Web Development

The shopping cart I have been developed hit a major slow a couple weeks ago and I couldn’t find a solution, which is very rare. Well, a couple days ago I looked for a PHP forum. This was after I had given up on 1&1 support after many calls and many emails, Paypal thought it was on my hosting end and wasn’t getting many responses and other companies told me to switch hosting providers.

Well, I explained my situation and in about a 24 hour period they figured it was my cURL version was old because it was an old PHP version (4.4.7) on the dedicated SSL. I had tried to get 1&1 to upgrade this before using .htaccess, but your .htaccess files don’t affect your SSL server. I now knew that I had to get it upgraded for it to work.

I was thinking about this for a while. In the mean time I sent a support request to Paypal seeing if there was any alternate solution to using the old cURL version (they didn’t really know what I was talking about) and sent a request to 1&1, thinking I would just badger them a bit more, hoping someone could change it.

Before I go on, I thought I should comment quickly on 1&1. After asking them how to upgrade to the higher PHP version, I explained the reason being I needed to upgrade the cURL version.

They responded and told me I needed to upgrade my PHP version. I responded saying that I had asked that question, and I needed to know how.

Next response tells me that sorry, but you can’t upgrade your PHP version. Great, well I already had another solution worked out, I just didn’t like it.

PHP 5 has its own extension “.php5″. I tried this on the server and it did support it, meaning 1&1 had lied again. This handled my problem and I was able to connect successfully to Paypal! Yes! Now I just have to finish implementing WPP (Website Payments Pro).

-Kerry

P.S. I also have another script that I will be blogging about soon. It generates Atom and RSS 2.0 feeds, but its not in a finalized form though it does work correctly.

Ever wondered how to get that little box to pop up before you access a page, insisting that you enter in a username and password? Well, here’s how:

One of the first things you need to do is create a username and password, and there are many places that do this. This .htaccess Password Generator also gives you brief instructions in case you forget later on.

It’s going to ask you to create an .htaccess file, this is simply a text file that is only an extension. Here’s an example of the code that would go in it:

AuthName “Example Section”
AuthType Basic
AuthUserFile /usc/www/.htpasswd
require user example

The AuthName can be changed to anything. It’s just lets you know what section this is securing. Now, the AuthUserFile can be difficult. You need to get the path extension on the server to your soon-to-be .htpasswd file (its like .htaccess in that it is also just an extension). Your .htpasswd file should be in a directory below your website. For instance, if your hosting provider lets you have access to the root directory (“/”), and you put your website in “/website/” folder, you would put your .htpasswd file in the “/” directory, meaning it is not accessible off your website. Your website can access it because its on the server, but no where on your website can it be accessed (this is for security purposes).

Now, to get the path to your .htpasswd file you need to get the server variable document root. Simply put this PHP code on a test page (like “test.php”):

<?php echo $_SERVER['DOCUMENT_ROOT']; ?>

That is going to give you a path like this: “/usc/homepages/52/d167925675/htdocs/website”. Now, hopefully you managed to put your .htpasswd in a directory below your website, so this would make AuthUserFile look something like this:

AuthUserFile /usc/homepages/52/d167925675/htdocs/.htpasswd

The last line can vary. You can setup multiple usernames and passwords, if you want any of them those usernames and passwords to get access to this folder, the last line would look like this:

require valid-user

If you want a specific user, you specify the username:

require user admin

Now, your .htacccess file should look something like this:

AuthName “Example Section”
AuthType Basic
AuthUserFile /usc/homepages/52/d167925675/htdocs/.htpasswd
require user admin

Upload your .htaccess file to the folder you want secured. The next part is the contents of your .htpasswd file, which should contain the code generated by your Password Generator. If you put in the username admin with a random password, the generator should return a line like this:

admin:$1$GfdY8TeD$7mQP0niEKyKw1AIfq3Sh40

Save that line in your .htpasswd file. If you want more than one user, generator another password for another user and just put it in the next line. You can have as many users as you want:

admin:$1$GfdY8TeD$7mQP0niEKyKw1AIfq3Sh40
bob:$1$Io1beImD$fzX1R0OuyF.tx93BXOYun/
jennifer:$1$.0yS.o4t$ozvF/On0AomFSIxJ1HUx80
jimmy:$1$RC3tDZPt$ZxWEad3cZ74G9l9e3/7q71
guest:$1$glop/HIQ$8PdBnCwpSwcqFS30mY2Dl0

Now, upload your .htpasswd file to that root under your website. Your done! It should now require a password.

If you find that your password isn’t working and now you’ve locked a section of your site and can’t get in, simple remove the .htaccess file from the folder that its in, and everything should return to normal.

If you need additional assistance, feel free to contact me.

-Kerry

Wow! Haven’t posted in a while. I should start more frequently, I’ve had some very busy days.

As I touched on in a previous post, I was working an encryption. I had found that GnuPG (a free version of PGP – Pretty Good Privacy) could be used in PHP and was trying to get that working. I looked into it and it seemed pretty complicated and I didn’t easily have access to install the necessary modules on on Linux Hosting. Therefore I decided to look for an alternate method.

I needed two-way encryption, meaning I could encrypt and decrypt it. The PHP function crypt() is one-way encryption, and wouldn’t work for my needs. MCrypt(), however, is a two way encryption function that supports many different methods. To see what methods are available on your server, put in the phpinfo() function in a page and you will find a section called “mcrypt”. Here it will tell you what methods are available for your use.

A page from hudzilla.org goes over the main different encryption methods and what should be used for your situation. I ended up choosing rijndael-256 (256 bit encryption, which is quite powerful). The example I give below will use this method.

I have made two functions, one to encrypt a string and one to decrypt a string. Here they are:

function encrypt($string, $extra = “”)
{
/* Open the cipher */
$td = mcrypt_module_open(‘rijndael-256′, ”, ‘ecb’, ”);

/* Create the IV and determine the keysize length, used MCRYPT_RAND
* on Windows instead */
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($td);

/* Create key */
$key = substr(md5(“CoMpLiCatED K3y” . $extra), 0, $ks);

/* Intialize encryption */
mcrypt_generic_init($td, $key, $iv);

/* Encrypt data */
$encrypted = mcrypt_generic($td, trim($string));

/* Terminate encryption handler */
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $encrypted;
}

Where “CoMpLiCatED K3y” is your key for encryption and decryption. The optional $extra argument is what you can append to your key. This can make something more secure and different encryption keys for different purposes. Here’s the decrypt function:

function decrypt($encrypted, $extra = “”)
{
/* Open the cipher */
$td = mcrypt_module_open(‘rijndael-256′, ”, ‘ecb’, ”);

/* Create the IV and determine the keysize length, used MCRYPT_RAND
* on Windows instead */
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($td);

/* Create key */
$key = substr(md5(“CoMpLiCatED K3y” . $extra), 0, $ks);

/* Initialize encryption module for decryption */
mcrypt_generic_init($td, $key, $iv);

/* Decrypt encrypted string */
$decrypted = mdecrypt_generic($td, $encrypted);

/* Terminate decryption handle and close module */
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

return trim($decrypted);
}

The same data applies to the above function, and it returns the decrypted string.

Enjoy!
-Kerry