Category Archives: General

All uncategorized stuff

Problem with mysql_real_escape_string when Sanitize your data.

When building applications is always smart to check and clean the user input. This is a must when you building a website or public application.

I create always an instance of Sanitize class in my AppController and then using it in all of my controllers like this
Continue reading

Book review – JQuery 1.3 with PHP – Packt Publishing

jQuery 1.3 with PHP book
At the end of last year I received a request from PacktPub to review one of their books – JQuery 1.3 with PHP written by Kae Verens. There were some problem with delivery of the paper copy of the book, so finally I got an electronic copy.

This book will teach you how to use jQuery to create some really stunning effects,
but without you needing to have in-depth knowledge of how jQuery works. It
provides you with everything you need to build practical user interfaces, for
everything from graphics manipulation and drag-and-drop to data searching, and
much more. The book also provides practical demonstrations of PHP and jQuery and
explains these examples, rather than starting from how JavaScript works and how it
is different from PHP.

The book is separated into 10 Chapters.
Continue reading

How to secure selectively admin location

Securing the admin part of the site is always tricky, especially for open source software CMS. A very good practice is to protect your admin directory with an extra .htaccess, because most of the damages has been done from exploits of the applications rather than brute force cracking.

There are many articles how to set up .htaccess authentication on Apache web server, but here I will explain how to set an extra password request only for Internet users while the users from Local Network should spare the extra password.

The scenario:
When the user in in the local network the administration part need to be accessible with the CMS default authentication, while if the user access the Administration from Internet, an extra password prompt will be shown.

1. Create your password file

# htpasswd -c /your_secret_location/.htpassword user
New password:
Re-type new password:
Adding password for user user

If you writing in an existing file don’t use the option -c

2. Setting the .htaccess
Depending of the server set up you can do this in your httpd.conf, or in apache2 style – in sites-available directory. So, let’s say we have a file in /etc/apache/sites-available called site.com which holds the record of the domain

<VirtualHost *:80>
        ServerAdmin email@site.com
        ServerName  site.com
        ...
        <Location /admin>
                 AuthType Basic
                 AuthName intranet
                 Satisfy any
                 Allow from 192.168
                 Order allow,deny
                 AuthUserFile /your_secret_location/.htpasswd
                 Require valid-user
        </Location>
        ...
</VirtualHost>

Here is the tricky part: The directive “Satisfy any”. By default the directive is set to all so it’s like AND:
If (you are in local net AND you are valid user) {access the location}

while Satisfy any is like OR
If (you are in local net OR you are valid user) {access the location}

More on this topic: Satisfy directive

Web based CakePHP Project generation tool

Yesterday I found a tool which could be handy for rookie CakePHP developers. Atlas is a web code generator based in CakePHP. As a glance it’s a web alternative of CakePHP bake console which is a nice idea indeed.

My first impression was that tool is like diamond in the mud and I was wondering how I didn’t hear about this tool till now, but after installing I realized that it’s not so good as it looked like.

Why?

The first problem occurs in the generation of my first project – I’ve got a error message in Spanish which I couldn’t understand. I had to use Google translate for it, but after the translation, the message still doesn’t say much – “Failed to generate project skeleton”.

After debugging the code figuring out why this error means, I found that the application uses backslash as directory separator (\) ?!? and of course this lead to directories and files with strange names like /var/www/ctest\app\controllers directories where ctest\app\controllers was the full name of the directory :). I am on Ubuntu Desktop machine where backslash is not a directory separator.

Pros and Cons about this tool:

Pros:

  • Very nice interface – really big point for Atlas
  • It should work properly on windows environment and based on the features list and screenshots it quite intuitive.
  • I like web based development everything is in your web browser, so another big plus.

Cons

  • Not working as expected – the backslash problem described above
  • If you are not Spanish speaking person – you are in the middle of nowhere when you see error like this: Error: no se ha podido generar el esqueleto del proyecto
  • No documentation at all. I had to look in the code in order to get idea why I cannot create a project – Not clear labels (or at least no hints). Probably a hint like: Directory (enter a full path to the empty directory under htdocs) or similar could help a lot.

The conclusion:
Atlas looking like promising tool, still it’s far from the final version, but it’s worth to try it in Windows environment. 🙂 I definitely will follow that project in the future, so hopefully I could use it one day 🙂

Magento Beginner’s Guide. PacktPub. Book

Magento Beginner's guideFew weeks ago I’ve been contacted from Packt Publishing in order to review their new book Magento Beginners Guide and because I had experience with that e-commerce platform, I decided to accept the offer.

Brief

Magento Beginners Guide is a new book that covers the process of building an online store using the Magento e-commerce solution. It’s written by William Rice and is focused on the main key features of Magento to setup a unique on-line store and customize its appearance with the help of examples.

This book is for anyone who wants to create an online store using Magento. If you are a non-technical person and are discouraged by the complexity of this powerful e-commerce application, this book is ideal for you.

About Magento

Magento is the world’s most evolved e-commerce solution which runs on the Apache/MySQL/PHP platform. From one installation, you can control multiple multilingual storefronts, all sharing customer and product information. Magento’s templates, themes and extensions gives the possibility to create an unique and powerful solution for e-commerce.

In detail

The book provides a step-by-step approach to building a simple and effective on-line store. It covers the key features of Magento that will help you get your store up and running. It guides you through the installation, configuration, adding categories and product attributes, filling your store with products from various types, payment configuration, maintaining relationships with your customers, and fulfilling orders.

Readers will be able to present and sell products in groups, sets, they can offer discounts based on quantities along with accepting various payments such as PayPal, CC, Checks, Bank transfers, Payment on delivery and many other payment gateways. Along with connecting to shippers such as UPS, FedEx, and USPS they will learn to apply tax rules to different shipping addresses and different types of products.

More on what you will learn from the book

  • Install and configure Magento and add products in the store;
  • Create categories and attributes to build your catalog of products;
  • Enhance your products with descriptions, images, and inventory information;
  • Create and apply tax rules to different product types and different shipment addresses;
  • Present and sell products in groups and sets;
  • Display products related to the one that is being viewed by a customer;
  • Offer your customer choices for a product’s size, color, or other attribute and give discounts based on quantities;
  • Accept payments using Paypal, credit cards, and checks/money orders and offer a variety of shipping options;
  • Create your own, customized shipping rates and connect to shippers such as UPS, FedEx, and USPS;

The beginner’s guide approach

  • Clear step-by-step instructions for the most useful tasks
  • Learn by doing – start working wight away
  • Leave out the boring bits
  • Inspiring, realistic examples give you ideas for your own work
  • Tasks and challenges to encourage experimentation

The publisher kindly provide two chapters from the book, so you can get a clue of the style in it.

How to buy that book?

Magento beginner's guideIf you like the book you can order it from here:
Magento: Beginner’s Guide
€27.89 save 10%

How to use aggregation SQL functions with CakePHP

Have you ever wondering how to find MAX, MIN or AVG of a database table column in CakePHP way? Well I haven’t since yesterday. The solution is quite simple and obvious.

Lets say you want to show the average views per post (in the example we have the views field in every post).
The SQL should be something like this:

SELECT AVG(views) FROM posts

Instead of using query() function you can use the CakePHP way:

$this->Post->find('first', array('fields'=>array('AVG(views) as avg_views')));

Hope this will help someone.

Script tag and attributes

I’ve lost precious time wondering why a Javascript code is working properly in FireFox, while on IE it’s not working at all. First thought was that the script is incompatible, but the final result was pretty stupid.

The reason:
The script tag was written this way:

<script type="application/x-javascript">
....
</script>

changing the type attribute to “text/javascript” do the magic:

<script type="text/javascript">
....
</script>

The first code is created from autocomplete snipped in Komodo Editor. So, use “text/javascript” type attribute in order to reduce headaches 🙂

CakePHP ajaxed pagination and sort

Here I will describe how I did an Ajaxed pagination for one of my projects using jQuery and Livequery Plugin. Currently I am working on a huge project which, hopefully, will feed me with some ideas for blog posts and this is one of them :). So:

1. Loading the javascript libs

Loading the jQuery and Livequery was done by Autoloader helper, but if you don’t use it just include jQuery and Livequery in your layout with following code

<?php
echo $javascript->link('jquery.min');
echo $javascript->link('plugins/jquery.livequery');
?>

Continue reading

Creating Wholesale Solution with Magento Commerce

osCommerce to Magento migrationMy first approach for this post was to explain my first impressions from Magento Commerce, but I decided to explain how I managed to create a Retail/Wholesale solution required for a current project.

The requirement (so far, because it’s an ongoing project):

The client want to have a shop where regular customers to be able to see products with their retail price, while Wholesale partners to see the prices with ? discount. The extra condition: retail and wholesale prices hasn’t mathematical dependency. So, a product could be $100 for retail and $50 for whole sale and another one could be $60 retail and $50 wholesale. And of course retail users should not be able to see wholesale prices at all.

Basically, I will explain what I did step-by-step, but in order to understand what I mean, you should be familiar with the basics of Magento.

1. Creating two magento websites, stores and views
(Magento meaning of website of course) It’s done from from System->Manage Stores. The result is:
Website | Store | View
————————————————
Retail->Retail->Default
Wholesale->Wholesale->Default

Both sites using the same category/product tree

2. Setting the price scope
in System->Configuration->Catalog->Catalog->Price set drop-down to Website. Now you could enter prices per store/website and they could be totally different.

3. Get some plugins
Get following plugins from Magento Connect and install them from admin: System->Magento Connect->Magento Connect Manager:
Netzarbeiter_LoginCatalog – User need to login in order to see the store (it will be used for Wholesale site)
Netzarbeiter_CustomerActivation – User need to be approved from site admins in order to be able to login to the site. (again it will be used for wholesale site)

Both plugins need to be activated for wholesale only. Because they are activated when they are installed, you need to disable them for Default/Retail website and to leave enabled to Wholesale. You should know that distinction between sites in System->Configuration is done from top left corner of the config window.

First plugin is enabled/disabled from: System > Configuration > Catalog > Login only catalog
Second one: System > Configuration > Customer > Customer Activation.

4. Setting separate url for Wholesale
Now wholesales need to have separate urls, so regular users will access http://domain.com/, while wholesale will access http://domain.com/wholesale/. I found this solution in the Magento Forum: Thread.

So, following the instructions I created directory wholesale/ and copied .htaccess and index.php files from the root directory. Modifications in the index.php are the same as in the Forum:
Mage::run(); become Mage::run(‘wholesale’);
and
$mageFilename = ‘app/Mage.php’; become $mageFilename = ‘../app/Mage.php’;

5. Change the wholesale paths from the admin
From System->Configuration (select Wholesale website)->General->Web and change the paths by adding wholesale/ (it’s also mentioned in the forum thread).

6. Adding products to both websites
When adding products, you should mark them visible for both sites. This is done from Product page->Websites tab.

That’s it! Now on http://domain.com/ users will see full catalog, they can login without Admin approval and prices will be retail, while on http://domain.com/wholesale only users registered as wholesale and activated from admin will be able to see catalog with wholesale prices.

What’s left…

And this was the easiest part … the rest is to import about 2000 products from the current osCommerce store, and to add another 4000 from the client’s ERP system. After this on regular basis to update prices and quantities from ERP system. 🙂

Hopefully this will help someone.

New hosting for this blog

Hi guys,

if someone tell you that it’s easy to start writing in your blog after looong break – it’s a lie 🙂

Just wanted to say that this blog was moved to a new host. It was long time planned, but I’ve always delayed. The reason for movement according to the hosting provider was, that it exceeds the limit of the CPU time. For me a blog with less than 100 posts should not be such BIG problem…

Here is the stats of CPU usage from my account.

2009-02-18:      27.45
2009-02-19:      26.60
2009-02-20:      24.21
2009-02-21:      20.22
2009-02-22:      23.40
2009-02-23:      28.73

For me is really strange, and because the current host is really my server where I have control over all resources I will check what caused this load.

Anyway, the guys from the hosting company where really kind and supportive, and even proposed to pay me some compensation about this inconvenience, so it was (and still is) pleasure to work with them.

That’s it.