05 Aug 10 PHP Programmer
I’m Adam Palmer, and I’m a UK based PHP Programmer. I represent APNIC Solutions Ltd – we’re a well established London, UK based firm with a massive amount of experience building clean and powerful solutions for web businesses. We specialize in secure, high traffic applications, specifically ecommerce.
As head of the firm, I come from a background of extensive experience in a huge variety of different technologies. Bespoke solutions are our core competency. We work with our own dedicated team of offshore developers, built and shaped over the last 5 years, who deliver professional PHP/MySQL code and SEO at a fraction of the regular cost.
We offer you a single point of contact in the UK who will manage your solution from conception to delivery. You need never deal with foreign developers, missed deadlines and broken or incomplete software again!
Contact us to discuss your ideas today.
 |
Discuss & Collaborate Discuss your ideas with us, and we will shape the future of your solution. Should you have a team of developers already, we are more than happy to work along side them, or even just provide the consultancy, ground work and technical direction for your project. |
|
 |
Plan & Install Once the final points of your solution are documented, we’re ready to start setting up and installing the framework and identifying any potential issues that haven’t been located yet. This ensures that major bugs are considered and accounted for now and not after your solution goes live. |
|
 |
Build, Configure & Test Now the big part.. building your solution for you, configuring and accounting for every aspect, and testing rigorously as we go. We pride ourselves on our extensive testing and SEO facilities, an often overlooked key part of solution design. Not only do we design a fantastic solution, but unlike many other providers, we make sure that it actually works when your users start pouring in. |
|
 |
Finalize & Deliver Now your solution is built, it needs some polishing off, further testing, and evaluation to ensure that it meets all of your initial needs. Expect an ideas document at this point, informing you of all the great things your system can and in future could do that you didn’t even think of! |
|
 |
Support & Maintain Your ideas have evolved into a final product now and are ready to go. You’ll be fully equipped with all the interfaces that you need to utilize this solution and all the reporting you need to enable you to make informed and successful business decisions in future. We’ll support you all the way through, happy to maintain, and get ready to take your initial successes and build upon them. |
Contact us to discuss your ideas today.
Tags: adam palmer, apnic solutions, php programmer, php programming
05 Aug 10 PayPal Desktop Application
I’ve been considering writing a PayPal desktop application for Windows for some time now. I’ve seen a couple of attempts at this done before, as well as web systems that utilize PayPal’s API. I haven’t seen a definitive piece of software that handles your PayPal account operations from your desktop.
PayPal’s API doesn’t support everything you might want to do, specifically sending payments, so it’s possible that some of the functionality could only be achieved by scraping the site. My main list of features is as follows:
1. Instant popup on payment receipt
2. Fast and powerful reporting, stats and graphs.
3. Quickly and easily in a few clicks send a payment.
Any ideas or interest? Please let me know!
Tags: paypal
29 Jul 10 Local Deals Website
Check out http://www.dealsnear.me a brand new site to find, post and follow local deals in your area. Visit the site, select your market, and find local offers, all for free.
Tags: deals, dealsnear.me, post tags
26 Jul 10 Ethernet over mains power lines
I’ve been using a really clever device for the last few years that a lot of people seem to be unaware exists. It’s an ethernet over powerlines adapter – one such example is the Devolo dLAN. In a nutshell, you plug it into the mains, and connect the Ethernet socket to your network device. You can then plug as many others as you like to various other powerpoints and extend your network wherever the power stretches. Devolo do ones that run up to 200mbit. It’s a theoretical maximum, although I’ve got 177mbit before which is impressive. It has a couple of downsides:
1. It won’t traverse 3 phase power. I’ve tried it, and I’ve ended up with a very weak/nonexistant signal which is probably more inductance than anything else.
2. Obviously it doesn’t handle bad cables well – it doesn’t much like extension cables either.
3. Different circuits work about as well as 3 phase power, the only signal you will get is probably inductance between the two circuits.
Some advantages:
1. It travels pretty far. I’ve had over 150mbit between adapters at opposite ends of the house.
2. No new cabling
3. Fully supports standard Ethernet so all network protocols will work just fine over it.
4. I love it
For anyone running a home or office network and not fortunate to have Ethernet points cabled in, I strongly recommend these devices, you’ll never know the difference.
Tags: devolo, ethernet, LAN, network
18 Jul 10 Redirecting all HTML files to PHP files
Let’s say that you want to rename all your HTML files to PHP files to begin PHP Programming. However, you don’t want to lose all your inbound links to your HTML files. Here’s a quick and easy way to automatically convert all .html incoming addresses to .php files on your server, allowing you to switch to PHP and also keeping all your existing .html links working.
Create a .htaccess file, and enter:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)\.html $1.php [R=301,NC]
This creates a permanent working 301 redirect (Search Engine Friendly) to your new .PHP file.
Tags: htaccess, PHP, php programmer, rewrite, rewritecond, rewriteengine, rewriterule
16 Jul 10 Passing PHP variable data through POST
Recently, I was developing an API for a PHP application I’d built, to be utilized by other php programmers. Essentially, the php programmer passes a load of data to our API though a POST variable. This is as follows:
$api->process($to_process, $data, $opt1, $opt2);
$to_process is an array, as follows;
$to_process = Array( Array(“FOO”, “BAR”, 1, 2), Array(“BAR”, “FOO”, 5, 3), Array(“HELLO”, “World”, 9, 10) );
And $data is a ~5k string containing HTML code.
My best option so far, has been $data_array = Array(); $data_array[] = $to_process; $data_array[] = $code; $data_array[] = $opt1; $data_array[] = $opt2;
We can then send urlrawencode(serialize($data_array)); from our PHP script to the web API via curl through POST data. On the remote API server, we don’t need to use urlrawdecode() as the web server handles this for you. It’s also worth ensuring that magic_quotes_gpc is off. Simply, $data_array = unserialize($_POST['variable']); should do just fine.
Tags: api, array, php programmer, php variable, post data, serialize, unserialize, urlrawencode
09 Jul 10 SSL increases confidence
If you run a commerce website, you’ve probably heard about SSL certificates. Depending upon the level of certificate that you have, they verify the validity of your domain, up to detailed information about your company. An SSL certificate isn’t handy just for commerce sites, however. It’s a vital website security component for any site that deals with personal information of any sort.
These days, attacks on severs are commonplace, and website users are wary, especially when it comes to entering sensitive information. That’s where an SSL certificate comes in handy. It increases consumer confidence, and confidence of visitors in general. It shows that you’re serious about what you’re doing.
(more…)
Tags: commerce, purchases, security, SSL, website
30 Jun 10 Cross Site Scripting XSS
As a website security consultant, Cross Site Scripting or XSS vulnerabilities are something that I see just as often as the always popular SQL Injection attack.
Cross Site Scripting seems to have originally meant, placing some malicious code on your victim site, that would pull code (usually javascript, but sometimes vbscript) from another malicious domain. Each client that visited the victim site, would end up unknowingly having 3rd party malicious script code executed on his own browser. Now, it has become a term used to describe any type of malicious scripting attack.
The first example is a simple one. Many sites allow user comments. A user could quite easily enter:
This is my comment!<script type=”text/javascript”>
alert(“script!”);
</script>
Any user that hits this affected page, will now see a popup box with the text “script!”. The user could also just as easily have entered a script source of http://www.nastydomain.com/nastyscript.js which will be downloaded and executed.
The second option is to place some javascript code that steals the user’s cookies for that particular site, and then post them to a 3rd party site. His cookies may contain a login and password, or more likely a login hash. The attacker can then use these cookies to hijack the user’s session, and access possible sensitive areas of a site under that user’s account, as that hijacked user.
Fortunately the solution is simple. Either use htmlentities() to ‘escape’ HTML entities, i.e. converting <’s to < etc. Or, use strip_tags, to remove all HTML tag input.
Tags: cross site scripting, html, htmlentitie, javascript, PHP, strip_tags, website security consultant, xss
25 Jun 10 MySQL – Find Duplicates Only
Within MySQL, we may want to select duplicate records, instead of just selecting unique records. Assuming a table name of ‘table’ and the field to check on being ‘field’;
To select UNIQUE rows only:
SELECT DISTINCT field FROM table;
To select DUPLICATE rows only:
SELECT field FROM table GROUP BY field HAVING ( COUNT(field) = 2 )
To select DUPLICATE, TRIPLICATE or more rows only:
SELECT field FROM table GROUP BY field HAVING ( COUNT(field) > 1 )
Tags: distinct, duplicate, having, MySQL, select, unique
24 Jun 10 PHP, MySQL and memcached
According to memcached is a distributed object memory caching system. It can be used to set and get data by keys by any application that supports sockets.
As a website security consultant I advise you to ensure that your memcache server runs on 127.0.0.1 only and that you secure your server. Anyone with access to the server can telnet to the server’s local interface and get/set your memcache data.
I’ve used memcached for a number of PHP/MySQL projects, where I want greater cache control on database queries, than just relying on MySQL’s inbuilt caching abilities.
Now, whilst memcached should not be used to mask bad database design and optimization, or badly written SQL queries, it can help dramatically with queries that simply take a long time and have already been optimized as far as possible.
Assume that you had a simple database query wrapper:
(more…)
|
I'm Adam Palmer, and I'm a PHP Programmer, Web Security Consultant, and Linux Consultant.
I run 'APNIC Solutions Ltd' and spend most of my time consulting, managing server clusters, and writing PHP, whilst what little spare time I have is dedicated to playing with gadgets.
|
