Author Archive

PHP, Suhosin and POST data

January 9th, 2012 1 comment

Last week one of my clients reported an issue showing some notices spilled by the application on their development and QA servers. After some regular debugging process, we noticed that the application is not receiving the complete POST data.

Solution was simple, open php.ini, check and increase the value for post_max_size. BANG!!! No change (ofcourse apache was restarted after change in ini). Some more time was spent debugging various things. Even the stupidest thing like whether browser is sending full data to server was also checked. But nothing helped. We again started scanning phpinfo for some help when suddenly we noticed that the servers were having Suhosin patch installed and active (suhosin.ini was a part of additional .ini files).

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.


We started scanning phpinfo for Suhosin specific settings … EUREKA … we found the following –

suhosin.request.max_vars = 200 = 200


Suhosin controls the number of variables that can be passed to a PHP script no matter what you set for post size in php.ini. The default value of this setting is 200 which means your PHP script will only see the first 200 values in $_POST array. All other data is silently truncated. We got this value increased to the one we needed for our script and everything was back to normal.

I spent quite a long time in finding and solving this issue and thus decided to quickly blog about this. Hope this tip will help someone save their quality time.

P.S.: Suhosin has lot of other configurations that may affect your scripts in some way. So, if you get into such a situation where everything looks normal in php.ini, look for Suhosin and its settings. You may find the solution to your problem just like I did.

Tags: , ,

Multipart posting with Apache Benchmark

March 21st, 2011 5 comments

Last week I wanted to load test an upload functionality created for one of the projects. The testing team was busy with other stuff so I decided to do it on my own. Being a hardcore programmer and someone who has never used any of the regular testing tools (read M$ Window$ based tools) I had the only option of using Apache Benchmark on my Ubuntu 10.10

Since I had already used ab (the Apache Benchmark command name), I was pretty confident that within few minutes I will be done. But multipart form posting wasn’t as straightforward as I had thought. My initial assumption was to provide a file path to -p option of ab and it would handle the stuff required for multipart posting. Unfortunately that wasn’t the case. I realized that I had to provide a file name but it should contain the complete information about the data to be posted. In other words, I had to manage the boundary required for multipart posting.

After some research and this small but important tip, I managed to prepare the POST data in the required format along with the correct Content-type required by Apache Benchmark. The final command looked like

ab -n 10 -c 2 -C PHPSESSID=rk53j7gsrmaiuc3gvo86ipltr1 -p /var/www/post_data.txt -T "multipart/form-data; boundary=1234567890"

Following is the breakdown of options provided to the command –

I provided the cookie information (option -C ) along with the command since my upload script checks for authentication.
-p allows me to provide a file name which contains the complete information about the data to be POSTed along with multipart boundaries.
-T is for Content-type header. This is where I also tell ab about the boundary in my POST data along with the standard multipart/form-data content type.
And then finally the URL of where all the data has to be posted.

The contents of the post_data.txt file are

Content-Disposition: form-data; name="ID"

Content-Disposition: form-data; name="videofile"; filename="ab1_pod.avi"
Content-Type: video/x-msvideo

[base64 encoded file content here]

Remember that the format of the file should be exactly the same (your boundary label can be different than mine though). Even if you miss a single new line or add an extra new line somewhere then you won’t get the expected results.

Finally to base64 encode the file to be posted, you can simply use PHP code as follows and paste the content in the above placeholder.

echo base64_encode(file_get_contents('/home/aditya/Videos/my_video.avi'));

That’s it. Happy testing.
As always, comments and suggestions are most welcome.

gnuNify 2010 – My Experience

March 17th, 2010 9 comments

Well, lot of my speaker friends have written about their experience in just concluded gnuNify 2010. You can read about them here, here, here and here as well. More or less I also share the same views. So I will follow the DRY principle in this case.

I am writing this post just for the records that I attended gnuNify 2010 as a speaker and delivered sessions on two very important topics in web development.

Abbas and me took some photos of the event in our free time. I have uploaded them on Flick. Do check them. And feel free to tag yourself if you find your pretty face 😉 somewhere in any of the photos.

Finally, a big thanks to Mr. Harshad Gune and his whole team at SICSR for organizing such a nice event. It was great to be there with you all. See you all at gnuNify 2011 🙂

Speaking at gnuNify 2010

February 14th, 2010 2 comments

19 & 20 Feb, 2010

I will be speaking at gnuNify 2010, which is an annual gathering of techies in Pune. This will be my second conference in as many months in Pune. The first one was PHPCamp.

I had submitted two CFPs this time and both of them got selected. Both the topics are related to my core field of work, PHP. Following is the brief description of what I will be speaking on –

Writing Secure applications in PHP

This is an effort to make PHP developers aware of some common security issues in web applications and ways to avoid those issues by writing secure code.

Scheduled on: 20 Feb. 2010, 10 am – 11 am, Room: 707

Profiling PHP apps with XHProf

Here I will talking about a profiling tool for PHP applications, XHProf.  It will cover installation, usage, viewing and understanding reports, etc.

Scheduled on: 20 Feb. 2010, 3 pm – 4 pm, Room 406

There will be lot of other interesting talks/workshops. Here is the complete list of sessions you can expect in gnuNify 2010. Visit their site to register yourself as a delegate to attend these sessions.

In case if you have not heard of gnuNify before, gnuNify is –

organized by the students of the SICSR in association with the Pune GNU/Linux Users Group (PLUG) to provide a platform for exchange of ideas and knowledge among the industry professionals, students and academia.

CakePHP workshop at Nagpur PHP Meetup

December 16th, 2009 6 comments

The 6th Nagpur PHP Meetup was concluded on December 5, 2009. This time it was more practical oriented and thus the format was changed to a workshop rather than just casual discussions or presentations.

Most of the companies working on PHP in Nagpur are still sticking to the old fashioned PHP programming where PHP and HTML are mixed together or are at the most using templating system like Smarty to separate their view logic.

CakePHP Logo

Abbas Ali from SANIsoft Technologies, through his workshop titled “Starting with CakePHP Framework”, introduced CakePHP, the most popular PHP framework, to the developers in Nagpur. He started with an interactive session on the need of MVC in programming, separation of business logic and view logic, etc. and then moved on to explain the same in relation to CakePHP.

The actual demonstration then began by showing how to download the framework from CakePHP website and setting it up in webroot. Since the workshop was about getting started with CakePHP, Abbas chose the ‘Hello World’ of frameworks, The Blog Tutorial. The tutorial started with creation of database and tables needed for it. Here, Cake’s Convention over Configuration was discussed in detail. Abbas explained how naming of database table names and columns can make wonders to your application and then proved it by showing the real working example.

Workshop then progressed with creation of models, controllers and views to add/edit/index the blog posts. Abbas along with Amit Badkas were giving their valuable inputs wherever needed while coding for the above functionality. The basic CRUD functionality was completed in nearly one and half hours and with just under 30 lines of code in the controller. Everyone present at the workshop was impressed with the time required and the amount of code that has to be written to make the whole functionality work.

After the workshop was over, as expected, there was lots of questions regarding components, helpers and various other things which generally everyone writes on their own. The magic of CakePHP had worked and everyone was thinking about most of the things getting done automagically for them. Thankfully, Cake had answers for every question that was thrown to us and we were able to satisfy everyone.

Finally, there were some concerns raised about the security and speed of CakePHP framework but then it is up-to the developer to use the framework wisely, keep profiling the code, using caching wherever possible. Using all these things together can ensure the best end result which will make everyone happy.

As always, we discussed about the next meetup which will be on Saturday, January 9, 2010. It was decided that all the future presentations should be more technical where someone won’t just talk about something but also show how to make use of it by writting actual code. And we are now waiting for Nagpurians to come forward and show their programming skills to everyone.

If you are interested in attending the meetup, drop me a mail with your contact details on aditya @ this domain. And don’t forget to follow me on Twitter for updates on meetup.

Nagpur PHP Meetup – Report – August 2009

August 8th, 2009 4 comments

The second PHP meetup in as many months was held today, 8th August 2009. Unlike last meetup where mostly freshers attended it, this time was saw only experienced PHP programmers in city for the meetup. Reason – the topic of meetup. It was to discuss the security issues faced by developers while writing commercial as well as opensource programs.

The meetup started with my seminar on this topic where I tried to cover the basic problems, general programming flaws which leads to various security vulnerabilities. The major topics covered where –

  • Input validation
  • Cross Site Scripting, i.e.,  XSS
  • SQL Injection and
  • Session Fixation

The seminar was followed by some useful tips from Dr. Tarique Sani on how to write the secure code. He pointed out that code security should be implemented from the point you begin the project. It shouldn’t come as an afterthought as it becomes impossible to make your application 100% secure at a later stage.

We also discussed some community building exercises to get more PHP developers from Nagpur for the meetup. Everyone at the meetup agreed to bring with them atleast two more PHP programmers for the next meetup who are either their colleagues or their friends working in other companies in Nagpur.

The agenda for next meetup was also fixed. We will be targeting the newbie crowd who atleast knows what is PHP and will guide them on How and Why do PHP. Also, those who will bring their laptops/netbooks/PC’s at the meetup, we will help them install and run PHP on their setup.

Finally, a big news – We have booked the venue, Jog House, for every second Saturday for next 12 months (except November and December when it will be on first Saturday).

I hope all my friends working on PHP in Nagpur will see this post and start attending the future meetups.


View/Download the presentation from Slideshare.


Tags: , , ,

Changing default browser in Kubuntu

August 6th, 2009 6 comments

Yes, I am writing a blog post for a task that sounds very simple to achieve – just with a click of a button. But this is not true, atleast  with Kubuntu 9.04. If  you are coming to this post through search engine then you have already gone through this pain. If not, give it a try 😉

Surprisingly, the browser’s functionality of setting it as default doesn’t work in Kubuntu. At the same time, changing it manually from System Settings -> Default Applications doesn’t seem to work either.

To set one of your browser as default browser, you have to run the command

$ sudo update-alternatives --config x-www-browser

You will see the list of browsers currently available in your system and then you will enter the number for the browser you want to set as default. My console with 3 browsers was something like follows

$ sudo update-alternatives --config x-www-browser

There are 3 alternatives which provide `x-www-browser'.

Selection    Alternative
+        1    /usr/bin/konqueror
2    /usr/bin/firefox-3.0
*         3    /usr/bin/google-chrome

Press enter to keep the default[*], or type selection number:

That is it. Enter the number for the browser you like and hit ENTER. You have your browser set as default.

Coppermine 1.5 – Call for testers

July 28th, 2009 3 comments

The Coppermine team has taken a first major step for CPG 1.5 by releasing the alpha version few days ago. This release is strictly for testers  and general users cannot download it. Also, note that CPG 1.5 is not yet ready for deploying on production sites. You should only set it up on your local testbeds or development site with limited public access.

If you are a seasoned Coppermine user and/or interested in testing big web applications and want to help us in testing the new release, then go through cpg1.5.1 alpha: how to become a tester and see whether you fit the job. If so, do let us know with your short bio and how you can help us.

Non-testers – don’t feel bad. We will soon have something for you as well. 🙂

Zend Certified Engineer

July 24th, 2009 27 comments

Yes! Today I cleared the Zend PHP 5 Certification Examination and now I am one of those few Zend Certified PHP Professionals in India.

Get your PHP Certification here!


Nagpur PHP Meetup – Overview

July 11th, 2009 4 comments

The first ever PHP meetup in Nagpur was conducted today, 11 July, 2009. Around 31 people attended the meetup with variety of backgrounds and experience.

Team at PHP Meetup

Team at PHP Meetup

There were freshers, starters, experienced and highly experienced professionals who shared their views. Few PHP trainers in the city also turned up for the meetup in a bid to understand the industry requirements which is a very welcome sign for the PHP community in Nagpur.

The meetup started with introduction from everyone followed by Dr. Tarique Sani’s encouraging speech on Opensource for the new community members. He stressed the need of giving back something to the Opensource community which has given us the hugely popular LAMP platform.

Since it was the first meetup, there was no fix agenda for it and so everyone was given a freehand to ask their questions, share their experience, etc. As usual, the freshers were interested in knowing the career opportunity in PHP and the current position of PHP in the market.

But the real stuff came in from the PHP developers. The main concern shown by everyone was the Security in web applications. We were very pleased to see the people talking about SQL injection and cross site scripting (XSS) which nobody bothered about an year ago. A lot of discussion happened on these topics and we finally decided that this needs a special attention.

So, the next meetup, which will be on the 2nd Saturday of next month (8 August 2009), will have a special session on Security in web applications where we will demonstrate the SQL injection and XSS and possible ways to avoid them. And fortunately, I was chosen for this job of giving the first talk of this meetup.

Finally, it was also decided to start a new mailing list for Nagpur PHP  community members to help eachother.

Everyone then posed for a group photo which you can see above and went home happily 🙂

I take this opportunity to thank everyone who attended this meetup and made it a successful event. We are also thankful to the two leading English daily’s in Nagpur, The Hitwada and Time of India for publishing the information about this meetup. We got lot of enquiries through them.

Keep watching this blog for more information on the meetup or follow me on Twitter for updates on meetup.

Tags: , ,