©
本文檔使用 php中文網手册 發布
Phar archives are similar in concept to Java JAR archives, but are tailored to the needs and to the flexibility of PHP applications. A Phar archive is used to distribute a complete PHP application or library in a single file. A Phar archive application is used exactly like any other PHP application:
php coolapplication.phar
Using a Phar archive library is identical to using any other PHP library:
<?php
include 'coollibrary.phar' ;
?>
The phar stream wrapper provides the core of the phar extension, and is explained in detail here. The phar stream wrapper allows accessing the files within a phar archive using PHP's standard file functions fopen() , opendir() , and others that work on regular files. The phar stream wrapper supports all read/write operations on both files and directories.
<?php
include 'phar://coollibrary.phar/internal/file.php' ;
header ( 'Content-type: image/jpeg' );
// phars can be accessed by full path or by alias
echo file_get_contents ( 'phar:///fullpath/to/coollibrary.phar/images/wow.jpg' );
?>
The Phar class implements advanced functionality for accessing files and for creating phar archives. The Phar class is explained in detail here.
<?php
try {
// open an existing phar
$p = new Phar ( 'coollibrary.phar' , 0 );
// Phar extends SPL's DirectoryIterator class
foreach (new RecursiveIteratorIterator ( $p ) as $file ) {
// $file is a PharFileInfo class, and inherits from SplFileInfo
echo $file -> getFileName () . "\n" ;
echo file_get_contents ( $file -> getPathName ()) . "\n" ; // display contents;
}
if (isset( $p [ 'internal/file.php' ])) {
var_dump ( $p [ 'internal/file.php' ]-> getMetadata ());
}
// create a new phar - phar.readonly must be 0 in php.ini
// phar.readonly is enabled by default for security reasons.
// On production servers, Phars need never be created,
// only executed.
if ( Phar :: canWrite ()) {
$p = new Phar ( 'newphar.tar.phar' , 0 , 'newphar.tar.phar' );
// make this a tar-based phar archive, compressed with gzip compression (.tar.gz)
$p = $p -> convertToExecutable ( Phar :: TAR , Phar :: GZ );
// create transaction - nothing is written to newphar.phar
// until stopBuffering() is called, although temporary storage is needed
$p -> startBuffering ();
// add all files in /path/to/project, saving in the phar with the prefix "project"
$p -> buildFromIterator (new RecursiveIteratorIterator (new DirectoryIterator ( '/path/to/project' )), '/path/to/' );
// add a new file via the array access API
$p [ 'file1.txt' ] = 'Information' ;
$fp = fopen ( 'hugefile.dat' , 'rb' );
// copy all data from the stream
$p [ 'data/hugefile.dat' ] = $fp ;
if ( Phar :: canCompress ( Phar :: GZ )) {
$p [ 'data/hugefile.dat' ]-> compress ( Phar :: GZ );
}
$p [ 'images/wow.jpg' ] = file_get_contents ( 'images/wow.jpg' );
// any value can be saved as file-specific meta-data
$p [ 'images/wow.jpg' ]-> setMetadata (array( 'mime-type' => 'image/jpeg' ));
$p [ 'index.php' ] = file_get_contents ( 'index.php' );
$p -> setMetadata (array( 'bootstrap' => 'index.php' ));
// save the phar archive to disk
$p -> stopBuffering ();
}
} catch ( Exception $e ) {
echo 'Could not open Phar: ' , $e ;
}
?>
In addition, verification of phar file contents can be done using any of the supported symmetric hash algorithms (MD5, SHA1, SHA256 and SHA512 if ext/hash is enabled) and using asymmetric public/private key signing using OpenSSL (new in Phar 2.0.0). To take advantage of OpenSSL signing, you need to generate a public/private key pair, and use the private key to set the signature using Phar::setSignatureAlgorithm() . In addition, the public key as extracted using this code:
<?php
$public = openssl_get_publickey ( file_get_contents ( 'private.pem' ));
$pkey = '' ;
openssl_pkey_export ( $public , $pkey );
?>
As of version 2.0.0, The Phar class also provides 3 static methods, Phar::webPhar() , Phar::mungServer() and Phar::interceptFileFuncs() that are crucial to packaging up PHP applications designed for usage on regular filesystems and for web-based applications. Phar::webPhar() implements a front controller that routes HTTP calls to the correct location within the phar archive. Phar::mungServer() is used to modify the values of the $_SERVER array to trick applications that process these values. Phar::interceptFileFuncs() instructs Phar to intercept calls to fopen() , file_get_contents() , opendir() , and all of the stat-based functions ( file_exists() , is_readable() and so on) and route all relative paths to locations within the phar archive.
As an example, packaging up a release of the popular phpMyAdmin application for use as a phar archive requires only this simple script and then phpMyAdmin.phar.tar.php can be accessed as a regular file from your web server after modifying the user/password:
<?php
@ unlink ( 'phpMyAdmin.phar.tar.php' );
copy ( 'phpMyAdmin-2.11.3-english.tar.gz' , 'phpMyAdmin.phar.tar.php' );
$a = new Phar ( 'phpMyAdmin.phar.tar.php' );
$a -> startBuffering ();
$a [ "phpMyAdmin-2.11.3-english/config.inc.php" ] = '<?php
$i = 0;
$i++;
$cfg[\'Servers\'][$i][\'host\'] = \'localhost\';
$cfg[\'Servers\'][$i][\'extension\'] = \'mysqli\';
$cfg[\'Servers\'][$i][\'connect_type\'] = \'tcp\';
$cfg[\'Servers\'][$i][\'compress\'] = false;
$cfg[\'Servers\'][$i][\'auth_type\'] = \'config\';
$cfg[\'Servers\'][$i][\'user\'] = \'root\';
$cfg[\'Servers\'][$i][\'password\'] = \'\';
if (strpos(PHP_OS, \'WIN\') !== false) {
$cfg[\'UploadDir\'] = getcwd();
} else {
$cfg[\'UploadDir\'] = \'/tmp/pharphpmyadmin\';
@mkdir(\'/tmp/pharphpmyadmin\');
@chmod(\'/tmp/pharphpmyadmin\', 0777);
}' ;
$a -> setStub ( '<?php
Phar::interceptFileFuncs();
Phar::webPhar("phpMyAdmin.phar", "phpMyAdmin-2.11.3-english/index.php");
echo "phpMyAdmin is intended to be executed from a web browser\n";
exit -1;
__HALT_COMPILER();
' );
$a -> stopBuffering ();
?>
[#1] ch1902 [2014-03-27 13:14:09]
If you are going to be running a webPhar from the browser, for example http://localhost/myphar.phar then you will probably have to associate the .phar extension with PHP in your webserver to interpret the PHP code. In Apache modify httpd.conf to include
AddType application/x-httpd-php .php .phar
[#2] frame86 at live dot com [2013-06-29 23:46:20]
The openssl example is completely wrong. The public key must be extracted from certificate and openssl_pkey_export() is for private key only.
Working example:
<?php
$publicKey = openssl_get_publickey(file_get_contents('certificate.pem'));
$details = openssl_pkey_get_details($publicKey);
file_put_contents('my.phar.pubkey', $details['key']);
?>
No need to say that the best and strongest encryption of my.phar/.phar/signature.bin is useless if the consumer does not check against a valid fingerprint or certificate of public key as anybody can open, read, recreate and sign a new archive with new key. Do you do? Think about it.
[#3] shaun at shaunfreeman dot co dot uk [2010-09-27 03:06:33]
If you are trying to use Phar for a web application and just getting a blank screen, if you have enabled suhosin as well you have to add:
suhosin.executor.include.whitelist="phar"
to "/etc/php5/conf.d/suhosin.ini" file or your "php.ini" file.
once done everything works fine and dandy.