Category: PHP

PHP related articles

Connecting PHP to a Microsoft Access Database

My youngest son is learning how to code.

He is working on a PHP fitness application.

He’s built his demo app using PHP and MySQL and I want to run the code on my PC but I don’t have MySQL and don’t want to install it either.

Instead, I’ll try to do something much harder.

I’ll make his code connect to a Microsoft Access Database instead.

It was harder than I thought it would be initially.
I tried an ODBC connection but had to abandon it after having way too many issues running 32-bit ODBC drivers on 64 bit Windows that is trying to Microsoft Access Database files. 

To get this to work, I had to enable an ODBC dll in the PHP.ini file.  Then trial and error coding until I found some code that works but I ended up having to learn about PHP PDO and use that for connecting to the Access Database instead of a strait OBDC connection.

Configuring PHP to use a Microsoft Access Database

  1. Enable an ODBC.dll in the PHP.ini file
  2. Use code below to connect to the Microsoft Access Database using PHP PDO

PHP code I used to connect a PHP page to a Microsoft Access Database

<?php
try {
    $dbName = $_SERVER["DOCUMENT_ROOT"] . "phpFitness_Trackerlifting_tracker.mdb";
    if (!file_exists($dbName)) {
        die("Could not find database file." . $_SERVER["DOCUMENT_ROOT"] . "phpFitness_Trackerlifting_tracker.mdb" );
    }

    $db = new PDO("odbc:DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=$dbName; Uid=; Pwd=;");

    /*** The SQL SELECT statement ***/
    $sql = "SELECT * FROM lifting_tracker";
    /*** fetch into an PDOStatement object ***/
    $stmt = $db->query($sql);
    $stmt2 = $db->query($sql);
    /*** echo number of columns ***/
    $result = $stmt->fetch(PDO::FETCH_ASSOC);
    /*** loop over the object directly ***/
    foreach($result as $key=>$val) {
        echo $key.' - '.$val.'<br />';
        echo 'Reps: ' . $result['reps']. '<br />';
    }
    /*** loop over the object directly ***/
    while ($row = $stmt2->fetch(PDO::FETCH_ASSOC))
    {
      echo 'This is from the while loop! ' . $row['reps']. '<br />';
    }
}
catch(PDOException $e) {
    echo $e->getMessage();
}
$db = null;
?>

For Loops for Beginners – ASP, C#, PHP, JavaScript & Python Examples

A “For Loop” executes a block of code a specific number of times or while a specified condition is true.

PHP For Loop

for (init; condition; increment)
  {
  code to be executed;
  }

php fOR lOOP PARAMETERS

  • init: Mostly used to set a counter (but can be any code to be executed once at the beginning of the loop)
  • condition: Evaluated for each loop iteration. If it evaluates to TRUE, the loop continues. If it evaluates to FALSE, the loop ends.
  • increment: Mostly used to increment a counter (but can be any code to be executed at the end of the iteration)

Note: The init and increment parameters above can be empty or have multiple expressions (separated by commas). Example The example below defines a loop that starts with i=1. The loop will continue to run as long as the variable i is less than, or equal to 5. The variable i will increase by 1 each time the loop runs:

PHP For Loop Example Code

<?php
for ($i=1; $i<=5; $i++)
  {
  echo("The number is " . $i . "<br>");
  }
?>

Classic ASP For Loop Example Code

<%
For i = 1 to 5
 Response.Write("The number is " & i & "<br>")
Next
%>

JavaScript For Loop Example

<%
For i = 1 to 5
 Response.Write("The number is " & i & "<br>")
Next
%>

C# For Loop Example

for (int i = 0; i < 5; i++) 
      {
        Console.WriteLine(i);
      }

Python For Loop Example

states = ["Alaska", "Alabama", "Arkansas"]
for x in states:
  print(x) 
  if x == "Alabama":
    break

WordPress Security: How to Fix xmlrpc.php Attacks

Today marks my first week of owning a WordPress blog.

I figured a week should be ample enough time to have the web server run and let the bad guys and bots take a swing at it. A review of my Apache web server log should show me what type of WordPress hacks would be attempted first.

My site is really new so I don’ t expect a lot of traffic. I downloaded my Apache web server log and noticed that apparently I had a lot of traffic for a brand new site that had not yet been promoted.

Once I downloaded and looked through the web server log file, a pattern quickly appeared. Lots of requests for a specific file called xmlrpc.php.

What the hell is xmlrpc.php?

I had found this in depth article about the xmlrpc file. For a more in-depth dive please check it out.

https://www.hostinger.com/tutorials/xmlrpc-wordpress

The super short version is, that XML-RPC is a WordPress feature enabling transmission of XML messages between systems using HTTP as the transport mechanism.

WordPress being an open system, occasionally needs to communicate with other systems, xmlrpc.php is supposed to handle that job.

My understanding is that xmlrpc.php is being deprecated in future versions of WordPress so why leave an artifact that can be used to enable a brute force attack on your site. Get rid of it ASAP!

Block Access to the xmlrpc.php file using Apache’s .htaccess file

.htaccess files are used by Apache web servers to allow or deny access to resources on your web site. We can allow or deny based on things like IP addresses or file names.

Your WordPress installation on Apache has a .htaccess file included by default.

You won’t see it using the >ls command as files beginning with a dot are hidden files. You can’t see it in the directory but we can open it.

In the screenshot below, I’ve opened the default WordPress .htaccess file using the nano text editor after connecting via SSH using PuTTY.

Setting an Access Restriction to the xmlrpc.php file using .htaccess file

Blocking access to the xmlrpc.php file to all users can be done using an entry in the .htaccess file that the Apache web server uses to grant or deny access to web resources.

When a request comes in to the Apache web server for the xmlrpc.php file, the server will apply this access rule which states that only local request will be granted and all others will be denied.

Navigate to your WordPress root folder. Mine was in: /var/www/html

I opened the .htaccess file by entering the command >sudo nano .htaccess

In the screenshot below, you see the special entry for <Files xmlrpc.php>.

.htaccess code for Denying Access to xmlprc.php

#Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
Order deny,allow
deny from all
</Files>

One More Thing: Check Your Apache Config AllowOverride Setting

Of course I did not realize for 24 hours that my .htaccess settings were not actually working. There was one more thing we had to configure on the Apache web server.

Double check your Apache2.conf file to see if the AllowOverride setting is set to All for you WordPress public html directory. Mine was in the /var/www directory.

My AllowOverride setting was set to None by default as you can see the /srv/ is still set to None. Your installation maybe different.