[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:misc:approach_to_web_development_on_slackware [2020/11/27 11:08 (UTC)] – [Web Dev primarily HTML and PHP] captain_sensible | howtos:misc:approach_to_web_development_on_slackware [2020/12/01 16:54 (UTC)] (current) – [Structure of HTML & PHP] captain_sensible | ||
---|---|---|---|
Line 7: | Line 7: | ||
There will be some embedded information on HTML and PHP, what they do and what they do not do. I will probably throw in some anecdotal | There will be some embedded information on HTML and PHP, what they do and what they do not do. I will probably throw in some anecdotal | ||
+ | |||
+ | ==== Structure of HTML & PHP ==== | ||
| | ||
Line 35: | Line 37: | ||
There are many alternatives to working with HTML documents using a text editor, but as good as any in my opinion is geany available from [[slackbuilds.org]].It has basic text highlighting and gets the job done. | There are many alternatives to working with HTML documents using a text editor, but as good as any in my opinion is geany available from [[slackbuilds.org]].It has basic text highlighting and gets the job done. | ||
+ | |||
+ | |||
+ | ==== Using Built in PHP dev Server to render HTML ==== | ||
+ | |||
+ | |||
Now, if we were working with geany and saved the above text as a file say index.html to your Desktop, you then have two choices; open and edit with a text editor or open it as intended with a web browser. If you do that, all you will see is "hello world" | Now, if we were working with geany and saved the above text as a file say index.html to your Desktop, you then have two choices; open and edit with a text editor or open it as intended with a web browser. If you do that, all you will see is "hello world" | ||
Line 125: | Line 132: | ||
Click on the line that says // | Click on the line that says // | ||
+ | |||
+ | |||
+ | ==== Making use of HTML presentation but with PHP functionality ==== | ||
Line 160: | Line 170: | ||
Refresh your browser and now what do you see? Quite a lot of information concerning PHP! | Refresh your browser and now what do you see? Quite a lot of information concerning PHP! | ||
When I first did this it demonstrated the potential of PHP. | When I first did this it demonstrated the potential of PHP. | ||
+ | |||
+ | ==== Introducing Databases into the mix ==== | ||
+ | |||
+ | |||
Next we will have a simple look at using a database.When you mention anything about databases most people immediately think MySQl or Maria;so you can't do anything with a database on your Desktop since you need a daemon. Well actually you can since sqlite3 is server-less. | Next we will have a simple look at using a database.When you mention anything about databases most people immediately think MySQl or Maria;so you can't do anything with a database on your Desktop since you need a daemon. Well actually you can since sqlite3 is server-less. | ||
Assuming our Terminal Emulator is in webPlay lets create a database from the command line. Actually lets first check we have the tools in place: | Assuming our Terminal Emulator is in webPlay lets create a database from the command line. Actually lets first check we have the tools in place: | ||
Line 251: | Line 265: | ||
which is another approach for working with web development. | which is another approach for working with web development. | ||
+ | |||
+ | ==== PHP framework ==== | ||
Before we look at xampp and apache i'm going to mention composer [[https:// | Before we look at xampp and apache i'm going to mention composer [[https:// | ||
Line 275: | Line 291: | ||
</ | </ | ||
+ | < | ||
CI4 | CI4 | ||
├── README.md | ├── README.md | ||
Line 314: | Line 330: | ||
There are pro's and cons. Its doesn' | There are pro's and cons. Its doesn' | ||
+ | |||
+ | |||
+ | ==== Setting up a Development Environment using Apache ==== | ||
Line 335: | Line 354: | ||
# mv CI4.zip / | # mv CI4.zip / | ||
</ | </ | ||
+ | |||
+ | === Approach To permission problems === | ||
Line 408: | Line 429: | ||
secrets when I show you my local WP ;it looks like this: | secrets when I show you my local WP ;it looks like this: | ||
- | {{: | + | {{: |
Its an extract of how WP uses Sqlite (yes you can opt for sqlite | Its an extract of how WP uses Sqlite (yes you can opt for sqlite | ||
Line 484: | Line 505: | ||
Note the 127.0.0.9 in address bar and that I can now work with framework and edit as user andrew , without risk of messing up system as root. If you follow this through and you get a problem its probably either your php version is < than 7.3 or I did something somewhere forgot about it and forgot to mention . | Note the 127.0.0.9 in address bar and that I can now work with framework and edit as user andrew , without risk of messing up system as root. If you follow this through and you get a problem its probably either your php version is < than 7.3 or I did something somewhere forgot about it and forgot to mention . | ||
- | |||
- | Pen-testing | ||
- | |||
- | |||
- | |||
- | One element that can be taken advantage of, having your web development running in Apache web server and viewable via local host is pen-testing. | ||
- | I will for the sake of brevity stick to relevance of pen-testing using Slackware. | ||
- | |||
- | In today' | ||
- | |||
- | Pen-testing puts a load on your server and I once got a warning about bandwidth usage from my hosting provider due to excessive requests on my web probably from a bot or a hacking scan software. Also its much easier to edit any files or test plugins locally than live. | ||
- | |||
- | I have a default WordPress | ||
- | |||
- | The first test will use software | ||
- | |||
- | Download th Linux version and unzip it say to Desktop. Open a terminal cd into ZAP_2.9.0 and then | ||
- | bash-5.0$ ./zap.sh | ||
- | |||
- | |||
- | All I have to do is type the url http:// | ||
- | |||
- | Result was 31 alerts on csrf, 19 XSS | ||
- | |||
- | The next test will involve wpscan. Now let me just say i’m not giving away any hacking secrets here, more a case of making | ||
- | |||
- | | ||
- | |||
- | To show you how vulnerable your user logins are, I will demonstrate by running | ||
- | |||
- | bash-5.0$ wpscan | ||
- | |||
- | output: | ||
- | |||
- | |||
- | [i] User(s) Identified: | ||
- | |||
- | [+] fredy | ||
- | | Found By: Author Posts - Display Name (Passive Detection) | ||
- | | Confirmed By: Rss Generator (Passive Detection) | ||
- | |||
- | [+] fred | ||
- | | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) | ||
- | |||
- | [+] andy | ||
- | | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) | ||
- | |||
- | |||
- | Now the users were designated during setup and install of WP and then I also did a manual edit of the database. | ||