dompdf : New Font Installation

Steps to follow :

1)      Install DOMPDF 0.6.0 or greater (Recommended : 0.6.0_beta3 )

2)      Enable the MBString PHP extension.

3)      Load a font supporting your characters into DOMPDF.

4)      Configure DOMPDF for Unicode support.

5)      Create a compatible HTML document.

First two steps has already been covered in previous post. Check here : dompdf : HTML to PDF Converter in PHP

3) We are going to use web-based font prep tool to install font.

This option is provided for users who are unable to set up the ttf2ufm application. This tool produces an archive containing the necessary font metrics file(s), the original font file(s), and a sample dompdf_font_family_cache that you should be able to use with your DOMPDF installation. AfterSimply provide a font name and the TTF file(s) (at a minimum you must provide a font file for the base variant); select the font parser (the PHP-based parser is recommended for larger fonts); and choose the version of DOMPDF you are using. After you submit the form the tool should return an archive containing the necessary files. Extract the contents of this archive into your DOMPDF font directory (typically dompdf/lib/fonts). If you have not previously installed other fonts you can rename dompdf_font_family_cache.sample to dompdf_font_family_cache. If you have already installed other fonts you will need to manually add the entries for your font to the dompdf_font_family_cache. 

Follow these steps.

a)     Download ttf file from internet. For example I just downloaded ‘Asman’ font ttf file from http://www.urbanfonts.com/fonts.php?fontauthor=2761

Asman font download link : http://www.urbanfonts.com/download.php?file=asman.zip 

b)     Find the web-based font prep tool at http://eclecticgeek.com/dompdf/load_font.php.

c)     Provide Font Name  : Asman and TTF file we had downloaded in step (a).

d)     After submit you will get a file named ‘dompdf_fonts.zip’. Save it. Extract it and you 

        will find three files. 

 i) ASMAN.ttf  ii) ASMAN.ufm  iii) dompdf_font_family_cache.sample 

Copy ASMAN.ttf and ASMAN.ufm files in \dompdf\lib\fonts\ folder.

e)     Find the code of related font from downloaded dompdf_font_family_cache.sample file and add it at the end of  ..\dompdf\lib\fonts\dompdf_font_family_cache.sample file. For example:

<?php return array (

  'sans-serif' =>

  array (

    'normal' => DOMPDF_FONT_DIR . 'Helvetica',

    'bold' => DOMPDF_FONT_DIR . 'Helvetica-Bold',

    'italic' => DOMPDF_FONT_DIR . 'Helvetica-Oblique',

    'bold_italic' => DOMPDF_FONT_DIR . 'Helvetica-BoldOblique',

  ),

  'times' =>

  array (

    'normal' => DOMPDF_FONT_DIR . 'Times-Roman',

    'bold' => DOMPDF_FONT_DIR . 'Times-Bold',

    'italic' => DOMPDF_FONT_DIR . 'Times-Italic',

    'bold_italic' => DOMPDF_FONT_DIR . 'Times-BoldItalic',

  ),

……………………………………………………………………

……………………………………………………………………

……………………………………………………………………

……………………………………………………………………

  'asman' =>

  array (

    'normal' => DOMPDF_FONT_DIR . 'ASMAN',

    'bold' => DOMPDF_FONT_DIR . 'ASMAN',

    'italic' => DOMPDF_FONT_DIR . 'ASMAN',

    'bold_italic' => DOMPDF_FONT_DIR . 'ASMAN',

  ),

) ?>

  

4) Configure DOMPDF for Unicode support 

For DOMPDF to handle your characters correctly you must enable Unicode support in your configuration. Edit dompdf_config.inc.php or dompdf_config.custom.inc.php so that DOMPDF_UNICODE_ENABLED is true. Without enabling this setting your text will be re-encoded to Windows ANSI when inserted into the PDF and any characters that fall outside this encoding will be converted to question marks.

5) Create a compatible HTML document

For DOMPDF to correctly parse your document you must let it know what encoding is used. To do this place a meta tag in the head of your document that specifies the encoding. We recommend encoding documents using UTF-8 for greatest compatibility. However, you should be able to use other encodings so long as the computer where DOMPDF is installed supports the specified encoding. 

Example :

test.php  

<?php

require_once("../dompdf_config.inc.php");
$html = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Table</title>
<style>
body{
                font-family:Arial, Helvetica, sans-serif;
                font-size:12px;
}

table tr th{
    text-align:left;
    vertical-align:top;
}

.italic_text{

    font-family: asman,
    font-style:italic;
    font-size:12px;
    line-height:14px !important;
}

div{
            text-align:center;
}

</style>
</head>
<body>
            <div><h1>Test Document</h1></div>

            <table cellspacing="0" cellpadding="0" border="0">
            <tr>
                        <td class="italic_text"><h3>DirtyhandsPHP</h3></td>
            </tr>
            </table>
</body>
</html>';


if ( get_magic_quotes_gpc() )
               $str = stripslashes($str);

$dompdf = new DOMPDF();
$dompdf->load_html($html);
$dompdf->set_paper('letter', 'landscape');
$dompdf->render();

//Set Attachment attribute as True to show download file dialog box
$dompdf->stream("dompdf_out.pdf", array("Attachment" => false));

//For Attachment to sent in email
//$output = $dompdf->output();

exit(0);
 

?>

Output : dompdf_out.pdf file.

Reference Links :  

https://code.google.com/p/dompdf/wiki/CPDFUnicode

Thanks!!!!!!!!!!!! Enjoy Programming :)

dompdf : HTML to PDF Converter in PHP

Recently, there was an requirement in a project to convert HTML to PDF at run time. While I was going through google, found two very good libraries named 'wkhtmltopdf' and 'dompdf'. dompdf was fulfilling my criteria so i went with that only. Just sharing that with you.

dompdf is an HTML to PDF converter library. At its heart, dompdf is (mostly) CSS2.1 compliant HTML layout and rendering engine written in PHP. It is a style-driven renderer: it will download and read external stylesheets, inline style tags, and the style attributes of individual HTML elements. It also supports most presentational HTML attributes.

Download dompdf library from here.

Recommended Version : 0.6.0_beta3

Requirements : 

1)       PHP 5.0+ (5.3 recommended)
2)      MBString extension - for better Unicode support.
3)      DOM extension (bundled with PHP 5) –“The DOM extension allows you to operate on XML documents through the DOM API with PHP 5.” 

Pros: 

1)      Easy to Use.
2)      Well Documented.
3)      Better CSS support except few things like ‘css : float’ property.

Cons(Known Issues) :  

1)       Not particularly tolerant to poorly-formed HTML input (using Tidy first may help).
2)       Large files or large tables can take a while to render.
3)       CSS float is not supported.

How To Use : 

Following is a simple example to show use of dompdf library.

test.php


<?php

require_once("../dompdf_config.inc.php");
$html = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Table</title>
<style>
body{
                font-family:Arial, Helvetica, sans-serif;
                font-size:12px;
}

table tr th{
    text-align:left;
    vertical-align:top;
}

.italic_text{
    font-style:italic;
    font-size:12px;
    line-height:14px !important;
}

div{
            text-align:center;
}

</style>
</head>
<body>
            <div><h1>Test Document</h1></div>

            <table cellspacing="0" cellpadding="0" border="0">
            <tr>
                        <td class="italic_text"><h3>DirtyhandsPHP</h3></td>
            </tr>
            </table>
</body>
</html>';


if ( get_magic_quotes_gpc() )
               $str = stripslashes($str);

$dompdf = new DOMPDF();
$dompdf->load_html($html);
$dompdf->set_paper('letter', 'landscape');
$dompdf->render();

//Set Attachment attribute as True to show download file dialog box
$dompdf->stream("dompdf_out.pdf", array("Attachment" => false));

//For Attachment to sent in email
//$output = $dompdf->output();

exit(0);

?>

Thanks!!!!!!!!!! Enjoy Programming :)

How to prevent mysql sleep injections?

Recently, we faced an issue with website which was developed around one year back. One hacker successfully tried to slow the website using sleep injection. Although we were using precautions like mysqli_real_escape_string() for escaping SQL string syntax correctly. Let’s see why this happened then and what are the solutions?

We were using following code to get product id passed through query string.

$id   = mysqli_real_escape_string($con , (isset($_REQUEST['id']) ? $_REQUEST['id'] : 0));

$qry = "Select * from products where id = ".$id;

but hacker tried to change the the query string as : 

?id=3 and sleep(4)

and query becomes

Select * from products where id = 3 and sleep(4);

And it started taking around 4+seconds to run the query. So in this way website become too slow.

We were trying to figure out the possible and the best solution.

After spending some time we noticed that although we were using mysqli_real_escape_string() function but we were not using it properly. Everytime we use mysqli_real_escap_string(), the returned string must be used with single quotes although it’s numeric or string. So quick solution for that problem was to change the query as :

$id   = mysqli_real_escape_string($con , (isset($_REQUEST['id']) ? $_REQUEST['id'] : 0));

$qry = "Select * from products where id = ‘".$id."’";

It is a quick solution but not the best one.

We could have also checked if the input is numeric or not.

Note : For future reference I would like to say please don’t use mysql_ extensions anymore. mysql_ extension is deprecated as of PHP 5.5, and will be removed in future.

Use mysqli or PDO prepared statements. Best is PDO statements.

The internet (and many respectable CS courses) are littered with examples using mysql_query() and string concatenation, half of which train people to create SQLI bugs or don't explain why escaping is needed; it's too late to undo the damage already done but at least people new to PHP will hopefully be told now that there is a better way. Although we can’t say PDO is 100% not vulnerable to errors but we don’t need to use external functions to cover sql injections. So as a programmer I would suggest and request to all the developers community to use PDOs in future reference.

Reference :

http://php.net/book.pdo

Thanks!!!!!!!!!!!!!! Enjoy Programming :)