Tuesday, August 24th 2010


WordPress – PHP Fatal error: Call to undefined function get_option() in admin
posted @ 8:51 am in [ Fixing Things -Web Design -WordPress ]

For us, this was a strange problem in FreeBSD where even with a vanilla latest version of WordPress the error still occurred and we got a white screen trying to login to our admin area.

It seems to be caused by FreeBSD incorrectly thinking that the required files have been included as asked for in PHP using a require_once function.

So to fix it we manually added the wp-includes/functions.php file and change the existing require_once for wp-load.php in ‘wp-admin/admin.php’ to be:

[modified wp-admin/admin.php lines 20 and new line 21]

require(dirname(dirname(__FILE__)) . ‘/wp-load.php’);
require(dirname(dirname(__FILE__)) . ‘/wp-includes/functions.php’);

[original for reference line 20]

require_once(dirname(dirname(__FILE__)) . ‘/wp-load.php’);

Problem solved!




Friday, August 20th 2010


Magento Site Performance
posted @ 8:57 am in [ Apache -Fixing Things -Hosting -Magento -Media Temple -PHP -Technology -Web Design ]

Magento the nice Community Version available e-commerce platform that we are using at Skywire for a number of our client builds is incredibly feature rich, but with all of these features comes the trade-off that to get any kind of speed out of the system you either need SERIOUS server hardware, or an awful lot of performance tuning.

To be honest it can run like a real dog if you don’t really work at it!

Well we like to make things work hard at Skywire so went on a journey of discovery on how to make Magento fly, and here’s our understandings to share with everyone else.

1. Server software selection and tuning

Lots of articles out there about this around the web, but you can sum it up in a few points really.

– What webserver (Apache vs. Lighttpd vs. Nginx) and how many threads for that webserver you need. Interestingly, against every article out there, Apache 2 was faster for us that Lighttpd and NginX but I think this was to do with the PHP CGI access the other two were using being slower on our Media Temple server

– Fine tune your mySQL database – we found that the two great scripts mysqlreport and mysqltuner are your friends here

– Get rid of any other processes you don’t need that get in the way (xinetd, spam assassin etc.)

2. Turn on lots of Caching

Magento has caching so turn that on for starts, and then get a minify type plugin (there’s lots of them out there but ) to complement that and join all of your CSS and JS into a single compressed file.

Install a PHP Byte Code caching system to cache any code generated by PHP – we used XCache as it was available via yum but eAccellerator gets good reviews too [although it just hung in our environment].

3. Turn on the Page Compilation feature in Magento!

Yes, I know it’s labelled as Beta, and yes I know it falls over most of the time you run it, but if you run it from the command line, as the same user that owns your web files then it works just great creating a new single directory in /includes/src containing flattened files of all your Magento files with the naming format directory_directory_etc_filename.php

This shaved at least 1 second off of every page load for us (amazing but true) however was a job to install as it ignores any modules installed in /app/code/community.

No worries though, you can work around this by just copying the whole module directory to the /app/code/local directory and rerunning the compiler and then it works great.

4. Load you Magento cache directories into a memory filesystem

Sounds a strange thing to do but you can load your /var/cache/ directory into a memory based ‘tmpfs’ which makes it much faster. Also you can move your sessions to your database instead however this slowed things down for us so we left them as files.

Summary:

So once you’ve done this on a mid-spec Media Temple DV server you can reduce page times from about 10 seconds down to just over a second, which believe me seems fast compared to how clunky Magento can be when running. Have fun!

References:

Magento performance and optimization

http://www.magentocommerce.com/group/view/168/

How do I use the inbuilt magento profiler to see bottlenecks?

http://www.magentocommerce.com/group/blog/action/viewpost/1405/group/168/

Magento Compiler – Improve your performance

http://www.magentocommerce.com/group/blog/action/viewpost/1243/group/168/

9 Methods to Speed Up Magento – A Guide to Making Magento Faster

http://www.blastedthing.com/magento/questions/mag-9-methods-to-speed-up-magento-a-guide-to-making-magento-faster/

Magento performance hosting

http://yoast.com/magento-performance-hosting/

Magento Site Performance Optimization

http://www.yireo.com/tutorials/magento/magento-spo#compress-output-in-general

Performance is Key! – Notes on Magento’s Performance

http://www.magentocommerce.com/blog/comments/performance-is-key-notes-on-magentos-performance/




Friday, June 18th 2010


The dangers of $REQUEST_URI ….
posted @ 3:09 am in [ osCommerce -PHP -Technology -Web Design ]

One of the recent reasons we were failing PCI compliance with some of our sites is because our forms that submit to themselves, namely those with code in the top and html in the bottom, use the PHP $REQUEST_URI to use their own URL as the action for the form to POST back to.

Now… the reason this is dangerous is because it includes all the query string parameters too so if you add code after the query string it includes it in the page = BAD

So…. how do we fix it?

The trick is to use the parse_url() function in PHP to ONLY grab the main path of the page itself rather than all the query strings.

So if we use

action="<?php echo parse_url($REQUEST_URI, PHP_URL_PATH);?>"

then we fix the security loop hole above and happy days πŸ™‚

Additional: If we want to get the complete URL just without the query string we can tokenize the string using strtok as follows:

action="<php echo strtok($_SERVER['REQUEST_URI'],'?');?>"




Thursday, October 29th 2009


Fixing cross-site scripting attacks in PHP for PCI Compliance
posted @ 9:49 am in [ Fixing Things -Technology -Web Design -Web2.0 ]

More PCI compliance checks meant that we found a number of scripts in some of the simpler pages on our sites (email register for example) were subject to possible cross-site scripting attacks

(see the Wikipedia entry for a pretty good explanation of what they are and why you need to fix them http://en.wikipedia.org/wiki/Cross-site_scripting)

Anyway – here’s the quick code to fix pretty much any form using htmlspecialchars to encode the input.

Original: (note the weakness in using REQUEST_URI here)

<form method=”post” action=”<?php echo $_SERVER[‘REQUEST_URI’]; ?>” id=”registerTop” class=”smallForm”>

Fixed: (note the replacement of PHP_SELF for REQUEST_URI to stop injection of different pages)

<form method=”post” action=”<?php echo htmlspecialchars($_SERVER[‘PHP_SELF’],ENT_QUOTES); ?>” id=”registerTop” class=”smallForm”>

Happy days – PCI test passed πŸ™‚




Thursday, October 29th 2009


Just in case you wondered who was responsible for all of IE6’s bugs…
posted @ 6:49 am in [ Technology -Web Design -Web2.0 ]

I found this last night while scanning for another document, the thankyou note from Microsoft sent to me for being one of the beta testers on Microsoft Internet Explorer 4 (IE4)!

Obviously I didn’t do a very good job as IE5 and IE6 both turned out to be horribly buggy browsers, but then again they didn’t pay me for the pleasure so it can’t be all bad πŸ™‚


MicrosoftIE4BetaTestersLetter




Tuesday, October 20th 2009


Plesk error 500 and [apc-error] apc_mmap: mmap failed: No space left on device
posted @ 10:55 am in [ Media Temple -PHP -Technology -Web Design ]

Upgrade Plesk 8.0.3 to Plesk 9.0.x on a Media Temple DV server and it dies πŸ™

Error 500, nothing in the log files, no where to turn.

Anyways… after a chunk of digging around the problem is to do with running out of memory on the container that Mediatemple allocate for the DV server.

So… you can fix it by lowering the PHP memory requirements in the Plesk 9 PHP.ini file


cd /usr/local/psa/admin/conf/
vi php.ini

Then the setting you want to change is apc.shm_size from the default setting of 40 (Mb?) to 10


apc.shm_size = 10

And then check Plesk to see if it is working


/usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm

..and with a bit of luck you should be away! More details in a good discussion on the Plesk forums here




Monday, October 19th 2009


How To Virtualize Any OS For Free
posted @ 6:53 am in [ Technology -Web Design ]

Boot IE6 or IE7 virtual machines on your Mac like our team do without needing to pay Parallels a penny!

http://gizmodo.com/5383982/how-to-virtualize-any-os-for-free

Awesome πŸ™‚




Friday, October 16th 2009


Upgrading Plesk 8.3 for PCI compliance to 9.x
posted @ 3:53 am in [ Fixing Things -Media Temple -Web Design ]

PCI compliance … grrrr… understand why it needs to be done but crikey is it a boring process to do.

Anyway, turns out that Plesk 8.3, the default from our lovely hosting provider at Media Temple, isn’t PCI compliant as it uses an old Apache install

However, never fear, easy fixes at hand πŸ™‚

Upgrade 8.3 to 8.6
/usr/local/psa/admin/sbin/autoinstaller --select-release-id PLESK_9_2_2 --upgrade-installed-components

Upgrade 8.3 to 9.0 (latest)

/usr/local/psa/admin/sbin/autoinstaller --select-release-latest --upgrade-installed-components

or you can run the upgrade interactively using just

/usr/local/psa/admin/sbin/autoinstaller




Friday, July 10th 2009


Reading Raw POST Data in PHP
posted @ 3:46 am in [ Apache -PHP -Web Design ]

We’ve been having fun trying to proxy array inputs such as radio fields in PHP, and it turns out that their is a great way to access the POST fields data that PHP receives _before_ PHP does any manipulations to it.

What this means is that if you need to pass data from one server to another, totally unaltered, then using the file_get_contents("php://input"); is the answer.

Here’s the original post I was pointed to about this by the very helpful team on the PHP/Curl Mailing List [curl-and-php at cool.haxx.se]

“Sometimes, albeit rarely, I’ve needed to get at the raw POST data in a PHP file. You can of course get the POST data using $_POST, however, this is after PHP has processed it (i.e. magic quotes may have been applied, thus escaping the data). You can access the raw POST information using the following:

$data = file_get_contents("php://input");

You can access the php://input wrapper as if it were a file, and use the Filesystem functions. More information on the PHP wrappers can be found in the PHP Manual.”

From JellyAndCustard.com




Tuesday, June 30th 2009


Dots not valid characters in PHP POST variables, and replaced with underbars
posted @ 8:01 am in [ Fixing Things -PHP -Web Design ]

So here I am, throwing my hands up and shouting at the screen, as as far as I can tell PHP is converting POST variables names from Market Live like

billContact.person.firstName=Alex&

to

billContact_person_firstName=Alex&

anyway… it is !!!!!

Aparrantly .s are not valid in variables names in PHP so it converts them to _s automatically!

http://stackoverflow.com/questions/283751/php-replaces-spaces-with-underlines

Wow – how annoying is that – and just thought I’d share the pain with everyone else…..