menu

Monday, 17 December 2012

Most Useful functions to create the security in PHP

In programming Language security is a very important aspect for your project In PHP, there are some useful functions which prevent your website from various attacks like SQL Injection Attack , XSS attack etc.Let’s check some useful functions are available in PHP to tighten the security in your project. But note that this is not a complete list, it just list of functions which I found useful for using in your project.


1) mysql_real_escape_string() - This function is very useful for preventing from SQL Injection Attack in PHP . This function adds backslashes to the special characters like quote , double quote , backslashes to make sure that the user supplied input are sanitized before using it to query. But, make sure that you are connected to the database to use this function.

2) addslashes() – This function works similar as mysql_real_escape_string(). But make sure that you don’t use this function when “magic_quotes_gpc” is “on” in php.ini. When “magic_quotes_gpc” is on in php.ini then single quote(‘) and double quotes (“) are escaped with trailing backslashes in GET, POST and COOKIE variables. You can check it using the function “get_magic_quotes_gpc()” function available in PHP.

3) htmlentities() – This function is very useful for to sanitize the user inputted data. This function converts the special characters to their html entities. Such as, when the user enters the characters like “<” then it will be converted into it’s HTML entities < so that preventing from XSS and SQL injection attack.

4) strip_tags() – This function removes all the HTML, JavaScript and php tag from the string. But you can also allow particular tags to be entered by user using the second parameter of this function. 
For example,
echo strip_tags(“<script>alert(‘test’);</script>”);
will output
alert(‘test’);

5) md5() – Some developers store plain password in the database which is not good for security point of view. This function generates md5 hash of 32 characters of the supplied string. The hash generated from md5() is not reversible i.e can’t be converted to the original string.

6) sha1() – This function is similar to md5 but it uses different algorithm and generates 40 characters hash  of a string compared to 32 characters by md5().

7) intval() – Please don’t laugh. I know this is not a security function, it is function which gets the integer value from the variable. But you can use this function to secure your php coding. Well, most the values supplied in GET method in URL are the id from the database and if you’re sure that the supplied value must be integer then you can use this function to secure your code.
$sql=”SELECT * FROM product WHERE id=”.intval($_GET['id']);
As, you can see above, if you’re sure that the input value is integer you can use intval() as a secrity function as well.

Facebook login integration with website, Login with Facebook for websites

Facebook provide OAuth support provides web developers are able to create a Login or Sign In option with Existing Facebook Account without spending more time on new registration on your website.
Herewith we saw how to integrate in to your website using  Login with Facebook Button in easy way.

In Order to Create a "Login with Facebook"for your website you need a Facebook account to generate APP_ID and APP_SECRET, Create a Facebook user account and Navigate to the App Developer Page
http://www.facebook.com/developers/

In Top right  press "Create New App" Button.
Read more


<?php
session_start();
define('YOUR_APP_ID', 'YOUR_APP_KEY_HERE');
define('YOUR_APP_SECRET', 'YOUR_SECRET_KEY_HERE');

function get_facebook_cookie($app_id, $app_secret) { 
    $signed_request = parse_signed_request(@$_COOKIE['fbsr_' . $app_id], $app_secret);
    // $signed_request should now have most of the old elements
    $signed_request['uid'] = $signed_request['user_id']; // for compatibility 
    if (!is_null($signed_request)) {
        // the cookie is valid/signed correctly
        // lets change "code" into an "access_token"
  // openssl must enable on your server inorder to access HTTPS
        $access_token_response = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=$app_id&redirect_uri=&client_secret=$app_secret&code={$signed_request['code']}");
        parse_str($access_token_response);
        $signed_request['access_token'] = $access_token;
        $signed_request['expires'] = time() + $expires;
    }
    return $signed_request;
}

function parse_signed_request($signed_request, $secret) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

  // decode the data
  $sig = base64_url_decode($encoded_sig);
  $data = json_decode(base64_url_decode($payload), true);

  if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
    error_log('Unknown algorithm. Expected HMAC-SHA256');
    return null;
  }

  // check sig
  $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
  }

  return $data;
}

function base64_url_decode($input) {
  return base64_decode(strtr($input, '-_', '+/'));
}

if (isset($_COOKIE['fbsr_' . YOUR_APP_ID]))
{ 
$cookie = get_facebook_cookie(YOUR_APP_ID, YOUR_APP_SECRET);

$user = json_decode(@file_get_contents(
    'https://graph.facebook.com/me?access_token=' .
    $cookie['access_token']));
 
/*
Uncomment this to show all available variables
echo "<pre>";
 - print_r function expose all the values available to get from facebook login connect.
print_r($user);
 1. Save nessary values from $user Object to your Database
 2. Register a Sesion Variable based on your user account code
 3. Redirect to Account Dashboard
echo "</pre>";
*/
 
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Facebook Login Connect for Website Demo</title>
<style type="text/css">
body,td,th {
 font-family: Verdana, Geneva, sans-serif;
 font-size: 14px;
 color: #333;
}
body {
 margin-left: 50px;
 margin-top: 50px;
}
</style>
</head>
<body>
<?php if (@$cookie) { ?>
<h2>Welcome <?= $user->name ?> </h2> <br />
E-mail ID: <?= $user->email ?>
<br />
<a href="javascript://" onclick="FB.logout(function() { window.location='facebook-login.php' }); return false;" >Logout</a>
<?php } else { ?>
<h2>Welcome Guest! </h2>    
<div id="fb-root"></div>
<fb:login-button perms="email" width="width_value" show_faces="true" autologoutlink="true" size="large">Login with Facebook</fb:login-button>
<?php } ?>
<script src="http://connect.facebook.net/en_US/all.js"></script>   
<script>
 // Initiate FB Object
 FB.init({
   appId: '<?= YOUR_APP_ID ?>', 
   status: true,
   cookie: true, 
   xfbml: true
   });
 // Reloading after successfull login
 FB.Event.subscribe('auth.login', function(response) { 
 window.location.reload(); 
 });
</script>
</body>
</html>

Wednesday, 12 December 2012

Cubet board is an open source pin based social photo sharing website that allows users to create and manage their image collections.


What is Cubet Board?

Cubet board is an open source pin based social photo sharing website that allows users to create and manage their image collections. The collections can be managed into different categories based on the users tastes. Users have the privilege to go through other collections as they like, re-pin the images to their personal or public collections.
Requirement
PHP 5.2 or newest.
MySQL 5.5
Support
Our support section is an easy to use community that helps you to ask questions and get answers of topics related to cubet board as well as on other areas of technology.
It's Free
Greatness of being open source


  • screen_1

Being Open




Read More  Demo

Tuesday, 4 December 2012

JQuery Ajax CForms Form Generator

CForm is a JQuery plugin that generates html forms based on xml config files and css styles. All elements will be generated at runtime. Email fields will be validated and data will be send and received with AJAX.
All six examples are included in the package
A complete login php script and an example for the secure website section is included also.


Read more    Demo

Sunday, 2 December 2012

Web Scraping Amazon with PHP

This snippet of PHP code demonstrates web scraping. It reads a sample page from Amazon.com, compares the HTML text against certain class name and outputs that matched text in an RSS feed.


<?php
$now   = date("D, d M Y H:i:s T");
$ASIN  = $url = $img = $title = $bio = $name = "";
$head = '<?xml version="1.0" encoding="ISO-8859-1"?>';
$head .= '<rss version="2.0">';
$head .= '<channel>';
$head .= '<title>Amazon </title>';
$head .= '<link>http://www.amazon.com</link>';
$head .= '<description>Amazon RSS Feed</description>';
$url = "http://www.amazon.com/Best-Sellers-Kindle-Store/zgbs/digital-text/";
$text = file_get_html($url);
foreach ($text->find("div.zg_item_compact") as $class) {
  foreach ($class->find('strong.price') as $price) {
    if ($price->plaintext == "Free") {
            $rssfeed .= '<item>';
            foreach ($class->find("div.zg_title a") as $book) {                
              preg_match("/\/dp\/(.*)\/ref/", $book->href, $matches);                
              $ASIN  = trim($matches[1]);
              $url   = "http://www.amazon.com/dp/" . $ASIN . "/?tag=publisherapi-20";
              $img   = "http://images.amazon.com/images/P/" . $ASIN . ".01.LZZZZZZZ.jpg";
              $title = htmlentities(trim($book->plaintext));                
              $rssfeed .= '<title>' . $title . '</title>';
              $rssfeed .= '<link>' . $url . '</link>';
              $rssfeed .= '<guid isPermaLink="true">' . $url . '</guid>';
              $rssfeed .= '<description>';
            }
            foreach ($class->find("div.zg_byline a") as $author) {
                $bio  = "http://www.amazon.com" . $author->href . "/?tag=publisherapi-20";
                $name = htmlentities(trim($author->plaintext));
                $rssfeed .= 'By <a href="' . $authorURL . '">' . $name . '</a>';
            }
            $rssfeed .= '</description>';
            $rssfeed .= '<pubDate>' . $now . '</pubDate>';
            $rssfeed .= '</item>';
        }
    }
}
$footer  = '</channel></rss>';
$rssfeed = $head . $rssfeed . $footer;
$fh      = fopen("amazon.rss", "w");
fwrite($fh, $rssfeed);
fclose($fh);
?>

Code a Dynamic Questions & Answers FAQ Page with jQuery


You can perform many various effects using the jQuery JavaScript library. It’s an open source project which has been gaining followers for a couple years now. Aside from the many jQuery plugins you can build a lot of custom web functionality right from scratch.
I want to use this tutorial to showcase how we can build a custom FAQ webpage layout. I’ll be using a small bit of JavaScript to show and hide the answers. We could include any type of data like static text, images, or videos. Additionally you could port this code into your own layout and custom CSS codes. So without further ado let’s get started!

Wednesday, 28 November 2012

Auto complete text box using jQuery plug in


In this tutorial, we will discuss about how to implement auto complete using jQuery plug in. In this example , a text box is given , where you have to enter any Indian state . When you enter first letter of any state it will automatically show you the list of Indian states starts with "a" letter . The plug in used for this is "jquery.autocomplete.js" .

Sunday, 25 November 2012

jQuery Spectragram – An Instagram API jQuery plugin


Spectragram.js is a jQuery plugin using the Instagram API to fetch and display user, popular or tags photo feeds inside a list or any container you define and display the results as list items or any other HTML tag you define. You can also define the size of the pictures (small, medium, large).

Read More Click Here

Any List Scroller – A jQuery plugin scroll any list


CHARACTERISTICS

ALS - Any List Scroller is the jQuery plugin by musings.it to scroll any list, 

of any dimension, with any content. Try it!


  • It is surprisingly easy to use
  • it works on any kind of list
  • List elements can be texts, images, anything (read the instructions below)
  • List items must not have a fixed size, or equal to each other
  • The list can be scrolled horizontally or vertically
  • Scrolling can be simple or infinite (circular)
  • Scrolling can be manual or automatic (autoscroll)
  • You can set the number of visible items
  • You can set the scrolling step
  • You can put more than one ALS in a single page (multiple instance)
Readmore Click Here

Monday, 19 November 2012

jquery Shop Slider for Commerce Site


Responsive Shop Slider

ShopSlider is a jQuery Responsive Shop Slider Plugin for commercial sites, online shops, stores. Works well on all screen sizes, auto detects and determines the best way to display items, support tabs and AJAX load.

Main Features

  • Smart Responsive Design
  • Detect Screen Size and Determine the Best Way to Display Items.
  • Support Multi Tabs
  • Support Many Sliders in same page
  • Touch Swipe / Click to Move Next/Prev
  • Support AJAX and Inline Content
  • Many Styles and Effects
  • Control AutoPlay, Effect In, Effect Out with Duration and Delay Time …
  • Hover to Pause
  • Light Weight
  • Easy Setup
 To read more about this article Click Here

For Demo Click Here

Sunday, 18 November 2012

OpenPanel - Open Responsive Panel Anywhere


OpenPanel is a jQuery plugin that allows you to open panel at any where in your page, unlimited panels as you want and support for responsive design. With this small plugin you can open more space for your site to add anything you want.

Features:
  • Open Panels Anywhere in Your Sites.
  • Unlimited Panels
  • Support Responsive Design.
  • Inline Content for SEO Purpose.
  • Support Ajax Content.
  • Four Directions Slide and Fade Effects.
Click Here to read more about this article

For Demo Click Here

Tuesday, 30 October 2012

PHP Mail Injection Protection and E-Mail Validation

Introduction There's a lot of advice available on the subject of protecting a PHP based contact form from injection attacks, (slightly) different approaches plus various ready-made functions and classes to help you. Since I am new to this, (the article is for beginner's and I am in that category myself), I decided to take a more in depth look at as much of this advice as I could and in particular to look at the source code for a few of the ready-made solutions. In doing so I am confident that the solution I have chosen will work well for me and more importantly I know why I chose that option and what its benefits and limitations are. Hopefully you can also get to that stage by reading this. I’m happy to receive as many improvements as you can throw at me; this is about learning and understanding. I’m no expert; this is designed for beginners (like me). Just don’t tell me it’s wrong and I’m dumb, that won’t help improve the article or the advice, please try and explain it in ‘for dummies’ mode so I can adapt the article appropriately. This is also PHP focussed; no doubt other languages and mixes of languages provide other options. PHP is what I was using / learning when I got into this mess in the first place. read more here in details : Click

Registry Key Handling Through PHP

The registry is made up of "Keys". Each key is similiar to branch of a tree. Each key has one parent key, and zero or more child keys. Each key can contain zero or more "Values", each of which contains a single piece of data. read more here click

Sunday, 28 October 2012

upload large file on server

Write this code in the .htaccess file ----code----------------------------------- suPHP_ConfigPath /home/sdman007/public_html order allow,deny deny from all --------------------------------------- Create php.ini file in your root path ----code---------------------------------- ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; ; Maximum allowed size for uploaded files10mb ( You can change it) upload_max_filesize = 10M post_max_size = 10M max_execution_time=300 ;This is exicution time 300 like as 5 min max_input_time =300 ------------------------------------- After do that login ur cpanel again. Now you can see php configuration using the function.

Friday, 26 October 2012

jQuery Store Locator

jLocator is a jQuery store locator plugin uses Google Maps API V3 and enables searching, sorting, filtering and pagination for your stores. No database required.
more details Click

General Features

  • No database required
  • Google API V3 , no key required
  • All stores are declared in HTML ,
    stores HTML structure is flexible and can be changed easily.
  • Any additional info can be added to a store.
  • Map pin can be replaced by any image/icon
  • User location detection (geolocation)
  • Search stores by address, city or postal code.
  • Sort stores by title or any other property.
  • Stores auto pagination
  • Can be added several kinds on filters:
    checkbox filters, dropdown filters and textbox search
  • Fully customizable styles
  • Works in all major browsers
  • Annotated source code
  • JSDoc documentation

Wednesday, 24 October 2012

PHP: Export Database Schema as XML


Sometimes it can be useful to have a dump of the current database schema. The script below reads the schema from a MySQL database and outputs XML that describes the schema.

At first we connect to a MySQL database and use the SHOW TABLES command to return all the tables in the database. Next, we iterate over each table and return the fields for each table using the SHOW FIELDS command. Finally, we put all of the returned information into XML.
Have a look at the code:
<?php
// database constants
// make sure the information is correct
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "password");
define("DB_NAME", "tutorials");

// connection to the database 
$dbhandle = mysql_connect(DB_SERVER, DB_USER, DB_PASS) 
   or die("Unable to connect to MySQL"); 

// select a database to work with 
$selected = mysql_select_db(DB_NAME, $dbhandle) 
   or die("Could not select examples"); 

// return all available tables 
$result_tbl = mysql_query( "SHOW TABLES FROM ".DB_NAME, $dbhandle ); 

$tables = array(); 
while ($row = mysql_fetch_row($result_tbl)) { 
   $tables[] = $row[0]; 

$output = "<?xml version=\"1.0\" ?>\n"; 
$output .= "<schema>"; 

// iterate over each table and return the fields for each table
foreach ( $tables as $table ) { 
   $output .= "<table name=\"$table\">"; 
   $result_fld = mysql_query( "SHOW FIELDS FROM ".$table, $dbhandle ); 

   while( $row1 = mysql_fetch_row($result_fld) ) {
      $output .= "<field name=\"$row1[0]\" type=\"$row1[1]\"";
      $output .= ($row1[3] == "PRI") ? " primary_key=\"yes\" />" : " />";
   } 

   $output .= "</table>"; 

$output .= "</schema>"; 

// tell the browser what kind of file is come in
header("Content-type: text/xml"); 
// print out XML that describes the schema
echo $output; 

// close the connection 
mysql_close($dbhandle); 
?>

Monday, 22 October 2012

Prevent PHP Security Attacks in PHP coding

Security is important part of any language . If we learn PHP then we also need and keep in mind, all security tips and tricks to prevent our code from being attacked by hackers.


To read more about this article Click here