Archive for the ‘PHP’ category

Emailing with PHP

January 12, 2009

While adding some more features to the recent Intranet Portal, one thing that came up was to have an email sent with a copy of the order for a quick check. I originally did this sending it as plain text however it was a little difficult to read. I wanted to set it up to have both text and HTML emails so it was nicely formatted for reading on the desktop but still useable when viewing on a mobile phone.

Enter PHPMailer. This is a great PHP class that makes the whole process of dealing with MIME headers and all the other crap painless. Using PHPMailer I was able to get the email sent with both a text and HTML version (including inline images) and it’s working great.

Online Ordering Intranet Portal

January 10, 2009

While writing an online ordering portal to be used internally between multiple locations to standardize their purchases, I needed to create an easy, web-based way to add and modify product entries in a MySQL database. I started trying to put this together using PHP and after a little while decided to start browsing the web for other options to get it done quicker as I realized this was not going to be a quick thing to put together.

I came across a great little project called phpMyEdit. This is a great PHP tool that will create an interface for your table(s) that can be customized a great deal and easily integrated into your site. So rather than having to spend hours reinventing the wheel I was able to complete the project and have a cool looking administration page to go with it.

If you go to the actual download site and look at some around, there are some other projects there that look pretty interesting as well.

PHP Register Global Variables

October 12, 2008

Ran into an issue this past week with a couple of web sites that were setup a few years ago. Specifically the online forms stopped working…it would go through on the user side no problems but no data was actually sent through the form.

The problem turned out to be caused by an update which set the Register Globals variable option to off (which it should be for security.) The problem was the sites were done quickly and made use of global variables.

The fix is a simple change that just required specifying how the form would get the info: http://www.php.net/variables.external

Password hashing in PHP

April 5, 2008

Been working on a web site this past week that requires users to login for access to member information. In this case I’m storing the user information, along with other info, in a MySQL database. For my initial testing I was just storing the user password as text in the database but I didn’t want to do this for the real site. This being a new area for me I did some digging around and found a great write up on encrypting passwords for storing in a database using PHP.

There are two examples given on the site, mainly encrypting the password on it’s own using md5 or sha1, or by adding a salt string to the password so if people do get access to the database, even duplicate passwords will not look the same making it one more step that someone needs to crack the passwords. While I’m not looking to secure any company secrets or anything I just think it’s good practice to do something with a little security.

Here’s the code sample from the site as a reference, I’d highly recommend reviewing the entire post on Password Hashing for more details and explanations.

<?php
define(‘SALT_LENGTH’, 9);
function generateHash($plainText, $salt=null)
{
      $salt = substr(sha1(uniqid(rand(), true)), 0, SALT_LENGTH);
}
else
{
     $salt=substr($salt, 0, SALT_LENGTH);
}
return $salt . sha1($salt . $plainText);
}
?>

This function can then be called with a single variable, the password to be encrypted, and it will return the encrypted password:

$passwordhash=generateHash($password);

To validate the password, the function is called with both the user supplied password to validate followed by the encrypted password hash stored in the database:

$valpassword=generateHash($password, $passwordhash);

The function call above will only encrypt the user supplied password to be validated using the same “salt” that the original password was encrypted with…you can then compare the two to validate the user supplied password matches the password hash stored in the database.