Archive for the ‘PHP’ Category

Want to use the main menu module with images?

If you have ever wanted to use images as menu items without hacking the main menu module this is for you. You can do this all in the template. First turn on output buffering, then send the buffer to a callback function which will find the menu links and swap them out for your image links.

Here are the steps. Open the index.php file for the template you want to use and right before the HTML tag put in the php function ob_start(“callback”) – callback being the name of the function you will use – and at the very end of the file put in ob_end_flush(). Now just include the callback function somewhere before you start the buffer and you’re done.

Here’s what the function does: First it will load info on every menu item. Then for each menu item it will check the parameters to see if a menu image has been assigned – in the administrator, choose to edit the menu item and under parameters assign an image from the images/stories directory. Usually if an image is assigned to that parameter it will show up to either the left or right of the link. This changes that. If an image is assigned the function will create the text link to search for and the new image link then it executes the swap. After it runs through every menu item it just returns the buffer which prints out to the browser. Pretty basic and you’ll probably have to do some tweaking to get it just right for yourself but it’s a nice way to use images without hacking any core files. Oh, and if you’re just looking to use non web safe fonts then couple this method with a text-to-image conversion script and dynamically generate images from the menu item name. You could also use this with content headings or module headings or just about anything. Have fun.

Here’s the callback function, put it above ob_start(): Download

 

Squirrel Cart and Paypal: Working Together

If you’re using Squirrel Cart as your shopping cart and PayPal to handle payment transactions you might be interested in this. I did some research the other day and found out how to set up a Payment Data Transfer so now after PayPal receives a payment a confirmation will be sent to Squirrel Cart to complete the order, making life a bit easier.

 

Autologin after Registration

So one of clients wanted for the user to be automatically logged in after the user registered with the site. I thought it was going to be a little difficult, doing a form with hidden fields that submitted to the login page. But after a little searching, it turns out that its a 2 lines of editing to the registration component. Add “$mainframe” as one of the globals in line 118 and add

 $mainframe->login($row->username,$row->password); 

to line 213. Happy Coding

Ciao Ciao

 

Joomla Security Tip

I got forwarded an email yesterday about a vulnerability in the Joomla! component “a6MamboCredits”. The vulnerability was due to three things.

  1. Registered Globals were turned on.
  2. Joomla! emulates registered globals turned on.
  3. The global varible “mosConfig_absolute_path” was used to include files.

Read more »

 

Please, please turn off register_globals, and other PHP security no-brainers

PHPWoe is the PHP hosting provider that thinks leaving register_globals on is a good thing. At lunch today, the PICnet gang was chatting about security vulnerabilities that were occuring in many Joomla 3rd party components. The problem is that our wonderful Joomla core was taking flack for not being secure, but at the end of the day all the hacks seemed to be occuring because of poor programming and server hosts leaving on the dreaded “register_globals” on their servers.

I mean, this is PHP hosting 101, right?

Unfortunately, one of our great clients had a server that had register_globals turned on, and the hacker took full advantage. Moral of the story, please, please, check to make sure that register_globals is turned off. If your hosting provider has it turned on, turn and run the other way.

Now, to take this to the next step, Johannes Ullrich over at the Internet Storm Center wrote his Tip of the Day on PHP security today. Read more for some excerpts of how you can protect your code.

Read more »