Simple way to generate a random password in PHP

When creating web apps, there’s often a need to generate a random password for your users. There are a number of ways to do this, but in needing to do it recently I came up with this very simple function that will generate a password (or other random string) of whatever length you wish. It’s particularly useful when generating passwords for users that they will then change in the future. It uses PHP’s handy str_shuffle() function:

<?php
    function random_password( $length = 8 ) {
         $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?";
         $index=rand($length,$length*$length);
         $password='';
         for($i=0;$i<$index;$i++){
            $password = substr( str_shuffle( $chars.$password ), 0, $length );
         }
         return $password;
    }

?>
<?php $password = random_password(8); ?>

NOTE: This method is better than the on posted in the Source. It randomizes the password generation process enough to be safe from brute force or predictability.

When and how much to mix technologies for a project?

The main idea behind using a technology is to harness the power of code re-usability and libraries that have already been worked on and trusted to be working and functional with minimal or no issues.

The term “Technology” does not just refer to Java or C++ or JavaScript. It also refers to the frameworks that can be used to suffice some or the other requirements with minimum cost and minimal effort investment. One example can be any Application Development Framework Like Oracle ADF, Pega or Drupal, etc. The framework itself provides functionalities that are most common and also takes cares of the issues that people face while developing an application.

Any application which has to be developed from scratch needs a lot of work just to be useful enough to be used in Production environment. Basic Non-functional requirements such as MVC Architecture, Security safeguards, Application Performance, etc. are the basic and most common features of the application. In addition, Secure Login, User Registration and authentication, role mapping and similar features are also mandatory features of the application.

Most frameworks provide features such as configurable work flows, built in UI Elements, security aspects and many other features. Features such as SQL Escaping, HTML Tag Escaping and MVC Pattern architecture are generally already inbuilt to the framework. The developers can simply configure the workflows, create screens and corner out application logic and then the application is good to go.

But is that enough that we may need??

This the main question that we need to ask when trying to select technologies and try to mix them to achieve the application requirement. The Case study can be a sample B-2-B Application say Business-2-Go (B2G).

Advantage of Techs to be selected:

The B2G can be based on 3 major technology products namely an Identity Management System, an Application Development Framework, and a Content Management Service. The technologies in combination provide the architecture to harness the features out of the box.

The IDM would provide Session Maintenance, Role Mappings, Access Authentications and invalid access handling.

CMS on the other hand takes care of the static content of the application. This technology handles the application content which needs to be configurable but would be changed in very rare scenarios. The main usefulness lies in the fact that the CMS portal can be exposed to the customer admin team as well and be comfortable as the code base will not be touched by the Non Development User.

The ADF constitutes to the application flow of the B2G. All user interactions and other business logic is handled by this technology. The flexibility of the framework helps create applications quickly and more efficiently than the older technologies/frameworks such as J2EE Servlets/JSP or struts and so on.

Further technologies like JavaScript, jQuery, CSS have been used to achieve the look and feel that was decided by the client.

Disadvantages of Techs to be selected:

The disadvantages or rather limitations of the tech or the team using the tech is the one that decides whether the tech can be used or not.

The major factors can be:

  • Cost: The technology that has been perfected and supported may be in most cases be licensed. Thus incurring costs to the budget of the project. The alternative may be using Open Source technologies/frameworks. But there the problem exists of the credibility of the source, issue support and whether documentation is enough or not.
  • Resource Availability: Assuming that the cost barrier of the license has been overcome. Now the major concern is whether the resources for the technology are available or not. If not, then can existing resources be trained or can new resources can be acquired. Again the cost factor is affected in this concern.
  • Technology Limitations: Technologies have limitations in themselves also. The limitation may not be a feature that cannot be achieved, but the effort that may be involved in achieving the feature. A simple example may be a particular look and feel of a B2G. Many of the UI Elements may or may not be achievable with the selected core ADF. Or even if they are achievable, it is after a lot of R&D or with lot of hit and trials. Though this is not something that may rule out the technology itself, but may be enough to include other technologies like jQuery into the picture.
  • Interfacing efforts: While mixing technologies, spots/hooks need to be found where 1 tech may latch on to or may be placed in with the other. For example, jQuery is an Independent Tech and in the selected ADF, generally has an internal client side scripts are functioning on its own end. There may be provisions which execute scripts that achieve the UI functionalities. Similarly the CMS may not have stable out of the box connectors to code layer of the application. Thus interfaces are written to implement make this possible. This effort may also turn out to be a concern for using a tech.

An example of tech selection may be PHP. The technology PHP can also be used for creating a complete application and 99% of the same application can be achieved using PHP frameworks. In fact the cost of the tech is 0 (Open Source) and resource costing would be way lower than those of licensed application framework. But the efforts and timescale needed to achieve all the functionalities required will be humongous. Thus ruling out the tech.

Another concern that can be raised is how much the technologies can be mixed. Surely each of the frameworks will be providing some or the other comfort or a feature. Even if they are published in open source or you may have license available. Does that mean that all technologies should be mixed..??

Interfacing technologies uses effort. It also invokes limitations. An example may be the various attempts to integrate popular front-end framework like AngularJS with Oracle ADF. Oracle ADF is a mainly a Server Side Technology, maintaining all functionalities server side and providing a wide palette of features for an application. AngularJS on the other hand is a completely UI framework. It is completely Client Side Intensive Tech. Both frameworks are completely in the opposite directions. Both are unaware of the other. There are blogs showing way how to integrate both the technologies. But all can point out the issues in the integration. This is a small example, but scaling this, similar issues may be faced and thus may be counted as factors in Tech Selection.

In Conclusion, the trade-offs govern the selections of the technologies to be used in a project. Proper selections must be made in order to plan out the architecture. Improper selection may lead to issues, crashes, late deliveries or redundant costs.

References:

Image: https://www.systrends.com/sites/default/files/banner/appdev_banner2.jpg

OpenCart 1.5.X developer quick start guide for beginners

This guide is written for developers already familiar with PHP, OOP and the MVC architecture

In the following, you’ll see examples for the catalog side of the cart. The admin side is identical in function with the exception of the views which is noted in the relevant section


Understanding Libraries

All of the library functionality is accessible through Controller, Model and Views using $this->library_name. All of these can be found in the /system/library/ folder. For example, to access the current shopping cart’s products, you’ll need to use the Cart class, which is in /system/library/cart.php and can be accessed using $this->cart->getProducts()

Commonly used items

  • customer.php – Customer related functions
  • user.php – Admin user related functions
  • cart.php – Cart related functions
  • config.php – All settings are loaded from this
  • url.php – URL generation functions

Understanding the route parameter

OpenCart’s framework relies on the route=aaa/bbb/ccc in the query string parameter to know what to load, and is the underpinning feature to finding the files you need to edit for each page. Most route’s actually only use the aaa/bbb which should be seen as two parts, however some contain three parts aaa/bbb/ccc The first part aaa generally related to the folder within a generic folder such as the controller or template folders. The second part usually relates to the file name, without the relevant .php or .tpl extension. The third part is explained in the understanding controllers below


Understanding languages

Languages are stored in /catalog/language/ folder in the your-language subfolder. Within this, general text values used across various pages are stored in the your-language.php file inside the folder, so for the English language on the catalog side, you’ll find the values in catalog/language/english/english.php. For specific page text, you’ll need the route for the page (This is generally the case, but not always as you can specify any language file you like). For example, the search page has the route product/search, and therefore the language specific text for that page can be found in catalog/language/english/product/search.php (Notice the file’s name and subfolder match the route followed by .php.

To load the language in a controller, you use

$this->language->load('product/search');

Then you can use the language library function get to retrieve specific language texts, such as

$some_variable = $this->language->get('heading_title');

The language variables are assigned in the language file using a special variable $_ which is an array of keys and text values. In your /catalog/language/english/product/search.php you should find something similar to

$_['heading_title']     = 'Search';

The values in the global language file english/english.php are automatically loaded and available to use without the $this->language->load method


Understanding controllers

Controllers are loaded based on the route and are fairly straight forward to understand. Controllers are located in the /catalog/controller/ folder. Continuing from the last example, the Controller for the Search page is in /product/search.php within this folder. Notice again that the route followed by .php is used.

Opening the controller file, you’ll see a Pascal Case classname extending the Controller class, called ControllerProductSearch. This again is specific to the route, with Controller followed by the subfolder name and file name without the extension capitalised. The capitalisation is not actually required, but it’s recommended for easy readability. It’s worth noting that classnames don’t take any values from the subfolder and file name other than letters and numbers. Underscores are removed.

Within the class are the methods. Methods in the class declared public are accessible to be run via the route – private are not. By default, with a standard two part route (aaa/bbb above), a default index() method is called. If the third part of a route (ccc above) is used, this method will be run instead. For example, account/return/insert will load the /catalog/controller/account/return.php file and class, and try to call the insert method


Understanding Models

Model’s in OpenCart are found in the /catalog/model/ folder and are grouped based on function not the route, and therefore you will need to load them in your controller via

$this->load->model('xxx/yyy');

This will load the file in the subfolder xxx called yyy.php. It is then available to use via the object

$this->model_xxx_yyy

and as with controllers you can only call it’s public methods. For instance, to resize an image, you would use the tool/image model and call it’s resize method as follows

$this->load->model('tool/image');
$this->model_tool_image->resize('image.png', 300, 200);

Understanding variable assignment in views from the controller

In order to pass values to the view from the controller, you simply need to assign your data to the $this->data variable, which is essentially an array of key => value pairs. As an example

$this->data['example_var'] = 123;

Accessing this in a view is a little should be easy to understand if you’re familiar with the extract()method which converts each key into a variable. So the example_var key becomes $example_varand can be accessed as such in the view


Understanding themes

Themes are available to the catalog side only, and are basically a folder of templates, stylesheets and theme images. Theme folders are placed in the /catalog/view/theme/ folder followed by the theme name. The folder name isn’t of importance with exception to the default folder

The admin side uses /admin/view/template/ (skipping the /theme/theme-name/ from the path as it doesn’t allow differing themes)

Template files reside in a template folder within the theme folder. Should any template not be available for the currently selected theme, the default folder’s template is used instead as a fallback. This means themes can be created with very few files and still function fully. It also reduces code duplication and issues as upgrades are made


Understanding views (templates)

As with language and models, the view file’s are generally related to the route, though don’t have to be at all. Templates on the catalog side are usually found in /catalog/view/theme/your-theme/template/ unless it doesn’t exist, in which case the default theme’s templates will be used. For our search page example above, the file is product/search.tpl. For routes with three parts, it is generally in aaa/bbb_ccc.tpl though there’s no hard set rule. In the admin, most pages follow this, with the exception that pages listing items, like the product listing page are in catalog/product_list.tpl and the product editing form is in catalog/product_form.tpl. Again, these aren’t set, but a standard for the default cart

It’s worth point out that the template file is in fact just another php file, but with a .tpl extension and is actually run in the controller file, therefore all of the things you can code in a controller can be run in a template file (though not recommended unless absolutely necessary)


Understanding the database object

Queries are run using

$result = $this->db->query("SELECT * FROM `" . DB_PREFIX . "table`");

DB_PREFIX as the name suggests is a constant containing the database prefix if one exists

$result will return an object for SELECT queries, containing a few properties

$result->row contains the first row’s data if one or more are returned as an associative array

$result->rows contains an array of row results, ideal for looping over using foreach

$result->num_rows contains the number of results returned

There are also a few extra methods the $this->db object has

$this->db->escape() uses mysql_real_escape_string() on the value passed

$this->db->countAffected returns the number of rows affected by an UPDATE query and so on

$this->db->getLastId() returns the last auto increment id using mysql_insert_id()


Understanding reserved variables

OpenCart has predefined variables to use in place of the standard $_GET, $_POST, $_SESSION, $_COOKIE, $_FILES, $_REQUEST AND $_SERVER

$_SESSION is edited using $this->session->data where data is an associative array mimicking the $_SESSION

All of the others can be accessed using $this->request and have been “cleaned” to comply with magic quotes enabled/disabled, so

$_GET becomes $this->request->get

$_POST becomes $this->request->post

$_COOKIE becomes $this->request->cookie

$_FILES becomes $this->request->files

$_REQUEST becomes $this->request->request

$_SERVER becomes $this->request->server


Summary

While the above isn’t a bulletproof guide for developers, hopefully it will serve as a good starting point for those getting started

Credit: Post

How to create a custom admin page in OpenCart?

OpenCart uses the MVC pattern.

Recommended reading: How to be an OpenCart Guru?

1) Create a new file in admin/controller/custom/helloworld.php

Your filename and controller name should be the same in desc order:

helloworld.php

<?

class ControllerCustomHelloWorld extends Controller{ 
    public function index(){
                // VARS
                $template="custom/hello.tpl"; // .tpl location and file
        $this->load->model('custom/hello');
        $this->template = ''.$template.'';
        $this->children = array(
            'common/header',
            'common/footer'
        );      
        $this->response->setOutput($this->render());
    }
}
?>

2) Create a new file in admin/view/template/custom/hello.tpl

Hello.tpl

<?php echo $header; ?>
<div id="content">
<h1>HelloWorld</h1>
<?php
echo 'I can also run PHP too!'; 
?>
</div> 
<?php echo $footer; ?>

3) Create a new file in admin/model/custom/hello.php

<?php
class ModelCustomHello extends Model {
    public function HellWorld() {
        $sql = "SELECT x FROM `" . DB_PREFIX . "y`)"; 
        $implode = array();
        $query = $this->db->query($sql);
        return $query->row['total'];    
    }       
}
?>

4) You then need to enable the plugin to avoid permission denied errors:

Opencart > Admin > Users > User Groups > Admin > Edit

Select and Enable the Access Permission.

To visit your page go to

www.yoursite.com/opencart/admin/index.php?route=custom/helloworld

Credits: Post

PHPMAILER: Attach A File To An Email In PHP

The steps below shows you how to set up and use the PHPMailer library:

  • Import the PHPMailer Lib into your project either using Autoloader or Include. Library can be found @
  • Implement the code as below:


include('phpmailer.php');

$email = new PHPMailer();
$email->From = ‘##Source Mail ID##’;
$email->FromName = ‘##Mailer Name##’;
$email->Subject = ‘##Subject##’;
$email->Body = ‘##Content##’;
$email->AddAddress( ‘##destination Mail ID##’ );
$file = ‘##Path to File to be attached##’;
$email->AddAttachment( $file, ‘##label of file that is attached##’ );
return $email->Send();

if we want to attach a file to an email directly from an upload, you can pass in the uploaded file from the $_FILES global like so
$email->AddAttachment( $_FILES['attachment']['tmp_name'], $_FILES['attachment']['name'] );

Make sure your mail server is configured and is working. In case not then follow this to setup a local open source mail server

SQL to Mongo Mapping Chart

This is a PHP-specific version of the » SQL to Mongo mapping chart in the main docs.

SQL Statement Mongo Query Language Statement
CREATE TABLE USERS (a Number, b Number) Implicit or use MongoDB::createCollection().
INSERT INTO USERS VALUES(1,1) $db->users->insert(array(“a” => 1, “b” => 1));
SELECT a,b FROM users $db->users->find(array(), array(“a” => 1, “b” => 1));
SELECT * FROM users WHERE age=33 $db->users->find(array(“age” => 33));
SELECT a,b FROM users WHERE age=33 $db->users->find(array(“age” => 33), array(“a” => 1, “b” => 1));
SELECT a,b FROM users WHERE age=33 ORDER BY name $db->users->find(array(“age” => 33), array(“a” => 1, “b” => 1))->sort(array(“name” => 1));
SELECT * FROM users WHERE age>33 $db->users->find(array(“age” => array(‘$gt’ => 33)));
SELECT * FROM users WHERE age<33 $db->users->find(array(“age” => array(‘$lt’ => 33)));
SELECT * FROM users WHERE name LIKE “%Joe%” $db->users->find(array(“name” => new MongoRegex(“/Joe/”)));
SELECT * FROM users WHERE name LIKE “Joe%” $db->users->find(array(“name” => new MongoRegex(“/^Joe/”)));
SELECT * FROM users WHERE age>33 AND age<=40 $db->users->find(array(“age” => array(‘$gt’ => 33, ‘$lte’ => 40)));
SELECT * FROM users ORDER BY name DESC $db->users->find()->sort(array(“name” => -1));
CREATE INDEX myindexname ON users(name) $db->users->ensureIndex(array(“name” => 1));
CREATE INDEX myindexname ON users(name,ts DESC) $db->users->ensureIndex(array(“name” => 1, “ts” => -1));
SELECT * FROM users WHERE a=1 and b=’q’ $db->users->find(array(“a” => 1, “b” => “q”));
SELECT * FROM users LIMIT 20, 10 $db->users->find()->limit(10)->skip(20);
SELECT * FROM users WHERE a=1 or b=2 $db->users->find(array(‘$or’ => array(array(“a” => 1), array(“b” => 2))));
SELECT * FROM users LIMIT 1 $db->users->find()->limit(1);
EXPLAIN SELECT * FROM users WHERE z=3 $db->users->find(array(“z” => 3))->explain()
SELECT DISTINCT last_name FROM users $db->command(array(“distinct” => “users”, “key” => “last_name”));
SELECT COUNT(*y) FROM users $db->users->count();
SELECT COUNT(*y) FROM users where AGE > 30 $db->users->find(array(“age” => array(‘$gt’ => 30)))->count();
SELECT COUNT(AGE) from users $db->users->find(array(“age” => array(‘$exists’ => true)))->count();
UPDATE users SET a=1 WHERE b=’q’ $db->users->update(array(“b” => “q”), array(‘$set’ => array(“a” => 1)));
UPDATE users SET a=a+2 WHERE b=’q’ $db->users->update(array(“b” => “q”), array(‘$inc’ => array(“a” => 2)));
DELETE FROM users WHERE z=”abc” $db->users->remove(array(“z” => “abc”));

Source