Android push notifications
Problems with Magento caching config?
Force magento to clear the session config cache like this
/home/harvokse/public_html/app/code/core/Mage/Core/Model/Store.php
in getConfig($path) , comment out the following
if (isset($this->_configCache[$path])) {
return $this->_configCache[$path];
}
And Mage will not cache your config… man this took a long time to find!
Password Statistics
The recent youporn database hack was an eye opener for me. Here’s a tid-bit from a pastebin that is particularly interesting http://pastebin.com/prUbcTmh , it’s well worth looking at all the other passwords statistics.
Total entries = 3,026,016
Character sets
-
loweralpha: 1394115 (46.07%)
-
loweralphanum: 799177 (26.41%)
-
numeric: 592830 (19.59%)
-
mixedalphanum: 52523 (1.74%)
-
mixedalpha: 44096 (1.46%)
-
loweralphaspecialnum: 31864 (1.05%)
-
upperalpha: 30810 (1.02%)
-
loweralphaspecial: 23603 (0.78%)
-
upperalphanum: 21809 (0.72%)
-
mixedalphaspecialnum: 9595 (0.32%)
-
specialnum: 5031 (0.17%)
-
mixedalphaspecial: 3686 (0.12%)
-
upperalphaspecialnum: 1695 (0.06%)
-
upperalphaspecial: 1204 (0.04%)
-
special: 1186 (0.04%)
So essentially out of a selection of ~3 million passwords, 2.7 million (92%) can be cracked using a dictionary attack in less than 30 seconds. Scary eh!
Also consider that a lot of passwords also contain the year 1975, 1976, 1977, 1978 or 1979. All these early 40’s men addicted to porn need to use better passwords.
Xdebug through Proxy
If you want to connect multiple concurrent sessions to an xdebug remote debugger then this is the best way to do it:
- Download and run Komodo-PythonRemoteDebugging-7.0.1-69775-linux-x86/bin/pydbgpproxy -i hostname:9001 -d hostname:9000
- Set xdbebug to connect to the server you are running the xdebug proxy on by adding the xdebug.remote_host=”servername”; directive to php.ini
- From your IDE set it to connect to xdebug proxy hostname:9001, and specifiy a unique IDE key.
- Check that your path mapping is correct if using eclipse
- Begin debugging
This is fiddly to get started with, but it will eventually work. You can always place an “xdebug_break();” call into your code to ensure that it is gonna stop in the case where breakpoints don’t seem to work.
3DSecure … what a mess
Had one of those weeks where I only tested IE support of some new code after I’d pretty much completed the system, and to my horror realised that I was going to have to do what we call in the industry a “multi-platform solution”.
What this essentially means in practice is adding a bunch of
if(browser==’InternetExplorer’)
{
Do 1 thing
}else
{
Do another
}
And it is a complete time-suck!!! I hate Microsoft right now, but in this instance I can totally see the point.
Let me explain; The “1 thing” in this case was the method that I used to submit data from a client browser to a payment gateway service running in a different domain. Turns out, if you want to do this client side, you have to send the entire browser window, as doing it from JS as an ajax call is a massive security violation. Well at least it theoretically is, and hence IE’s default security settings prohibit such things without so much as even a warning. Never mind that Safari, Chrome, FF, and Opera all allow it but give a nice little console warning that you can choose to ignore.
Now normally this doesn’t crop up, because cross domain stuff is usually taken care of server side where you can do whatever you wish in terms of cross domain service calls. The one place it does crop up is when implementing 3d Secure, that annoying little box that pops up when you buy things over the internet asking you to validate your purchase. That little box is actually running in an Iframe (normally) on your bank’s webserver domain. Now here’s the kicker; you are not really supposed to communicate between Iframes running across different domains, and when you do this in IE you will be shown a lovely “Access Denied” error message. So what did I do? Turns out
<script>
parent.location.href= “’.$redirectURL.’”;
</script>
is not fine… whereas
<script>
window.parent.location.href= “’.$redirectURL.’”;
</script>
is.Unbelieveable!
So despite IE’s holier-than-every-other-browser attitude about security enforcement, you can do at least a little bit of cross domain communication.
How to detect CS Cart’s current language from within Smarty
{$smarty.session.settings.cart_languageC.value}
Will print lang code such as ‘EN’ or ‘DE’.
If you want to put certain things on a particular language version of your cs cart site here is a template;
{if $smarty.session.settings.cart_languageC.value == ‘EN’}
<htmlTags>Stuff for only english language version of the site</htmlTags>
{/if}
CS Cart Revelation: addon function hooks
I discovered something buried deep in the CS Cart codebase that I’d like to share as I haven’t seen it documented anyway else, not even on the official developers docs; function hooks that you can define in addon.xml to do installation/removal tasks.
Here’s how it works:
in addon.xml
<functions>
<item for=”before_install”>beforeInstallPacnetProcessor</item>
<item for=”install”>installPacnetProcessor</item>
<item for=”uninstall”>uninstallPacnetProcessor</item>
</functions>
in func.php
function beforeInstallPacnetProcessor()
{
fn_set_notification(‘N’, ‘Installation’, ‘triggered before installation’, ‘K’);
}
function installPacnetProcessor()
{
fn_set_notification(‘N’, ‘Installation’, ‘Installed extra bit’, ‘K’);
}
function uninstallPacnetProcessor()
{
fn_set_notification(‘N’, ‘Uninstallation’, ‘Uninstalled extra bit’, ‘K’);
}
Needless to say this is very useful to know about, no more addon/controllers/{context}/controller.postOrPre.php !!!
Vanilla AJAX Vs. Object Relational AJAX
I’ve been experimenting with a different type of software architecture for a couple of months with some web applications I’ve been developing, and I’ve discovered a massive shortcut that I’d like to share with you; Object Relational AJAX (at least that’s what I’m going to call it anyway.
Now I’m not saying this hasn’t been done before, but as far as I’m aware it certainly isn’t common, at least not in web apps. What it essentially boils down to is changing the mechanics of a web app to doing everything possible in the client in Javascript on Objects that get automatically generated by your server technology directly from your database using some kind of Object Relational mapping (CakePHP has a really good one) and a nice little onLoad JS like the following:
var Page = function(pageId)
{
this.data = this.getPageJSONFromDB(pageId);
};
Page.prototype =
{
getPageJSONFromDB: function(pageId)
{
var pageJSON;
var jqxhr = $.ajax(
{
type: ‘GET’,
url: RUN_PATH+”/api/get_page/”+pageId,
//data: {‘page_id’: pageId}, //only use data for POST
async: false
})
.success(function(result)
{
pageJSON = result;
})
.error(function()
{
alert(“error getting page data”);
})
.complete(function() { });
return eval(‘(’ + pageJSON + ‘)’);
},
updatePage: function(pageVars)
{
var jqxhr = $.ajax({
type: ‘POST’,
url: RUN_PATH+”/api/update_page”,
data: {
‘page’: this.data
},
async: false
})
.success(function(result) {
//page updated
})
.error(function() { alert(“error setting page data”); })
.complete(function() { });
},
};
var page = new Page(id);
You can then do everything you need to on the page Object in the way of user initiated data updates, etc from within your clientside code and pass it back to the server using the updatePage() method.
Why would you want to do it this way?
1) It’s a lot faster to develop with, especially when the serverside data model is prone to changing. It means when the underlying data model or model relationships change then you have to only do minimal changes to your clientside code. The alternative (Vanilla AJAX) is tightly coupled to your data model; if it changes you need to rewrite a lot of clientside code.
2) It forces an API-first methodology of software architecture. You end up writing each web application “page” or “view” as a standalone javascript application on top of a server side RESTFul API, which has the advantage of supporting not only HTML browsers but gives you the server side support of any number of different platform Apps for free (Android, iPhone, etc).
What often happens with web applications is the serverside becomes tightly coupled to a particular client side technology (HTML/CSS/etc), even when a modern MVC architecture is used to try to separate code from presentation while the application is launched, and then when it’s a success engage in a horrendous refactoring effort to build an API to allow third party integration of the system (something all SaaS enterprise applications pay well for). Just do it from the beginning!
Smarty template debugging
If you need to quickly see the contents of a smarty $view variable, and don’t want to or cannot use the main template debugging console use the following little used trick
{$view_var_that_has_been_assigned_name|@var_dump}
Even more xdebug : when a breakpoint doesn’t stop in eclipse
http://stackoverflow.com/questions/3422433/xdebug-ignores-breakpoints
After yet more issues getting xdebug to stop at a breakpoint in eclipse I finally reaslised what the issue was; path mapping. Eclipse needs to tell xdebug how to map paths to certain files. If you have a workspace with several files all called index.php, xdebug needs to know which index.php.
For mine and others future reference ensure that under Debug Configurations->current configuration->PHP Server->Configure->Path Mapping has the correct paths if you have multiple files all named the same across your workspace.
For example, I have phpmyadmin in my html_docs root dir which has several index.php’s, and I also work extensively with Zend and CakePHP frameworks where there is also a cross over in some of the filenames. If you setup path mapping for your project correctly it’ll stop at your breakpoints. If not there’s always xdebug_break().
