Sometimes you might want to do a little on the fly DOM editing using your favourite Javascript library – jQuery.

To do this you might need to include jQuery on the page, you can do this by pasting these lines into your console in Chrome or Firebug in Firefox.

And there you have it, the full power of jQuery at your fingertips

If you use SagePay Form integration then you might think that it is impossible to release orders created via this integration system via the API.

Historically this was true however thanks to the new admin and reporting API you can now grab all of the details you need to perform the kind of admin side integration previously only possible via Server and Direct integrations.

This does take a bit of work but if you like the fact that Form alleviates PCI compliance issues, allows your customers to use the nice easy to use Form interface and also gives you easy PayPal integration then this is a great solution.

Thanks goes out to SagePay’s technical support who have proved really helpful in ironing out the kinks in getting this working.

If you are ever working with API integrations, either in or out bound, then it might be useful to set up a simple dumb logging system to assist you with developing and debugging things.

Here is a really simple snippet to help you along with that.

It literally takes exactly what it has received and logs it with no messing about. Brilliant!

<?php
$log['raw_input']=file_get_contents('php://input');
$log['_POST']=$_POST;
$log['_GET']=$_GET;

file_put_contents('inboundXML.log', var_export($log, true));

The magento platform is based on a PHP framework called Zend Framework.

Recently a bug was found in Zend Framework which potentially allows attackers to read any file on your server. This could mean they could gain access to your mysql server credentials for example.

You can read the full details here.

The actual bug details for Zend Framework are in this security advisory.

Free Security Patching Service

In a nutshell this represents a serious security hole that you need to plug as soon as possible. Fixing this issue is very simple indeed if you know what you are doing.

For this reason Edmonds Commerce are happy to offer FREE assistance in applying this patch to any Magento store owner whether you are a current client or not. We will not charge you in any way for this service.

To request FREE assistance contact us today

Donation to Charity

If you choose to, you could make a donation to cover this service here:
http://www.justgiving.com/EdmondsCommerce

Please Note

We will need you to give us shell (otherwise known as SSH) access to your server if available.

If you are on a shared hosting service that is not able to supply shell access, we would suggest you ask your hosting company to help you with this issue. Feel free to refer them to this page.

I have recently been working on a Magento project that required a custom API integration with Zen Desk.

Magento is based on Zend Framework which is nice because it means we can use the Zend_Rest_Client object to handle the API integration which provides a nice layer of abstraction and sorts out a lot of the heavy lifting required.

However I came across a terminal issue trying to get it working properly with HTTP Basic Authentication which the Zen Desk API uses.

I found some instructions which recommended creating a Zend_Uri_Http object and then setting the username and password against this. However as Zen Desk uses the email address as the username component, this failed completely.

In the end the solution I found was to grab the static HTTP client object that the REST client is built upon and call the public setAuth method on this. This way the Authorisation header is correctly created, encoded and appended to the headers.

Logically it feels like a dirty way to do things, grabbing the HTTP client statically to do this, but it works and I can’t see how else you would do it.

For info here is the code:

/**
     * @return Zend_Rest_Client 
     */
    protected function getClient() {
        if (null === $this->_client) {
            $url = $this->getApiUrl();
            $uri = Zend_Uri_Http::fromString($url);
            $this->_client = new Zend_Rest_Client($uri);
            Zend_Service_Abstract::getHttpClient()->setAuth($this->getUsername(),$this->getPassword());
        }
        return $this->_client;
    }

If you have a controller action that is designed to be accessed by AJAX requests or perhaps as part of a custom API system then you might like this snippet.

If you are working with the above scenario you likely would like to return pure JSON without any HTML etc. Also serving up the correct content type headers is going to be helpful, its not HTML, its JSON.

    public function searchAction(){
        $query = $this->getRequest()->getParam('query');
        $json = Mage::getModel('mymodule/mymodel')->getSearchJson($query);
        $this->getResponse()->setHeader('Content-type', 'application/json');
        $this->getResponse()->setBody($json);
    }

I have just finished working on a nice little project for Magento API for our client CNG Florist Sundries.

The Aim of the project was to make Magento API use SKU’s when pulling out the product information. By default Magento API accept a variable productId which can either be a product id or sku. The problem, especially with this task, was the fact that the client is using numeric values for product SKU values.

Now when he used third party system to update his catalog by passing SKU values, Magento was assuming the values are productId and consequently updating the wrong products. Our fix will simply force Magento to look for SKU’s first and return the correct product ID for the required product.

The client site is www.cngfloristsundries.co.uk

Cinder Block are a USA based company who retail merchandise for a wide catalog bands and artists in the music industry.

The site is based upon a very large Magento Enterprise based multistore system with unique official store fronts for each band.

Cinder Block’s traditional merchandise is clothing, mainly T Shirts though they wanted to expand into selling downloadble music. Rather than use an inhouse system Cinder Block opted to use an external API and chose Applied SB.

The project requirements were broadly to do the follwing:

1. Populate the Product Page with API Data

The Applied SB API provides image, title and price data for each product. For albums it also provides details of each individual track. Cinder Block needed to be able to get all of this data automatically from a single reference code or album_id. We created a Magento extension that handles all of the API communications to grab this data and also uses Magento block caching to keep the performance of the pages fast.

2. Allow Streaming of Sample Music from the Product Page

On the product page Cinder Block wanted visitors to be able to play from within the browser the sample tracks that the Applied SB API provides. Again all of this data is provided by the API and the Magento extension grabs and caches this data automatically. The previews are streamed directly from the Applied SB system and the browser player is based upon Sound Manager.

3. Allow Purchase of Downloadable Music through Standard Checkout Procedure

For upgrade compatability and general ease of use we kept modifications to the checkout procedure to a bear minimum. The downloadable products are standard Magento products in every way. On successful checkout the Magento extension uses the event/observer system in Magento to trigger the extra functionality to register the purchase with the Applied SB and to retrieve the download links and utilise Applied SB’s download manager.

This data is stored within a custom order attribute that is set up by the extension and is viewable from within the admin when looking at an order.

4. Supply Download Links Upon Successful Checkout in Account Area and via Email

After retrieving the download links, the extension sends a custom email with the download information. For this we hooked into Magento’s standard email templating system allowing Cinder Block to create a custom email template for each store front as they see fit. This works in the exact same way as all of the other email templates within Magento which means its very powerful and configurable.

All in all the project was both challenging and rewarding. We encountered a few setbacks including core Magento bugs which were reported back to Magento and actioned, no doubt they will be fixed in forth coming Magento enterprise releases.

Here is a quote from Mark at Cinder Block:

“Despite being faced with many challenges, Joseph worked over time to successfully integrate music downloads into our Magento platform. And the follow up refining has been swift and on the mark. The result is incontestable: It just works. Period. Thanks, Joseph!”

Here is a screen shot of one of the product pages including the MP3 previews and also a related products carousel which we threw into the project for free.

You can see the live page here.