Archive for the ‘OOPS’ Category
Protect file uploads via PHP
Check server-side MIME type of uploaded files
The PHP form variable $_FILES[‘file’][‘type’] does not return correct mime type, so we have to use some php functions like…….
> finfo_file()
> getimagesize()
> exif_imagetype()
if(version_compare(substr(PHP_VERSION,0,1),5) == -1) { $san = finfo_open(FILEINFO_MIME); $mime = finfo_file($san,$FileName); $tmpvar = explode(";", $mime); finfo_close($san); if($mime == "image/jpeg") { echo "this is jpeg"; } else { echo "this is not jpeg"; } }
One can use getID3 [http://getid3.sourceforge.net/] classes to get mime type other than images….
Don’t upload to a web accessible directory
Protect your directory to execute perticular file type by putting a .htacces file in directory
AddType text/plain .php .js .cgi
more help here:
http://www.askapache.com/htaccess/mod_rewrite-tips-and-tricks.html
ePassporte payment gateway
Sample code for HTML pages:
<FORM ACTION=”https://www.epassporte.com/secure/eppurchase.cgi” TARGET=”NEW” METHOD=”POST”><BR>
<INPUT TYPE=”HIDDEN” NAME=”acct_num” VALUE=”[account number here]”><BR>
<INPUT TYPE=”HIDDEN” NAME=”pi_code” VALUE=”[product code here]”><BR>
<INPUT TYPE=”HIDDEN” NAME=”gohere” VALUE=”CART”><BR>
<INPUT TYPE=”HIDDEN” NAME=”dothis” VALUE=”VIEW_ITEMS”><BR>
<INPUT TYPE=”SUBMIT” VALUE=”View Cart Items” ALT=”View Cart Items”><BR>
</FORM>
Sample code for HTML pages (with quantity):
<FORM ACTION=”https://www.epassporte.com/secure/eppurchase.cgi” TARGET=”NEW” METHOD=”POST”><BR>
<INPUT TYPE=”HIDDEN” NAME=”acct_num” VALUE=”[account number here]”><BR>
<INPUT TYPE=”HIDDEN” NAME=”pi_code” VALUE=”[product code here]”><BR>
<INPUT TYPE=”HIDDEN” NAME=”amount” VALUE=”[product amount here]”><BR>
<INPUT TYPE=”HIDDEN” NAME=”product_name” VALUE=”[product desc here]”><BR>
<INPUT TYPE=”HIDDEN” NAME=”quantity” VALUE=”[product quantity here]”><BR>
<INPUT TYPE=”HIDDEN” NAME=”gohere” VALUE=”CART”><BR>
<INPUT TYPE=”HIDDEN” NAME=”dothis” VALUE=”ADD_ITEM”><BR>
<INPUT TYPE=”IMAGE” SRC=”epassporte.gif” NAME=”SUBMIT” ALT=”Pay By ePassporte”>
</FORM>
Sample code for link:
https://www.epassporte.com/secure/eppurchase.cgi?acct_num=%5Baccount number here]&pi_code=[product code here]&amount=[product amount here]&product_name=[product description here]&gohere=CART&dothis=ADD_ITEM
Top 10 PHP Frameworks
1. Zend Framework – http://framework.zend.com/
2. CakePHP – http://www.cakephp.org/
3. Symfony Project – http://www.symfony-project.com/
4. Seagull Framework – http://seagull.phpkitchen.com/
5. WACT – http://www.phpwact.org/
6. Prado – http://www.xisc.com/
7. PHP on TRAX – http://phpontrax.com/
8. ZooP Framework – http://zoopframework.com/
9. eZ Components – http://ez.no/products/ez_components
10. CodeIgniter – http://www.codeigniter.com/
That’s the top ten framework. For more information on other framework. below is the link
http://www.phpwact.org/php/mvc_frameworks
http://www.dagbladet.no/development/phpcodingstandard/