Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Language IDEs » PHP Development Tools (PDT) » Debugging Web App with variable document root
Debugging Web App with variable document root [message #14281] Tue, 17 April 2007 20:58 Go to next message
Eclipse UserFriend
Originally posted by: nathan+eclipse.k9tfk.com

Hello,
I've been attempting to use the debugger on a fairly complex application
that has a session id built into the document root. The process I'm
describing below works just fine, so I'm not asking for help with it. I
feel like I need to explain it in order to explain the problem I'm having
with the debugger.

https://example.com/index.php
https://example.com/b9229a6e85bb5d70ecff869379d0e45e/index.p hp

Are the same file, with a rewrite rule:
RewriteRule ^\/([a-f0-9]{32})?/(.*)$ /$2 [E=FINGERPRINT:$1]

The first time index.php (or any other file) is requested, it creates a
fingerprint and 302 redirects back to itself. It also does a lot of other
security stuff to prevent session fixation, hijacking, etc...

So here is the problem. When I launch the debugger, it starts walking
through the code just fine. When it hits the first header('Location: ')
command that adds the 32 character fingerprint, the step through icons
stop working and it is left in an odd state.

It thinks the code is still running. There is still a little green "play"
icon attached to the process in the Debug tab. The only options I have to
continue are: relaunch, terminate-and-relaunch or terminate. Meanwhile
the browser is just churning. None of those options continue debugging
the file.

(I can debug this script/process in ZDE 5.5 just fine.)

Does anyone know if Eclipse can handle a variable document root?
Is this a bug, enhancement or a feature?

Thanks for your time,
--Nathan
Re: Debugging Web App with variable document root [message #15109 is a reply to message #14281] Wed, 18 April 2007 09:01 Go to previous messageGo to next message
D Kelsey is currently offline D KelseyFriend
Messages: 232
Registered: July 2009
Senior Member
Can you create a simple php script that replicates the problem ?

Dave Kelsey

Nathan L wrote:
> Hello,
> I've been attempting to use the debugger on a fairly complex application
> that has a session id built into the document root. The process I'm
> describing below works just fine, so I'm not asking for help with it. I
> feel like I need to explain it in order to explain the problem I'm
> having with the debugger.
>
> https://example.com/index.php
> https://example.com/b9229a6e85bb5d70ecff869379d0e45e/index.p hp
>
> Are the same file, with a rewrite rule:
> RewriteRule ^\/([a-f0-9]{32})?/(.*)$ /$2 [E=FINGERPRINT:$1]
>
> The first time index.php (or any other file) is requested, it creates a
> fingerprint and 302 redirects back to itself. It also does a lot of
> other security stuff to prevent session fixation, hijacking, etc...
>
> So here is the problem. When I launch the debugger, it starts walking
> through the code just fine. When it hits the first header('Location: ')
> command that adds the 32 character fingerprint, the step through icons
> stop working and it is left in an odd state.
>
> It thinks the code is still running. There is still a little green
> "play" icon attached to the process in the Debug tab. The only options
> I have to continue are: relaunch, terminate-and-relaunch or terminate.
> Meanwhile the browser is just churning. None of those options continue
> debugging the file.
>
> (I can debug this script/process in ZDE 5.5 just fine.)
>
> Does anyone know if Eclipse can handle a variable document root? Is
> this a bug, enhancement or a feature?
>
> Thanks for your time,
> --Nathan
>
Re: Debugging Web App with variable document root [message #15160 is a reply to message #15109] Wed, 18 April 2007 13:11 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: nathan+eclipse.k9tfk.com

Sure,

Here is a script that debugs just fine:

<?php
if (!empty($_GET['step'])) {
$step = (int)$_GET['step'];
$step++;
} else {
$step = 2;
}
if ($step == 4) {
echo 'it worked';
} else {
$protocol = ($_SERVER['SERVER_PORT']) == 80 ? 'http' : 'https';
header("Location:
$protocol://{$_SERVER['SERVER_NAME']}{$_SERVER['SCRIPT_NAME']}?step=$step");
}
?>

Here is the script that I cannot debug past the first header() call.
You'll need to add a rewrite rule for it to work:

RewriteEngine on
RewriteRule ^\/([a-f0-9]{32})\/(.*)$ /$2 [E=FINGERPRINT:$1]

<?php
if (!empty($_GET['step'])) {
$step = (int)$_GET['step'];
$step++;
} else {
$step = 2;
}
if (empty($_SERVER['FINGERPRINT'])) {
$fp = md5('identifying stuff here');
} else {
$fp = $_SERVER['FINGERPRINT'];
}
if ($step == 4) {
echo 'it worked';
} else {
$url = ($_SERVER['SERVER_PORT']) == 80 ? 'http' : 'https';
$url .= "://{$_SERVER['SERVER_NAME']}";
$url .= "/$fp{$_SERVER['SCRIPT_NAME']}?step=$step";
header("Location: $url");
}
?>
Re: Debugging Web App with variable document root [message #15351 is a reply to message #15160] Wed, 18 April 2007 16:13 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: nathan+eclipse.k9tfk.com

I realized a minute ago that I had a bug in my simple script, the second
one:

Without spending a lot of time on it, this one executes.
<?php
$filename = 'debug.php';
if (!empty($_GET['step'])) {
$step = (int)$_GET['step'];
$step++;
} else {
$step = 2;
}
if (empty($_SERVER['FINGERPRINT'])) {
$fp = md5('identifying stuff here');
} else {
$fp = $_SERVER['FINGERPRINT'];
}
if ($step == 4) {
echo 'it worked';
} else {
$url = ($_SERVER['SERVER_PORT']) == 80 ? 'http' : 'https';
$url .= "://{$_SERVER['SERVER_NAME']}";
$url .= "/$fp/$filename?step=$step";
header("Location: $url");
}
?>
Re: Debugging Web App with variable document root [message #16439 is a reply to message #15351] Fri, 20 April 2007 08:45 Go to previous messageGo to next message
D Kelsey is currently offline D KelseyFriend
Messages: 232
Registered: July 2009
Senior Member
Nathan, wasn't sure from your post whether you still have a problem or not.
does the script still show the issue you have ?

Nathan L wrote:
> I realized a minute ago that I had a bug in my simple script, the second
> one:
>
> Without spending a lot of time on it, this one executes.
> <?php
> $filename = 'debug.php';
> if (!empty($_GET['step'])) {
> $step = (int)$_GET['step'];
> $step++;
> } else {
> $step = 2;
> }
> if (empty($_SERVER['FINGERPRINT'])) {
> $fp = md5('identifying stuff here');
> } else {
> $fp = $_SERVER['FINGERPRINT'];
> }
> if ($step == 4) {
> echo 'it worked';
> } else {
> $url = ($_SERVER['SERVER_PORT']) == 80 ? 'http' : 'https';
> $url .= "://{$_SERVER['SERVER_NAME']}";
> $url .= "/$fp/$filename?step=$step"; header("Location: $url");
> }
> ?>
>
Re: Debugging Web App with variable document root [message #16527 is a reply to message #16439] Fri, 20 April 2007 18:17 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: nathan+eclipse.k9tfk.com

Oh yes,
Sorry for the confusion.

The very first of the three snippets of code I posted is a script that
debugs just fine with PDT and the Zend Debugger. I can step through all
the code with no problems.

The third script I posted causes the Debugger to stop after the first
header("Location: ..."); line.

The only difference between the two scripts is the "fingerprint" that I
add using a rewrite rule. So basically, the document root changes, and
then the debugger stops working.

These are the _exact_ same files:

http://example.com/debug.php
http://example.com/a53844ec3042361d76032a8186307767/debug.ph p

Since the document root varies, I wouldn't be able to debug any files
inside my project.
Re: Debugging Web App with variable document root [message #16671 is a reply to message #16527] Mon, 23 April 2007 11:39 Go to previous messageGo to next message
D Kelsey is currently offline D KelseyFriend
Messages: 232
Registered: July 2009
Senior Member
Hi Nathan, ok I can provide some answers to your questions.

The way the XDebug support for PDT works for web launches is that when
the script ends on the server, the actual debug side stays up. This is
why you see that the debugger is still running and it has a green play
arrow next to it. At this point no script is being debugged, it is waiting
for the next interaction from the webbrowser and it will detect this and
continue with debugging your web session.

So what happens here is the scripts execute fine and finally ends but
all you see in the debugger is it waiting for the next web page interaction
with no breaking at break points as you wanted (I assume)

with your scenario you say that the 2 URLs point to exactly the same script file
(ie physically the same, not a copy). Forgive my ignorance here but how do
you achieve this ? So I can setup the same scenario. If these are the exact same
physical files, then xdebug should see that there is a breakpoint on that file
and generate a break request to the debugger.

I don't think you need a rewrite rule. As far as I am aware, the rewrite rule
is applied only to when breakpoints are set (ie translates the fully qualified
workspace file to the correct physical fully qualified path of the file that
will be executed by the server and sent to xdebug along with the line number).

ReWrite rules are not applied when the name of the file comes into the debugger
from XDebug, but I would expect XDebug to send the name of the first file anyway
as it is the same physical file right ?

So I am not quite sure what the problem is yet. I really need to recreate how you
map to URLs to the same physical file.

Dave Kelsey


Nathan L wrote:
> Oh yes,
> Sorry for the confusion.
>
> The very first of the three snippets of code I posted is a script that
> debugs just fine with PDT and the Zend Debugger. I can step through all
> the code with no problems.
>
> The third script I posted causes the Debugger to stop after the first
> header("Location: ..."); line.
> The only difference between the two scripts is the "fingerprint" that I
> add using a rewrite rule. So basically, the document root changes, and
> then the debugger stops working.
>
> These are the _exact_ same files:
>
> http://example.com/debug.php
> http://example.com/a53844ec3042361d76032a8186307767/debug.ph p
>
> Since the document root varies, I wouldn't be able to debug any files
> inside my project.
>
>
>
Re: Debugging Web App with variable document root [message #17698 is a reply to message #16671] Mon, 30 April 2007 15:48 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: nathan+eclipse.k9tfk.com

I'm sorry, I've been talking about Zend's Debugger, not XDebug. I believe
they are two different animals...? I'll try to describe again, in more
detail, the problem I'm experiencing. Again, I'm not demanding a solution
or anything. Just trying to determine if this is a real bug that I should
file. I don't need to use PDT in production, but am beta testing it and
hoping to use it in the future.

My setup is as follows:
1. Remote Ubuntu server running Apache 2.0.55 with Zend Core 1.5 (PHP
5.1.6).

2. PHP is setup with Zend Extension Manager and the latest Zend Debugger
downloaded from Zend.com.

3. The Apache document root on the Ubuntu server is shared via Samba to my
windows desktop, where the Eclipse project edits these files directly.

4. There is a rewrite rule in the appropriate Apache configuration file
that rewrites any request that starts with a valid md5 in the path back to
the document root. This rewrite rule puts the md5 hash into an Environment
variable:

RewriteRule ^\/([a-f0-9]{32})?/(.*)$ /$2 [E=FINGERPRINT:$1]

Thus, these two requests are for the _exact_ same physical file:

https://example.com/debug.php
https://example.com/b9229a6e85bb5d70ecff869379d0e45e/debug.p hp

5. In Eclipse on my windows machine, I initiate a server debugging request
to the "https://example.com/debug.php" URL. At this point, the debugger
will stop at a breakpoint and works just fine.

6. After the debug.php does a header("Location:
https://example.com/b9229a6e85bb5d70ecff869379d0e45e/debug.p hp"); the
debugger stops responding and hangs.

If I change the file to do a header("Location:
https://example.com/debug.php"); without the md5 in the path, then the
debugger continues to stop at breakpoints.

So that is the problem I'm having. This works fine using the Zend
Development Environment, the ZDE is able to break both before and after
the md5 hash is added to the path. Meaning the project's document root
can vary based on a value that is generated at run-time.

You may ask why I am doing this in such a weird way... Basically I call
the md5 in the path a "fingerprint" and it is used as extra protection
against Session fixation and hijacking. A normal PHPSESSID is set and
passed through a cookie, while the FINGERPRINT is passed through the URL.
They are associated with each other and with a specific account. If
either changes, the application asks you to re-authenticate. This
prevents the same account from being logged in twice at the same time from
two different browsers (or computers). This is for an online banking-like
application, so I need to be extra cautious.

I'm also looking into how to solve this problem because some frameworks
(like Symfony) allow you to develop complex applications where the URL has
nothing to do with the precise PHP file that is being executed.

Thanks,
--Nathan
Re: Debugging Web App with variable document root [message #18437 is a reply to message #17698] Wed, 02 May 2007 15:33 Go to previous message
Eclipse UserFriend
Originally posted by: nospam.home.net

Hi Nathan, hi list,

I asked about mod_rewrite support a few weeks ago, as well. We are e.g.
using rewriting for "hiding" php, meaning our URLS all use a RESTful
pattern, and end in .html. Here?s a basic example:

URL:
www.domain.com/shop/basket/index.html

"Real" path:
www.domain.com/shop/basket.php

I am experiencing the same behaviour you described earlier.

bye, Michael

Nathan L wrote:
> I'm sorry, I've been talking about Zend's Debugger, not XDebug. I
> believe they are two different animals...? I'll try to describe again,
> in more detail, the problem I'm experiencing. Again, I'm not demanding
> a solution or anything. Just trying to determine if this is a real bug
> that I should file. I don't need to use PDT in production, but am beta
> testing it and hoping to use it in the future.
>
> My setup is as follows:
> 1. Remote Ubuntu server running Apache 2.0.55 with Zend Core 1.5 (PHP
> 5.1.6).
>
> 2. PHP is setup with Zend Extension Manager and the latest Zend Debugger
> downloaded from Zend.com.
>
> 3. The Apache document root on the Ubuntu server is shared via Samba to
> my windows desktop, where the Eclipse project edits these files directly.
>
> 4. There is a rewrite rule in the appropriate Apache configuration file
> that rewrites any request that starts with a valid md5 in the path back
> to the document root. This rewrite rule puts the md5 hash into an
> Environment variable:
>
> RewriteRule ^\/([a-f0-9]{32})?/(.*)$ /$2 [E=FINGERPRINT:$1]
>
> Thus, these two requests are for the _exact_ same physical file:
>
> https://example.com/debug.php
> https://example.com/b9229a6e85bb5d70ecff869379d0e45e/debug.p hp
>
> 5. In Eclipse on my windows machine, I initiate a server debugging
> request to the "https://example.com/debug.php" URL. At this point, the
> debugger will stop at a breakpoint and works just fine.
>
> 6. After the debug.php does a header("Location:
> https://example.com/b9229a6e85bb5d70ecff869379d0e45e/debug.p hp"); the
> debugger stops responding and hangs.
>
> If I change the file to do a header("Location:
> https://example.com/debug.php"); without the md5 in the path, then the
> debugger continues to stop at breakpoints.
>
> So that is the problem I'm having. This works fine using the Zend
> Development Environment, the ZDE is able to break both before and after
> the md5 hash is added to the path. Meaning the project's document root
> can vary based on a value that is generated at run-time.
> You may ask why I am doing this in such a weird way... Basically I call
> the md5 in the path a "fingerprint" and it is used as extra protection
> against Session fixation and hijacking. A normal PHPSESSID is set and
> passed through a cookie, while the FINGERPRINT is passed through the
> URL. They are associated with each other and with a specific account.
> If either changes, the application asks you to re-authenticate. This
> prevents the same account from being logged in twice at the same time
> from two different browsers (or computers). This is for an online
> banking-like application, so I need to be extra cautious.
>
> I'm also looking into how to solve this problem because some frameworks
> (like Symfony) allow you to develop complex applications where the URL
> has nothing to do with the precise PHP file that is being executed.
> Thanks,
> --Nathan
>
Previous Topic:Drupal Debugging
Next Topic:plase vote for aptana integration [183586]
Goto Forum:
  


Current Time: Sun Dec 21 02:51:31 GMT 2014

Powered by FUDForum. Page generated in 0.01913 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software