{"id":8368,"date":"2014-07-07T05:01:44","date_gmt":"2014-07-06T19:01:44","guid":{"rendered":"http:\/\/www.rjmprogramming.com.au\/wordpress\/?p=8368"},"modified":"2014-07-07T05:01:44","modified_gmt":"2014-07-06T19:01:44","slug":"php-wheres-wally-test-primer-tutorial","status":"publish","type":"post","link":"https:\/\/www.rjmprogramming.com.au\/ITblog\/php-wheres-wally-test-primer-tutorial\/","title":{"rendered":"PHP Where is Wally Test Primer Tutorial"},"content":{"rendered":"
\"PHP<\/a>

PHP Where's Wally Test Primer Tutorial<\/p><\/div>\n

Today, was going to show you comparisons of PHP[\/HTML] versus Javascript\/Ajax\/HTML versus Javascript\/HTML methodologies to have a password protected report only reported, securely (or not), to interested parties … ie. bits of talk regarding “security” … but today there is no encryption\/decryption talk, and we have decided to just stick to PHP, and later on we may visit some other ideas. Today we extend on the Files Since Primer Tutorial<\/a> as shown below, for inspiration regarding what might be interesting as subject matter to report on. We aim today to show some methods to address the most obvious weakness of not involving server-side PHP nor Ajax techniques, where if the user uses the browser’s View->Page Source they can discover your password fairly easily. It should be noted that we do not claim that somebody won’t crack this method via other means, but we can say that it helps with the View->Page Source level of security.<\/p>\n

So let’s set the scene … we want a report about *.htm* and *.php files that have changed over the last five days on our local Apache MAMP local web server … and we want an email and an alternative means of viewing … why? … because not every Linux web server has mailx<\/i><\/a> installed (as does my local MAMP web server’s laptop).<\/p>\n

Take a look at the (Mac laptop Terminal application Linux Bash environment’s) Korn shell script (that in reality you would not want to place within view of your web server’s directories (ie. the web server viewable directories come off parent described in PHP by $_SERVER[“DOCUMENT_ROOT”]<\/a> so place this file outside these directories) … but we put there for you to take a took at) that you could call todays_list.ksh<\/a> (and you could execute via crontab or interactively via .\/todays_list.ksh (if execute bits set via chmod) or via ksh todays_list.ksh (if not)) which writes out the todaylist.php of below (please note that if you have mailx installed on your web server … see the orange lines on picture above … you may not want to perform any of the PHP or HTML below, because an emailed report will suffice).<\/p>\n

The PHP programming source code you could call todaylist.php<\/a> (produced via todays_list.ksh as above), and hopefully you see that it caters for $_GET[‘pw’] parameter on a web browser’s address bar ( ie. http:\/\/www.rjmprogramming.com.au\/PHP\/Security\/todaylist.php?pw=Where%27s%20Wally<\/a> (a variation of this link could be your Home Page on your favourite browser, to receive information on the report each time you reopen that web browser) ) or via a supervisory HTML file’s form method=’POST’ action=’todaylist.php’ submission scenario (as you see below).<\/p>\n

The HTML supervisory programming source code you could call todaylist.html<\/a> (statically and separately (to the use of the Korn shell script) created by you), and supervising todaylist.php above via the $_POST[‘pw’] form method=’POST’ action=’todaylist.php’ submission scenario.<\/p>\n

So, the bottom line is this … have hinted that “Where’s Wally” is the likely password. Forget the Korn shell (it will be in an invisible place, remember), can you find the words “Where’s Wally” anywhere else within the (first two types of) usage of the software below, either with:<\/p>\n