PHP Russia 2020

Posted by: Admin  :  Category: Php

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony news & announcements

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

phpMyAdmin 4.9.4 and 5.0.1 are released

Posted by: Admin  :  Category: Phpmyadmin

The phpMyAdmin team announces the release of versions 4.9.4 and 5.0.1.

As a reminder, version 4.x is in the LTS phase, where only security fixes and critical bug fixes are made. Users are suggested to migrate to version 5.

These releases address two issues, a problem with two-factor authentication that was introduced with the last releases, and a fix for an SQL injection vulnerability that was reported by CSW Research Labs This vulnerability is assigned PMASA-2020-1 and requires that the attacker have logged in through a valid MySQL account.

Known issue: the reported current release version may display incorrectly on the main page (for instance, “Version information: 5.0.1, latest stable version: 4.9.4”). This is expected to be fixed in the next routine bug fix release.

Downloads are available at

Happy new year,
the phpMyAdmin team

phpMyAdmin news

A Web based system to push your SVN code through development, staging and production environments

Posted by: Admin  :  Category: Web Hosting

Note the files in this post are now on GitHub

Hello there!

In development, having a seamlessly integrated process where you can propagate your code through whatever QA, testing and development policy you have is invaluable and a definite time saver.

We work with SVN as well as GIT code repository systems and have developed a web based system to “Export” or “Push” the code through development, staging and production environments as such.

I have already talked about sanitizing your code during the commit process, to ensure commit messages are standard and there are no PHP fatal errors, so now I will be showcasing you a simple web based system for propagating your code through development, staging and production servers.

This system should be on a secure web accessible page on each server. For the sake of argument , I’ll call each server the following : — development server — staging server — production server

We will be using PHP for the web based interface, and we will assume that you will be password protecting access to this page via htpasswd, as well as forcing SSL. I am also assuming that within your SVN repository, you have multiple “sites” that you will be individually pushing or exporting (svn export). Once you have the secure, password protected page (lets call it , the following PHP page will be the main index :


 "Site A",
"url" => "",
"path" => "/usr/local/www/",
"source" => "svn://",
"login" => "svnlogin",
"base" => "1.00",
"notes" => "Standard build for Site A"

"name" => "Site B",
"url" => "",
"path" => "/usr/local/www/",
"source" => "svn://",
"login" => "svnlogin",
"base" => "1.00",
"notes" => "Standard build for Site B"


        SVN Update Page


View Development Export Log

$ value) { ?>
Site Source UN/PW Base Revision Export Pending Updates Notes

If you carefully look at the above code, you will see that this page will be dependent on 3 external scripts, which I will describe below. The page itself generates a list of whatever sites you want to include in the push process, within a PHP based Array. The array details important info per site such as the name, svn location, location of the files on the server as well as whatever other notes and additional info you want to provide.

Each time a site is “exported” by clicking the export button, it calls an external script called svnupdate_process.php. This executes the SVN EXPORT command, as well as logging which user requested the action into a simple text based log file. The user is determined by the authentication user that is accessing the page. The htpassword credentials you will be providing to your users should be set per-user so that it can be easier to determine who pushed the code and whatnot.

The other two external scripts are one that will view the log file in an iframe on the same page, as well as a script to extrapolate the pending commits that are in the queue since the LAST code push / svn export. That is really useful, as you can imagine.

Script to view the export log

This script, log.php is used to dump the contents of the log.txt export log file. Very simple



Development Export Log:
display(); ?>

Simple, right? The log.php code includes a file, used for writing and reading the log.txt file. The above code depends on it, as well as the svnupdate_process.php code (described below), in order to log each time someone hits the export code button

filename = "log.txt";
                $  this->Username = $  _SERVER['PHP_AUTH_USER'];
                $  this->logfile = $  this->filename;

        function write($  data) { // write to logfile
                $  handle = fopen($  this->logfile, "a+");
                $  date = date("Y-m-d H:i:s");
                $  IP = getenv('REMOTE_ADDR');
                $  data = "[$  date] {$  this->Username}:{$  IP} - " . $  data . "n";
                $  return = fwrite($  handle, $  data);
                fclose($  handle);

        function display() { // display logfile
                $  handle = fopen($  this->logfile, "a+");
                while(!feof($  handle)) { // Pull lines into array
                        $  lines[] = fgets($  handle, 1024);
                $  count = count($  lines);
                $  count = $  count - 2;
                for($  i=$  count;$  i>=0;$  i--) {
                        echo $  lines[$  i] . "
"; } fclose($ handle); } } ?>

The code of the svn export process is handled by the following script below. Again its self explanatory. PHP executes a shell command to export the svn code based on the array variables defined in the very first script. Make sure all the variables match up to whats in svn and the location of the files, and even execute a test run of the command manually with the variables. If there are problems, you can modify the command to pipe the output to a log file for further analysis. Additionally you may need to alter the permissions of the apache user so that the command can be properly run. Avoid setting the apache user to have a shell (big no-no) ,but maybe a nologin shell or something along those lines. Its completely up to you , but be very careful about the choices you make to get it to run properly.


Update/Status Window

&1"; if($ _POST['submitbutton'] == "Export") { $ output = shell_exec("umask 022;".$ command); } echo "
$  output

$ logtext = "Exported to {$ _POST['site']}";
$ logfile->write($ logtext);


Finally the last script will be the script that parses the SVN log output with a date/time range from the last time the export button was pushed, until the current date and time. This will load the output in the same iframe log window on the svn page so the user can see what pending commits are in the code since the last time it was exported. Invaluable information, right?

Note that this has a function to filter out additional illegal characters to avoid cross site scripting injections. This code should be completely 100% restricted from outside public use, however it might be worth it to put this function in the svnupdate_process.php script as well. Can’t be too careful. I thought I’d include it here for you to use.


',"'",'"',')','('), array('<',':','|','&','>',''','"',')','('), $  input_str );
        $  return_str = str_ireplace( '%3Cscript', '', $  return_str );
        return $  return_str;

        $  xss_path=xss_cleaner($  _GET['path']);
        $  xss_svn=xss_cleaner($  _GET['svn']);
        $  xss_name=xss_cleaner($  _GET['name']);

        echo "Viewing Pending Updates For : ". $  xss_name . "";
        echo "
"; $ command = "/usr/bin/svn --username svnuser --password 'svnpassword' --config-dir /tmp log " . $ xss_svn . " -r {"`grep "" . $ xss_path . "" log.txt | tail -n 1 | awk -F " " '{printf "%s %s", $ 1,$ 2}' | sed -e 's/[//g' -e 's/]//g'`"}:{"`date "+%Y-%m-%d %H:%M:%S"`"}"; $ output = shell_exec("umask 022;".$ command); echo "
$  output

else {
echo "No queries passed!";


Lets break down the SVN log command, so you know whats going on. I’m grabbing the SVN site array variables when the “view log” link is clicked on the svn page. I am also parsing the export log text file to get the last entry for the particular site in question, grabbing the date and time.

I am then getting the current date and time to complete the date/time range in the svn log query. The finished query should look something like this :

svn --username svnuser --password 'svnpassword' --config-dir /tmp log svn:// -r {"2013-01-01 12:01:00"}:{"2013-02-01 12:01:00"}

Note the files in this post are now on GitHub

The post A Web based system to push your SVN code through development, staging and production environments appeared first on Managed WordPress Hosting | Managed VPS Hosting | Stack Star.

Managed WordPress Hosting | Managed VPS Hosting | Stack Star

Centralized Backup Script

Posted by: Admin  :  Category: Web Hosting

Hello There!

I thought I’d share a backup script that was written to consolidate backups onto one server instead of spreading the backup process across several servers. The advantages are somewhat obvious to consolidating the script onto one server, namely being that editing or making changes is much easier as you only have one script to edit.

The environment where this may be ideal would be for environments with 15-20 servers or less. I’d recommend a complete end-to-end backup solution for servers that exceed that number such as Bacula perhaps.

The bash shell script that I pasted below is very straightforward and takes two arguments. The first is the hostname or ip address of the destination server you are backing up. The next (and potentially unlimited) arguments will be single quote encased folders which you would want backed up.

This script is dependent on the server the script is running on having ssh key based authentication enabled and implemented for the root user. Security considerations can be made with IP based restrictions either in the ssh configuration, firewall configuration or other considerations.

# Offsite Backup script
# Written by
# Dynamic backup script

currentmonth=`date "+%Y-%m-%d %H:%M:%S"`
currentdate=`date "+%Y-%m-%d%H_%M_%S"`

# Check User Input
if [ "$  #" -lt 2 ]
        echo -e "nnUsage Syntax :"
        echo -e "./ [hostname] [folder1] [folder2] [folder3]"
        echo -e "Example : ./ '/etc' '/usr/local/www' '/var/lib/mysql'nn"
        exit 1

# get the server's hostname
host_name=`ssh -l root $  1 "hostname"`
echo "Host name : $  host_name"
if [ "$  host_name" == "" ]
        host_name="unknown_$  currentdate"

echo "$  host_name Offsite Backup Report: " $  currentmonth > /var/log/backup.log
echo -e "----------------------------------------------------------" >> /var/log/backup.log
echo -e "" >> /var/log/backup.log

# Ensure permissions are correct
chown -R backups:backups /home/fileserver/backups/
ls -d /home/fileserver/backups/* | grep -v ".ssh|.bash" | xargs -d "n" chmod -R 775

# iterate over user arguments & set error level to 0
for arg in "$  {@:2}"
        # check if receiving directory exists
        if [ ! -d "/home/fileserver/backups/$  host_name" ]
                mkdir /home/fileserver/backups/$  host_name
        sanitize=`echo $  arg | sed 's/[^/]/+$   //'`
        sanitize_dir=`echo $  arg | awk -F '/' '{printf "%s", $  2}'`
        /usr/bin/ssh -o ServerAliveInterval=1 -o TCPKeepAlive=yes -l root $  1 "/usr/bin/rsync -ravzp --progress --exclude 'clam_quarantinedir' $  sanitize/ backups@$  backupserver:/home/fileserver/backups/$  host_name/$  sanitize_dir; echo $  ? > /tmp/bu_rlevel.txt" >> /var/log/backup.log 2>&1
        echo "/usr/bin/ssh -o ServerAliveInterval=1 -o TCPKeepAlive=yes -l root $  1 "/usr/bin/rsync -ravzp --progress --exclude 'clam_quarantinedir' $  sanitize/ backups@$  backupserver:/home/fileserver/backups/$  host_name/$  sanitize_dir""

        runlevel=`ssh -l root $  1 "cat /tmp/bu_rlevel.txt"`
        echo "Runlevel : $  runlevel"

        if [ "$  runlevel" -ge 1 ]
                errors=$  ((counter+1))
                echo -e "Script Backup for $  arg Completed Successfully!" >> /var/log/backup.log 2>&1


# Check error level
if [ $  errors -ge 1 ]
        echo -e "There were some errors in the backup job for $  host_name, please investigate" >> /var/log/backup.log 2>&1
        cat /var/log/backup.log | mail -s "$  host_name Backup Job failed" $  backup_email
        cat /var/log/backup.log | mail -s "$  host_name Backup Job Completed" $  backup_email

It should be explained further that this script actually connects to the destination server as the root user, using ssh key authentication. It then initiates a remote rsync command on the destination server back to the backup server as a user called “backupuser”. So that means that not only does the ssh key need to be installed for root on the destination servers, but a user called “backupuser” needs to be added on the backup server itself, with the ssh keys of all the destination servers installed for the remote rsync.

Hopefully I did not over complicate this, because it really is quite simple :

Backup Server –> root –> destination server to backup — > backupuser rsync –> Backup Server

Once you implement the script and do a few dry run tests then it might be ready to implement a scheduled task for each destination server. Here is an example of one cron entry for a server to be backed up :

01 1 * * * /bin/sh /usr/local/bin/ destination-server-hostname '/etc' '/usr/local/www' '/home/automysql-backups'

The post Centralized Backup Script appeared first on Managed WordPress Hosting | Managed VPS Hosting | Stack Star.

Managed WordPress Hosting | Managed VPS Hosting | Stack Star

Looking to integrate TREB listings into WordPress? Check this post by Shift8 Out

Posted by: Admin  :  Category: Web Hosting

Hey there,

I thought I’d link to a blog post by our web design and development site regarding a new Python based tool that allows you to grab TREB listings, listing images and all the TREB data and directly import the extracted data into a WordPress site.

The entire Python code was released with the GPL license and is available for anyone to modify and use. Of course we will be offering the integration and installation of this system as a service for those who are not as technically inclined to implement this system themselves. Its definitely something that will make a difference in the 3RD party TREB data handling industry, as many commercial offerings along these lines are mainly based on the SaaS (software as a service) business model.

Offering a reliable and stable system of extracting TREB listings and importing them directly into wordpress, with an installation service as a one-time fee is quite exciting and should hopefully give many agents, web designers and developers out there a solid alternative option to paying for a service via a subscription model.

In any case, check out the post here : Shift8 TREB WordPress Integration with Python

You can also check out the GitHub page for the open source project here : GitHub Shift8 TREB WordPress Project

The post Looking to integrate TREB listings into WordPress? Check this post by Shift8 Out appeared first on Managed WordPress Hosting | Managed VPS Hosting | Stack Star.

Managed WordPress Hosting | Managed VPS Hosting | Stack Star

PHP 7.0.7 Released

Posted by: Admin  :  Category: Php news & announcements