just a quick one to wish everyone a happy new year

If you have a script, admin area or whatever that you would like to make a bit more secure, you can use the following chunk of code to do this. If you don’t have SSL (HTTPS) set up then you would need to get this sorted first.

This isn’t bullet proof protection, but it helps.

//IP addresses that you would like to be able to access the system
$allowed_ips[] = '99.99.99.01';
$allowed_ips[] = '99.99.99.02';
$allowed_ips[] = '99.99.99.03';
if(!in_array($_SERVER['REMOTE_ADDR'], $allowed_ips)){
	header('HTTP/1.1 500 Internal Server Error');
	exit();
}

//Force SSL Usage
if($_SERVER['SERVER_PORT'] != 443){ //assuming your server is running SSL on port 443
	$url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
   	header('Location: '.$url);
}

If your web site’s secure HTTPS area includes any content such as images, javascript or whatever via standard HTTP, your visitors may well get a security warning popping up saying that the page contains secure and insecure content.

For some of your sites visitors, this rather vague and worrying statement might make them decide to abandon your checkout procedure and cost you a sale.

Often this is very easy to fix.

Simply go to the page that is triggering the error message and “View Source”

Then in the source code, search for

src="http://

or

src=http://

Now that you have found the offending items, you either need to remove them from your secure pages, or ensure that they are using the https:// method when the pages are being viewed by HTTPS.

that’s it – dead easy

The worlds most popular browser has a fundamental security flaw which allows malicious code to steal your passwords!

Time to switch to Firefox!

Or even better, switch to Linux!

more:
http://www.shinyshiny.tv/2008/12/security_flaws.html
http://blogs.edgehill.ac.uk/webservices/2008/12/16/internet-explorer-security-alert/
http://www.itbusinessedge.com/blogs/hdw/?p=3795
http://www.poliblogger.com/?p=14599
http://myword.blog.co.uk/2008/12/16/internet-explorer-security-alert-5232995
http://www.theopensourcerer.com/2008/12/16/bbc-internet-explorer-security-alert/

PHP’s simple XML is sometimes counter intuitive. Whilst it is acknowledged to be more simple than its predecessors, the “simple” name might be pushing things a bit.

One thing that keeps cropping up when working with SimpleXML is the way that it lets you work with its objects as if they were arrays. That sometimes makes you feel like you are working with an array – and therefore makes things confusing when they display particularly non array like behaviour.

Sometimes the simplest thing to do here is to turn the object into a real array.

Check out this function:

function sx_array($obj){
	$arr = (array)$obj;
	if(empty($arr)){
		$arr = "";
	} else {
		foreach($arr as $key=>$value){
			if(!is_scalar($value)){
				$arr[$key] = sx_array($value);
			}
		}
	}
	return $arr;
}

For example if you are working with an xml element that may or may not contain attributes, converting to an array first will allow you to figure this out.

For example

$file_index_xml = new SimpleXMLElement($local_full_index, NULL, TRUE);
foreach($file_index_xml->xpath("/interface/files.index/file") as $file){
	$arr = sx_array($file->attributes());
	if($arr['@attributes']['Value']){
		//do something
	}
}

Just wanted to say a quick “Happy Christmas” or “Seasons Greetings” for the more purist atheists or non Christians among you. Furthermore I would like to wish all readers a happy new year.

Despite the ongoing economic doom and gloom, I think there are plenty of reasons to be cheerful and do not doubt that with hard work and some judicious decision making, 2009 can be a successful year for ecommerce businesses across the globe.

So once again – Happy Christmas from Edmonds Commerce

Check out this link for some handy little tools to help you get Google Checkout up and running properly.

http://demo.globant.com/~brovagnati/tools/