Coding And Scripting Faq

GovernmentSecurity.org > General GSO > Open Topic

Vort3x

Sep 4 2004, 01:40 PM

Source: http://forums.invisionpower.com/index.php?...9&mode=threaded

What programming language should I learn?
That depends on what kind of programming you want to do:

Client-side (windows applications, linux applications)
The easiest language to learn if you want to do client-side programming is probably Visual Basic or Delphi. Some argue Visual Basic is for newbies only, and they might be right. Software like Word and Windows are written in C and C++ which are a lot harder to learn. If you want to write applications which run on any platform (Windows, Macintosh, Linux) Java is the best language to learn.

Server-side programming (forums, guestbooks, content managing systems)
If you want to write a guestbook, newsscript or content managing software you'll need to learn a language that runs on your webhost. Traditionally the most used is Perl, a language that is becoming more and more popular today is PHP, merely because it's incredibly easy to learn and comes with a large set of functions which makes programming easier. And of course there's VBScript if you want to code using Microsoft's ASP.
If you intend to do programming for big businesses or sites generating major traffic you might want to look into more scalable solutions such as JSP, Servlets or Coldfusion.

General purpose (both client- and server-side)
If you want to learn one language that can do both server and clientside programming you have a couple of options. Most suitable are Perl and Java. But of course running C programs through CGI is possible so you could learn C too.
What's the difference between CGI and Perl?
People tend to confuse CGI and Perl. Now what exactly is CGI and what exactly is Perl? They're completely different things and technically they have nothing to do with eachother. CGI (Common Gateway Interface) is a protocol which allows interaction between webserver and programs on the server. It's most commonly used to forward perl script output to your webbrowser. So here's how it works. You, using your browser send a request to the webserver to run some kind of perl script. The webserver therefor runs perl to execute the script, waits until it's done, then sends the output back to the browser. That's all, nothing more nothing less. So CGI is the protocol, Perl is the programming language.
What's mod_perl, mod_gzip and mod_php?
Apache, the most used webserver on the internet, allows you to write plugins or MODules. Two of them are mod_perl and mod_php, but another well known one is mod_gzip.

mod_perl
mod_perl integrates Perl into Apache. That means scripts no longer run through CGI but are handled by the webserver itself. That also means perl does not have to be started each time someone requests a perlscript generated page. Making the server respond a lot faster. mod_perl also allows kinds of caching, persistent database connections and a few things more. Not many hosts have mod_perl installed because not just any perl script runs using it. There are a couple of things the coder has to take into account, and not many did.

mod_php
mod_php is the module that integrates PHP into Apache. Nearly all hosts supporting PHP have this one installed. It works just the same as the CGI version does. It also allows persisitent database connections (and if they compiled using the shared memory directive you can use shared memory, ie caching too, though not many did).

mod_gzip
For many, many years, browsers have been able to unzip gzipped html pages. Though no site really took that opportunity to make sites faster and consume less bandwidth. If you have mod_gzip installed you can easily take advantage of gzip compression. Which as I said will send your html pages to the user in a compressed (smaller) format.
Which one is faster, PHP or Perl?
People tend to confuse the way these scripts are being run and the speed of the compiler itself. Their compilers and interpreters are nearly as fast, there's no noticable difference. The main bottleneck that seems to make Perl slower is that it is being run through CGI most of the time, and if we're talking about PHP, we nearly always mean PHP as an Apache module. To tease the PHP advocates: Since mod_perl allows more optimization you probably could write way faster perl scripts than php scripts

Where can I learn language X?
Since there are always people who don't know the God of all search engines Google, here's a list of tutorials/interesting sites for each of the major programming languages:

PHP
PHP Manual Still unbeatable, not just the best reference for PHP there is, but also contains a nice starters tutorial
PHP Builder Has a lot of interesting PHP articles
Devshed PHP Has some nice tutorials

Perl
Perl Contains a lot of articles
Perldoc A very nice reference
Devshed Perl Perl tutorials
Perl tutorial Said to be good
CGI.pm tutorial
Perl with DBs
A pretty good DBI (DataBase Interface) tutorial
Python
Python.org Contains articles and tutorials
Devshed Python Python tutorials
Introductory Material on Python
The official python tutorial (written by Guido van Rossum himself).
Dive into python an advanced tutorial (as the name indicates) for people with programming experience.
python.faqts frequently asked questions
Global Module Index don't code python without it
Python quick reference needs a little updating
The Vaults of Parnassus Python Resources
Python library reference
The python cookbook
The "daily" python url if you want to know what's happening
Python performance tips
More python links
Java
Java Tutorials Learn the Java Basics
Devshed Java Java tutorials
JavaWorld The best source for all kinds of Java articles

Regular Expressions
Nice (perl)regex tutorial
Perl regex examples

General
Tutorialsearch
I'm looking for a script that can do X
Before you ask, make sure you first checked out the following script archives:

CGI ResourceIndex
PHP ResourceIndex
HotScripts
Perl archive
Google (just search

)
Which editor should I use?

HTML
1st page 2000

PHP
Check out one of these topics: click click click click click click
Phpide (now registrations required)
PHP edit (registraton required)
KPHPDevelop (Linux)
Zend Studio Personal

Perl
DZ Soft Perl Editor (commercial)
(commercial)
Optiperl (commercial)
Perl Code Editor (free)
Xemacs + Cperl-Mode (especially in the Cygwin version for Windows and the native version for Linux a great editor - yes it can do other things to)

Multi-purpose
EditPlus (commercial)
Synedit
Xemacs
Vim
Jedit (java based and many plugins)
Context
Ed for Windows (commercial)
Ultraedit (commercial)
Textpad (commercial)
EditPad Pro (commercial)
BBEdit (lite version is free)
Omnipad written by Josh (and he forced me to put it here, honestly

)

and not to forget
Notepad - (bundled with Windows)

How to test my scripts locally?
A excelent guide on installing the Apache web server locally can be found here: Apache Win32 Install Guide. Or this exelent one, or this one, if you want to setup PHP on IIS, check this tutorial out. Bundles that do this automatically for you:
Easy PHP
Firepages
Foxserv
AppServ

Where can I learn regular expressions
Check these sites out:
http://www.webreference.com/programming/php/regexps/
http://www.phpbuilder.com/columns/dario19990616.php3
http://www.devarticles.com/art/1/106

What's the difference between Javascript and Java?
Well actually, they have nothing to do with eachother. The new name of Javascript is ecmascript which is a better name, though rarely used. The syntax of Javascript and Java look a bit the same, they're both object oriented. The difference is that typically you use javascript for simple client side scripts that you put into your html pages for validating forms etc. Java can be used for many purposes. It can do client side applications (word processors, editors, administration software etc.), server side processing (JSP, servlets) and you can create so called applets with it (small applications being run on a website, client side).
-----------------------------------------------------------------------------------------------

Installation Guide for Apache / PHP / Mysql / Perl

This is just the basic installation for Windows with pre-compiled binaries.

Disclaimer: I am not responsible for any damage this guide could cause to your pc. I successively installed the packages and wrote down how to set
them up correctly. I got it working but I cannot guarantee that it will run and work for you as well.
If you have further questions PM or email me csobetzko@gmx.de

1.) Downloading all the needed packages

Apache
Download: http://httpd.apache.org/dist/httpd/binaries/win32/
Current Version is 1.3.22

Perl
Download: http://www.activestate.com/Product....ivePerl
(select the version for your OS)

PHP
Download http://www.php.net/
Current Version 4.1.0

Mysql
Download: http://www.mysql.com/downloads/mysql-3.23.html
2.) Installing
Apache and ActivePerl come as a msi installer file so installing should be
easy.

When asked during the Apache installation for Network Domain, Server Name,
email use the following settings:

Network domain: something.com
Server Name: 127.0.0.1 (this is a MUST)
email: you@somedomain.com

Mysql is a zip file and needs to be extracted to a temporary folder. Then run setup.exe and follow the instructions.
3.) Configuring

PHP
Go to the folder where you have installed PHP.
There should be a file named php.ini-dist
Copy it to the your windows directory and rename it to php.ini
(See the file install.txt for installation instructions for Win 98 / 2000)

Now edit the file php.ini with an editor of your choice:

Goto the section Language Options and check if there is line that reads
engine = On

Goto the section Paths and Directories
--------

Change the include path to where your include are located for example:
include_path = ".;x:\folder\with\includes;X:\Apache\htdocs"

The "." means the current directory.
You can add more directories but separate each directory with a ";"

Change the doc_root to something like this
doc_root = "X:\apache\htdocs"
This should point to the path where you installed Apache server

Change the extension dir to
extension_dir = "X:\php\extensions"

Setting up the settings to use sessions
Around line 670 find

session.save_path = /tmp

change this to

session.save_path = X:\directory

The path is the typical dos path with no escaped slashes.

That should be enough to have a standard PHP installation running.

Apache
After you have successfully installed Apache go to the folder in which you installed Apache. Then change to the folder conf and edit the file
httpd.conf with an editor of your choice.
I will mention the most important lines. I have already installed apache and change it a bit so i cannot give exact line numbers. sorry

ServerRoot "X:/Apache"
This should point to the directory where Apache.exe is located.

Under Section 2:
ServerName 127.0.0.1
This should be the same for everyone.

DocumentRoot "X:/Apache/htdocs"
This is the folder where for example your PHP files are located.

<Directory "X:/Apache/htdocs">
Should be set to the same directory as DocumentRoot.

ScriptAlias /cgi-bin/ "X:/Apache/cgi-bin/"
The main cgi-folder.
Note: This has nothing to do with the first line of every perl
script.

Setting up Apache to parse PHP files
First of all, you need to have PHP installed.
Then add under the section AddType:

ScriptAlias /php/ "X:/folder/to/php"
AddType application/x-httpd-php .php
Action application/x-httpd-php "/php/php.exe"
AddType application/x-httpd-php-source .phps

And to use cgi and shtml files uncomment the lines that should be located a bit below the addtype thing:

before
#AddHandler cgi-script .cgi

#
# To use server-parsed HTML files
#
#AddType text/html .shtml
#AddHandler server-parsed .shtml

after
AddHandler cgi-script .cgi

#
# To use server-parsed HTML files
#
AddType text/html .shtml
AddHandler server-parsed .shtml

This should be enough to have a basic Apache Server with PHP and Perl support running.
Try out by running the link "Start Apache in Console".
If you see a window with a dos icon that reads "Apache/1.3.22 (Win32) running ..." then you have successfully installed Apache.

Now let's try to get our first php script running.

Open an editor of your choice

CODE

<?php phpinfo(); ?>

Save this file as info.php in your X:\Apache\htdocs folder and then open a browser and insert
following URL:
http://localhost/info.php

If you don't get an error message and see PHP Version 4.1.0 at the very top you have succesfully installed both Apache and PHP.

Mysql
After mysql has been successfully installed there should be some kind of traffic light in the systray.
Mysql should ask you after the installation process to enter a username and a password. Choose whatever you like.
(If you accidently forgot your password go to your win directory and delete the file my.ini.)
After you entered the required information you should see a green light on the traffic light.

Now let's try to run mysql.
Change to the folder x:\mysql\bin and run mysql.exe
You should see something like this: mysql>

CODE

USE test;
CREATE TABLE ibtest (id INT NOT NULL AUTO_INCREMENT, Name CHAR(20), PRIMARY KEY(id));

You should get this message: Query OK, 0 rows affected (0.XX sec)

Afterwards delete the table

CODE

DROP TABLE ibtest;

You should get again this message: Query OK, 0 rows affected (0.XX sec)

Now we have successfully installed Apache, PHP, MySQL.

------------------------

Note This section is not yet complete (feel free to add)

Perl
Now that we have installed Apache, we also want it to parse our perl scripts.
The most important point is the first line of each perl script.
The typical unix line reads something like this "#!/usr/bin/perl"
In order to get cgi scripts running under windows you have to change this line to where your Perl distribustion is located.
Assuming that Perl is installed under d:\ide\Perl you would use:

#!d:/Ide/Perl/Perl

The second "Perl" is the perl binary Perl.exe.

-----------------------------------------------------------------------------------------------
I want to learn programming language X, which book should I buy?

Perl
- Programming Perl (Very good book, especially if you got some programming experience)
- Learning Perl (Very good if you got no programming experience)
- Perl Cookbook

PHP
- PHP Cookbook
- Beginning PHP4 (Wrox Press)
- Professional PHP Programming (Wrox Press)

[/quote]

-----------------------------------------------------------------------------------------------
How do I use Cookies in Perl?
This little perl script covers the cookie basics. I know (for experience) that they're a pain for newbies, so, this should help.

CODE

#!/usr/bin/perl
use CGI::Carp "fatalsToBrowser"; use CGI;
$thisprog = "cookies.cgi";
$q = new CGI;
$act = $q->param('action');
if($act eq "setcookies") {
$user = $q->param('user');
$pass = $q->param('pass');
$cookie1 = $q->cookie(-name=>'user', -value=>$user, -expires=>'+24h');
$cookie2 = $q->cookie(-name=>'pass', -value=>$pass, -expires=>'+24h');
print $q->header(-cookie=>[$cookie1,$cookie2]);
print qq~ Cookies Set! ~;
}
elsif($act eq "viewcookies") {
print "Content-type: text/html\n\n";
$user = $q->cookie('user');
$pass = $q->cookie('pass');
if($user && $pass) {
print qq~ User: $user && Pass: $pass ~;
} else {
print qq~ No cookies set ~;
}
} else {
print "Content-type: text/html\n\n";
print qq~
<form action="$thisprog" method="POST">
User: <input type="text" name="user"><br>
Pass: <input type="text" name="pass"><br>
<input type="hidden" name="action" value="setcookies">
<input type="submit" value="Set Cookies">
</form>
<p>
<center><a href="$thisprog?action=viewcookies">View Cookies</a></center>
~;
}

-----------------------------------------------------------------------------------------------

What's SSI and how does it work?
First, a helpful link about SSI setup and directives:
http://hoohoo.ncsa.uiuc.edu/docs/tutorials/includes.html

Before bookmarking/visiting that link, please read this message entirely.

What follows is a brief tutorial to help beginners work with SSI and iB, with a few tricks to enable it without necessarily consulting your web host or provider. This is general information only, and others feel free to chime in. It is written for novices so the language is very plain.

What is SSI?

SSI refers to "Server Side Includes". This is defined as the process of a web server being able to recognize embedded SSI directives within any HTML file and processing them in real time which then changes the output to the browser.

SSI directives are translated on the fly.

The act of a server recognizing an embedded SSI directive in your HTML is called parsing. Parsing is done by the server, not the end user browser such as Javascript, for example. This means all end users visiting your forum will see the same output.

SSI is not enabled, by default, on all servers. Enabling SSI is traditionally the job of your ISP or web host, since it involves editing important configuration files (httpd.conf and similar) on your web server. This is advanced, critical stuff and should never be done by anyone unfamiliar with the process.

How can you tell if SSI is enabled, easily?

1) Create a simple HTML file named test.shtml (notice the ".shtml" extension at the end) - something like a "Hello World!", nothing complicated.

2) Include a valid SSI statement anywhere in your test.shtml file.

Examples of valid SSI directives:

CODE

or

The 2nd example is very useful simply to test to see if SSI works on your server if you're not sure about your iB configuration. It will display the local system date/time.

IMPORTANT:
You may have noticed that the SSI directives resemble HTML comments. If you do not have SSI enabled and the directives are valid, your web server thinks they are comments and simply ignores them.

If the output includes "[an error occurred while processing this directive]" then that means you have SSI working just fine on your server, but the directive has a syntax error or an invalid path to a file on your server. Errors like this are good, in a sense, you know your server is at least parsing your HTML for SSI directives, although unsuccessfully. Do not ask your host or ISP to "fix" SSI when you see these type of messages, instead fix your directives in your HTML source.

If you view your test.shtml and nothing special happens (meaning no errors, and apparently the SSI directives were treated as comments and ignored) then try the following:

1) Double check your SSI directive syntax
2) Double check you used .shtml file extension

Then try this...

3) Create a text file called ".htaccess" that looks like this (if one already exists, back it up first, then insert these lines at the very top):

CODE

Options Indexes FollowSymLinks Includes
AddType text/x-server-parsed-html .shtml

4) Upload .htaccess, as ascii, to the base directory where your cgi-bin lives (not inside cgi-bin, but the directory that contains it, one level up). If you can't access that, put it in your public_html or similar directory which has test.shtml.

What you are doing is an old trick that works on Apache and other common web server platforms. It allows SSI processing of all .shtml files, meaning if any SSI directives live in files ending with .shtml, they (and only they) will be processed. If you put an SSI directive in index.html it won't work because the extension is not .shtml.

WARNING:
You could add in additional lines into your .htaccess such as:

CODE

AddType text/x-server-parsed-html .html AddType text/x-server-parsed-html .htm

... but this puts alot more load on your server because you're telling it to examine not only .shtml files, but also any .html and .htm which are alot of files. Even if those files do NOT contain SSI directives, your server takes the time to look for them. That slows things down. So although it works, and you may not have to change filenames, it's not suggested. It's better to rename any .html or .htm files to be .shtml if you add SSI directives into them. Plus it tells you (a human being) that this file contains SSI directives. the "s" in .shtml refers to SSI capable HTML files. Very organized and sensible way to maintain your server.

If you still cannot SSI directives to process after the .htaccess method, remove it or restore the original one in your server and you have no choice but to check your server configuration files. Contact your web host or ISP at that stage if you don't know how.

So what is happening when you add in the first directive I listed in the example above? Here is the process:

1) The user visits your web page (i.e. test.shtml)
2) Your server begins to process the request
3) Your server realizes the filename ends in .shtml so it looks for any SSI directives embeded in the file
4) It finds it and checks for syntax errors, reports "[an error occurred while processing this directive]" or similar only if the SSI directive is not correct or the path/filename is wrong
6) If no error, it accesses the file ="/iB_html/non-cgi/ssi/last_posted.txt" on your server and automatically inserts the output of that file directly into the output
7) The end user views the output in their browser, now with the text found within last_posted.txt from your server.

Pretty neat, huh?

What's really going on is the SSI directive is replaced, in exact position, but the data the SSI directive is asking the server to retreive. If the user views the source, they will not see the SSI directive, they'll only see the data generated by that directive. The server "replaced" the directive with that data, including it there. A "server side include". See?

A couple of programming tips and rules/caveats:

* An SSI directive can be embedded within any position inside of the body tags
* You can add as many as you want, but the more you add, the slower the processing of that web page (more server work)
* It's common practive to do all font/color/size attributes prior to the SSI directive so you can control the look of your web page without editing other external files

Example:

CODE

<font size="2" face="Arial" color="black">
The current date/time is: <font color="blue">

</font></font>

The above example displays the the local date and time with the first portion of the text in black and the actual date/time in blue. I simply embedded the SSI directive right in the middle of the HTML. Remember the directive is replaced by the actual date/time in that exact position.

Finally, a little information about SSI and iB specifically:

Now that you know how it all works, give credit to iB authors for allowing us to easily modify the output text via the Admin CP for any SSI tasks.

Go to "Templates" -> "Edit SSI/Email Templates" -> "Server Side Includes (SSI)" -> "Edit This Template"

What you're doing in the next screen is telling iB what filenames and data to use when events happen on your forum. The iB software literally creates those filenames in your "/iB_html/non-cgi/ssi/" directory. You then can access those files via your SSI directives in your .shtml file you created.

I hope you found this document easy to understand, and remember - always backup first before making changes and if you're not sure, ask a professional.

If you want more information on setup or SSI directives and variables available to you, visit the link I included at the very top of this document. It's boring reading, technical in nature, and somewhat difficult to navigate, but... it rates very high on the "this is way cool" meter!

Some of you by now may have realized you could use SSI to display files inside other files, and even create a "template" based web site. The possibilities are endless.

One more thing... you don't NEED SSI on your iB forum, this is all 100% optional and really is for stats reporting via an external customized .shtml file you create, or within iB. Other people have already posted tips on using SSI within the actual iB forum screens, please review those other threads first before responding here.

Thanks for browsing this long message and if you find any mistakes or wish to add comments, please do so. I'm not trying to show up, just trying to help some newbies out there. I know I appreciate the help I get, so this is the least I can do.

Sunz

Sep 4 2004, 02:21 PM

Great Faq man, I'm gonna be busy reading for a couple of hours

ComSec

Sep 4 2004, 02:58 PM

excellent post Vort3x..... making it a sticky

spot on

Tyrano

Sep 6 2004, 07:05 AM

http://forums.invisionpower.com/index.php?...9&mode=threaded
http://216.239.41.104/search?q=cache:3v247...mments%22&hl=en

ripped from those sources...

Faceless Master

Sep 6 2004, 09:46 AM

QUOTE (Tyrano @ Sep 6 2004, 07:05 AM)

http://forums.invisionpower.com/index.php?...9&mode=threaded
http://216.239.41.104/search?q=cache:3v247...mments%22&hl=en

ripped from those sources...

Ah..
Atleast the guy has a heart to share cool stuff with others..
~Regards
FM

Terminal

Sep 6 2004, 09:58 AM

Yeah no matter u take from somewhere else but next time maybe u can put
source :link

Thanks for sharing .

Vort3x

Sep 6 2004, 04:36 PM

Yes thats where they are from! Thanks for the links I will add them right away. I had this saved into a HTML doc. For my own personal reference and I was cleaning stuff off and found this. From awhile ago, it just sat there.

Tyrano

Sep 6 2004, 06:59 PM

yeah sorry didnt mean to come off as a dick, just trying to put credit where credit is due. good find though ;D

Vort3x

Sep 6 2004, 07:02 PM

Absoloutley! No wrong done. Credit should be given and should have, I have corrected it. I just always had this saved and did not remember where it came from but I posted it anyway.

Vortex

d4ve

Nov 16 2004, 12:47 AM

what about w*w.apachefriends.org

just install it and use php, perl, mysql

for testing purpose an great allinone progy

greetz
d4ve

belgther

Feb 1 2005, 04:57 PM

but assembler must be ok, i guess...
because exploits can be found easily when having assembler & reversing knowledge... i mean for closed source programs, since it's not always needed by open-source programs at all.
btw, must visual basic and delphi be avoided at all costs?

ajax

Jun 19 2005, 07:25 PM

thanks

vnet576

Jun 19 2005, 08:48 PM

warned and 10 day posting disabled. Should give you time to brush up on the rules.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.