This is the webapp used for the course Software Security TDT4237 at NTNU. Used for the first time in September 2014. Below is the guide to fetch code and deploy it so that the app can be browsed at http://localhost:8080/.
Git is a version control system used for files. Install git. To authenticate yourself without password, use asymmetric crypto.
One group member should clone the repo, remove .git folder and push to new repo. Then the rest of the group members should be added as collaborators to that repo. This way the group can use git and github and synchronize code changes.
ssh-keygen
# go to github.com and create a new repo called my-new-repo. Mark it "private".
git clone git@github.com:TDT4237/moviereviews
cd moviereviews
rm -rf .git
git init
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
git add .
git commit -m'first commit'
git remote add origin git@github.com:<github username>/my-new-repo.git
git push -u origin master # assumes public key installed on github
Windows users can use git from Git Bash, which is a terminal that is bundled with git.
install php. Fetch the "VC11 x64 Non Thread Safe" (64 bit) or "VC11 x86 Non Thread Safe" (32 bit) zip file.
Append the location of the PHP executable to the PATH environment variable. Restart terminal so the new PATH is sourced.
Check reach-ability of interpreter with php -v.
If you get error similar to missing MSVCR110.dll when trying to run php, try installing
Visual C++ Redistributable for Visual Studio 2012 Update 4
Copy php.ini-production to php.ini. Enable openssl by removing leading ;
from ;extension=php_openssl.dll. Set extension_dir to ext.
Enable the php_pdo_sqlite.dll extension.
apt-get install php5-cli // debian/ubuntu
pacman -Syu php // archlinux
If you have OS X Mavericks (10.9), then you already have all that you need.
If you have OS X Mountain Lion (10.8) or earlier, then you'll have to get PHP 5.4, there are a few options for doing this, we'll cover HomeBrew and MacPorts:
Both: Install XCode (Available for free through the App Store, requires registration for download) Install XCode's Command Line Tools. (Should be available from within XCode's preferences)
MacPorts: Installing MacPorts sudo port install php56 php56-openssl php56-sqlite HomeBrew: Installing HomeBrew brew doctor brew tap homebrew/versions brew install php56
Composer is a dependency manager for PHP. Install composer.
curl -sS https://getcomposer.org/installer | php
Install dependencies with php composer.phar install.
This is the database. It is a PHP module usually packaged as a separate package in package managers.
apt-get install php5-sqlite sqlite3 // debian/ubuntu
pacman -Syu php-sqlite // archlinux
Create SQL tables and fill data with php composer.phar up.
Inspect db with sqlite3 app.db.
To list all tables run .tables. To describe a single table by name run
.dump users. For nicer layout run.mode column and .headers on.
To select users from the users table run
select * from users LIMIT 10;
Delete all tables with php composer.phar run-script down.
Webapps are usually deployed with Apache or nginx. But for development
and testing there is also the built-in HTTP server. Let's use it.
As of PHP 5.4.0, the CLI SAPI provides a
built-in web server.
Start the built-in server by running php -S localhost:8080 -t web web/index.php.
The file argument is the router front end. All requests go through the router. The -t option specifies the DocumentRoot. Images, css, and javascript files go there.
The webapp can be browsed at http://localhost:8080/.
For deployment such that the internet can reach your server run
php -S 0.0.0.0:8080 -t web web/index.php.
If you get error
Warning: require_once(/tmp/a/src/../vendor/autoload.php): failed to open stream: No such file or directory
you probably forgot to install dependencies with php composer.par install.
If you get error
SQLSTATE[HY000]: General error: 1 no such table: movies
you probably forgot to create SQL tables with php composer.phar up.
If that did not help, you have have started the HTTP server incorrectly. Which
can cause the app.db to be created in wrong directory. It should be created
in project root and not in the web folder. Delete the app.db in web folder
and then start the server correctly with
php -S localhost:8080 -t web web/index.php.
On the course run server, we are not running the PHP dev server explained here, as that is only meant for development use. Instead we run Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.4, where we host the subfolder web/ as DocumentRoot. This also means that unlike the repository code, app.db resides inside web/ on the server for the duration of Exercise 1. Those interested in exactly mimicking the behavior of the server should start with Ubuntu Trusty to get as close to our setup as possible.
Beware that your code WILL have to run on this setup when you deliver it.
When you access any field of a class in twig with e.g. movie.name it is internally
translated to $movie->getName(). So simply create that function.
Subclasses do not automatically call parent constructor. Call manually with
parent::__construct();
Learn some PHP syntax with code academy.
The project is built upon a lightweight framework called Slim.
The Twig template language is used.
Write nice php code.