To install FontMatrix on Ubuntu 8.04 the deb file can be downloaded from :
http://www.getdeb.net/app/Fontmatrix

www.site.com/index.php/class_name/method?id=15
or
www.site.com/index.php/controller/action?id=15 in the MVC style
or
localhost/project/index.php/class_name/method?id=15

PHP MVC frameworks like codeigniter use urls like that.

Apache makes available a variable called PATH_INFO to PHP which stores
the portion of the url between script and query string that is /class_name/method

On Localhost

index.php
print_r($_SERVER)

shows :

     [SERVER_SIGNATURE] => <address>Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch Server at localhost Port 80</address>
     [SERVER_SOFTWARE] => Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch
    [SERVER_NAME] => localhost
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 127.0.0.1
    [DOCUMENT_ROOT] => /var/www/
    [SCRIPT_FILENAME] => /var/www/project/index.php
    [REMOTE_PORT] => 39733
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => id=15
    [REQUEST_URI] => /project/index.php/class_name/method?id=15
    [SCRIPT_NAME] => /project/index.php
    [PATH_INFO] => /class_name/method
    [PATH_TRANSLATED] => /var/www/class_name/method
    [PHP_SELF] => /project/index.php/class_name/method

Next using .htaccess to redirect localhost/project/class_name/method to localhost/project/index.php/class_name/method and again viewing the $_SERVER variable with url : localhost/project/class_name/method

shows :

     [SERVER_SIGNATURE] => <address>Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch Server at localhost Port 80</address>
     [SERVER_SOFTWARE] => Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch
    [SERVER_NAME] => localhost
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 127.0.0.1
    [DOCUMENT_ROOT] => /var/www/
    [SCRIPT_FILENAME] => /var/www/project/index.php
    [REMOTE_PORT] => 39734
    [REDIRECT_QUERY_STRING] => id=15
    [REDIRECT_URL] => /project/class_name/method
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => id=15
    [REQUEST_URI] => /project/class_name/method?id=15
    [SCRIPT_NAME] => /project/index.php
    [PATH_INFO] => /class_name/method
    [PATH_TRANSLATED] => /var/www/class_name/method
    [PHP_SELF] => /project/index.php/class_name/method

In both the above PATH_INFO is identical results , REQUEST_URI is different.

On Webserver
Now when the same code was put up on the webserver ::::

without .htaccess redirect , url like domain.com/project/index.php/class_name/method?id=15

shows :

    [SERVER_SOFTWARE] => Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
    [PATH_INFO] => /class_name/method
    [PATH_TRANSLATED] => /home/celcscom/public_html/project/index.php
    [QUERY_STRING] => id=15
    [REDIRECT_STATUS] => 200
    [REMOTE_ADDR] => 59.93.245.243
    [REMOTE_PORT] => 60157
    [REQUEST_METHOD] => GET
    [REQUEST_URI] => /project/index.php/class_name/method?id=15
    [SCRIPT_FILENAME] => /home/celcscom/public_html/project/index.php
    [SCRIPT_NAME] => /project/index.php
    [SERVER_ADDR] => 216.67.245.98
    [SERVER_PORT] => 80
    [PHP_SELF] => /project/index.php/class_name/method

PATH_INFO is same as localhost.

The difference came when using .htaccess redirect , the output

shows :

    [SERVER_SOFTWARE] => Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
    [QUERY_STRING] => id=15
    [REDIRECT_QUERY_STRING] => id=15
    [REDIRECT_STATUS] => 200
    [REDIRECT_UNIQUE_ID] => SsI359hD9WIAAHMWpgEAAAAD
    [REDIRECT_URL] => /project/class_name/method
    [REQUEST_METHOD] => GET
    [REQUEST_URI] => /project/class_name/method?id=15
    [SCRIPT_FILENAME] => /home/celcscom/public_html/project/index.php
    [SCRIPT_NAME] => /project/index.php
    [SERVER_ADDR] => 216.67.245.98
    [ORIG_PATH_INFO] => /class_name/method
    [ORIG_PATH_TRANSLATED] => /home/celcscom/public_html/project/index.php
    [PHP_SELF] => /project/index.php

PATH_INFO is missing but ORIG_PATH_INFO is there with the information PATH_INFO was supposed to have.

So the php code had to be changed to check for $_SERVER['ORIG_PATH_INFO'] when $_SERVER['PATH_INFO'] is absent

PATH_INFO relies on the Apache AcceptPathInfo Directive

LoadModule rewrite_module modules/mod_rewrite.so

by removing the # sign before it.

Then comes a section which looks like this :

<Directory "C:/Apache2.2/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

<span id="more-207"></span>

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be &quot;All&quot;, &quot;None&quot;, or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

&lt;/Directory&gt;

The line :
AllowOverride None

should be made :
AllowOverride All

Restart Apache. Create a .htaccess file somewhere in htdocs and write some garbage text in it like akjsnajknda and save. Create a index.php along with the .htaccess file. Now open the index.php file in browser and you should get an Internal Server Error. This indicates that .htaccess file is wrong , which means that mod_rewrite is now active.

select
    concat(table_name, '.', column_name) as 'foreign key',
    concat(referenced_table_name, '.', referenced_column_name) as 'references'
from
    information_schema.key_column_usage
where
    referenced_table_name is not null;

which is found here

and gives an output like this :

+-----------------------+-------------+
| foreign key           | references  |
+-----------------------+-------------+
| orders.client_id      | clients.id  |
| line_items.order_id   | orders.id   |
| line_items.product_id | products.id |
+-----------------------+-------------+

Another way would be to :

SHOW CREATE TABLE tablename;

which displays the sql query to create the table and has the foreign key constraints too.

Apart from this phpmyadmin too shows the foreign keys on the top of a table structure.

References :
1. Mysql Docs

1. Convert both tables into innodb.
2. View the structure of the table which will have a foreign key. Make the referencing field an INDEX.
3. Now come back to structure view and click Relation view. In the Relation view page the field (which was made an INDEX) can be made a foreign key referencing to some other field in another table.

#1449 – There is no ‘projects’@'localhost’ registered

So I opened the dump file and found that the error was being caused by a line which looks like this :

/*!50013 DEFINER=`projects`@`localhost` SQL SECURITY DEFINER */

This line appeared in every view definition. So the simple reason was that projects@localhost was the user which had created the view (on the server) and when importing the database on local system there was no user named ‘projects’ in mysql.

There appeared to be no way by which this line could be prevented from coming up in the dump file. So a possible solution was to erase it from the dump file.

On ubuntu like this :

sed ‘/^\/\*\!50013/d’ backup.sql > backup_without_50013.sql

in PHP I tried this :

$contents = file_get_contents('backups/backup.sql');
$contents = preg_replace('@\/\*\!50013 DEFINER.*?\*\/@' , '' , $contents);
file_put_contents('backups/backup.sql' , $contents);

The above solutions worked.
But I was still looking for a technique where I didnt have to modify the dump file.

The solution is to create a view with sql security invoker like this :

CREATE SQL SECURITY invoker VIEW my_view as select …….

The above statement allows this view to be viewed by any user who invokes the view.By default the SQL SECURITY is DEFINER which means the definer user can only view it.

First of all it should be noted that getting someone’s password out of a server is something impossible for the very simple reason that in most cases the password is stored no-where. Newbies think and make attempts to get the some one’s password from the target server. But yes this is not possible. Passwords are not stored directly, but as hashes (if you are a web developer then you must be knowing this). Hashing is basically a one way algorithm to turn a string of any size into a fixed sized string. For more on hashing get to wikipedia. Hashes cant be reverted to get back the original string. Now when a user logs into a system, he provides his username and password. Now the password is hashed again and compared with the hash that was stored during registration. If both match then access is granted.

But yes there are techniques to get some one’s password or rather “steal” them from the original user. Thats the only way to get the password.

Some common techniques are :

1. Phishing : Now “phishing” it basically “tricking” , to trick a user into providing his login details to you. The most popular way to do this is by creating a fake login page which looks like the login page of the original system and make the user login through this fake login page. When the user attempts this then the login details he provides go to the hacker rather than the actual system. Phishing issue arise in a lot of situations e.g. email logins , bank logins etc.

2. Social Engineering : This technique involves collecting some information about the user which can provide access to his system. The best possible extent of doing this would be to get the password itself from the user but in most cases this is not possible. Most email systems for example provide a password recovery mechanism which involves answering certain questions like Your birthdate , phone number , pet name etc. Now a hacker clever at social engineering would talk with the user directly and during the conversation would try to make the user speak out the information that is useful to get access to the user’s mail. For e.g. a hacker could ask the birthdate some where in the conversation and if the user tells it, then the user can use it. Social engineering aims at collecting as much information as possible from the user which can be useful to get the login or access to his mailbox.

3. Trojans/Keyloggers/Spyware : This is a software based technique. It involves installing a piece of software on the victim’s computer so that the activity on the target computer can be recorded and read by the hacker. For e.g. logging all keyboard activity and then searching them for usernames and passwords.

All pages had utf-8 in their meta tags so the issue was somewhere else. A working solution was found :

1. Go to phpmyadmin and select the database of this blog
2. Select table wp_options and then click operations. In table options box change collation to utf8_unicode_ci which is the last option.
3. Also change the collation of individual columns e.g.option_value to utf8_unicode_ci

Changing the table and column collation property made the thing work right.

sudo apt-get install mdbtools-gmdb

1. PHPLOT – Can create Pie Charts , Bar Graphs , Line Graphs , Point Graphs etc.

2. PostGraph – Can create simple bar graphs.