SSL in Wamp Server

SSL Encryption can be added to your Wamp Server package to make it more secure as well as to test the SSL environment before taking your application to production. 

Note 1: Example given in case the folder in which apache is installed is apache2.2.6  where 2.2.6 is the version of apache installed. In case of another version being installed, say apache 2.2.22, this folder would change to apache2.2.22

Note 2: the foldername appName used below should be changed to whatever is the foldername where your application is placed which should be served to users connecting via https://

1. Create SSL Certificate and Key

Open the DOS command window and change directory to bin directory of wamp apache directory by using the DOS command

cd c:\wamp\bin\apache\apache2.2.6\bin

Now the DOS prompt should look like: C:\wamp\bin\apache\apache2.2.6\bin>

To create a server key with 1024 bits encryption, enter this command:

openssl genrsa -des3 -out server.key 1024

It’ll ask you a pass phrase, enter a passphrase of your choice which you will remember

Remove the pass phrase from the RSA private key (while keeping a backup copy of the original file). Enter these commands:

copy server.key server.key.org

openssl rsa -in server.key.org -out server.key

It’ll ask you the pass phrase you entered earlier, enter it

Create a self-signed Certificate (X509 structure) with the RSA key you just created. Enter the command:

openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -config C:\wamp\bin\apache\apache2.2.6\conf\openssl.cnf

You'll be asked to fill in information after entering this command.

2. Copy the server.key and server.crt files

In the conf folder of apache2.2.6 folder, create two folders named as ssl.key and ssl.crt

Copy the server.key file to ssl.key folder and server.crt file to ssl.crt

3. Edit the httpd.conf file and php.ini

In httpd.conf file, remove the comment definer # at the line which says:

LoadModule ssl_module modules/mod_ssl.so

In httpd.conf, remove the comment definer # at the line which says:

Include conf/extra/httpd_ssl.conf

Then move that line after this block <IfModule ssl_module>…. </IfModule>

Open the php.ini file located in apache2.2.6/bin folder, remove the comment definer; at the line which says:

extension=php_openssl.dll

4. Edit the httpd-ssl.conf file

The httpd-ssl.conf file is located at C:\wamp\bin\apache\Apache2.2.6\conf\extra

This should be edited as follows

Find the line which says "SSLMutex …." and change it to SSLMutex default without quotes

Find the line which says: <VirtualHost _default_:443>.

Right after it, change the line which says DocumentRoot … to DocumentRoot "C:/wamp/www/appname" with quotes.  

Change the line "ErrorLog…." to Errorlog C:/wamp/logs/sslerror.log without quotes

Change the line "TransferLog …." to TransferLog C:/wamp/logs/sslaccess.log without quotes

Specify the SSL crt file:  Change the line "SSLCertificateFile …." to SSLCertificateFile "C:/wamp/bin/apache/apache2.2.6/conf/ssl.crt/server.crt"

Specify the SSL key file: Change the line "SSLCertificateKeyFile …." to SSLCertificateKeyFile " C:/wamp/bin/apache/apache2.2.6/conf/ssl.key/server.key"

Change the line which says <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin"> to <Directory "C:/wamp/www/">

and add the following lines inside those <Directory … >…</Directory> tags:

Options Indexes FollowSymLinks MultiViews

AllowOverride All

Order allow,deny

allow from all

Make sure the line CustomLog "C:/wamp/logs/ssl_request.log" \  is uncommented (remove the #).

In the DOS Command window, enter httpd -t . If it displays Syntax is OK, then proceed, else you have made a syntactical error and will need to troubleshoot

Go to C:/wamp/logs and create the following 3  files

                                i.            sslerror.log

                              ii.            ssl_request.log

                             iii.            sslaccess.log

5. Starting the HTTPS Server and Putting it Online

Restart the Apache server

If restart is successful, then open the browser and enter https://localhost

If you want to allow put your HTTPS secure server online then in the httpd_ssl.conf file, change the line which says "ServerName localhost:443" to "ServerName www.yourwebsitename.com:443" or  "ServerName X.Y.Z.A:443" without quotes where yourwebsitename is your registered internet domain name and/or  X.Y.Z.A is your WAN IP Address

The DocumentRoot you modified in Step 4 points to the correct website folder on your server.

If your server is connected to a router, setup the router to allow port 443 forwarding to your server.

If your server has a firewall enabled or behind a network firewall, set up the firewall to allow incoming port 443 connection

PHP to handle inputs copy pasted from MS Word

A common problem faced is that the user wants to copy & paste their article or part of it from Microsoft Word, directly into a textarea on a page. The problem is word uses non UTF-8 characters. Once the page is submitted, PHP gets it and the characters are encoded differently and they display weirdly when displayed back via an echo. 

A Commonly available solution for this is to create a function which parses the input and cleans it up either by removing the non standard characters or converting them into standard UTF-8 characters

Here is an example of one such

function fWordCharacterConverter($str)
{
$invalid = array('Š'=>'S', 'š'=>'s', 'Ð'=>'Dj', 'd'=>'dj', 'Ž'=>'Z', 'ž'=>'z',
'C'=>'C', 'c'=>'c', 'C'=>'C', 'c'=>'c', 'À'=>'A', 'Á'=>'A', 'Â'=>'A', 'Ã'=>'A',
'Ä'=>'A', 'Å'=>'A', 'Æ'=>'A', 'Ç'=>'C', 'È'=>'E', 'É'=>'E', 'Ê'=>'E', 'Ë'=>'E',
'Ì'=>'I', 'Í'=>'I', 'Î'=>'I', 'Ï'=>'I', 'Ñ'=>'N', 'Ò'=>'O', 'Ó'=>'O', 'Ô'=>'O',
'Õ'=>'O', 'Ö'=>'O', 'Ø'=>'O', 'Ù'=>'U', 'Ú'=>'U', 'Û'=>'U', 'Ü'=>'U', 'Ý'=>'Y',
'Þ'=>'B', 'ß'=>'Ss', 'à'=>'a', 'á'=>'a', 'â'=>'a', 'ã'=>'a', 'ä'=>'a', 'å'=>'a',
'æ'=>'a', 'ç'=>'c', 'è'=>'e', 'é'=>'e', 'ê'=>'e',  'ë'=>'e', 'ì'=>'i', 'í'=>'i',
'î'=>'i', 'ï'=>'i', 'ð'=>'o', 'ñ'=>'n', 'ò'=>'o', 'ó'=>'o', 'ô'=>'o', 'õ'=>'o',
'ö'=>'o', 'ø'=>'o', 'ù'=>'u', 'ú'=>'u', 'û'=>'u', 'ý'=>'y',  'ý'=>'y', 'þ'=>'b',
'ÿ'=>'y', 'R'=>'R', 'r'=>'r', "`" => "'", "´" => "'", "„" => ",", "`" => "'",
"´" => "'", "“" => "\"", "”" => "\"", "´" => "'", "&acirc;€™" => "'", "{" => "",
"~" => "", "–" => "-", "’" => "'");

$str = str_replace(array_keys($invalid), array_values($invalid), $str);

return $str;
}

Another solution which is much less known but works well is to use the php function iconv

$str= iconv('UTF-8', 'ASCII//TRANSLIT', $str);    

Details from the PHP Manual:

string iconv ( string $in_charset , string $out_charset , string $str )

Performs a character set conversion on the string str from in_charset to out_charset. 

Parameters

in_charset

The input charset.

out_charset

The output charset.

If you append the string //TRANSLIT to out_charset transliteration is activated. This means that when a character can't be represented in the target charset, it can be approximated through one or several similarly looking characters. If you append the string //IGNORE, characters that cannot be represented in the target charset are silently discarded. Otherwise, str is cut from the first illegal character and an E_NOTICE is generated.

str

The string to be converted.

Return Values

Returns the converted string or FALSE on failure.

Redirecting based on the URL string using PHP

In many cases, one ends up hosting multiple sites on a single server, shared or VPS.

Also in many other cases a company has multiple domains and multiple page addresses to service clients and prospects from different countries, demographics and walks of life.

And the need of the hour is that one wants to send a user to a different folder on your web site, based on what domain they use? Here we will explain a simple way to do this using PHP.

For instance on my VPS, I have 2 domains pointing: one domain called sampleno1.com and the other one called sampleno2.com. Both point to the IP of the VPS.
We have an index.php file in the root of the web server on the VPS containing the following code.

<?php

if (($_SERVER['HTTP_HOST'] == “sampleno1.com”) || ($_SERVER['HTTP_HOST'] == “www.sampleno1.com”))
{
    header("location: folderforsampleno1");
}

if (($_SERVER['HTTP_HOST'] == “sampleno2.com”) || ($_SERVER['HTTP_HOST'] == “www.sampleno2.com”))
{
    header("location: folderforsampleno2");
}

?>


The code asks the PHP server to see what the HTTP_HOST header is. If it is sampleno1.com or www.sampleno1.com, then it redirects to the folder on the server which contains the code for the site sampleno1.

If it is sampleno2.com or www.sampleno2.com, then it redirects to the folder on the server which contains the code for the site sampleno2