Lee – 第4页 – 网站建设技术集锦

ECMall的一个登陆跳转Bug

　　前几天在帮人做ECMall的易宝接口集成，第一次接触ECMall不熟悉支付插件的模式，也没时间去研究，而且这次集成的方式也不方便使用插件的模式，一时偷懒，直接在支付方式选择那写死了，支付结果返回验证也写在了同个app里，结果不知道为什么支付成功返回后老是会退出登陆，关键的问题来了，重新登陆后跳转回支付结果页面显示支付参数被篡改，仔细对比了一下支付成功返回的URL与登陆后的URL发现其中的参数原来有大写字母的，登陆成功后跳转回去的URL里的英文字母全部被转换成小写字母了，PHP变量名对大小写敏感，所以以RUL参数形式传递的数据就获取不到了，导致支付结果验证失败。

解析登陆过程代码，发现在文件app/frontend.base.php的login方法里有这么几行代码：

PHP代码

/* 防止登陆成功后跳转到登陆、退出的页面 */
$ret_url = strtolower($ret_url);
if (str_replace(array('act=login', 'act=logout',), '', $ret_url) != $ret_url)
{
$ret_url = SITE_URL . '/index.php';
}

变量$ret_url是保存与传递登陆前的URL，用来登陆成功后跳转回登陆前的URL，在这里被小写化了。

将这几行代码改成这样：

PHP代码

/* 防止登陆成功后跳转到登陆、退出的页面 */
if (str_replace(array('act=login', 'act=logout',), '', strtolower($ret_url)) != strtolower($ret_url)) {
$ret_url = SITE_URL . '/index.php';
}

这样一来就不会被转换成小写了。

php-cgi占用cpu 100%的故障排除方法

1、用top命令查看占用了大量CPU的进程

2、用命令ls -l /proc/进程ID/fd/查看耗时比较长的进程到底在干什么事情

3、用strace -p 进程ID　命令跟踪

4、将php-fpm.conf的超时时间设置成5s，然后超过5s的php-cgi的请求就会记录到php的慢日志中，设置如下：

XML/HTML代码

<value name="request_slowlog_timeout">3s</value>
<value name="slowlog">logs/slow.log</value>

设置完成，利用命令/usr/local/php/sbin/php-fpm restart重启php-fpm，过一会查看slow.log的内容发现如下内容：

XML/HTML代码

script_filename =/htdocs/biglee.cn/test.php
[0x00007fffb060fd70] file_get_contents() /htdocs/biglee.cn/test.php:10

这就是占用CPU的最终原因

Linux做PHP守护进程

PHP代码

<?php
/*
* Unix中 nohup 命令功能就是不挂断地运行命令，同时 nohup 把程序的所有输出到放到当前目录 nohup.out 文件中，
* 如果文件不可写，则放到 <用户主目录>/nohup.out 文件中。那么有了这个命令以后我们php就写成shell 脚本使用
* 循环来让我们脚本一直运行下去，不管我们终端窗口是否关闭都能够让我们php 脚本一直运行下去。
*/
#!/usr/bin/php
set_time_limit(0);
while(true){
file_put_contents('timer.txt',date('Y-m-d H:i:s')."
",FILE_APPEND);
echo date("Y-m-d H:i:s"), 'OK!';
sleep(30);
}

#chmod +x timer.php

* 让它在后台运行:

# nohup /var/www/html/timer.php &

* &符号的作用是让进程在后端挂起

# ps

* 将会在终端显示 5155 pts/1 00:00:00 timer.php

* 终结进程

# kill -9 5155

YII架构与流程简单剖析

为了便于理解，按YII包里的Demo中的博客项目执行的流程来解析。

YII是单入口形式，项目的所有的访问都通过一个入口文件来进行，index.php：

PHP代码

<?php
// change the following paths if necessary
$yii=dirname(__FILE__).'/../../framework/yii.php';
$config=dirname(__FILE__).'/protected/config/main.php';
// remove the following line when in production mode
// defined('YII_DEBUG') or define('YII_DEBUG',true);
require_once($yii);
Yii::createWebApplication($config)->run();

入口文件的内容很简单，包含框架里的yii.php文件和项目的配置文件（一般是项目文件夹下的protected/config/main.php）。Yii继承于YiiBase，YiiBase的最后有这么几行（其中注释是我添加的）

PHP代码

spl_autoload_register(array('YiiBase','autoload'));//注册__autoload()函数
require(YII_PATH.'/base/interfaces.php');//引入接口定义

再回到入口文件上，最后一行，顾名思义就是运行WebApp，进入到YiiBase.php，有这些代码：

PHP代码

public static function createWebApplication($config=null)
{
return self::createApplication('CWebApplication',$config);
}
public static function createApplication($class,$config=null)
{
return new $class($config);
}

从这些代码可以看出入口文件里的createWebApplication($config)其实是创建了一个新的对象CWebApplication

Yii::createWebApplication($config)->run();等价于执行了CWebApplication($config)->run();

今天至此为止，改天继续。

windows,linux下SVN实现自动更新WEB目录

通过SVN进行版本库管理，每次提交后，都要在SVN服务器更新最新上传的版本到WEB目录进行同步。操作比较烦琐，而且效率也低。使用SVN钩子脚本进行WEB目录同步，可很好的解决这方面的问题。由于测试机器与SVN库都在同一台机器里，所以处理起来比较方便。

svn项目下面有hooks目录，里面存放的是全部的钩子脚本的模板

post-commit.tmpl 为客户端commit提交后触发

以下是windows和linux下自动更新版本库的方法：

在SVN 项目版本库的存储目录下的hooks 目录，新建立一个post-commit.bat 文件：

windows：

@echo off

SET REPOS=%1

SET REV=%2

SET DIR=%REPOS%/hooks

SET PATH=%PATH%;

SET WORKING=E:/www/o135

svn update %WORKING% –username o135 –password o135123

注意：以上方法必须把SVN服务器安装目录下的bin加入到path路径(环境变量)中。SVN通过setup进行安装，默认会将bin目录增加到path路径中，如果通过压缩包进行安装，必须要手动增加。

要想知道此脚本是否出错，可在cmd命令行里输入：C:Documents and SettingsAdministrator>e:/svn/hooks/post-commit.bat 进行测试。出现以下信息则表明脚本成功执行：

C:Documents and SettingsAdministrator>e:/svn/hooks/post-commit.bat

正在升级 ‘E:wwwo135′:

版本 15。

红色部分是版本库的位置，大家按实际位置进行修改。

以后不管那台机器，只能通过svn commit命令，都会触发此脚本，自动同步web目录中。

linux:

linux下原理跟windows是一样的。只是新建的文件名不一样。

在SVN 项目版本库的存储目录下的hooks 目录，新建立一个post-commit文件：

vi post-commit

增加以下代码：

#!/bin/sh

WEB=/home/data/o135

export LANG=en_US.UTF-8

svn update $WEB –username o135 –password 'o135123'

保存，退出。。

给予此脚本的权限：

chmod 777 post-commit

测试一下，看脚本是否有权限问题

./post-commit

以后每次客户端提交操作，就会自动运行该脚本。

CI的一个Session丢失的Bug

　　今天同组的同事跟我反映前台点击一些功能跳转到用户中心登陆后不会自动返回登陆前的页面。之前也没仔细测试，乘现在仔细调试调试。

　　这个项目是基于CodeIgniter开发的，进入登陆页面时会把来源网址记录在CI的Session里，登陆成功后跳转回去，看来是记录的数据丢失了。

　　CI的Session其实是将数据序列化后存在于数据库或者Cookie中，我用的是存在Cookie中，用开发者工具查看数据是在保存起来的，但是用CI的Session类读取数据就是读取不到，经过调试，初步发现原数据被清除了。进一步跟踪，发现是在检验Cookie数据的MD5值时与原值对不上，一时纳闷了，为什么会对不上呢？仔细看了下取出来的Cookie的值，发现urlencode后保存的网址数据被自动解码了，存之前的MD5是编码后的数据，取出来的是解码后的，因此对不上，CI为了安全，认为此数据被人为修改了，就销毁了它。

　　这是在谷歌Chrome浏览器下出现的状况，不知道在其它浏览器下读取Cookie会不会自动解码，暂时没时间一一测试。

　　找到原因，就好解决了，存数据的时候不要进行网址编码，如有必要在取出来后再进行urlencode编码。

让你的HTML5&CSS3网站在老IE中也能正常显示的3种方法

　　起初，IE其实也是一款非常有进取心的浏览器。但经过一段时间的蛰伏后，它已经成为了我们生活中的一道障碍。微软现在又重新开始向其它浏览器发起挑战，但事实情况是，新版的现代IE浏览器一直滞后于谷歌浏览器和火狐浏览器。我们还不得不想办法兼容早期的IE浏览器。下面提到的三种方法能快捷轻松的让你的HTML5&CSS3网站在微软的主要浏览器中也能神奇的运行！

　　htmlshiv.js

　　Remy开发的HTML5shiv工具能利用Javascript在老式IE里创建main，header，footer等HTML5元素。也就是说使用Javascript能创建这些本来不存在的HTML5新元素。这是什么原理？你可能花几天也想不明白，但谁在意呢！这个脚本几乎是所有正式网站必用的js。

1

2

3

<!--[if lt IE 9]>

<script src="dist/html5shiv.js"></script>

<![endif]-->

　　selectivizr.js

　　Selectivizr.js是一款神奇的工具，它能提供大量IE不支持的CSS

辩PHP里include与require的区别

　　无意中在网上看到文章，写的是PHP里include与require的区别，有说运行机制的，有说效率的，也有说处理方式的，我看了下2012年04月09日编译的中文版PHP手册，上面写着：

这两种结构除了在如何处理失败之外完全一样。include() 产生一个警告而 require() 则导致一个致命错误。换句话说，如果想在遇到丢失文件时停止处理页面就用 require()。include() 就不是这样，脚本会继续运行。同时也要确认设置了合适的 include_path。注意在 PHP 4.3.5 之前，包含文件中的语法错误不会导致程序停止，但从此版本之后会。

　　不知道是网上文章写的时候PHP的版本对这两者的处理是有许多区别的，还是那些作者乱写。

Teach Yourself Programming in Ten Years

Why is everyone in such a rush?

Walk into any bookstore, and you'll see how to Teach Yourself Java in 7 Days alongside endless variations offering to teach Visual Basic, Windows, the Internet, and so on in a few days or hours. I did the following power search at Amazon.com:

     pubdate: after 1992 and title: days and
      (title: learn or title: teach yourself)

and got back 248 hits. The first 78 were computer books (number 79 was Learn Bengali in 30 days). I replaced "days" with "hours" and got remarkably similar results: 253 more books, with 77 computer books followed by Teach Yourself Grammar and Style in 24 Hours at number 78. Out of the top 200 total, 96% were computer books.

The conclusion is that either people are in a big rush to learn about computers, or that computers are somehow fabulously easier to learn than anything else. There are no books on how to learn Beethoven, or Quantum Physics, or even Dog Grooming in a few days. Felleisen et al. give a nod to this trend in their book How to Design Programs, when they say "Bad programming is easy. Idiots can learn it in 21 days, even if they are dummies.

Let's analyze what a title like Learn C++ in Three Days could mean:

Learn: In 3 days you won't have time to write several significant programs, and learn from your successes and failures with them. You won't have time to work with an experienced programmer and understand what it is like to live in a C++ environment. In short, you won't have time to learn much. So the book can only be talking about a superficial familiarity, not a deep understanding. As Alexander Pope said, a little learning is a dangerous thing.
C++: In 3 days you might be able to learn some of the syntax of C++ (if you already know another language), but you couldn't learn much about how to use the language. In short, if you were, say, a Basic programmer, you could learn to write programs in the style of Basic using C++ syntax, but you couldn't learn what C++ is actually good (and bad) for. So what's the point? Alan Perlis once said: "A language that doesn't affect the way you think about programming, is not worth knowing". One possible point is that you have to learn a tiny bit of C++ (or more likely, something like Javascript or Flash's Flex) because you need to interface with an existing tool to accomplish a specific task. But then you're not learning how to program; you're learning to accomplish that task.
in Three Days: Unfortunately, this is not enough, as the next section shows.

Teach Yourself Programming in Ten Years

Researchers (Bloom (1985), Bryan & Harter (1899), Hayes (1989), Simmon & Chase (1973)) have shown it takes about ten years to develop expertise in any of a wide variety of areas, including chess playing, music composition, telegraph operation, painting, piano playing, swimming, tennis, and research in neuropsychology and topology. The key is deliberative practice: not just doing it again and again, but challenging yourself with a task that is just beyond your current ability, trying it, analyzing your performance while and after doing it, and correcting any mistakes. Then repeat. And repeat again. There appear to be no real shortcuts: even Mozart, who was a musical prodigy at age 4, took 13 more years before he began to produce world-class music. In another genre, the Beatles seemed to burst onto the scene with a string of #1 hits and an appearance on the Ed Sullivan show in 1964. But they had been playing small clubs in Liverpool and Hamburg since 1957, and while they had mass appeal early on, their first great critical success, Sgt. Peppers, was released in 1967. Malcolm Gladwell reports that a study of students at the Berlin Academy of Music compared the top, middle, and bottom third of the class and asked them how much they had practiced:

Everyone, from all three groups, started playing at roughly the same time – around the age of five. In those first few years, everyone practised roughly the same amount – about two or three hours a week. But around the age of eight real differences started to emerge. The students who would end up as the best in their class began to practise more than everyone else: six hours a week by age nine, eight by age 12, 16 a week by age 14, and up and up, until by the age of 20 they were practising well over 30 hours a week. By the age of 20, the elite performers had all totalled 10,000 hours of practice over the course of their lives. The merely good students had totalled, by contrast, 8,000 hours, and the future music teachers just over 4,000 hours.

So it may be that 10,000 hours, not 10 years, is the magic number. (Henri Cartier-Bresson (1908-2004) said "Your first 10,000 photographs are your worst," but he shot more than one an hour.) Samuel Johnson (1709-1784) thought it took even longer: "Excellence in any department can be attained only by the labor of a lifetime; it is not to be purchased at a lesser price." And Chaucer (1340-1400) complained "the lyf so short, the craft so long to lerne." Hippocrates (c. 400BC) is known for the excerpt "ars longa, vita brevis", which is part of the longer quotation "Ars longa, vita brevis, occasio praeceps, experimentum periculosum, iudicium difficile", which in English renders as "Life is short, [the] craft long, opportunity fleeting, experiment treacherous, judgment difficult." Although in Latin, ars can mean either art or craft, in the original Greek the word "techne" can only mean "skill", not "art".

So You Want to be a Programmer

Here's my recipe for programming success:

Get interested in programming, and do some because it is fun. Make sure that it keeps being enough fun so that you will be willing to put in your ten years/10,000 hours.
Program. The best kind of learning is learning by doing. To put it more technically, "the maximal level of performance for individuals in a given domain is not attained automatically as a function of extended experience, but the level of performance can be increased even by highly experienced individuals as a result of deliberate efforts to improve." (p. 366) and "the most effective learning requires a well-defined task with an appropriate difficulty level for the particular individual, informative feedback, and opportunities for repetition and corrections of errors." (p. 20-21) The book Cognition in Practice: Mind, Mathematics, and Culture in Everyday Life is an interesting reference for this viewpoint.
Talk with other programmers; read other programs. This is more important than any book or training course.
If you want, put in four years at a college (or more at a graduate school). This will give you access to some jobs that require credentials, and it will give you a deeper understanding of the field, but if you don't enjoy school, you can (with some dedication) get similar experience on your own or on the job. In any case, book learning alone won't be enough. "Computer science education cannot make anybody an expert programmer any more than studying brushes and pigment can make somebody an expert painter" says Eric Raymond, author ofThe New Hacker's Dictionary. One of the best programmers I ever hired had only a High School degree; he's produced a lot of great software, has his own news group, and made enough in stock options to buy his own nightclub.
Work on projects with other programmers. Be the best programmer on some projects; be the worst on some others. When you're the best, you get to test your abilities to lead a project, and to inspire others with your vision. When you're the worst, you learn what the masters do, and you learn what they don't like to do (because they make you do it for them).
Work on projects after other programmers. Understand a program written by someone else. See what it takes to understand and fix it when the original programmers are not around. Think about how to design your programs to make it easier for those who will maintain them after you.
Learn at least a half dozen programming languages. Include one language that supports class abstractions (like Java or C++), one that supports functional abstraction (like Lisp or ML), one that supports syntactic abstraction (like Lisp), one that supports declarative specifications (like Prolog or C++ templates), one that supports coroutines (like Icon or Scheme), and one that supports parallelism (like Sisal).
Remember that there is a "computer" in "computer science". Know how long it takes your computer to execute an instruction, fetch a word from memory (with and without a cache miss), read consecutive words from disk, and seek to a new location on disk. (Answers here.)
Get involved in a language standardization effort. It could be the ANSI C++ committee, or it could be deciding if your local coding style will have 2 or 4 space indentation levels. Either way, you learn about what other people like in a language, how deeply they feel so, and perhaps even a little about why they feel so.
Have the good sense to get off the language standardization effort as quickly as possible.

With all that in mind, its questionable how far you can get just by book learning. Before my first child was born, I read all the How Tobooks, and still felt like a clueless novice. 30 Months later, when my second child was due, did I go back to the books for a refresher? No. Instead, I relied on my personal experience, which turned out to be far more useful and reassuring to me than the thousands of pages written by experts.

Fred Brooks, in his essay No Silver Bullet identified a three-part plan for finding great software designers:

Systematically identify top designers as early as possible.
Assign a career mentor to be responsible for the development of the prospect and carefully keep a career file.
Provide opportunities for growing designers to interact and stimulate each other.

This assumes that some people already have the qualities necessary for being a great designer; the job is to properly coax them along. Alan Perlis put it more succinctly: "Everyone can be taught to sculpt: Michelangelo would have had to be taught how not to. So it is with the great programmers". Perlis is saying that the greats have some internal quality that transcends their training. But where does the quality come from? Is it innate? or do they develop it through diligence? As Auguste Gusteau (the fictional chef in Ratatouille) puts it, "anyone can cook, but only the fearless can be great." I think of it more as willingness to de