Category Archives: PHP

PHP

CakeOTP 1.1 – User Registration with One Time Password for CakePHP Released

CakeOTP is a reference implementation of User Registration with a secure, table-less and expirable implementation of One Time Password for the popular CakePHP development framework.

New in CakeOTP release 1.1

1) Automatic login process, after the account activation- The user is automatically logged into the site and is redirected to an internal page, immediately after activating his/her account.
2) User email validation.

Download this release here.

Checkout the Online Demo, project page and getting started page.

How to Connect IPWEditor to the Server Side

I have been getting multiple support requests from developers how want to save the data edited in IPWEditor on the server side.

Saving information in the server side is a server-side feature and out of scope for IPWEditor (which is a client-side JQuery plug-in), moreover, it is programming language depended – a java developer might handle this differently from a .NET or a PHP developer.

Despite all that, I will try to give general guild on how it is done, I will be using PHP for the server-side examples but you can use any server side programming language you prefer.

Continue reading

Security issue in CakePHP code documentation

I have been using CakePHP for a long time now and enjoy every second. It provides a productive, easy to use and well document platform for PHP application. The key advantages for me are – transparent OR mapping, a strong Model View Controller framework, and tons of extra utilities that make your life better.

I have came across a possible security issue in one of cakePHP code examples. This section of code is responsible to authorize or un-authorize clients access to a certain action (MVC flow)

action == 'delete') {
            if ($this->Auth->user('role') == 'admin') {
                return true;
            } else {
                return false;
            }
        }

        return true;
    }
?>

The major security rule this code is breaking is – never ever have ‘return true’ as a default for an authorization method.
Continue reading

CakeOTP 1.0 – Secure, Expirable, Table-less One Time Password for CakePHP Released

CakeOTP is a secure, table-less and expirable implementation of One Time Password for the popular CakePHP development framework.

A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.

The problem is that most one-time password implementation involve maintaining additional database tables and batch process that handle the persistence and expire date of the one time password. This adds complexity and reduces performance.

CakeOTP is a simple and clean implementation of one time password. It reduces complexity by removing the redundant SQL calls and DB batch maintenance while still keeping the one time password secure and expirable.

Download this release here.

Checkout the Online Demo, project page and getting started page.

Feel free to post comments and questions.

CakeOTP 0.1 beta release – One Time Password Reference Implementation for CakePHP


I have started to implement the algorithm for tableless, secure One time password.

Here is a link to the Demo, and here is a link to the beta release.

The only thing you need to do other then the regular cakePHP setup is to create a user table (used by the CakePHP Auth component):

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL auto_increment,
  `username` char(50) default NULL,
  `password` char(40) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=23 ;

Continue reading

Make ThickBox Work with Other JavaScript Libraries / Resolve ThickBox Conflict Issues

ThickBox is a cool visualization tool based on Jquery JavaScript library. ThickBox helps you display photos in a cool way and is useful in many web projects.

The problem

ThickBox does not work when the HTML pages has other JavaScript libraries such as Mootools.

Debuging the error reveals this:

$(domChunk) is null

Continue reading

Apache Crashes on Windows – Check Your Ports

Apache is one of the most popular web servers in the market today. It usually runs on Linux-based machines but lately there are more and more deployments, for development as well as other reasons, of Apache on Windows. Nowadays, running Apache web server on Windows is very common for PHP developers. Many developers develop their PHP application on their home windows or Mac and deploy to a remote Linux server.
Continue reading

PHP Transparent Database Access layer – PHP Object-Relational Mapping (PHP ORM)

The combination of Relational Data (database) and Object Oriented Programming (OOP) is not a match made in heaven. The way we work with objects is totally different than the way we access Data. The problem is that in most projects you need to access data and write Object Oriented Classes to display and manipulate that data.
Continue reading

Generate and Format Last Updated in PHP

As a reader of many on line product reviews, I am always interested in the time this review is relevant for. As time pass things change and review get stale.

If you have this need as a webmaster and your review is file based (as appose to DB) you can use the filemtime function to automatically generate the last updated:


$LAST_UPDATED = date ("F d Y", filemtime('review.php'));

Where review.php is the file that holds the product review for example.
Continue reading