Sphider 1.5.0

Version 1.5.0 is just days away from public release. Testing is continuing, but going very well. The NEW Sphider User’s Guide is essentially complete and being reviewed. We could say it is ready to go now, but rather put it through its paces a couple more times before publishing it on Tuesday, December 1, 2015.

So what’s so special about Sphider 1.5.0? For starters, it is fully up to date. PHP 5.6 loves it. So does MySQL 5.6. And all the html is HTML5, which is very strict in structure. Because Sphider is written in PHP, if you do a “view source” on a web page it ain’t gonna be pretty. But it is correct.

Having read the change reports for MySQL 5.7, which was just recently released, no changes appear to be needed. And, although still in Release Candidate stage, early examination of the coming PHP 7 does not reveal any issues. Sphider 1.5.0 is ready!

Security has also been a concern. Sphider 1.3.6 is ripe with opportunity for SQL injection attacks. Simply getting rid of the deprecated MySQL extension and replacing it with the MySQLi extension did nothing for security. Moving to prepared statements DOES virtually eliminate SQL injection attacks. With prepared statements, bound variables are kept separate and never parsed as a part of a generic SQL statement.

Wherever GET, POST, or REQUEST data is used, it is escaped, matched, and any otherwise reduced to safe data.

One critical Sphider page was once COMPLETELY rewritten, using unescaped GET data everytime the settings were changed. No more. This page (which you never actually SEE), is now static in structure and completed on call from the database. Of course, changing the configuration means updating the database, which in turn uses GET data. The thing is, now 1) the GET data is parsed and escaped, and 2) is written to the database using the prepared statement process. This critical page can no longer be hijacked and used as a weapon against you.

Originally, there was some PHP code written into some .html pages. If you looked at the page in a browser and went to “view source”, anyone could view snippets of actual PHP code. No more.

We also found that, if you dug deep enough into the spider functions, our earlier efforts to improve Sphider broke a couple things. We corrected those. We ALSO found there were things in 1.3.6 that were SUPPOSED to work, but didn’t. We corrected those, too.

So, are we claiming Sphider 1.5.0 to be bug free, the perfect Sphider? No, we aren’t that vain. But, for today’s environment, Sphider 1.5.0 is a good fix for the dying Sphider 1.3.6. And you won’t have to pay money for Sphider-plus or Sphider-pro and get functionality you don’t need.

We feel the Sphider User’s Guide is l-o-n-g overdo. Wouldn’t it be nice to really know what all the setting do, what happens on each of the admin pages, and what kind of searches you can do? It’s always nice to have a road map.

(Did we mention that spelling suggestions now works much more reliably? I supposed it USED to work before, but in today’s world, it was a no-show on most browsers we tried.)

Watch our Downloads page. Sphider 1.5.0 should be making its appearance there this coming Tuesday.

6 Replies to “Sphider 1.5.0”

  1. From today I try to test a new Sphider 1.5.0 and have a some problem with launching of it.
    Namely – during first launching of admin.php I obtain a message “Fatal error: Call to undefined method mysqli_stmt::get_result()” instead admin panel ­čÖü

    On which address I can send my help_me_please letter ?

    Thank you in advance!

    Sincerely,
    Denis.

  2. This sounds like a problem in your PHP version or settings. What is your version of PHP and what OS is it on?

    Sphider 1.5.0 uses the mysql native driver. This was first available in PHP 5.3, but was not set as a default until PHP 5.4 and later.
    Also, the mysqli extension needs to be enabled. The original mysql extension is now deprecated and not used in Sphider 1.5.0.

  3. My PHP version is PHP Version 5.5.26
    Server is:
    Intel® Xeon® Dual Processor E5-2620 (Sandy Bridge-EP)
    15M Cache, 2.00 GHz, 7.20 GT/s Intel® QPI
    64G RAM, HDD SATA II (RAID)

    It running under Linux.

    My operation system is Win7 Ultimate x64.

    This all that I know.

    Thank you in advance!

    1. Run phpinfo() to see if you have myslqi and mysqlnd. Given your version of PHP, mysqlnd is a near certainty. Each should have a section in the results.

      It is possible you do not have mysqli enabled. If Sphider is running from Linux, you will need to contact the Linux admin to enable it.

      If you are running Sphider from Windows, then edit php.ini, find the line “;extension=php_mysqli.dll” and un-comment it by removing the “;” (semicolon). You need to restart Apache.

      phpinfo() can be run from a script such as this:

  4. I was checked a php info and obtained follow information:

    Web server
    cpsrvd 11.52.1.3
    Database client version: libmysql – 5.1.73
    PHP extension: mysqli

    And this:

    MysqlI Support enabled
    Client API library version 5.1.73
    Active Persistent Links 0
    Inactive Persistent Links 0
    Active Links 0
    Client API header version 5.1.73
    MYSQLI_SOCKET /var/lib/mysql/mysql.sock

    If I understans this information correctly – MysqlI is enabled.

    What I need to do next?

    Thank you in advance!

    1. Looking at the phpinfo you sent, it appears mysqli is AVAILABLE but not enabled. If you look in the “mysqlnd” section, last line, “API extensions”, you only see “pdo_mysql. You SHOULD be seeing something like “mysql,mysqli,pdo_mysql”.

      At a command prompt, run:
      php -m|grep mysql

      Does mysqli appear in the resulting list? If not, mysqli is not enabled.

Comments are closed.