @ 8:44 pm

No doubt, Git is a best thing you can use for managing your code. But sometimes you really put yourself in such a worse situation that you start cursing yourself for using Git. I am working on a fairly large project and been working in teams, I had to switch to another branch because the code base I had was greatly differing from the one on git but I had to work with that source because of some reasons. Being base code not being same as Git’s master, I made a commit and started working on that. I cannot simply merge because there were total 20k+ files with code and almost impractical to go through most of them to resolve the conflicts.  I thought of then applying patch for all the later commits. It started giving me lot’s of conflicts too. The files I worked on were not touched by others so simple thing was to take all the files that I edited and to use them. I am no git expert and quite lazy to find the way to do so.  There can be several nice way to deal with this situation using git only but as I said, I am no git expert. And that is not this post is about.

So I created a simple php script that can read and identify the files that were affected in that commits. I thought to share the code, so this is the post.

As I explained already, I had created serial patch I can read from it the affected files. Being quite short on time, wrote a quick code, which may be improved in efficiency and accuracy.

Here is the script I wrote:

[php]

<!–?<span class="hiddenSpellError" pre=""–>php
$result=”;
for($i=1;$i<89;$i++) {
$fname=glob(‘patch/’.substr("0000".$i,-4)."*");
$entry=$fname[0];

$content = explode(‘diff –‘,file_get_contents($entry));
$content = $content[0];
$re="/([a-zA-Z0-9_]+)(\.php|\.js|\.css)/";
preg_match_all($re,$content,$out, PREG_PATTERN_ORDER);
$out[0]=array_unique($out[0]);
foreach($out[0] as $val){
$result[$val]=true;
}
}
foreach($result as $key=>$val){
echo $key."<br />";
}

?>

[/php]

Explanation

Simple thing to do was to read each patch and look for a filename. I used three extensions to look: .php , .js, .css . I put the folder in a directory and put patches in the subdir patch/

Format for patch file name was a serial number starting from 0001 up to the number of files. I simply generated name myself using glob(). I am sure you will argue why didn’t I simply read the directory. Actually, my initial code cause script to exceed the timeout and I was not sure if it was the number of file or something else. So I thought of controlling the number of files. So was the code like this.

Reason for so long execution time was preg_match_all on a long patch files (couple of them were 20 MB! ). We don’t need to search for the files in changes, only portion containing  the list of files was important so I simply search for file names in that portion by exploding contents to diff — and searching in first array value.

To maintain the unique list, I used file name as index so unnecessary memory space does not get wasted. I believe rest of the part makes sense without any explanation.

Above code was enough and efficient in my case. Let me know what you thing about this.

Tags: , , , , , , ,


Jul 19 2012

Transferring Data Securely on HTTP using PHP

Category: PHP,Tips & Tricksksg91 @ 4:23 pm

Image courtesy of MIT OCW.

Well, I have been working on a WordPress plugin and I required to transfer some data from client’s host to my host. Data is Access Token and Secrets for their Twitter account (Of course, not to store it on my host but to perform their operations on Twitter). Being sensitive data, it was required to transfer them securely over the network, keeping it secure from at MITM attacks. As a option, I can use buy a IP and SSL certificate and transfer it using HTTPS. But, being a free plugin, I really didn’t want to spend money in such things. And only option I was left with was to use HTTP and transferring data encrypted.

For this, client will register to me and avail its access token and secret (not of twitter, but for my site). There were multiple data and instead of encrypting them independently, I decided to make a class named Request which holds all the data to be transferred.  Now this request class is serialized and then that string can be encrypted.

I use following code snippet to encrypt :

[php]
$req=serialize($this->request);
$req=$this->key.$req;
$this->enc_req = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->acc_sec), $req, MCRYPT_MODE_CBC, md5(md5($this->acc_sec))));
[/php]

Here,

[php]$this->key[/php]

is Access key given to user and

[php]$this->acc_sec[/php]

is Access Secret given to the user.
Let’s check example of this encryption:

Object Request:

object(Request)[1]
  private 'tmp_key' => string  '___' (length=16)
  private 'tw_acc_tok' => string'blah' (length=4)
  private 'tw_acc_sec' => string 'blah 1' (length=6)
  public 'tweet' => string 'Tweet' (length=5)

Serialized Object

string

 'O:7:"Request":4:{s:16:"?Request?tmp_key";s:16:"___";s:19:"?Request?tw_acc_tok";s:4:"blah";s:19:"?Request?tw_acc_sec";s:6:"blah 1";s:5:"tweet";s:5:"Tweet";}' (length=168)

Encrypted Object

string

 'NxFivVICmrRzh/fSlvT3jeWrT8pdvWRKPPc9lpEe1g1MoYgvom2/Sg6kqm0sqQ/PeYIeJXCahQSubW78CbHzBfMcIXsBCmAistVq/XvkZUSe5Hb5OWIr1D3AiGb5943BO9E2reUKr0GJYyIS+Lxrh1mTvSdpbcu9twt7qqhay6dU77icqu8jdvDBs7XrBTTxDFNS57Cl8KYSICInrJ30nwT8CqLHZdsA4poAhZm7TeIV7xp+bUmRAF5WXV6QUlKm' (length=256)

 Now, this encrypted data is sent to me using cURL and Access Key and encrypted text is send along with it.

On my end, I have access token and secret stored in my database, so I will decrypt the request using the access secret that I have stored in my database with the requesting access token. Following code will help me to recover original Request object:

[php]
&nbsp;
<pre>
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
$so=substr($decrypted,strlen($this->key)+1);
$this->request=unserialize($so);

[/php]

I have used Access Key as a salt. Of course, it’s not the only thing I am going to use to achieve higher security. But I believe, this will be enough to give you an idea of how we can achieve a certain level of security. I am not quite sure how secure this method is, but surely enough for my application.

Please feel free to post your views and comments on this. Hoping, this helped. 🙂

Tags: , , , ,


Feb 25 2012

How to Track Your WordPress Plugin’s users?

Category: PHP,Programming,WordPressksg91 @ 7:59 pm

Let me clear this straight, this post isn’t about to create WordPress plugin, but how to track your plugin users (blogs).

I have recently published my first plugin on WordPress’ repository at http://wordpress.org/extend/plugins/tweet-my-post/ and I felt really happy to see the downloads. However, what I was missing was, who are using my plugin. I am not sure if tracking the plugin users prohibited or not by WordPress but I am just tracking the url of blogs, that uses my plugin.

Let’s get back to the point – how to track our plugin’s users. This is a simple thing, but main thing is, this should strike your mind. I am posting this for those who haven’t thought (or not able make this happen). Useful also if you’re planning to make one too.

Plugin has a plugin_activation and plugin_deactivation hook, that means, you can register your functions that are executed every time, your plugin is activated and deactivated.

You need to add following code in your plugin file:
As I mentioned earlier, I have added log_operation($op) in the functions that are called while activation and deactivation. $op is operation, either activate or deactivate. Use  appropriate operation in functions. Then whenever plugin is activated or deactivated, log_operation will be called. That function will create a cURL session and post the data of blog url and activation status to the page on our server. Now, what you need to do is to put following code in a page, let’s call it service.php, which is hosted at your server. What it will do is, add the status in our database. You need to put link to this page in above code as a value of $url variable.  
The code is relatively simple to understand so I’m not explaining it at all. Just replace the database name and user details with yours. You will now need the database. Use following table:

Well, you are not ready to see, who are using your plugin. You can look into your database table and enjoy! 😀

If you’re lazy to open PhpMyAdmin and browse the database, simply make a file which fetches the data and display it. 😉

I have not added this in my initial release of plugin, so I can only track the users who are using it after Tweet My Post 1.0. Actually, I should be able to track old users too, because WordPress first deactivate plugin, update it and the reactivate it, so I should have the data of old users who have update the plugin but WordPress doesn’t execute activation and deactivation hook while updating plugin. I’m not sure if this is a bug or intentional, but I can’t know my old users unless they deactivate and reactivate the plugin.

Anyways, if you have any problem or query, please let me know in comments below or ping me  @ksg91 on Twitter. 🙂

Tags: , , , ,