Thursday 06th November 2014 SourceGuardian 10 compatibility fix for old versions of Mac OS X
We have released a minor update of SourceGuardian 10 for OSX to fix issues with running the encoder on old versions of OSX. If you had the following error message "dyld: lazy symbol binding failed: Symbol not found: ___strlcpy_chk" or similar in the encoding log window when encoding files for PHP 5.5 or 5.6, please download and install an updated version from your user account.
Posted on November 06th 2014 at 09:07pm by Alex
Thursday 11th September 2014 Loaders updated up to version 10.1.3
If you are using version 10 of SourceGuardian, please update your loaders
. The following issues were fixed in the version 10.1.3 of loaders:
- try/catch issues on PHP 5.0.x-5.2.x (there were no issues for newer versions of PHP). Fixed.
- customer session handler that extends standard SessionHandler class was causing the encoded php scripts to fail on exit (on session write & close). Fixed.
Loaders were updated for Windows, Mac OS X, Linux.
We also updated loaders for embedded Linux solutions running on ARM:
- Linux ARMel platform
- Linux ARMhf platform including RaspberryPi, BeagleBoard, CubieBoard and more
And finally we updated loaders for HP-UX IA64:
- HP-UX Itanium (IA64) 32-bit
- HP-UX Itanium (IA64) 64-bit
Support of SourceGuardian 10 and PHP 5.6 were added.
Posted on September 11th 2014 at 12:58pm by Alex
Tuesday 01st July 2014 SourceGuardian 10 launched
We are proud to present SourceGuardian 10 - the most advanced PHP Encoder on the market, complete with a powerful GUI and protection covering the latest versions of PHP including PHP 5.6. You can encode your scripts using Windows, Mac OS X and Linux, all with a powerful GUI or using a command line interface.
Protected files may run on Windows, Mac OS X, Linux, FreeBSD, embedded Linux ARM and more. For a full list of supported platforms check our loader page
Version 10 introduces improved code protection methods as well as encoding for PHP 5.6 and some new options. As usual this update is partly based on comments and suggestions of our users. We were glad to receive comments and suggestions and want to thank you very much for sharing your ideas! We are looking forward to hearing about other suggestions for improving SourceGuardian. Here is a list of recent version 10 changes.
· Improved code protection methods
· Full support of PHP 5.6 encoding including the latest language options: constant scalar expressions, variadic functions operator, updated use operator and more
Encoding for PHP 5.6 is fully supporting in version 10 of SourceGuardian. PHP 5.6 introduced new language features and updated bytecode format to support them. Files encoded with SourceGuardian 8, 9.x or older will need to be re-encoded with SourceGuardian 10 in order to run them under PHP 5.6
· New loaders for PHP 5.6, updated loaders for older versions of PHP
We updated loaders and created new ones for PHP 5.6. Loaders for the following operating systems are available:
· Windows 32-bit (VC6, VC9; VC11 PHP 5.5, 5.6)
· Windows 64-bit (VC9 PHP 5.3,5.4; VC11 PHP 5.5,5.6)
· MacOSX (universal binaries, include i386, x86_64)
· Linux (i386, x86_64)
· FreeBSD (i386, x86_64)
We update the following loaders on request. Please check our blog and the loaders page for new versions
· OpenBSD (i386, x86_64)
· IBM PowerLinux
· HP-UX Itanium
· Linux ARM (armel)
· Linux ARM (armhf) including Raspberry Pi
We are happy to work with our customers if they need bespoke loaders for other custom operating system. Please contact email@example.com if you are interested.
· A closing PHP tag is not added anymore to the end of encoded files. It's not needed, Zend recommends to not use it. Omitting the closing tag 'automatically' protects against 'headers already sent' errors if any of the encoded files were accidentally opened/saved in the editor and some characters were added at the end. Omitting the closing tag does not affect execution of protected files.
· SG_LIC_PATH environment variable may be used to specify where the loader should search for a license file.
· PHP short tags <? ?> are enabled by default. If you do not need them enabled for any reason, you may turn them off in advanced settings in GUI or by using the new --no-short-tags option in the command line. The old --short-tags option has been removed.
· License generation fixed in GUI when a URL is specified as a license file name.
· Fixed how encoding only of changed files works in GUI.
· A new 'Refresh' button added to the GUI for updating the project tree. It is useful if any of the files were changed or added to the folders behind the encoder GUI. Also automatic refresh happens when you encode only files updated since the last encoding.
· A new --keep-file-date command line option added to keep the modification date for encoded files the same as the modification date of source files. The same option is available in GUI in Advanced settings.
Posted on July 01st 2014 at 12:28pm by Alex
Tuesday 18th March 2014 Loaders for PHP 5.5 added for HP-UX IA64 platform
We have added support for running SourceGuardian encoded files on HP-UX IA-64 platform under PHP 5.5. Please download
new loaders from our web site or click here
to use our online loader assistant to know the loader you need for your system and how to install it.
Posted on March 18th 2014 at 01:08pm by Alexander
Saturday 25th January 2014 Spotlight on Symfony
Next up in our framework review is the ever-popular Symfony, which is now well into its second stable version (2.4.1, released in early January of this year). Symfony2 captured a 10.62% share of the developers polled on Sitepoint at the end of 2013, making it the third-most popular framework among the responding PHP developers. It has achieved this placement with good reason, as it's widely used across the web, providing a mixture of robust community support and feature-rich libraries.
The brainchild of the same developers who founded the French web design and development agency SensioLabs even before beginning to develop Symfony, Symfony begins with an excellent base to expand upon. As we discussed in a recent post, SensioLabs has even gone so far as to acquire venture capital, with the main purpose of the funding being the expansion and support of Symfony for development projects around the world. The $7 million USD provided by CM-CIC Private Capital will go quite a long ways when it comes to setting up the resources required to support and encourage the adoption of Symfony, so expect this framework to be growing rapidly all around the world in the months and years to come - it seems to be the only PHP framework with corporate sponsorship.
This level of commitment has created an excellent community of active developers who are working with Symfony, further reinforcing its usability. Even major corporations have signed on to use Symfony for their development projects, including the search engine Yahoo! and web video giant Dailymotion, not to mention phpBB, the most widely-used PHP-based forum service on the web, and the open-source PHP CMS Drupal.
One of the major strengths of Symfony is it's modular nature, which allows for a greater degree of flexibility when it comes to development, as it is itself modular from the ground up. In short, it plays well with almost any other standard component of PHP that you're comfortable using in your development process. It's arguably the most feature-rich framework that we've looked at so far, but that comes with a bit of a downside when it comes to bloat. Even the developers who voted it up so high in the standings at Sitepoint were the first to admit that it lagged well behind others when it came to performance metrics, which should be a concern for many developers looking for a slightly more robust framework.
Wednesday 22nd January 2014 Added Security Help from PHP 5.5
Security should always be in the forefront of any PHP developer's mind. With data breaches becoming a daily occurrence, and the cost of such data breaches often reaching into the millions of dollars (not to mention the PR disaster), developers absolutely must follow strict best practices to ensure that their code is not the vector from which such breaches occur. While it seems almost impossible to secure any system entirely, there are some essential concepts that developers must wrap their heads around in order to ensure as best they can that their applications are secure.
It's sad, but almost axiomatic - the user is responsible for a large number of security breaches. Whether they're a malicious user intent on breaking into your system or a hapless end user who uses the same password for every single website they have an account with, the user simply cannot be trusted from a security point of view. With that in mind, any good developer would implement a password hashing system to help prevent a malicious user from causing some serious harm - but considering the number of services, typically mobile, that transmit passwords as plain text, it bears mentioning.
In previous versions of PHP, password hashing was fairly simply to do badly, but far more difficult to do well. Hashing via MD5 or SHA1 were better than nothing, but adding a salt (a piece of data that prevents hackers from simply looking up an output string in a massive table to find the corresponding plain text) was an extra step that many developers skipped - and even those who took the time to include one couldn't completely preclude the possibility of a crack.
Fortunately, in the latest release of PHP, the long-awaited version 5.5, the language developers have finally implemented a far more secure method of natively hashing passwords, in the refreshingly simple password_hash() function. Instead of generating a 32 character hash, the string has been extended to 60 characters, and includes a cryptographic salt by default. However it also includes a new factor known as 'cost', which manages to even further obfuscate the passwords - and all wrapped up in a neat little function that's simple to implement. With any luck, as more and more developers begin to upgrade to version 5.5, we'll see a marked reduction in this sort of security breach.
Friday 17th January 2014 PHP Book Review: The Joy of PHP by Alan Forbes
A while ago, we did a quick overview of a few books that every PHP developer should keep a copy of somewhere in their library, but since buying books can get quite expensive after a while, we thought it would be best if we zoomed in a little bit closer and started looking more in-depth at some of the best PHP titles. This post, we're going to look at one of the more beginner level books that's a great help for those of you who are just starting out on the journey to become a proper PHP developer, The Joy of PHP: A Beginner's Guide to Programming Interactive Web Applications with PHP and MySQL by Alan Forbes.
First of all, it's important to realise from the beginning that this isn't just another PHP reference book intended to act as the be-all and end-all of PHP development. It's targeted directly at the PHP novice, although it helps a great deal if you've already got some basic web programming experience - he covers the basics of HTML, but that's not the focus of the book. If you're already comfortable coding the front-end side of websites, this is the perfect book to help you get a taste of the basics of back-end coding so you can expand your skillset.
It takes you from the very initial setup of PHP and xAMPP on your home development environment, through basic PHP syntax and then starts giving you basic tasks that help you work towards making these initially abstract examples more concrete and relevant. The example he uses throughout the book isn't particularly exciting (a used car sales website), but it definitely does the job, and Forbes' engaging writing style also helps to keep things moving along. The focus tends to be more on working with databases specifically, but as most beginner-to-intermediate PHP developers are going to be focused on database-driven projects, this shouldn't be much of a problem.
There is a little bit of criticism in the developer community about the way that he handles his code examples in the book - the ever-present threat of SQL injection attacks is something that no developer can afford to ignore in this day and age. That being said, the author isn't attempting to turn the reader into a PHP master, the goal is simply to get people comfortable with the basics. Anyone who takes this knowledge out in the world and creates websites for clients is going to be in for a nasty surprise, as this book should just be used as a jumping off point - but it does that job very well, and provides a great introduction to PHP and MySQL - just be sure to read up on security vulnerabilities, and then take on a few more advanced books!
Tuesday 14th January 2014 The Cuddlier Side of PHP
If the title of this post made you do a double take, we don't blame you - PHP never struck us as particularly cuddly either. Sure, it's great and all, but cuddly just doesn't fit into the list of things you think about when you hear the word PHP. In order to combat this image problem, a number of PHP developers have banded together with an - to some at least - unexpected project. After all, other geek projects have mascots that work to reach out to emotional appeal - most famous, of course, is Tux, the loveable penguin who adorns the Linux masthead. Even Android has it's adorable little robot, inexplicably known as 'BugDroid'. But some people may not be aware that PHP has its own little mascot, the ElePHPant!
The original mascot design was invented in the late 90's by French PHP developer Vincent Pontier (known in less formal settings as Elroubio), almost by accident, as he was doodling with the letters PHP to create a logo for a friend's website. Eventually, the idea took off around the net, and ten years after the initial design was completed and uploaded, Pontier took it upon himself to follow in the footsteps of Tux and the Linux community and create a plush version of the ElePHPant. Currently available in blue, pink and green, the folks over at php[architect], one of the oldest PHP development magazines (old enough to have started in print!), is hoping to celebrate its 11th year helping the PHP development community with a special orange edition of the ElePHPant, as orange is the predominant colour of the magazine itself. If you're looking for a cuddly coding companion, or just something to brighten up the office during your marathon coding sessions, be sure to swing over to the Kickstarter page and get in on the ground floor.
However, it's not all fun and games - as Pontier himself said of the original plush ElePHPants, "Don't kid yourself, this is not a toy! This is first and foremost a special partner for every PHP coder. Trouble with sessions? A bug in a class? A crashed method? Don't worry! Just tell your ElePHPant the problem, and he will give you the solution (and if the solution is not worth it, you may also throw him on the walls)." We've all been there!
Thursday 09th January 2014 Focus on Phalcon
According to the Sitepoint poll of PHP programmers we mentioned a few weeks ago, the second-most popular framework after Laravel was Phalcon. This is a fairly remarkable achievement, considering that the framework itself is only about 2 years ago, near the beginning of 2012. As the internet grows by leaps and bounds, and traffic grows right along with it, there's bound to be a greater and greater focus on performance issues, and this where Phalcon really distinguishes itself from more typical PHP frameworks: as its documentation says, "Phalcon is an effort to build the fastest framework for PHP."
So how does it manage this? It's primary advantage comes from the fact that it's entirely C-extension-based. Not a very common strategy among popular PHP frameworks, being coded in C gives Phalcon the majority of its performance advantages. The C extensions are loaded at the beginning of web server's process and then reside in RAM, allowing Phalcon to process over 2300 requests per second, nearly three times as many as CodeIgniter is able to manage. Other than this aspect, however, it operates more or less the same as any other modern MVC-framework for PHP, offering an array of features you've come to expect like object-relational mapping, a query language, a templating engine, and other such goodies. Add in a burgeoning community of other developers working with the language, and you begin to see why Phalcon has quickly risen from relative obscurity to become one of the most appealing frameworks for your upcoming large scale, performance intensive projects.
The success has driven development fairly quickly as well, and Phalcon 2.0 is in the works, with the first alpha version already released. There are a fair number of changes under the hood, which should ease the concerns of some developers who have resisted Phalcon and other C extension frameworks for the simple fact that they don't know C very well and aren't keen to learn. This made it very difficult to do any sort of bug fixing, in the unlikely event that something went wrong. The new version of Phalcon has the majority of its behind-the-scenes processes recoded in a language called Zephir, an open-source language that compiles and runs with a speed similar to C. If you're interested in helping test-drive the alpha version of 2.0, they're always looking for more assistance!
Tuesday 07th January 2014 PHP-Based CMS Comparisons
Not every development project we work on gets to be a brilliant portfolio piece that showcases our PHP mastery. Sometimes, we wind up accepting projects that require a fair amount of front-end development in addition to the more exciting programming aspects. Rather than completely re-inventing the wheel by coding an entire site from scratch complete with convenient access for clients to update and add new content themselves, sometimes it can be useful to employ a content management system (or CMS). This saves a great deal of time and work, and lets you focus on the more interesting development challenges without a whole lot of tedious mucking around on front-end work. Fortunately, there are several great PHP-based content management systems that can be easily installed and then customised to meet your needs.
Easily one of the most popular and easy to work with is Wordpress. While those of you without much experience with it may tend to think of it simply as a blogging platform, it's actually quite extensible thanks to a robust PHP-based plugin system that allows you to develop and implement additional functionality using the PHP language. In fact, there is an extremely large directory of plugins both free and paid that are available for download, and install with the click of a button which can then be edited to your needs. The entire CMS itself is also coded in PHP, which means it will take very little work to get up to speed even if you've never used it before.
Another very popular PHP CMS is Drupal, which is one of the oldest (if not the very oldest) PHP CMS' found on the web, having been launched way back in 2001. This extended lifespan shows in it's capability and scalability, but compared to working with Wordpress, it's extremely difficult to get a handle on. Most plugins available for Drupal, known as 'modules', are not free, although there are a few good ones floating around. Definitely the choice of more seasoned developers, those less experienced should lean towards a Wordpress or Joomla implementation - to give you a sense of what it can do, the US government website whitehouse.gov is powered by Drupal.
Joomla is a sort of happy middle ground between the extreme flexibility of Drupal and the simple hand-holding of Wordpress. Powering a respectable set of sites that includes linux.com, Joomla is aimed more at an interim-level developer who needs more capability than Wordpress offers but doesn't require the same level of implacable stability that comes with the more rigid Drupal. However, its SEO-friendliness leaves something to be desired compared to Wordpress, although it does have a similarly expansive plugin directory that can save you a lot of development time.
Always choose the right CMS for the job!