In the first post I discussed the sick amount of functions in PHP compared to Perl, in the second one the reason why writing Perl applications goes faster and now in this third and final post, I'll discuss external connections.

Connecting to an other server is useful for a number of reasons, think about content scraping or posting messages to a website or forum. Both PHP and Perl have great support for this, but this time I think PHP wins the prize for being the most useful. This is a very strange thing to say because exploits etc are mainly written in Perl.

When you're connecting to a website in Perl, you can use LWP::Useragent, in PHP it's easier and you can just use file_get_contents("http://www.randombase.com"). These are only suitable for HTTP servers so not that useful.

As soon as you're trying something more advanced (IRC bot?) you need more powerful tools.  In PHP, the way to go is fsockopen(), this is an awesome function that is very easy to work with, it can work with virtually any protocol and gives you endless possibilities. The same goes for Perl's IO::Socket. This extension is maybe more powerful than PHP's, but for some reason I think it's unnecessary complex, there is too much information to be defined before you can actually use it.

So, my final judgement of this PHP vs Perl series would be Perl if you're writing something intended for personal usage or when you need to write a quick hack. I also think Perl is just candy for people who are good with advanced structures, because good and efficient Perl code is almost unreadable in the end. PHP is easier to pick up because of the enormous documentation (Perl's documentation is shattered on the web), and still the unbeaten king for developing websites.

Perl has these tiny little functions that make me use it more for small, personal one-time use things. PHP has support for some of them but often it feels just wrong and not supposed to be there. My favourite example is unless() (should I even add those ()?). Perl has the most awesome function ever:

print 'Hello world.' unless $world eq 'Destroyed';

That all, in one line. PHP has (together with Javascript) a good but too long and confusing option for, the shorter version of if(), I use it all the time. It would look like this in PHP:

print ($world == 'Destroyed') ? '' : 'Hello world';

Ok, that's a pretty sweet function but it requires me to type too much special characters.

The second function I would like to talk about is ... well it has no name, it's just something you can do. In short, it is this:

($arrayOptionOne,$arrayOptionTwo) = @array;

That is the Perl version, PHP has this one too but they really had to add a specific named function for it:

list($arrayOptionOne,$arrayOptionTwo) = $array;

And then one of the functions I use all the time for things that involve editing files:

open(FileHandle,"<fileName");

print join("",<FileHandle>");

That's it! That's just it, we have read a complete file in two lines of code. The PHP version is horrifying here:

$fileHandle = fopen('fileName', 'r');

$data = fread($fileHandle, filesize('fileName'));

fclose($fileHandle);
print $data;

Now I hear some people say: what's wrong with file_get_contents() then? Nothing, except it doesn't allow you to change the mode parameters (you know: read, write, append, ..) which is quite useful.

After all, anything that I need to write quickly for a task is written in Perl, but in the end PHP is the most powerful language for websites so don't get all mad on me for not mentioning that before.

It's comparing apples to oranges, I know. But still, this is quite interesting. When you look at the PHP functions list, you see three filled columns. I took the time to count it all (copy, paste in document, count lines) and got to the result of... 5250. That's right, PHP has 5250 documented functions.

Now, let's take a look at the Perl function list. I could have counted this one almost without a text editor, 209 functions.

So, can PHP do a lot more than Perl? Hell no, Perl was smart enough to divide its detailed functions into modules and extensions. PHP has extensions too (a lot of them are included in that 5250, I know), but a lot of them come with the distribution already.

An example: PHP has the built-in function "parse_url()", I'm not kidding. If anyone ever asks me what I believe is the single most useless function in PHP, it's parse_url(). You're not learning anyone to code by spoon-feeding this junk, in Perl you have to write your own functions atleast.

I do agree that writing a complex script is a lot less work in PHP than it is in Perl, but I think they really could miss some of the functions they have now...

Companies like Norton and McAfee charge a hell lot of money for software that makes sure your computer is unstable, without performance, ruins your experience whenever you are trying a new application or just blocks you out the moment you try to uninstall it. These companies have the nerve of naming things w32.evilthing.worm or something while their own piece of junk is probably more harmful then the things they attempt to remove.

Let's face it, the software the average computer user buys to "protect" his/her computer is way too primitive and resource demanding. They are known to be full of bugs, extremely easy to hide from as a piece of malware, and best of all: you can't control shit about them (Norton has maybe twenty configuration options, try making it to not start up when Windows does).

But there are more reasons I don't have their junk products: I just don't need it. When I receive a mail from this beautiful Polish lady that would love to chat with me, through her very own chat client, which is of course included as chat.exe, I realise she is just not right for me. Or when someone advices me to go back to Internet Explorer 4 because it has more advanced features, I might question that persons intelligence (for two reasons: recommending Internet Explorer and recommending an older version).

After that, there are still two methods on not getting annoyed by malware or attacks. A good method I use is just misconfiguring your router in such a way it doesn't accept any reverse connections but HTTP and some other protocols. The second method is the one I'd recommend to everyone: try not to make too much enemies, because not all virus mails you get are unsolicited spam mails...

Hey, this isn't new! This is the exact same thing as my previous Simple Machines Forum 1.1.4 password hash cracker! Yes, it is. They didn't change the method this time, it's still a very basic SHA1 encryption. The download can be found here. If you're interested in a more extensive explanation, head over to my old post.

All packed up & ready for your enjoyment: PHP Source Auditor 4! So, if you have (most likely) never heard of it, this is the deal:

PSA4 is a Perl script that connects to your local webhost and scans all files (recursively) in the www root, for vulnerabilities. It scans for:

1. Remote File Inclusion
2. Remote Command Execution
3. Remote Code Execution
4. Cross Site Scripting
5. SQL injection (very weak scanning on this though)
6. Local File Inclusion (results sometimes get buggy)

The difference with other scanners is, it actually can tell whether the script is vulnerable or not since it exploits it on the fly by entering weird data into the variables. You can download it right here and (for now) nowhere else :).

I couldn't find any good hash cracker for SMF. This one isn't actually finished but it has the most used/important function being dictonary attack. The menu/usage is quite simple:

Menu..
1. Numeric attack
2. Alphabetic attack or whatever
3. Mix 'em up Johnny
4. Dictionary attack
< Choice >

Of course, this is not a hack tool of any kind. It just helps you recovering passwords that are hashed in the database. You'll need a Perl executer though and the DIGEST::Sha1 extension but this comes with most Perl distributions already. Download the source code here. A screenshot of the tool included below.

Read more »

When browsing through my Perl folder, I came across my first line of code in Perl, written in 2006:

for($start="a";$start ne "zzz";$start++) { print $start."\n"}

I'm wondering now if I just copied that from some tutorial or actually wrote it myself :) .

If Perl lacks something, it's a modern community, so here is a new project of RandomBase: PerlForums.org. We hope to attract lots of people to show the world Perl isn't dead and isn't as hard as everyone thinks, it is strongly aimed at new users and not only at the so called experts. We invite everyone to join these forums, ask questions and become a part of the newly formed Perl community!

Been a while since I've written and released a tool, but PSA3 was so stuffed with bugs and lacked a Local File Inclusion feature that lots of people began asking for fixes. You can read all about PSA3 here. PSA4 will mainly do the same but with a lot less bugs, the freezing has been fixed completely for example. The second most asked feature 'LFI recognition' has been added but needs tweaking at the moment. The SQL injection regex has been updated but this will not mean more SQL injection results. I'm sorry for the disappointment, that this release will still contain lots and lots of inefficient coding, like the previous version did, but the code has become so big I just can't be bothered rewriting it all. The GUI itself hasn't changed much, the file counter made place for a percent counter and there is also a counter for 'total lines scanned' to give an impression of the scan speed.